1 /*
2 * hostapd / Station table
3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/ieee802_11_defs.h"
14 #include "common/wpa_ctrl.h"
15 #include "common/sae.h"
16 #include "common/dpp.h"
17 #include "radius/radius.h"
18 #include "radius/radius_client.h"
19 #include "p2p/p2p.h"
20 #include "fst/fst.h"
21 #include "crypto/crypto.h"
22 #include "hostapd.h"
23 #include "accounting.h"
24 #include "ieee802_1x.h"
25 #include "ieee802_11.h"
26 #include "ieee802_11_auth.h"
27 #include "wpa_auth.h"
28 #include "preauth_auth.h"
29 #include "ap_config.h"
30 #include "beacon.h"
31 #include "ap_mlme.h"
32 #include "vlan_init.h"
33 #include "p2p_hostapd.h"
34 #include "ap_drv_ops.h"
35 #include "gas_serv.h"
36 #include "wnm_ap.h"
37 #include "mbo_ap.h"
38 #include "ndisc_snoop.h"
39 #include "sta_info.h"
40 #include "vlan.h"
41 #include "wps_hostapd.h"
42
43 #ifdef __ZEPHYR__
44 #include <supp_events.h>
45 #endif /* __ZEPHYR__ */
46
47 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
48 struct sta_info *sta);
49 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx);
50 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx);
51 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx);
52 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx);
53 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx);
54 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta);
55 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx);
56
ap_for_each_sta(struct hostapd_data * hapd,int (* cb)(struct hostapd_data * hapd,struct sta_info * sta,void * ctx),void * ctx)57 int ap_for_each_sta(struct hostapd_data *hapd,
58 int (*cb)(struct hostapd_data *hapd, struct sta_info *sta,
59 void *ctx),
60 void *ctx)
61 {
62 struct sta_info *sta;
63
64 for (sta = hapd->sta_list; sta; sta = sta->next) {
65 if (cb(hapd, sta, ctx))
66 return 1;
67 }
68
69 return 0;
70 }
71
72
ap_get_sta(struct hostapd_data * hapd,const u8 * sta)73 struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta)
74 {
75 struct sta_info *s;
76
77 s = hapd->sta_hash[STA_HASH(sta)];
78 while (s != NULL && os_memcmp(s->addr, sta, 6) != 0)
79 s = s->hnext;
80 return s;
81 }
82
83
84 #ifdef CONFIG_P2P
ap_get_sta_p2p(struct hostapd_data * hapd,const u8 * addr)85 struct sta_info * ap_get_sta_p2p(struct hostapd_data *hapd, const u8 *addr)
86 {
87 struct sta_info *sta;
88
89 for (sta = hapd->sta_list; sta; sta = sta->next) {
90 const u8 *p2p_dev_addr;
91
92 if (sta->p2p_ie == NULL)
93 continue;
94
95 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
96 if (p2p_dev_addr == NULL)
97 continue;
98
99 if (os_memcmp(p2p_dev_addr, addr, ETH_ALEN) == 0)
100 return sta;
101 }
102
103 return NULL;
104 }
105 #endif /* CONFIG_P2P */
106
107
ap_sta_list_del(struct hostapd_data * hapd,struct sta_info * sta)108 static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta)
109 {
110 struct sta_info *tmp;
111
112 if (hapd->sta_list == sta) {
113 hapd->sta_list = sta->next;
114 return;
115 }
116
117 tmp = hapd->sta_list;
118 while (tmp != NULL && tmp->next != sta)
119 tmp = tmp->next;
120 if (tmp == NULL) {
121 wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from "
122 "list.", MAC2STR(sta->addr));
123 } else
124 tmp->next = sta->next;
125 }
126
127
ap_sta_hash_add(struct hostapd_data * hapd,struct sta_info * sta)128 void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta)
129 {
130 sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)];
131 hapd->sta_hash[STA_HASH(sta->addr)] = sta;
132 }
133
134
ap_sta_hash_del(struct hostapd_data * hapd,struct sta_info * sta)135 static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta)
136 {
137 struct sta_info *s;
138
139 s = hapd->sta_hash[STA_HASH(sta->addr)];
140 if (s == NULL) return;
141 if (os_memcmp(s->addr, sta->addr, 6) == 0) {
142 hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext;
143 return;
144 }
145
146 while (s->hnext != NULL &&
147 os_memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0)
148 s = s->hnext;
149 if (s->hnext != NULL)
150 s->hnext = s->hnext->hnext;
151 else
152 wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR
153 " from hash table", MAC2STR(sta->addr));
154 }
155
156
ap_sta_ip6addr_del(struct hostapd_data * hapd,struct sta_info * sta)157 void ap_sta_ip6addr_del(struct hostapd_data *hapd, struct sta_info *sta)
158 {
159 sta_ip6addr_del(hapd, sta);
160 }
161
162
163 #ifdef CONFIG_PASN
164
ap_free_sta_pasn(struct hostapd_data * hapd,struct sta_info * sta)165 void ap_free_sta_pasn(struct hostapd_data *hapd, struct sta_info *sta)
166 {
167 if (sta->pasn) {
168 wpa_printf(MSG_DEBUG, "PASN: Free PASN context: " MACSTR,
169 MAC2STR(sta->addr));
170
171 if (sta->pasn->ecdh)
172 crypto_ecdh_deinit(sta->pasn->ecdh);
173
174 wpabuf_free(sta->pasn->secret);
175 sta->pasn->secret = NULL;
176
177 #ifdef CONFIG_SAE
178 sae_clear_data(&sta->pasn->sae);
179 #endif /* CONFIG_SAE */
180
181 #ifdef CONFIG_FILS
182 /* In practice this pointer should be NULL */
183 wpabuf_free(sta->pasn->fils.erp_resp);
184 sta->pasn->fils.erp_resp = NULL;
185 #endif /* CONFIG_FILS */
186
187 bin_clear_free(sta->pasn, sizeof(*sta->pasn));
188 sta->pasn = NULL;
189 }
190 }
191
192 #endif /* CONFIG_PASN */
193
ap_free_sta(struct hostapd_data * hapd,struct sta_info * sta)194 void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
195 {
196 int set_beacon = 0;
197
198 accounting_sta_stop(hapd, sta);
199
200 /* just in case */
201 ap_sta_set_authorized(hapd, sta, 0);
202 hostapd_set_sta_flags(hapd, sta);
203
204 if (sta->flags & (WLAN_STA_WDS | WLAN_STA_MULTI_AP))
205 hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0);
206
207 if (sta->ipaddr)
208 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
209 ap_sta_ip6addr_del(hapd, sta);
210
211 if (!hapd->iface->driver_ap_teardown &&
212 !(sta->flags & WLAN_STA_PREAUTH)) {
213 hostapd_drv_sta_remove(hapd, sta->addr);
214 sta->added_unassoc = 0;
215 }
216
217 ap_sta_hash_del(hapd, sta);
218 ap_sta_list_del(hapd, sta);
219
220 if (sta->aid > 0)
221 hapd->sta_aid[(sta->aid - 1) / 32] &=
222 ~BIT((sta->aid - 1) % 32);
223
224 hapd->num_sta--;
225 if (sta->nonerp_set) {
226 sta->nonerp_set = 0;
227 hapd->iface->num_sta_non_erp--;
228 if (hapd->iface->num_sta_non_erp == 0)
229 set_beacon++;
230 }
231
232 if (sta->no_short_slot_time_set) {
233 sta->no_short_slot_time_set = 0;
234 hapd->iface->num_sta_no_short_slot_time--;
235 if (hapd->iface->current_mode &&
236 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
237 && hapd->iface->num_sta_no_short_slot_time == 0)
238 set_beacon++;
239 }
240
241 if (sta->no_short_preamble_set) {
242 sta->no_short_preamble_set = 0;
243 hapd->iface->num_sta_no_short_preamble--;
244 if (hapd->iface->current_mode &&
245 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
246 && hapd->iface->num_sta_no_short_preamble == 0)
247 set_beacon++;
248 }
249
250 if (sta->no_ht_gf_set) {
251 sta->no_ht_gf_set = 0;
252 hapd->iface->num_sta_ht_no_gf--;
253 }
254
255 if (sta->no_ht_set) {
256 sta->no_ht_set = 0;
257 hapd->iface->num_sta_no_ht--;
258 }
259
260 if (sta->ht_20mhz_set) {
261 sta->ht_20mhz_set = 0;
262 hapd->iface->num_sta_ht_20mhz--;
263 }
264
265 #ifdef CONFIG_TAXONOMY
266 wpabuf_free(sta->probe_ie_taxonomy);
267 sta->probe_ie_taxonomy = NULL;
268 wpabuf_free(sta->assoc_ie_taxonomy);
269 sta->assoc_ie_taxonomy = NULL;
270 #endif /* CONFIG_TAXONOMY */
271
272 ht40_intolerant_remove(hapd->iface, sta);
273
274 #ifdef CONFIG_P2P
275 if (sta->no_p2p_set) {
276 sta->no_p2p_set = 0;
277 hapd->num_sta_no_p2p--;
278 if (hapd->num_sta_no_p2p == 0)
279 hostapd_p2p_non_p2p_sta_disconnected(hapd);
280 }
281 #endif /* CONFIG_P2P */
282
283 #ifdef NEED_AP_MLME
284 if (hostapd_ht_operation_update(hapd->iface) > 0)
285 set_beacon++;
286 #endif /* NEED_AP_MLME */
287
288 #ifdef CONFIG_MESH
289 if (hapd->mesh_sta_free_cb)
290 hapd->mesh_sta_free_cb(hapd, sta);
291 #endif /* CONFIG_MESH */
292
293 if (set_beacon)
294 ieee802_11_set_beacons(hapd->iface);
295
296 wpa_printf(MSG_DEBUG, "%s: cancel ap_handle_timer for " MACSTR,
297 __func__, MAC2STR(sta->addr));
298 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
299 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
300 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
301 ap_sta_clear_disconnect_timeouts(hapd, sta);
302 sae_clear_retransmit_timer(hapd, sta);
303
304 ieee802_1x_free_station(hapd, sta);
305 wpa_auth_sta_deinit(sta->wpa_sm);
306 rsn_preauth_free_station(hapd, sta);
307 #ifndef CONFIG_NO_RADIUS
308 if (hapd->radius)
309 radius_client_flush_auth(hapd->radius, sta->addr);
310 #endif /* CONFIG_NO_RADIUS */
311
312 #ifndef CONFIG_NO_VLAN
313 /*
314 * sta->wpa_sm->group needs to be released before so that
315 * vlan_remove_dynamic() can check that no stations are left on the
316 * AP_VLAN netdev.
317 */
318 if (sta->vlan_id)
319 vlan_remove_dynamic(hapd, sta->vlan_id);
320 if (sta->vlan_id_bound) {
321 /*
322 * Need to remove the STA entry before potentially removing the
323 * VLAN.
324 */
325 if (hapd->iface->driver_ap_teardown &&
326 !(sta->flags & WLAN_STA_PREAUTH)) {
327 hostapd_drv_sta_remove(hapd, sta->addr);
328 sta->added_unassoc = 0;
329 }
330 vlan_remove_dynamic(hapd, sta->vlan_id_bound);
331 }
332 #endif /* CONFIG_NO_VLAN */
333
334 os_free(sta->challenge);
335
336 os_free(sta->sa_query_trans_id);
337 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
338
339 #ifdef CONFIG_P2P
340 p2p_group_notif_disassoc(hapd->p2p_group, sta->addr);
341 #endif /* CONFIG_P2P */
342
343 #ifdef CONFIG_INTERWORKING
344 if (sta->gas_dialog) {
345 int i;
346 for (i = 0; i < GAS_DIALOG_MAX; i++)
347 gas_serv_dialog_clear(&sta->gas_dialog[i]);
348 os_free(sta->gas_dialog);
349 }
350 #endif /* CONFIG_INTERWORKING */
351
352 wpabuf_free(sta->wps_ie);
353 wpabuf_free(sta->p2p_ie);
354 wpabuf_free(sta->hs20_ie);
355 wpabuf_free(sta->roaming_consortium);
356 #ifdef CONFIG_FST
357 wpabuf_free(sta->mb_ies);
358 #endif /* CONFIG_FST */
359
360 os_free(sta->ht_capabilities);
361 os_free(sta->vht_capabilities);
362 os_free(sta->vht_operation);
363 os_free(sta->he_capab);
364 os_free(sta->he_6ghz_capab);
365 hostapd_free_psk_list(sta->psk);
366 os_free(sta->identity);
367 os_free(sta->radius_cui);
368 os_free(sta->remediation_url);
369 os_free(sta->t_c_url);
370 wpabuf_free(sta->hs20_deauth_req);
371 os_free(sta->hs20_session_info_url);
372
373 #ifdef CONFIG_SAE
374 sae_clear_data(sta->sae);
375 os_free(sta->sae);
376 #endif /* CONFIG_SAE */
377
378 mbo_ap_sta_free(sta);
379 os_free(sta->supp_op_classes);
380
381 #ifdef CONFIG_FILS
382 os_free(sta->fils_pending_assoc_req);
383 wpabuf_free(sta->fils_hlp_resp);
384 wpabuf_free(sta->hlp_dhcp_discover);
385 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
386 #ifdef CONFIG_FILS_SK_PFS
387 crypto_ecdh_deinit(sta->fils_ecdh);
388 wpabuf_clear_free(sta->fils_dh_ss);
389 wpabuf_free(sta->fils_g_sta);
390 #endif /* CONFIG_FILS_SK_PFS */
391 #endif /* CONFIG_FILS */
392
393 #ifdef CONFIG_OWE
394 bin_clear_free(sta->owe_pmk, sta->owe_pmk_len);
395 crypto_ecdh_deinit(sta->owe_ecdh);
396 #endif /* CONFIG_OWE */
397
398 #ifdef CONFIG_DPP2
399 dpp_pfs_free(sta->dpp_pfs);
400 sta->dpp_pfs = NULL;
401 #endif /* CONFIG_DPP2 */
402
403 os_free(sta->ext_capability);
404
405 #ifdef CONFIG_WNM_AP
406 eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta);
407 #endif /* CONFIG_WNM_AP */
408
409 #ifdef CONFIG_PASN
410 ap_free_sta_pasn(hapd, sta);
411 #endif /* CONFIG_PASN */
412
413 os_free(sta->ifname_wds);
414
415 #ifdef CONFIG_TESTING_OPTIONS
416 os_free(sta->sae_postponed_commit);
417 forced_memzero(sta->last_tk, WPA_TK_MAX_LEN);
418 #endif /* CONFIG_TESTING_OPTIONS */
419
420 os_free(sta);
421 }
422
423
hostapd_free_stas(struct hostapd_data * hapd)424 void hostapd_free_stas(struct hostapd_data *hapd)
425 {
426 struct sta_info *sta, *prev;
427
428 sta = hapd->sta_list;
429
430 while (sta) {
431 prev = sta;
432 if (sta->flags & WLAN_STA_AUTH) {
433 mlme_deauthenticate_indication(
434 hapd, sta, WLAN_REASON_UNSPECIFIED);
435 }
436 sta = sta->next;
437 wpa_printf(MSG_DEBUG, "Removing station " MACSTR,
438 MAC2STR(prev->addr));
439 ap_free_sta(hapd, prev);
440 }
441 }
442
443
444 /**
445 * ap_handle_timer - Per STA timer handler
446 * @eloop_ctx: struct hostapd_data *
447 * @timeout_ctx: struct sta_info *
448 *
449 * This function is called to check station activity and to remove inactive
450 * stations.
451 */
ap_handle_timer(void * eloop_ctx,void * timeout_ctx)452 void ap_handle_timer(void *eloop_ctx, void *timeout_ctx)
453 {
454 struct hostapd_data *hapd = eloop_ctx;
455 struct sta_info *sta = timeout_ctx;
456 unsigned long next_time = 0;
457 int reason;
458
459 wpa_printf(MSG_DEBUG, "%s: %s: " MACSTR " flags=0x%x timeout_next=%d",
460 hapd->conf->iface, __func__, MAC2STR(sta->addr), sta->flags,
461 sta->timeout_next);
462 if (sta->timeout_next == STA_REMOVE) {
463 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
464 HOSTAPD_LEVEL_INFO, "deauthenticated due to "
465 "local deauth request");
466 ap_free_sta(hapd, sta);
467 return;
468 }
469
470 if ((sta->flags & WLAN_STA_ASSOC) &&
471 (sta->timeout_next == STA_NULLFUNC ||
472 sta->timeout_next == STA_DISASSOC)) {
473 int inactive_sec;
474 /*
475 * Add random value to timeout so that we don't end up bouncing
476 * all stations at the same time if we have lots of associated
477 * stations that are idle (but keep re-associating).
478 */
479 int fuzz = os_random() % 20;
480 inactive_sec = hostapd_drv_get_inact_sec(hapd, sta->addr);
481 if (inactive_sec == -1) {
482 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
483 "Check inactivity: Could not "
484 "get station info from kernel driver for "
485 MACSTR, MAC2STR(sta->addr));
486 /*
487 * The driver may not support this functionality.
488 * Anyway, try again after the next inactivity timeout,
489 * but do not disconnect the station now.
490 */
491 next_time = hapd->conf->ap_max_inactivity + fuzz;
492 } else if (inactive_sec == -ENOENT) {
493 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
494 "Station " MACSTR " has lost its driver entry",
495 MAC2STR(sta->addr));
496
497 /* Avoid sending client probe on removed client */
498 sta->timeout_next = STA_DISASSOC;
499 goto skip_poll;
500 } else if (inactive_sec < hapd->conf->ap_max_inactivity) {
501 /* station activity detected; reset timeout state */
502 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
503 "Station " MACSTR " has been active %is ago",
504 MAC2STR(sta->addr), inactive_sec);
505 sta->timeout_next = STA_NULLFUNC;
506 next_time = hapd->conf->ap_max_inactivity + fuzz -
507 inactive_sec;
508 } else {
509 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
510 "Station " MACSTR " has been "
511 "inactive too long: %d sec, max allowed: %d",
512 MAC2STR(sta->addr), inactive_sec,
513 hapd->conf->ap_max_inactivity);
514
515 if (hapd->conf->skip_inactivity_poll)
516 sta->timeout_next = STA_DISASSOC;
517 }
518 }
519
520 if ((sta->flags & WLAN_STA_ASSOC) &&
521 sta->timeout_next == STA_DISASSOC &&
522 !(sta->flags & WLAN_STA_PENDING_POLL) &&
523 !hapd->conf->skip_inactivity_poll) {
524 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
525 " has ACKed data poll", MAC2STR(sta->addr));
526 /* data nullfunc frame poll did not produce TX errors; assume
527 * station ACKed it */
528 sta->timeout_next = STA_NULLFUNC;
529 next_time = hapd->conf->ap_max_inactivity;
530 }
531
532 skip_poll:
533 if (next_time) {
534 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
535 "for " MACSTR " (%lu seconds)",
536 __func__, MAC2STR(sta->addr), next_time);
537 eloop_register_timeout(next_time, 0, ap_handle_timer, hapd,
538 sta);
539 return;
540 }
541
542 if (sta->timeout_next == STA_NULLFUNC &&
543 (sta->flags & WLAN_STA_ASSOC)) {
544 wpa_printf(MSG_DEBUG, " Polling STA");
545 sta->flags |= WLAN_STA_PENDING_POLL;
546 hostapd_drv_poll_client(hapd, hapd->own_addr, sta->addr,
547 sta->flags & WLAN_STA_WMM);
548 } else if (sta->timeout_next != STA_REMOVE) {
549 int deauth = sta->timeout_next == STA_DEAUTH;
550
551 if (!deauth && !(sta->flags & WLAN_STA_ASSOC)) {
552 /* Cannot disassociate not-associated STA, so move
553 * directly to deauthentication. */
554 sta->timeout_next = STA_DEAUTH;
555 deauth = 1;
556 }
557
558 wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
559 "Timeout, sending %s info to STA " MACSTR,
560 deauth ? "deauthentication" : "disassociation",
561 MAC2STR(sta->addr));
562
563 if (deauth) {
564 hostapd_drv_sta_deauth(
565 hapd, sta->addr,
566 WLAN_REASON_PREV_AUTH_NOT_VALID);
567 } else {
568 reason = (sta->timeout_next == STA_DISASSOC) ?
569 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
570 WLAN_REASON_PREV_AUTH_NOT_VALID;
571
572 hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
573 }
574 }
575
576 switch (sta->timeout_next) {
577 case STA_NULLFUNC:
578 sta->timeout_next = STA_DISASSOC;
579 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
580 "for " MACSTR " (%d seconds - AP_DISASSOC_DELAY)",
581 __func__, MAC2STR(sta->addr), AP_DISASSOC_DELAY);
582 eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer,
583 hapd, sta);
584 break;
585 case STA_DISASSOC:
586 case STA_DISASSOC_FROM_CLI:
587 ap_sta_set_authorized(hapd, sta, 0);
588 sta->flags &= ~WLAN_STA_ASSOC;
589 hostapd_set_sta_flags(hapd, sta);
590 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
591 if (!sta->acct_terminate_cause)
592 sta->acct_terminate_cause =
593 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
594 accounting_sta_stop(hapd, sta);
595 ieee802_1x_free_station(hapd, sta);
596 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
597 HOSTAPD_LEVEL_INFO, "disassociated due to "
598 "inactivity");
599 reason = (sta->timeout_next == STA_DISASSOC) ?
600 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
601 WLAN_REASON_PREV_AUTH_NOT_VALID;
602 sta->timeout_next = STA_DEAUTH;
603 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
604 "for " MACSTR " (%d seconds - AP_DEAUTH_DELAY)",
605 __func__, MAC2STR(sta->addr), AP_DEAUTH_DELAY);
606 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
607 hapd, sta);
608 mlme_disassociate_indication(hapd, sta, reason);
609 break;
610 case STA_DEAUTH:
611 case STA_REMOVE:
612 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
613 HOSTAPD_LEVEL_INFO, "deauthenticated due to "
614 "inactivity (timer DEAUTH/REMOVE)");
615 if (!sta->acct_terminate_cause)
616 sta->acct_terminate_cause =
617 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
618 mlme_deauthenticate_indication(
619 hapd, sta,
620 WLAN_REASON_PREV_AUTH_NOT_VALID);
621 ap_free_sta(hapd, sta);
622 break;
623 }
624 }
625
626
ap_handle_session_timer(void * eloop_ctx,void * timeout_ctx)627 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx)
628 {
629 struct hostapd_data *hapd = eloop_ctx;
630 struct sta_info *sta = timeout_ctx;
631
632 wpa_printf(MSG_DEBUG, "%s: Session timer for STA " MACSTR,
633 hapd->conf->iface, MAC2STR(sta->addr));
634 if (!(sta->flags & (WLAN_STA_AUTH | WLAN_STA_ASSOC |
635 WLAN_STA_AUTHORIZED))) {
636 if (sta->flags & WLAN_STA_GAS) {
637 wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA "
638 "entry " MACSTR, MAC2STR(sta->addr));
639 ap_free_sta(hapd, sta);
640 }
641 return;
642 }
643
644 hostapd_drv_sta_deauth(hapd, sta->addr,
645 WLAN_REASON_PREV_AUTH_NOT_VALID);
646 mlme_deauthenticate_indication(hapd, sta,
647 WLAN_REASON_PREV_AUTH_NOT_VALID);
648 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
649 HOSTAPD_LEVEL_INFO, "deauthenticated due to "
650 "session timeout");
651 sta->acct_terminate_cause =
652 RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT;
653 ap_free_sta(hapd, sta);
654 }
655
656
ap_sta_replenish_timeout(struct hostapd_data * hapd,struct sta_info * sta,u32 session_timeout)657 void ap_sta_replenish_timeout(struct hostapd_data *hapd, struct sta_info *sta,
658 u32 session_timeout)
659 {
660 if (eloop_replenish_timeout(session_timeout, 0,
661 ap_handle_session_timer, hapd, sta) == 1) {
662 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
663 HOSTAPD_LEVEL_DEBUG, "setting session timeout "
664 "to %d seconds", session_timeout);
665 }
666 }
667
668
ap_sta_session_timeout(struct hostapd_data * hapd,struct sta_info * sta,u32 session_timeout)669 void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta,
670 u32 session_timeout)
671 {
672 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
673 HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d "
674 "seconds", session_timeout);
675 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
676 eloop_register_timeout(session_timeout, 0, ap_handle_session_timer,
677 hapd, sta);
678 }
679
680
ap_sta_no_session_timeout(struct hostapd_data * hapd,struct sta_info * sta)681 void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta)
682 {
683 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
684 }
685
686
ap_handle_session_warning_timer(void * eloop_ctx,void * timeout_ctx)687 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx)
688 {
689 #ifdef CONFIG_WNM_AP
690 struct hostapd_data *hapd = eloop_ctx;
691 struct sta_info *sta = timeout_ctx;
692
693 wpa_printf(MSG_DEBUG, "%s: WNM: Session warning time reached for "
694 MACSTR, hapd->conf->iface, MAC2STR(sta->addr));
695 if (sta->hs20_session_info_url == NULL)
696 return;
697
698 wnm_send_ess_disassoc_imminent(hapd, sta, sta->hs20_session_info_url,
699 sta->hs20_disassoc_timer);
700 #endif /* CONFIG_WNM_AP */
701 }
702
703
ap_sta_session_warning_timeout(struct hostapd_data * hapd,struct sta_info * sta,int warning_time)704 void ap_sta_session_warning_timeout(struct hostapd_data *hapd,
705 struct sta_info *sta, int warning_time)
706 {
707 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
708 eloop_register_timeout(warning_time, 0, ap_handle_session_warning_timer,
709 hapd, sta);
710 }
711
712
ap_sta_add(struct hostapd_data * hapd,const u8 * addr)713 struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr)
714 {
715 struct sta_info *sta;
716 int i;
717
718 sta = ap_get_sta(hapd, addr);
719 if (sta)
720 return sta;
721
722 wpa_printf(MSG_DEBUG, " New STA");
723 if (hapd->num_sta >= hapd->conf->max_num_sta) {
724 /* FIX: might try to remove some old STAs first? */
725 wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)",
726 hapd->num_sta, hapd->conf->max_num_sta);
727 return NULL;
728 }
729
730 sta = os_zalloc(sizeof(struct sta_info));
731 if (sta == NULL) {
732 wpa_printf(MSG_ERROR, "malloc failed");
733 return NULL;
734 }
735 sta->acct_interim_interval = hapd->conf->acct_interim_interval;
736 if (accounting_sta_get_id(hapd, sta) < 0) {
737 os_free(sta);
738 return NULL;
739 }
740
741 for (i = 0; i < WLAN_SUPP_RATES_MAX; i++) {
742 if (!hapd->iface->basic_rates)
743 break;
744 if (hapd->iface->basic_rates[i] < 0)
745 break;
746 sta->supported_rates[i] = hapd->iface->basic_rates[i] / 5;
747 }
748 sta->supported_rates_len = i;
749
750 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)) {
751 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
752 "for " MACSTR " (%d seconds - ap_max_inactivity)",
753 __func__, MAC2STR(addr),
754 hapd->conf->ap_max_inactivity);
755 eloop_register_timeout(hapd->conf->ap_max_inactivity, 0,
756 ap_handle_timer, hapd, sta);
757 }
758
759 /* initialize STA info data */
760 os_memcpy(sta->addr, addr, ETH_ALEN);
761 sta->next = hapd->sta_list;
762 hapd->sta_list = sta;
763 hapd->num_sta++;
764 ap_sta_hash_add(hapd, sta);
765 ap_sta_remove_in_other_bss(hapd, sta);
766 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
767 dl_list_init(&sta->ip6addr);
768
769 #ifdef CONFIG_TAXONOMY
770 sta_track_claim_taxonomy_info(hapd->iface, addr,
771 &sta->probe_ie_taxonomy);
772 #endif /* CONFIG_TAXONOMY */
773
774 return sta;
775 }
776
777
ap_sta_remove(struct hostapd_data * hapd,struct sta_info * sta)778 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta)
779 {
780 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
781
782 if (sta->ipaddr)
783 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
784 ap_sta_ip6addr_del(hapd, sta);
785
786 wpa_printf(MSG_DEBUG, "%s: Removing STA " MACSTR " from kernel driver",
787 hapd->conf->iface, MAC2STR(sta->addr));
788 if (hostapd_drv_sta_remove(hapd, sta->addr) &&
789 sta->flags & WLAN_STA_ASSOC) {
790 wpa_printf(MSG_DEBUG, "%s: Could not remove station " MACSTR
791 " from kernel driver",
792 hapd->conf->iface, MAC2STR(sta->addr));
793 return -1;
794 }
795 sta->added_unassoc = 0;
796 return 0;
797 }
798
799
ap_sta_remove_in_other_bss(struct hostapd_data * hapd,struct sta_info * sta)800 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
801 struct sta_info *sta)
802 {
803 struct hostapd_iface *iface = hapd->iface;
804 size_t i;
805
806 for (i = 0; i < iface->num_bss; i++) {
807 struct hostapd_data *bss = iface->bss[i];
808 struct sta_info *sta2;
809 /* bss should always be set during operation, but it may be
810 * NULL during reconfiguration. Assume the STA is not
811 * associated to another BSS in that case to avoid NULL pointer
812 * dereferences. */
813 if (bss == hapd || bss == NULL)
814 continue;
815 sta2 = ap_get_sta(bss, sta->addr);
816 if (!sta2)
817 continue;
818
819 wpa_printf(MSG_DEBUG, "%s: disconnect old STA " MACSTR
820 " association from another BSS %s",
821 hapd->conf->iface, MAC2STR(sta2->addr),
822 bss->conf->iface);
823 ap_sta_disconnect(bss, sta2, sta2->addr,
824 WLAN_REASON_PREV_AUTH_NOT_VALID);
825 }
826 }
827
828
ap_sta_disassoc_cb_timeout(void * eloop_ctx,void * timeout_ctx)829 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx)
830 {
831 struct hostapd_data *hapd = eloop_ctx;
832 struct sta_info *sta = timeout_ctx;
833
834 wpa_printf(MSG_DEBUG, "%s: Disassociation callback for STA " MACSTR,
835 hapd->conf->iface, MAC2STR(sta->addr));
836 ap_sta_remove(hapd, sta);
837 mlme_disassociate_indication(hapd, sta, sta->disassoc_reason);
838 }
839
840
ap_sta_disassociate(struct hostapd_data * hapd,struct sta_info * sta,u16 reason)841 void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta,
842 u16 reason)
843 {
844 wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR,
845 hapd->conf->iface, MAC2STR(sta->addr));
846 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
847 if (hapd->iface->current_mode &&
848 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
849 /* Skip deauthentication in DMG/IEEE 802.11ad */
850 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
851 WLAN_STA_ASSOC_REQ_OK);
852 sta->timeout_next = STA_REMOVE;
853 } else {
854 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
855 sta->timeout_next = STA_DEAUTH;
856 }
857 ap_sta_set_authorized(hapd, sta, 0);
858 hostapd_set_sta_flags(hapd, sta);
859 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
860 "for " MACSTR " (%d seconds - "
861 "AP_MAX_INACTIVITY_AFTER_DISASSOC)",
862 __func__, MAC2STR(sta->addr),
863 AP_MAX_INACTIVITY_AFTER_DISASSOC);
864 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
865 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0,
866 ap_handle_timer, hapd, sta);
867 accounting_sta_stop(hapd, sta);
868 ieee802_1x_free_station(hapd, sta);
869 wpa_auth_sta_deinit(sta->wpa_sm);
870 sta->wpa_sm = NULL;
871
872 sta->disassoc_reason = reason;
873 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
874 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
875 eloop_register_timeout(hapd->iface->drv_flags &
876 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
877 ap_sta_disassoc_cb_timeout, hapd, sta);
878 }
879
880
ap_sta_deauth_cb_timeout(void * eloop_ctx,void * timeout_ctx)881 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx)
882 {
883 struct hostapd_data *hapd = eloop_ctx;
884 struct sta_info *sta = timeout_ctx;
885
886 wpa_printf(MSG_DEBUG, "%s: Deauthentication callback for STA " MACSTR,
887 hapd->conf->iface, MAC2STR(sta->addr));
888 ap_sta_remove(hapd, sta);
889 mlme_deauthenticate_indication(hapd, sta, sta->deauth_reason);
890 }
891
892
ap_sta_deauthenticate(struct hostapd_data * hapd,struct sta_info * sta,u16 reason)893 void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta,
894 u16 reason)
895 {
896 if (hapd->iface->current_mode &&
897 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
898 /* Deauthentication is not used in DMG/IEEE 802.11ad;
899 * disassociate the STA instead. */
900 ap_sta_disassociate(hapd, sta, reason);
901 return;
902 }
903
904 wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR,
905 hapd->conf->iface, MAC2STR(sta->addr));
906 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
907 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
908 ap_sta_set_authorized(hapd, sta, 0);
909 hostapd_set_sta_flags(hapd, sta);
910 sta->timeout_next = STA_REMOVE;
911 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
912 "for " MACSTR " (%d seconds - "
913 "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
914 __func__, MAC2STR(sta->addr),
915 AP_MAX_INACTIVITY_AFTER_DEAUTH);
916 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
917 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
918 ap_handle_timer, hapd, sta);
919 accounting_sta_stop(hapd, sta);
920 ieee802_1x_free_station(hapd, sta);
921
922 sta->deauth_reason = reason;
923 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
924 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
925 eloop_register_timeout(hapd->iface->drv_flags &
926 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
927 ap_sta_deauth_cb_timeout, hapd, sta);
928 }
929
930
931 #ifdef CONFIG_WPS
ap_sta_wps_cancel(struct hostapd_data * hapd,struct sta_info * sta,void * ctx)932 int ap_sta_wps_cancel(struct hostapd_data *hapd,
933 struct sta_info *sta, void *ctx)
934 {
935 if (sta && (sta->flags & WLAN_STA_WPS)) {
936 ap_sta_deauthenticate(hapd, sta,
937 WLAN_REASON_PREV_AUTH_NOT_VALID);
938 wpa_printf(MSG_DEBUG, "WPS: %s: Deauth sta=" MACSTR,
939 __func__, MAC2STR(sta->addr));
940 return 1;
941 }
942
943 return 0;
944 }
945 #endif /* CONFIG_WPS */
946
947
ap_sta_get_free_vlan_id(struct hostapd_data * hapd)948 static int ap_sta_get_free_vlan_id(struct hostapd_data *hapd)
949 {
950 struct hostapd_vlan *vlan;
951 int vlan_id = MAX_VLAN_ID + 2;
952
953 retry:
954 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
955 if (vlan->vlan_id == vlan_id) {
956 vlan_id++;
957 goto retry;
958 }
959 }
960 return vlan_id;
961 }
962
963
ap_sta_set_vlan(struct hostapd_data * hapd,struct sta_info * sta,struct vlan_description * vlan_desc)964 int ap_sta_set_vlan(struct hostapd_data *hapd, struct sta_info *sta,
965 struct vlan_description *vlan_desc)
966 {
967 struct hostapd_vlan *vlan = NULL, *wildcard_vlan = NULL;
968 int old_vlan_id, vlan_id = 0, ret = 0;
969
970 /* Check if there is something to do */
971 if (hapd->conf->ssid.per_sta_vif && !sta->vlan_id) {
972 /* This sta is lacking its own vif */
973 } else if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED &&
974 !hapd->conf->ssid.per_sta_vif && sta->vlan_id) {
975 /* sta->vlan_id needs to be reset */
976 } else if (!vlan_compare(vlan_desc, sta->vlan_desc)) {
977 return 0; /* nothing to change */
978 }
979
980 /* Now the real VLAN changed or the STA just needs its own vif */
981 if (hapd->conf->ssid.per_sta_vif) {
982 /* Assign a new vif, always */
983 /* find a free vlan_id sufficiently big */
984 vlan_id = ap_sta_get_free_vlan_id(hapd);
985 /* Get wildcard VLAN */
986 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
987 if (vlan->vlan_id == VLAN_ID_WILDCARD)
988 break;
989 }
990 if (!vlan) {
991 hostapd_logger(hapd, sta->addr,
992 HOSTAPD_MODULE_IEEE80211,
993 HOSTAPD_LEVEL_DEBUG,
994 "per_sta_vif missing wildcard");
995 vlan_id = 0;
996 ret = -1;
997 goto done;
998 }
999 } else if (vlan_desc && vlan_desc->notempty) {
1000 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
1001 if (!vlan_compare(&vlan->vlan_desc, vlan_desc))
1002 break;
1003 if (vlan->vlan_id == VLAN_ID_WILDCARD)
1004 wildcard_vlan = vlan;
1005 }
1006 if (vlan) {
1007 vlan_id = vlan->vlan_id;
1008 } else if (wildcard_vlan) {
1009 vlan = wildcard_vlan;
1010 vlan_id = vlan_desc->untagged;
1011 if (vlan_desc->tagged[0]) {
1012 /* Tagged VLAN configuration */
1013 vlan_id = ap_sta_get_free_vlan_id(hapd);
1014 }
1015 } else {
1016 hostapd_logger(hapd, sta->addr,
1017 HOSTAPD_MODULE_IEEE80211,
1018 HOSTAPD_LEVEL_DEBUG,
1019 "missing vlan and wildcard for vlan=%d%s",
1020 vlan_desc->untagged,
1021 vlan_desc->tagged[0] ? "+" : "");
1022 vlan_id = 0;
1023 ret = -1;
1024 goto done;
1025 }
1026 }
1027
1028 if (vlan && vlan->vlan_id == VLAN_ID_WILDCARD) {
1029 vlan = vlan_add_dynamic(hapd, vlan, vlan_id, vlan_desc);
1030 if (vlan == NULL) {
1031 hostapd_logger(hapd, sta->addr,
1032 HOSTAPD_MODULE_IEEE80211,
1033 HOSTAPD_LEVEL_DEBUG,
1034 "could not add dynamic VLAN interface for vlan=%d%s",
1035 vlan_desc ? vlan_desc->untagged : -1,
1036 (vlan_desc && vlan_desc->tagged[0]) ?
1037 "+" : "");
1038 vlan_id = 0;
1039 ret = -1;
1040 goto done;
1041 }
1042
1043 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1044 HOSTAPD_LEVEL_DEBUG,
1045 "added new dynamic VLAN interface '%s'",
1046 vlan->ifname);
1047 } else if (vlan && vlan->dynamic_vlan > 0) {
1048 vlan->dynamic_vlan++;
1049 hostapd_logger(hapd, sta->addr,
1050 HOSTAPD_MODULE_IEEE80211,
1051 HOSTAPD_LEVEL_DEBUG,
1052 "updated existing dynamic VLAN interface '%s'",
1053 vlan->ifname);
1054 }
1055 done:
1056 old_vlan_id = sta->vlan_id;
1057 sta->vlan_id = vlan_id;
1058 sta->vlan_desc = vlan ? &vlan->vlan_desc : NULL;
1059
1060 if (vlan_id != old_vlan_id && old_vlan_id)
1061 vlan_remove_dynamic(hapd, old_vlan_id);
1062
1063 return ret;
1064 }
1065
1066
ap_sta_bind_vlan(struct hostapd_data * hapd,struct sta_info * sta)1067 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta)
1068 {
1069 #ifndef CONFIG_NO_VLAN
1070 const char *iface;
1071 struct hostapd_vlan *vlan = NULL;
1072 int ret;
1073 int old_vlanid = sta->vlan_id_bound;
1074
1075 if ((sta->flags & WLAN_STA_WDS) && sta->vlan_id == 0) {
1076 wpa_printf(MSG_DEBUG,
1077 "Do not override WDS VLAN assignment for STA "
1078 MACSTR, MAC2STR(sta->addr));
1079 return 0;
1080 }
1081
1082 iface = hapd->conf->iface;
1083 if (hapd->conf->ssid.vlan[0])
1084 iface = hapd->conf->ssid.vlan;
1085
1086 if (sta->vlan_id > 0) {
1087 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
1088 if (vlan->vlan_id == sta->vlan_id)
1089 break;
1090 }
1091 if (vlan)
1092 iface = vlan->ifname;
1093 }
1094
1095 /*
1096 * Do not increment ref counters if the VLAN ID remains same, but do
1097 * not skip hostapd_drv_set_sta_vlan() as hostapd_drv_sta_remove() might
1098 * have been called before.
1099 */
1100 if (sta->vlan_id == old_vlanid)
1101 goto skip_counting;
1102
1103 if (sta->vlan_id > 0 && !vlan &&
1104 !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
1105 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1106 HOSTAPD_LEVEL_DEBUG, "could not find VLAN for "
1107 "binding station to (vlan_id=%d)",
1108 sta->vlan_id);
1109 ret = -1;
1110 goto done;
1111 } else if (vlan && vlan->dynamic_vlan > 0) {
1112 vlan->dynamic_vlan++;
1113 hostapd_logger(hapd, sta->addr,
1114 HOSTAPD_MODULE_IEEE80211,
1115 HOSTAPD_LEVEL_DEBUG,
1116 "updated existing dynamic VLAN interface '%s'",
1117 iface);
1118 }
1119
1120 /* ref counters have been increased, so mark the station */
1121 sta->vlan_id_bound = sta->vlan_id;
1122
1123 skip_counting:
1124 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1125 HOSTAPD_LEVEL_DEBUG, "binding station to interface "
1126 "'%s'", iface);
1127
1128 if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0)
1129 wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA");
1130
1131 ret = hostapd_drv_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id);
1132 if (ret < 0) {
1133 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1134 HOSTAPD_LEVEL_DEBUG, "could not bind the STA "
1135 "entry to vlan_id=%d", sta->vlan_id);
1136 }
1137
1138 /* During 1x reauth, if the vlan id changes, then remove the old id. */
1139 if (old_vlanid > 0 && old_vlanid != sta->vlan_id)
1140 vlan_remove_dynamic(hapd, old_vlanid);
1141 done:
1142
1143 return ret;
1144 #else /* CONFIG_NO_VLAN */
1145 return 0;
1146 #endif /* CONFIG_NO_VLAN */
1147 }
1148
1149
ap_check_sa_query_timeout(struct hostapd_data * hapd,struct sta_info * sta)1150 int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta)
1151 {
1152 u32 tu;
1153 struct os_reltime now, passed;
1154 os_get_reltime(&now);
1155 os_reltime_sub(&now, &sta->sa_query_start, &passed);
1156 tu = (passed.sec * 1000000 + passed.usec) / 1024;
1157 if (hapd->conf->assoc_sa_query_max_timeout < tu) {
1158 hostapd_logger(hapd, sta->addr,
1159 HOSTAPD_MODULE_IEEE80211,
1160 HOSTAPD_LEVEL_DEBUG,
1161 "association SA Query timed out");
1162 sta->sa_query_timed_out = 1;
1163 os_free(sta->sa_query_trans_id);
1164 sta->sa_query_trans_id = NULL;
1165 sta->sa_query_count = 0;
1166 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
1167 return 1;
1168 }
1169
1170 return 0;
1171 }
1172
1173
ap_sa_query_timer(void * eloop_ctx,void * timeout_ctx)1174 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
1175 {
1176 struct hostapd_data *hapd = eloop_ctx;
1177 struct sta_info *sta = timeout_ctx;
1178 unsigned int timeout, sec, usec;
1179 u8 *trans_id, *nbuf;
1180
1181 wpa_printf(MSG_DEBUG, "%s: SA Query timer for STA " MACSTR
1182 " (count=%d)",
1183 hapd->conf->iface, MAC2STR(sta->addr), sta->sa_query_count);
1184
1185 if (sta->sa_query_count > 0 &&
1186 ap_check_sa_query_timeout(hapd, sta))
1187 return;
1188 if (sta->sa_query_count >= 1000)
1189 return;
1190
1191 nbuf = os_realloc_array(sta->sa_query_trans_id,
1192 sta->sa_query_count + 1,
1193 WLAN_SA_QUERY_TR_ID_LEN);
1194 if (nbuf == NULL)
1195 return;
1196 if (sta->sa_query_count == 0) {
1197 /* Starting a new SA Query procedure */
1198 os_get_reltime(&sta->sa_query_start);
1199 }
1200 trans_id = nbuf + sta->sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
1201 sta->sa_query_trans_id = nbuf;
1202 sta->sa_query_count++;
1203
1204 if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) {
1205 /*
1206 * We don't really care which ID is used here, so simply
1207 * hardcode this if the mostly theoretical os_get_random()
1208 * failure happens.
1209 */
1210 trans_id[0] = 0x12;
1211 trans_id[1] = 0x34;
1212 }
1213
1214 timeout = hapd->conf->assoc_sa_query_retry_timeout;
1215 sec = ((timeout / 1000) * 1024) / 1000;
1216 usec = (timeout % 1000) * 1024;
1217 eloop_register_timeout(sec, usec, ap_sa_query_timer, hapd, sta);
1218
1219 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1220 HOSTAPD_LEVEL_DEBUG,
1221 "association SA Query attempt %d", sta->sa_query_count);
1222
1223 ieee802_11_send_sa_query_req(hapd, sta->addr, trans_id);
1224 }
1225
1226
ap_sta_start_sa_query(struct hostapd_data * hapd,struct sta_info * sta)1227 void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
1228 {
1229 ap_sa_query_timer(hapd, sta);
1230 }
1231
1232
ap_sta_stop_sa_query(struct hostapd_data * hapd,struct sta_info * sta)1233 void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
1234 {
1235 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
1236 os_free(sta->sa_query_trans_id);
1237 sta->sa_query_trans_id = NULL;
1238 sta->sa_query_count = 0;
1239 }
1240
1241
ap_sta_wpa_get_keyid(struct hostapd_data * hapd,struct sta_info * sta)1242 const char * ap_sta_wpa_get_keyid(struct hostapd_data *hapd,
1243 struct sta_info *sta)
1244 {
1245 struct hostapd_wpa_psk *psk;
1246 struct hostapd_ssid *ssid;
1247 const u8 *pmk;
1248 int pmk_len;
1249
1250 ssid = &hapd->conf->ssid;
1251
1252 pmk = wpa_auth_get_pmk(sta->wpa_sm, &pmk_len);
1253 if (!pmk || pmk_len != PMK_LEN)
1254 return NULL;
1255
1256 for (psk = ssid->wpa_psk; psk; psk = psk->next)
1257 if (os_memcmp(pmk, psk->psk, PMK_LEN) == 0)
1258 break;
1259 if (!psk || !psk->keyid[0])
1260 return NULL;
1261
1262 return psk->keyid;
1263 }
1264
1265
ap_sta_set_authorized(struct hostapd_data * hapd,struct sta_info * sta,int authorized)1266 void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
1267 int authorized)
1268 {
1269 const u8 *dev_addr = NULL;
1270 char buf[100];
1271 #ifdef CONFIG_P2P
1272 u8 addr[ETH_ALEN];
1273 u8 ip_addr_buf[4];
1274 #endif /* CONFIG_P2P */
1275 #ifdef __ZEPHYR__
1276 enum net_event_wifi_cmd event = authorized ?
1277 NET_EVENT_WIFI_CMD_AP_STA_CONNECTED :
1278 NET_EVENT_WIFI_CMD_AP_STA_DISCONNECTED;
1279 #endif /* __ZEPHYR__ */
1280
1281 if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED))
1282 return;
1283
1284 if (authorized)
1285 sta->flags |= WLAN_STA_AUTHORIZED;
1286 else
1287 sta->flags &= ~WLAN_STA_AUTHORIZED;
1288
1289 #ifdef CONFIG_P2P
1290 if (hapd->p2p_group == NULL) {
1291 if (sta->p2p_ie != NULL &&
1292 p2p_parse_dev_addr_in_p2p_ie(sta->p2p_ie, addr) == 0)
1293 dev_addr = addr;
1294 } else
1295 dev_addr = p2p_group_get_dev_addr(hapd->p2p_group, sta->addr);
1296
1297 if (dev_addr)
1298 os_snprintf(buf, sizeof(buf), MACSTR " p2p_dev_addr=" MACSTR,
1299 MAC2STR(sta->addr), MAC2STR(dev_addr));
1300 else
1301 #endif /* CONFIG_P2P */
1302 os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
1303
1304 if (hapd->sta_authorized_cb)
1305 hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx,
1306 sta->addr, authorized, dev_addr);
1307
1308 if (authorized) {
1309 const char *keyid;
1310 char keyid_buf[100];
1311 char ip_addr[100];
1312
1313 keyid_buf[0] = '\0';
1314 ip_addr[0] = '\0';
1315 #ifdef CONFIG_P2P
1316 if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
1317 os_snprintf(ip_addr, sizeof(ip_addr),
1318 " ip_addr=%u.%u.%u.%u",
1319 ip_addr_buf[0], ip_addr_buf[1],
1320 ip_addr_buf[2], ip_addr_buf[3]);
1321 }
1322 #endif /* CONFIG_P2P */
1323
1324 keyid = ap_sta_wpa_get_keyid(hapd, sta);
1325 if (keyid) {
1326 os_snprintf(keyid_buf, sizeof(keyid_buf),
1327 " keyid=%s", keyid);
1328 }
1329
1330 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s",
1331 buf, ip_addr, keyid_buf);
1332
1333 if (hapd->msg_ctx_parent &&
1334 hapd->msg_ctx_parent != hapd->msg_ctx)
1335 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
1336 AP_STA_CONNECTED "%s%s%s",
1337 buf, ip_addr, keyid_buf);
1338 } else {
1339 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
1340
1341 if (hapd->msg_ctx_parent &&
1342 hapd->msg_ctx_parent != hapd->msg_ctx)
1343 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
1344 AP_STA_DISCONNECTED "%s", buf);
1345 }
1346
1347 #ifdef __ZEPHYR__
1348 supplicant_send_wifi_mgmt_ap_sta_event(hapd->iface->owner,
1349 event,
1350 sta);
1351 #endif /* __ZEPHYR__ */
1352
1353 #ifdef CONFIG_FST
1354 if (hapd->iface->fst) {
1355 if (authorized)
1356 fst_notify_peer_connected(hapd->iface->fst, sta->addr);
1357 else
1358 fst_notify_peer_disconnected(hapd->iface->fst,
1359 sta->addr);
1360 }
1361 #endif /* CONFIG_FST */
1362 }
1363
1364
ap_sta_disconnect(struct hostapd_data * hapd,struct sta_info * sta,const u8 * addr,u16 reason)1365 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
1366 const u8 *addr, u16 reason)
1367 {
1368 if (sta)
1369 wpa_printf(MSG_DEBUG, "%s: %s STA " MACSTR " reason=%u",
1370 hapd->conf->iface, __func__, MAC2STR(sta->addr),
1371 reason);
1372 else if (addr)
1373 wpa_printf(MSG_DEBUG, "%s: %s addr " MACSTR " reason=%u",
1374 hapd->conf->iface, __func__, MAC2STR(addr),
1375 reason);
1376
1377 if (sta == NULL && addr)
1378 sta = ap_get_sta(hapd, addr);
1379
1380 if (addr)
1381 hostapd_drv_sta_deauth(hapd, addr, reason);
1382
1383 if (sta == NULL)
1384 return;
1385 ap_sta_set_authorized(hapd, sta, 0);
1386 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
1387 hostapd_set_sta_flags(hapd, sta);
1388 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
1389 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
1390 wpa_printf(MSG_DEBUG, "%s: %s: reschedule ap_handle_timer timeout "
1391 "for " MACSTR " (%d seconds - "
1392 "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
1393 hapd->conf->iface, __func__, MAC2STR(sta->addr),
1394 AP_MAX_INACTIVITY_AFTER_DEAUTH);
1395 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
1396 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
1397 ap_handle_timer, hapd, sta);
1398 sta->timeout_next = STA_REMOVE;
1399
1400 if (hapd->iface->current_mode &&
1401 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
1402 /* Deauthentication is not used in DMG/IEEE 802.11ad;
1403 * disassociate the STA instead. */
1404 sta->disassoc_reason = reason;
1405 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
1406 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
1407 eloop_register_timeout(hapd->iface->drv_flags &
1408 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ?
1409 2 : 0, 0, ap_sta_disassoc_cb_timeout,
1410 hapd, sta);
1411 return;
1412 }
1413
1414 sta->deauth_reason = reason;
1415 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
1416 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1417 eloop_register_timeout(hapd->iface->drv_flags &
1418 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
1419 ap_sta_deauth_cb_timeout, hapd, sta);
1420 }
1421
1422
ap_sta_deauth_cb(struct hostapd_data * hapd,struct sta_info * sta)1423 void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta)
1424 {
1425 if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) {
1426 wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame");
1427 return;
1428 }
1429 sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB;
1430 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1431 ap_sta_deauth_cb_timeout(hapd, sta);
1432 }
1433
1434
ap_sta_disassoc_cb(struct hostapd_data * hapd,struct sta_info * sta)1435 void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta)
1436 {
1437 if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) {
1438 wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame");
1439 return;
1440 }
1441 sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB;
1442 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
1443 ap_sta_disassoc_cb_timeout(hapd, sta);
1444 }
1445
1446
ap_sta_clear_disconnect_timeouts(struct hostapd_data * hapd,struct sta_info * sta)1447 void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd,
1448 struct sta_info *sta)
1449 {
1450 if (eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta) > 0)
1451 wpa_printf(MSG_DEBUG,
1452 "%s: Removed ap_sta_deauth_cb_timeout timeout for "
1453 MACSTR,
1454 hapd->conf->iface, MAC2STR(sta->addr));
1455 if (eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta) > 0)
1456 wpa_printf(MSG_DEBUG,
1457 "%s: Removed ap_sta_disassoc_cb_timeout timeout for "
1458 MACSTR,
1459 hapd->conf->iface, MAC2STR(sta->addr));
1460 if (eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta) > 0)
1461 {
1462 wpa_printf(MSG_DEBUG,
1463 "%s: Removed ap_sta_delayed_1x_auth_fail_cb timeout for "
1464 MACSTR,
1465 hapd->conf->iface, MAC2STR(sta->addr));
1466 if (sta->flags & WLAN_STA_WPS)
1467 hostapd_wps_eap_completed(hapd);
1468 }
1469 }
1470
1471
ap_sta_flags_txt(u32 flags,char * buf,size_t buflen)1472 int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen)
1473 {
1474 int res;
1475
1476 buf[0] = '\0';
1477 res = os_snprintf(buf, buflen,
1478 "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
1479 (flags & WLAN_STA_AUTH ? "[AUTH]" : ""),
1480 (flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""),
1481 (flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : ""),
1482 (flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" :
1483 ""),
1484 (flags & WLAN_STA_SHORT_PREAMBLE ?
1485 "[SHORT_PREAMBLE]" : ""),
1486 (flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""),
1487 (flags & WLAN_STA_WMM ? "[WMM]" : ""),
1488 (flags & WLAN_STA_MFP ? "[MFP]" : ""),
1489 (flags & WLAN_STA_WPS ? "[WPS]" : ""),
1490 (flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""),
1491 (flags & WLAN_STA_WDS ? "[WDS]" : ""),
1492 (flags & WLAN_STA_NONERP ? "[NonERP]" : ""),
1493 (flags & WLAN_STA_WPS2 ? "[WPS2]" : ""),
1494 (flags & WLAN_STA_GAS ? "[GAS]" : ""),
1495 (flags & WLAN_STA_HT ? "[HT]" : ""),
1496 (flags & WLAN_STA_VHT ? "[VHT]" : ""),
1497 (flags & WLAN_STA_HE ? "[HE]" : ""),
1498 (flags & WLAN_STA_6GHZ ? "[6GHZ]" : ""),
1499 (flags & WLAN_STA_VENDOR_VHT ? "[VENDOR_VHT]" : ""),
1500 (flags & WLAN_STA_WNM_SLEEP_MODE ?
1501 "[WNM_SLEEP_MODE]" : ""));
1502 if (os_snprintf_error(buflen, res))
1503 res = -1;
1504
1505 return res;
1506 }
1507
1508
ap_sta_delayed_1x_auth_fail_cb(void * eloop_ctx,void * timeout_ctx)1509 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx)
1510 {
1511 struct hostapd_data *hapd = eloop_ctx;
1512 struct sta_info *sta = timeout_ctx;
1513 u16 reason;
1514
1515 wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
1516 "IEEE 802.1X: Scheduled disconnection of " MACSTR
1517 " after EAP-Failure", MAC2STR(sta->addr));
1518
1519 reason = sta->disconnect_reason_code;
1520 if (!reason)
1521 reason = WLAN_REASON_IEEE_802_1X_AUTH_FAILED;
1522 ap_sta_disconnect(hapd, sta, sta->addr, reason);
1523 if (sta->flags & WLAN_STA_WPS)
1524 hostapd_wps_eap_completed(hapd);
1525 }
1526
1527
ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data * hapd,struct sta_info * sta)1528 void ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
1529 struct sta_info *sta)
1530 {
1531 wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
1532 "IEEE 802.1X: Force disconnection of " MACSTR
1533 " after EAP-Failure in 10 ms", MAC2STR(sta->addr));
1534
1535 /*
1536 * Add a small sleep to increase likelihood of previously requested
1537 * EAP-Failure TX getting out before this should the driver reorder
1538 * operations.
1539 */
1540 eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta);
1541 eloop_register_timeout(0, 10000, ap_sta_delayed_1x_auth_fail_cb,
1542 hapd, sta);
1543 }
1544
1545
ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data * hapd,struct sta_info * sta)1546 int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
1547 struct sta_info *sta)
1548 {
1549 return eloop_is_timeout_registered(ap_sta_delayed_1x_auth_fail_cb,
1550 hapd, sta);
1551 }
1552
1553
ap_sta_re_add(struct hostapd_data * hapd,struct sta_info * sta)1554 int ap_sta_re_add(struct hostapd_data *hapd, struct sta_info *sta)
1555 {
1556 /*
1557 * If a station that is already associated to the AP, is trying to
1558 * authenticate again, remove the STA entry, in order to make sure the
1559 * STA PS state gets cleared and configuration gets updated. To handle
1560 * this, station's added_unassoc flag is cleared once the station has
1561 * completed association.
1562 */
1563 ap_sta_set_authorized(hapd, sta, 0);
1564 hostapd_drv_sta_remove(hapd, sta->addr);
1565 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH | WLAN_STA_AUTHORIZED);
1566
1567 if (hostapd_sta_add(hapd, sta->addr, 0, 0,
1568 sta->supported_rates,
1569 sta->supported_rates_len,
1570 0, NULL, NULL, NULL, 0, NULL,
1571 sta->flags, 0, 0, 0, 0)) {
1572 hostapd_logger(hapd, sta->addr,
1573 HOSTAPD_MODULE_IEEE80211,
1574 HOSTAPD_LEVEL_NOTICE,
1575 "Could not add STA to kernel driver");
1576 return -1;
1577 }
1578
1579 sta->added_unassoc = 1;
1580 return 0;
1581 }
1582
