1 /*
2 * hostapd / Station table
3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/ieee802_11_defs.h"
14 #include "common/wpa_ctrl.h"
15 #include "common/sae.h"
16 #include "common/dpp.h"
17 #include "radius/radius.h"
18 #include "radius/radius_client.h"
19 #include "p2p/p2p.h"
20 #include "fst/fst.h"
21 #include "crypto/crypto.h"
22 #include "hostapd.h"
23 #include "accounting.h"
24 #include "ieee802_1x.h"
25 #include "ieee802_11.h"
26 #include "ieee802_11_auth.h"
27 #include "wpa_auth.h"
28 #include "preauth_auth.h"
29 #include "ap_config.h"
30 #include "beacon.h"
31 #include "ap_mlme.h"
32 #include "vlan_init.h"
33 #include "p2p_hostapd.h"
34 #include "ap_drv_ops.h"
35 #include "gas_serv.h"
36 #include "wnm_ap.h"
37 #include "mbo_ap.h"
38 #include "ndisc_snoop.h"
39 #include "sta_info.h"
40 #include "vlan.h"
41 #include "wps_hostapd.h"
42
43 #ifdef __ZEPHYR__
44 #include <supp_events.h>
45 #endif /* __ZEPHYR__ */
46
47 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
48 struct sta_info *sta);
49 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx);
50 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx);
51 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx);
52 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx);
53 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx);
54 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta);
55 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx);
56
ap_for_each_sta(struct hostapd_data * hapd,int (* cb)(struct hostapd_data * hapd,struct sta_info * sta,void * ctx),void * ctx)57 int ap_for_each_sta(struct hostapd_data *hapd,
58 int (*cb)(struct hostapd_data *hapd, struct sta_info *sta,
59 void *ctx),
60 void *ctx)
61 {
62 struct sta_info *sta;
63
64 for (sta = hapd->sta_list; sta; sta = sta->next) {
65 if (cb(hapd, sta, ctx))
66 return 1;
67 }
68
69 return 0;
70 }
71
72
ap_get_sta(struct hostapd_data * hapd,const u8 * sta)73 struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta)
74 {
75 struct sta_info *s;
76
77 s = hapd->sta_hash[STA_HASH(sta)];
78 while (s != NULL && os_memcmp(s->addr, sta, 6) != 0)
79 s = s->hnext;
80 return s;
81 }
82
83
84 #ifdef CONFIG_P2P
ap_get_sta_p2p(struct hostapd_data * hapd,const u8 * addr)85 struct sta_info * ap_get_sta_p2p(struct hostapd_data *hapd, const u8 *addr)
86 {
87 struct sta_info *sta;
88
89 for (sta = hapd->sta_list; sta; sta = sta->next) {
90 const u8 *p2p_dev_addr;
91
92 if (sta->p2p_ie == NULL)
93 continue;
94
95 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
96 if (p2p_dev_addr == NULL)
97 continue;
98
99 if (ether_addr_equal(p2p_dev_addr, addr))
100 return sta;
101 }
102
103 return NULL;
104 }
105 #endif /* CONFIG_P2P */
106
107
ap_sta_list_del(struct hostapd_data * hapd,struct sta_info * sta)108 static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta)
109 {
110 struct sta_info *tmp;
111
112 if (hapd->sta_list == sta) {
113 hapd->sta_list = sta->next;
114 return;
115 }
116
117 tmp = hapd->sta_list;
118 while (tmp != NULL && tmp->next != sta)
119 tmp = tmp->next;
120 if (tmp == NULL) {
121 wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from "
122 "list.", MAC2STR(sta->addr));
123 } else
124 tmp->next = sta->next;
125 }
126
127
ap_sta_hash_add(struct hostapd_data * hapd,struct sta_info * sta)128 void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta)
129 {
130 sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)];
131 hapd->sta_hash[STA_HASH(sta->addr)] = sta;
132 }
133
134
ap_sta_hash_del(struct hostapd_data * hapd,struct sta_info * sta)135 static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta)
136 {
137 struct sta_info *s;
138
139 s = hapd->sta_hash[STA_HASH(sta->addr)];
140 if (s == NULL) return;
141 if (os_memcmp(s->addr, sta->addr, 6) == 0) {
142 hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext;
143 return;
144 }
145
146 while (s->hnext != NULL &&
147 !ether_addr_equal(s->hnext->addr, sta->addr))
148 s = s->hnext;
149 if (s->hnext != NULL)
150 s->hnext = s->hnext->hnext;
151 else
152 wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR
153 " from hash table", MAC2STR(sta->addr));
154 }
155
156
ap_sta_ip6addr_del(struct hostapd_data * hapd,struct sta_info * sta)157 void ap_sta_ip6addr_del(struct hostapd_data *hapd, struct sta_info *sta)
158 {
159 sta_ip6addr_del(hapd, sta);
160 }
161
162
163 #ifdef CONFIG_PASN
164
ap_free_sta_pasn(struct hostapd_data * hapd,struct sta_info * sta)165 void ap_free_sta_pasn(struct hostapd_data *hapd, struct sta_info *sta)
166 {
167 if (sta->pasn) {
168 wpa_printf(MSG_DEBUG, "PASN: Free PASN context: " MACSTR,
169 MAC2STR(sta->addr));
170
171 if (sta->pasn->ecdh)
172 crypto_ecdh_deinit(sta->pasn->ecdh);
173
174 wpabuf_free(sta->pasn->secret);
175 sta->pasn->secret = NULL;
176
177 #ifdef CONFIG_SAE
178 sae_clear_data(&sta->pasn->sae);
179 #endif /* CONFIG_SAE */
180
181 #ifdef CONFIG_FILS
182 /* In practice this pointer should be NULL */
183 wpabuf_free(sta->pasn->fils.erp_resp);
184 sta->pasn->fils.erp_resp = NULL;
185 #endif /* CONFIG_FILS */
186
187 pasn_data_deinit(sta->pasn);
188 sta->pasn = NULL;
189 }
190 }
191
192 #endif /* CONFIG_PASN */
193
194
__ap_free_sta(struct hostapd_data * hapd,struct sta_info * sta)195 static void __ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
196 {
197 #ifdef CONFIG_IEEE80211BE
198 if (hostapd_sta_is_link_sta(hapd, sta) &&
199 !hostapd_drv_link_sta_remove(hapd, sta->addr))
200 return;
201 #endif /* CONFIG_IEEE80211BE */
202
203 hostapd_drv_sta_remove(hapd, sta->addr);
204 }
205
206
207 #ifdef CONFIG_IEEE80211BE
clear_wpa_sm_for_each_partner_link(struct hostapd_data * hapd,struct sta_info * psta)208 static void clear_wpa_sm_for_each_partner_link(struct hostapd_data *hapd,
209 struct sta_info *psta)
210 {
211 struct sta_info *lsta;
212 struct hostapd_data *lhapd;
213
214 if (!ap_sta_is_mld(hapd, psta))
215 return;
216
217 for_each_mld_link(lhapd, hapd) {
218 if (lhapd == hapd)
219 continue;
220
221 lsta = ap_get_sta(lhapd, psta->addr);
222 if (lsta)
223 lsta->wpa_sm = NULL;
224 }
225 }
226 #endif /* CONFIG_IEEE80211BE */
227
228
ap_free_sta(struct hostapd_data * hapd,struct sta_info * sta)229 void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
230 {
231 int set_beacon = 0;
232
233 accounting_sta_stop(hapd, sta);
234
235 /* just in case */
236 ap_sta_set_authorized(hapd, sta, 0);
237 hostapd_set_sta_flags(hapd, sta);
238
239 if ((sta->flags & WLAN_STA_WDS) ||
240 (sta->flags & WLAN_STA_MULTI_AP &&
241 (hapd->conf->multi_ap & BACKHAUL_BSS) &&
242 hapd->conf->wds_sta &&
243 !(sta->flags & WLAN_STA_WPS)))
244 hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0);
245
246 if (sta->ipaddr)
247 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
248 ap_sta_ip6addr_del(hapd, sta);
249
250 if (!hapd->iface->driver_ap_teardown &&
251 !(sta->flags & WLAN_STA_PREAUTH)) {
252 __ap_free_sta(hapd, sta);
253 sta->added_unassoc = 0;
254 }
255
256 ap_sta_hash_del(hapd, sta);
257 ap_sta_list_del(hapd, sta);
258
259 if (sta->aid > 0)
260 hapd->sta_aid[(sta->aid - 1) / 32] &=
261 ~BIT((sta->aid - 1) % 32);
262
263 hapd->num_sta--;
264 if (sta->nonerp_set) {
265 sta->nonerp_set = 0;
266 hapd->iface->num_sta_non_erp--;
267 if (hapd->iface->num_sta_non_erp == 0)
268 set_beacon++;
269 }
270
271 if (sta->no_short_slot_time_set) {
272 sta->no_short_slot_time_set = 0;
273 hapd->iface->num_sta_no_short_slot_time--;
274 if (hapd->iface->current_mode &&
275 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
276 && hapd->iface->num_sta_no_short_slot_time == 0)
277 set_beacon++;
278 }
279
280 if (sta->no_short_preamble_set) {
281 sta->no_short_preamble_set = 0;
282 hapd->iface->num_sta_no_short_preamble--;
283 if (hapd->iface->current_mode &&
284 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
285 && hapd->iface->num_sta_no_short_preamble == 0)
286 set_beacon++;
287 }
288
289 if (sta->no_ht_gf_set) {
290 sta->no_ht_gf_set = 0;
291 hapd->iface->num_sta_ht_no_gf--;
292 }
293
294 if (sta->no_ht_set) {
295 sta->no_ht_set = 0;
296 hapd->iface->num_sta_no_ht--;
297 }
298
299 if (sta->ht_20mhz_set) {
300 sta->ht_20mhz_set = 0;
301 hapd->iface->num_sta_ht_20mhz--;
302 }
303
304 #ifdef CONFIG_TAXONOMY
305 wpabuf_free(sta->probe_ie_taxonomy);
306 sta->probe_ie_taxonomy = NULL;
307 wpabuf_free(sta->assoc_ie_taxonomy);
308 sta->assoc_ie_taxonomy = NULL;
309 #endif /* CONFIG_TAXONOMY */
310
311 ht40_intolerant_remove(hapd->iface, sta);
312
313 #ifdef CONFIG_P2P
314 if (sta->no_p2p_set) {
315 sta->no_p2p_set = 0;
316 hapd->num_sta_no_p2p--;
317 if (hapd->num_sta_no_p2p == 0)
318 hostapd_p2p_non_p2p_sta_disconnected(hapd);
319 }
320 #endif /* CONFIG_P2P */
321
322 #ifdef NEED_AP_MLME
323 if (hostapd_ht_operation_update(hapd->iface) > 0)
324 set_beacon++;
325 #endif /* NEED_AP_MLME */
326
327 #ifdef CONFIG_MESH
328 if (hapd->mesh_sta_free_cb)
329 hapd->mesh_sta_free_cb(hapd, sta);
330 #endif /* CONFIG_MESH */
331
332 if (set_beacon)
333 ieee802_11_update_beacons(hapd->iface);
334
335 wpa_printf(MSG_DEBUG, "%s: cancel ap_handle_timer for " MACSTR,
336 __func__, MAC2STR(sta->addr));
337 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
338 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
339 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
340 ap_sta_clear_disconnect_timeouts(hapd, sta);
341 sae_clear_retransmit_timer(hapd, sta);
342
343 ieee802_1x_free_station(hapd, sta);
344
345 #ifdef CONFIG_IEEE80211BE
346 if (!ap_sta_is_mld(hapd, sta) ||
347 hapd->mld_link_id == sta->mld_assoc_link_id) {
348 wpa_auth_sta_deinit(sta->wpa_sm);
349 /* Remove references from partner links. */
350 clear_wpa_sm_for_each_partner_link(hapd, sta);
351 }
352
353 /* Release group references in case non-association link STA is removed
354 * before association link STA */
355 if (hostapd_sta_is_link_sta(hapd, sta))
356 wpa_release_link_auth_ref(sta->wpa_sm, hapd->mld_link_id);
357 #else /* CONFIG_IEEE80211BE */
358 wpa_auth_sta_deinit(sta->wpa_sm);
359 #endif /* CONFIG_IEEE80211BE */
360
361 rsn_preauth_free_station(hapd, sta);
362 #ifndef CONFIG_NO_RADIUS
363 if (hapd->radius)
364 radius_client_flush_auth(hapd->radius, sta->addr);
365 #endif /* CONFIG_NO_RADIUS */
366
367 #ifndef CONFIG_NO_VLAN
368 /*
369 * sta->wpa_sm->group needs to be released before so that
370 * vlan_remove_dynamic() can check that no stations are left on the
371 * AP_VLAN netdev.
372 */
373 if (sta->vlan_id)
374 vlan_remove_dynamic(hapd, sta->vlan_id);
375 if (sta->vlan_id_bound) {
376 /*
377 * Need to remove the STA entry before potentially removing the
378 * VLAN.
379 */
380 if (hapd->iface->driver_ap_teardown &&
381 !(sta->flags & WLAN_STA_PREAUTH)) {
382 hostapd_drv_sta_remove(hapd, sta->addr);
383 sta->added_unassoc = 0;
384 }
385 vlan_remove_dynamic(hapd, sta->vlan_id_bound);
386 }
387 #endif /* CONFIG_NO_VLAN */
388
389 os_free(sta->challenge);
390
391 os_free(sta->sa_query_trans_id);
392 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
393
394 #ifdef CONFIG_P2P
395 p2p_group_notif_disassoc(hapd->p2p_group, sta->addr);
396 #endif /* CONFIG_P2P */
397
398 #ifdef CONFIG_INTERWORKING
399 if (sta->gas_dialog) {
400 int i;
401
402 for (i = 0; i < GAS_DIALOG_MAX; i++)
403 gas_serv_dialog_clear(&sta->gas_dialog[i]);
404 os_free(sta->gas_dialog);
405 }
406 #endif /* CONFIG_INTERWORKING */
407
408 wpabuf_free(sta->wps_ie);
409 wpabuf_free(sta->p2p_ie);
410 wpabuf_free(sta->hs20_ie);
411 wpabuf_free(sta->roaming_consortium);
412 #ifdef CONFIG_FST
413 wpabuf_free(sta->mb_ies);
414 #endif /* CONFIG_FST */
415
416 os_free(sta->ht_capabilities);
417 os_free(sta->vht_capabilities);
418 os_free(sta->vht_operation);
419 os_free(sta->he_capab);
420 os_free(sta->he_6ghz_capab);
421 os_free(sta->eht_capab);
422 hostapd_free_psk_list(sta->psk);
423 os_free(sta->identity);
424 os_free(sta->radius_cui);
425 os_free(sta->remediation_url);
426 os_free(sta->t_c_url);
427 wpabuf_free(sta->hs20_deauth_req);
428 os_free(sta->hs20_session_info_url);
429
430 #ifdef CONFIG_SAE
431 sae_clear_data(sta->sae);
432 os_free(sta->sae);
433 #endif /* CONFIG_SAE */
434
435 mbo_ap_sta_free(sta);
436 os_free(sta->supp_op_classes);
437
438 #ifdef CONFIG_FILS
439 os_free(sta->fils_pending_assoc_req);
440 wpabuf_free(sta->fils_hlp_resp);
441 wpabuf_free(sta->hlp_dhcp_discover);
442 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
443 #ifdef CONFIG_FILS_SK_PFS
444 crypto_ecdh_deinit(sta->fils_ecdh);
445 wpabuf_clear_free(sta->fils_dh_ss);
446 wpabuf_free(sta->fils_g_sta);
447 #endif /* CONFIG_FILS_SK_PFS */
448 #endif /* CONFIG_FILS */
449
450 #ifdef CONFIG_OWE
451 bin_clear_free(sta->owe_pmk, sta->owe_pmk_len);
452 crypto_ecdh_deinit(sta->owe_ecdh);
453 #endif /* CONFIG_OWE */
454
455 #ifdef CONFIG_DPP2
456 dpp_pfs_free(sta->dpp_pfs);
457 sta->dpp_pfs = NULL;
458 #endif /* CONFIG_DPP2 */
459
460 os_free(sta->ext_capability);
461
462 #ifdef CONFIG_WNM_AP
463 eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta);
464 #endif /* CONFIG_WNM_AP */
465
466 #ifdef CONFIG_PASN
467 ap_free_sta_pasn(hapd, sta);
468 #endif /* CONFIG_PASN */
469
470 os_free(sta->ifname_wds);
471
472 #ifdef CONFIG_IEEE80211BE
473 ap_sta_free_sta_profile(&sta->mld_info);
474 #endif /* CONFIG_IEEE80211BE */
475
476 #ifdef CONFIG_TESTING_OPTIONS
477 os_free(sta->sae_postponed_commit);
478 forced_memzero(sta->last_tk, WPA_TK_MAX_LEN);
479 #endif /* CONFIG_TESTING_OPTIONS */
480
481 os_free(sta);
482 }
483
484
hostapd_free_stas(struct hostapd_data * hapd)485 void hostapd_free_stas(struct hostapd_data *hapd)
486 {
487 struct sta_info *sta, *prev;
488
489 sta = hapd->sta_list;
490
491 while (sta) {
492 prev = sta;
493 if (sta->flags & WLAN_STA_AUTH) {
494 mlme_deauthenticate_indication(
495 hapd, sta, WLAN_REASON_UNSPECIFIED);
496 }
497 sta = sta->next;
498 wpa_printf(MSG_DEBUG, "Removing station " MACSTR,
499 MAC2STR(prev->addr));
500 ap_free_sta(hapd, prev);
501 }
502 }
503
504
505 #ifdef CONFIG_IEEE80211BE
hostapd_free_link_stas(struct hostapd_data * hapd)506 void hostapd_free_link_stas(struct hostapd_data *hapd)
507 {
508 struct sta_info *sta, *prev;
509
510 sta = hapd->sta_list;
511 while (sta) {
512 prev = sta;
513 sta = sta->next;
514
515 if (!hostapd_sta_is_link_sta(hapd, prev))
516 continue;
517
518 wpa_printf(MSG_DEBUG, "Removing link station from MLD " MACSTR,
519 MAC2STR(prev->addr));
520 ap_free_sta(hapd, prev);
521 }
522 }
523 #endif /* CONFIG_IEEE80211BE */
524
525
526 /**
527 * ap_handle_timer - Per STA timer handler
528 * @eloop_ctx: struct hostapd_data *
529 * @timeout_ctx: struct sta_info *
530 *
531 * This function is called to check station activity and to remove inactive
532 * stations.
533 */
ap_handle_timer(void * eloop_ctx,void * timeout_ctx)534 void ap_handle_timer(void *eloop_ctx, void *timeout_ctx)
535 {
536 struct hostapd_data *hapd = eloop_ctx;
537 struct sta_info *sta = timeout_ctx;
538 unsigned long next_time = 0;
539 int reason;
540 int max_inactivity = hapd->conf->ap_max_inactivity;
541
542 wpa_printf(MSG_DEBUG, "%s: %s: " MACSTR " flags=0x%x timeout_next=%d",
543 hapd->conf->iface, __func__, MAC2STR(sta->addr), sta->flags,
544 sta->timeout_next);
545 if (sta->timeout_next == STA_REMOVE) {
546 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
547 HOSTAPD_LEVEL_INFO, "deauthenticated due to "
548 "local deauth request");
549 ap_free_sta(hapd, sta);
550 return;
551 }
552
553 if (sta->max_idle_period)
554 max_inactivity = (sta->max_idle_period * 1024 + 999) / 1000;
555
556 if ((sta->flags & WLAN_STA_ASSOC) &&
557 (sta->timeout_next == STA_NULLFUNC ||
558 sta->timeout_next == STA_DISASSOC)) {
559 int inactive_sec;
560 /*
561 * Add random value to timeout so that we don't end up bouncing
562 * all stations at the same time if we have lots of associated
563 * stations that are idle (but keep re-associating).
564 */
565 int fuzz = os_random() % 20;
566 inactive_sec = hostapd_drv_get_inact_sec(hapd, sta->addr);
567 if (inactive_sec == -1) {
568 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
569 "Check inactivity: Could not "
570 "get station info from kernel driver for "
571 MACSTR, MAC2STR(sta->addr));
572 /*
573 * The driver may not support this functionality.
574 * Anyway, try again after the next inactivity timeout,
575 * but do not disconnect the station now.
576 */
577 next_time = max_inactivity + fuzz;
578 } else if (inactive_sec == -ENOENT) {
579 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
580 "Station " MACSTR " has lost its driver entry",
581 MAC2STR(sta->addr));
582
583 /* Avoid sending client probe on removed client */
584 sta->timeout_next = STA_DISASSOC;
585 goto skip_poll;
586 } else if (inactive_sec < max_inactivity) {
587 /* station activity detected; reset timeout state */
588 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
589 "Station " MACSTR " has been active %is ago",
590 MAC2STR(sta->addr), inactive_sec);
591 sta->timeout_next = STA_NULLFUNC;
592 next_time = max_inactivity + fuzz - inactive_sec;
593 } else {
594 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
595 "Station " MACSTR " has been "
596 "inactive too long: %d sec, max allowed: %d",
597 MAC2STR(sta->addr), inactive_sec,
598 max_inactivity);
599
600 if (hapd->conf->skip_inactivity_poll)
601 sta->timeout_next = STA_DISASSOC;
602 }
603 }
604
605 if ((sta->flags & WLAN_STA_ASSOC) &&
606 sta->timeout_next == STA_DISASSOC &&
607 !(sta->flags & WLAN_STA_PENDING_POLL) &&
608 !hapd->conf->skip_inactivity_poll) {
609 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
610 " has ACKed data poll", MAC2STR(sta->addr));
611 /* data nullfunc frame poll did not produce TX errors; assume
612 * station ACKed it */
613 sta->timeout_next = STA_NULLFUNC;
614 next_time = max_inactivity;
615 }
616
617 skip_poll:
618 if (next_time) {
619 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
620 "for " MACSTR " (%lu seconds)",
621 __func__, MAC2STR(sta->addr), next_time);
622 eloop_register_timeout(next_time, 0, ap_handle_timer, hapd,
623 sta);
624 return;
625 }
626
627 if (sta->timeout_next == STA_NULLFUNC &&
628 (sta->flags & WLAN_STA_ASSOC)) {
629 wpa_printf(MSG_DEBUG, " Polling STA");
630 sta->flags |= WLAN_STA_PENDING_POLL;
631 hostapd_drv_poll_client(hapd, hapd->own_addr, sta->addr,
632 sta->flags & WLAN_STA_WMM);
633 } else if (sta->timeout_next != STA_REMOVE) {
634 int deauth = sta->timeout_next == STA_DEAUTH;
635
636 if (!deauth && !(sta->flags & WLAN_STA_ASSOC)) {
637 /* Cannot disassociate not-associated STA, so move
638 * directly to deauthentication. */
639 sta->timeout_next = STA_DEAUTH;
640 deauth = 1;
641 }
642
643 wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
644 "Timeout, sending %s info to STA " MACSTR,
645 deauth ? "deauthentication" : "disassociation",
646 MAC2STR(sta->addr));
647
648 if (deauth) {
649 hostapd_drv_sta_deauth(
650 hapd, sta->addr,
651 WLAN_REASON_PREV_AUTH_NOT_VALID);
652 } else {
653 reason = (sta->timeout_next == STA_DISASSOC) ?
654 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
655 WLAN_REASON_PREV_AUTH_NOT_VALID;
656
657 hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
658 }
659 }
660
661 switch (sta->timeout_next) {
662 case STA_NULLFUNC:
663 sta->timeout_next = STA_DISASSOC;
664 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
665 "for " MACSTR " (%d seconds - AP_DISASSOC_DELAY)",
666 __func__, MAC2STR(sta->addr), AP_DISASSOC_DELAY);
667 eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer,
668 hapd, sta);
669 break;
670 case STA_DISASSOC:
671 case STA_DISASSOC_FROM_CLI:
672 ap_sta_set_authorized(hapd, sta, 0);
673 sta->flags &= ~WLAN_STA_ASSOC;
674 hostapd_set_sta_flags(hapd, sta);
675 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
676 if (!sta->acct_terminate_cause)
677 sta->acct_terminate_cause =
678 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
679 accounting_sta_stop(hapd, sta);
680 ieee802_1x_free_station(hapd, sta);
681 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
682 HOSTAPD_LEVEL_INFO, "disassociated due to "
683 "inactivity");
684 reason = (sta->timeout_next == STA_DISASSOC) ?
685 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
686 WLAN_REASON_PREV_AUTH_NOT_VALID;
687 sta->timeout_next = STA_DEAUTH;
688 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
689 "for " MACSTR " (%d seconds - AP_DEAUTH_DELAY)",
690 __func__, MAC2STR(sta->addr), AP_DEAUTH_DELAY);
691 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
692 hapd, sta);
693 mlme_disassociate_indication(hapd, sta, reason);
694 break;
695 case STA_DEAUTH:
696 case STA_REMOVE:
697 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
698 HOSTAPD_LEVEL_INFO, "deauthenticated due to "
699 "inactivity (timer DEAUTH/REMOVE)");
700 if (!sta->acct_terminate_cause)
701 sta->acct_terminate_cause =
702 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
703 mlme_deauthenticate_indication(
704 hapd, sta,
705 WLAN_REASON_PREV_AUTH_NOT_VALID);
706 ap_free_sta(hapd, sta);
707 break;
708 }
709 }
710
711
ap_handle_session_timer(void * eloop_ctx,void * timeout_ctx)712 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx)
713 {
714 struct hostapd_data *hapd = eloop_ctx;
715 struct sta_info *sta = timeout_ctx;
716
717 wpa_printf(MSG_DEBUG, "%s: Session timer for STA " MACSTR,
718 hapd->conf->iface, MAC2STR(sta->addr));
719 if (!(sta->flags & (WLAN_STA_AUTH | WLAN_STA_ASSOC |
720 WLAN_STA_AUTHORIZED))) {
721 if (sta->flags & WLAN_STA_GAS) {
722 wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA "
723 "entry " MACSTR, MAC2STR(sta->addr));
724 ap_free_sta(hapd, sta);
725 }
726 return;
727 }
728
729 hostapd_drv_sta_deauth(hapd, sta->addr,
730 WLAN_REASON_PREV_AUTH_NOT_VALID);
731 mlme_deauthenticate_indication(hapd, sta,
732 WLAN_REASON_PREV_AUTH_NOT_VALID);
733 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
734 HOSTAPD_LEVEL_INFO, "deauthenticated due to "
735 "session timeout");
736 sta->acct_terminate_cause =
737 RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT;
738 ap_free_sta(hapd, sta);
739 }
740
741
ap_sta_replenish_timeout(struct hostapd_data * hapd,struct sta_info * sta,u32 session_timeout)742 void ap_sta_replenish_timeout(struct hostapd_data *hapd, struct sta_info *sta,
743 u32 session_timeout)
744 {
745 if (eloop_replenish_timeout(session_timeout, 0,
746 ap_handle_session_timer, hapd, sta) == 1) {
747 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
748 HOSTAPD_LEVEL_DEBUG, "setting session timeout "
749 "to %d seconds", session_timeout);
750 }
751 }
752
753
ap_sta_session_timeout(struct hostapd_data * hapd,struct sta_info * sta,u32 session_timeout)754 void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta,
755 u32 session_timeout)
756 {
757 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
758 HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d "
759 "seconds", session_timeout);
760 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
761 eloop_register_timeout(session_timeout, 0, ap_handle_session_timer,
762 hapd, sta);
763 }
764
765
ap_sta_no_session_timeout(struct hostapd_data * hapd,struct sta_info * sta)766 void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta)
767 {
768 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
769 }
770
771
ap_handle_session_warning_timer(void * eloop_ctx,void * timeout_ctx)772 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx)
773 {
774 #ifdef CONFIG_WNM_AP
775 struct hostapd_data *hapd = eloop_ctx;
776 struct sta_info *sta = timeout_ctx;
777
778 wpa_printf(MSG_DEBUG, "%s: WNM: Session warning time reached for "
779 MACSTR, hapd->conf->iface, MAC2STR(sta->addr));
780 if (sta->hs20_session_info_url == NULL)
781 return;
782
783 wnm_send_ess_disassoc_imminent(hapd, sta, sta->hs20_session_info_url,
784 sta->hs20_disassoc_timer);
785 #endif /* CONFIG_WNM_AP */
786 }
787
788
ap_sta_session_warning_timeout(struct hostapd_data * hapd,struct sta_info * sta,int warning_time)789 void ap_sta_session_warning_timeout(struct hostapd_data *hapd,
790 struct sta_info *sta, int warning_time)
791 {
792 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
793 eloop_register_timeout(warning_time, 0, ap_handle_session_warning_timer,
794 hapd, sta);
795 }
796
797
ap_sta_add(struct hostapd_data * hapd,const u8 * addr)798 struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr)
799 {
800 struct sta_info *sta;
801 int i;
802 int max_inactivity = hapd->conf->ap_max_inactivity;
803
804 sta = ap_get_sta(hapd, addr);
805 if (sta)
806 return sta;
807
808 wpa_printf(MSG_DEBUG, " New STA");
809 if (hapd->num_sta >= hapd->conf->max_num_sta) {
810 /* FIX: might try to remove some old STAs first? */
811 wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)",
812 hapd->num_sta, hapd->conf->max_num_sta);
813 return NULL;
814 }
815
816 sta = os_zalloc(sizeof(struct sta_info));
817 if (sta == NULL) {
818 wpa_printf(MSG_ERROR, "malloc failed");
819 return NULL;
820 }
821 sta->acct_interim_interval = hapd->conf->acct_interim_interval;
822 if (accounting_sta_get_id(hapd, sta) < 0) {
823 os_free(sta);
824 return NULL;
825 }
826
827 for (i = 0; i < WLAN_SUPP_RATES_MAX; i++) {
828 if (!hapd->iface->basic_rates)
829 break;
830 if (hapd->iface->basic_rates[i] < 0)
831 break;
832 sta->supported_rates[i] = hapd->iface->basic_rates[i] / 5;
833 }
834 sta->supported_rates_len = i;
835
836 if (sta->max_idle_period)
837 max_inactivity = (sta->max_idle_period * 1024 + 999) / 1000;
838
839 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)) {
840 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
841 "for " MACSTR " (%d seconds - ap_max_inactivity)",
842 __func__, MAC2STR(addr),
843 max_inactivity);
844 eloop_register_timeout(max_inactivity, 0,
845 ap_handle_timer, hapd, sta);
846 }
847
848 /* initialize STA info data */
849 os_memcpy(sta->addr, addr, ETH_ALEN);
850 sta->next = hapd->sta_list;
851 hapd->sta_list = sta;
852 hapd->num_sta++;
853 ap_sta_hash_add(hapd, sta);
854 ap_sta_remove_in_other_bss(hapd, sta);
855 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
856 dl_list_init(&sta->ip6addr);
857
858 #ifdef CONFIG_TAXONOMY
859 sta_track_claim_taxonomy_info(hapd->iface, addr,
860 &sta->probe_ie_taxonomy);
861 #endif /* CONFIG_TAXONOMY */
862
863 return sta;
864 }
865
866
ap_sta_remove(struct hostapd_data * hapd,struct sta_info * sta)867 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta)
868 {
869 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
870
871 if (sta->ipaddr)
872 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
873 ap_sta_ip6addr_del(hapd, sta);
874
875 wpa_printf(MSG_DEBUG, "%s: Removing STA " MACSTR " from kernel driver",
876 hapd->conf->iface, MAC2STR(sta->addr));
877 if (hostapd_drv_sta_remove(hapd, sta->addr) &&
878 sta->flags & WLAN_STA_ASSOC) {
879 wpa_printf(MSG_DEBUG, "%s: Could not remove station " MACSTR
880 " from kernel driver",
881 hapd->conf->iface, MAC2STR(sta->addr));
882 return -1;
883 }
884 sta->added_unassoc = 0;
885 return 0;
886 }
887
888
ap_sta_remove_in_other_bss(struct hostapd_data * hapd,struct sta_info * sta)889 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
890 struct sta_info *sta)
891 {
892 struct hostapd_iface *iface = hapd->iface;
893 size_t i;
894
895 for (i = 0; i < iface->num_bss; i++) {
896 struct hostapd_data *bss = iface->bss[i];
897 struct sta_info *sta2;
898 /* bss should always be set during operation, but it may be
899 * NULL during reconfiguration. Assume the STA is not
900 * associated to another BSS in that case to avoid NULL pointer
901 * dereferences. */
902 if (bss == hapd || bss == NULL)
903 continue;
904 sta2 = ap_get_sta(bss, sta->addr);
905 if (!sta2)
906 continue;
907
908 wpa_printf(MSG_DEBUG, "%s: disconnect old STA " MACSTR
909 " association from another BSS %s",
910 hapd->conf->iface, MAC2STR(sta2->addr),
911 bss->conf->iface);
912 ap_sta_disconnect(bss, sta2, sta2->addr,
913 WLAN_REASON_PREV_AUTH_NOT_VALID);
914 }
915 }
916
917
ap_sta_disassoc_cb_timeout(void * eloop_ctx,void * timeout_ctx)918 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx)
919 {
920 struct hostapd_data *hapd = eloop_ctx;
921 struct sta_info *sta = timeout_ctx;
922
923 wpa_printf(MSG_DEBUG, "%s: Disassociation callback for STA " MACSTR,
924 hapd->conf->iface, MAC2STR(sta->addr));
925 ap_sta_remove(hapd, sta);
926 mlme_disassociate_indication(hapd, sta, sta->disassoc_reason);
927 }
928
929
ap_sta_disconnect_common(struct hostapd_data * hapd,struct sta_info * sta,unsigned int timeout)930 static void ap_sta_disconnect_common(struct hostapd_data *hapd,
931 struct sta_info *sta, unsigned int timeout)
932 {
933 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
934
935 ap_sta_set_authorized(hapd, sta, 0);
936 hostapd_set_sta_flags(hapd, sta);
937
938 wpa_printf(MSG_DEBUG,
939 "reschedule ap_handle_timer timeout (%u sec) for " MACSTR,
940 MAC2STR(sta->addr), timeout);
941
942 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
943 eloop_register_timeout(timeout, 0, ap_handle_timer, hapd, sta);
944 accounting_sta_stop(hapd, sta);
945 ieee802_1x_free_station(hapd, sta);
946 #ifdef CONFIG_IEEE80211BE
947 if (!hapd->conf->mld_ap ||
948 hapd->mld_link_id == sta->mld_assoc_link_id) {
949 wpa_auth_sta_deinit(sta->wpa_sm);
950 clear_wpa_sm_for_each_partner_link(hapd, sta);
951 }
952 #else /* CONFIG_IEEE80211BE */
953 wpa_auth_sta_deinit(sta->wpa_sm);
954 #endif /* CONFIG_IEEE80211BE */
955
956 sta->wpa_sm = NULL;
957 }
958
959
ap_sta_handle_disassociate(struct hostapd_data * hapd,struct sta_info * sta,u16 reason)960 static void ap_sta_handle_disassociate(struct hostapd_data *hapd,
961 struct sta_info *sta, u16 reason)
962 {
963 wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR,
964 hapd->conf->iface, MAC2STR(sta->addr));
965
966 if (hapd->iface->current_mode &&
967 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
968 /* Skip deauthentication in DMG/IEEE 802.11ad */
969 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
970 WLAN_STA_ASSOC_REQ_OK);
971 sta->timeout_next = STA_REMOVE;
972 } else {
973 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
974 sta->timeout_next = STA_DEAUTH;
975 }
976
977 ap_sta_disconnect_common(hapd, sta, AP_MAX_INACTIVITY_AFTER_DISASSOC);
978
979 sta->disassoc_reason = reason;
980 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
981 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
982 eloop_register_timeout(hapd->iface->drv_flags &
983 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
984 ap_sta_disassoc_cb_timeout, hapd, sta);
985 }
986
987
ap_sta_deauth_cb_timeout(void * eloop_ctx,void * timeout_ctx)988 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx)
989 {
990 struct hostapd_data *hapd = eloop_ctx;
991 struct sta_info *sta = timeout_ctx;
992
993 wpa_printf(MSG_DEBUG, "%s: Deauthentication callback for STA " MACSTR,
994 hapd->conf->iface, MAC2STR(sta->addr));
995 ap_sta_remove(hapd, sta);
996 mlme_deauthenticate_indication(hapd, sta, sta->deauth_reason);
997 }
998
999
ap_sta_handle_deauthenticate(struct hostapd_data * hapd,struct sta_info * sta,u16 reason)1000 static void ap_sta_handle_deauthenticate(struct hostapd_data *hapd,
1001 struct sta_info *sta, u16 reason)
1002 {
1003 if (hapd->iface->current_mode &&
1004 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
1005 /* Deauthentication is not used in DMG/IEEE 802.11ad;
1006 * disassociate the STA instead. */
1007 ap_sta_disassociate(hapd, sta, reason);
1008 return;
1009 }
1010
1011 wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR,
1012 hapd->conf->iface, MAC2STR(sta->addr));
1013
1014 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
1015
1016 sta->timeout_next = STA_REMOVE;
1017 ap_sta_disconnect_common(hapd, sta, AP_MAX_INACTIVITY_AFTER_DEAUTH);
1018
1019 sta->deauth_reason = reason;
1020 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
1021 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1022 eloop_register_timeout(hapd->iface->drv_flags &
1023 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
1024 ap_sta_deauth_cb_timeout, hapd, sta);
1025 }
1026
1027
ap_sta_ml_disconnect(struct hostapd_data * hapd,struct sta_info * sta,u16 reason,bool disassoc)1028 static bool ap_sta_ml_disconnect(struct hostapd_data *hapd,
1029 struct sta_info *sta, u16 reason,
1030 bool disassoc)
1031 {
1032 #ifdef CONFIG_IEEE80211BE
1033 struct hostapd_data *assoc_hapd, *tmp_hapd;
1034 struct sta_info *assoc_sta;
1035 unsigned int i, link_id;
1036 struct hapd_interfaces *interfaces;
1037
1038 if (!hostapd_is_mld_ap(hapd))
1039 return false;
1040
1041 /*
1042 * Get the station on which the association was performed, as it holds
1043 * the information about all the other links.
1044 */
1045 assoc_sta = hostapd_ml_get_assoc_sta(hapd, sta, &assoc_hapd);
1046 if (!assoc_sta)
1047 return false;
1048 interfaces = assoc_hapd->iface->interfaces;
1049
1050 for (link_id = 0; link_id < MAX_NUM_MLD_LINKS; link_id++) {
1051 if (!assoc_sta->mld_info.links[link_id].valid)
1052 continue;
1053
1054 for (i = 0; i < interfaces->count; i++) {
1055 struct sta_info *tmp_sta;
1056
1057 tmp_hapd = interfaces->iface[i]->bss[0];
1058
1059 if (!hostapd_is_ml_partner(tmp_hapd, assoc_hapd))
1060 continue;
1061
1062 for (tmp_sta = tmp_hapd->sta_list; tmp_sta;
1063 tmp_sta = tmp_sta->next) {
1064 /*
1065 * Handle the station on which the association
1066 * was done only after all other link station
1067 * are removed. Since there is a only a single
1068 * station per hapd with the same association
1069 * link simply break;
1070 */
1071 if (tmp_sta == assoc_sta)
1072 break;
1073
1074 if (tmp_sta->mld_assoc_link_id !=
1075 assoc_sta->mld_assoc_link_id ||
1076 tmp_sta->aid != assoc_sta->aid)
1077 continue;
1078
1079 if (disassoc)
1080 ap_sta_handle_disassociate(tmp_hapd,
1081 tmp_sta,
1082 reason);
1083 else
1084 ap_sta_handle_deauthenticate(tmp_hapd,
1085 tmp_sta,
1086 reason);
1087
1088 break;
1089 }
1090 }
1091 }
1092
1093 /* Disconnect the station on which the association was performed. */
1094 if (disassoc)
1095 ap_sta_handle_disassociate(assoc_hapd, assoc_sta, reason);
1096 else
1097 ap_sta_handle_deauthenticate(assoc_hapd, assoc_sta, reason);
1098
1099 return true;
1100 #else /* CONFIG_IEEE80211BE */
1101 return false;
1102 #endif /* CONFIG_IEEE80211BE */
1103 }
1104
1105
ap_sta_disassociate(struct hostapd_data * hapd,struct sta_info * sta,u16 reason)1106 void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta,
1107 u16 reason)
1108 {
1109 if (ap_sta_ml_disconnect(hapd, sta, reason, true))
1110 return;
1111
1112 ap_sta_handle_disassociate(hapd, sta, reason);
1113 }
1114
1115
ap_sta_deauthenticate(struct hostapd_data * hapd,struct sta_info * sta,u16 reason)1116 void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta,
1117 u16 reason)
1118 {
1119 if (ap_sta_ml_disconnect(hapd, sta, reason, false))
1120 return;
1121
1122 ap_sta_handle_deauthenticate(hapd, sta, reason);
1123 }
1124
1125
1126 #ifdef CONFIG_WPS
ap_sta_wps_cancel(struct hostapd_data * hapd,struct sta_info * sta,void * ctx)1127 int ap_sta_wps_cancel(struct hostapd_data *hapd,
1128 struct sta_info *sta, void *ctx)
1129 {
1130 if (sta && (sta->flags & WLAN_STA_WPS)) {
1131 ap_sta_deauthenticate(hapd, sta,
1132 WLAN_REASON_PREV_AUTH_NOT_VALID);
1133 wpa_printf(MSG_DEBUG, "WPS: %s: Deauth sta=" MACSTR,
1134 __func__, MAC2STR(sta->addr));
1135 return 1;
1136 }
1137
1138 return 0;
1139 }
1140 #endif /* CONFIG_WPS */
1141
1142
ap_sta_get_free_vlan_id(struct hostapd_data * hapd)1143 static int ap_sta_get_free_vlan_id(struct hostapd_data *hapd)
1144 {
1145 struct hostapd_vlan *vlan;
1146 int vlan_id = MAX_VLAN_ID + 2;
1147
1148 retry:
1149 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
1150 if (vlan->vlan_id == vlan_id) {
1151 vlan_id++;
1152 goto retry;
1153 }
1154 }
1155 return vlan_id;
1156 }
1157
1158
ap_sta_set_vlan(struct hostapd_data * hapd,struct sta_info * sta,struct vlan_description * vlan_desc)1159 int ap_sta_set_vlan(struct hostapd_data *hapd, struct sta_info *sta,
1160 struct vlan_description *vlan_desc)
1161 {
1162 struct hostapd_vlan *vlan = NULL, *wildcard_vlan = NULL;
1163 int old_vlan_id, vlan_id = 0, ret = 0;
1164
1165 /* Check if there is something to do */
1166 if (hapd->conf->ssid.per_sta_vif && !sta->vlan_id) {
1167 /* This sta is lacking its own vif */
1168 } else if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED &&
1169 !hapd->conf->ssid.per_sta_vif && sta->vlan_id) {
1170 /* sta->vlan_id needs to be reset */
1171 } else if (!vlan_compare(vlan_desc, sta->vlan_desc)) {
1172 return 0; /* nothing to change */
1173 }
1174
1175 /* Now the real VLAN changed or the STA just needs its own vif */
1176 if (hapd->conf->ssid.per_sta_vif) {
1177 /* Assign a new vif, always */
1178 /* find a free vlan_id sufficiently big */
1179 vlan_id = ap_sta_get_free_vlan_id(hapd);
1180 /* Get wildcard VLAN */
1181 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
1182 if (vlan->vlan_id == VLAN_ID_WILDCARD)
1183 break;
1184 }
1185 if (!vlan) {
1186 hostapd_logger(hapd, sta->addr,
1187 HOSTAPD_MODULE_IEEE80211,
1188 HOSTAPD_LEVEL_DEBUG,
1189 "per_sta_vif missing wildcard");
1190 vlan_id = 0;
1191 ret = -1;
1192 goto done;
1193 }
1194 } else if (vlan_desc && vlan_desc->notempty) {
1195 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
1196 if (!vlan_compare(&vlan->vlan_desc, vlan_desc))
1197 break;
1198 if (vlan->vlan_id == VLAN_ID_WILDCARD)
1199 wildcard_vlan = vlan;
1200 }
1201 if (vlan) {
1202 vlan_id = vlan->vlan_id;
1203 } else if (wildcard_vlan) {
1204 vlan = wildcard_vlan;
1205 vlan_id = vlan_desc->untagged;
1206 if (vlan_desc->tagged[0]) {
1207 /* Tagged VLAN configuration */
1208 vlan_id = ap_sta_get_free_vlan_id(hapd);
1209 }
1210 } else {
1211 hostapd_logger(hapd, sta->addr,
1212 HOSTAPD_MODULE_IEEE80211,
1213 HOSTAPD_LEVEL_DEBUG,
1214 "missing vlan and wildcard for vlan=%d%s",
1215 vlan_desc->untagged,
1216 vlan_desc->tagged[0] ? "+" : "");
1217 vlan_id = 0;
1218 ret = -1;
1219 goto done;
1220 }
1221 }
1222
1223 if (vlan && vlan->vlan_id == VLAN_ID_WILDCARD) {
1224 vlan = vlan_add_dynamic(hapd, vlan, vlan_id, vlan_desc);
1225 if (vlan == NULL) {
1226 hostapd_logger(hapd, sta->addr,
1227 HOSTAPD_MODULE_IEEE80211,
1228 HOSTAPD_LEVEL_DEBUG,
1229 "could not add dynamic VLAN interface for vlan=%d%s",
1230 vlan_desc ? vlan_desc->untagged : -1,
1231 (vlan_desc && vlan_desc->tagged[0]) ?
1232 "+" : "");
1233 vlan_id = 0;
1234 ret = -1;
1235 goto done;
1236 }
1237
1238 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1239 HOSTAPD_LEVEL_DEBUG,
1240 "added new dynamic VLAN interface '%s'",
1241 vlan->ifname);
1242 } else if (vlan && vlan->dynamic_vlan > 0) {
1243 vlan->dynamic_vlan++;
1244 hostapd_logger(hapd, sta->addr,
1245 HOSTAPD_MODULE_IEEE80211,
1246 HOSTAPD_LEVEL_DEBUG,
1247 "updated existing dynamic VLAN interface '%s'",
1248 vlan->ifname);
1249 }
1250 done:
1251 old_vlan_id = sta->vlan_id;
1252 sta->vlan_id = vlan_id;
1253 sta->vlan_desc = vlan ? &vlan->vlan_desc : NULL;
1254
1255 if (vlan_id != old_vlan_id && old_vlan_id)
1256 vlan_remove_dynamic(hapd, old_vlan_id);
1257
1258 return ret;
1259 }
1260
1261
ap_sta_bind_vlan(struct hostapd_data * hapd,struct sta_info * sta)1262 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta)
1263 {
1264 #ifndef CONFIG_NO_VLAN
1265 const char *iface;
1266 struct hostapd_vlan *vlan = NULL;
1267 int ret;
1268 int old_vlanid = sta->vlan_id_bound;
1269 int mld_link_id = -1;
1270
1271 #ifdef CONFIG_IEEE80211BE
1272 if (hapd->conf->mld_ap)
1273 mld_link_id = hapd->mld_link_id;
1274 #endif /* CONFIG_IEEE80211BE */
1275
1276 if ((sta->flags & WLAN_STA_WDS) && sta->vlan_id == 0) {
1277 wpa_printf(MSG_DEBUG,
1278 "Do not override WDS VLAN assignment for STA "
1279 MACSTR, MAC2STR(sta->addr));
1280 return 0;
1281 }
1282
1283 iface = hapd->conf->iface;
1284 if (hapd->conf->ssid.vlan[0])
1285 iface = hapd->conf->ssid.vlan;
1286
1287 if (sta->vlan_id > 0) {
1288 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
1289 if (vlan->vlan_id == sta->vlan_id)
1290 break;
1291 }
1292 if (vlan)
1293 iface = vlan->ifname;
1294 }
1295
1296 /*
1297 * Do not increment ref counters if the VLAN ID remains same, but do
1298 * not skip hostapd_drv_set_sta_vlan() as hostapd_drv_sta_remove() might
1299 * have been called before.
1300 */
1301 if (sta->vlan_id == old_vlanid)
1302 goto skip_counting;
1303
1304 if (sta->vlan_id > 0 && !vlan &&
1305 !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
1306 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1307 HOSTAPD_LEVEL_DEBUG, "could not find VLAN for "
1308 "binding station to (vlan_id=%d)",
1309 sta->vlan_id);
1310 ret = -1;
1311 goto done;
1312 } else if (vlan && vlan->dynamic_vlan > 0) {
1313 vlan->dynamic_vlan++;
1314 hostapd_logger(hapd, sta->addr,
1315 HOSTAPD_MODULE_IEEE80211,
1316 HOSTAPD_LEVEL_DEBUG,
1317 "updated existing dynamic VLAN interface '%s'",
1318 iface);
1319 }
1320
1321 /* ref counters have been increased, so mark the station */
1322 sta->vlan_id_bound = sta->vlan_id;
1323
1324 skip_counting:
1325 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1326 HOSTAPD_LEVEL_DEBUG, "binding station to interface "
1327 "'%s'", iface);
1328
1329 if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0)
1330 wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA");
1331
1332 ret = hostapd_drv_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id,
1333 mld_link_id);
1334 if (ret < 0) {
1335 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1336 HOSTAPD_LEVEL_DEBUG, "could not bind the STA "
1337 "entry to vlan_id=%d", sta->vlan_id);
1338 }
1339
1340 /* During 1x reauth, if the vlan id changes, then remove the old id. */
1341 if (old_vlanid > 0 && old_vlanid != sta->vlan_id)
1342 vlan_remove_dynamic(hapd, old_vlanid);
1343 done:
1344
1345 return ret;
1346 #else /* CONFIG_NO_VLAN */
1347 return 0;
1348 #endif /* CONFIG_NO_VLAN */
1349 }
1350
1351
ap_check_sa_query_timeout(struct hostapd_data * hapd,struct sta_info * sta)1352 int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta)
1353 {
1354 u32 tu;
1355 struct os_reltime now, passed;
1356 os_get_reltime(&now);
1357 os_reltime_sub(&now, &sta->sa_query_start, &passed);
1358 tu = (passed.sec * 1000000 + passed.usec) / 1024;
1359 if (hapd->conf->assoc_sa_query_max_timeout < tu) {
1360 hostapd_logger(hapd, sta->addr,
1361 HOSTAPD_MODULE_IEEE80211,
1362 HOSTAPD_LEVEL_DEBUG,
1363 "association SA Query timed out");
1364 sta->sa_query_timed_out = 1;
1365 os_free(sta->sa_query_trans_id);
1366 sta->sa_query_trans_id = NULL;
1367 sta->sa_query_count = 0;
1368 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
1369 return 1;
1370 }
1371
1372 return 0;
1373 }
1374
1375
ap_sa_query_timer(void * eloop_ctx,void * timeout_ctx)1376 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
1377 {
1378 struct hostapd_data *hapd = eloop_ctx;
1379 struct sta_info *sta = timeout_ctx;
1380 unsigned int timeout, sec, usec;
1381 u8 *trans_id, *nbuf;
1382
1383 wpa_printf(MSG_DEBUG, "%s: SA Query timer for STA " MACSTR
1384 " (count=%d)",
1385 hapd->conf->iface, MAC2STR(sta->addr), sta->sa_query_count);
1386
1387 if (sta->sa_query_count > 0 &&
1388 ap_check_sa_query_timeout(hapd, sta))
1389 return;
1390 if (sta->sa_query_count >= 1000)
1391 return;
1392
1393 nbuf = os_realloc_array(sta->sa_query_trans_id,
1394 sta->sa_query_count + 1,
1395 WLAN_SA_QUERY_TR_ID_LEN);
1396 if (nbuf == NULL)
1397 return;
1398 if (sta->sa_query_count == 0) {
1399 /* Starting a new SA Query procedure */
1400 os_get_reltime(&sta->sa_query_start);
1401 }
1402 trans_id = nbuf + sta->sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
1403 sta->sa_query_trans_id = nbuf;
1404 sta->sa_query_count++;
1405
1406 if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) {
1407 /*
1408 * We don't really care which ID is used here, so simply
1409 * hardcode this if the mostly theoretical os_get_random()
1410 * failure happens.
1411 */
1412 trans_id[0] = 0x12;
1413 trans_id[1] = 0x34;
1414 }
1415
1416 timeout = hapd->conf->assoc_sa_query_retry_timeout;
1417 sec = ((timeout / 1000) * 1024) / 1000;
1418 usec = (timeout % 1000) * 1024;
1419 eloop_register_timeout(sec, usec, ap_sa_query_timer, hapd, sta);
1420
1421 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1422 HOSTAPD_LEVEL_DEBUG,
1423 "association SA Query attempt %d", sta->sa_query_count);
1424
1425 ieee802_11_send_sa_query_req(hapd, sta->addr, trans_id);
1426 }
1427
1428
ap_sta_start_sa_query(struct hostapd_data * hapd,struct sta_info * sta)1429 void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
1430 {
1431 ap_sa_query_timer(hapd, sta);
1432 }
1433
1434
ap_sta_stop_sa_query(struct hostapd_data * hapd,struct sta_info * sta)1435 void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
1436 {
1437 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
1438 os_free(sta->sa_query_trans_id);
1439 sta->sa_query_trans_id = NULL;
1440 sta->sa_query_count = 0;
1441 }
1442
1443
ap_sta_wpa_get_keyid(struct hostapd_data * hapd,struct sta_info * sta)1444 const char * ap_sta_wpa_get_keyid(struct hostapd_data *hapd,
1445 struct sta_info *sta)
1446 {
1447 struct hostapd_wpa_psk *psk;
1448 struct hostapd_ssid *ssid;
1449 const u8 *pmk;
1450 int pmk_len;
1451
1452 ssid = &hapd->conf->ssid;
1453
1454 pmk = wpa_auth_get_pmk(sta->wpa_sm, &pmk_len);
1455 if (!pmk || pmk_len != PMK_LEN)
1456 return NULL;
1457
1458 for (psk = ssid->wpa_psk; psk; psk = psk->next)
1459 if (os_memcmp(pmk, psk->psk, PMK_LEN) == 0)
1460 break;
1461 if (!psk || !psk->keyid[0])
1462 return NULL;
1463
1464 return psk->keyid;
1465 }
1466
1467
ap_sta_wpa_get_dpp_pkhash(struct hostapd_data * hapd,struct sta_info * sta)1468 const u8 * ap_sta_wpa_get_dpp_pkhash(struct hostapd_data *hapd,
1469 struct sta_info *sta)
1470 {
1471 return wpa_auth_get_dpp_pkhash(sta->wpa_sm);
1472 }
1473
1474
ap_sta_set_authorized_flag(struct hostapd_data * hapd,struct sta_info * sta,int authorized)1475 bool ap_sta_set_authorized_flag(struct hostapd_data *hapd, struct sta_info *sta,
1476 int authorized)
1477 {
1478 if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED))
1479 return false;
1480
1481 if (authorized) {
1482 int mld_assoc_link_id = -1;
1483
1484 #ifdef CONFIG_IEEE80211BE
1485 if (ap_sta_is_mld(hapd, sta)) {
1486 if (sta->mld_assoc_link_id == hapd->mld_link_id)
1487 mld_assoc_link_id = sta->mld_assoc_link_id;
1488 else
1489 mld_assoc_link_id = -2;
1490 }
1491 #endif /* CONFIG_IEEE80211BE */
1492 if (mld_assoc_link_id != -2)
1493 hostapd_prune_associations(hapd, sta->addr,
1494 mld_assoc_link_id);
1495 sta->flags |= WLAN_STA_AUTHORIZED;
1496 } else {
1497 sta->flags &= ~WLAN_STA_AUTHORIZED;
1498 }
1499
1500 return true;
1501 }
1502
1503
ap_sta_set_authorized_event(struct hostapd_data * hapd,struct sta_info * sta,int authorized)1504 void ap_sta_set_authorized_event(struct hostapd_data *hapd,
1505 struct sta_info *sta, int authorized)
1506 {
1507 const u8 *dev_addr = NULL;
1508 char buf[100];
1509 #ifdef CONFIG_P2P
1510 u8 addr[ETH_ALEN];
1511 u8 ip_addr_buf[4];
1512 #endif /* CONFIG_P2P */
1513 const u8 *ip_ptr = NULL;
1514 #ifdef __ZEPHYR__
1515 enum net_event_wifi_cmd event = authorized ?
1516 NET_EVENT_WIFI_CMD_AP_STA_CONNECTED :
1517 NET_EVENT_WIFI_CMD_AP_STA_DISCONNECTED;
1518 #endif /* __ZEPHYR__ */
1519
1520 #ifdef CONFIG_P2P
1521 if (hapd->p2p_group == NULL) {
1522 if (sta->p2p_ie != NULL &&
1523 p2p_parse_dev_addr_in_p2p_ie(sta->p2p_ie, addr) == 0)
1524 dev_addr = addr;
1525 } else
1526 dev_addr = p2p_group_get_dev_addr(hapd->p2p_group, sta->addr);
1527
1528 if (dev_addr)
1529 os_snprintf(buf, sizeof(buf), MACSTR " p2p_dev_addr=" MACSTR,
1530 MAC2STR(sta->addr), MAC2STR(dev_addr));
1531 else
1532 #endif /* CONFIG_P2P */
1533 os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
1534
1535 if (authorized) {
1536 const u8 *dpp_pkhash;
1537 const char *keyid;
1538 char dpp_pkhash_buf[100];
1539 char keyid_buf[100];
1540 char ip_addr[100];
1541
1542 dpp_pkhash_buf[0] = '\0';
1543 keyid_buf[0] = '\0';
1544 ip_addr[0] = '\0';
1545 #ifdef CONFIG_P2P
1546 if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
1547 os_snprintf(ip_addr, sizeof(ip_addr),
1548 " ip_addr=%u.%u.%u.%u",
1549 ip_addr_buf[0], ip_addr_buf[1],
1550 ip_addr_buf[2], ip_addr_buf[3]);
1551 ip_ptr = ip_addr_buf;
1552 }
1553 #endif /* CONFIG_P2P */
1554
1555 keyid = ap_sta_wpa_get_keyid(hapd, sta);
1556 if (keyid) {
1557 os_snprintf(keyid_buf, sizeof(keyid_buf),
1558 " keyid=%s", keyid);
1559 }
1560
1561 dpp_pkhash = ap_sta_wpa_get_dpp_pkhash(hapd, sta);
1562 if (dpp_pkhash) {
1563 const char *prefix = " dpp_pkhash=";
1564 size_t plen = os_strlen(prefix);
1565
1566 os_strlcpy(dpp_pkhash_buf, prefix,
1567 sizeof(dpp_pkhash_buf));
1568 wpa_snprintf_hex(&dpp_pkhash_buf[plen],
1569 sizeof(dpp_pkhash_buf) - plen,
1570 dpp_pkhash, SHA256_MAC_LEN);
1571 }
1572
1573 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s",
1574 buf, ip_addr, keyid_buf, dpp_pkhash_buf);
1575
1576 if (hapd->msg_ctx_parent &&
1577 hapd->msg_ctx_parent != hapd->msg_ctx)
1578 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
1579 AP_STA_CONNECTED "%s%s%s%s",
1580 buf, ip_addr, keyid_buf,
1581 dpp_pkhash_buf);
1582 } else {
1583 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
1584
1585 if (hapd->msg_ctx_parent &&
1586 hapd->msg_ctx_parent != hapd->msg_ctx)
1587 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
1588 AP_STA_DISCONNECTED "%s", buf);
1589 }
1590
1591 #ifdef __ZEPHYR__
1592 #ifdef CONFIG_WIFI_NM_HOSTAPD_AP
1593 supplicant_send_wifi_mgmt_ap_sta_event(hapd->iface,
1594 event,
1595 sta);
1596 #else
1597 supplicant_send_wifi_mgmt_ap_sta_event(hapd->iface->owner,
1598 event,
1599 sta);
1600 #endif
1601 #endif /* __ZEPHYR__ */
1602 if (hapd->sta_authorized_cb)
1603 hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx,
1604 sta->addr, authorized, dev_addr,
1605 ip_ptr);
1606
1607 #ifdef CONFIG_FST
1608 if (hapd->iface->fst) {
1609 if (authorized)
1610 fst_notify_peer_connected(hapd->iface->fst, sta->addr);
1611 else
1612 fst_notify_peer_disconnected(hapd->iface->fst,
1613 sta->addr);
1614 }
1615 #endif /* CONFIG_FST */
1616 }
1617
1618
ap_sta_set_authorized(struct hostapd_data * hapd,struct sta_info * sta,int authorized)1619 void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
1620 int authorized)
1621 {
1622 if (!ap_sta_set_authorized_flag(hapd, sta, authorized))
1623 return;
1624 ap_sta_set_authorized_event(hapd, sta, authorized);
1625 }
1626
1627
ap_sta_disconnect(struct hostapd_data * hapd,struct sta_info * sta,const u8 * addr,u16 reason)1628 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
1629 const u8 *addr, u16 reason)
1630 {
1631 if (sta)
1632 wpa_printf(MSG_DEBUG, "%s: %s STA " MACSTR " reason=%u",
1633 hapd->conf->iface, __func__, MAC2STR(sta->addr),
1634 reason);
1635 else if (addr)
1636 wpa_printf(MSG_DEBUG, "%s: %s addr " MACSTR " reason=%u",
1637 hapd->conf->iface, __func__, MAC2STR(addr),
1638 reason);
1639
1640 if (sta == NULL && addr)
1641 sta = ap_get_sta(hapd, addr);
1642
1643 if (addr)
1644 hostapd_drv_sta_deauth(hapd, addr, reason);
1645
1646 if (sta == NULL)
1647 return;
1648 ap_sta_set_authorized(hapd, sta, 0);
1649 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
1650 hostapd_set_sta_flags(hapd, sta);
1651 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
1652 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
1653 wpa_printf(MSG_DEBUG, "%s: %s: reschedule ap_handle_timer timeout "
1654 "for " MACSTR " (%d seconds - "
1655 "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
1656 hapd->conf->iface, __func__, MAC2STR(sta->addr),
1657 AP_MAX_INACTIVITY_AFTER_DEAUTH);
1658 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
1659 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
1660 ap_handle_timer, hapd, sta);
1661 sta->timeout_next = STA_REMOVE;
1662
1663 if (hapd->iface->current_mode &&
1664 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
1665 /* Deauthentication is not used in DMG/IEEE 802.11ad;
1666 * disassociate the STA instead. */
1667 sta->disassoc_reason = reason;
1668 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
1669 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
1670 eloop_register_timeout(hapd->iface->drv_flags &
1671 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ?
1672 2 : 0, 0, ap_sta_disassoc_cb_timeout,
1673 hapd, sta);
1674 return;
1675 }
1676
1677 sta->deauth_reason = reason;
1678 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
1679 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1680 eloop_register_timeout(hapd->iface->drv_flags &
1681 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
1682 ap_sta_deauth_cb_timeout, hapd, sta);
1683 }
1684
1685
ap_sta_deauth_cb(struct hostapd_data * hapd,struct sta_info * sta)1686 void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta)
1687 {
1688 if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) {
1689 wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame");
1690 return;
1691 }
1692 sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB;
1693 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1694 ap_sta_deauth_cb_timeout(hapd, sta);
1695 }
1696
1697
ap_sta_disassoc_cb(struct hostapd_data * hapd,struct sta_info * sta)1698 void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta)
1699 {
1700 if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) {
1701 wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame");
1702 return;
1703 }
1704 sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB;
1705 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
1706 ap_sta_disassoc_cb_timeout(hapd, sta);
1707 }
1708
1709
ap_sta_clear_disconnect_timeouts(struct hostapd_data * hapd,struct sta_info * sta)1710 void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd,
1711 struct sta_info *sta)
1712 {
1713 if (eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta) > 0)
1714 wpa_printf(MSG_DEBUG,
1715 "%s: Removed ap_sta_deauth_cb_timeout timeout for "
1716 MACSTR,
1717 hapd->conf->iface, MAC2STR(sta->addr));
1718 if (eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta) > 0)
1719 wpa_printf(MSG_DEBUG,
1720 "%s: Removed ap_sta_disassoc_cb_timeout timeout for "
1721 MACSTR,
1722 hapd->conf->iface, MAC2STR(sta->addr));
1723 if (eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta) > 0)
1724 {
1725 wpa_printf(MSG_DEBUG,
1726 "%s: Removed ap_sta_delayed_1x_auth_fail_cb timeout for "
1727 MACSTR,
1728 hapd->conf->iface, MAC2STR(sta->addr));
1729 if (sta->flags & WLAN_STA_WPS)
1730 hostapd_wps_eap_completed(hapd);
1731 }
1732 }
1733
1734
ap_sta_flags_txt(u32 flags,char * buf,size_t buflen)1735 int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen)
1736 {
1737 int res;
1738
1739 buf[0] = '\0';
1740 res = os_snprintf(buf, buflen,
1741 "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
1742 (flags & WLAN_STA_AUTH ? "[AUTH]" : ""),
1743 (flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""),
1744 (flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : ""),
1745 (flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" :
1746 ""),
1747 (flags & WLAN_STA_SHORT_PREAMBLE ?
1748 "[SHORT_PREAMBLE]" : ""),
1749 (flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""),
1750 (flags & WLAN_STA_WMM ? "[WMM]" : ""),
1751 (flags & WLAN_STA_MFP ? "[MFP]" : ""),
1752 (flags & WLAN_STA_WPS ? "[WPS]" : ""),
1753 (flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""),
1754 (flags & WLAN_STA_WDS ? "[WDS]" : ""),
1755 (flags & WLAN_STA_NONERP ? "[NonERP]" : ""),
1756 (flags & WLAN_STA_WPS2 ? "[WPS2]" : ""),
1757 (flags & WLAN_STA_GAS ? "[GAS]" : ""),
1758 (flags & WLAN_STA_HT ? "[HT]" : ""),
1759 (flags & WLAN_STA_VHT ? "[VHT]" : ""),
1760 (flags & WLAN_STA_HE ? "[HE]" : ""),
1761 (flags & WLAN_STA_EHT ? "[EHT]" : ""),
1762 (flags & WLAN_STA_6GHZ ? "[6GHZ]" : ""),
1763 (flags & WLAN_STA_VENDOR_VHT ? "[VENDOR_VHT]" : ""),
1764 (flags & WLAN_STA_WNM_SLEEP_MODE ?
1765 "[WNM_SLEEP_MODE]" : ""));
1766 if (os_snprintf_error(buflen, res))
1767 res = -1;
1768
1769 return res;
1770 }
1771
1772
ap_sta_delayed_1x_auth_fail_cb(void * eloop_ctx,void * timeout_ctx)1773 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx)
1774 {
1775 struct hostapd_data *hapd = eloop_ctx;
1776 struct sta_info *sta = timeout_ctx;
1777 u16 reason;
1778
1779 wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
1780 "IEEE 802.1X: Scheduled disconnection of " MACSTR
1781 " after EAP-Failure", MAC2STR(sta->addr));
1782
1783 reason = sta->disconnect_reason_code;
1784 if (!reason)
1785 reason = WLAN_REASON_IEEE_802_1X_AUTH_FAILED;
1786 ap_sta_disconnect(hapd, sta, sta->addr, reason);
1787 if (sta->flags & WLAN_STA_WPS)
1788 hostapd_wps_eap_completed(hapd);
1789 }
1790
1791
ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data * hapd,struct sta_info * sta,unsigned timeout)1792 void ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
1793 struct sta_info *sta,
1794 unsigned timeout)
1795 {
1796 wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
1797 "IEEE 802.1X: Force disconnection of " MACSTR
1798 " after EAP-Failure in %u ms", MAC2STR(sta->addr), timeout);
1799
1800 /*
1801 * Add a small sleep to increase likelihood of previously requested
1802 * EAP-Failure TX getting out before this should the driver reorder
1803 * operations.
1804 */
1805 eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta);
1806 eloop_register_timeout(0, timeout * 1000,
1807 ap_sta_delayed_1x_auth_fail_cb, hapd, sta);
1808 }
1809
1810
ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data * hapd,struct sta_info * sta)1811 int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
1812 struct sta_info *sta)
1813 {
1814 return eloop_is_timeout_registered(ap_sta_delayed_1x_auth_fail_cb,
1815 hapd, sta);
1816 }
1817
1818
1819 #ifdef CONFIG_IEEE80211BE
ap_sta_remove_link_sta(struct hostapd_data * hapd,struct sta_info * sta)1820 static void ap_sta_remove_link_sta(struct hostapd_data *hapd,
1821 struct sta_info *sta)
1822 {
1823 struct hostapd_data *tmp_hapd;
1824
1825 for_each_mld_link(tmp_hapd, hapd) {
1826 struct sta_info *tmp_sta;
1827
1828 if (hapd == tmp_hapd)
1829 continue;
1830
1831 for (tmp_sta = tmp_hapd->sta_list; tmp_sta;
1832 tmp_sta = tmp_sta->next) {
1833 if (tmp_sta == sta ||
1834 !ether_addr_equal(tmp_sta->addr, sta->addr))
1835 continue;
1836
1837 ap_free_sta(tmp_hapd, tmp_sta);
1838 break;
1839 }
1840 }
1841 }
1842 #endif /* CONFIG_IEEE80211BE */
1843
1844
ap_sta_re_add(struct hostapd_data * hapd,struct sta_info * sta)1845 int ap_sta_re_add(struct hostapd_data *hapd, struct sta_info *sta)
1846 {
1847 const u8 *mld_link_addr = NULL;
1848 bool mld_link_sta = false;
1849
1850 /*
1851 * If a station that is already associated to the AP, is trying to
1852 * authenticate again, remove the STA entry, in order to make sure the
1853 * STA PS state gets cleared and configuration gets updated. To handle
1854 * this, station's added_unassoc flag is cleared once the station has
1855 * completed association.
1856 */
1857
1858 #ifdef CONFIG_IEEE80211BE
1859 if (ap_sta_is_mld(hapd, sta)) {
1860 u8 mld_link_id = hapd->mld_link_id;
1861
1862 mld_link_sta = sta->mld_assoc_link_id != mld_link_id;
1863 mld_link_addr = sta->mld_info.links[mld_link_id].peer_addr;
1864
1865 /*
1866 * In case the AP is affiliated with an AP MLD, we need to
1867 * remove the station from all relevant links/APs.
1868 */
1869 ap_sta_remove_link_sta(hapd, sta);
1870 }
1871 #endif /* CONFIG_IEEE80211BE */
1872
1873 ap_sta_set_authorized(hapd, sta, 0);
1874 hostapd_drv_sta_remove(hapd, sta->addr);
1875 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH | WLAN_STA_AUTHORIZED);
1876
1877 if (hostapd_sta_add(hapd, sta->addr, 0, 0,
1878 sta->supported_rates,
1879 sta->supported_rates_len,
1880 0, NULL, NULL, NULL, 0, NULL, 0, NULL,
1881 sta->flags, 0, 0, 0, 0,
1882 mld_link_addr, mld_link_sta)) {
1883 hostapd_logger(hapd, sta->addr,
1884 HOSTAPD_MODULE_IEEE80211,
1885 HOSTAPD_LEVEL_NOTICE,
1886 "Could not add STA to kernel driver");
1887 return -1;
1888 }
1889
1890 sta->added_unassoc = 1;
1891 return 0;
1892 }
1893
1894
1895 #ifdef CONFIG_IEEE80211BE
ap_sta_free_sta_profile(struct mld_info * info)1896 void ap_sta_free_sta_profile(struct mld_info *info)
1897 {
1898 int i;
1899
1900 if (!info)
1901 return;
1902
1903 for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
1904 os_free(info->links[i].resp_sta_profile);
1905 info->links[i].resp_sta_profile = NULL;
1906 }
1907 }
1908 #endif /* CONFIG_IEEE80211BE */
1909
