1 /*
2 * hostapd / Station table
3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/ieee802_11_defs.h"
14 #include "common/wpa_ctrl.h"
15 #include "common/sae.h"
16 #include "common/dpp.h"
17 #include "radius/radius.h"
18 #include "radius/radius_client.h"
19 #include "p2p/p2p.h"
20 #include "fst/fst.h"
21 #include "crypto/crypto.h"
22 #include "hostapd.h"
23 #include "accounting.h"
24 #include "ieee802_1x.h"
25 #include "ieee802_11.h"
26 #include "ieee802_11_auth.h"
27 #include "wpa_auth.h"
28 #include "preauth_auth.h"
29 #include "ap_config.h"
30 #include "beacon.h"
31 #include "ap_mlme.h"
32 #include "vlan_init.h"
33 #include "p2p_hostapd.h"
34 #include "ap_drv_ops.h"
35 #include "gas_serv.h"
36 #include "wnm_ap.h"
37 #include "mbo_ap.h"
38 #include "ndisc_snoop.h"
39 #include "sta_info.h"
40 #include "vlan.h"
41 #include "wps_hostapd.h"
42
43 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
44 struct sta_info *sta);
45 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx);
46 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx);
47 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx);
48 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx);
49 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx);
50 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta);
51 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx);
52
ap_for_each_sta(struct hostapd_data * hapd,int (* cb)(struct hostapd_data * hapd,struct sta_info * sta,void * ctx),void * ctx)53 int ap_for_each_sta(struct hostapd_data *hapd,
54 int (*cb)(struct hostapd_data *hapd, struct sta_info *sta,
55 void *ctx),
56 void *ctx)
57 {
58 struct sta_info *sta;
59
60 for (sta = hapd->sta_list; sta; sta = sta->next) {
61 if (cb(hapd, sta, ctx))
62 return 1;
63 }
64
65 return 0;
66 }
67
68
ap_get_sta(struct hostapd_data * hapd,const u8 * sta)69 struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta)
70 {
71 struct sta_info *s;
72
73 s = hapd->sta_hash[STA_HASH(sta)];
74 while (s != NULL && os_memcmp(s->addr, sta, 6) != 0)
75 s = s->hnext;
76 return s;
77 }
78
79
80 #ifdef CONFIG_P2P
ap_get_sta_p2p(struct hostapd_data * hapd,const u8 * addr)81 struct sta_info * ap_get_sta_p2p(struct hostapd_data *hapd, const u8 *addr)
82 {
83 struct sta_info *sta;
84
85 for (sta = hapd->sta_list; sta; sta = sta->next) {
86 const u8 *p2p_dev_addr;
87
88 if (sta->p2p_ie == NULL)
89 continue;
90
91 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
92 if (p2p_dev_addr == NULL)
93 continue;
94
95 if (ether_addr_equal(p2p_dev_addr, addr))
96 return sta;
97 }
98
99 return NULL;
100 }
101 #endif /* CONFIG_P2P */
102
103
ap_sta_list_del(struct hostapd_data * hapd,struct sta_info * sta)104 static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta)
105 {
106 struct sta_info *tmp;
107
108 if (hapd->sta_list == sta) {
109 hapd->sta_list = sta->next;
110 return;
111 }
112
113 tmp = hapd->sta_list;
114 while (tmp != NULL && tmp->next != sta)
115 tmp = tmp->next;
116 if (tmp == NULL) {
117 wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from "
118 "list.", MAC2STR(sta->addr));
119 } else
120 tmp->next = sta->next;
121 }
122
123
ap_sta_hash_add(struct hostapd_data * hapd,struct sta_info * sta)124 void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta)
125 {
126 sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)];
127 hapd->sta_hash[STA_HASH(sta->addr)] = sta;
128 }
129
130
ap_sta_hash_del(struct hostapd_data * hapd,struct sta_info * sta)131 static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta)
132 {
133 struct sta_info *s;
134
135 s = hapd->sta_hash[STA_HASH(sta->addr)];
136 if (s == NULL) return;
137 if (os_memcmp(s->addr, sta->addr, 6) == 0) {
138 hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext;
139 return;
140 }
141
142 while (s->hnext != NULL &&
143 !ether_addr_equal(s->hnext->addr, sta->addr))
144 s = s->hnext;
145 if (s->hnext != NULL)
146 s->hnext = s->hnext->hnext;
147 else
148 wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR
149 " from hash table", MAC2STR(sta->addr));
150 }
151
152
ap_sta_ip6addr_del(struct hostapd_data * hapd,struct sta_info * sta)153 void ap_sta_ip6addr_del(struct hostapd_data *hapd, struct sta_info *sta)
154 {
155 sta_ip6addr_del(hapd, sta);
156 }
157
158
159 #ifdef CONFIG_PASN
160
ap_free_sta_pasn(struct hostapd_data * hapd,struct sta_info * sta)161 void ap_free_sta_pasn(struct hostapd_data *hapd, struct sta_info *sta)
162 {
163 if (sta->pasn) {
164 wpa_printf(MSG_DEBUG, "PASN: Free PASN context: " MACSTR,
165 MAC2STR(sta->addr));
166
167 if (sta->pasn->ecdh)
168 crypto_ecdh_deinit(sta->pasn->ecdh);
169
170 wpabuf_free(sta->pasn->secret);
171 sta->pasn->secret = NULL;
172
173 #ifdef CONFIG_SAE
174 sae_clear_data(&sta->pasn->sae);
175 #endif /* CONFIG_SAE */
176
177 #ifdef CONFIG_FILS
178 /* In practice this pointer should be NULL */
179 wpabuf_free(sta->pasn->fils.erp_resp);
180 sta->pasn->fils.erp_resp = NULL;
181 #endif /* CONFIG_FILS */
182
183 pasn_data_deinit(sta->pasn);
184 sta->pasn = NULL;
185 }
186 }
187
188 #endif /* CONFIG_PASN */
189
190
__ap_free_sta(struct hostapd_data * hapd,struct sta_info * sta)191 static void __ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
192 {
193 #ifdef CONFIG_IEEE80211BE
194 if (hostapd_sta_is_link_sta(hapd, sta) &&
195 !hostapd_drv_link_sta_remove(hapd, sta->addr))
196 return;
197 #endif /* CONFIG_IEEE80211BE */
198
199 hostapd_drv_sta_remove(hapd, sta->addr);
200 }
201
202
203 #ifdef CONFIG_IEEE80211BE
clear_wpa_sm_for_each_partner_link(struct hostapd_data * hapd,struct sta_info * psta)204 static void clear_wpa_sm_for_each_partner_link(struct hostapd_data *hapd,
205 struct sta_info *psta)
206 {
207 struct sta_info *lsta;
208 struct hostapd_data *lhapd;
209
210 if (!ap_sta_is_mld(hapd, psta))
211 return;
212
213 for_each_mld_link(lhapd, hapd) {
214 if (lhapd == hapd)
215 continue;
216
217 lsta = ap_get_sta(lhapd, psta->addr);
218 if (lsta)
219 lsta->wpa_sm = NULL;
220 }
221 }
222 #endif /* CONFIG_IEEE80211BE */
223
224
ap_free_sta(struct hostapd_data * hapd,struct sta_info * sta)225 void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
226 {
227 int set_beacon = 0;
228
229 accounting_sta_stop(hapd, sta);
230
231 /* just in case */
232 ap_sta_set_authorized(hapd, sta, 0);
233 hostapd_set_sta_flags(hapd, sta);
234
235 if ((sta->flags & WLAN_STA_WDS) ||
236 (sta->flags & WLAN_STA_MULTI_AP &&
237 (hapd->conf->multi_ap & BACKHAUL_BSS) &&
238 hapd->conf->wds_sta &&
239 !(sta->flags & WLAN_STA_WPS)))
240 hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0);
241
242 if (sta->ipaddr)
243 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
244 ap_sta_ip6addr_del(hapd, sta);
245
246 if (!hapd->iface->driver_ap_teardown &&
247 !(sta->flags & WLAN_STA_PREAUTH)) {
248 __ap_free_sta(hapd, sta);
249 sta->added_unassoc = 0;
250 }
251
252 ap_sta_hash_del(hapd, sta);
253 ap_sta_list_del(hapd, sta);
254
255 if (sta->aid > 0)
256 hapd->sta_aid[(sta->aid - 1) / 32] &=
257 ~BIT((sta->aid - 1) % 32);
258
259 hapd->num_sta--;
260 if (sta->nonerp_set) {
261 sta->nonerp_set = 0;
262 hapd->iface->num_sta_non_erp--;
263 if (hapd->iface->num_sta_non_erp == 0)
264 set_beacon++;
265 }
266
267 if (sta->no_short_slot_time_set) {
268 sta->no_short_slot_time_set = 0;
269 hapd->iface->num_sta_no_short_slot_time--;
270 if (hapd->iface->current_mode &&
271 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
272 && hapd->iface->num_sta_no_short_slot_time == 0)
273 set_beacon++;
274 }
275
276 if (sta->no_short_preamble_set) {
277 sta->no_short_preamble_set = 0;
278 hapd->iface->num_sta_no_short_preamble--;
279 if (hapd->iface->current_mode &&
280 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
281 && hapd->iface->num_sta_no_short_preamble == 0)
282 set_beacon++;
283 }
284
285 if (sta->no_ht_gf_set) {
286 sta->no_ht_gf_set = 0;
287 hapd->iface->num_sta_ht_no_gf--;
288 }
289
290 if (sta->no_ht_set) {
291 sta->no_ht_set = 0;
292 hapd->iface->num_sta_no_ht--;
293 }
294
295 if (sta->ht_20mhz_set) {
296 sta->ht_20mhz_set = 0;
297 hapd->iface->num_sta_ht_20mhz--;
298 }
299
300 #ifdef CONFIG_TAXONOMY
301 wpabuf_free(sta->probe_ie_taxonomy);
302 sta->probe_ie_taxonomy = NULL;
303 wpabuf_free(sta->assoc_ie_taxonomy);
304 sta->assoc_ie_taxonomy = NULL;
305 #endif /* CONFIG_TAXONOMY */
306
307 ht40_intolerant_remove(hapd->iface, sta);
308
309 #ifdef CONFIG_P2P
310 if (sta->no_p2p_set) {
311 sta->no_p2p_set = 0;
312 hapd->num_sta_no_p2p--;
313 if (hapd->num_sta_no_p2p == 0)
314 hostapd_p2p_non_p2p_sta_disconnected(hapd);
315 }
316 #endif /* CONFIG_P2P */
317
318 #ifdef NEED_AP_MLME
319 if (hostapd_ht_operation_update(hapd->iface) > 0)
320 set_beacon++;
321 #endif /* NEED_AP_MLME */
322
323 #ifdef CONFIG_MESH
324 if (hapd->mesh_sta_free_cb)
325 hapd->mesh_sta_free_cb(hapd, sta);
326 #endif /* CONFIG_MESH */
327
328 if (set_beacon)
329 ieee802_11_update_beacons(hapd->iface);
330
331 wpa_printf(MSG_DEBUG, "%s: cancel ap_handle_timer for " MACSTR,
332 __func__, MAC2STR(sta->addr));
333 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
334 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
335 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
336 ap_sta_clear_disconnect_timeouts(hapd, sta);
337 sae_clear_retransmit_timer(hapd, sta);
338
339 ieee802_1x_free_station(hapd, sta);
340
341 #ifdef CONFIG_IEEE80211BE
342 if (!ap_sta_is_mld(hapd, sta) ||
343 hapd->mld_link_id == sta->mld_assoc_link_id) {
344 wpa_auth_sta_deinit(sta->wpa_sm);
345 /* Remove references from partner links. */
346 clear_wpa_sm_for_each_partner_link(hapd, sta);
347 }
348
349 /* Release group references in case non-association link STA is removed
350 * before association link STA */
351 if (hostapd_sta_is_link_sta(hapd, sta))
352 wpa_release_link_auth_ref(sta->wpa_sm, hapd->mld_link_id);
353 #else /* CONFIG_IEEE80211BE */
354 wpa_auth_sta_deinit(sta->wpa_sm);
355 #endif /* CONFIG_IEEE80211BE */
356
357 rsn_preauth_free_station(hapd, sta);
358 #ifndef CONFIG_NO_RADIUS
359 if (hapd->radius)
360 radius_client_flush_auth(hapd->radius, sta->addr);
361 #endif /* CONFIG_NO_RADIUS */
362
363 #ifndef CONFIG_NO_VLAN
364 /*
365 * sta->wpa_sm->group needs to be released before so that
366 * vlan_remove_dynamic() can check that no stations are left on the
367 * AP_VLAN netdev.
368 */
369 if (sta->vlan_id)
370 vlan_remove_dynamic(hapd, sta->vlan_id);
371 if (sta->vlan_id_bound) {
372 /*
373 * Need to remove the STA entry before potentially removing the
374 * VLAN.
375 */
376 if (hapd->iface->driver_ap_teardown &&
377 !(sta->flags & WLAN_STA_PREAUTH)) {
378 hostapd_drv_sta_remove(hapd, sta->addr);
379 sta->added_unassoc = 0;
380 }
381 vlan_remove_dynamic(hapd, sta->vlan_id_bound);
382 }
383 #endif /* CONFIG_NO_VLAN */
384
385 os_free(sta->challenge);
386
387 os_free(sta->sa_query_trans_id);
388 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
389
390 #ifdef CONFIG_P2P
391 p2p_group_notif_disassoc(hapd->p2p_group, sta->addr);
392 #endif /* CONFIG_P2P */
393
394 #ifdef CONFIG_INTERWORKING
395 if (sta->gas_dialog) {
396 int i;
397
398 for (i = 0; i < GAS_DIALOG_MAX; i++)
399 gas_serv_dialog_clear(&sta->gas_dialog[i]);
400 os_free(sta->gas_dialog);
401 }
402 #endif /* CONFIG_INTERWORKING */
403
404 wpabuf_free(sta->wps_ie);
405 wpabuf_free(sta->p2p_ie);
406 wpabuf_free(sta->hs20_ie);
407 wpabuf_free(sta->roaming_consortium);
408 #ifdef CONFIG_FST
409 wpabuf_free(sta->mb_ies);
410 #endif /* CONFIG_FST */
411
412 os_free(sta->ht_capabilities);
413 os_free(sta->vht_capabilities);
414 os_free(sta->vht_operation);
415 os_free(sta->he_capab);
416 os_free(sta->he_6ghz_capab);
417 os_free(sta->eht_capab);
418 hostapd_free_psk_list(sta->psk);
419 os_free(sta->identity);
420 os_free(sta->radius_cui);
421 os_free(sta->remediation_url);
422 os_free(sta->t_c_url);
423 wpabuf_free(sta->hs20_deauth_req);
424 os_free(sta->hs20_session_info_url);
425
426 #ifdef CONFIG_SAE
427 sae_clear_data(sta->sae);
428 os_free(sta->sae);
429 #endif /* CONFIG_SAE */
430
431 mbo_ap_sta_free(sta);
432 os_free(sta->supp_op_classes);
433
434 #ifdef CONFIG_FILS
435 os_free(sta->fils_pending_assoc_req);
436 wpabuf_free(sta->fils_hlp_resp);
437 wpabuf_free(sta->hlp_dhcp_discover);
438 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
439 #ifdef CONFIG_FILS_SK_PFS
440 crypto_ecdh_deinit(sta->fils_ecdh);
441 wpabuf_clear_free(sta->fils_dh_ss);
442 wpabuf_free(sta->fils_g_sta);
443 #endif /* CONFIG_FILS_SK_PFS */
444 #endif /* CONFIG_FILS */
445
446 #ifdef CONFIG_OWE
447 bin_clear_free(sta->owe_pmk, sta->owe_pmk_len);
448 crypto_ecdh_deinit(sta->owe_ecdh);
449 #endif /* CONFIG_OWE */
450
451 #ifdef CONFIG_DPP2
452 dpp_pfs_free(sta->dpp_pfs);
453 sta->dpp_pfs = NULL;
454 #endif /* CONFIG_DPP2 */
455
456 os_free(sta->ext_capability);
457
458 #ifdef CONFIG_WNM_AP
459 eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta);
460 #endif /* CONFIG_WNM_AP */
461
462 #ifdef CONFIG_PASN
463 ap_free_sta_pasn(hapd, sta);
464 #endif /* CONFIG_PASN */
465
466 os_free(sta->ifname_wds);
467
468 #ifdef CONFIG_IEEE80211BE
469 ap_sta_free_sta_profile(&sta->mld_info);
470 #endif /* CONFIG_IEEE80211BE */
471
472 #ifdef CONFIG_TESTING_OPTIONS
473 os_free(sta->sae_postponed_commit);
474 forced_memzero(sta->last_tk, WPA_TK_MAX_LEN);
475 #endif /* CONFIG_TESTING_OPTIONS */
476
477 os_free(sta);
478 }
479
480
hostapd_free_stas(struct hostapd_data * hapd)481 void hostapd_free_stas(struct hostapd_data *hapd)
482 {
483 struct sta_info *sta, *prev;
484
485 sta = hapd->sta_list;
486
487 while (sta) {
488 prev = sta;
489 if (sta->flags & WLAN_STA_AUTH) {
490 mlme_deauthenticate_indication(
491 hapd, sta, WLAN_REASON_UNSPECIFIED);
492 }
493 sta = sta->next;
494 wpa_printf(MSG_DEBUG, "Removing station " MACSTR,
495 MAC2STR(prev->addr));
496 ap_free_sta(hapd, prev);
497 }
498 }
499
500
501 #ifdef CONFIG_IEEE80211BE
hostapd_free_link_stas(struct hostapd_data * hapd)502 void hostapd_free_link_stas(struct hostapd_data *hapd)
503 {
504 struct sta_info *sta, *prev;
505
506 sta = hapd->sta_list;
507 while (sta) {
508 prev = sta;
509 sta = sta->next;
510
511 if (!hostapd_sta_is_link_sta(hapd, prev))
512 continue;
513
514 wpa_printf(MSG_DEBUG, "Removing link station from MLD " MACSTR,
515 MAC2STR(prev->addr));
516 ap_free_sta(hapd, prev);
517 }
518 }
519 #endif /* CONFIG_IEEE80211BE */
520
521
522 /**
523 * ap_handle_timer - Per STA timer handler
524 * @eloop_ctx: struct hostapd_data *
525 * @timeout_ctx: struct sta_info *
526 *
527 * This function is called to check station activity and to remove inactive
528 * stations.
529 */
ap_handle_timer(void * eloop_ctx,void * timeout_ctx)530 void ap_handle_timer(void *eloop_ctx, void *timeout_ctx)
531 {
532 struct hostapd_data *hapd = eloop_ctx;
533 struct sta_info *sta = timeout_ctx;
534 unsigned long next_time = 0;
535 int reason;
536 int max_inactivity = hapd->conf->ap_max_inactivity;
537
538 wpa_printf(MSG_DEBUG, "%s: %s: " MACSTR " flags=0x%x timeout_next=%d",
539 hapd->conf->iface, __func__, MAC2STR(sta->addr), sta->flags,
540 sta->timeout_next);
541 if (sta->timeout_next == STA_REMOVE) {
542 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
543 HOSTAPD_LEVEL_INFO, "deauthenticated due to "
544 "local deauth request");
545 ap_free_sta(hapd, sta);
546 return;
547 }
548
549 if (sta->max_idle_period)
550 max_inactivity = (sta->max_idle_period * 1024 + 999) / 1000;
551
552 if ((sta->flags & WLAN_STA_ASSOC) &&
553 (sta->timeout_next == STA_NULLFUNC ||
554 sta->timeout_next == STA_DISASSOC)) {
555 int inactive_sec;
556 /*
557 * Add random value to timeout so that we don't end up bouncing
558 * all stations at the same time if we have lots of associated
559 * stations that are idle (but keep re-associating).
560 */
561 int fuzz = os_random() % 20;
562 inactive_sec = hostapd_drv_get_inact_sec(hapd, sta->addr);
563 if (inactive_sec == -1) {
564 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
565 "Check inactivity: Could not "
566 "get station info from kernel driver for "
567 MACSTR, MAC2STR(sta->addr));
568 /*
569 * The driver may not support this functionality.
570 * Anyway, try again after the next inactivity timeout,
571 * but do not disconnect the station now.
572 */
573 next_time = max_inactivity + fuzz;
574 } else if (inactive_sec == -ENOENT) {
575 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
576 "Station " MACSTR " has lost its driver entry",
577 MAC2STR(sta->addr));
578
579 /* Avoid sending client probe on removed client */
580 sta->timeout_next = STA_DISASSOC;
581 goto skip_poll;
582 } else if (inactive_sec < max_inactivity) {
583 /* station activity detected; reset timeout state */
584 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
585 "Station " MACSTR " has been active %is ago",
586 MAC2STR(sta->addr), inactive_sec);
587 sta->timeout_next = STA_NULLFUNC;
588 next_time = max_inactivity + fuzz - inactive_sec;
589 } else {
590 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
591 "Station " MACSTR " has been "
592 "inactive too long: %d sec, max allowed: %d",
593 MAC2STR(sta->addr), inactive_sec,
594 max_inactivity);
595
596 if (hapd->conf->skip_inactivity_poll)
597 sta->timeout_next = STA_DISASSOC;
598 }
599 }
600
601 if ((sta->flags & WLAN_STA_ASSOC) &&
602 sta->timeout_next == STA_DISASSOC &&
603 !(sta->flags & WLAN_STA_PENDING_POLL) &&
604 !hapd->conf->skip_inactivity_poll) {
605 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
606 " has ACKed data poll", MAC2STR(sta->addr));
607 /* data nullfunc frame poll did not produce TX errors; assume
608 * station ACKed it */
609 sta->timeout_next = STA_NULLFUNC;
610 next_time = max_inactivity;
611 }
612
613 skip_poll:
614 if (next_time) {
615 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
616 "for " MACSTR " (%lu seconds)",
617 __func__, MAC2STR(sta->addr), next_time);
618 eloop_register_timeout(next_time, 0, ap_handle_timer, hapd,
619 sta);
620 return;
621 }
622
623 if (sta->timeout_next == STA_NULLFUNC &&
624 (sta->flags & WLAN_STA_ASSOC)) {
625 wpa_printf(MSG_DEBUG, " Polling STA");
626 sta->flags |= WLAN_STA_PENDING_POLL;
627 hostapd_drv_poll_client(hapd, hapd->own_addr, sta->addr,
628 sta->flags & WLAN_STA_WMM);
629 } else if (sta->timeout_next != STA_REMOVE) {
630 int deauth = sta->timeout_next == STA_DEAUTH;
631
632 if (!deauth && !(sta->flags & WLAN_STA_ASSOC)) {
633 /* Cannot disassociate not-associated STA, so move
634 * directly to deauthentication. */
635 sta->timeout_next = STA_DEAUTH;
636 deauth = 1;
637 }
638
639 wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
640 "Timeout, sending %s info to STA " MACSTR,
641 deauth ? "deauthentication" : "disassociation",
642 MAC2STR(sta->addr));
643
644 if (deauth) {
645 hostapd_drv_sta_deauth(
646 hapd, sta->addr,
647 WLAN_REASON_PREV_AUTH_NOT_VALID);
648 } else {
649 reason = (sta->timeout_next == STA_DISASSOC) ?
650 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
651 WLAN_REASON_PREV_AUTH_NOT_VALID;
652
653 hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
654 }
655 }
656
657 switch (sta->timeout_next) {
658 case STA_NULLFUNC:
659 sta->timeout_next = STA_DISASSOC;
660 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
661 "for " MACSTR " (%d seconds - AP_DISASSOC_DELAY)",
662 __func__, MAC2STR(sta->addr), AP_DISASSOC_DELAY);
663 eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer,
664 hapd, sta);
665 break;
666 case STA_DISASSOC:
667 case STA_DISASSOC_FROM_CLI:
668 ap_sta_set_authorized(hapd, sta, 0);
669 sta->flags &= ~WLAN_STA_ASSOC;
670 hostapd_set_sta_flags(hapd, sta);
671 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
672 if (!sta->acct_terminate_cause)
673 sta->acct_terminate_cause =
674 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
675 accounting_sta_stop(hapd, sta);
676 ieee802_1x_free_station(hapd, sta);
677 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
678 HOSTAPD_LEVEL_INFO, "disassociated due to "
679 "inactivity");
680 reason = (sta->timeout_next == STA_DISASSOC) ?
681 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
682 WLAN_REASON_PREV_AUTH_NOT_VALID;
683 sta->timeout_next = STA_DEAUTH;
684 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
685 "for " MACSTR " (%d seconds - AP_DEAUTH_DELAY)",
686 __func__, MAC2STR(sta->addr), AP_DEAUTH_DELAY);
687 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
688 hapd, sta);
689 mlme_disassociate_indication(hapd, sta, reason);
690 break;
691 case STA_DEAUTH:
692 case STA_REMOVE:
693 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
694 HOSTAPD_LEVEL_INFO, "deauthenticated due to "
695 "inactivity (timer DEAUTH/REMOVE)");
696 if (!sta->acct_terminate_cause)
697 sta->acct_terminate_cause =
698 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
699 mlme_deauthenticate_indication(
700 hapd, sta,
701 WLAN_REASON_PREV_AUTH_NOT_VALID);
702 ap_free_sta(hapd, sta);
703 break;
704 }
705 }
706
707
ap_handle_session_timer(void * eloop_ctx,void * timeout_ctx)708 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx)
709 {
710 struct hostapd_data *hapd = eloop_ctx;
711 struct sta_info *sta = timeout_ctx;
712
713 wpa_printf(MSG_DEBUG, "%s: Session timer for STA " MACSTR,
714 hapd->conf->iface, MAC2STR(sta->addr));
715 if (!(sta->flags & (WLAN_STA_AUTH | WLAN_STA_ASSOC |
716 WLAN_STA_AUTHORIZED))) {
717 if (sta->flags & WLAN_STA_GAS) {
718 wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA "
719 "entry " MACSTR, MAC2STR(sta->addr));
720 ap_free_sta(hapd, sta);
721 }
722 return;
723 }
724
725 hostapd_drv_sta_deauth(hapd, sta->addr,
726 WLAN_REASON_PREV_AUTH_NOT_VALID);
727 mlme_deauthenticate_indication(hapd, sta,
728 WLAN_REASON_PREV_AUTH_NOT_VALID);
729 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
730 HOSTAPD_LEVEL_INFO, "deauthenticated due to "
731 "session timeout");
732 sta->acct_terminate_cause =
733 RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT;
734 ap_free_sta(hapd, sta);
735 }
736
737
ap_sta_replenish_timeout(struct hostapd_data * hapd,struct sta_info * sta,u32 session_timeout)738 void ap_sta_replenish_timeout(struct hostapd_data *hapd, struct sta_info *sta,
739 u32 session_timeout)
740 {
741 if (eloop_replenish_timeout(session_timeout, 0,
742 ap_handle_session_timer, hapd, sta) == 1) {
743 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
744 HOSTAPD_LEVEL_DEBUG, "setting session timeout "
745 "to %d seconds", session_timeout);
746 }
747 }
748
749
ap_sta_session_timeout(struct hostapd_data * hapd,struct sta_info * sta,u32 session_timeout)750 void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta,
751 u32 session_timeout)
752 {
753 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
754 HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d "
755 "seconds", session_timeout);
756 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
757 eloop_register_timeout(session_timeout, 0, ap_handle_session_timer,
758 hapd, sta);
759 }
760
761
ap_sta_no_session_timeout(struct hostapd_data * hapd,struct sta_info * sta)762 void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta)
763 {
764 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
765 }
766
767
ap_handle_session_warning_timer(void * eloop_ctx,void * timeout_ctx)768 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx)
769 {
770 #ifdef CONFIG_WNM_AP
771 struct hostapd_data *hapd = eloop_ctx;
772 struct sta_info *sta = timeout_ctx;
773
774 wpa_printf(MSG_DEBUG, "%s: WNM: Session warning time reached for "
775 MACSTR, hapd->conf->iface, MAC2STR(sta->addr));
776 if (sta->hs20_session_info_url == NULL)
777 return;
778
779 wnm_send_ess_disassoc_imminent(hapd, sta, sta->hs20_session_info_url,
780 sta->hs20_disassoc_timer);
781 #endif /* CONFIG_WNM_AP */
782 }
783
784
ap_sta_session_warning_timeout(struct hostapd_data * hapd,struct sta_info * sta,int warning_time)785 void ap_sta_session_warning_timeout(struct hostapd_data *hapd,
786 struct sta_info *sta, int warning_time)
787 {
788 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
789 eloop_register_timeout(warning_time, 0, ap_handle_session_warning_timer,
790 hapd, sta);
791 }
792
793
ap_sta_add(struct hostapd_data * hapd,const u8 * addr)794 struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr)
795 {
796 struct sta_info *sta;
797 int i;
798 int max_inactivity = hapd->conf->ap_max_inactivity;
799
800 sta = ap_get_sta(hapd, addr);
801 if (sta)
802 return sta;
803
804 wpa_printf(MSG_DEBUG, " New STA");
805 if (hapd->num_sta >= hapd->conf->max_num_sta) {
806 /* FIX: might try to remove some old STAs first? */
807 wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)",
808 hapd->num_sta, hapd->conf->max_num_sta);
809 return NULL;
810 }
811
812 sta = os_zalloc(sizeof(struct sta_info));
813 if (sta == NULL) {
814 wpa_printf(MSG_ERROR, "malloc failed");
815 return NULL;
816 }
817 sta->acct_interim_interval = hapd->conf->acct_interim_interval;
818 if (accounting_sta_get_id(hapd, sta) < 0) {
819 os_free(sta);
820 return NULL;
821 }
822
823 for (i = 0; i < WLAN_SUPP_RATES_MAX; i++) {
824 if (!hapd->iface->basic_rates)
825 break;
826 if (hapd->iface->basic_rates[i] < 0)
827 break;
828 sta->supported_rates[i] = hapd->iface->basic_rates[i] / 5;
829 }
830 sta->supported_rates_len = i;
831
832 if (sta->max_idle_period)
833 max_inactivity = (sta->max_idle_period * 1024 + 999) / 1000;
834
835 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)) {
836 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
837 "for " MACSTR " (%d seconds - ap_max_inactivity)",
838 __func__, MAC2STR(addr),
839 max_inactivity);
840 eloop_register_timeout(max_inactivity, 0,
841 ap_handle_timer, hapd, sta);
842 }
843
844 /* initialize STA info data */
845 os_memcpy(sta->addr, addr, ETH_ALEN);
846 sta->next = hapd->sta_list;
847 hapd->sta_list = sta;
848 hapd->num_sta++;
849 ap_sta_hash_add(hapd, sta);
850 ap_sta_remove_in_other_bss(hapd, sta);
851 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
852 dl_list_init(&sta->ip6addr);
853
854 #ifdef CONFIG_TAXONOMY
855 sta_track_claim_taxonomy_info(hapd->iface, addr,
856 &sta->probe_ie_taxonomy);
857 #endif /* CONFIG_TAXONOMY */
858
859 return sta;
860 }
861
862
ap_sta_remove(struct hostapd_data * hapd,struct sta_info * sta)863 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta)
864 {
865 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
866
867 if (sta->ipaddr)
868 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
869 ap_sta_ip6addr_del(hapd, sta);
870
871 wpa_printf(MSG_DEBUG, "%s: Removing STA " MACSTR " from kernel driver",
872 hapd->conf->iface, MAC2STR(sta->addr));
873 if (hostapd_drv_sta_remove(hapd, sta->addr) &&
874 sta->flags & WLAN_STA_ASSOC) {
875 wpa_printf(MSG_DEBUG, "%s: Could not remove station " MACSTR
876 " from kernel driver",
877 hapd->conf->iface, MAC2STR(sta->addr));
878 return -1;
879 }
880 sta->added_unassoc = 0;
881 return 0;
882 }
883
884
ap_sta_remove_in_other_bss(struct hostapd_data * hapd,struct sta_info * sta)885 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
886 struct sta_info *sta)
887 {
888 struct hostapd_iface *iface = hapd->iface;
889 size_t i;
890
891 for (i = 0; i < iface->num_bss; i++) {
892 struct hostapd_data *bss = iface->bss[i];
893 struct sta_info *sta2;
894 /* bss should always be set during operation, but it may be
895 * NULL during reconfiguration. Assume the STA is not
896 * associated to another BSS in that case to avoid NULL pointer
897 * dereferences. */
898 if (bss == hapd || bss == NULL)
899 continue;
900 sta2 = ap_get_sta(bss, sta->addr);
901 if (!sta2)
902 continue;
903
904 wpa_printf(MSG_DEBUG, "%s: disconnect old STA " MACSTR
905 " association from another BSS %s",
906 hapd->conf->iface, MAC2STR(sta2->addr),
907 bss->conf->iface);
908 ap_sta_disconnect(bss, sta2, sta2->addr,
909 WLAN_REASON_PREV_AUTH_NOT_VALID);
910 }
911 }
912
913
ap_sta_disassoc_cb_timeout(void * eloop_ctx,void * timeout_ctx)914 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx)
915 {
916 struct hostapd_data *hapd = eloop_ctx;
917 struct sta_info *sta = timeout_ctx;
918
919 wpa_printf(MSG_DEBUG, "%s: Disassociation callback for STA " MACSTR,
920 hapd->conf->iface, MAC2STR(sta->addr));
921 ap_sta_remove(hapd, sta);
922 mlme_disassociate_indication(hapd, sta, sta->disassoc_reason);
923 }
924
925
ap_sta_disconnect_common(struct hostapd_data * hapd,struct sta_info * sta,unsigned int timeout)926 static void ap_sta_disconnect_common(struct hostapd_data *hapd,
927 struct sta_info *sta, unsigned int timeout)
928 {
929 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
930
931 ap_sta_set_authorized(hapd, sta, 0);
932 hostapd_set_sta_flags(hapd, sta);
933
934 wpa_printf(MSG_DEBUG,
935 "reschedule ap_handle_timer timeout (%u sec) for " MACSTR,
936 MAC2STR(sta->addr), timeout);
937
938 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
939 eloop_register_timeout(timeout, 0, ap_handle_timer, hapd, sta);
940 accounting_sta_stop(hapd, sta);
941 ieee802_1x_free_station(hapd, sta);
942 #ifdef CONFIG_IEEE80211BE
943 if (!hapd->conf->mld_ap ||
944 hapd->mld_link_id == sta->mld_assoc_link_id) {
945 wpa_auth_sta_deinit(sta->wpa_sm);
946 clear_wpa_sm_for_each_partner_link(hapd, sta);
947 }
948 #else /* CONFIG_IEEE80211BE */
949 wpa_auth_sta_deinit(sta->wpa_sm);
950 #endif /* CONFIG_IEEE80211BE */
951
952 sta->wpa_sm = NULL;
953 }
954
955
ap_sta_handle_disassociate(struct hostapd_data * hapd,struct sta_info * sta,u16 reason)956 static void ap_sta_handle_disassociate(struct hostapd_data *hapd,
957 struct sta_info *sta, u16 reason)
958 {
959 wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR,
960 hapd->conf->iface, MAC2STR(sta->addr));
961
962 if (hapd->iface->current_mode &&
963 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
964 /* Skip deauthentication in DMG/IEEE 802.11ad */
965 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
966 WLAN_STA_ASSOC_REQ_OK);
967 sta->timeout_next = STA_REMOVE;
968 } else {
969 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
970 sta->timeout_next = STA_DEAUTH;
971 }
972
973 ap_sta_disconnect_common(hapd, sta, AP_MAX_INACTIVITY_AFTER_DISASSOC);
974
975 sta->disassoc_reason = reason;
976 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
977 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
978 eloop_register_timeout(hapd->iface->drv_flags &
979 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
980 ap_sta_disassoc_cb_timeout, hapd, sta);
981 }
982
983
ap_sta_deauth_cb_timeout(void * eloop_ctx,void * timeout_ctx)984 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx)
985 {
986 struct hostapd_data *hapd = eloop_ctx;
987 struct sta_info *sta = timeout_ctx;
988
989 wpa_printf(MSG_DEBUG, "%s: Deauthentication callback for STA " MACSTR,
990 hapd->conf->iface, MAC2STR(sta->addr));
991 ap_sta_remove(hapd, sta);
992 mlme_deauthenticate_indication(hapd, sta, sta->deauth_reason);
993 }
994
995
ap_sta_handle_deauthenticate(struct hostapd_data * hapd,struct sta_info * sta,u16 reason)996 static void ap_sta_handle_deauthenticate(struct hostapd_data *hapd,
997 struct sta_info *sta, u16 reason)
998 {
999 if (hapd->iface->current_mode &&
1000 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
1001 /* Deauthentication is not used in DMG/IEEE 802.11ad;
1002 * disassociate the STA instead. */
1003 ap_sta_disassociate(hapd, sta, reason);
1004 return;
1005 }
1006
1007 wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR,
1008 hapd->conf->iface, MAC2STR(sta->addr));
1009
1010 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
1011
1012 sta->timeout_next = STA_REMOVE;
1013 ap_sta_disconnect_common(hapd, sta, AP_MAX_INACTIVITY_AFTER_DEAUTH);
1014
1015 sta->deauth_reason = reason;
1016 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
1017 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1018 eloop_register_timeout(hapd->iface->drv_flags &
1019 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
1020 ap_sta_deauth_cb_timeout, hapd, sta);
1021 }
1022
1023
ap_sta_ml_disconnect(struct hostapd_data * hapd,struct sta_info * sta,u16 reason,bool disassoc)1024 static bool ap_sta_ml_disconnect(struct hostapd_data *hapd,
1025 struct sta_info *sta, u16 reason,
1026 bool disassoc)
1027 {
1028 #ifdef CONFIG_IEEE80211BE
1029 struct hostapd_data *assoc_hapd, *tmp_hapd;
1030 struct sta_info *assoc_sta;
1031 unsigned int i, link_id;
1032 struct hapd_interfaces *interfaces;
1033
1034 if (!hostapd_is_mld_ap(hapd))
1035 return false;
1036
1037 /*
1038 * Get the station on which the association was performed, as it holds
1039 * the information about all the other links.
1040 */
1041 assoc_sta = hostapd_ml_get_assoc_sta(hapd, sta, &assoc_hapd);
1042 if (!assoc_sta)
1043 return false;
1044 interfaces = assoc_hapd->iface->interfaces;
1045
1046 for (link_id = 0; link_id < MAX_NUM_MLD_LINKS; link_id++) {
1047 if (!assoc_sta->mld_info.links[link_id].valid)
1048 continue;
1049
1050 for (i = 0; i < interfaces->count; i++) {
1051 struct sta_info *tmp_sta;
1052
1053 tmp_hapd = interfaces->iface[i]->bss[0];
1054
1055 if (!hostapd_is_ml_partner(tmp_hapd, assoc_hapd))
1056 continue;
1057
1058 for (tmp_sta = tmp_hapd->sta_list; tmp_sta;
1059 tmp_sta = tmp_sta->next) {
1060 /*
1061 * Handle the station on which the association
1062 * was done only after all other link station
1063 * are removed. Since there is a only a single
1064 * station per hapd with the same association
1065 * link simply break;
1066 */
1067 if (tmp_sta == assoc_sta)
1068 break;
1069
1070 if (tmp_sta->mld_assoc_link_id !=
1071 assoc_sta->mld_assoc_link_id ||
1072 tmp_sta->aid != assoc_sta->aid)
1073 continue;
1074
1075 if (disassoc)
1076 ap_sta_handle_disassociate(tmp_hapd,
1077 tmp_sta,
1078 reason);
1079 else
1080 ap_sta_handle_deauthenticate(tmp_hapd,
1081 tmp_sta,
1082 reason);
1083
1084 break;
1085 }
1086 }
1087 }
1088
1089 /* Disconnect the station on which the association was performed. */
1090 if (disassoc)
1091 ap_sta_handle_disassociate(assoc_hapd, assoc_sta, reason);
1092 else
1093 ap_sta_handle_deauthenticate(assoc_hapd, assoc_sta, reason);
1094
1095 return true;
1096 #else /* CONFIG_IEEE80211BE */
1097 return false;
1098 #endif /* CONFIG_IEEE80211BE */
1099 }
1100
1101
ap_sta_disassociate(struct hostapd_data * hapd,struct sta_info * sta,u16 reason)1102 void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta,
1103 u16 reason)
1104 {
1105 if (ap_sta_ml_disconnect(hapd, sta, reason, true))
1106 return;
1107
1108 ap_sta_handle_disassociate(hapd, sta, reason);
1109 }
1110
1111
ap_sta_deauthenticate(struct hostapd_data * hapd,struct sta_info * sta,u16 reason)1112 void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta,
1113 u16 reason)
1114 {
1115 if (ap_sta_ml_disconnect(hapd, sta, reason, false))
1116 return;
1117
1118 ap_sta_handle_deauthenticate(hapd, sta, reason);
1119 }
1120
1121
1122 #ifdef CONFIG_WPS
ap_sta_wps_cancel(struct hostapd_data * hapd,struct sta_info * sta,void * ctx)1123 int ap_sta_wps_cancel(struct hostapd_data *hapd,
1124 struct sta_info *sta, void *ctx)
1125 {
1126 if (sta && (sta->flags & WLAN_STA_WPS)) {
1127 ap_sta_deauthenticate(hapd, sta,
1128 WLAN_REASON_PREV_AUTH_NOT_VALID);
1129 wpa_printf(MSG_DEBUG, "WPS: %s: Deauth sta=" MACSTR,
1130 __func__, MAC2STR(sta->addr));
1131 return 1;
1132 }
1133
1134 return 0;
1135 }
1136 #endif /* CONFIG_WPS */
1137
1138
ap_sta_get_free_vlan_id(struct hostapd_data * hapd)1139 static int ap_sta_get_free_vlan_id(struct hostapd_data *hapd)
1140 {
1141 struct hostapd_vlan *vlan;
1142 int vlan_id = MAX_VLAN_ID + 2;
1143
1144 retry:
1145 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
1146 if (vlan->vlan_id == vlan_id) {
1147 vlan_id++;
1148 goto retry;
1149 }
1150 }
1151 return vlan_id;
1152 }
1153
1154
ap_sta_set_vlan(struct hostapd_data * hapd,struct sta_info * sta,struct vlan_description * vlan_desc)1155 int ap_sta_set_vlan(struct hostapd_data *hapd, struct sta_info *sta,
1156 struct vlan_description *vlan_desc)
1157 {
1158 struct hostapd_vlan *vlan = NULL, *wildcard_vlan = NULL;
1159 int old_vlan_id, vlan_id = 0, ret = 0;
1160
1161 /* Check if there is something to do */
1162 if (hapd->conf->ssid.per_sta_vif && !sta->vlan_id) {
1163 /* This sta is lacking its own vif */
1164 } else if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED &&
1165 !hapd->conf->ssid.per_sta_vif && sta->vlan_id) {
1166 /* sta->vlan_id needs to be reset */
1167 } else if (!vlan_compare(vlan_desc, sta->vlan_desc)) {
1168 return 0; /* nothing to change */
1169 }
1170
1171 /* Now the real VLAN changed or the STA just needs its own vif */
1172 if (hapd->conf->ssid.per_sta_vif) {
1173 /* Assign a new vif, always */
1174 /* find a free vlan_id sufficiently big */
1175 vlan_id = ap_sta_get_free_vlan_id(hapd);
1176 /* Get wildcard VLAN */
1177 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
1178 if (vlan->vlan_id == VLAN_ID_WILDCARD)
1179 break;
1180 }
1181 if (!vlan) {
1182 hostapd_logger(hapd, sta->addr,
1183 HOSTAPD_MODULE_IEEE80211,
1184 HOSTAPD_LEVEL_DEBUG,
1185 "per_sta_vif missing wildcard");
1186 vlan_id = 0;
1187 ret = -1;
1188 goto done;
1189 }
1190 } else if (vlan_desc && vlan_desc->notempty) {
1191 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
1192 if (!vlan_compare(&vlan->vlan_desc, vlan_desc))
1193 break;
1194 if (vlan->vlan_id == VLAN_ID_WILDCARD)
1195 wildcard_vlan = vlan;
1196 }
1197 if (vlan) {
1198 vlan_id = vlan->vlan_id;
1199 } else if (wildcard_vlan) {
1200 vlan = wildcard_vlan;
1201 vlan_id = vlan_desc->untagged;
1202 if (vlan_desc->tagged[0]) {
1203 /* Tagged VLAN configuration */
1204 vlan_id = ap_sta_get_free_vlan_id(hapd);
1205 }
1206 } else {
1207 hostapd_logger(hapd, sta->addr,
1208 HOSTAPD_MODULE_IEEE80211,
1209 HOSTAPD_LEVEL_DEBUG,
1210 "missing vlan and wildcard for vlan=%d%s",
1211 vlan_desc->untagged,
1212 vlan_desc->tagged[0] ? "+" : "");
1213 vlan_id = 0;
1214 ret = -1;
1215 goto done;
1216 }
1217 }
1218
1219 if (vlan && vlan->vlan_id == VLAN_ID_WILDCARD) {
1220 vlan = vlan_add_dynamic(hapd, vlan, vlan_id, vlan_desc);
1221 if (vlan == NULL) {
1222 hostapd_logger(hapd, sta->addr,
1223 HOSTAPD_MODULE_IEEE80211,
1224 HOSTAPD_LEVEL_DEBUG,
1225 "could not add dynamic VLAN interface for vlan=%d%s",
1226 vlan_desc ? vlan_desc->untagged : -1,
1227 (vlan_desc && vlan_desc->tagged[0]) ?
1228 "+" : "");
1229 vlan_id = 0;
1230 ret = -1;
1231 goto done;
1232 }
1233
1234 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1235 HOSTAPD_LEVEL_DEBUG,
1236 "added new dynamic VLAN interface '%s'",
1237 vlan->ifname);
1238 } else if (vlan && vlan->dynamic_vlan > 0) {
1239 vlan->dynamic_vlan++;
1240 hostapd_logger(hapd, sta->addr,
1241 HOSTAPD_MODULE_IEEE80211,
1242 HOSTAPD_LEVEL_DEBUG,
1243 "updated existing dynamic VLAN interface '%s'",
1244 vlan->ifname);
1245 }
1246 done:
1247 old_vlan_id = sta->vlan_id;
1248 sta->vlan_id = vlan_id;
1249 sta->vlan_desc = vlan ? &vlan->vlan_desc : NULL;
1250
1251 if (vlan_id != old_vlan_id && old_vlan_id)
1252 vlan_remove_dynamic(hapd, old_vlan_id);
1253
1254 return ret;
1255 }
1256
1257
ap_sta_bind_vlan(struct hostapd_data * hapd,struct sta_info * sta)1258 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta)
1259 {
1260 #ifndef CONFIG_NO_VLAN
1261 const char *iface;
1262 struct hostapd_vlan *vlan = NULL;
1263 int ret;
1264 int old_vlanid = sta->vlan_id_bound;
1265 int mld_link_id = -1;
1266
1267 #ifdef CONFIG_IEEE80211BE
1268 if (hapd->conf->mld_ap)
1269 mld_link_id = hapd->mld_link_id;
1270 #endif /* CONFIG_IEEE80211BE */
1271
1272 if ((sta->flags & WLAN_STA_WDS) && sta->vlan_id == 0) {
1273 wpa_printf(MSG_DEBUG,
1274 "Do not override WDS VLAN assignment for STA "
1275 MACSTR, MAC2STR(sta->addr));
1276 return 0;
1277 }
1278
1279 iface = hapd->conf->iface;
1280 if (hapd->conf->ssid.vlan[0])
1281 iface = hapd->conf->ssid.vlan;
1282
1283 if (sta->vlan_id > 0) {
1284 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
1285 if (vlan->vlan_id == sta->vlan_id)
1286 break;
1287 }
1288 if (vlan)
1289 iface = vlan->ifname;
1290 }
1291
1292 /*
1293 * Do not increment ref counters if the VLAN ID remains same, but do
1294 * not skip hostapd_drv_set_sta_vlan() as hostapd_drv_sta_remove() might
1295 * have been called before.
1296 */
1297 if (sta->vlan_id == old_vlanid)
1298 goto skip_counting;
1299
1300 if (sta->vlan_id > 0 && !vlan &&
1301 !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
1302 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1303 HOSTAPD_LEVEL_DEBUG, "could not find VLAN for "
1304 "binding station to (vlan_id=%d)",
1305 sta->vlan_id);
1306 ret = -1;
1307 goto done;
1308 } else if (vlan && vlan->dynamic_vlan > 0) {
1309 vlan->dynamic_vlan++;
1310 hostapd_logger(hapd, sta->addr,
1311 HOSTAPD_MODULE_IEEE80211,
1312 HOSTAPD_LEVEL_DEBUG,
1313 "updated existing dynamic VLAN interface '%s'",
1314 iface);
1315 }
1316
1317 /* ref counters have been increased, so mark the station */
1318 sta->vlan_id_bound = sta->vlan_id;
1319
1320 skip_counting:
1321 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1322 HOSTAPD_LEVEL_DEBUG, "binding station to interface "
1323 "'%s'", iface);
1324
1325 if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0)
1326 wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA");
1327
1328 ret = hostapd_drv_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id,
1329 mld_link_id);
1330 if (ret < 0) {
1331 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1332 HOSTAPD_LEVEL_DEBUG, "could not bind the STA "
1333 "entry to vlan_id=%d", sta->vlan_id);
1334 }
1335
1336 /* During 1x reauth, if the vlan id changes, then remove the old id. */
1337 if (old_vlanid > 0 && old_vlanid != sta->vlan_id)
1338 vlan_remove_dynamic(hapd, old_vlanid);
1339 done:
1340
1341 return ret;
1342 #else /* CONFIG_NO_VLAN */
1343 return 0;
1344 #endif /* CONFIG_NO_VLAN */
1345 }
1346
1347
ap_check_sa_query_timeout(struct hostapd_data * hapd,struct sta_info * sta)1348 int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta)
1349 {
1350 u32 tu;
1351 struct os_reltime now, passed;
1352 os_get_reltime(&now);
1353 os_reltime_sub(&now, &sta->sa_query_start, &passed);
1354 tu = (passed.sec * 1000000 + passed.usec) / 1024;
1355 if (hapd->conf->assoc_sa_query_max_timeout < tu) {
1356 hostapd_logger(hapd, sta->addr,
1357 HOSTAPD_MODULE_IEEE80211,
1358 HOSTAPD_LEVEL_DEBUG,
1359 "association SA Query timed out");
1360 sta->sa_query_timed_out = 1;
1361 os_free(sta->sa_query_trans_id);
1362 sta->sa_query_trans_id = NULL;
1363 sta->sa_query_count = 0;
1364 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
1365 return 1;
1366 }
1367
1368 return 0;
1369 }
1370
1371
ap_sa_query_timer(void * eloop_ctx,void * timeout_ctx)1372 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
1373 {
1374 struct hostapd_data *hapd = eloop_ctx;
1375 struct sta_info *sta = timeout_ctx;
1376 unsigned int timeout, sec, usec;
1377 u8 *trans_id, *nbuf;
1378
1379 wpa_printf(MSG_DEBUG, "%s: SA Query timer for STA " MACSTR
1380 " (count=%d)",
1381 hapd->conf->iface, MAC2STR(sta->addr), sta->sa_query_count);
1382
1383 if (sta->sa_query_count > 0 &&
1384 ap_check_sa_query_timeout(hapd, sta))
1385 return;
1386 if (sta->sa_query_count >= 1000)
1387 return;
1388
1389 nbuf = os_realloc_array(sta->sa_query_trans_id,
1390 sta->sa_query_count + 1,
1391 WLAN_SA_QUERY_TR_ID_LEN);
1392 if (nbuf == NULL)
1393 return;
1394 if (sta->sa_query_count == 0) {
1395 /* Starting a new SA Query procedure */
1396 os_get_reltime(&sta->sa_query_start);
1397 }
1398 trans_id = nbuf + sta->sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
1399 sta->sa_query_trans_id = nbuf;
1400 sta->sa_query_count++;
1401
1402 if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) {
1403 /*
1404 * We don't really care which ID is used here, so simply
1405 * hardcode this if the mostly theoretical os_get_random()
1406 * failure happens.
1407 */
1408 trans_id[0] = 0x12;
1409 trans_id[1] = 0x34;
1410 }
1411
1412 timeout = hapd->conf->assoc_sa_query_retry_timeout;
1413 sec = ((timeout / 1000) * 1024) / 1000;
1414 usec = (timeout % 1000) * 1024;
1415 eloop_register_timeout(sec, usec, ap_sa_query_timer, hapd, sta);
1416
1417 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1418 HOSTAPD_LEVEL_DEBUG,
1419 "association SA Query attempt %d", sta->sa_query_count);
1420
1421 ieee802_11_send_sa_query_req(hapd, sta->addr, trans_id);
1422 }
1423
1424
ap_sta_start_sa_query(struct hostapd_data * hapd,struct sta_info * sta)1425 void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
1426 {
1427 ap_sa_query_timer(hapd, sta);
1428 }
1429
1430
ap_sta_stop_sa_query(struct hostapd_data * hapd,struct sta_info * sta)1431 void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
1432 {
1433 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
1434 os_free(sta->sa_query_trans_id);
1435 sta->sa_query_trans_id = NULL;
1436 sta->sa_query_count = 0;
1437 }
1438
1439
ap_sta_wpa_get_keyid(struct hostapd_data * hapd,struct sta_info * sta)1440 const char * ap_sta_wpa_get_keyid(struct hostapd_data *hapd,
1441 struct sta_info *sta)
1442 {
1443 struct hostapd_wpa_psk *psk;
1444 struct hostapd_ssid *ssid;
1445 const u8 *pmk;
1446 int pmk_len;
1447
1448 ssid = &hapd->conf->ssid;
1449
1450 pmk = wpa_auth_get_pmk(sta->wpa_sm, &pmk_len);
1451 if (!pmk || pmk_len != PMK_LEN)
1452 return NULL;
1453
1454 for (psk = ssid->wpa_psk; psk; psk = psk->next)
1455 if (os_memcmp(pmk, psk->psk, PMK_LEN) == 0)
1456 break;
1457 if (!psk || !psk->keyid[0])
1458 return NULL;
1459
1460 return psk->keyid;
1461 }
1462
1463
ap_sta_wpa_get_dpp_pkhash(struct hostapd_data * hapd,struct sta_info * sta)1464 const u8 * ap_sta_wpa_get_dpp_pkhash(struct hostapd_data *hapd,
1465 struct sta_info *sta)
1466 {
1467 return wpa_auth_get_dpp_pkhash(sta->wpa_sm);
1468 }
1469
1470
ap_sta_set_authorized_flag(struct hostapd_data * hapd,struct sta_info * sta,int authorized)1471 bool ap_sta_set_authorized_flag(struct hostapd_data *hapd, struct sta_info *sta,
1472 int authorized)
1473 {
1474 if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED))
1475 return false;
1476
1477 if (authorized) {
1478 int mld_assoc_link_id = -1;
1479
1480 #ifdef CONFIG_IEEE80211BE
1481 if (ap_sta_is_mld(hapd, sta)) {
1482 if (sta->mld_assoc_link_id == hapd->mld_link_id)
1483 mld_assoc_link_id = sta->mld_assoc_link_id;
1484 else
1485 mld_assoc_link_id = -2;
1486 }
1487 #endif /* CONFIG_IEEE80211BE */
1488 if (mld_assoc_link_id != -2)
1489 hostapd_prune_associations(hapd, sta->addr,
1490 mld_assoc_link_id);
1491 sta->flags |= WLAN_STA_AUTHORIZED;
1492 } else {
1493 sta->flags &= ~WLAN_STA_AUTHORIZED;
1494 }
1495
1496 return true;
1497 }
1498
1499
ap_sta_set_authorized_event(struct hostapd_data * hapd,struct sta_info * sta,int authorized)1500 void ap_sta_set_authorized_event(struct hostapd_data *hapd,
1501 struct sta_info *sta, int authorized)
1502 {
1503 const u8 *dev_addr = NULL;
1504 char buf[100];
1505 #ifdef CONFIG_P2P
1506 u8 addr[ETH_ALEN];
1507 u8 ip_addr_buf[4];
1508 #endif /* CONFIG_P2P */
1509 const u8 *ip_ptr = NULL;
1510
1511 #ifdef CONFIG_P2P
1512 if (hapd->p2p_group == NULL) {
1513 if (sta->p2p_ie != NULL &&
1514 p2p_parse_dev_addr_in_p2p_ie(sta->p2p_ie, addr) == 0)
1515 dev_addr = addr;
1516 } else
1517 dev_addr = p2p_group_get_dev_addr(hapd->p2p_group, sta->addr);
1518
1519 if (dev_addr)
1520 os_snprintf(buf, sizeof(buf), MACSTR " p2p_dev_addr=" MACSTR,
1521 MAC2STR(sta->addr), MAC2STR(dev_addr));
1522 else
1523 #endif /* CONFIG_P2P */
1524 os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
1525
1526 if (authorized) {
1527 const u8 *dpp_pkhash;
1528 const char *keyid;
1529 char dpp_pkhash_buf[100];
1530 char keyid_buf[100];
1531 char ip_addr[100];
1532
1533 dpp_pkhash_buf[0] = '\0';
1534 keyid_buf[0] = '\0';
1535 ip_addr[0] = '\0';
1536 #ifdef CONFIG_P2P
1537 if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
1538 os_snprintf(ip_addr, sizeof(ip_addr),
1539 " ip_addr=%u.%u.%u.%u",
1540 ip_addr_buf[0], ip_addr_buf[1],
1541 ip_addr_buf[2], ip_addr_buf[3]);
1542 ip_ptr = ip_addr_buf;
1543 }
1544 #endif /* CONFIG_P2P */
1545
1546 keyid = ap_sta_wpa_get_keyid(hapd, sta);
1547 if (keyid) {
1548 os_snprintf(keyid_buf, sizeof(keyid_buf),
1549 " keyid=%s", keyid);
1550 }
1551
1552 dpp_pkhash = ap_sta_wpa_get_dpp_pkhash(hapd, sta);
1553 if (dpp_pkhash) {
1554 const char *prefix = " dpp_pkhash=";
1555 size_t plen = os_strlen(prefix);
1556
1557 os_strlcpy(dpp_pkhash_buf, prefix,
1558 sizeof(dpp_pkhash_buf));
1559 wpa_snprintf_hex(&dpp_pkhash_buf[plen],
1560 sizeof(dpp_pkhash_buf) - plen,
1561 dpp_pkhash, SHA256_MAC_LEN);
1562 }
1563
1564 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s",
1565 buf, ip_addr, keyid_buf, dpp_pkhash_buf);
1566
1567 if (hapd->msg_ctx_parent &&
1568 hapd->msg_ctx_parent != hapd->msg_ctx)
1569 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
1570 AP_STA_CONNECTED "%s%s%s%s",
1571 buf, ip_addr, keyid_buf,
1572 dpp_pkhash_buf);
1573 } else {
1574 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
1575
1576 if (hapd->msg_ctx_parent &&
1577 hapd->msg_ctx_parent != hapd->msg_ctx)
1578 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
1579 AP_STA_DISCONNECTED "%s", buf);
1580 }
1581
1582 if (hapd->sta_authorized_cb)
1583 hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx,
1584 sta->addr, authorized, dev_addr,
1585 ip_ptr);
1586
1587 #ifdef CONFIG_FST
1588 if (hapd->iface->fst) {
1589 if (authorized)
1590 fst_notify_peer_connected(hapd->iface->fst, sta->addr);
1591 else
1592 fst_notify_peer_disconnected(hapd->iface->fst,
1593 sta->addr);
1594 }
1595 #endif /* CONFIG_FST */
1596 }
1597
1598
ap_sta_set_authorized(struct hostapd_data * hapd,struct sta_info * sta,int authorized)1599 void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
1600 int authorized)
1601 {
1602 if (!ap_sta_set_authorized_flag(hapd, sta, authorized))
1603 return;
1604 ap_sta_set_authorized_event(hapd, sta, authorized);
1605 }
1606
1607
ap_sta_disconnect(struct hostapd_data * hapd,struct sta_info * sta,const u8 * addr,u16 reason)1608 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
1609 const u8 *addr, u16 reason)
1610 {
1611 if (sta)
1612 wpa_printf(MSG_DEBUG, "%s: %s STA " MACSTR " reason=%u",
1613 hapd->conf->iface, __func__, MAC2STR(sta->addr),
1614 reason);
1615 else if (addr)
1616 wpa_printf(MSG_DEBUG, "%s: %s addr " MACSTR " reason=%u",
1617 hapd->conf->iface, __func__, MAC2STR(addr),
1618 reason);
1619
1620 if (sta == NULL && addr)
1621 sta = ap_get_sta(hapd, addr);
1622
1623 if (addr)
1624 hostapd_drv_sta_deauth(hapd, addr, reason);
1625
1626 if (sta == NULL)
1627 return;
1628 ap_sta_set_authorized(hapd, sta, 0);
1629 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
1630 hostapd_set_sta_flags(hapd, sta);
1631 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
1632 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
1633 wpa_printf(MSG_DEBUG, "%s: %s: reschedule ap_handle_timer timeout "
1634 "for " MACSTR " (%d seconds - "
1635 "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
1636 hapd->conf->iface, __func__, MAC2STR(sta->addr),
1637 AP_MAX_INACTIVITY_AFTER_DEAUTH);
1638 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
1639 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
1640 ap_handle_timer, hapd, sta);
1641 sta->timeout_next = STA_REMOVE;
1642
1643 if (hapd->iface->current_mode &&
1644 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
1645 /* Deauthentication is not used in DMG/IEEE 802.11ad;
1646 * disassociate the STA instead. */
1647 sta->disassoc_reason = reason;
1648 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
1649 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
1650 eloop_register_timeout(hapd->iface->drv_flags &
1651 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ?
1652 2 : 0, 0, ap_sta_disassoc_cb_timeout,
1653 hapd, sta);
1654 return;
1655 }
1656
1657 sta->deauth_reason = reason;
1658 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
1659 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1660 eloop_register_timeout(hapd->iface->drv_flags &
1661 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
1662 ap_sta_deauth_cb_timeout, hapd, sta);
1663 }
1664
1665
ap_sta_deauth_cb(struct hostapd_data * hapd,struct sta_info * sta)1666 void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta)
1667 {
1668 if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) {
1669 wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame");
1670 return;
1671 }
1672 sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB;
1673 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1674 ap_sta_deauth_cb_timeout(hapd, sta);
1675 }
1676
1677
ap_sta_disassoc_cb(struct hostapd_data * hapd,struct sta_info * sta)1678 void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta)
1679 {
1680 if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) {
1681 wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame");
1682 return;
1683 }
1684 sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB;
1685 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
1686 ap_sta_disassoc_cb_timeout(hapd, sta);
1687 }
1688
1689
ap_sta_clear_disconnect_timeouts(struct hostapd_data * hapd,struct sta_info * sta)1690 void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd,
1691 struct sta_info *sta)
1692 {
1693 if (eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta) > 0)
1694 wpa_printf(MSG_DEBUG,
1695 "%s: Removed ap_sta_deauth_cb_timeout timeout for "
1696 MACSTR,
1697 hapd->conf->iface, MAC2STR(sta->addr));
1698 if (eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta) > 0)
1699 wpa_printf(MSG_DEBUG,
1700 "%s: Removed ap_sta_disassoc_cb_timeout timeout for "
1701 MACSTR,
1702 hapd->conf->iface, MAC2STR(sta->addr));
1703 if (eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta) > 0)
1704 {
1705 wpa_printf(MSG_DEBUG,
1706 "%s: Removed ap_sta_delayed_1x_auth_fail_cb timeout for "
1707 MACSTR,
1708 hapd->conf->iface, MAC2STR(sta->addr));
1709 if (sta->flags & WLAN_STA_WPS)
1710 hostapd_wps_eap_completed(hapd);
1711 }
1712 }
1713
1714
ap_sta_flags_txt(u32 flags,char * buf,size_t buflen)1715 int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen)
1716 {
1717 int res;
1718
1719 buf[0] = '\0';
1720 res = os_snprintf(buf, buflen,
1721 "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
1722 (flags & WLAN_STA_AUTH ? "[AUTH]" : ""),
1723 (flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""),
1724 (flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : ""),
1725 (flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" :
1726 ""),
1727 (flags & WLAN_STA_SHORT_PREAMBLE ?
1728 "[SHORT_PREAMBLE]" : ""),
1729 (flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""),
1730 (flags & WLAN_STA_WMM ? "[WMM]" : ""),
1731 (flags & WLAN_STA_MFP ? "[MFP]" : ""),
1732 (flags & WLAN_STA_WPS ? "[WPS]" : ""),
1733 (flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""),
1734 (flags & WLAN_STA_WDS ? "[WDS]" : ""),
1735 (flags & WLAN_STA_NONERP ? "[NonERP]" : ""),
1736 (flags & WLAN_STA_WPS2 ? "[WPS2]" : ""),
1737 (flags & WLAN_STA_GAS ? "[GAS]" : ""),
1738 (flags & WLAN_STA_HT ? "[HT]" : ""),
1739 (flags & WLAN_STA_VHT ? "[VHT]" : ""),
1740 (flags & WLAN_STA_HE ? "[HE]" : ""),
1741 (flags & WLAN_STA_EHT ? "[EHT]" : ""),
1742 (flags & WLAN_STA_6GHZ ? "[6GHZ]" : ""),
1743 (flags & WLAN_STA_VENDOR_VHT ? "[VENDOR_VHT]" : ""),
1744 (flags & WLAN_STA_WNM_SLEEP_MODE ?
1745 "[WNM_SLEEP_MODE]" : ""));
1746 if (os_snprintf_error(buflen, res))
1747 res = -1;
1748
1749 return res;
1750 }
1751
1752
ap_sta_delayed_1x_auth_fail_cb(void * eloop_ctx,void * timeout_ctx)1753 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx)
1754 {
1755 struct hostapd_data *hapd = eloop_ctx;
1756 struct sta_info *sta = timeout_ctx;
1757 u16 reason;
1758
1759 wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
1760 "IEEE 802.1X: Scheduled disconnection of " MACSTR
1761 " after EAP-Failure", MAC2STR(sta->addr));
1762
1763 reason = sta->disconnect_reason_code;
1764 if (!reason)
1765 reason = WLAN_REASON_IEEE_802_1X_AUTH_FAILED;
1766 ap_sta_disconnect(hapd, sta, sta->addr, reason);
1767 if (sta->flags & WLAN_STA_WPS)
1768 hostapd_wps_eap_completed(hapd);
1769 }
1770
1771
ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data * hapd,struct sta_info * sta,unsigned timeout)1772 void ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
1773 struct sta_info *sta,
1774 unsigned timeout)
1775 {
1776 wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
1777 "IEEE 802.1X: Force disconnection of " MACSTR
1778 " after EAP-Failure in %u ms", MAC2STR(sta->addr), timeout);
1779
1780 /*
1781 * Add a small sleep to increase likelihood of previously requested
1782 * EAP-Failure TX getting out before this should the driver reorder
1783 * operations.
1784 */
1785 eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta);
1786 eloop_register_timeout(0, timeout * 1000,
1787 ap_sta_delayed_1x_auth_fail_cb, hapd, sta);
1788 }
1789
1790
ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data * hapd,struct sta_info * sta)1791 int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
1792 struct sta_info *sta)
1793 {
1794 return eloop_is_timeout_registered(ap_sta_delayed_1x_auth_fail_cb,
1795 hapd, sta);
1796 }
1797
1798
1799 #ifdef CONFIG_IEEE80211BE
ap_sta_remove_link_sta(struct hostapd_data * hapd,struct sta_info * sta)1800 static void ap_sta_remove_link_sta(struct hostapd_data *hapd,
1801 struct sta_info *sta)
1802 {
1803 struct hostapd_data *tmp_hapd;
1804
1805 for_each_mld_link(tmp_hapd, hapd) {
1806 struct sta_info *tmp_sta;
1807
1808 if (hapd == tmp_hapd)
1809 continue;
1810
1811 for (tmp_sta = tmp_hapd->sta_list; tmp_sta;
1812 tmp_sta = tmp_sta->next) {
1813 if (tmp_sta == sta ||
1814 !ether_addr_equal(tmp_sta->addr, sta->addr))
1815 continue;
1816
1817 ap_free_sta(tmp_hapd, tmp_sta);
1818 break;
1819 }
1820 }
1821 }
1822 #endif /* CONFIG_IEEE80211BE */
1823
1824
ap_sta_re_add(struct hostapd_data * hapd,struct sta_info * sta)1825 int ap_sta_re_add(struct hostapd_data *hapd, struct sta_info *sta)
1826 {
1827 const u8 *mld_link_addr = NULL;
1828 bool mld_link_sta = false;
1829
1830 /*
1831 * If a station that is already associated to the AP, is trying to
1832 * authenticate again, remove the STA entry, in order to make sure the
1833 * STA PS state gets cleared and configuration gets updated. To handle
1834 * this, station's added_unassoc flag is cleared once the station has
1835 * completed association.
1836 */
1837
1838 #ifdef CONFIG_IEEE80211BE
1839 if (ap_sta_is_mld(hapd, sta)) {
1840 u8 mld_link_id = hapd->mld_link_id;
1841
1842 mld_link_sta = sta->mld_assoc_link_id != mld_link_id;
1843 mld_link_addr = sta->mld_info.links[mld_link_id].peer_addr;
1844
1845 /*
1846 * In case the AP is affiliated with an AP MLD, we need to
1847 * remove the station from all relevant links/APs.
1848 */
1849 ap_sta_remove_link_sta(hapd, sta);
1850 }
1851 #endif /* CONFIG_IEEE80211BE */
1852
1853 ap_sta_set_authorized(hapd, sta, 0);
1854 hostapd_drv_sta_remove(hapd, sta->addr);
1855 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH | WLAN_STA_AUTHORIZED);
1856
1857 if (hostapd_sta_add(hapd, sta->addr, 0, 0,
1858 sta->supported_rates,
1859 sta->supported_rates_len,
1860 0, NULL, NULL, NULL, 0, NULL, 0, NULL,
1861 sta->flags, 0, 0, 0, 0,
1862 mld_link_addr, mld_link_sta)) {
1863 hostapd_logger(hapd, sta->addr,
1864 HOSTAPD_MODULE_IEEE80211,
1865 HOSTAPD_LEVEL_NOTICE,
1866 "Could not add STA to kernel driver");
1867 return -1;
1868 }
1869
1870 sta->added_unassoc = 1;
1871 return 0;
1872 }
1873
1874
1875 #ifdef CONFIG_IEEE80211BE
ap_sta_free_sta_profile(struct mld_info * info)1876 void ap_sta_free_sta_profile(struct mld_info *info)
1877 {
1878 int i;
1879
1880 if (!info)
1881 return;
1882
1883 for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
1884 os_free(info->links[i].resp_sta_profile);
1885 info->links[i].resp_sta_profile = NULL;
1886 }
1887 }
1888 #endif /* CONFIG_IEEE80211BE */
1889