36 				struct sta_info *sta, int success);
39 static void ieee802_1x_send(struct hostapd_data *hapd, struct sta_info *sta,
64 	if (wpa_auth_pairwise_set(sta->wpa_sm))
66 	if (sta->flags & WLAN_STA_PREAUTH) {
67 		rsn_preauth_send(hapd, sta, buf, len);
70 			hapd, sta->addr, buf, len,
71 			encrypt, hostapd_sta_flags_to_drv(sta->flags));
79 				   struct sta_info *sta, int authorized)
83 	if (sta->flags & WLAN_STA_PREAUTH)
87 		ap_sta_set_authorized(hapd, sta, 1);
88 		res = hostapd_set_authorized(hapd, sta, 1);
89 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
92 		ap_sta_set_authorized(hapd, sta, 0);
93 		res = hostapd_set_authorized(hapd, sta, 0);
94 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
100 		       "driver (errno=%d).\n", MAC2STR(sta->addr), errno);
104 		os_get_time(&sta->connected_time);
105 		accounting_sta_start(hapd, sta);
111 				  struct sta_info *sta,
119 	struct eapol_state_machine *sm = sta->eapol_sm;
182 	ieee802_1x_send(hapd, sta, IEEE802_1X_TYPE_EAPOL_KEY, (u8 *) key, len);
183 	if (sta->eapol_sm)
184 		sta->eapol_sm->dot1xAuthEapolFramesTx++;
289 void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta)
292 	struct eapol_state_machine *sm = sta->eapol_sm;
302 		   MAC2STR(sta->addr));
305 	vlan_id = sta->vlan_id;
310 		key = ieee802_1x_get_group(hapd, sta->ssid, vlan_id);
312 			ieee802_1x_tx_key_one(hapd, sta, key->idx, 1,
318 		ieee802_1x_tx_key_one(hapd, sta, eapol->default_wep_key_idx, 1,
338 		ieee802_1x_tx_key_one(hapd, sta, 0, 0, ikey,
344 					sta->addr, 0, 1, NULL, 0, ikey,
371 int radius_sta_rate(struct hostapd_data *hapd, struct sta_info *sta)
376 	for (i = 0; i < sta->supported_rates_len; i++)
377 		if ((sta->supported_rates[i] & 0x7f) > rate)
378 			rate = sta->supported_rates[i] & 0x7f;
419 				      struct sta_info *sta,
426 	    !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT, sta->aid)) {
432 		    MAC2STR(sta->addr));
440 	if (sta->flags & WLAN_STA_PREAUTH) {
445 			    radius_sta_rate(hapd, sta) / 2,
446 			    (radius_sta_rate(hapd, sta) & 1) ? ".5" : "",
458 	if (sta->acct_session_id_hi || sta->acct_session_id_lo) {
460 			    sta->acct_session_id_hi, sta->acct_session_id_lo);
474 			   struct sta_info *sta,
531 	if (sta && add_common_radius_sta_attr(hapd, req_attr, sta, msg) < 0)
549 					  struct sta_info *sta,
553 	struct eapol_state_machine *sm = sta->eapol_sm;
571 	radius_msg_make_authenticator(msg, (u8 *) sta, sizeof(*sta));
580 	if (add_common_radius_attr(hapd, hapd->conf->radius_auth_req_attr, sta,
635 	if (radius_client_send(hapd->radius, msg, RADIUS_AUTH, sta->addr) < 0)
647 				struct sta_info *sta, struct eap_hdr *eap,
651 	struct eapol_state_machine *sm = sta->eapol_sm;
679 static void handle_eap(struct hostapd_data *hapd, struct sta_info *sta,
713 		handle_eap_response(hapd, sta, eap, eap_len);
729 ieee802_1x_alloc_eapol_sm(struct hostapd_data *hapd, struct sta_info *sta)
732 	if (sta->flags & WLAN_STA_PREAUTH)
734 	if (sta->wpa_sm) {
736 		if (wpa_auth_sta_get_pmksa(sta->wpa_sm))
739 	return eapol_auth_alloc(hapd->eapol_auth, sta->addr, flags,
740 				sta->wps_ie, sta->p2p_ie, sta,
741 				sta->identity, sta->radius_cui);
757 	struct sta_info *sta;
770 	sta = ap_get_sta(hapd, sa);
771 	if (!sta || (!(sta->flags & (WLAN_STA_ASSOC | WLAN_STA_PREAUTH)) &&
790 		if (sta->eapol_sm)
791 			sta->eapol_sm->dot1xAuthEapLengthErrorFramesRx++;
800 	if (sta->eapol_sm) {
801 		sta->eapol_sm->dot1xAuthLastEapolFrameVersion = hdr->version;
802 		sta->eapol_sm->dot1xAuthEapolFramesRx++;
810 		wpa_receive(hapd->wpa_auth, sta->wpa_sm, (u8 *) hdr,
816 	    !(sta->flags & (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS))) {
822 	key_mgmt = wpa_auth_sta_key_mgmt(sta->wpa_sm);
829 	if (!sta->eapol_sm) {
830 		sta->eapol_sm = ieee802_1x_alloc_eapol_sm(hapd, sta);
831 		if (!sta->eapol_sm)
836 			u32 wflags = sta->flags & (WLAN_STA_WPS |
851 				sta->eapol_sm->flags |= EAPOL_SM_WAIT_START;
856 		sta->eapol_sm->eap_if->portEnabled = TRUE;
868 		handle_eap(hapd, sta, (u8 *) (hdr + 1), datalen);
872 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
875 		sta->eapol_sm->flags &= ~EAPOL_SM_WAIT_START;
876 		pmksa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
878 			hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
882 			wpa_auth_sta_clear_pmksa(sta->wpa_sm, pmksa);
884 		sta->eapol_sm->eapolStart = TRUE;
885 		sta->eapol_sm->dot1xAuthEapolStartFramesRx++;
886 		eap_server_clear_identity(sta->eapol_sm->eap);
887 		wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH_EAPOL);
891 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
894 		sta->acct_terminate_cause =
896 		accounting_sta_stop(hapd, sta);
897 		sta->eapol_sm->eapolLogoff = TRUE;
898 		sta->eapol_sm->dot1xAuthEapolLogoffFramesRx++;
899 		eap_server_clear_identity(sta->eapol_sm->eap);
904 		if (!ap_sta_is_authorized(sta)) {
918 		sta->eapol_sm->dot1xAuthInvalidEapolFramesRx++;
922 	eapol_auth_step(sta->eapol_sm);
929  * @sta: The station
934 void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
943 	    (sta->flags & (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS))) {
960 		ieee802_1x_free_station(sta);
964 	key_mgmt = wpa_auth_sta_key_mgmt(sta->wpa_sm);
971 		ieee802_1x_free_station(sta);
975 	if (sta->eapol_sm == NULL) {
976 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
978 		sta->eapol_sm = ieee802_1x_alloc_eapol_sm(hapd, sta);
979 		if (sta->eapol_sm == NULL) {
980 			hostapd_logger(hapd, sta->addr,
990 	sta->eapol_sm->flags &= ~EAPOL_SM_WAIT_START;
991 	if (!hapd->conf->ieee802_1x && !(sta->flags & WLAN_STA_WPS2)) {
999 		sta->eapol_sm->flags |= EAPOL_SM_WAIT_START;
1003 	sta->eapol_sm->eap_if->portEnabled = TRUE;
1006 	if (sta->auth_alg == WLAN_AUTH_FT) {
1007 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
1012 		sta->eapol_sm->keyRun = TRUE;
1013 		sta->eapol_sm->eap_if->eapKeyAvailable = TRUE;
1014 		sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING;
1015 		sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS;
1016 		sta->eapol_sm->authSuccess = TRUE;
1017 		sta->eapol_sm->authFail = FALSE;
1018 		if (sta->eapol_sm->eap)
1019 			eap_sm_notify_cached(sta->eapol_sm->eap);
1025 	pmksa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
1029 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
1034 		sta->eapol_sm->keyRun = TRUE;
1035 		sta->eapol_sm->eap_if->eapKeyAvailable = TRUE;
1036 		sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING;
1037 		sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS;
1038 		sta->eapol_sm->authSuccess = TRUE;
1039 		sta->eapol_sm->authFail = FALSE;
1040 		if (sta->eapol_sm->eap)
1041 			eap_sm_notify_cached(sta->eapol_sm->eap);
1042 		old_vlanid = sta->vlan_id;
1043 		pmksa_cache_to_eapol_data(pmksa, sta->eapol_sm);
1044 		if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED)
1045 			sta->vlan_id = 0;
1046 		ap_sta_bind_vlan(hapd, sta, old_vlanid);
1054 			sta->eapol_sm->reAuthenticate = TRUE;
1056 		eapol_auth_step(sta->eapol_sm);
1061 void ieee802_1x_free_station(struct sta_info *sta)
1063 	struct eapol_state_machine *sm = sta->eapol_sm;
1068 	sta->eapol_sm = NULL;
1083 					  struct sta_info *sta)
1090 	struct eapol_state_machine *sm = sta->eapol_sm;
1105 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
1113 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
1151 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
1164 				struct sta_info *sta, struct radius_msg *msg,
1170 	struct eapol_state_machine *sm = sta->eapol_sm;
1205 					  struct sta_info *sta,
1210 	struct eapol_state_machine *sm = sta->eapol_sm;
1255 		   MAC2STR(sta->addr));
1259 /* Update sta->identity based on User-Name attribute in Access-Accept */
1261 					   struct sta_info *sta,
1266 	struct eapol_state_machine *sm = sta->eapol_sm;
1282 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
1296 				      struct sta_info *sta,
1299 	struct eapol_state_machine *sm = sta->eapol_sm;
1327 					       struct sta_info *sta,
1331 	struct eapol_state_machine *sm = sta->eapol_sm;
1368 	struct sta_info *sta;
1381 	sta = sm->sta;
1408 		   MAC2STR(sta->addr));
1425 			hostapd_logger(hapd, sta->addr,
1432 			sta->acct_interim_interval = acct_interim_interval;
1438 		if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED)
1439 			sta->vlan_id = 0;
1442 			old_vlanid = sta->vlan_id;
1443 			sta->vlan_id = radius_msg_get_vlanid(msg);
1445 		if (sta->vlan_id > 0 &&
1447 					       sta->vlan_id)) {
1448 			hostapd_logger(hapd, sta->addr,
1451 				       "VLAN ID %d", sta->vlan_id);
1452 		} else if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_REQUIRED) {
1453 			sta->eapol_sm->authFail = TRUE;
1454 			hostapd_logger(hapd, sta->addr,
1463 		if (ap_sta_bind_vlan(hapd, sta, old_vlanid) < 0)
1471 			ap_sta_session_timeout(hapd, sta, session_timeout);
1475 		ieee802_1x_get_keys(hapd, sta, msg, req, shared_secret,
1477 		ieee802_1x_store_radius_class(hapd, sta, msg);
1478 		ieee802_1x_update_sta_identity(hapd, sta, msg);
1479 		ieee802_1x_update_sta_cui(hapd, sta, msg);
1481 		    wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt,
1484 			hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
1514 	ieee802_1x_decapsulate_radius(hapd, sta);
1525 void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta)
1527 	struct eapol_state_machine *sm = sta->eapol_sm;
1531 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
1546 			MAC2STR(sta->addr));
1549 		ap_sta_disconnect(hapd, sta, sta->addr,
1582 					struct sta_info *sta, void *ctx)
1584 	if (sta->eapol_sm) {
1585 		sta->eapol_sm->eap_if->eapKeyAvailable = TRUE;
1586 		eapol_auth_step(sta->eapol_sm);
1643 	struct sta_info *sta = sta_ctx;
1645 	if ((sta->flags & (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS)) ==
1649 		struct eapol_state_machine *sm = sta->eapol_sm;
1661 			sta->flags |= WLAN_STA_WPS;
1675 	struct sta_info *sta = sta_ctx;
1677 	ieee802_1x_encapsulate_radius(hapd, sta, data, datalen);
1686 	struct sta_info *sta = sta_ctx;
1688 		rsn_preauth_finished(hapd, sta, success);
1690 		ieee802_1x_finished(hapd, sta, success);
1732 	struct sta_info *sta;
1733 	sta = ap_get_sta(hapd, addr);
1734 	if (sta == NULL || sta->eapol_sm == NULL)
1770 	struct sta_info *sta = sta_ctx;
1771 	ieee802_1x_set_sta_authorized(hapd, sta, authorized);
1778 	struct sta_info *sta = sta_ctx;
1779 	ieee802_1x_abort_auth(hapd, sta);
1786 	struct sta_info *sta = sta_ctx;
1787 	ieee802_1x_tx_key(hapd, sta);
1795 	struct sta_info *sta = sta_ctx;
1798 		wpa_auth_sm_notify(sta->wpa_sm);
1801 		wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH_EAPOL);
1893 int ieee802_1x_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
1901 	if (sta == NULL)
1915 	return ieee802_1x_eapol_tx_status(hapd, sta, pos, buf + len - pos,
1920 int ieee802_1x_eapol_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
1932 		   MAC2STR(sta->addr), xhdr->version, xhdr->type,
1944 						     sta->wpa_sm, ack);
1954 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
2059 int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
2063 	struct eapol_state_machine *sm = sta->eapol_sm;
2075 			  sta->aid,
2190 			  sta->acct_session_id_hi, sta->acct_session_id_lo,
2192 				   wpa_auth_sta_key_mgmt(sta->wpa_sm))) ?
2194 			  (unsigned int) (t.sec - sta->acct_session_start),
2205 				struct sta_info *sta, int success)
2212 	key = ieee802_1x_get_key(sta->eapol_sm, &len);
2214 	    wpa_auth_pmksa_add(sta->wpa_sm, key, dot11RSNAConfigPMKLifetime,
2215 			       sta->eapol_sm) == 0) {
2216 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
2239 		ap_sta_disconnect(hapd, sta, sta->addr,

Indexes created Thu Jun 27 20:29:42 MDT 2024