Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8319e3120d
Branches Tags
krackattacks
/
src
/
ap
/
ieee802_1x.c

ieee802_1x.c 69 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486 
  1. /*
    2. 

  2.  * hostapd / IEEE 802.1X-2004 Authenticator
    3. 

  3.  * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
    4. 

  4.  *
    5. 

  5.  * This software may be distributed under the terms of the BSD license.
    6. 

  6.  * See README for more details.
    7. 

  7.  */
    8. 

  8. 

  9. #include "utils/includes.h"
    10. 

  10. 

  11. #include "utils/common.h"
    12. 

  12. #include "utils/eloop.h"
    13. 

  13. #include "crypto/md5.h"
    14. 

  14. #include "crypto/crypto.h"
    15. 

  15. #include "crypto/random.h"
    16. 

  16. #include "common/ieee802_11_defs.h"
    17. 

  17. #include "radius/radius.h"
    18. 

  18. #include "radius/radius_client.h"
    19. 

  19. #include "eap_server/eap.h"
    20. 

  20. #include "eap_common/eap_wsc_common.h"
    21. 

  21. #include "eapol_auth/eapol_auth_sm.h"
    22. 

  22. #include "eapol_auth/eapol_auth_sm_i.h"
    23. 

  23. #include "p2p/p2p.h"
    24. 

  24. #include "hostapd.h"
    25. 

  25. #include "accounting.h"
    26. 

  26. #include "sta_info.h"
    27. 

  27. #include "wpa_auth.h"
    28. 

  28. #include "preauth_auth.h"
    29. 

  29. #include "pmksa_cache_auth.h"
    30. 

  30. #include "ap_config.h"
    31. 

  31. #include "ap_drv_ops.h"
    32. 

  32. #include "wps_hostapd.h"
    33. 

  33. #include "hs20.h"
    34. 

  34. #include "ieee802_1x.h"
    35. 

  35. 

  36. 

  37. static void ieee802_1x_finished(struct hostapd_data *hapd,
    38. 

  38. 				struct sta_info *sta, int success,
    39. 

  39. 				int remediation);
    40. 

  40. 

  41. 

  42. static void ieee802_1x_send(struct hostapd_data *hapd, struct sta_info *sta,
    43. 

  43. 			    u8 type, const u8 *data, size_t datalen)
    44. 

  44. {
    45. 

  45. 	u8 *buf;
    46. 

  46. 	struct ieee802_1x_hdr *xhdr;
    47. 

  47. 	size_t len;
    48. 

  48. 	int encrypt = 0;
    49. 

  49. 

  50. 	len = sizeof(*xhdr) + datalen;
    51. 

  51. 	buf = os_zalloc(len);
    52. 

  52. 	if (buf == NULL) {
    53. 

  53. 		wpa_printf(MSG_ERROR, "malloc() failed for "
    54. 

  54. 			   "ieee802_1x_send(len=%lu)",
    55. 

  55. 			   (unsigned long) len);
    56. 

  56. 		return;
    57. 

  57. 	}
    58. 

  58. 

  59. 	xhdr = (struct ieee802_1x_hdr *) buf;
    60. 

  60. 	xhdr->version = hapd->conf->eapol_version;
    61. 

  61. 	xhdr->type = type;
    62. 

  62. 	xhdr->length = host_to_be16(datalen);
    63. 

  63. 

  64. 	if (datalen > 0 && data != NULL)
    65. 

  65. 		os_memcpy(xhdr + 1, data, datalen);
    66. 

  66. 

  67. 	if (wpa_auth_pairwise_set(sta->wpa_sm))
    68. 

  68. 		encrypt = 1;
    69. 

  69. #ifdef CONFIG_TESTING_OPTIONS
    70. 

  70. 	if (hapd->ext_eapol_frame_io) {
    71. 

  71. 		size_t hex_len = 2 * len + 1;
    72. 

  72. 		char *hex = os_malloc(hex_len);
    73. 

  73. 

  74. 		if (hex) {
    75. 

  75. 			wpa_snprintf_hex(hex, hex_len, buf, len);
    76. 

  76. 			wpa_msg(hapd->msg_ctx, MSG_INFO,
    77. 

  77. 				"EAPOL-TX " MACSTR " %s",
    78. 

  78. 				MAC2STR(sta->addr), hex);
    79. 

  79. 			os_free(hex);
    80. 

  80. 		}
    81. 

  81. 	} else
    82. 

  82. #endif /* CONFIG_TESTING_OPTIONS */
    83. 

  83. 	if (sta->flags & WLAN_STA_PREAUTH) {
    84. 

  84. 		rsn_preauth_send(hapd, sta, buf, len);
    85. 

  85. 	} else {
    86. 

  86. 		hostapd_drv_hapd_send_eapol(
    87. 

  87. 			hapd, sta->addr, buf, len,
    88. 

  88. 			encrypt, hostapd_sta_flags_to_drv(sta->flags));
    89. 

  89. 	}
    90. 

  90. 

  91. 	os_free(buf);
    92. 

  92. }
    93. 

  93. 

  94. 

  95. void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd,
    96. 

  96. 				   struct sta_info *sta, int authorized)
    97. 

  97. {
    98. 

  98. 	int res;
    99. 

  99. 

  100. 	if (sta->flags & WLAN_STA_PREAUTH)
    101. 

  101. 		return;
    102. 

  102. 

  103. 	if (authorized) {
    104. 

  104. 		ap_sta_set_authorized(hapd, sta, 1);
    105. 

  105. 		res = hostapd_set_authorized(hapd, sta, 1);
    106. 

  106. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    107. 

  107. 			       HOSTAPD_LEVEL_DEBUG, "authorizing port");
    108. 

  108. 	} else {
    109. 

  109. 		ap_sta_set_authorized(hapd, sta, 0);
    110. 

  110. 		res = hostapd_set_authorized(hapd, sta, 0);
    111. 

  111. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    112. 

  112. 			       HOSTAPD_LEVEL_DEBUG, "unauthorizing port");
    113. 

  113. 	}
    114. 

  114. 

  115. 	if (res && errno != ENOENT) {
    116. 

  116. 		wpa_printf(MSG_DEBUG, "Could not set station " MACSTR
    117. 

  117. 			   " flags for kernel driver (errno=%d).",
    118. 

  118. 			   MAC2STR(sta->addr), errno);
    119. 

  119. 	}
    120. 

  120. 

  121. 	if (authorized) {
    122. 

  122. 		os_get_reltime(&sta->connected_time);
    123. 

  123. 		accounting_sta_start(hapd, sta);
    124. 

  124. 	}
    125. 

  125. }
    126. 

  126. 

  127. 

  128. static void ieee802_1x_tx_key_one(struct hostapd_data *hapd,
    129. 

  129. 				  struct sta_info *sta,
    130. 

  130. 				  int idx, int broadcast,
    131. 

  131. 				  u8 *key_data, size_t key_len)
    132. 

  132. {
    133. 

  133. 	u8 *buf, *ekey;
    134. 

  134. 	struct ieee802_1x_hdr *hdr;
    135. 

  135. 	struct ieee802_1x_eapol_key *key;
    136. 

  136. 	size_t len, ekey_len;
    137. 

  137. 	struct eapol_state_machine *sm = sta->eapol_sm;
    138. 

  138. 

  139. 	if (sm == NULL)
    140. 

  140. 		return;
    141. 

  141. 

  142. 	len = sizeof(*key) + key_len;
    143. 

  143. 	buf = os_zalloc(sizeof(*hdr) + len);
    144. 

  144. 	if (buf == NULL)
    145. 

  145. 		return;
    146. 

  146. 

  147. 	hdr = (struct ieee802_1x_hdr *) buf;
    148. 

  148. 	key = (struct ieee802_1x_eapol_key *) (hdr + 1);
    149. 

  149. 	key->type = EAPOL_KEY_TYPE_RC4;
    150. 

  150. 	WPA_PUT_BE16(key->key_length, key_len);
    151. 

  151. 	wpa_get_ntp_timestamp(key->replay_counter);
    152. 

  152. 

  153. 	if (random_get_bytes(key->key_iv, sizeof(key->key_iv))) {
    154. 

  154. 		wpa_printf(MSG_ERROR, "Could not get random numbers");
    155. 

  155. 		os_free(buf);
    156. 

  156. 		return;
    157. 

  157. 	}
    158. 

  158. 

  159. 	key->key_index = idx | (broadcast ? 0 : BIT(7));
    160. 

  160. 	if (hapd->conf->eapol_key_index_workaround) {
    161. 

  161. 		/* According to some information, WinXP Supplicant seems to
    162. 

  162. 		 * interpret bit7 as an indication whether the key is to be
    163. 

  163. 		 * activated, so make it possible to enable workaround that
    164. 

  164. 		 * sets this bit for all keys. */
    165. 

  165. 		key->key_index |= BIT(7);
    166. 

  166. 	}
    167. 

  167. 

  168. 	/* Key is encrypted using "Key-IV + MSK[0..31]" as the RC4-key and
    169. 

  169. 	 * MSK[32..63] is used to sign the message. */
    170. 

  170. 	if (sm->eap_if->eapKeyData == NULL || sm->eap_if->eapKeyDataLen < 64) {
    171. 

  171. 		wpa_printf(MSG_ERROR, "No eapKeyData available for encrypting "
    172. 

  172. 			   "and signing EAPOL-Key");
    173. 

  173. 		os_free(buf);
    174. 

  174. 		return;
    175. 

  175. 	}
    176. 

  176. 	os_memcpy((u8 *) (key + 1), key_data, key_len);
    177. 

  177. 	ekey_len = sizeof(key->key_iv) + 32;
    178. 

  178. 	ekey = os_malloc(ekey_len);
    179. 

  179. 	if (ekey == NULL) {
    180. 

  180. 		wpa_printf(MSG_ERROR, "Could not encrypt key");
    181. 

  181. 		os_free(buf);
    182. 

  182. 		return;
    183. 

  183. 	}
    184. 

  184. 	os_memcpy(ekey, key->key_iv, sizeof(key->key_iv));
    185. 

  185. 	os_memcpy(ekey + sizeof(key->key_iv), sm->eap_if->eapKeyData, 32);
    186. 

  186. 	rc4_skip(ekey, ekey_len, 0, (u8 *) (key + 1), key_len);
    187. 

  187. 	os_free(ekey);
    188. 

  188. 

  189. 	/* This header is needed here for HMAC-MD5, but it will be regenerated
    190. 

  190. 	 * in ieee802_1x_send() */
    191. 

  191. 	hdr->version = hapd->conf->eapol_version;
    192. 

  192. 	hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
    193. 

  193. 	hdr->length = host_to_be16(len);
    194. 

  194. 	hmac_md5(sm->eap_if->eapKeyData + 32, 32, buf, sizeof(*hdr) + len,
    195. 

  195. 		 key->key_signature);
    196. 

  196. 

  197. 	wpa_printf(MSG_DEBUG, "IEEE 802.1X: Sending EAPOL-Key to " MACSTR
    198. 

  198. 		   " (%s index=%d)", MAC2STR(sm->addr),
    199. 

  199. 		   broadcast ? "broadcast" : "unicast", idx);
    200. 

  200. 	ieee802_1x_send(hapd, sta, IEEE802_1X_TYPE_EAPOL_KEY, (u8 *) key, len);
    201. 

  201. 	if (sta->eapol_sm)
    202. 

  202. 		sta->eapol_sm->dot1xAuthEapolFramesTx++;
    203. 

  203. 	os_free(buf);
    204. 

  204. }
    205. 

  205. 

  206. 

  207. void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta)
    208. 

  208. {
    209. 

  209. 	struct eapol_authenticator *eapol = hapd->eapol_auth;
    210. 

  210. 	struct eapol_state_machine *sm = sta->eapol_sm;
    211. 

  211. 

  212. 	if (sm == NULL || !sm->eap_if->eapKeyData)
    213. 

  213. 		return;
    214. 

  214. 

  215. 	wpa_printf(MSG_DEBUG, "IEEE 802.1X: Sending EAPOL-Key(s) to " MACSTR,
    216. 

  216. 		   MAC2STR(sta->addr));
    217. 

  217. 

  218. #ifndef CONFIG_NO_VLAN
    219. 

  219. 	if (sta->vlan_id > 0 && sta->vlan_id <= MAX_VLAN_ID) {
    220. 

  220. 		wpa_printf(MSG_ERROR, "Using WEP with vlans is not supported.");
    221. 

  221. 		return;
    222. 

  222. 	}
    223. 

  223. #endif /* CONFIG_NO_VLAN */
    224. 

  224. 

  225. 	if (eapol->default_wep_key) {
    226. 

  226. 		ieee802_1x_tx_key_one(hapd, sta, eapol->default_wep_key_idx, 1,
    227. 

  227. 				      eapol->default_wep_key,
    228. 

  228. 				      hapd->conf->default_wep_key_len);
    229. 

  229. 	}
    230. 

  230. 

  231. 	if (hapd->conf->individual_wep_key_len > 0) {
    232. 

  232. 		u8 *ikey;
    233. 

  233. 		ikey = os_malloc(hapd->conf->individual_wep_key_len);
    234. 

  234. 		if (ikey == NULL ||
    235. 

  235. 		    random_get_bytes(ikey, hapd->conf->individual_wep_key_len))
    236. 

  236. 		{
    237. 

  237. 			wpa_printf(MSG_ERROR, "Could not generate random "
    238. 

  238. 				   "individual WEP key.");
    239. 

  239. 			os_free(ikey);
    240. 

  240. 			return;
    241. 

  241. 		}
    242. 

  242. 

  243. 		wpa_hexdump_key(MSG_DEBUG, "Individual WEP key",
    244. 

  244. 				ikey, hapd->conf->individual_wep_key_len);
    245. 

  245. 

  246. 		ieee802_1x_tx_key_one(hapd, sta, 0, 0, ikey,
    247. 

  247. 				      hapd->conf->individual_wep_key_len);
    248. 

  248. 

  249. 		/* TODO: set encryption in TX callback, i.e., only after STA
    250. 

  250. 		 * has ACKed EAPOL-Key frame */
    251. 

  251. 		if (hostapd_drv_set_key(hapd->conf->iface, hapd, WPA_ALG_WEP,
    252. 

  252. 					sta->addr, 0, 1, NULL, 0, ikey,
    253. 

  253. 					hapd->conf->individual_wep_key_len)) {
    254. 

  254. 			wpa_printf(MSG_ERROR, "Could not set individual WEP "
    255. 

  255. 				   "encryption.");
    256. 

  256. 		}
    257. 

  257. 

  258. 		os_free(ikey);
    259. 

  259. 	}
    260. 

  260. }
    261. 

  261. 

  262. 

  263. const char *radius_mode_txt(struct hostapd_data *hapd)
    264. 

  264. {
    265. 

  265. 	switch (hapd->iface->conf->hw_mode) {
    266. 

  266. 	case HOSTAPD_MODE_IEEE80211AD:
    267. 

  267. 		return "802.11ad";
    268. 

  268. 	case HOSTAPD_MODE_IEEE80211A:
    269. 

  269. 		return "802.11a";
    270. 

  270. 	case HOSTAPD_MODE_IEEE80211G:
    271. 

  271. 		return "802.11g";
    272. 

  272. 	case HOSTAPD_MODE_IEEE80211B:
    273. 

  273. 	default:
    274. 

  274. 		return "802.11b";
    275. 

  275. 	}
    276. 

  276. }
    277. 

  277. 

  278. 

  279. int radius_sta_rate(struct hostapd_data *hapd, struct sta_info *sta)
    280. 

  280. {
    281. 

  281. 	int i;
    282. 

  282. 	u8 rate = 0;
    283. 

  283. 

  284. 	for (i = 0; i < sta->supported_rates_len; i++)
    285. 

  285. 		if ((sta->supported_rates[i] & 0x7f) > rate)
    286. 

  286. 			rate = sta->supported_rates[i] & 0x7f;
    287. 

  287. 

  288. 	return rate;
    289. 

  289. }
    290. 

  290. 

  291. 

  292. #ifndef CONFIG_NO_RADIUS
    293. 

  293. static void ieee802_1x_learn_identity(struct hostapd_data *hapd,
    294. 

  294. 				      struct eapol_state_machine *sm,
    295. 

  295. 				      const u8 *eap, size_t len)
    296. 

  296. {
    297. 

  297. 	const u8 *identity;
    298. 

  298. 	size_t identity_len;
    299. 

  299. 

  300. 	if (len <= sizeof(struct eap_hdr) ||
    301. 

  301. 	    eap[sizeof(struct eap_hdr)] != EAP_TYPE_IDENTITY)
    302. 

  302. 		return;
    303. 

  303. 

  304. 	identity = eap_get_identity(sm->eap, &identity_len);
    305. 

  305. 	if (identity == NULL)
    306. 

  306. 		return;
    307. 

  307. 

  308. 	/* Save station identity for future RADIUS packets */
    309. 

  309. 	os_free(sm->identity);
    310. 

  310. 	sm->identity = (u8 *) dup_binstr(identity, identity_len);
    311. 

  311. 	if (sm->identity == NULL) {
    312. 

  312. 		sm->identity_len = 0;
    313. 

  313. 		return;
    314. 

  314. 	}
    315. 

  315. 

  316. 	sm->identity_len = identity_len;
    317. 

  317. 	hostapd_logger(hapd, sm->addr, HOSTAPD_MODULE_IEEE8021X,
    318. 

  318. 		       HOSTAPD_LEVEL_DEBUG, "STA identity '%s'", sm->identity);
    319. 

  319. 	sm->dot1xAuthEapolRespIdFramesRx++;
    320. 

  320. }
    321. 

  321. 

  322. 

  323. static int add_common_radius_sta_attr_rsn(struct hostapd_data *hapd,
    324. 

  324. 					  struct hostapd_radius_attr *req_attr,
    325. 

  325. 					  struct sta_info *sta,
    326. 

  326. 					  struct radius_msg *msg)
    327. 

  327. {
    328. 

  328. 	u32 suite;
    329. 

  329. 	int ver, val;
    330. 

  330. 

  331. 	ver = wpa_auth_sta_wpa_version(sta->wpa_sm);
    332. 

  332. 	val = wpa_auth_get_pairwise(sta->wpa_sm);
    333. 

  333. 	suite = wpa_cipher_to_suite(ver, val);
    334. 

  334. 	if (val != -1 &&
    335. 

  335. 	    !hostapd_config_get_radius_attr(req_attr,
    336. 

  336. 					    RADIUS_ATTR_WLAN_PAIRWISE_CIPHER) &&
    337. 

  337. 	    !radius_msg_add_attr_int32(msg, RADIUS_ATTR_WLAN_PAIRWISE_CIPHER,
    338. 

  338. 				       suite)) {
    339. 

  339. 		wpa_printf(MSG_ERROR, "Could not add WLAN-Pairwise-Cipher");
    340. 

  340. 		return -1;
    341. 

  341. 	}
    342. 

  342. 

  343. 	suite = wpa_cipher_to_suite((hapd->conf->wpa & 0x2) ?
    344. 

  344. 				    WPA_PROTO_RSN : WPA_PROTO_WPA,
    345. 

  345. 				    hapd->conf->wpa_group);
    346. 

  346. 	if (!hostapd_config_get_radius_attr(req_attr,
    347. 

  347. 					    RADIUS_ATTR_WLAN_GROUP_CIPHER) &&
    348. 

  348. 	    !radius_msg_add_attr_int32(msg, RADIUS_ATTR_WLAN_GROUP_CIPHER,
    349. 

  349. 				       suite)) {
    350. 

  350. 		wpa_printf(MSG_ERROR, "Could not add WLAN-Group-Cipher");
    351. 

  351. 		return -1;
    352. 

  352. 	}
    353. 

  353. 

  354. 	val = wpa_auth_sta_key_mgmt(sta->wpa_sm);
    355. 

  355. 	suite = wpa_akm_to_suite(val);
    356. 

  356. 	if (val != -1 &&
    357. 

  357. 	    !hostapd_config_get_radius_attr(req_attr,
    358. 

  358. 					    RADIUS_ATTR_WLAN_AKM_SUITE) &&
    359. 

  359. 	    !radius_msg_add_attr_int32(msg, RADIUS_ATTR_WLAN_AKM_SUITE,
    360. 

  360. 				       suite)) {
    361. 

  361. 		wpa_printf(MSG_ERROR, "Could not add WLAN-AKM-Suite");
    362. 

  362. 		return -1;
    363. 

  363. 	}
    364. 

  364. 

  365. #ifdef CONFIG_IEEE80211W
    366. 

  366. 	if (hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
    367. 

  367. 		suite = wpa_cipher_to_suite(WPA_PROTO_RSN,
    368. 

  368. 					    hapd->conf->group_mgmt_cipher);
    369. 

  369. 		if (!hostapd_config_get_radius_attr(
    370. 

  370. 			    req_attr, RADIUS_ATTR_WLAN_GROUP_MGMT_CIPHER) &&
    371. 

  371. 		    !radius_msg_add_attr_int32(
    372. 

  372. 			    msg, RADIUS_ATTR_WLAN_GROUP_MGMT_CIPHER, suite)) {
    373. 

  373. 			wpa_printf(MSG_ERROR,
    374. 

  374. 				   "Could not add WLAN-Group-Mgmt-Cipher");
    375. 

  375. 			return -1;
    376. 

  376. 		}
    377. 

  377. 	}
    378. 

  378. #endif /* CONFIG_IEEE80211W */
    379. 

  379. 

  380. 	return 0;
    381. 

  381. }
    382. 

  382. 

  383. 

  384. static int add_common_radius_sta_attr(struct hostapd_data *hapd,
    385. 

  385. 				      struct hostapd_radius_attr *req_attr,
    386. 

  386. 				      struct sta_info *sta,
    387. 

  387. 				      struct radius_msg *msg)
    388. 

  388. {
    389. 

  389. 	char buf[128];
    390. 

  390. 

  391. 	if (!hostapd_config_get_radius_attr(req_attr,
    392. 

  392. 					    RADIUS_ATTR_NAS_PORT) &&
    393. 

  393. 	    !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT, sta->aid)) {
    394. 

  394. 		wpa_printf(MSG_ERROR, "Could not add NAS-Port");
    395. 

  395. 		return -1;
    396. 

  396. 	}
    397. 

  397. 

  398. 	os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
    399. 

  399. 		    MAC2STR(sta->addr));
    400. 

  400. 	buf[sizeof(buf) - 1] = '\0';
    401. 

  401. 	if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
    402. 

  402. 				 (u8 *) buf, os_strlen(buf))) {
    403. 

  403. 		wpa_printf(MSG_ERROR, "Could not add Calling-Station-Id");
    404. 

  404. 		return -1;
    405. 

  405. 	}
    406. 

  406. 

  407. 	if (sta->flags & WLAN_STA_PREAUTH) {
    408. 

  408. 		os_strlcpy(buf, "IEEE 802.11i Pre-Authentication",
    409. 

  409. 			   sizeof(buf));
    410. 

  410. 	} else {
    411. 

  411. 		os_snprintf(buf, sizeof(buf), "CONNECT %d%sMbps %s",
    412. 

  412. 			    radius_sta_rate(hapd, sta) / 2,
    413. 

  413. 			    (radius_sta_rate(hapd, sta) & 1) ? ".5" : "",
    414. 

  414. 			    radius_mode_txt(hapd));
    415. 

  415. 		buf[sizeof(buf) - 1] = '\0';
    416. 

  416. 	}
    417. 

  417. 	if (!hostapd_config_get_radius_attr(req_attr,
    418. 

  418. 					    RADIUS_ATTR_CONNECT_INFO) &&
    419. 

  419. 	    !radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
    420. 

  420. 				 (u8 *) buf, os_strlen(buf))) {
    421. 

  421. 		wpa_printf(MSG_ERROR, "Could not add Connect-Info");
    422. 

  422. 		return -1;
    423. 

  423. 	}
    424. 

  424. 

  425. 	if (sta->acct_session_id_hi || sta->acct_session_id_lo) {
    426. 

  426. 		os_snprintf(buf, sizeof(buf), "%08X-%08X",
    427. 

  427. 			    sta->acct_session_id_hi, sta->acct_session_id_lo);
    428. 

  428. 		if (!radius_msg_add_attr(msg, RADIUS_ATTR_ACCT_SESSION_ID,
    429. 

  429. 					 (u8 *) buf, os_strlen(buf))) {
    430. 

  430. 			wpa_printf(MSG_ERROR, "Could not add Acct-Session-Id");
    431. 

  431. 			return -1;
    432. 

  432. 		}
    433. 

  433. 	}
    434. 

  434. 

  435. #ifdef CONFIG_IEEE80211R
    436. 

  436. 	if (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) &&
    437. 

  437. 	    sta->wpa_sm &&
    438. 

  438. 	    (wpa_key_mgmt_ft(wpa_auth_sta_key_mgmt(sta->wpa_sm)) ||
    439. 

  439. 	     sta->auth_alg == WLAN_AUTH_FT) &&
    440. 

  440. 	    !hostapd_config_get_radius_attr(req_attr,
    441. 

  441. 					    RADIUS_ATTR_MOBILITY_DOMAIN_ID) &&
    442. 

  442. 	    !radius_msg_add_attr_int32(msg, RADIUS_ATTR_MOBILITY_DOMAIN_ID,
    443. 

  443. 				       WPA_GET_BE16(
    444. 

  444. 					       hapd->conf->mobility_domain))) {
    445. 

  445. 		wpa_printf(MSG_ERROR, "Could not add Mobility-Domain-Id");
    446. 

  446. 		return -1;
    447. 

  447. 	}
    448. 

  448. #endif /* CONFIG_IEEE80211R */
    449. 

  449. 

  450. 	if (hapd->conf->wpa && sta->wpa_sm &&
    451. 

  451. 	    add_common_radius_sta_attr_rsn(hapd, req_attr, sta, msg) < 0)
    452. 

  452. 		return -1;
    453. 

  453. 

  454. 	return 0;
    455. 

  455. }
    456. 

  456. 

  457. 

  458. int add_common_radius_attr(struct hostapd_data *hapd,
    459. 

  459. 			   struct hostapd_radius_attr *req_attr,
    460. 

  460. 			   struct sta_info *sta,
    461. 

  461. 			   struct radius_msg *msg)
    462. 

  462. {
    463. 

  463. 	char buf[128];
    464. 

  464. 	struct hostapd_radius_attr *attr;
    465. 

  465. 

  466. 	if (!hostapd_config_get_radius_attr(req_attr,
    467. 

  467. 					    RADIUS_ATTR_NAS_IP_ADDRESS) &&
    468. 

  468. 	    hapd->conf->own_ip_addr.af == AF_INET &&
    469. 

  469. 	    !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
    470. 

  470. 				 (u8 *) &hapd->conf->own_ip_addr.u.v4, 4)) {
    471. 

  471. 		wpa_printf(MSG_ERROR, "Could not add NAS-IP-Address");
    472. 

  472. 		return -1;
    473. 

  473. 	}
    474. 

  474. 

  475. #ifdef CONFIG_IPV6
    476. 

  476. 	if (!hostapd_config_get_radius_attr(req_attr,
    477. 

  477. 					    RADIUS_ATTR_NAS_IPV6_ADDRESS) &&
    478. 

  478. 	    hapd->conf->own_ip_addr.af == AF_INET6 &&
    479. 

  479. 	    !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IPV6_ADDRESS,
    480. 

  480. 				 (u8 *) &hapd->conf->own_ip_addr.u.v6, 16)) {
    481. 

  481. 		wpa_printf(MSG_ERROR, "Could not add NAS-IPv6-Address");
    482. 

  482. 		return -1;
    483. 

  483. 	}
    484. 

  484. #endif /* CONFIG_IPV6 */
    485. 

  485. 

  486. 	if (!hostapd_config_get_radius_attr(req_attr,
    487. 

  487. 					    RADIUS_ATTR_NAS_IDENTIFIER) &&
    488. 

  488. 	    hapd->conf->nas_identifier &&
    489. 

  489. 	    !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IDENTIFIER,
    490. 

  490. 				 (u8 *) hapd->conf->nas_identifier,
    491. 

  491. 				 os_strlen(hapd->conf->nas_identifier))) {
    492. 

  492. 		wpa_printf(MSG_ERROR, "Could not add NAS-Identifier");
    493. 

  493. 		return -1;
    494. 

  494. 	}
    495. 

  495. 

  496. 	os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":%s",
    497. 

  497. 		    MAC2STR(hapd->own_addr),
    498. 

  498. 		    wpa_ssid_txt(hapd->conf->ssid.ssid,
    499. 

  499. 				 hapd->conf->ssid.ssid_len));
    500. 

  500. 	buf[sizeof(buf) - 1] = '\0';
    501. 

  501. 	if (!hostapd_config_get_radius_attr(req_attr,
    502. 

  502. 					    RADIUS_ATTR_CALLED_STATION_ID) &&
    503. 

  503. 	    !radius_msg_add_attr(msg, RADIUS_ATTR_CALLED_STATION_ID,
    504. 

  504. 				 (u8 *) buf, os_strlen(buf))) {
    505. 

  505. 		wpa_printf(MSG_ERROR, "Could not add Called-Station-Id");
    506. 

  506. 		return -1;
    507. 

  507. 	}
    508. 

  508. 

  509. 	if (!hostapd_config_get_radius_attr(req_attr,
    510. 

  510. 					    RADIUS_ATTR_NAS_PORT_TYPE) &&
    511. 

  511. 	    !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE,
    512. 

  512. 				       RADIUS_NAS_PORT_TYPE_IEEE_802_11)) {
    513. 

  513. 		wpa_printf(MSG_ERROR, "Could not add NAS-Port-Type");
    514. 

  514. 		return -1;
    515. 

  515. 	}
    516. 

  516. 

  517. #ifdef CONFIG_INTERWORKING
    518. 

  518. 	if (hapd->conf->interworking &&
    519. 

  519. 	    !is_zero_ether_addr(hapd->conf->hessid)) {
    520. 

  520. 		os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
    521. 

  521. 			    MAC2STR(hapd->conf->hessid));
    522. 

  522. 		buf[sizeof(buf) - 1] = '\0';
    523. 

  523. 		if (!hostapd_config_get_radius_attr(req_attr,
    524. 

  524. 						    RADIUS_ATTR_WLAN_HESSID) &&
    525. 

  525. 		    !radius_msg_add_attr(msg, RADIUS_ATTR_WLAN_HESSID,
    526. 

  526. 					 (u8 *) buf, os_strlen(buf))) {
    527. 

  527. 			wpa_printf(MSG_ERROR, "Could not add WLAN-HESSID");
    528. 

  528. 			return -1;
    529. 

  529. 		}
    530. 

  530. 	}
    531. 

  531. #endif /* CONFIG_INTERWORKING */
    532. 

  532. 

  533. 	if (sta && add_common_radius_sta_attr(hapd, req_attr, sta, msg) < 0)
    534. 

  534. 		return -1;
    535. 

  535. 

  536. 	for (attr = req_attr; attr; attr = attr->next) {
    537. 

  537. 		if (!radius_msg_add_attr(msg, attr->type,
    538. 

  538. 					 wpabuf_head(attr->val),
    539. 

  539. 					 wpabuf_len(attr->val))) {
    540. 

  540. 			wpa_printf(MSG_ERROR, "Could not add RADIUS "
    541. 

  541. 				   "attribute");
    542. 

  542. 			return -1;
    543. 

  543. 		}
    544. 

  544. 	}
    545. 

  545. 

  546. 	return 0;
    547. 

  547. }
    548. 

  548. 

  549. 

  550. static void ieee802_1x_encapsulate_radius(struct hostapd_data *hapd,
    551. 

  551. 					  struct sta_info *sta,
    552. 

  552. 					  const u8 *eap, size_t len)
    553. 

  553. {
    554. 

  554. 	struct radius_msg *msg;
    555. 

  555. 	struct eapol_state_machine *sm = sta->eapol_sm;
    556. 

  556. 

  557. 	if (sm == NULL)
    558. 

  558. 		return;
    559. 

  559. 

  560. 	ieee802_1x_learn_identity(hapd, sm, eap, len);
    561. 

  561. 

  562. 	wpa_printf(MSG_DEBUG, "Encapsulating EAP message into a RADIUS "
    563. 

  563. 		   "packet");
    564. 

  564. 

  565. 	sm->radius_identifier = radius_client_get_id(hapd->radius);
    566. 

  566. 	msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST,
    567. 

  567. 			     sm->radius_identifier);
    568. 

  568. 	if (msg == NULL) {
    569. 

  569. 		wpa_printf(MSG_INFO, "Could not create new RADIUS packet");
    570. 

  570. 		return;
    571. 

  571. 	}
    572. 

  572. 

  573. 	radius_msg_make_authenticator(msg, (u8 *) sta, sizeof(*sta));
    574. 

  574. 

  575. 	if (sm->identity &&
    576. 

  576. 	    !radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME,
    577. 

  577. 				 sm->identity, sm->identity_len)) {
    578. 

  578. 		wpa_printf(MSG_INFO, "Could not add User-Name");
    579. 

  579. 		goto fail;
    580. 

  580. 	}
    581. 

  581. 

  582. 	if (add_common_radius_attr(hapd, hapd->conf->radius_auth_req_attr, sta,
    583. 

  583. 				   msg) < 0)
    584. 

  584. 		goto fail;
    585. 

  585. 

  586. 	/* TODO: should probably check MTU from driver config; 2304 is max for
    587. 

  587. 	 * IEEE 802.11, but use 1400 to avoid problems with too large packets
    588. 

  588. 	 */
    589. 

  589. 	if (!hostapd_config_get_radius_attr(hapd->conf->radius_auth_req_attr,
    590. 

  590. 					    RADIUS_ATTR_FRAMED_MTU) &&
    591. 

  591. 	    !radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) {
    592. 

  592. 		wpa_printf(MSG_INFO, "Could not add Framed-MTU");
    593. 

  593. 		goto fail;
    594. 

  594. 	}
    595. 

  595. 

  596. 	if (eap && !radius_msg_add_eap(msg, eap, len)) {
    597. 

  597. 		wpa_printf(MSG_INFO, "Could not add EAP-Message");
    598. 

  598. 		goto fail;
    599. 

  599. 	}
    600. 

  600. 

  601. 	/* State attribute must be copied if and only if this packet is
    602. 

  602. 	 * Access-Request reply to the previous Access-Challenge */
    603. 

  603. 	if (sm->last_recv_radius &&
    604. 

  604. 	    radius_msg_get_hdr(sm->last_recv_radius)->code ==
    605. 

  605. 	    RADIUS_CODE_ACCESS_CHALLENGE) {
    606. 

  606. 		int res = radius_msg_copy_attr(msg, sm->last_recv_radius,
    607. 

  607. 					       RADIUS_ATTR_STATE);
    608. 

  608. 		if (res < 0) {
    609. 

  609. 			wpa_printf(MSG_INFO, "Could not copy State attribute from previous Access-Challenge");
    610. 

  610. 			goto fail;
    611. 

  611. 		}
    612. 

  612. 		if (res > 0) {
    613. 

  613. 			wpa_printf(MSG_DEBUG, "Copied RADIUS State Attribute");
    614. 

  614. 		}
    615. 

  615. 	}
    616. 

  616. 

  617. 	if (hapd->conf->radius_request_cui) {
    618. 

  618. 		const u8 *cui;
    619. 

  619. 		size_t cui_len;
    620. 

  620. 		/* Add previously learned CUI or nul CUI to request CUI */
    621. 

  621. 		if (sm->radius_cui) {
    622. 

  622. 			cui = wpabuf_head(sm->radius_cui);
    623. 

  623. 			cui_len = wpabuf_len(sm->radius_cui);
    624. 

  624. 		} else {
    625. 

  625. 			cui = (const u8 *) "\0";
    626. 

  626. 			cui_len = 1;
    627. 

  627. 		}
    628. 

  628. 		if (!radius_msg_add_attr(msg,
    629. 

  629. 					 RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
    630. 

  630. 					 cui, cui_len)) {
    631. 

  631. 			wpa_printf(MSG_ERROR, "Could not add CUI");
    632. 

  632. 			goto fail;
    633. 

  633. 		}
    634. 

  634. 	}
    635. 

  635. 

  636. #ifdef CONFIG_HS20
    637. 

  637. 	if (hapd->conf->hs20) {
    638. 

  638. 		u8 ver = 1; /* Release 2 */
    639. 

  639. 		if (!radius_msg_add_wfa(
    640. 

  640. 			    msg, RADIUS_VENDOR_ATTR_WFA_HS20_AP_VERSION,
    641. 

  641. 			    &ver, 1)) {
    642. 

  642. 			wpa_printf(MSG_ERROR, "Could not add HS 2.0 AP "
    643. 

  643. 				   "version");
    644. 

  644. 			goto fail;
    645. 

  645. 		}
    646. 

  646. 

  647. 		if (sta->hs20_ie && wpabuf_len(sta->hs20_ie) > 0) {
    648. 

  648. 			const u8 *pos;
    649. 

  649. 			u8 buf[3];
    650. 

  650. 			u16 id;
    651. 

  651. 			pos = wpabuf_head_u8(sta->hs20_ie);
    652. 

  652. 			buf[0] = (*pos) >> 4;
    653. 

  653. 			if (((*pos) & HS20_PPS_MO_ID_PRESENT) &&
    654. 

  654. 			    wpabuf_len(sta->hs20_ie) >= 3)
    655. 

  655. 				id = WPA_GET_LE16(pos + 1);
    656. 

  656. 			else
    657. 

  657. 				id = 0;
    658. 

  658. 			WPA_PUT_BE16(buf + 1, id);
    659. 

  659. 			if (!radius_msg_add_wfa(
    660. 

  660. 				    msg,
    661. 

  661. 				    RADIUS_VENDOR_ATTR_WFA_HS20_STA_VERSION,
    662. 

  662. 				    buf, sizeof(buf))) {
    663. 

  663. 				wpa_printf(MSG_ERROR, "Could not add HS 2.0 "
    664. 

  664. 					   "STA version");
    665. 

  665. 				goto fail;
    666. 

  666. 			}
    667. 

  667. 		}
    668. 

  668. 	}
    669. 

  669. #endif /* CONFIG_HS20 */
    670. 

  670. 

  671. 	if (radius_client_send(hapd->radius, msg, RADIUS_AUTH, sta->addr) < 0)
    672. 

  672. 		goto fail;
    673. 

  673. 

  674. 	return;
    675. 

  675. 

  676.  fail:
    677. 

  677. 	radius_msg_free(msg);
    678. 

  678. }
    679. 

  679. #endif /* CONFIG_NO_RADIUS */
    680. 

  680. 

  681. 

  682. static void handle_eap_response(struct hostapd_data *hapd,
    683. 

  683. 				struct sta_info *sta, struct eap_hdr *eap,
    684. 

  684. 				size_t len)
    685. 

  685. {
    686. 

  686. 	u8 type, *data;
    687. 

  687. 	struct eapol_state_machine *sm = sta->eapol_sm;
    688. 

  688. 	if (sm == NULL)
    689. 

  689. 		return;
    690. 

  690. 

  691. 	data = (u8 *) (eap + 1);
    692. 

  692. 

  693. 	if (len < sizeof(*eap) + 1) {
    694. 

  694. 		wpa_printf(MSG_INFO, "handle_eap_response: too short response data");
    695. 

  695. 		return;
    696. 

  696. 	}
    697. 

  697. 

  698. 	sm->eap_type_supp = type = data[0];
    699. 

  699. 

  700. 	hostapd_logger(hapd, sm->addr, HOSTAPD_MODULE_IEEE8021X,
    701. 

  701. 		       HOSTAPD_LEVEL_DEBUG, "received EAP packet (code=%d "
    702. 

  702. 		       "id=%d len=%d) from STA: EAP Response-%s (%d)",
    703. 

  703. 		       eap->code, eap->identifier, be_to_host16(eap->length),
    704. 

  704. 		       eap_server_get_name(0, type), type);
    705. 

  705. 

  706. 	sm->dot1xAuthEapolRespFramesRx++;
    707. 

  707. 

  708. 	wpabuf_free(sm->eap_if->eapRespData);
    709. 

  709. 	sm->eap_if->eapRespData = wpabuf_alloc_copy(eap, len);
    710. 

  710. 	sm->eapolEap = TRUE;
    711. 

  711. }
    712. 

  712. 

  713. 

  714. /* Process incoming EAP packet from Supplicant */
    715. 

  715. static void handle_eap(struct hostapd_data *hapd, struct sta_info *sta,
    716. 

  716. 		       u8 *buf, size_t len)
    717. 

  717. {
    718. 

  718. 	struct eap_hdr *eap;
    719. 

  719. 	u16 eap_len;
    720. 

  720. 

  721. 	if (len < sizeof(*eap)) {
    722. 

  722. 		wpa_printf(MSG_INFO, "   too short EAP packet");
    723. 

  723. 		return;
    724. 

  724. 	}
    725. 

  725. 

  726. 	eap = (struct eap_hdr *) buf;
    727. 

  727. 

  728. 	eap_len = be_to_host16(eap->length);
    729. 

  729. 	wpa_printf(MSG_DEBUG, "EAP: code=%d identifier=%d length=%d",
    730. 

  730. 		   eap->code, eap->identifier, eap_len);
    731. 

  731. 	if (eap_len < sizeof(*eap)) {
    732. 

  732. 		wpa_printf(MSG_DEBUG, "   Invalid EAP length");
    733. 

  733. 		return;
    734. 

  734. 	} else if (eap_len > len) {
    735. 

  735. 		wpa_printf(MSG_DEBUG, "   Too short frame to contain this EAP "
    736. 

  736. 			   "packet");
    737. 

  737. 		return;
    738. 

  738. 	} else if (eap_len < len) {
    739. 

  739. 		wpa_printf(MSG_DEBUG, "   Ignoring %lu extra bytes after EAP "
    740. 

  740. 			   "packet", (unsigned long) len - eap_len);
    741. 

  741. 	}
    742. 

  742. 

  743. 	switch (eap->code) {
    744. 

  744. 	case EAP_CODE_REQUEST:
    745. 

  745. 		wpa_printf(MSG_DEBUG, " (request)");
    746. 

  746. 		return;
    747. 

  747. 	case EAP_CODE_RESPONSE:
    748. 

  748. 		wpa_printf(MSG_DEBUG, " (response)");
    749. 

  749. 		handle_eap_response(hapd, sta, eap, eap_len);
    750. 

  750. 		break;
    751. 

  751. 	case EAP_CODE_SUCCESS:
    752. 

  752. 		wpa_printf(MSG_DEBUG, " (success)");
    753. 

  753. 		return;
    754. 

  754. 	case EAP_CODE_FAILURE:
    755. 

  755. 		wpa_printf(MSG_DEBUG, " (failure)");
    756. 

  756. 		return;
    757. 

  757. 	default:
    758. 

  758. 		wpa_printf(MSG_DEBUG, " (unknown code)");
    759. 

  759. 		return;
    760. 

  760. 	}
    761. 

  761. }
    762. 

  762. 

  763. 

  764. static struct eapol_state_machine *
    765. 

  765. ieee802_1x_alloc_eapol_sm(struct hostapd_data *hapd, struct sta_info *sta)
    766. 

  766. {
    767. 

  767. 	int flags = 0;
    768. 

  768. 	if (sta->flags & WLAN_STA_PREAUTH)
    769. 

  769. 		flags |= EAPOL_SM_PREAUTH;
    770. 

  770. 	if (sta->wpa_sm) {
    771. 

  771. 		flags |= EAPOL_SM_USES_WPA;
    772. 

  772. 		if (wpa_auth_sta_get_pmksa(sta->wpa_sm))
    773. 

  773. 			flags |= EAPOL_SM_FROM_PMKSA_CACHE;
    774. 

  774. 	}
    775. 

  775. 	return eapol_auth_alloc(hapd->eapol_auth, sta->addr, flags,
    776. 

  776. 				sta->wps_ie, sta->p2p_ie, sta,
    777. 

  777. 				sta->identity, sta->radius_cui);
    778. 

  778. }
    779. 

  779. 

  780. 

  781. /**
    782. 

  782.  * ieee802_1x_receive - Process the EAPOL frames from the Supplicant
    783. 

  783.  * @hapd: hostapd BSS data
    784. 

  784.  * @sa: Source address (sender of the EAPOL frame)
    785. 

  785.  * @buf: EAPOL frame
    786. 

  786.  * @len: Length of buf in octets
    787. 

  787.  *
    788. 

  788.  * This function is called for each incoming EAPOL frame from the interface
    789. 

  789.  */
    790. 

  790. void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
    791. 

  791. 			size_t len)
    792. 

  792. {
    793. 

  793. 	struct sta_info *sta;
    794. 

  794. 	struct ieee802_1x_hdr *hdr;
    795. 

  795. 	struct ieee802_1x_eapol_key *key;
    796. 

  796. 	u16 datalen;
    797. 

  797. 	struct rsn_pmksa_cache_entry *pmksa;
    798. 

  798. 	int key_mgmt;
    799. 

  799. 

  800. 	if (!hapd->conf->ieee802_1x && !hapd->conf->wpa && !hapd->conf->osen &&
    801. 

  801. 	    !hapd->conf->wps_state)
    802. 

  802. 		return;
    803. 

  803. 

  804. 	wpa_printf(MSG_DEBUG, "IEEE 802.1X: %lu bytes from " MACSTR,
    805. 

  805. 		   (unsigned long) len, MAC2STR(sa));
    806. 

  806. 	sta = ap_get_sta(hapd, sa);
    807. 

  807. 	if (!sta || (!(sta->flags & (WLAN_STA_ASSOC | WLAN_STA_PREAUTH)) &&
    808. 

  808. 		     !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_WIRED))) {
    809. 

  809. 		wpa_printf(MSG_DEBUG, "IEEE 802.1X data frame from not "
    810. 

  810. 			   "associated/Pre-authenticating STA");
    811. 

  811. 		return;
    812. 

  812. 	}
    813. 

  813. 

  814. 	if (len < sizeof(*hdr)) {
    815. 

  815. 		wpa_printf(MSG_INFO, "   too short IEEE 802.1X packet");
    816. 

  816. 		return;
    817. 

  817. 	}
    818. 

  818. 

  819. 	hdr = (struct ieee802_1x_hdr *) buf;
    820. 

  820. 	datalen = be_to_host16(hdr->length);
    821. 

  821. 	wpa_printf(MSG_DEBUG, "   IEEE 802.1X: version=%d type=%d length=%d",
    822. 

  822. 		   hdr->version, hdr->type, datalen);
    823. 

  823. 

  824. 	if (len - sizeof(*hdr) < datalen) {
    825. 

  825. 		wpa_printf(MSG_INFO, "   frame too short for this IEEE 802.1X packet");
    826. 

  826. 		if (sta->eapol_sm)
    827. 

  827. 			sta->eapol_sm->dot1xAuthEapLengthErrorFramesRx++;
    828. 

  828. 		return;
    829. 

  829. 	}
    830. 

  830. 	if (len - sizeof(*hdr) > datalen) {
    831. 

  831. 		wpa_printf(MSG_DEBUG, "   ignoring %lu extra octets after "
    832. 

  832. 			   "IEEE 802.1X packet",
    833. 

  833. 			   (unsigned long) len - sizeof(*hdr) - datalen);
    834. 

  834. 	}
    835. 

  835. 

  836. 	if (sta->eapol_sm) {
    837. 

  837. 		sta->eapol_sm->dot1xAuthLastEapolFrameVersion = hdr->version;
    838. 

  838. 		sta->eapol_sm->dot1xAuthEapolFramesRx++;
    839. 

  839. 	}
    840. 

  840. 

  841. 	key = (struct ieee802_1x_eapol_key *) (hdr + 1);
    842. 

  842. 	if (datalen >= sizeof(struct ieee802_1x_eapol_key) &&
    843. 

  843. 	    hdr->type == IEEE802_1X_TYPE_EAPOL_KEY &&
    844. 

  844. 	    (key->type == EAPOL_KEY_TYPE_WPA ||
    845. 

  845. 	     key->type == EAPOL_KEY_TYPE_RSN)) {
    846. 

  846. 		wpa_receive(hapd->wpa_auth, sta->wpa_sm, (u8 *) hdr,
    847. 

  847. 			    sizeof(*hdr) + datalen);
    848. 

  848. 		return;
    849. 

  849. 	}
    850. 

  850. 

  851. 	if (!hapd->conf->ieee802_1x && !hapd->conf->osen &&
    852. 

  852. 	    !(sta->flags & (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS))) {
    853. 

  853. 		wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore EAPOL message - "
    854. 

  854. 			   "802.1X not enabled and WPS not used");
    855. 

  855. 		return;
    856. 

  856. 	}
    857. 

  857. 

  858. 	key_mgmt = wpa_auth_sta_key_mgmt(sta->wpa_sm);
    859. 

  859. 	if (key_mgmt != -1 && wpa_key_mgmt_wpa_psk(key_mgmt)) {
    860. 

  860. 		wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore EAPOL message - "
    861. 

  861. 			   "STA is using PSK");
    862. 

  862. 		return;
    863. 

  863. 	}
    864. 

  864. 

  865. 	if (!sta->eapol_sm) {
    866. 

  866. 		sta->eapol_sm = ieee802_1x_alloc_eapol_sm(hapd, sta);
    867. 

  867. 		if (!sta->eapol_sm)
    868. 

  868. 			return;
    869. 

  869. 

  870. #ifdef CONFIG_WPS
    871. 

  871. 		if (!hapd->conf->ieee802_1x && hapd->conf->wps_state) {
    872. 

  872. 			u32 wflags = sta->flags & (WLAN_STA_WPS |
    873. 

  873. 						   WLAN_STA_WPS2 |
    874. 

  874. 						   WLAN_STA_MAYBE_WPS);
    875. 

  875. 			if (wflags == WLAN_STA_MAYBE_WPS ||
    876. 

  876. 			    wflags == (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS)) {
    877. 

  877. 				/*
    878. 

  878. 				 * Delay EAPOL frame transmission until a
    879. 

  879. 				 * possible WPS STA initiates the handshake
    880. 

  880. 				 * with EAPOL-Start. Only allow the wait to be
    881. 

  881. 				 * skipped if the STA is known to support WPS
    882. 

  882. 				 * 2.0.
    883. 

  883. 				 */
    884. 

  884. 				wpa_printf(MSG_DEBUG, "WPS: Do not start "
    885. 

  885. 					   "EAPOL until EAPOL-Start is "
    886. 

  886. 					   "received");
    887. 

  887. 				sta->eapol_sm->flags |= EAPOL_SM_WAIT_START;
    888. 

  888. 			}
    889. 

  889. 		}
    890. 

  890. #endif /* CONFIG_WPS */
    891. 

  891. 

  892. 		sta->eapol_sm->eap_if->portEnabled = TRUE;
    893. 

  893. 	}
    894. 

  894. 

  895. 	/* since we support version 1, we can ignore version field and proceed
    896. 

  896. 	 * as specified in version 1 standard [IEEE Std 802.1X-2001, 7.5.5] */
    897. 

  897. 	/* TODO: actually, we are not version 1 anymore.. However, Version 2
    898. 

  898. 	 * does not change frame contents, so should be ok to process frames
    899. 

  899. 	 * more or less identically. Some changes might be needed for
    900. 

  900. 	 * verification of fields. */
    901. 

  901. 

  902. 	switch (hdr->type) {
    903. 

  903. 	case IEEE802_1X_TYPE_EAP_PACKET:
    904. 

  904. 		handle_eap(hapd, sta, (u8 *) (hdr + 1), datalen);
    905. 

  905. 		break;
    906. 

  906. 

  907. 	case IEEE802_1X_TYPE_EAPOL_START:
    908. 

  908. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    909. 

  909. 			       HOSTAPD_LEVEL_DEBUG, "received EAPOL-Start "
    910. 

  910. 			       "from STA");
    911. 

  911. 		sta->eapol_sm->flags &= ~EAPOL_SM_WAIT_START;
    912. 

  912. 		pmksa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
    913. 

  913. 		if (pmksa) {
    914. 

  914. 			hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
    915. 

  915. 				       HOSTAPD_LEVEL_DEBUG, "cached PMKSA "
    916. 

  916. 				       "available - ignore it since "
    917. 

  917. 				       "STA sent EAPOL-Start");
    918. 

  918. 			wpa_auth_sta_clear_pmksa(sta->wpa_sm, pmksa);
    919. 

  919. 		}
    920. 

  920. 		sta->eapol_sm->eapolStart = TRUE;
    921. 

  921. 		sta->eapol_sm->dot1xAuthEapolStartFramesRx++;
    922. 

  922. 		eap_server_clear_identity(sta->eapol_sm->eap);
    923. 

  923. 		wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH_EAPOL);
    924. 

  924. 		break;
    925. 

  925. 

  926. 	case IEEE802_1X_TYPE_EAPOL_LOGOFF:
    927. 

  927. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    928. 

  928. 			       HOSTAPD_LEVEL_DEBUG, "received EAPOL-Logoff "
    929. 

  929. 			       "from STA");
    930. 

  930. 		sta->acct_terminate_cause =
    931. 

  931. 			RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
    932. 

  932. 		accounting_sta_stop(hapd, sta);
    933. 

  933. 		sta->eapol_sm->eapolLogoff = TRUE;
    934. 

  934. 		sta->eapol_sm->dot1xAuthEapolLogoffFramesRx++;
    935. 

  935. 		eap_server_clear_identity(sta->eapol_sm->eap);
    936. 

  936. 		break;
    937. 

  937. 

  938. 	case IEEE802_1X_TYPE_EAPOL_KEY:
    939. 

  939. 		wpa_printf(MSG_DEBUG, "   EAPOL-Key");
    940. 

  940. 		if (!ap_sta_is_authorized(sta)) {
    941. 

  941. 			wpa_printf(MSG_DEBUG, "   Dropped key data from "
    942. 

  942. 				   "unauthorized Supplicant");
    943. 

  943. 			break;
    944. 

  944. 		}
    945. 

  945. 		break;
    946. 

  946. 

  947. 	case IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT:
    948. 

  948. 		wpa_printf(MSG_DEBUG, "   EAPOL-Encapsulated-ASF-Alert");
    949. 

  949. 		/* TODO: implement support for this; show data */
    950. 

  950. 		break;
    951. 

  951. 

  952. 	default:
    953. 

  953. 		wpa_printf(MSG_DEBUG, "   unknown IEEE 802.1X packet type");
    954. 

  954. 		sta->eapol_sm->dot1xAuthInvalidEapolFramesRx++;
    955. 

  955. 		break;
    956. 

  956. 	}
    957. 

  957. 

  958. 	eapol_auth_step(sta->eapol_sm);
    959. 

  959. }
    960. 

  960. 

  961. 

  962. /**
    963. 

  963.  * ieee802_1x_new_station - Start IEEE 802.1X authentication
    964. 

  964.  * @hapd: hostapd BSS data
    965. 

  965.  * @sta: The station
    966. 

  966.  *
    967. 

  967.  * This function is called to start IEEE 802.1X authentication when a new
    968. 

  968.  * station completes IEEE 802.11 association.
    969. 

  969.  */
    970. 

  970. void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
    971. 

  971. {
    972. 

  972. 	struct rsn_pmksa_cache_entry *pmksa;
    973. 

  973. 	int reassoc = 1;
    974. 

  974. 	int force_1x = 0;
    975. 

  975. 	int key_mgmt;
    976. 

  976. 

  977. #ifdef CONFIG_WPS
    978. 

  978. 	if (hapd->conf->wps_state && hapd->conf->wpa &&
    979. 

  979. 	    (sta->flags & (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS))) {
    980. 

  980. 		/*
    981. 

  981. 		 * Need to enable IEEE 802.1X/EAPOL state machines for possible
    982. 

  982. 		 * WPS handshake even if IEEE 802.1X/EAPOL is not used for
    983. 

  983. 		 * authentication in this BSS.
    984. 

  984. 		 */
    985. 

  985. 		force_1x = 1;
    986. 

  986. 	}
    987. 

  987. #endif /* CONFIG_WPS */
    988. 

  988. 

  989. 	if (!force_1x && !hapd->conf->ieee802_1x && !hapd->conf->osen) {
    990. 

  990. 		wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore STA - "
    991. 

  991. 			   "802.1X not enabled or forced for WPS");
    992. 

  992. 		/*
    993. 

  993. 		 * Clear any possible EAPOL authenticator state to support
    994. 

  994. 		 * reassociation change from WPS to PSK.
    995. 

  995. 		 */
    996. 

  996. 		ieee802_1x_free_station(sta);
    997. 

  997. 		return;
    998. 

  998. 	}
    999. 

  999. 

  1000. 	key_mgmt = wpa_auth_sta_key_mgmt(sta->wpa_sm);
    1001. 

  1001. 	if (key_mgmt != -1 && wpa_key_mgmt_wpa_psk(key_mgmt)) {
    1002. 

  1002. 		wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore STA - using PSK");
    1003. 

  1003. 		/*
    1004. 

  1004. 		 * Clear any possible EAPOL authenticator state to support
    1005. 

  1005. 		 * reassociation change from WPA-EAP to PSK.
    1006. 

  1006. 		 */
    1007. 

  1007. 		ieee802_1x_free_station(sta);
    1008. 

  1008. 		return;
    1009. 

  1009. 	}
    1010. 

  1010. 

  1011. 	if (sta->eapol_sm == NULL) {
    1012. 

  1012. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1013. 

  1013. 			       HOSTAPD_LEVEL_DEBUG, "start authentication");
    1014. 

  1014. 		sta->eapol_sm = ieee802_1x_alloc_eapol_sm(hapd, sta);
    1015. 

  1015. 		if (sta->eapol_sm == NULL) {
    1016. 

  1016. 			hostapd_logger(hapd, sta->addr,
    1017. 

  1017. 				       HOSTAPD_MODULE_IEEE8021X,
    1018. 

  1018. 				       HOSTAPD_LEVEL_INFO,
    1019. 

  1019. 				       "failed to allocate state machine");
    1020. 

  1020. 			return;
    1021. 

  1021. 		}
    1022. 

  1022. 		reassoc = 0;
    1023. 

  1023. 	}
    1024. 

  1024. 

  1025. #ifdef CONFIG_WPS
    1026. 

  1026. 	sta->eapol_sm->flags &= ~EAPOL_SM_WAIT_START;
    1027. 

  1027. 	if (!hapd->conf->ieee802_1x && hapd->conf->wps_state &&
    1028. 

  1028. 	    !(sta->flags & WLAN_STA_WPS2)) {
    1029. 

  1029. 		/*
    1030. 

  1030. 		 * Delay EAPOL frame transmission until a possible WPS STA
    1031. 

  1031. 		 * initiates the handshake with EAPOL-Start. Only allow the
    1032. 

  1032. 		 * wait to be skipped if the STA is known to support WPS 2.0.
    1033. 

  1033. 		 */
    1034. 

  1034. 		wpa_printf(MSG_DEBUG, "WPS: Do not start EAPOL until "
    1035. 

  1035. 			   "EAPOL-Start is received");
    1036. 

  1036. 		sta->eapol_sm->flags |= EAPOL_SM_WAIT_START;
    1037. 

  1037. 	}
    1038. 

  1038. #endif /* CONFIG_WPS */
    1039. 

  1039. 

  1040. 	sta->eapol_sm->eap_if->portEnabled = TRUE;
    1041. 

  1041. 

  1042. #ifdef CONFIG_IEEE80211R
    1043. 

  1043. 	if (sta->auth_alg == WLAN_AUTH_FT) {
    1044. 

  1044. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1045. 

  1045. 			       HOSTAPD_LEVEL_DEBUG,
    1046. 

  1046. 			       "PMK from FT - skip IEEE 802.1X/EAP");
    1047. 

  1047. 		/* Setup EAPOL state machines to already authenticated state
    1048. 

  1048. 		 * because of existing FT information from R0KH. */
    1049. 

  1049. 		sta->eapol_sm->keyRun = TRUE;
    1050. 

  1050. 		sta->eapol_sm->eap_if->eapKeyAvailable = TRUE;
    1051. 

  1051. 		sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING;
    1052. 

  1052. 		sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS;
    1053. 

  1053. 		sta->eapol_sm->authSuccess = TRUE;
    1054. 

  1054. 		sta->eapol_sm->authFail = FALSE;
    1055. 

  1055. 		if (sta->eapol_sm->eap)
    1056. 

  1056. 			eap_sm_notify_cached(sta->eapol_sm->eap);
    1057. 

  1057. 		/* TODO: get vlan_id from R0KH using RRB message */
    1058. 

  1058. 		return;
    1059. 

  1059. 	}
    1060. 

  1060. #endif /* CONFIG_IEEE80211R */
    1061. 

  1061. 

  1062. 	pmksa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
    1063. 

  1063. 	if (pmksa) {
    1064. 

  1064. 		int old_vlanid;
    1065. 

  1065. 

  1066. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1067. 

  1067. 			       HOSTAPD_LEVEL_DEBUG,
    1068. 

  1068. 			       "PMK from PMKSA cache - skip IEEE 802.1X/EAP");
    1069. 

  1069. 		/* Setup EAPOL state machines to already authenticated state
    1070. 

  1070. 		 * because of existing PMKSA information in the cache. */
    1071. 

  1071. 		sta->eapol_sm->keyRun = TRUE;
    1072. 

  1072. 		sta->eapol_sm->eap_if->eapKeyAvailable = TRUE;
    1073. 

  1073. 		sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING;
    1074. 

  1074. 		sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS;
    1075. 

  1075. 		sta->eapol_sm->authSuccess = TRUE;
    1076. 

  1076. 		sta->eapol_sm->authFail = FALSE;
    1077. 

  1077. 		if (sta->eapol_sm->eap)
    1078. 

  1078. 			eap_sm_notify_cached(sta->eapol_sm->eap);
    1079. 

  1079. 		old_vlanid = sta->vlan_id;
    1080. 

  1080. 		pmksa_cache_to_eapol_data(pmksa, sta->eapol_sm);
    1081. 

  1081. 		if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED)
    1082. 

  1082. 			sta->vlan_id = 0;
    1083. 

  1083. 		ap_sta_bind_vlan(hapd, sta, old_vlanid);
    1084. 

  1084. 	} else {
    1085. 

  1085. 		if (reassoc) {
    1086. 

  1086. 			/*
    1087. 

  1087. 			 * Force EAPOL state machines to start
    1088. 

  1088. 			 * re-authentication without having to wait for the
    1089. 

  1089. 			 * Supplicant to send EAPOL-Start.
    1090. 

  1090. 			 */
    1091. 

  1091. 			sta->eapol_sm->reAuthenticate = TRUE;
    1092. 

  1092. 		}
    1093. 

  1093. 		eapol_auth_step(sta->eapol_sm);
    1094. 

  1094. 	}
    1095. 

  1095. }
    1096. 

  1096. 

  1097. 

  1098. void ieee802_1x_free_station(struct sta_info *sta)
    1099. 

  1099. {
    1100. 

  1100. 	struct eapol_state_machine *sm = sta->eapol_sm;
    1101. 

  1101. 

  1102. 	if (sm == NULL)
    1103. 

  1103. 		return;
    1104. 

  1104. 

  1105. 	sta->eapol_sm = NULL;
    1106. 

  1106. 

  1107. #ifndef CONFIG_NO_RADIUS
    1108. 

  1108. 	radius_msg_free(sm->last_recv_radius);
    1109. 

  1109. 	radius_free_class(&sm->radius_class);
    1110. 

  1110. 	wpabuf_free(sm->radius_cui);
    1111. 

  1111. #endif /* CONFIG_NO_RADIUS */
    1112. 

  1112. 

  1113. 	os_free(sm->identity);
    1114. 

  1114. 	eapol_auth_free(sm);
    1115. 

  1115. }
    1116. 

  1116. 

  1117. 

  1118. #ifndef CONFIG_NO_RADIUS
    1119. 

  1119. static void ieee802_1x_decapsulate_radius(struct hostapd_data *hapd,
    1120. 

  1120. 					  struct sta_info *sta)
    1121. 

  1121. {
    1122. 

  1122. 	struct wpabuf *eap;
    1123. 

  1123. 	const struct eap_hdr *hdr;
    1124. 

  1124. 	int eap_type = -1;
    1125. 

  1125. 	char buf[64];
    1126. 

  1126. 	struct radius_msg *msg;
    1127. 

  1127. 	struct eapol_state_machine *sm = sta->eapol_sm;
    1128. 

  1128. 

  1129. 	if (sm == NULL || sm->last_recv_radius == NULL) {
    1130. 

  1130. 		if (sm)
    1131. 

  1131. 			sm->eap_if->aaaEapNoReq = TRUE;
    1132. 

  1132. 		return;
    1133. 

  1133. 	}
    1134. 

  1134. 

  1135. 	msg = sm->last_recv_radius;
    1136. 

  1136. 

  1137. 	eap = radius_msg_get_eap(msg);
    1138. 

  1138. 	if (eap == NULL) {
    1139. 

  1139. 		/* RFC 3579, Chap. 2.6.3:
    1140. 

  1140. 		 * RADIUS server SHOULD NOT send Access-Reject/no EAP-Message
    1141. 

  1141. 		 * attribute */
    1142. 

  1142. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1143. 

  1143. 			       HOSTAPD_LEVEL_WARNING, "could not extract "
    1144. 

  1144. 			       "EAP-Message from RADIUS message");
    1145. 

  1145. 		sm->eap_if->aaaEapNoReq = TRUE;
    1146. 

  1146. 		return;
    1147. 

  1147. 	}
    1148. 

  1148. 

  1149. 	if (wpabuf_len(eap) < sizeof(*hdr)) {
    1150. 

  1150. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1151. 

  1151. 			       HOSTAPD_LEVEL_WARNING, "too short EAP packet "
    1152. 

  1152. 			       "received from authentication server");
    1153. 

  1153. 		wpabuf_free(eap);
    1154. 

  1154. 		sm->eap_if->aaaEapNoReq = TRUE;
    1155. 

  1155. 		return;
    1156. 

  1156. 	}
    1157. 

  1157. 

  1158. 	if (wpabuf_len(eap) > sizeof(*hdr))
    1159. 

  1159. 		eap_type = (wpabuf_head_u8(eap))[sizeof(*hdr)];
    1160. 

  1160. 

  1161. 	hdr = wpabuf_head(eap);
    1162. 

  1162. 	switch (hdr->code) {
    1163. 

  1163. 	case EAP_CODE_REQUEST:
    1164. 

  1164. 		if (eap_type >= 0)
    1165. 

  1165. 			sm->eap_type_authsrv = eap_type;
    1166. 

  1166. 		os_snprintf(buf, sizeof(buf), "EAP-Request-%s (%d)",
    1167. 

  1167. 			    eap_type >= 0 ? eap_server_get_name(0, eap_type) :
    1168. 

  1168. 			    "??",
    1169. 

  1169. 			    eap_type);
    1170. 

  1170. 		break;
    1171. 

  1171. 	case EAP_CODE_RESPONSE:
    1172. 

  1172. 		os_snprintf(buf, sizeof(buf), "EAP Response-%s (%d)",
    1173. 

  1173. 			    eap_type >= 0 ? eap_server_get_name(0, eap_type) :
    1174. 

  1174. 			    "??",
    1175. 

  1175. 			    eap_type);
    1176. 

  1176. 		break;
    1177. 

  1177. 	case EAP_CODE_SUCCESS:
    1178. 

  1178. 		os_strlcpy(buf, "EAP Success", sizeof(buf));
    1179. 

  1179. 		break;
    1180. 

  1180. 	case EAP_CODE_FAILURE:
    1181. 

  1181. 		os_strlcpy(buf, "EAP Failure", sizeof(buf));
    1182. 

  1182. 		break;
    1183. 

  1183. 	default:
    1184. 

  1184. 		os_strlcpy(buf, "unknown EAP code", sizeof(buf));
    1185. 

  1185. 		break;
    1186. 

  1186. 	}
    1187. 

  1187. 	buf[sizeof(buf) - 1] = '\0';
    1188. 

  1188. 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1189. 

  1189. 		       HOSTAPD_LEVEL_DEBUG, "decapsulated EAP packet (code=%d "
    1190. 

  1190. 		       "id=%d len=%d) from RADIUS server: %s",
    1191. 

  1191. 		       hdr->code, hdr->identifier, be_to_host16(hdr->length),
    1192. 

  1192. 		       buf);
    1193. 

  1193. 	sm->eap_if->aaaEapReq = TRUE;
    1194. 

  1194. 

  1195. 	wpabuf_free(sm->eap_if->aaaEapReqData);
    1196. 

  1196. 	sm->eap_if->aaaEapReqData = eap;
    1197. 

  1197. }
    1198. 

  1198. 

  1199. 

  1200. static void ieee802_1x_get_keys(struct hostapd_data *hapd,
    1201. 

  1201. 				struct sta_info *sta, struct radius_msg *msg,
    1202. 

  1202. 				struct radius_msg *req,
    1203. 

  1203. 				const u8 *shared_secret,
    1204. 

  1204. 				size_t shared_secret_len)
    1205. 

  1205. {
    1206. 

  1206. 	struct radius_ms_mppe_keys *keys;
    1207. 

  1207. 	struct eapol_state_machine *sm = sta->eapol_sm;
    1208. 

  1208. 	if (sm == NULL)
    1209. 

  1209. 		return;
    1210. 

  1210. 

  1211. 	keys = radius_msg_get_ms_keys(msg, req, shared_secret,
    1212. 

  1212. 				      shared_secret_len);
    1213. 

  1213. 

  1214. 	if (keys && keys->send && keys->recv) {
    1215. 

  1215. 		size_t len = keys->send_len + keys->recv_len;
    1216. 

  1216. 		wpa_hexdump_key(MSG_DEBUG, "MS-MPPE-Send-Key",
    1217. 

  1217. 				keys->send, keys->send_len);
    1218. 

  1218. 		wpa_hexdump_key(MSG_DEBUG, "MS-MPPE-Recv-Key",
    1219. 

  1219. 				keys->recv, keys->recv_len);
    1220. 

  1220. 

  1221. 		os_free(sm->eap_if->aaaEapKeyData);
    1222. 

  1222. 		sm->eap_if->aaaEapKeyData = os_malloc(len);
    1223. 

  1223. 		if (sm->eap_if->aaaEapKeyData) {
    1224. 

  1224. 			os_memcpy(sm->eap_if->aaaEapKeyData, keys->recv,
    1225. 

  1225. 				  keys->recv_len);
    1226. 

  1226. 			os_memcpy(sm->eap_if->aaaEapKeyData + keys->recv_len,
    1227. 

  1227. 				  keys->send, keys->send_len);
    1228. 

  1228. 			sm->eap_if->aaaEapKeyDataLen = len;
    1229. 

  1229. 			sm->eap_if->aaaEapKeyAvailable = TRUE;
    1230. 

  1230. 		}
    1231. 

  1231. 	}
    1232. 

  1232. 

  1233. 	if (keys) {
    1234. 

  1234. 		os_free(keys->send);
    1235. 

  1235. 		os_free(keys->recv);
    1236. 

  1236. 		os_free(keys);
    1237. 

  1237. 	}
    1238. 

  1238. }
    1239. 

  1239. 

  1240. 

  1241. static void ieee802_1x_store_radius_class(struct hostapd_data *hapd,
    1242. 

  1242. 					  struct sta_info *sta,
    1243. 

  1243. 					  struct radius_msg *msg)
    1244. 

  1244. {
    1245. 

  1245. 	u8 *class;
    1246. 

  1246. 	size_t class_len;
    1247. 

  1247. 	struct eapol_state_machine *sm = sta->eapol_sm;
    1248. 

  1248. 	int count, i;
    1249. 

  1249. 	struct radius_attr_data *nclass;
    1250. 

  1250. 	size_t nclass_count;
    1251. 

  1251. 

  1252. 	if (!hapd->conf->radius->acct_server || hapd->radius == NULL ||
    1253. 

  1253. 	    sm == NULL)
    1254. 

  1254. 		return;
    1255. 

  1255. 

  1256. 	radius_free_class(&sm->radius_class);
    1257. 

  1257. 	count = radius_msg_count_attr(msg, RADIUS_ATTR_CLASS, 1);
    1258. 

  1258. 	if (count <= 0)
    1259. 

  1259. 		return;
    1260. 

  1260. 

  1261. 	nclass = os_calloc(count, sizeof(struct radius_attr_data));
    1262. 

  1262. 	if (nclass == NULL)
    1263. 

  1263. 		return;
    1264. 

  1264. 

  1265. 	nclass_count = 0;
    1266. 

  1266. 

  1267. 	class = NULL;
    1268. 

  1268. 	for (i = 0; i < count; i++) {
    1269. 

  1269. 		do {
    1270. 

  1270. 			if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CLASS,
    1271. 

  1271. 						    &class, &class_len,
    1272. 

  1272. 						    class) < 0) {
    1273. 

  1273. 				i = count;
    1274. 

  1274. 				break;
    1275. 

  1275. 			}
    1276. 

  1276. 		} while (class_len < 1);
    1277. 

  1277. 

  1278. 		nclass[nclass_count].data = os_malloc(class_len);
    1279. 

  1279. 		if (nclass[nclass_count].data == NULL)
    1280. 

  1280. 			break;
    1281. 

  1281. 

  1282. 		os_memcpy(nclass[nclass_count].data, class, class_len);
    1283. 

  1283. 		nclass[nclass_count].len = class_len;
    1284. 

  1284. 		nclass_count++;
    1285. 

  1285. 	}
    1286. 

  1286. 

  1287. 	sm->radius_class.attr = nclass;
    1288. 

  1288. 	sm->radius_class.count = nclass_count;
    1289. 

  1289. 	wpa_printf(MSG_DEBUG, "IEEE 802.1X: Stored %lu RADIUS Class "
    1290. 

  1290. 		   "attributes for " MACSTR,
    1291. 

  1291. 		   (unsigned long) sm->radius_class.count,
    1292. 

  1292. 		   MAC2STR(sta->addr));
    1293. 

  1293. }
    1294. 

  1294. 

  1295. 

  1296. /* Update sta->identity based on User-Name attribute in Access-Accept */
    1297. 

  1297. static void ieee802_1x_update_sta_identity(struct hostapd_data *hapd,
    1298. 

  1298. 					   struct sta_info *sta,
    1299. 

  1299. 					   struct radius_msg *msg)
    1300. 

  1300. {
    1301. 

  1301. 	u8 *buf, *identity;
    1302. 

  1302. 	size_t len;
    1303. 

  1303. 	struct eapol_state_machine *sm = sta->eapol_sm;
    1304. 

  1304. 

  1305. 	if (sm == NULL)
    1306. 

  1306. 		return;
    1307. 

  1307. 

  1308. 	if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_USER_NAME, &buf, &len,
    1309. 

  1309. 				    NULL) < 0)
    1310. 

  1310. 		return;
    1311. 

  1311. 

  1312. 	identity = (u8 *) dup_binstr(buf, len);
    1313. 

  1313. 	if (identity == NULL)
    1314. 

  1314. 		return;
    1315. 

  1315. 

  1316. 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1317. 

  1317. 		       HOSTAPD_LEVEL_DEBUG, "old identity '%s' updated with "
    1318. 

  1318. 		       "User-Name from Access-Accept '%s'",
    1319. 

  1319. 		       sm->identity ? (char *) sm->identity : "N/A",
    1320. 

  1320. 		       (char *) identity);
    1321. 

  1321. 

  1322. 	os_free(sm->identity);
    1323. 

  1323. 	sm->identity = identity;
    1324. 

  1324. 	sm->identity_len = len;
    1325. 

  1325. }
    1326. 

  1326. 

  1327. 

  1328. /* Update CUI based on Chargeable-User-Identity attribute in Access-Accept */
    1329. 

  1329. static void ieee802_1x_update_sta_cui(struct hostapd_data *hapd,
    1330. 

  1330. 				      struct sta_info *sta,
    1331. 

  1331. 				      struct radius_msg *msg)
    1332. 

  1332. {
    1333. 

  1333. 	struct eapol_state_machine *sm = sta->eapol_sm;
    1334. 

  1334. 	struct wpabuf *cui;
    1335. 

  1335. 	u8 *buf;
    1336. 

  1336. 	size_t len;
    1337. 

  1337. 

  1338. 	if (sm == NULL)
    1339. 

  1339. 		return;
    1340. 

  1340. 

  1341. 	if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
    1342. 

  1342. 				    &buf, &len, NULL) < 0)
    1343. 

  1343. 		return;
    1344. 

  1344. 

  1345. 	cui = wpabuf_alloc_copy(buf, len);
    1346. 

  1346. 	if (cui == NULL)
    1347. 

  1347. 		return;
    1348. 

  1348. 

  1349. 	wpabuf_free(sm->radius_cui);
    1350. 

  1350. 	sm->radius_cui = cui;
    1351. 

  1351. }
    1352. 

  1352. 

  1353. 

  1354. #ifdef CONFIG_HS20
    1355. 

  1355. 

  1356. static void ieee802_1x_hs20_sub_rem(struct sta_info *sta, u8 *pos, size_t len)
    1357. 

  1357. {
    1358. 

  1358. 	sta->remediation = 1;
    1359. 

  1359. 	os_free(sta->remediation_url);
    1360. 

  1360. 	if (len > 2) {
    1361. 

  1361. 		sta->remediation_url = os_malloc(len);
    1362. 

  1362. 		if (!sta->remediation_url)
    1363. 

  1363. 			return;
    1364. 

  1364. 		sta->remediation_method = pos[0];
    1365. 

  1365. 		os_memcpy(sta->remediation_url, pos + 1, len - 1);
    1366. 

  1366. 		sta->remediation_url[len - 1] = '\0';
    1367. 

  1367. 		wpa_printf(MSG_DEBUG, "HS 2.0: Subscription remediation needed "
    1368. 

  1368. 			   "for " MACSTR " - server method %u URL %s",
    1369. 

  1369. 			   MAC2STR(sta->addr), sta->remediation_method,
    1370. 

  1370. 			   sta->remediation_url);
    1371. 

  1371. 	} else {
    1372. 

  1372. 		sta->remediation_url = NULL;
    1373. 

  1373. 		wpa_printf(MSG_DEBUG, "HS 2.0: Subscription remediation needed "
    1374. 

  1374. 			   "for " MACSTR, MAC2STR(sta->addr));
    1375. 

  1375. 	}
    1376. 

  1376. 	/* TODO: assign the STA into remediation VLAN or add filtering */
    1377. 

  1377. }
    1378. 

  1378. 

  1379. 

  1380. static void ieee802_1x_hs20_deauth_req(struct hostapd_data *hapd,
    1381. 

  1381. 				       struct sta_info *sta, u8 *pos,
    1382. 

  1382. 				       size_t len)
    1383. 

  1383. {
    1384. 

  1384. 	if (len < 3)
    1385. 

  1385. 		return; /* Malformed information */
    1386. 

  1386. 	sta->hs20_deauth_requested = 1;
    1387. 

  1387. 	wpa_printf(MSG_DEBUG, "HS 2.0: Deauthentication request - Code %u  "
    1388. 

  1388. 		   "Re-auth Delay %u",
    1389. 

  1389. 		   *pos, WPA_GET_LE16(pos + 1));
    1390. 

  1390. 	wpabuf_free(sta->hs20_deauth_req);
    1391. 

  1391. 	sta->hs20_deauth_req = wpabuf_alloc(len + 1);
    1392. 

  1392. 	if (sta->hs20_deauth_req) {
    1393. 

  1393. 		wpabuf_put_data(sta->hs20_deauth_req, pos, 3);
    1394. 

  1394. 		wpabuf_put_u8(sta->hs20_deauth_req, len - 3);
    1395. 

  1395. 		wpabuf_put_data(sta->hs20_deauth_req, pos + 3, len - 3);
    1396. 

  1396. 	}
    1397. 

  1397. 	ap_sta_session_timeout(hapd, sta, hapd->conf->hs20_deauth_req_timeout);
    1398. 

  1398. }
    1399. 

  1399. 

  1400. 

  1401. static void ieee802_1x_hs20_session_info(struct hostapd_data *hapd,
    1402. 

  1402. 					 struct sta_info *sta, u8 *pos,
    1403. 

  1403. 					 size_t len, int session_timeout)
    1404. 

  1404. {
    1405. 

  1405. 	unsigned int swt;
    1406. 

  1406. 	int warning_time, beacon_int;
    1407. 

  1407. 

  1408. 	if (len < 1)
    1409. 

  1409. 		return; /* Malformed information */
    1410. 

  1410. 	os_free(sta->hs20_session_info_url);
    1411. 

  1411. 	sta->hs20_session_info_url = os_malloc(len);
    1412. 

  1412. 	if (sta->hs20_session_info_url == NULL)
    1413. 

  1413. 		return;
    1414. 

  1414. 	swt = pos[0];
    1415. 

  1415. 	os_memcpy(sta->hs20_session_info_url, pos + 1, len - 1);
    1416. 

  1416. 	sta->hs20_session_info_url[len - 1] = '\0';
    1417. 

  1417. 	wpa_printf(MSG_DEBUG, "HS 2.0: Session Information URL='%s' SWT=%u "
    1418. 

  1418. 		   "(session_timeout=%d)",
    1419. 

  1419. 		   sta->hs20_session_info_url, swt, session_timeout);
    1420. 

  1420. 	if (session_timeout < 0) {
    1421. 

  1421. 		wpa_printf(MSG_DEBUG, "HS 2.0: No Session-Timeout set - ignore session info URL");
    1422. 

  1422. 		return;
    1423. 

  1423. 	}
    1424. 

  1424. 	if (swt == 255)
    1425. 

  1425. 		swt = 1; /* Use one minute as the AP selected value */
    1426. 

  1426. 

  1427. 	if ((unsigned int) session_timeout < swt * 60)
    1428. 

  1428. 		warning_time = 0;
    1429. 

  1429. 	else
    1430. 

  1430. 		warning_time = session_timeout - swt * 60;
    1431. 

  1431. 

  1432. 	beacon_int = hapd->iconf->beacon_int;
    1433. 

  1433. 	if (beacon_int < 1)
    1434. 

  1434. 		beacon_int = 100; /* best guess */
    1435. 

  1435. 	sta->hs20_disassoc_timer = swt * 60 * 1000 / beacon_int * 125 / 128;
    1436. 

  1436. 	if (sta->hs20_disassoc_timer > 65535)
    1437. 

  1437. 		sta->hs20_disassoc_timer = 65535;
    1438. 

  1438. 

  1439. 	ap_sta_session_warning_timeout(hapd, sta, warning_time);
    1440. 

  1440. }
    1441. 

  1441. 

  1442. #endif /* CONFIG_HS20 */
    1443. 

  1443. 

  1444. 

  1445. static void ieee802_1x_check_hs20(struct hostapd_data *hapd,
    1446. 

  1446. 				  struct sta_info *sta,
    1447. 

  1447. 				  struct radius_msg *msg,
    1448. 

  1448. 				  int session_timeout)
    1449. 

  1449. {
    1450. 

  1450. #ifdef CONFIG_HS20
    1451. 

  1451. 	u8 *buf, *pos, *end, type, sublen;
    1452. 

  1452. 	size_t len;
    1453. 

  1453. 

  1454. 	buf = NULL;
    1455. 

  1455. 	sta->remediation = 0;
    1456. 

  1456. 	sta->hs20_deauth_requested = 0;
    1457. 

  1457. 

  1458. 	for (;;) {
    1459. 

  1459. 		if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_VENDOR_SPECIFIC,
    1460. 

  1460. 					    &buf, &len, buf) < 0)
    1461. 

  1461. 			break;
    1462. 

  1462. 		if (len < 6)
    1463. 

  1463. 			continue;
    1464. 

  1464. 		pos = buf;
    1465. 

  1465. 		end = buf + len;
    1466. 

  1466. 		if (WPA_GET_BE32(pos) != RADIUS_VENDOR_ID_WFA)
    1467. 

  1467. 			continue;
    1468. 

  1468. 		pos += 4;
    1469. 

  1469. 

  1470. 		type = *pos++;
    1471. 

  1471. 		sublen = *pos++;
    1472. 

  1472. 		if (sublen < 2)
    1473. 

  1473. 			continue; /* invalid length */
    1474. 

  1474. 		sublen -= 2; /* skip header */
    1475. 

  1475. 		if (pos + sublen > end)
    1476. 

  1476. 			continue; /* invalid WFA VSA */
    1477. 

  1477. 

  1478. 		switch (type) {
    1479. 

  1479. 		case RADIUS_VENDOR_ATTR_WFA_HS20_SUBSCR_REMEDIATION:
    1480. 

  1480. 			ieee802_1x_hs20_sub_rem(sta, pos, sublen);
    1481. 

  1481. 			break;
    1482. 

  1482. 		case RADIUS_VENDOR_ATTR_WFA_HS20_DEAUTH_REQ:
    1483. 

  1483. 			ieee802_1x_hs20_deauth_req(hapd, sta, pos, sublen);
    1484. 

  1484. 			break;
    1485. 

  1485. 		case RADIUS_VENDOR_ATTR_WFA_HS20_SESSION_INFO_URL:
    1486. 

  1486. 			ieee802_1x_hs20_session_info(hapd, sta, pos, sublen,
    1487. 

  1487. 						     session_timeout);
    1488. 

  1488. 			break;
    1489. 

  1489. 		}
    1490. 

  1490. 	}
    1491. 

  1491. #endif /* CONFIG_HS20 */
    1492. 

  1492. }
    1493. 

  1493. 

  1494. 

  1495. struct sta_id_search {
    1496. 

  1496. 	u8 identifier;
    1497. 

  1497. 	struct eapol_state_machine *sm;
    1498. 

  1498. };
    1499. 

  1499. 

  1500. 

  1501. static int ieee802_1x_select_radius_identifier(struct hostapd_data *hapd,
    1502. 

  1502. 					       struct sta_info *sta,
    1503. 

  1503. 					       void *ctx)
    1504. 

  1504. {
    1505. 

  1505. 	struct sta_id_search *id_search = ctx;
    1506. 

  1506. 	struct eapol_state_machine *sm = sta->eapol_sm;
    1507. 

  1507. 

  1508. 	if (sm && sm->radius_identifier >= 0 &&
    1509. 

  1509. 	    sm->radius_identifier == id_search->identifier) {
    1510. 

  1510. 		id_search->sm = sm;
    1511. 

  1511. 		return 1;
    1512. 

  1512. 	}
    1513. 

  1513. 	return 0;
    1514. 

  1514. }
    1515. 

  1515. 

  1516. 

  1517. static struct eapol_state_machine *
    1518. 

  1518. ieee802_1x_search_radius_identifier(struct hostapd_data *hapd, u8 identifier)
    1519. 

  1519. {
    1520. 

  1520. 	struct sta_id_search id_search;
    1521. 

  1521. 	id_search.identifier = identifier;
    1522. 

  1522. 	id_search.sm = NULL;
    1523. 

  1523. 	ap_for_each_sta(hapd, ieee802_1x_select_radius_identifier, &id_search);
    1524. 

  1524. 	return id_search.sm;
    1525. 

  1525. }
    1526. 

  1526. 

  1527. 

  1528. /**
    1529. 

  1529.  * ieee802_1x_receive_auth - Process RADIUS frames from Authentication Server
    1530. 

  1530.  * @msg: RADIUS response message
    1531. 

  1531.  * @req: RADIUS request message
    1532. 

  1532.  * @shared_secret: RADIUS shared secret
    1533. 

  1533.  * @shared_secret_len: Length of shared_secret in octets
    1534. 

  1534.  * @data: Context data (struct hostapd_data *)
    1535. 

  1535.  * Returns: Processing status
    1536. 

  1536.  */
    1537. 

  1537. static RadiusRxResult
    1538. 

  1538. ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
    1539. 

  1539. 			const u8 *shared_secret, size_t shared_secret_len,
    1540. 

  1540. 			void *data)
    1541. 

  1541. {
    1542. 

  1542. 	struct hostapd_data *hapd = data;
    1543. 

  1543. 	struct sta_info *sta;
    1544. 

  1544. 	u32 session_timeout = 0, termination_action, acct_interim_interval;
    1545. 

  1545. 	int session_timeout_set, old_vlanid = 0;
    1546. 

  1546. 	struct eapol_state_machine *sm;
    1547. 

  1547. 	int override_eapReq = 0;
    1548. 

  1548. 	struct radius_hdr *hdr = radius_msg_get_hdr(msg);
    1549. 

  1549. 

  1550. 	sm = ieee802_1x_search_radius_identifier(hapd, hdr->identifier);
    1551. 

  1551. 	if (sm == NULL) {
    1552. 

  1552. 		wpa_printf(MSG_DEBUG, "IEEE 802.1X: Could not find matching "
    1553. 

  1553. 			   "station for this RADIUS message");
    1554. 

  1554. 		return RADIUS_RX_UNKNOWN;
    1555. 

  1555. 	}
    1556. 

  1556. 	sta = sm->sta;
    1557. 

  1557. 

  1558. 	/* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be
    1559. 

  1559. 	 * present when packet contains an EAP-Message attribute */
    1560. 

  1560. 	if (hdr->code == RADIUS_CODE_ACCESS_REJECT &&
    1561. 

  1561. 	    radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,
    1562. 

  1562. 				0) < 0 &&
    1563. 

  1563. 	    radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {
    1564. 

  1564. 		wpa_printf(MSG_DEBUG, "Allowing RADIUS Access-Reject without "
    1565. 

  1565. 			   "Message-Authenticator since it does not include "
    1566. 

  1566. 			   "EAP-Message");
    1567. 

  1567. 	} else if (radius_msg_verify(msg, shared_secret, shared_secret_len,
    1568. 

  1568. 				     req, 1)) {
    1569. 

  1569. 		wpa_printf(MSG_INFO, "Incoming RADIUS packet did not have correct Message-Authenticator - dropped");
    1570. 

  1570. 		return RADIUS_RX_INVALID_AUTHENTICATOR;
    1571. 

  1571. 	}
    1572. 

  1572. 

  1573. 	if (hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
    1574. 

  1574. 	    hdr->code != RADIUS_CODE_ACCESS_REJECT &&
    1575. 

  1575. 	    hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {
    1576. 

  1576. 		wpa_printf(MSG_INFO, "Unknown RADIUS message code");
    1577. 

  1577. 		return RADIUS_RX_UNKNOWN;
    1578. 

  1578. 	}
    1579. 

  1579. 

  1580. 	sm->radius_identifier = -1;
    1581. 

  1581. 	wpa_printf(MSG_DEBUG, "RADIUS packet matching with station " MACSTR,
    1582. 

  1582. 		   MAC2STR(sta->addr));
    1583. 

  1583. 

  1584. 	radius_msg_free(sm->last_recv_radius);
    1585. 

  1585. 	sm->last_recv_radius = msg;
    1586. 

  1586. 

  1587. 	session_timeout_set =
    1588. 

  1588. 		!radius_msg_get_attr_int32(msg, RADIUS_ATTR_SESSION_TIMEOUT,
    1589. 

  1589. 					   &session_timeout);
    1590. 

  1590. 	if (radius_msg_get_attr_int32(msg, RADIUS_ATTR_TERMINATION_ACTION,
    1591. 

  1591. 				      &termination_action))
    1592. 

  1592. 		termination_action = RADIUS_TERMINATION_ACTION_DEFAULT;
    1593. 

  1593. 

  1594. 	if (hapd->conf->acct_interim_interval == 0 &&
    1595. 

  1595. 	    hdr->code == RADIUS_CODE_ACCESS_ACCEPT &&
    1596. 

  1596. 	    radius_msg_get_attr_int32(msg, RADIUS_ATTR_ACCT_INTERIM_INTERVAL,
    1597. 

  1597. 				      &acct_interim_interval) == 0) {
    1598. 

  1598. 		if (acct_interim_interval < 60) {
    1599. 

  1599. 			hostapd_logger(hapd, sta->addr,
    1600. 

  1600. 				       HOSTAPD_MODULE_IEEE8021X,
    1601. 

  1601. 				       HOSTAPD_LEVEL_INFO,
    1602. 

  1602. 				       "ignored too small "
    1603. 

  1603. 				       "Acct-Interim-Interval %d",
    1604. 

  1604. 				       acct_interim_interval);
    1605. 

  1605. 		} else
    1606. 

  1606. 			sta->acct_interim_interval = acct_interim_interval;
    1607. 

  1607. 	}
    1608. 

  1608. 

  1609. 

  1610. 	switch (hdr->code) {
    1611. 

  1611. 	case RADIUS_CODE_ACCESS_ACCEPT:
    1612. 

  1612. 		if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED)
    1613. 

  1613. 			sta->vlan_id = 0;
    1614. 

  1614. #ifndef CONFIG_NO_VLAN
    1615. 

  1615. 		else {
    1616. 

  1616. 			old_vlanid = sta->vlan_id;
    1617. 

  1617. 			sta->vlan_id = radius_msg_get_vlanid(msg);
    1618. 

  1618. 		}
    1619. 

  1619. 		if (sta->vlan_id > 0 &&
    1620. 

  1620. 		    hostapd_vlan_id_valid(hapd->conf->vlan, sta->vlan_id)) {
    1621. 

  1621. 			hostapd_logger(hapd, sta->addr,
    1622. 

  1622. 				       HOSTAPD_MODULE_RADIUS,
    1623. 

  1623. 				       HOSTAPD_LEVEL_INFO,
    1624. 

  1624. 				       "VLAN ID %d", sta->vlan_id);
    1625. 

  1625. 		} else if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_REQUIRED) {
    1626. 

  1626. 			sta->eapol_sm->authFail = TRUE;
    1627. 

  1627. 			hostapd_logger(hapd, sta->addr,
    1628. 

  1628. 				       HOSTAPD_MODULE_IEEE8021X,
    1629. 

  1629. 				       HOSTAPD_LEVEL_INFO, "authentication "
    1630. 

  1630. 				       "server did not include required VLAN "
    1631. 

  1631. 				       "ID in Access-Accept");
    1632. 

  1632. 			break;
    1633. 

  1633. 		}
    1634. 

  1634. #endif /* CONFIG_NO_VLAN */
    1635. 

  1635. 

  1636. 		if (ap_sta_bind_vlan(hapd, sta, old_vlanid) < 0)
    1637. 

  1637. 			break;
    1638. 

  1638. 

  1639. 		sta->session_timeout_set = !!session_timeout_set;
    1640. 

  1640. 		sta->session_timeout = session_timeout;
    1641. 

  1641. 

  1642. 		/* RFC 3580, Ch. 3.17 */
    1643. 

  1643. 		if (session_timeout_set && termination_action ==
    1644. 

  1644. 		    RADIUS_TERMINATION_ACTION_RADIUS_REQUEST) {
    1645. 

  1645. 			sm->reAuthPeriod = session_timeout;
    1646. 

  1646. 		} else if (session_timeout_set)
    1647. 

  1647. 			ap_sta_session_timeout(hapd, sta, session_timeout);
    1648. 

  1648. 

  1649. 		sm->eap_if->aaaSuccess = TRUE;
    1650. 

  1650. 		override_eapReq = 1;
    1651. 

  1651. 		ieee802_1x_get_keys(hapd, sta, msg, req, shared_secret,
    1652. 

  1652. 				    shared_secret_len);
    1653. 

  1653. 		ieee802_1x_store_radius_class(hapd, sta, msg);
    1654. 

  1654. 		ieee802_1x_update_sta_identity(hapd, sta, msg);
    1655. 

  1655. 		ieee802_1x_update_sta_cui(hapd, sta, msg);
    1656. 

  1656. 		ieee802_1x_check_hs20(hapd, sta, msg,
    1657. 

  1657. 				      session_timeout_set ?
    1658. 

  1658. 				      (int) session_timeout : -1);
    1659. 

  1659. 		if (sm->eap_if->eapKeyAvailable && !sta->remediation &&
    1660. 

  1660. 		    !sta->hs20_deauth_requested &&
    1661. 

  1661. 		    wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt,
    1662. 

  1662. 				       session_timeout_set ?
    1663. 

  1663. 				       (int) session_timeout : -1, sm) == 0) {
    1664. 

  1664. 			hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
    1665. 

  1665. 				       HOSTAPD_LEVEL_DEBUG,
    1666. 

  1666. 				       "Added PMKSA cache entry");
    1667. 

  1667. 		}
    1668. 

  1668. 		break;
    1669. 

  1669. 	case RADIUS_CODE_ACCESS_REJECT:
    1670. 

  1670. 		sm->eap_if->aaaFail = TRUE;
    1671. 

  1671. 		override_eapReq = 1;
    1672. 

  1672. 		break;
    1673. 

  1673. 	case RADIUS_CODE_ACCESS_CHALLENGE:
    1674. 

  1674. 		sm->eap_if->aaaEapReq = TRUE;
    1675. 

  1675. 		if (session_timeout_set) {
    1676. 

  1676. 			/* RFC 2869, Ch. 2.3.2; RFC 3580, Ch. 3.17 */
    1677. 

  1677. 			sm->eap_if->aaaMethodTimeout = session_timeout;
    1678. 

  1678. 			hostapd_logger(hapd, sm->addr,
    1679. 

  1679. 				       HOSTAPD_MODULE_IEEE8021X,
    1680. 

  1680. 				       HOSTAPD_LEVEL_DEBUG,
    1681. 

  1681. 				       "using EAP timeout of %d seconds (from "
    1682. 

  1682. 				       "RADIUS)",
    1683. 

  1683. 				       sm->eap_if->aaaMethodTimeout);
    1684. 

  1684. 		} else {
    1685. 

  1685. 			/*
    1686. 

  1686. 			 * Use dynamic retransmission behavior per EAP
    1687. 

  1687. 			 * specification.
    1688. 

  1688. 			 */
    1689. 

  1689. 			sm->eap_if->aaaMethodTimeout = 0;
    1690. 

  1690. 		}
    1691. 

  1691. 		break;
    1692. 

  1692. 	}
    1693. 

  1693. 

  1694. 	ieee802_1x_decapsulate_radius(hapd, sta);
    1695. 

  1695. 	if (override_eapReq)
    1696. 

  1696. 		sm->eap_if->aaaEapReq = FALSE;
    1697. 

  1697. 

  1698. 	eapol_auth_step(sm);
    1699. 

  1699. 

  1700. 	return RADIUS_RX_QUEUED;
    1701. 

  1701. }
    1702. 

  1702. #endif /* CONFIG_NO_RADIUS */
    1703. 

  1703. 

  1704. 

  1705. void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta)
    1706. 

  1706. {
    1707. 

  1707. 	struct eapol_state_machine *sm = sta->eapol_sm;
    1708. 

  1708. 	if (sm == NULL)
    1709. 

  1709. 		return;
    1710. 

  1710. 

  1711. 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1712. 

  1712. 		       HOSTAPD_LEVEL_DEBUG, "aborting authentication");
    1713. 

  1713. 

  1714. #ifndef CONFIG_NO_RADIUS
    1715. 

  1715. 	radius_msg_free(sm->last_recv_radius);
    1716. 

  1716. 	sm->last_recv_radius = NULL;
    1717. 

  1717. #endif /* CONFIG_NO_RADIUS */
    1718. 

  1718. 

  1719. 	if (sm->eap_if->eapTimeout) {
    1720. 

  1720. 		/*
    1721. 

  1721. 		 * Disconnect the STA since it did not reply to the last EAP
    1722. 

  1722. 		 * request and we cannot continue EAP processing (EAP-Failure
    1723. 

  1723. 		 * could only be sent if the EAP peer actually replied).
    1724. 

  1724. 		 */
    1725. 

  1725. 		wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "EAP Timeout, STA " MACSTR,
    1726. 

  1726. 			MAC2STR(sta->addr));
    1727. 

  1727. 

  1728. 		sm->eap_if->portEnabled = FALSE;
    1729. 

  1729. 		ap_sta_disconnect(hapd, sta, sta->addr,
    1730. 

  1730. 				  WLAN_REASON_PREV_AUTH_NOT_VALID);
    1731. 

  1731. 	}
    1732. 

  1732. }
    1733. 

  1733. 

  1734. 

  1735. static int ieee802_1x_rekey_broadcast(struct hostapd_data *hapd)
    1736. 

  1736. {
    1737. 

  1737. 	struct eapol_authenticator *eapol = hapd->eapol_auth;
    1738. 

  1738. 

  1739. 	if (hapd->conf->default_wep_key_len < 1)
    1740. 

  1740. 		return 0;
    1741. 

  1741. 

  1742. 	os_free(eapol->default_wep_key);
    1743. 

  1743. 	eapol->default_wep_key = os_malloc(hapd->conf->default_wep_key_len);
    1744. 

  1744. 	if (eapol->default_wep_key == NULL ||
    1745. 

  1745. 	    random_get_bytes(eapol->default_wep_key,
    1746. 

  1746. 			     hapd->conf->default_wep_key_len)) {
    1747. 

  1747. 		wpa_printf(MSG_INFO, "Could not generate random WEP key");
    1748. 

  1748. 		os_free(eapol->default_wep_key);
    1749. 

  1749. 		eapol->default_wep_key = NULL;
    1750. 

  1750. 		return -1;
    1751. 

  1751. 	}
    1752. 

  1752. 

  1753. 	wpa_hexdump_key(MSG_DEBUG, "IEEE 802.1X: New default WEP key",
    1754. 

  1754. 			eapol->default_wep_key,
    1755. 

  1755. 			hapd->conf->default_wep_key_len);
    1756. 

  1756. 

  1757. 	return 0;
    1758. 

  1758. }
    1759. 

  1759. 

  1760. 

  1761. static int ieee802_1x_sta_key_available(struct hostapd_data *hapd,
    1762. 

  1762. 					struct sta_info *sta, void *ctx)
    1763. 

  1763. {
    1764. 

  1764. 	if (sta->eapol_sm) {
    1765. 

  1765. 		sta->eapol_sm->eap_if->eapKeyAvailable = TRUE;
    1766. 

  1766. 		eapol_auth_step(sta->eapol_sm);
    1767. 

  1767. 	}
    1768. 

  1768. 	return 0;
    1769. 

  1769. }
    1770. 

  1770. 

  1771. 

  1772. static void ieee802_1x_rekey(void *eloop_ctx, void *timeout_ctx)
    1773. 

  1773. {
    1774. 

  1774. 	struct hostapd_data *hapd = eloop_ctx;
    1775. 

  1775. 	struct eapol_authenticator *eapol = hapd->eapol_auth;
    1776. 

  1776. 

  1777. 	if (eapol->default_wep_key_idx >= 3)
    1778. 

  1778. 		eapol->default_wep_key_idx =
    1779. 

  1779. 			hapd->conf->individual_wep_key_len > 0 ? 1 : 0;
    1780. 

  1780. 	else
    1781. 

  1781. 		eapol->default_wep_key_idx++;
    1782. 

  1782. 

  1783. 	wpa_printf(MSG_DEBUG, "IEEE 802.1X: New default WEP key index %d",
    1784. 

  1784. 		   eapol->default_wep_key_idx);
    1785. 

  1785. 		      
    1786. 

  1786. 	if (ieee802_1x_rekey_broadcast(hapd)) {
    1787. 

  1787. 		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE8021X,
    1788. 

  1788. 			       HOSTAPD_LEVEL_WARNING, "failed to generate a "
    1789. 

  1789. 			       "new broadcast key");
    1790. 

  1790. 		os_free(eapol->default_wep_key);
    1791. 

  1791. 		eapol->default_wep_key = NULL;
    1792. 

  1792. 		return;
    1793. 

  1793. 	}
    1794. 

  1794. 

  1795. 	/* TODO: Could setup key for RX here, but change default TX keyid only
    1796. 

  1796. 	 * after new broadcast key has been sent to all stations. */
    1797. 

  1797. 	if (hostapd_drv_set_key(hapd->conf->iface, hapd, WPA_ALG_WEP,
    1798. 

  1798. 				broadcast_ether_addr,
    1799. 

  1799. 				eapol->default_wep_key_idx, 1, NULL, 0,
    1800. 

  1800. 				eapol->default_wep_key,
    1801. 

  1801. 				hapd->conf->default_wep_key_len)) {
    1802. 

  1802. 		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE8021X,
    1803. 

  1803. 			       HOSTAPD_LEVEL_WARNING, "failed to configure a "
    1804. 

  1804. 			       "new broadcast key");
    1805. 

  1805. 		os_free(eapol->default_wep_key);
    1806. 

  1806. 		eapol->default_wep_key = NULL;
    1807. 

  1807. 		return;
    1808. 

  1808. 	}
    1809. 

  1809. 

  1810. 	ap_for_each_sta(hapd, ieee802_1x_sta_key_available, NULL);
    1811. 

  1811. 

  1812. 	if (hapd->conf->wep_rekeying_period > 0) {
    1813. 

  1813. 		eloop_register_timeout(hapd->conf->wep_rekeying_period, 0,
    1814. 

  1814. 				       ieee802_1x_rekey, hapd, NULL);
    1815. 

  1815. 	}
    1816. 

  1816. }
    1817. 

  1817. 

  1818. 

  1819. static void ieee802_1x_eapol_send(void *ctx, void *sta_ctx, u8 type,
    1820. 

  1820. 				  const u8 *data, size_t datalen)
    1821. 

  1821. {
    1822. 

  1822. #ifdef CONFIG_WPS
    1823. 

  1823. 	struct sta_info *sta = sta_ctx;
    1824. 

  1824. 

  1825. 	if ((sta->flags & (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS)) ==
    1826. 

  1826. 	    WLAN_STA_MAYBE_WPS) {
    1827. 

  1827. 		const u8 *identity;
    1828. 

  1828. 		size_t identity_len;
    1829. 

  1829. 		struct eapol_state_machine *sm = sta->eapol_sm;
    1830. 

  1830. 

  1831. 		identity = eap_get_identity(sm->eap, &identity_len);
    1832. 

  1832. 		if (identity &&
    1833. 

  1833. 		    ((identity_len == WSC_ID_ENROLLEE_LEN &&
    1834. 

  1834. 		      os_memcmp(identity, WSC_ID_ENROLLEE,
    1835. 

  1835. 				WSC_ID_ENROLLEE_LEN) == 0) ||
    1836. 

  1836. 		     (identity_len == WSC_ID_REGISTRAR_LEN &&
    1837. 

  1837. 		      os_memcmp(identity, WSC_ID_REGISTRAR,
    1838. 

  1838. 				WSC_ID_REGISTRAR_LEN) == 0))) {
    1839. 

  1839. 			wpa_printf(MSG_DEBUG, "WPS: WLAN_STA_MAYBE_WPS -> "
    1840. 

  1840. 				   "WLAN_STA_WPS");
    1841. 

  1841. 			sta->flags |= WLAN_STA_WPS;
    1842. 

  1842. 		}
    1843. 

  1843. 	}
    1844. 

  1844. #endif /* CONFIG_WPS */
    1845. 

  1845. 

  1846. 	ieee802_1x_send(ctx, sta_ctx, type, data, datalen);
    1847. 

  1847. }
    1848. 

  1848. 

  1849. 

  1850. static void ieee802_1x_aaa_send(void *ctx, void *sta_ctx,
    1851. 

  1851. 				const u8 *data, size_t datalen)
    1852. 

  1852. {
    1853. 

  1853. #ifndef CONFIG_NO_RADIUS
    1854. 

  1854. 	struct hostapd_data *hapd = ctx;
    1855. 

  1855. 	struct sta_info *sta = sta_ctx;
    1856. 

  1856. 

  1857. 	ieee802_1x_encapsulate_radius(hapd, sta, data, datalen);
    1858. 

  1858. #endif /* CONFIG_NO_RADIUS */
    1859. 

  1859. }
    1860. 

  1860. 

  1861. 

  1862. static void _ieee802_1x_finished(void *ctx, void *sta_ctx, int success,
    1863. 

  1863. 				 int preauth, int remediation)
    1864. 

  1864. {
    1865. 

  1865. 	struct hostapd_data *hapd = ctx;
    1866. 

  1866. 	struct sta_info *sta = sta_ctx;
    1867. 

  1867. 	if (preauth)
    1868. 

  1868. 		rsn_preauth_finished(hapd, sta, success);
    1869. 

  1869. 	else
    1870. 

  1870. 		ieee802_1x_finished(hapd, sta, success, remediation);
    1871. 

  1871. }
    1872. 

  1872. 

  1873. 

  1874. static int ieee802_1x_get_eap_user(void *ctx, const u8 *identity,
    1875. 

  1875. 				   size_t identity_len, int phase2,
    1876. 

  1876. 				   struct eap_user *user)
    1877. 

  1877. {
    1878. 

  1878. 	struct hostapd_data *hapd = ctx;
    1879. 

  1879. 	const struct hostapd_eap_user *eap_user;
    1880. 

  1880. 	int i;
    1881. 

  1881. 

  1882. 	eap_user = hostapd_get_eap_user(hapd, identity, identity_len, phase2);
    1883. 

  1883. 	if (eap_user == NULL)
    1884. 

  1884. 		return -1;
    1885. 

  1885. 

  1886. 	os_memset(user, 0, sizeof(*user));
    1887. 

  1887. 	user->phase2 = phase2;
    1888. 

  1888. 	for (i = 0; i < EAP_MAX_METHODS; i++) {
    1889. 

  1889. 		user->methods[i].vendor = eap_user->methods[i].vendor;
    1890. 

  1890. 		user->methods[i].method = eap_user->methods[i].method;
    1891. 

  1891. 	}
    1892. 

  1892. 

  1893. 	if (eap_user->password) {
    1894. 

  1894. 		user->password = os_malloc(eap_user->password_len);
    1895. 

  1895. 		if (user->password == NULL)
    1896. 

  1896. 			return -1;
    1897. 

  1897. 		os_memcpy(user->password, eap_user->password,
    1898. 

  1898. 			  eap_user->password_len);
    1899. 

  1899. 		user->password_len = eap_user->password_len;
    1900. 

  1900. 		user->password_hash = eap_user->password_hash;
    1901. 

  1901. 	}
    1902. 

  1902. 	user->force_version = eap_user->force_version;
    1903. 

  1903. 	user->macacl = eap_user->macacl;
    1904. 

  1904. 	user->ttls_auth = eap_user->ttls_auth;
    1905. 

  1905. 	user->remediation = eap_user->remediation;
    1906. 

  1906. 

  1907. 	return 0;
    1908. 

  1908. }
    1909. 

  1909. 

  1910. 

  1911. static int ieee802_1x_sta_entry_alive(void *ctx, const u8 *addr)
    1912. 

  1912. {
    1913. 

  1913. 	struct hostapd_data *hapd = ctx;
    1914. 

  1914. 	struct sta_info *sta;
    1915. 

  1915. 	sta = ap_get_sta(hapd, addr);
    1916. 

  1916. 	if (sta == NULL || sta->eapol_sm == NULL)
    1917. 

  1917. 		return 0;
    1918. 

  1918. 	return 1;
    1919. 

  1919. }
    1920. 

  1920. 

  1921. 

  1922. static void ieee802_1x_logger(void *ctx, const u8 *addr,
    1923. 

  1923. 			      eapol_logger_level level, const char *txt)
    1924. 

  1924. {
    1925. 

  1925. #ifndef CONFIG_NO_HOSTAPD_LOGGER
    1926. 

  1926. 	struct hostapd_data *hapd = ctx;
    1927. 

  1927. 	int hlevel;
    1928. 

  1928. 

  1929. 	switch (level) {
    1930. 

  1930. 	case EAPOL_LOGGER_WARNING:
    1931. 

  1931. 		hlevel = HOSTAPD_LEVEL_WARNING;
    1932. 

  1932. 		break;
    1933. 

  1933. 	case EAPOL_LOGGER_INFO:
    1934. 

  1934. 		hlevel = HOSTAPD_LEVEL_INFO;
    1935. 

  1935. 		break;
    1936. 

  1936. 	case EAPOL_LOGGER_DEBUG:
    1937. 

  1937. 	default:
    1938. 

  1938. 		hlevel = HOSTAPD_LEVEL_DEBUG;
    1939. 

  1939. 		break;
    1940. 

  1940. 	}
    1941. 

  1941. 

  1942. 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE8021X, hlevel, "%s",
    1943. 

  1943. 		       txt);
    1944. 

  1944. #endif /* CONFIG_NO_HOSTAPD_LOGGER */
    1945. 

  1945. }
    1946. 

  1946. 

  1947. 

  1948. static void ieee802_1x_set_port_authorized(void *ctx, void *sta_ctx,
    1949. 

  1949. 					   int authorized)
    1950. 

  1950. {
    1951. 

  1951. 	struct hostapd_data *hapd = ctx;
    1952. 

  1952. 	struct sta_info *sta = sta_ctx;
    1953. 

  1953. 	ieee802_1x_set_sta_authorized(hapd, sta, authorized);
    1954. 

  1954. }
    1955. 

  1955. 

  1956. 

  1957. static void _ieee802_1x_abort_auth(void *ctx, void *sta_ctx)
    1958. 

  1958. {
    1959. 

  1959. 	struct hostapd_data *hapd = ctx;
    1960. 

  1960. 	struct sta_info *sta = sta_ctx;
    1961. 

  1961. 	ieee802_1x_abort_auth(hapd, sta);
    1962. 

  1962. }
    1963. 

  1963. 

  1964. 

  1965. static void _ieee802_1x_tx_key(void *ctx, void *sta_ctx)
    1966. 

  1966. {
    1967. 

  1967. 	struct hostapd_data *hapd = ctx;
    1968. 

  1968. 	struct sta_info *sta = sta_ctx;
    1969. 

  1969. 	ieee802_1x_tx_key(hapd, sta);
    1970. 

  1970. }
    1971. 

  1971. 

  1972. 

  1973. static void ieee802_1x_eapol_event(void *ctx, void *sta_ctx,
    1974. 

  1974. 				   enum eapol_event type)
    1975. 

  1975. {
    1976. 

  1976. 	/* struct hostapd_data *hapd = ctx; */
    1977. 

  1977. 	struct sta_info *sta = sta_ctx;
    1978. 

  1978. 	switch (type) {
    1979. 

  1979. 	case EAPOL_AUTH_SM_CHANGE:
    1980. 

  1980. 		wpa_auth_sm_notify(sta->wpa_sm);
    1981. 

  1981. 		break;
    1982. 

  1982. 	case EAPOL_AUTH_REAUTHENTICATE:
    1983. 

  1983. 		wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH_EAPOL);
    1984. 

  1984. 		break;
    1985. 

  1985. 	}
    1986. 

  1986. }
    1987. 

  1987. 

  1988. 

  1989. int ieee802_1x_init(struct hostapd_data *hapd)
    1990. 

  1990. {
    1991. 

  1991. 	int i;
    1992. 

  1992. 	struct eapol_auth_config conf;
    1993. 

  1993. 	struct eapol_auth_cb cb;
    1994. 

  1994. 

  1995. 	os_memset(&conf, 0, sizeof(conf));
    1996. 

  1996. 	conf.ctx = hapd;
    1997. 

  1997. 	conf.eap_reauth_period = hapd->conf->eap_reauth_period;
    1998. 

  1998. 	conf.wpa = hapd->conf->wpa;
    1999. 

  1999. 	conf.individual_wep_key_len = hapd->conf->individual_wep_key_len;
    2000. 

  2000. 	conf.eap_server = hapd->conf->eap_server;
    2001. 

  2001. 	conf.ssl_ctx = hapd->ssl_ctx;
    2002. 

  2002. 	conf.msg_ctx = hapd->msg_ctx;
    2003. 

  2003. 	conf.eap_sim_db_priv = hapd->eap_sim_db_priv;
    2004. 

  2004. 	conf.eap_req_id_text = hapd->conf->eap_req_id_text;
    2005. 

  2005. 	conf.eap_req_id_text_len = hapd->conf->eap_req_id_text_len;
    2006. 

  2006. 	conf.pac_opaque_encr_key = hapd->conf->pac_opaque_encr_key;
    2007. 

  2007. 	conf.eap_fast_a_id = hapd->conf->eap_fast_a_id;
    2008. 

  2008. 	conf.eap_fast_a_id_len = hapd->conf->eap_fast_a_id_len;
    2009. 

  2009. 	conf.eap_fast_a_id_info = hapd->conf->eap_fast_a_id_info;
    2010. 

  2010. 	conf.eap_fast_prov = hapd->conf->eap_fast_prov;
    2011. 

  2011. 	conf.pac_key_lifetime = hapd->conf->pac_key_lifetime;
    2012. 

  2012. 	conf.pac_key_refresh_time = hapd->conf->pac_key_refresh_time;
    2013. 

  2013. 	conf.eap_sim_aka_result_ind = hapd->conf->eap_sim_aka_result_ind;
    2014. 

  2014. 	conf.tnc = hapd->conf->tnc;
    2015. 

  2015. 	conf.wps = hapd->wps;
    2016. 

  2016. 	conf.fragment_size = hapd->conf->fragment_size;
    2017. 

  2017. 	conf.pwd_group = hapd->conf->pwd_group;
    2018. 

  2018. 	conf.pbc_in_m1 = hapd->conf->pbc_in_m1;
    2019. 

  2019. 	if (hapd->conf->server_id) {
    2020. 

  2020. 		conf.server_id = (const u8 *) hapd->conf->server_id;
    2021. 

  2021. 		conf.server_id_len = os_strlen(hapd->conf->server_id);
    2022. 

  2022. 	} else {
    2023. 

  2023. 		conf.server_id = (const u8 *) "hostapd";
    2024. 

  2024. 		conf.server_id_len = 7;
    2025. 

  2025. 	}
    2026. 

  2026. 

  2027. 	os_memset(&cb, 0, sizeof(cb));
    2028. 

  2028. 	cb.eapol_send = ieee802_1x_eapol_send;
    2029. 

  2029. 	cb.aaa_send = ieee802_1x_aaa_send;
    2030. 

  2030. 	cb.finished = _ieee802_1x_finished;
    2031. 

  2031. 	cb.get_eap_user = ieee802_1x_get_eap_user;
    2032. 

  2032. 	cb.sta_entry_alive = ieee802_1x_sta_entry_alive;
    2033. 

  2033. 	cb.logger = ieee802_1x_logger;
    2034. 

  2034. 	cb.set_port_authorized = ieee802_1x_set_port_authorized;
    2035. 

  2035. 	cb.abort_auth = _ieee802_1x_abort_auth;
    2036. 

  2036. 	cb.tx_key = _ieee802_1x_tx_key;
    2037. 

  2037. 	cb.eapol_event = ieee802_1x_eapol_event;
    2038. 

  2038. 

  2039. 	hapd->eapol_auth = eapol_auth_init(&conf, &cb);
    2040. 

  2040. 	if (hapd->eapol_auth == NULL)
    2041. 

  2041. 		return -1;
    2042. 

  2042. 

  2043. 	if ((hapd->conf->ieee802_1x || hapd->conf->wpa) &&
    2044. 

  2044. 	    hostapd_set_drv_ieee8021x(hapd, hapd->conf->iface, 1))
    2045. 

  2045. 		return -1;
    2046. 

  2046. 

  2047. #ifndef CONFIG_NO_RADIUS
    2048. 

  2048. 	if (radius_client_register(hapd->radius, RADIUS_AUTH,
    2049. 

  2049. 				   ieee802_1x_receive_auth, hapd))
    2050. 

  2050. 		return -1;
    2051. 

  2051. #endif /* CONFIG_NO_RADIUS */
    2052. 

  2052. 

  2053. 	if (hapd->conf->default_wep_key_len) {
    2054. 

  2054. 		for (i = 0; i < 4; i++)
    2055. 

  2055. 			hostapd_drv_set_key(hapd->conf->iface, hapd,
    2056. 

  2056. 					    WPA_ALG_NONE, NULL, i, 0, NULL, 0,
    2057. 

  2057. 					    NULL, 0);
    2058. 

  2058. 

  2059. 		ieee802_1x_rekey(hapd, NULL);
    2060. 

  2060. 

  2061. 		if (hapd->eapol_auth->default_wep_key == NULL)
    2062. 

  2062. 			return -1;
    2063. 

  2063. 	}
    2064. 

  2064. 

  2065. 	return 0;
    2066. 

  2066. }
    2067. 

  2067. 

  2068. 

  2069. void ieee802_1x_deinit(struct hostapd_data *hapd)
    2070. 

  2070. {
    2071. 

  2071. 	eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
    2072. 

  2072. 

  2073. 	if (hapd->driver != NULL &&
    2074. 

  2074. 	    (hapd->conf->ieee802_1x || hapd->conf->wpa))
    2075. 

  2075. 		hostapd_set_drv_ieee8021x(hapd, hapd->conf->iface, 0);
    2076. 

  2076. 

  2077. 	eapol_auth_deinit(hapd->eapol_auth);
    2078. 

  2078. 	hapd->eapol_auth = NULL;
    2079. 

  2079. }
    2080. 

  2080. 

  2081. 

  2082. int ieee802_1x_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
    2083. 

  2083. 			 const u8 *buf, size_t len, int ack)
    2084. 

  2084. {
    2085. 

  2085. 	struct ieee80211_hdr *hdr;
    2086. 

  2086. 	u8 *pos;
    2087. 

  2087. 	const unsigned char rfc1042_hdr[ETH_ALEN] =
    2088. 

  2088. 		{ 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
    2089. 

  2089. 

  2090. 	if (sta == NULL)
    2091. 

  2091. 		return -1;
    2092. 

  2092. 	if (len < sizeof(*hdr) + sizeof(rfc1042_hdr) + 2)
    2093. 

  2093. 		return 0;
    2094. 

  2094. 

  2095. 	hdr = (struct ieee80211_hdr *) buf;
    2096. 

  2096. 	pos = (u8 *) (hdr + 1);
    2097. 

  2097. 	if (os_memcmp(pos, rfc1042_hdr, sizeof(rfc1042_hdr)) != 0)
    2098. 

  2098. 		return 0;
    2099. 

  2099. 	pos += sizeof(rfc1042_hdr);
    2100. 

  2100. 	if (WPA_GET_BE16(pos) != ETH_P_PAE)
    2101. 

  2101. 		return 0;
    2102. 

  2102. 	pos += 2;
    2103. 

  2103. 

  2104. 	return ieee802_1x_eapol_tx_status(hapd, sta, pos, buf + len - pos,
    2105. 

  2105. 					  ack);
    2106. 

  2106. }
    2107. 

  2107. 

  2108. 

  2109. int ieee802_1x_eapol_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
    2110. 

  2110. 			       const u8 *buf, int len, int ack)
    2111. 

  2111. {
    2112. 

  2112. 	const struct ieee802_1x_hdr *xhdr =
    2113. 

  2113. 		(const struct ieee802_1x_hdr *) buf;
    2114. 

  2114. 	const u8 *pos = buf + sizeof(*xhdr);
    2115. 

  2115. 	struct ieee802_1x_eapol_key *key;
    2116. 

  2116. 

  2117. 	if (len < (int) sizeof(*xhdr))
    2118. 

  2118. 		return 0;
    2119. 

  2119. 	wpa_printf(MSG_DEBUG, "IEEE 802.1X: " MACSTR " TX status - version=%d "
    2120. 

  2120. 		   "type=%d length=%d - ack=%d",
    2121. 

  2121. 		   MAC2STR(sta->addr), xhdr->version, xhdr->type,
    2122. 

  2122. 		   be_to_host16(xhdr->length), ack);
    2123. 

  2123. 

  2124. 	if (xhdr->type != IEEE802_1X_TYPE_EAPOL_KEY)
    2125. 

  2125. 		return 0;
    2126. 

  2126. 

  2127. 	if (pos + sizeof(struct wpa_eapol_key) <= buf + len) {
    2128. 

  2128. 		const struct wpa_eapol_key *wpa;
    2129. 

  2129. 		wpa = (const struct wpa_eapol_key *) pos;
    2130. 

  2130. 		if (wpa->type == EAPOL_KEY_TYPE_RSN ||
    2131. 

  2131. 		    wpa->type == EAPOL_KEY_TYPE_WPA)
    2132. 

  2132. 			wpa_auth_eapol_key_tx_status(hapd->wpa_auth,
    2133. 

  2133. 						     sta->wpa_sm, ack);
    2134. 

  2134. 	}
    2135. 

  2135. 

  2136. 	/* EAPOL EAP-Packet packets are eventually re-sent by either Supplicant
    2137. 

  2137. 	 * or Authenticator state machines, but EAPOL-Key packets are not
    2138. 

  2138. 	 * retransmitted in case of failure. Try to re-send failed EAPOL-Key
    2139. 

  2139. 	 * packets couple of times because otherwise STA keys become
    2140. 

  2140. 	 * unsynchronized with AP. */
    2141. 

  2141. 	if (!ack && pos + sizeof(*key) <= buf + len) {
    2142. 

  2142. 		key = (struct ieee802_1x_eapol_key *) pos;
    2143. 

  2143. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    2144. 

  2144. 			       HOSTAPD_LEVEL_DEBUG, "did not Ack EAPOL-Key "
    2145. 

  2145. 			       "frame (%scast index=%d)",
    2146. 

  2146. 			       key->key_index & BIT(7) ? "uni" : "broad",
    2147. 

  2147. 			       key->key_index & ~BIT(7));
    2148. 

  2148. 		/* TODO: re-send EAPOL-Key couple of times (with short delay
    2149. 

  2149. 		 * between them?). If all attempt fail, report error and
    2150. 

  2150. 		 * deauthenticate STA so that it will get new keys when
    2151. 

  2151. 		 * authenticating again (e.g., after returning in range).
    2152. 

  2152. 		 * Separate limit/transmit state needed both for unicast and
    2153. 

  2153. 		 * broadcast keys(?) */
    2154. 

  2154. 	}
    2155. 

  2155. 	/* TODO: could move unicast key configuration from ieee802_1x_tx_key()
    2156. 

  2156. 	 * to here and change the key only if the EAPOL-Key packet was Acked.
    2157. 

  2157. 	 */
    2158. 

  2158. 

  2159. 	return 1;
    2160. 

  2160. }
    2161. 

  2161. 

  2162. 

  2163. u8 * ieee802_1x_get_identity(struct eapol_state_machine *sm, size_t *len)
    2164. 

  2164. {
    2165. 

  2165. 	if (sm == NULL || sm->identity == NULL)
    2166. 

  2166. 		return NULL;
    2167. 

  2167. 

  2168. 	*len = sm->identity_len;
    2169. 

  2169. 	return sm->identity;
    2170. 

  2170. }
    2171. 

  2171. 

  2172. 

  2173. u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
    2174. 

  2174. 				 int idx)
    2175. 

  2175. {
    2176. 

  2176. 	if (sm == NULL || sm->radius_class.attr == NULL ||
    2177. 

  2177. 	    idx >= (int) sm->radius_class.count)
    2178. 

  2178. 		return NULL;
    2179. 

  2179. 

  2180. 	*len = sm->radius_class.attr[idx].len;
    2181. 

  2181. 	return sm->radius_class.attr[idx].data;
    2182. 

  2182. }
    2183. 

  2183. 

  2184. 

  2185. struct wpabuf * ieee802_1x_get_radius_cui(struct eapol_state_machine *sm)
    2186. 

  2186. {
    2187. 

  2187. 	if (sm == NULL)
    2188. 

  2188. 		return NULL;
    2189. 

  2189. 	return sm->radius_cui;
    2190. 

  2190. }
    2191. 

  2191. 

  2192. 

  2193. const u8 * ieee802_1x_get_key(struct eapol_state_machine *sm, size_t *len)
    2194. 

  2194. {
    2195. 

  2195. 	*len = 0;
    2196. 

  2196. 	if (sm == NULL)
    2197. 

  2197. 		return NULL;
    2198. 

  2198. 

  2199. 	*len = sm->eap_if->eapKeyDataLen;
    2200. 

  2200. 	return sm->eap_if->eapKeyData;
    2201. 

  2201. }
    2202. 

  2202. 

  2203. 

  2204. void ieee802_1x_notify_port_enabled(struct eapol_state_machine *sm,
    2205. 

  2205. 				    int enabled)
    2206. 

  2206. {
    2207. 

  2207. 	if (sm == NULL)
    2208. 

  2208. 		return;
    2209. 

  2209. 	sm->eap_if->portEnabled = enabled ? TRUE : FALSE;
    2210. 

  2210. 	eapol_auth_step(sm);
    2211. 

  2211. }
    2212. 

  2212. 

  2213. 

  2214. void ieee802_1x_notify_port_valid(struct eapol_state_machine *sm,
    2215. 

  2215. 				  int valid)
    2216. 

  2216. {
    2217. 

  2217. 	if (sm == NULL)
    2218. 

  2218. 		return;
    2219. 

  2219. 	sm->portValid = valid ? TRUE : FALSE;
    2220. 

  2220. 	eapol_auth_step(sm);
    2221. 

  2221. }
    2222. 

  2222. 

  2223. 

  2224. void ieee802_1x_notify_pre_auth(struct eapol_state_machine *sm, int pre_auth)
    2225. 

  2225. {
    2226. 

  2226. 	if (sm == NULL)
    2227. 

  2227. 		return;
    2228. 

  2228. 	if (pre_auth)
    2229. 

  2229. 		sm->flags |= EAPOL_SM_PREAUTH;
    2230. 

  2230. 	else
    2231. 

  2231. 		sm->flags &= ~EAPOL_SM_PREAUTH;
    2232. 

  2232. }
    2233. 

  2233. 

  2234. 

  2235. static const char * bool_txt(Boolean bool)
    2236. 

  2236. {
    2237. 

  2237. 	return bool ? "TRUE" : "FALSE";
    2238. 

  2238. }
    2239. 

  2239. 

  2240. 

  2241. int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
    2242. 

  2242. {
    2243. 

  2243. 	/* TODO */
    2244. 

  2244. 	return 0;
    2245. 

  2245. }
    2246. 

  2246. 

  2247. 

  2248. int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
    2249. 

  2249. 			   char *buf, size_t buflen)
    2250. 

  2250. {
    2251. 

  2251. 	int len = 0, ret;
    2252. 

  2252. 	struct eapol_state_machine *sm = sta->eapol_sm;
    2253. 

  2253. 	struct os_reltime diff;
    2254. 

  2254. 	const char *name1;
    2255. 

  2255. 	const char *name2;
    2256. 

  2256. 

  2257. 	if (sm == NULL)
    2258. 

  2258. 		return 0;
    2259. 

  2259. 

  2260. 	ret = os_snprintf(buf + len, buflen - len,
    2261. 

  2261. 			  "dot1xPaePortNumber=%d\n"
    2262. 

  2262. 			  "dot1xPaePortProtocolVersion=%d\n"
    2263. 

  2263. 			  "dot1xPaePortCapabilities=1\n"
    2264. 

  2264. 			  "dot1xPaePortInitialize=%d\n"
    2265. 

  2265. 			  "dot1xPaePortReauthenticate=FALSE\n",
    2266. 

  2266. 			  sta->aid,
    2267. 

  2267. 			  EAPOL_VERSION,
    2268. 

  2268. 			  sm->initialize);
    2269. 

  2269. 	if (ret < 0 || (size_t) ret >= buflen - len)
    2270. 

  2270. 		return len;
    2271. 

  2271. 	len += ret;
    2272. 

  2272. 

  2273. 	/* dot1xAuthConfigTable */
    2274. 

  2274. 	ret = os_snprintf(buf + len, buflen - len,
    2275. 

  2275. 			  "dot1xAuthPaeState=%d\n"
    2276. 

  2276. 			  "dot1xAuthBackendAuthState=%d\n"
    2277. 

  2277. 			  "dot1xAuthAdminControlledDirections=%d\n"
    2278. 

  2278. 			  "dot1xAuthOperControlledDirections=%d\n"
    2279. 

  2279. 			  "dot1xAuthAuthControlledPortStatus=%d\n"
    2280. 

  2280. 			  "dot1xAuthAuthControlledPortControl=%d\n"
    2281. 

  2281. 			  "dot1xAuthQuietPeriod=%u\n"
    2282. 

  2282. 			  "dot1xAuthServerTimeout=%u\n"
    2283. 

  2283. 			  "dot1xAuthReAuthPeriod=%u\n"
    2284. 

  2284. 			  "dot1xAuthReAuthEnabled=%s\n"
    2285. 

  2285. 			  "dot1xAuthKeyTxEnabled=%s\n",
    2286. 

  2286. 			  sm->auth_pae_state + 1,
    2287. 

  2287. 			  sm->be_auth_state + 1,
    2288. 

  2288. 			  sm->adminControlledDirections,
    2289. 

  2289. 			  sm->operControlledDirections,
    2290. 

  2290. 			  sm->authPortStatus,
    2291. 

  2291. 			  sm->portControl,
    2292. 

  2292. 			  sm->quietPeriod,
    2293. 

  2293. 			  sm->serverTimeout,
    2294. 

  2294. 			  sm->reAuthPeriod,
    2295. 

  2295. 			  bool_txt(sm->reAuthEnabled),
    2296. 

  2296. 			  bool_txt(sm->keyTxEnabled));
    2297. 

  2297. 	if (ret < 0 || (size_t) ret >= buflen - len)
    2298. 

  2298. 		return len;
    2299. 

  2299. 	len += ret;
    2300. 

  2300. 

  2301. 	/* dot1xAuthStatsTable */
    2302. 

  2302. 	ret = os_snprintf(buf + len, buflen - len,
    2303. 

  2303. 			  "dot1xAuthEapolFramesRx=%u\n"
    2304. 

  2304. 			  "dot1xAuthEapolFramesTx=%u\n"
    2305. 

  2305. 			  "dot1xAuthEapolStartFramesRx=%u\n"
    2306. 

  2306. 			  "dot1xAuthEapolLogoffFramesRx=%u\n"
    2307. 

  2307. 			  "dot1xAuthEapolRespIdFramesRx=%u\n"
    2308. 

  2308. 			  "dot1xAuthEapolRespFramesRx=%u\n"
    2309. 

  2309. 			  "dot1xAuthEapolReqIdFramesTx=%u\n"
    2310. 

  2310. 			  "dot1xAuthEapolReqFramesTx=%u\n"
    2311. 

  2311. 			  "dot1xAuthInvalidEapolFramesRx=%u\n"
    2312. 

  2312. 			  "dot1xAuthEapLengthErrorFramesRx=%u\n"
    2313. 

  2313. 			  "dot1xAuthLastEapolFrameVersion=%u\n"
    2314. 

  2314. 			  "dot1xAuthLastEapolFrameSource=" MACSTR "\n",
    2315. 

  2315. 			  sm->dot1xAuthEapolFramesRx,
    2316. 

  2316. 			  sm->dot1xAuthEapolFramesTx,
    2317. 

  2317. 			  sm->dot1xAuthEapolStartFramesRx,
    2318. 

  2318. 			  sm->dot1xAuthEapolLogoffFramesRx,
    2319. 

  2319. 			  sm->dot1xAuthEapolRespIdFramesRx,
    2320. 

  2320. 			  sm->dot1xAuthEapolRespFramesRx,
    2321. 

  2321. 			  sm->dot1xAuthEapolReqIdFramesTx,
    2322. 

  2322. 			  sm->dot1xAuthEapolReqFramesTx,
    2323. 

  2323. 			  sm->dot1xAuthInvalidEapolFramesRx,
    2324. 

  2324. 			  sm->dot1xAuthEapLengthErrorFramesRx,
    2325. 

  2325. 			  sm->dot1xAuthLastEapolFrameVersion,
    2326. 

  2326. 			  MAC2STR(sm->addr));
    2327. 

  2327. 	if (ret < 0 || (size_t) ret >= buflen - len)
    2328. 

  2328. 		return len;
    2329. 

  2329. 	len += ret;
    2330. 

  2330. 

  2331. 	/* dot1xAuthDiagTable */
    2332. 

  2332. 	ret = os_snprintf(buf + len, buflen - len,
    2333. 

  2333. 			  "dot1xAuthEntersConnecting=%u\n"
    2334. 

  2334. 			  "dot1xAuthEapLogoffsWhileConnecting=%u\n"
    2335. 

  2335. 			  "dot1xAuthEntersAuthenticating=%u\n"
    2336. 

  2336. 			  "dot1xAuthAuthSuccessesWhileAuthenticating=%u\n"
    2337. 

  2337. 			  "dot1xAuthAuthTimeoutsWhileAuthenticating=%u\n"
    2338. 

  2338. 			  "dot1xAuthAuthFailWhileAuthenticating=%u\n"
    2339. 

  2339. 			  "dot1xAuthAuthEapStartsWhileAuthenticating=%u\n"
    2340. 

  2340. 			  "dot1xAuthAuthEapLogoffWhileAuthenticating=%u\n"
    2341. 

  2341. 			  "dot1xAuthAuthReauthsWhileAuthenticated=%u\n"
    2342. 

  2342. 			  "dot1xAuthAuthEapStartsWhileAuthenticated=%u\n"
    2343. 

  2343. 			  "dot1xAuthAuthEapLogoffWhileAuthenticated=%u\n"
    2344. 

  2344. 			  "dot1xAuthBackendResponses=%u\n"
    2345. 

  2345. 			  "dot1xAuthBackendAccessChallenges=%u\n"
    2346. 

  2346. 			  "dot1xAuthBackendOtherRequestsToSupplicant=%u\n"
    2347. 

  2347. 			  "dot1xAuthBackendAuthSuccesses=%u\n"
    2348. 

  2348. 			  "dot1xAuthBackendAuthFails=%u\n",
    2349. 

  2349. 			  sm->authEntersConnecting,
    2350. 

  2350. 			  sm->authEapLogoffsWhileConnecting,
    2351. 

  2351. 			  sm->authEntersAuthenticating,
    2352. 

  2352. 			  sm->authAuthSuccessesWhileAuthenticating,
    2353. 

  2353. 			  sm->authAuthTimeoutsWhileAuthenticating,
    2354. 

  2354. 			  sm->authAuthFailWhileAuthenticating,
    2355. 

  2355. 			  sm->authAuthEapStartsWhileAuthenticating,
    2356. 

  2356. 			  sm->authAuthEapLogoffWhileAuthenticating,
    2357. 

  2357. 			  sm->authAuthReauthsWhileAuthenticated,
    2358. 

  2358. 			  sm->authAuthEapStartsWhileAuthenticated,
    2359. 

  2359. 			  sm->authAuthEapLogoffWhileAuthenticated,
    2360. 

  2360. 			  sm->backendResponses,
    2361. 

  2361. 			  sm->backendAccessChallenges,
    2362. 

  2362. 			  sm->backendOtherRequestsToSupplicant,
    2363. 

  2363. 			  sm->backendAuthSuccesses,
    2364. 

  2364. 			  sm->backendAuthFails);
    2365. 

  2365. 	if (ret < 0 || (size_t) ret >= buflen - len)
    2366. 

  2366. 		return len;
    2367. 

  2367. 	len += ret;
    2368. 

  2368. 

  2369. 	/* dot1xAuthSessionStatsTable */
    2370. 

  2370. 	os_reltime_age(&sta->acct_session_start, &diff);
    2371. 

  2371. 	ret = os_snprintf(buf + len, buflen - len,
    2372. 

  2372. 			  /* TODO: dot1xAuthSessionOctetsRx */
    2373. 

  2373. 			  /* TODO: dot1xAuthSessionOctetsTx */
    2374. 

  2374. 			  /* TODO: dot1xAuthSessionFramesRx */
    2375. 

  2375. 			  /* TODO: dot1xAuthSessionFramesTx */
    2376. 

  2376. 			  "dot1xAuthSessionId=%08X-%08X\n"
    2377. 

  2377. 			  "dot1xAuthSessionAuthenticMethod=%d\n"
    2378. 

  2378. 			  "dot1xAuthSessionTime=%u\n"
    2379. 

  2379. 			  "dot1xAuthSessionTerminateCause=999\n"
    2380. 

  2380. 			  "dot1xAuthSessionUserName=%s\n",
    2381. 

  2381. 			  sta->acct_session_id_hi, sta->acct_session_id_lo,
    2382. 

  2382. 			  (wpa_key_mgmt_wpa_ieee8021x(
    2383. 

  2383. 				   wpa_auth_sta_key_mgmt(sta->wpa_sm))) ?
    2384. 

  2384. 			  1 : 2,
    2385. 

  2385. 			  (unsigned int) diff.sec,
    2386. 

  2386. 			  sm->identity);
    2387. 

  2387. 	if (ret < 0 || (size_t) ret >= buflen - len)
    2388. 

  2388. 		return len;
    2389. 

  2389. 	len += ret;
    2390. 

  2390. 

  2391. 	name1 = eap_server_get_name(0, sm->eap_type_authsrv);
    2392. 

  2392. 	name2 = eap_server_get_name(0, sm->eap_type_supp);
    2393. 

  2393. 	ret = os_snprintf(buf + len, buflen - len,
    2394. 

  2394. 			  "last_eap_type_as=%d (%s)\n"
    2395. 

  2395. 			  "last_eap_type_sta=%d (%s)\n",
    2396. 

  2396. 			  sm->eap_type_authsrv,
    2397. 

  2397. 			  name1 ? name1 : "",
    2398. 

  2398. 			  sm->eap_type_supp,
    2399. 

  2399. 			  name2 ? name2 : "");
    2400. 

  2400. 	if (ret < 0 || (size_t) ret >= buflen - len)
    2401. 

  2401. 		return len;
    2402. 

  2402. 	len += ret;
    2403. 

  2403. 

  2404. 	return len;
    2405. 

  2405. }
    2406. 

  2406. 

  2407. 

  2408. static void ieee802_1x_finished(struct hostapd_data *hapd,
    2409. 

  2409. 				struct sta_info *sta, int success,
    2410. 

  2410. 				int remediation)
    2411. 

  2411. {
    2412. 

  2412. 	const u8 *key;
    2413. 

  2413. 	size_t len;
    2414. 

  2414. 	/* TODO: get PMKLifetime from WPA parameters */
    2415. 

  2415. 	static const int dot11RSNAConfigPMKLifetime = 43200;
    2416. 

  2416. 	unsigned int session_timeout;
    2417. 

  2417. 

  2418. #ifdef CONFIG_HS20
    2419. 

  2419. 	if (remediation && !sta->remediation) {
    2420. 

  2420. 		sta->remediation = 1;
    2421. 

  2421. 		os_free(sta->remediation_url);
    2422. 

  2422. 		sta->remediation_url =
    2423. 

  2423. 			os_strdup(hapd->conf->subscr_remediation_url);
    2424. 

  2424. 		sta->remediation_method = 1; /* SOAP-XML SPP */
    2425. 

  2425. 	}
    2426. 

  2426. 

  2427. 	if (success) {
    2428. 

  2428. 		if (sta->remediation) {
    2429. 

  2429. 			wpa_printf(MSG_DEBUG, "HS 2.0: Send WNM-Notification "
    2430. 

  2430. 				   "to " MACSTR " to indicate Subscription "
    2431. 

  2431. 				   "Remediation",
    2432. 

  2432. 				   MAC2STR(sta->addr));
    2433. 

  2433. 			hs20_send_wnm_notification(hapd, sta->addr,
    2434. 

  2434. 						   sta->remediation_method,
    2435. 

  2435. 						   sta->remediation_url);
    2436. 

  2436. 			os_free(sta->remediation_url);
    2437. 

  2437. 			sta->remediation_url = NULL;
    2438. 

  2438. 		}
    2439. 

  2439. 

  2440. 		if (sta->hs20_deauth_req) {
    2441. 

  2441. 			wpa_printf(MSG_DEBUG, "HS 2.0: Send WNM-Notification "
    2442. 

  2442. 				   "to " MACSTR " to indicate imminent "
    2443. 

  2443. 				   "deauthentication", MAC2STR(sta->addr));
    2444. 

  2444. 			hs20_send_wnm_notification_deauth_req(
    2445. 

  2445. 				hapd, sta->addr, sta->hs20_deauth_req);
    2446. 

  2446. 		}
    2447. 

  2447. 	}
    2448. 

  2448. #endif /* CONFIG_HS20 */
    2449. 

  2449. 

  2450. 	key = ieee802_1x_get_key(sta->eapol_sm, &len);
    2451. 

  2451. 	if (sta->session_timeout_set)
    2452. 

  2452. 		session_timeout = sta->session_timeout;
    2453. 

  2453. 	else
    2454. 

  2454. 		session_timeout = dot11RSNAConfigPMKLifetime;
    2455. 

  2455. 	if (success && key && len >= PMK_LEN && !sta->remediation &&
    2456. 

  2456. 	    !sta->hs20_deauth_requested &&
    2457. 

  2457. 	    wpa_auth_pmksa_add(sta->wpa_sm, key, session_timeout,
    2458. 

  2458. 			       sta->eapol_sm) == 0) {
    2459. 

  2459. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
    2460. 

  2460. 			       HOSTAPD_LEVEL_DEBUG,
    2461. 

  2461. 			       "Added PMKSA cache entry (IEEE 802.1X)");
    2462. 

  2462. 	}
    2463. 

  2463. 

  2464. 	if (!success) {
    2465. 

  2465. 		/*
    2466. 

  2466. 		 * Many devices require deauthentication after WPS provisioning
    2467. 

  2467. 		 * and some may not be be able to do that themselves, so
    2468. 

  2468. 		 * disconnect the client here. In addition, this may also
    2469. 

  2469. 		 * benefit IEEE 802.1X/EAPOL authentication cases, too since
    2470. 

  2470. 		 * the EAPOL PAE state machine would remain in HELD state for
    2471. 

  2471. 		 * considerable amount of time and some EAP methods, like
    2472. 

  2472. 		 * EAP-FAST with anonymous provisioning, may require another
    2473. 

  2473. 		 * EAPOL authentication to be started to complete connection.
    2474. 

  2474. 		 */
    2475. 

  2475. 		wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "IEEE 802.1X: Force "
    2476. 

  2476. 			"disconnection after EAP-Failure");
    2477. 

  2477. 		/* Add a small sleep to increase likelihood of previously
    2478. 

  2478. 		 * requested EAP-Failure TX getting out before this should the
    2479. 

  2479. 		 * driver reorder operations.
    2480. 

  2480. 		 */
    2481. 

  2481. 		os_sleep(0, 10000);
    2482. 

  2482. 		ap_sta_disconnect(hapd, sta, sta->addr,
    2483. 

  2483. 				  WLAN_REASON_IEEE_802_1X_AUTH_FAILED);
    2484. 

  2484. 		hostapd_wps_eap_completed(hapd);
    2485. 

  2485. 	}
    2486. 

  2486. }
    2487.