LCOV - code coverage report
Current view: top level - src/ap - ieee802_1x.c (source / functions) Hit Total Coverage
Test: wpa_supplicant/hostapd combined for hwsim test run 1422976643 Lines: 1043 1274 81.9 %
Date: 2015-02-03 Functions: 61 62 98.4 %

          Line data    Source code
       1             : /*
       2             :  * hostapd / IEEE 802.1X-2004 Authenticator
       3             :  * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
       4             :  *
       5             :  * This software may be distributed under the terms of the BSD license.
       6             :  * See README for more details.
       7             :  */
       8             : 
       9             : #include "utils/includes.h"
      10             : 
      11             : #include "utils/common.h"
      12             : #include "utils/eloop.h"
      13             : #include "crypto/md5.h"
      14             : #include "crypto/crypto.h"
      15             : #include "crypto/random.h"
      16             : #include "common/ieee802_11_defs.h"
      17             : #include "radius/radius.h"
      18             : #include "radius/radius_client.h"
      19             : #include "eap_server/eap.h"
      20             : #include "eap_common/eap_wsc_common.h"
      21             : #include "eapol_auth/eapol_auth_sm.h"
      22             : #include "eapol_auth/eapol_auth_sm_i.h"
      23             : #include "p2p/p2p.h"
      24             : #include "hostapd.h"
      25             : #include "accounting.h"
      26             : #include "sta_info.h"
      27             : #include "wpa_auth.h"
      28             : #include "preauth_auth.h"
      29             : #include "pmksa_cache_auth.h"
      30             : #include "ap_config.h"
      31             : #include "ap_drv_ops.h"
      32             : #include "wps_hostapd.h"
      33             : #include "hs20.h"
      34             : #include "ieee802_1x.h"
      35             : 
      36             : 
      37             : static void ieee802_1x_finished(struct hostapd_data *hapd,
      38             :                                 struct sta_info *sta, int success,
      39             :                                 int remediation);
      40             : 
      41             : 
      42        6564 : static void ieee802_1x_send(struct hostapd_data *hapd, struct sta_info *sta,
      43             :                             u8 type, const u8 *data, size_t datalen)
      44             : {
      45             :         u8 *buf;
      46             :         struct ieee802_1x_hdr *xhdr;
      47             :         size_t len;
      48        6564 :         int encrypt = 0;
      49             : 
      50        6564 :         len = sizeof(*xhdr) + datalen;
      51        6564 :         buf = os_zalloc(len);
      52        6564 :         if (buf == NULL) {
      53           3 :                 wpa_printf(MSG_ERROR, "malloc() failed for "
      54             :                            "ieee802_1x_send(len=%lu)",
      55             :                            (unsigned long) len);
      56        6567 :                 return;
      57             :         }
      58             : 
      59        6561 :         xhdr = (struct ieee802_1x_hdr *) buf;
      60        6561 :         xhdr->version = hapd->conf->eapol_version;
      61        6561 :         xhdr->type = type;
      62        6561 :         xhdr->length = host_to_be16(datalen);
      63             : 
      64        6561 :         if (datalen > 0 && data != NULL)
      65        6561 :                 os_memcpy(xhdr + 1, data, datalen);
      66             : 
      67        6561 :         if (wpa_auth_pairwise_set(sta->wpa_sm))
      68         331 :                 encrypt = 1;
      69             : #ifdef CONFIG_TESTING_OPTIONS
      70        6561 :         if (hapd->ext_eapol_frame_io) {
      71          13 :                 size_t hex_len = 2 * len + 1;
      72          13 :                 char *hex = os_malloc(hex_len);
      73             : 
      74          13 :                 if (hex) {
      75          13 :                         wpa_snprintf_hex(hex, hex_len, buf, len);
      76          78 :                         wpa_msg(hapd->msg_ctx, MSG_INFO,
      77             :                                 "EAPOL-TX " MACSTR " %s",
      78          78 :                                 MAC2STR(sta->addr), hex);
      79          13 :                         os_free(hex);
      80             :                 }
      81             :         } else
      82             : #endif /* CONFIG_TESTING_OPTIONS */
      83        6548 :         if (sta->flags & WLAN_STA_PREAUTH) {
      84          10 :                 rsn_preauth_send(hapd, sta, buf, len);
      85             :         } else {
      86       13076 :                 hostapd_drv_hapd_send_eapol(
      87        6538 :                         hapd, sta->addr, buf, len,
      88             :                         encrypt, hostapd_sta_flags_to_drv(sta->flags));
      89             :         }
      90             : 
      91        6561 :         os_free(buf);
      92             : }
      93             : 
      94             : 
      95        4072 : void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd,
      96             :                                    struct sta_info *sta, int authorized)
      97             : {
      98             :         int res;
      99             : 
     100        4072 :         if (sta->flags & WLAN_STA_PREAUTH)
     101        4078 :                 return;
     102             : 
     103        4066 :         if (authorized) {
     104        1295 :                 ap_sta_set_authorized(hapd, sta, 1);
     105        1295 :                 res = hostapd_set_authorized(hapd, sta, 1);
     106        1295 :                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
     107             :                                HOSTAPD_LEVEL_DEBUG, "authorizing port");
     108             :         } else {
     109        2771 :                 ap_sta_set_authorized(hapd, sta, 0);
     110        2771 :                 res = hostapd_set_authorized(hapd, sta, 0);
     111        2771 :                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
     112             :                                HOSTAPD_LEVEL_DEBUG, "unauthorizing port");
     113             :         }
     114             : 
     115        4066 :         if (res && errno != ENOENT) {
     116           7 :                 wpa_printf(MSG_DEBUG, "Could not set station " MACSTR
     117             :                            " flags for kernel driver (errno=%d).",
     118           7 :                            MAC2STR(sta->addr), errno);
     119             :         }
     120             : 
     121        4066 :         if (authorized) {
     122        1295 :                 os_get_reltime(&sta->connected_time);
     123        1295 :                 accounting_sta_start(hapd, sta);
     124             :         }
     125             : }
     126             : 
     127             : 
     128           4 : static void ieee802_1x_tx_key_one(struct hostapd_data *hapd,
     129             :                                   struct sta_info *sta,
     130             :                                   int idx, int broadcast,
     131             :                                   u8 *key_data, size_t key_len)
     132             : {
     133             :         u8 *buf, *ekey;
     134             :         struct ieee802_1x_hdr *hdr;
     135             :         struct ieee802_1x_eapol_key *key;
     136             :         size_t len, ekey_len;
     137           4 :         struct eapol_state_machine *sm = sta->eapol_sm;
     138             : 
     139           4 :         if (sm == NULL)
     140           0 :                 return;
     141             : 
     142           4 :         len = sizeof(*key) + key_len;
     143           4 :         buf = os_zalloc(sizeof(*hdr) + len);
     144           4 :         if (buf == NULL)
     145           0 :                 return;
     146             : 
     147           4 :         hdr = (struct ieee802_1x_hdr *) buf;
     148           4 :         key = (struct ieee802_1x_eapol_key *) (hdr + 1);
     149           4 :         key->type = EAPOL_KEY_TYPE_RC4;
     150           4 :         WPA_PUT_BE16(key->key_length, key_len);
     151           4 :         wpa_get_ntp_timestamp(key->replay_counter);
     152             : 
     153           4 :         if (random_get_bytes(key->key_iv, sizeof(key->key_iv))) {
     154           0 :                 wpa_printf(MSG_ERROR, "Could not get random numbers");
     155           0 :                 os_free(buf);
     156           0 :                 return;
     157             :         }
     158             : 
     159           4 :         key->key_index = idx | (broadcast ? 0 : BIT(7));
     160           4 :         if (hapd->conf->eapol_key_index_workaround) {
     161             :                 /* According to some information, WinXP Supplicant seems to
     162             :                  * interpret bit7 as an indication whether the key is to be
     163             :                  * activated, so make it possible to enable workaround that
     164             :                  * sets this bit for all keys. */
     165           0 :                 key->key_index |= BIT(7);
     166             :         }
     167             : 
     168             :         /* Key is encrypted using "Key-IV + MSK[0..31]" as the RC4-key and
     169             :          * MSK[32..63] is used to sign the message. */
     170           4 :         if (sm->eap_if->eapKeyData == NULL || sm->eap_if->eapKeyDataLen < 64) {
     171           0 :                 wpa_printf(MSG_ERROR, "No eapKeyData available for encrypting "
     172             :                            "and signing EAPOL-Key");
     173           0 :                 os_free(buf);
     174           0 :                 return;
     175             :         }
     176           4 :         os_memcpy((u8 *) (key + 1), key_data, key_len);
     177           4 :         ekey_len = sizeof(key->key_iv) + 32;
     178           4 :         ekey = os_malloc(ekey_len);
     179           4 :         if (ekey == NULL) {
     180           0 :                 wpa_printf(MSG_ERROR, "Could not encrypt key");
     181           0 :                 os_free(buf);
     182           0 :                 return;
     183             :         }
     184           4 :         os_memcpy(ekey, key->key_iv, sizeof(key->key_iv));
     185           4 :         os_memcpy(ekey + sizeof(key->key_iv), sm->eap_if->eapKeyData, 32);
     186           4 :         rc4_skip(ekey, ekey_len, 0, (u8 *) (key + 1), key_len);
     187           4 :         os_free(ekey);
     188             : 
     189             :         /* This header is needed here for HMAC-MD5, but it will be regenerated
     190             :          * in ieee802_1x_send() */
     191           4 :         hdr->version = hapd->conf->eapol_version;
     192           4 :         hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
     193           4 :         hdr->length = host_to_be16(len);
     194           4 :         hmac_md5(sm->eap_if->eapKeyData + 32, 32, buf, sizeof(*hdr) + len,
     195           4 :                  key->key_signature);
     196             : 
     197          28 :         wpa_printf(MSG_DEBUG, "IEEE 802.1X: Sending EAPOL-Key to " MACSTR
     198          24 :                    " (%s index=%d)", MAC2STR(sm->addr),
     199             :                    broadcast ? "broadcast" : "unicast", idx);
     200           4 :         ieee802_1x_send(hapd, sta, IEEE802_1X_TYPE_EAPOL_KEY, (u8 *) key, len);
     201           4 :         if (sta->eapol_sm)
     202           4 :                 sta->eapol_sm->dot1xAuthEapolFramesTx++;
     203           4 :         os_free(buf);
     204             : }
     205             : 
     206             : 
     207           2 : void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta)
     208             : {
     209           2 :         struct eapol_authenticator *eapol = hapd->eapol_auth;
     210           2 :         struct eapol_state_machine *sm = sta->eapol_sm;
     211             : 
     212           2 :         if (sm == NULL || !sm->eap_if->eapKeyData)
     213           0 :                 return;
     214             : 
     215          12 :         wpa_printf(MSG_DEBUG, "IEEE 802.1X: Sending EAPOL-Key(s) to " MACSTR,
     216          12 :                    MAC2STR(sta->addr));
     217             : 
     218             : #ifndef CONFIG_NO_VLAN
     219           2 :         if (sta->vlan_id > 0 && sta->vlan_id <= MAX_VLAN_ID) {
     220           0 :                 wpa_printf(MSG_ERROR, "Using WEP with vlans is not supported.");
     221           0 :                 return;
     222             :         }
     223             : #endif /* CONFIG_NO_VLAN */
     224             : 
     225           2 :         if (eapol->default_wep_key) {
     226           2 :                 ieee802_1x_tx_key_one(hapd, sta, eapol->default_wep_key_idx, 1,
     227             :                                       eapol->default_wep_key,
     228           2 :                                       hapd->conf->default_wep_key_len);
     229             :         }
     230             : 
     231           2 :         if (hapd->conf->individual_wep_key_len > 0) {
     232             :                 u8 *ikey;
     233           2 :                 ikey = os_malloc(hapd->conf->individual_wep_key_len);
     234           4 :                 if (ikey == NULL ||
     235           2 :                     random_get_bytes(ikey, hapd->conf->individual_wep_key_len))
     236             :                 {
     237           0 :                         wpa_printf(MSG_ERROR, "Could not generate random "
     238             :                                    "individual WEP key.");
     239           0 :                         os_free(ikey);
     240           0 :                         return;
     241             :                 }
     242             : 
     243           2 :                 wpa_hexdump_key(MSG_DEBUG, "Individual WEP key",
     244           2 :                                 ikey, hapd->conf->individual_wep_key_len);
     245             : 
     246           2 :                 ieee802_1x_tx_key_one(hapd, sta, 0, 0, ikey,
     247           2 :                                       hapd->conf->individual_wep_key_len);
     248             : 
     249             :                 /* TODO: set encryption in TX callback, i.e., only after STA
     250             :                  * has ACKed EAPOL-Key frame */
     251           4 :                 if (hostapd_drv_set_key(hapd->conf->iface, hapd, WPA_ALG_WEP,
     252           2 :                                         sta->addr, 0, 1, NULL, 0, ikey,
     253           2 :                                         hapd->conf->individual_wep_key_len)) {
     254           0 :                         wpa_printf(MSG_ERROR, "Could not set individual WEP "
     255             :                                    "encryption.");
     256             :                 }
     257             : 
     258           2 :                 os_free(ikey);
     259             :         }
     260             : }
     261             : 
     262             : 
     263        3662 : const char *radius_mode_txt(struct hostapd_data *hapd)
     264             : {
     265        3662 :         switch (hapd->iface->conf->hw_mode) {
     266             :         case HOSTAPD_MODE_IEEE80211AD:
     267           0 :                 return "802.11ad";
     268             :         case HOSTAPD_MODE_IEEE80211A:
     269           0 :                 return "802.11a";
     270             :         case HOSTAPD_MODE_IEEE80211G:
     271        3662 :                 return "802.11g";
     272             :         case HOSTAPD_MODE_IEEE80211B:
     273             :         default:
     274           0 :                 return "802.11b";
     275             :         }
     276             : }
     277             : 
     278             : 
     279        7324 : int radius_sta_rate(struct hostapd_data *hapd, struct sta_info *sta)
     280             : {
     281             :         int i;
     282        7324 :         u8 rate = 0;
     283             : 
     284       95212 :         for (i = 0; i < sta->supported_rates_len; i++)
     285       87888 :                 if ((sta->supported_rates[i] & 0x7f) > rate)
     286       73240 :                         rate = sta->supported_rates[i] & 0x7f;
     287             : 
     288        7324 :         return rate;
     289             : }
     290             : 
     291             : 
     292             : #ifndef CONFIG_NO_RADIUS
     293        3291 : static void ieee802_1x_learn_identity(struct hostapd_data *hapd,
     294             :                                       struct eapol_state_machine *sm,
     295             :                                       const u8 *eap, size_t len)
     296             : {
     297             :         const u8 *identity;
     298             :         size_t identity_len;
     299        3291 :         const struct eap_hdr *hdr = (const struct eap_hdr *) eap;
     300             : 
     301        6582 :         if (len <= sizeof(struct eap_hdr) ||
     302        6567 :             (hdr->code == EAP_CODE_RESPONSE &&
     303        4210 :              eap[sizeof(struct eap_hdr)] != EAP_TYPE_IDENTITY) ||
     304         949 :             (hdr->code == EAP_CODE_INITIATE &&
     305         949 :              eap[sizeof(struct eap_hdr)] != EAP_ERP_TYPE_REAUTH) ||
     306         949 :             (hdr->code != EAP_CODE_RESPONSE &&
     307          15 :              hdr->code != EAP_CODE_INITIATE))
     308        4715 :                 return;
     309             : 
     310         934 :         identity = eap_get_identity(sm->eap, &identity_len);
     311         934 :         if (identity == NULL)
     312           0 :                 return;
     313             : 
     314             :         /* Save station identity for future RADIUS packets */
     315         934 :         os_free(sm->identity);
     316         934 :         sm->identity = (u8 *) dup_binstr(identity, identity_len);
     317         934 :         if (sm->identity == NULL) {
     318           1 :                 sm->identity_len = 0;
     319           1 :                 return;
     320             :         }
     321             : 
     322         933 :         sm->identity_len = identity_len;
     323         933 :         hostapd_logger(hapd, sm->addr, HOSTAPD_MODULE_IEEE8021X,
     324             :                        HOSTAPD_LEVEL_DEBUG, "STA identity '%s'", sm->identity);
     325         933 :         sm->dot1xAuthEapolRespIdFramesRx++;
     326             : }
     327             : 
     328             : 
     329        3614 : static int add_common_radius_sta_attr_rsn(struct hostapd_data *hapd,
     330             :                                           struct hostapd_radius_attr *req_attr,
     331             :                                           struct sta_info *sta,
     332             :                                           struct radius_msg *msg)
     333             : {
     334             :         u32 suite;
     335             :         int ver, val;
     336             : 
     337        3614 :         ver = wpa_auth_sta_wpa_version(sta->wpa_sm);
     338        3614 :         val = wpa_auth_get_pairwise(sta->wpa_sm);
     339        3614 :         suite = wpa_cipher_to_suite(ver, val);
     340        7228 :         if (val != -1 &&
     341        3614 :             !hostapd_config_get_radius_attr(req_attr,
     342        3614 :                                             RADIUS_ATTR_WLAN_PAIRWISE_CIPHER) &&
     343        3614 :             !radius_msg_add_attr_int32(msg, RADIUS_ATTR_WLAN_PAIRWISE_CIPHER,
     344             :                                        suite)) {
     345           0 :                 wpa_printf(MSG_ERROR, "Could not add WLAN-Pairwise-Cipher");
     346           0 :                 return -1;
     347             :         }
     348             : 
     349        3614 :         suite = wpa_cipher_to_suite((hapd->conf->wpa & 0x2) ?
     350             :                                     WPA_PROTO_RSN : WPA_PROTO_WPA,
     351        3614 :                                     hapd->conf->wpa_group);
     352        3614 :         if (!hostapd_config_get_radius_attr(req_attr,
     353        3614 :                                             RADIUS_ATTR_WLAN_GROUP_CIPHER) &&
     354        3614 :             !radius_msg_add_attr_int32(msg, RADIUS_ATTR_WLAN_GROUP_CIPHER,
     355             :                                        suite)) {
     356           0 :                 wpa_printf(MSG_ERROR, "Could not add WLAN-Group-Cipher");
     357           0 :                 return -1;
     358             :         }
     359             : 
     360        3614 :         val = wpa_auth_sta_key_mgmt(sta->wpa_sm);
     361        3614 :         suite = wpa_akm_to_suite(val);
     362        7228 :         if (val != -1 &&
     363        3614 :             !hostapd_config_get_radius_attr(req_attr,
     364        3614 :                                             RADIUS_ATTR_WLAN_AKM_SUITE) &&
     365        3614 :             !radius_msg_add_attr_int32(msg, RADIUS_ATTR_WLAN_AKM_SUITE,
     366             :                                        suite)) {
     367           0 :                 wpa_printf(MSG_ERROR, "Could not add WLAN-AKM-Suite");
     368           0 :                 return -1;
     369             :         }
     370             : 
     371             : #ifdef CONFIG_IEEE80211W
     372        3614 :         if (hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
     373         596 :                 suite = wpa_cipher_to_suite(WPA_PROTO_RSN,
     374         596 :                                             hapd->conf->group_mgmt_cipher);
     375         596 :                 if (!hostapd_config_get_radius_attr(
     376         596 :                             req_attr, RADIUS_ATTR_WLAN_GROUP_MGMT_CIPHER) &&
     377         596 :                     !radius_msg_add_attr_int32(
     378             :                             msg, RADIUS_ATTR_WLAN_GROUP_MGMT_CIPHER, suite)) {
     379           0 :                         wpa_printf(MSG_ERROR,
     380             :                                    "Could not add WLAN-Group-Mgmt-Cipher");
     381           0 :                         return -1;
     382             :                 }
     383             :         }
     384             : #endif /* CONFIG_IEEE80211W */
     385             : 
     386        3614 :         return 0;
     387             : }
     388             : 
     389             : 
     390        3668 : static int add_common_radius_sta_attr(struct hostapd_data *hapd,
     391             :                                       struct hostapd_radius_attr *req_attr,
     392             :                                       struct sta_info *sta,
     393             :                                       struct radius_msg *msg)
     394             : {
     395             :         char buf[128];
     396             : 
     397        3668 :         if (!hostapd_config_get_radius_attr(req_attr,
     398        3668 :                                             RADIUS_ATTR_NAS_PORT) &&
     399        3668 :             !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT, sta->aid)) {
     400           0 :                 wpa_printf(MSG_ERROR, "Could not add NAS-Port");
     401           0 :                 return -1;
     402             :         }
     403             : 
     404       22008 :         os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
     405       22008 :                     MAC2STR(sta->addr));
     406        3668 :         buf[sizeof(buf) - 1] = '\0';
     407        3668 :         if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
     408             :                                  (u8 *) buf, os_strlen(buf))) {
     409           0 :                 wpa_printf(MSG_ERROR, "Could not add Calling-Station-Id");
     410           0 :                 return -1;
     411             :         }
     412             : 
     413        3668 :         if (sta->flags & WLAN_STA_PREAUTH) {
     414           6 :                 os_strlcpy(buf, "IEEE 802.11i Pre-Authentication",
     415             :                            sizeof(buf));
     416             :         } else {
     417       10986 :                 os_snprintf(buf, sizeof(buf), "CONNECT %d%sMbps %s",
     418        3662 :                             radius_sta_rate(hapd, sta) / 2,
     419        3662 :                             (radius_sta_rate(hapd, sta) & 1) ? ".5" : "",
     420             :                             radius_mode_txt(hapd));
     421        3662 :                 buf[sizeof(buf) - 1] = '\0';
     422             :         }
     423        3668 :         if (!hostapd_config_get_radius_attr(req_attr,
     424        3653 :                                             RADIUS_ATTR_CONNECT_INFO) &&
     425        3653 :             !radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
     426             :                                  (u8 *) buf, os_strlen(buf))) {
     427           0 :                 wpa_printf(MSG_ERROR, "Could not add Connect-Info");
     428           0 :                 return -1;
     429             :         }
     430             : 
     431        3668 :         if (sta->acct_session_id_hi || sta->acct_session_id_lo) {
     432        3668 :                 os_snprintf(buf, sizeof(buf), "%08X-%08X",
     433             :                             sta->acct_session_id_hi, sta->acct_session_id_lo);
     434        3668 :                 if (!radius_msg_add_attr(msg, RADIUS_ATTR_ACCT_SESSION_ID,
     435             :                                          (u8 *) buf, os_strlen(buf))) {
     436           0 :                         wpa_printf(MSG_ERROR, "Could not add Acct-Session-Id");
     437           0 :                         return -1;
     438             :                 }
     439             :         }
     440             : 
     441             : #ifdef CONFIG_IEEE80211R
     442        3680 :         if (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) &&
     443          24 :             sta->wpa_sm &&
     444          12 :             (wpa_key_mgmt_ft(wpa_auth_sta_key_mgmt(sta->wpa_sm)) ||
     445          12 :              sta->auth_alg == WLAN_AUTH_FT) &&
     446          12 :             !hostapd_config_get_radius_attr(req_attr,
     447          12 :                                             RADIUS_ATTR_MOBILITY_DOMAIN_ID) &&
     448          12 :             !radius_msg_add_attr_int32(msg, RADIUS_ATTR_MOBILITY_DOMAIN_ID,
     449          12 :                                        WPA_GET_BE16(
     450          12 :                                                hapd->conf->mobility_domain))) {
     451           0 :                 wpa_printf(MSG_ERROR, "Could not add Mobility-Domain-Id");
     452           0 :                 return -1;
     453             :         }
     454             : #endif /* CONFIG_IEEE80211R */
     455             : 
     456        7282 :         if (hapd->conf->wpa && sta->wpa_sm &&
     457        3614 :             add_common_radius_sta_attr_rsn(hapd, req_attr, sta, msg) < 0)
     458           0 :                 return -1;
     459             : 
     460        3668 :         return 0;
     461             : }
     462             : 
     463             : 
     464        3770 : int add_common_radius_attr(struct hostapd_data *hapd,
     465             :                            struct hostapd_radius_attr *req_attr,
     466             :                            struct sta_info *sta,
     467             :                            struct radius_msg *msg)
     468             : {
     469             :         char buf[128];
     470             :         struct hostapd_radius_attr *attr;
     471             : 
     472        3770 :         if (!hostapd_config_get_radius_attr(req_attr,
     473        3770 :                                             RADIUS_ATTR_NAS_IP_ADDRESS) &&
     474        3803 :             hapd->conf->own_ip_addr.af == AF_INET &&
     475          33 :             !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
     476          33 :                                  (u8 *) &hapd->conf->own_ip_addr.u.v4, 4)) {
     477           0 :                 wpa_printf(MSG_ERROR, "Could not add NAS-IP-Address");
     478           0 :                 return -1;
     479             :         }
     480             : 
     481             : #ifdef CONFIG_IPV6
     482        3770 :         if (!hostapd_config_get_radius_attr(req_attr,
     483        3770 :                                             RADIUS_ATTR_NAS_IPV6_ADDRESS) &&
     484        3777 :             hapd->conf->own_ip_addr.af == AF_INET6 &&
     485           7 :             !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IPV6_ADDRESS,
     486           7 :                                  (u8 *) &hapd->conf->own_ip_addr.u.v6, 16)) {
     487           0 :                 wpa_printf(MSG_ERROR, "Could not add NAS-IPv6-Address");
     488           0 :                 return -1;
     489             :         }
     490             : #endif /* CONFIG_IPV6 */
     491             : 
     492        3770 :         if (!hostapd_config_get_radius_attr(req_attr,
     493        3770 :                                             RADIUS_ATTR_NAS_IDENTIFIER) &&
     494        6948 :             hapd->conf->nas_identifier &&
     495        6356 :             !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IDENTIFIER,
     496        3178 :                                  (u8 *) hapd->conf->nas_identifier,
     497        3178 :                                  os_strlen(hapd->conf->nas_identifier))) {
     498           0 :                 wpa_printf(MSG_ERROR, "Could not add NAS-Identifier");
     499           0 :                 return -1;
     500             :         }
     501             : 
     502       30160 :         os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":%s",
     503       22620 :                     MAC2STR(hapd->own_addr),
     504        3770 :                     wpa_ssid_txt(hapd->conf->ssid.ssid,
     505        3770 :                                  hapd->conf->ssid.ssid_len));
     506        3770 :         buf[sizeof(buf) - 1] = '\0';
     507        3770 :         if (!hostapd_config_get_radius_attr(req_attr,
     508        3770 :                                             RADIUS_ATTR_CALLED_STATION_ID) &&
     509        3770 :             !radius_msg_add_attr(msg, RADIUS_ATTR_CALLED_STATION_ID,
     510             :                                  (u8 *) buf, os_strlen(buf))) {
     511           0 :                 wpa_printf(MSG_ERROR, "Could not add Called-Station-Id");
     512           0 :                 return -1;
     513             :         }
     514             : 
     515        3770 :         if (!hostapd_config_get_radius_attr(req_attr,
     516        3770 :                                             RADIUS_ATTR_NAS_PORT_TYPE) &&
     517        3770 :             !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE,
     518             :                                        RADIUS_NAS_PORT_TYPE_IEEE_802_11)) {
     519           0 :                 wpa_printf(MSG_ERROR, "Could not add NAS-Port-Type");
     520           0 :                 return -1;
     521             :         }
     522             : 
     523             : #ifdef CONFIG_INTERWORKING
     524        4355 :         if (hapd->conf->interworking &&
     525         585 :             !is_zero_ether_addr(hapd->conf->hessid)) {
     526        1278 :                 os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
     527        1278 :                             MAC2STR(hapd->conf->hessid));
     528         213 :                 buf[sizeof(buf) - 1] = '\0';
     529         213 :                 if (!hostapd_config_get_radius_attr(req_attr,
     530         213 :                                                     RADIUS_ATTR_WLAN_HESSID) &&
     531         213 :                     !radius_msg_add_attr(msg, RADIUS_ATTR_WLAN_HESSID,
     532             :                                          (u8 *) buf, os_strlen(buf))) {
     533           0 :                         wpa_printf(MSG_ERROR, "Could not add WLAN-HESSID");
     534           0 :                         return -1;
     535             :                 }
     536             :         }
     537             : #endif /* CONFIG_INTERWORKING */
     538             : 
     539        3770 :         if (sta && add_common_radius_sta_attr(hapd, req_attr, sta, msg) < 0)
     540           0 :                 return -1;
     541             : 
     542        3804 :         for (attr = req_attr; attr; attr = attr->next) {
     543          68 :                 if (!radius_msg_add_attr(msg, attr->type,
     544          34 :                                          wpabuf_head(attr->val),
     545          34 :                                          wpabuf_len(attr->val))) {
     546           0 :                         wpa_printf(MSG_ERROR, "Could not add RADIUS "
     547             :                                    "attribute");
     548           0 :                         return -1;
     549             :                 }
     550             :         }
     551             : 
     552        3770 :         return 0;
     553             : }
     554             : 
     555             : 
     556        3291 : static void ieee802_1x_encapsulate_radius(struct hostapd_data *hapd,
     557             :                                           struct sta_info *sta,
     558             :                                           const u8 *eap, size_t len)
     559             : {
     560             :         struct radius_msg *msg;
     561        3291 :         struct eapol_state_machine *sm = sta->eapol_sm;
     562             : 
     563        3291 :         if (sm == NULL)
     564           0 :                 return;
     565             : 
     566        3291 :         ieee802_1x_learn_identity(hapd, sm, eap, len);
     567             : 
     568        3291 :         wpa_printf(MSG_DEBUG, "Encapsulating EAP message into a RADIUS "
     569             :                    "packet");
     570             : 
     571        3291 :         sm->radius_identifier = radius_client_get_id(hapd->radius);
     572        3291 :         msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST,
     573        3291 :                              sm->radius_identifier);
     574        3291 :         if (msg == NULL) {
     575           6 :                 wpa_printf(MSG_INFO, "Could not create new RADIUS packet");
     576           6 :                 return;
     577             :         }
     578             : 
     579        3285 :         radius_msg_make_authenticator(msg, (u8 *) sta, sizeof(*sta));
     580             : 
     581        6569 :         if (sm->identity &&
     582        6568 :             !radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME,
     583        3284 :                                  sm->identity, sm->identity_len)) {
     584           0 :                 wpa_printf(MSG_INFO, "Could not add User-Name");
     585           0 :                 goto fail;
     586             :         }
     587             : 
     588        3285 :         if (add_common_radius_attr(hapd, hapd->conf->radius_auth_req_attr, sta,
     589             :                                    msg) < 0)
     590           0 :                 goto fail;
     591             : 
     592             :         /* TODO: should probably check MTU from driver config; 2304 is max for
     593             :          * IEEE 802.11, but use 1400 to avoid problems with too large packets
     594             :          */
     595        3285 :         if (!hostapd_config_get_radius_attr(hapd->conf->radius_auth_req_attr,
     596        3285 :                                             RADIUS_ATTR_FRAMED_MTU) &&
     597        3285 :             !radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) {
     598           0 :                 wpa_printf(MSG_INFO, "Could not add Framed-MTU");
     599           0 :                 goto fail;
     600             :         }
     601             : 
     602        3285 :         if (eap && !radius_msg_add_eap(msg, eap, len)) {
     603           0 :                 wpa_printf(MSG_INFO, "Could not add EAP-Message");
     604           0 :                 goto fail;
     605             :         }
     606             : 
     607             :         /* State attribute must be copied if and only if this packet is
     608             :          * Access-Request reply to the previous Access-Challenge */
     609        5733 :         if (sm->last_recv_radius &&
     610        2448 :             radius_msg_get_hdr(sm->last_recv_radius)->code ==
     611             :             RADIUS_CODE_ACCESS_CHALLENGE) {
     612        2354 :                 int res = radius_msg_copy_attr(msg, sm->last_recv_radius,
     613             :                                                RADIUS_ATTR_STATE);
     614        2354 :                 if (res < 0) {
     615           0 :                         wpa_printf(MSG_INFO, "Could not copy State attribute from previous Access-Challenge");
     616           0 :                         goto fail;
     617             :                 }
     618        2354 :                 if (res > 0) {
     619        2146 :                         wpa_printf(MSG_DEBUG, "Copied RADIUS State Attribute");
     620             :                 }
     621             :         }
     622             : 
     623        3285 :         if (hapd->conf->radius_request_cui) {
     624             :                 const u8 *cui;
     625             :                 size_t cui_len;
     626             :                 /* Add previously learned CUI or nul CUI to request CUI */
     627           6 :                 if (sm->radius_cui) {
     628           3 :                         cui = wpabuf_head(sm->radius_cui);
     629           3 :                         cui_len = wpabuf_len(sm->radius_cui);
     630             :                 } else {
     631           3 :                         cui = (const u8 *) "\0";
     632           3 :                         cui_len = 1;
     633             :                 }
     634           6 :                 if (!radius_msg_add_attr(msg,
     635             :                                          RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
     636             :                                          cui, cui_len)) {
     637           0 :                         wpa_printf(MSG_ERROR, "Could not add CUI");
     638           0 :                         goto fail;
     639             :                 }
     640             :         }
     641             : 
     642             : #ifdef CONFIG_HS20
     643        3285 :         if (hapd->conf->hs20) {
     644         585 :                 u8 ver = 1; /* Release 2 */
     645         585 :                 if (!radius_msg_add_wfa(
     646             :                             msg, RADIUS_VENDOR_ATTR_WFA_HS20_AP_VERSION,
     647             :                             &ver, 1)) {
     648           0 :                         wpa_printf(MSG_ERROR, "Could not add HS 2.0 AP "
     649             :                                    "version");
     650           0 :                         goto fail;
     651             :                 }
     652             : 
     653         585 :                 if (sta->hs20_ie && wpabuf_len(sta->hs20_ie) > 0) {
     654             :                         const u8 *pos;
     655             :                         u8 buf[3];
     656             :                         u16 id;
     657         555 :                         pos = wpabuf_head_u8(sta->hs20_ie);
     658         555 :                         buf[0] = (*pos) >> 4;
     659        1110 :                         if (((*pos) & HS20_PPS_MO_ID_PRESENT) &&
     660         555 :                             wpabuf_len(sta->hs20_ie) >= 3)
     661         555 :                                 id = WPA_GET_LE16(pos + 1);
     662             :                         else
     663           0 :                                 id = 0;
     664         555 :                         WPA_PUT_BE16(buf + 1, id);
     665         555 :                         if (!radius_msg_add_wfa(
     666             :                                     msg,
     667             :                                     RADIUS_VENDOR_ATTR_WFA_HS20_STA_VERSION,
     668             :                                     buf, sizeof(buf))) {
     669           0 :                                 wpa_printf(MSG_ERROR, "Could not add HS 2.0 "
     670             :                                            "STA version");
     671           0 :                                 goto fail;
     672             :                         }
     673             :                 }
     674             :         }
     675             : #endif /* CONFIG_HS20 */
     676             : 
     677        3285 :         if (radius_client_send(hapd->radius, msg, RADIUS_AUTH, sta->addr) < 0)
     678           0 :                 goto fail;
     679             : 
     680        3285 :         return;
     681             : 
     682             :  fail:
     683           0 :         radius_msg_free(msg);
     684             : }
     685             : #endif /* CONFIG_NO_RADIUS */
     686             : 
     687             : 
     688        5261 : static void handle_eap_response(struct hostapd_data *hapd,
     689             :                                 struct sta_info *sta, struct eap_hdr *eap,
     690             :                                 size_t len)
     691             : {
     692             :         u8 type, *data;
     693        5261 :         struct eapol_state_machine *sm = sta->eapol_sm;
     694        5261 :         if (sm == NULL)
     695           0 :                 return;
     696             : 
     697        5261 :         data = (u8 *) (eap + 1);
     698             : 
     699        5261 :         if (len < sizeof(*eap) + 1) {
     700           0 :                 wpa_printf(MSG_INFO, "handle_eap_response: too short response data");
     701           0 :                 return;
     702             :         }
     703             : 
     704        5261 :         sm->eap_type_supp = type = data[0];
     705             : 
     706       21044 :         hostapd_logger(hapd, sm->addr, HOSTAPD_MODULE_IEEE8021X,
     707             :                        HOSTAPD_LEVEL_DEBUG, "received EAP packet (code=%d "
     708             :                        "id=%d len=%d) from STA: EAP Response-%s (%d)",
     709       15783 :                        eap->code, eap->identifier, be_to_host16(eap->length),
     710             :                        eap_server_get_name(0, type), type);
     711             : 
     712        5261 :         sm->dot1xAuthEapolRespFramesRx++;
     713             : 
     714        5261 :         wpabuf_free(sm->eap_if->eapRespData);
     715        5261 :         sm->eap_if->eapRespData = wpabuf_alloc_copy(eap, len);
     716        5261 :         sm->eapolEap = TRUE;
     717             : }
     718             : 
     719             : 
     720          20 : static void handle_eap_initiate(struct hostapd_data *hapd,
     721             :                                 struct sta_info *sta, struct eap_hdr *eap,
     722             :                                 size_t len)
     723             : {
     724             : #ifdef CONFIG_ERP
     725             :         u8 type, *data;
     726          20 :         struct eapol_state_machine *sm = sta->eapol_sm;
     727             : 
     728          20 :         if (sm == NULL)
     729           0 :                 return;
     730             : 
     731          20 :         if (len < sizeof(*eap) + 1) {
     732           0 :                 wpa_printf(MSG_INFO,
     733             :                            "handle_eap_initiate: too short response data");
     734           0 :                 return;
     735             :         }
     736             : 
     737          20 :         data = (u8 *) (eap + 1);
     738          20 :         type = data[0];
     739             : 
     740          80 :         hostapd_logger(hapd, sm->addr, HOSTAPD_MODULE_IEEE8021X,
     741             :                        HOSTAPD_LEVEL_DEBUG, "received EAP packet (code=%d "
     742             :                        "id=%d len=%d) from STA: EAP Initiate type %u",
     743          60 :                        eap->code, eap->identifier, be_to_host16(eap->length),
     744             :                        type);
     745             : 
     746          20 :         wpabuf_free(sm->eap_if->eapRespData);
     747          20 :         sm->eap_if->eapRespData = wpabuf_alloc_copy(eap, len);
     748          20 :         sm->eapolEap = TRUE;
     749             : #endif /* CONFIG_ERP */
     750             : }
     751             : 
     752             : 
     753             : /* Process incoming EAP packet from Supplicant */
     754        5282 : static void handle_eap(struct hostapd_data *hapd, struct sta_info *sta,
     755             :                        u8 *buf, size_t len)
     756             : {
     757             :         struct eap_hdr *eap;
     758             :         u16 eap_len;
     759             : 
     760        5282 :         if (len < sizeof(*eap)) {
     761           0 :                 wpa_printf(MSG_INFO, "   too short EAP packet");
     762           0 :                 return;
     763             :         }
     764             : 
     765        5282 :         eap = (struct eap_hdr *) buf;
     766             : 
     767        5282 :         eap_len = be_to_host16(eap->length);
     768       15846 :         wpa_printf(MSG_DEBUG, "EAP: code=%d identifier=%d length=%d",
     769       10564 :                    eap->code, eap->identifier, eap_len);
     770        5282 :         if (eap_len < sizeof(*eap)) {
     771           0 :                 wpa_printf(MSG_DEBUG, "   Invalid EAP length");
     772           0 :                 return;
     773        5282 :         } else if (eap_len > len) {
     774           0 :                 wpa_printf(MSG_DEBUG, "   Too short frame to contain this EAP "
     775             :                            "packet");
     776           0 :                 return;
     777        5282 :         } else if (eap_len < len) {
     778           0 :                 wpa_printf(MSG_DEBUG, "   Ignoring %lu extra bytes after EAP "
     779             :                            "packet", (unsigned long) len - eap_len);
     780             :         }
     781             : 
     782        5282 :         switch (eap->code) {
     783             :         case EAP_CODE_REQUEST:
     784           1 :                 wpa_printf(MSG_DEBUG, " (request)");
     785           1 :                 return;
     786             :         case EAP_CODE_RESPONSE:
     787        5261 :                 wpa_printf(MSG_DEBUG, " (response)");
     788        5261 :                 handle_eap_response(hapd, sta, eap, eap_len);
     789        5261 :                 break;
     790             :         case EAP_CODE_SUCCESS:
     791           0 :                 wpa_printf(MSG_DEBUG, " (success)");
     792           0 :                 return;
     793             :         case EAP_CODE_FAILURE:
     794           0 :                 wpa_printf(MSG_DEBUG, " (failure)");
     795           0 :                 return;
     796             :         case EAP_CODE_INITIATE:
     797          20 :                 wpa_printf(MSG_DEBUG, " (initiate)");
     798          20 :                 handle_eap_initiate(hapd, sta, eap, eap_len);
     799          20 :                 break;
     800             :         case EAP_CODE_FINISH:
     801           0 :                 wpa_printf(MSG_DEBUG, " (finish)");
     802           0 :                 break;
     803             :         default:
     804           0 :                 wpa_printf(MSG_DEBUG, " (unknown code)");
     805           0 :                 return;
     806             :         }
     807             : }
     808             : 
     809             : 
     810             : static struct eapol_state_machine *
     811        1222 : ieee802_1x_alloc_eapol_sm(struct hostapd_data *hapd, struct sta_info *sta)
     812             : {
     813        1222 :         int flags = 0;
     814        1222 :         if (sta->flags & WLAN_STA_PREAUTH)
     815           4 :                 flags |= EAPOL_SM_PREAUTH;
     816        1222 :         if (sta->wpa_sm) {
     817         930 :                 flags |= EAPOL_SM_USES_WPA;
     818         930 :                 if (wpa_auth_sta_get_pmksa(sta->wpa_sm))
     819          29 :                         flags |= EAPOL_SM_FROM_PMKSA_CACHE;
     820             :         }
     821        1222 :         return eapol_auth_alloc(hapd->eapol_auth, sta->addr, flags,
     822        1222 :                                 sta->wps_ie, sta->p2p_ie, sta,
     823        1222 :                                 sta->identity, sta->radius_cui);
     824             : }
     825             : 
     826             : 
     827             : /**
     828             :  * ieee802_1x_receive - Process the EAPOL frames from the Supplicant
     829             :  * @hapd: hostapd BSS data
     830             :  * @sa: Source address (sender of the EAPOL frame)
     831             :  * @buf: EAPOL frame
     832             :  * @len: Length of buf in octets
     833             :  *
     834             :  * This function is called for each incoming EAPOL frame from the interface
     835             :  */
     836        8054 : void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
     837             :                         size_t len)
     838             : {
     839             :         struct sta_info *sta;
     840             :         struct ieee802_1x_hdr *hdr;
     841             :         struct ieee802_1x_eapol_key *key;
     842             :         u16 datalen;
     843             :         struct rsn_pmksa_cache_entry *pmksa;
     844             :         int key_mgmt;
     845             : 
     846        8133 :         if (!hapd->conf->ieee802_1x && !hapd->conf->wpa && !hapd->conf->osen &&
     847          79 :             !hapd->conf->wps_state)
     848           0 :                 return;
     849             : 
     850       48324 :         wpa_printf(MSG_DEBUG, "IEEE 802.1X: %lu bytes from " MACSTR,
     851       48324 :                    (unsigned long) len, MAC2STR(sa));
     852        8054 :         sta = ap_get_sta(hapd, sa);
     853        8057 :         if (!sta || (!(sta->flags & (WLAN_STA_ASSOC | WLAN_STA_PREAUTH)) &&
     854           3 :                      !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_WIRED))) {
     855          17 :                 wpa_printf(MSG_DEBUG, "IEEE 802.1X data frame from not "
     856             :                            "associated/Pre-authenticating STA");
     857          17 :                 return;
     858             :         }
     859             : 
     860        8037 :         if (len < sizeof(*hdr)) {
     861           0 :                 wpa_printf(MSG_INFO, "   too short IEEE 802.1X packet");
     862           0 :                 return;
     863             :         }
     864             : 
     865        8037 :         hdr = (struct ieee802_1x_hdr *) buf;
     866        8037 :         datalen = be_to_host16(hdr->length);
     867       24111 :         wpa_printf(MSG_DEBUG, "   IEEE 802.1X: version=%d type=%d length=%d",
     868       16074 :                    hdr->version, hdr->type, datalen);
     869             : 
     870        8037 :         if (len - sizeof(*hdr) < datalen) {
     871           1 :                 wpa_printf(MSG_INFO, "   frame too short for this IEEE 802.1X packet");
     872           1 :                 if (sta->eapol_sm)
     873           0 :                         sta->eapol_sm->dot1xAuthEapLengthErrorFramesRx++;
     874           1 :                 return;
     875             :         }
     876        8036 :         if (len - sizeof(*hdr) > datalen) {
     877           1 :                 wpa_printf(MSG_DEBUG, "   ignoring %lu extra octets after "
     878             :                            "IEEE 802.1X packet",
     879           1 :                            (unsigned long) len - sizeof(*hdr) - datalen);
     880             :         }
     881             : 
     882        8036 :         if (sta->eapol_sm) {
     883        6637 :                 sta->eapol_sm->dot1xAuthLastEapolFrameVersion = hdr->version;
     884        6637 :                 sta->eapol_sm->dot1xAuthEapolFramesRx++;
     885             :         }
     886             : 
     887        8036 :         key = (struct ieee802_1x_eapol_key *) (hdr + 1);
     888       13386 :         if (datalen >= sizeof(struct ieee802_1x_eapol_key) &&
     889        8015 :             hdr->type == IEEE802_1X_TYPE_EAPOL_KEY &&
     890        5256 :             (key->type == EAPOL_KEY_TYPE_WPA ||
     891        2591 :              key->type == EAPOL_KEY_TYPE_RSN)) {
     892        2664 :                 wpa_receive(hapd->wpa_auth, sta->wpa_sm, (u8 *) hdr,
     893             :                             sizeof(*hdr) + datalen);
     894        2664 :                 return;
     895             :         }
     896             : 
     897        6986 :         if (!hapd->conf->ieee802_1x && !hapd->conf->osen &&
     898        1614 :             !(sta->flags & (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS))) {
     899           1 :                 wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore EAPOL message - "
     900             :                            "802.1X not enabled and WPS not used");
     901           1 :                 return;
     902             :         }
     903             : 
     904        5371 :         key_mgmt = wpa_auth_sta_key_mgmt(sta->wpa_sm);
     905        5371 :         if (key_mgmt != -1 && wpa_key_mgmt_wpa_psk(key_mgmt)) {
     906           0 :                 wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore EAPOL message - "
     907             :                            "STA is using PSK");
     908           0 :                 return;
     909             :         }
     910             : 
     911        5371 :         if (!sta->eapol_sm) {
     912           1 :                 sta->eapol_sm = ieee802_1x_alloc_eapol_sm(hapd, sta);
     913           1 :                 if (!sta->eapol_sm)
     914           0 :                         return;
     915             : 
     916             : #ifdef CONFIG_WPS
     917           1 :                 if (!hapd->conf->ieee802_1x && hapd->conf->wps_state) {
     918           0 :                         u32 wflags = sta->flags & (WLAN_STA_WPS |
     919             :                                                    WLAN_STA_WPS2 |
     920             :                                                    WLAN_STA_MAYBE_WPS);
     921           0 :                         if (wflags == WLAN_STA_MAYBE_WPS ||
     922             :                             wflags == (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS)) {
     923             :                                 /*
     924             :                                  * Delay EAPOL frame transmission until a
     925             :                                  * possible WPS STA initiates the handshake
     926             :                                  * with EAPOL-Start. Only allow the wait to be
     927             :                                  * skipped if the STA is known to support WPS
     928             :                                  * 2.0.
     929             :                                  */
     930           0 :                                 wpa_printf(MSG_DEBUG, "WPS: Do not start "
     931             :                                            "EAPOL until EAPOL-Start is "
     932             :                                            "received");
     933           0 :                                 sta->eapol_sm->flags |= EAPOL_SM_WAIT_START;
     934             :                         }
     935             :                 }
     936             : #endif /* CONFIG_WPS */
     937             : 
     938           1 :                 sta->eapol_sm->eap_if->portEnabled = TRUE;
     939             :         }
     940             : 
     941             :         /* since we support version 1, we can ignore version field and proceed
     942             :          * as specified in version 1 standard [IEEE Std 802.1X-2001, 7.5.5] */
     943             :         /* TODO: actually, we are not version 1 anymore.. However, Version 2
     944             :          * does not change frame contents, so should be ok to process frames
     945             :          * more or less identically. Some changes might be needed for
     946             :          * verification of fields. */
     947             : 
     948        5371 :         switch (hdr->type) {
     949             :         case IEEE802_1X_TYPE_EAP_PACKET:
     950        5282 :                 handle_eap(hapd, sta, (u8 *) (hdr + 1), datalen);
     951        5282 :                 break;
     952             : 
     953             :         case IEEE802_1X_TYPE_EAPOL_START:
     954          87 :                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
     955             :                                HOSTAPD_LEVEL_DEBUG, "received EAPOL-Start "
     956             :                                "from STA");
     957          87 :                 sta->eapol_sm->flags &= ~EAPOL_SM_WAIT_START;
     958          87 :                 pmksa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
     959          87 :                 if (pmksa) {
     960           1 :                         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
     961             :                                        HOSTAPD_LEVEL_DEBUG, "cached PMKSA "
     962             :                                        "available - ignore it since "
     963             :                                        "STA sent EAPOL-Start");
     964           1 :                         wpa_auth_sta_clear_pmksa(sta->wpa_sm, pmksa);
     965             :                 }
     966          87 :                 sta->eapol_sm->eapolStart = TRUE;
     967          87 :                 sta->eapol_sm->dot1xAuthEapolStartFramesRx++;
     968          87 :                 eap_server_clear_identity(sta->eapol_sm->eap);
     969          87 :                 wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH_EAPOL);
     970          87 :                 break;
     971             : 
     972             :         case IEEE802_1X_TYPE_EAPOL_LOGOFF:
     973           2 :                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
     974             :                                HOSTAPD_LEVEL_DEBUG, "received EAPOL-Logoff "
     975             :                                "from STA");
     976           2 :                 sta->acct_terminate_cause =
     977             :                         RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
     978           2 :                 accounting_sta_stop(hapd, sta);
     979           2 :                 sta->eapol_sm->eapolLogoff = TRUE;
     980           2 :                 sta->eapol_sm->dot1xAuthEapolLogoffFramesRx++;
     981           2 :                 eap_server_clear_identity(sta->eapol_sm->eap);
     982           2 :                 break;
     983             : 
     984             :         case IEEE802_1X_TYPE_EAPOL_KEY:
     985           0 :                 wpa_printf(MSG_DEBUG, "   EAPOL-Key");
     986           0 :                 if (!ap_sta_is_authorized(sta)) {
     987           0 :                         wpa_printf(MSG_DEBUG, "   Dropped key data from "
     988             :                                    "unauthorized Supplicant");
     989           0 :                         break;
     990             :                 }
     991           0 :                 break;
     992             : 
     993             :         case IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT:
     994           0 :                 wpa_printf(MSG_DEBUG, "   EAPOL-Encapsulated-ASF-Alert");
     995             :                 /* TODO: implement support for this; show data */
     996           0 :                 break;
     997             : 
     998             :         default:
     999           0 :                 wpa_printf(MSG_DEBUG, "   unknown IEEE 802.1X packet type");
    1000           0 :                 sta->eapol_sm->dot1xAuthInvalidEapolFramesRx++;
    1001           0 :                 break;
    1002             :         }
    1003             : 
    1004        5371 :         eapol_auth_step(sta->eapol_sm);
    1005             : }
    1006             : 
    1007             : 
    1008             : /**
    1009             :  * ieee802_1x_new_station - Start IEEE 802.1X authentication
    1010             :  * @hapd: hostapd BSS data
    1011             :  * @sta: The station
    1012             :  *
    1013             :  * This function is called to start IEEE 802.1X authentication when a new
    1014             :  * station completes IEEE 802.11 association.
    1015             :  */
    1016        2465 : void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
    1017             : {
    1018             :         struct rsn_pmksa_cache_entry *pmksa;
    1019        2465 :         int reassoc = 1;
    1020        2465 :         int force_1x = 0;
    1021             :         int key_mgmt;
    1022             : 
    1023             : #ifdef CONFIG_WPS
    1024        3040 :         if (hapd->conf->wps_state &&
    1025        1701 :             ((hapd->conf->wpa && (sta->flags & WLAN_STA_MAYBE_WPS)) ||
    1026         575 :              (sta->flags & WLAN_STA_WPS))) {
    1027             :                 /*
    1028             :                  * Need to enable IEEE 802.1X/EAPOL state machines for possible
    1029             :                  * WPS handshake even if IEEE 802.1X/EAPOL is not used for
    1030             :                  * authentication in this BSS.
    1031             :                  */
    1032         280 :                 force_1x = 1;
    1033             :         }
    1034             : #endif /* CONFIG_WPS */
    1035             : 
    1036        2465 :         if (!force_1x && !hapd->conf->ieee802_1x && !hapd->conf->osen) {
    1037        1190 :                 wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore STA - "
    1038             :                            "802.1X not enabled or forced for WPS");
    1039             :                 /*
    1040             :                  * Clear any possible EAPOL authenticator state to support
    1041             :                  * reassociation change from WPS to PSK.
    1042             :                  */
    1043        1190 :                 ieee802_1x_free_station(sta);
    1044        1190 :                 return;
    1045             :         }
    1046             : 
    1047        1275 :         key_mgmt = wpa_auth_sta_key_mgmt(sta->wpa_sm);
    1048        1275 :         if (key_mgmt != -1 && wpa_key_mgmt_wpa_psk(key_mgmt)) {
    1049           6 :                 wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore STA - using PSK");
    1050             :                 /*
    1051             :                  * Clear any possible EAPOL authenticator state to support
    1052             :                  * reassociation change from WPA-EAP to PSK.
    1053             :                  */
    1054           6 :                 ieee802_1x_free_station(sta);
    1055           6 :                 return;
    1056             :         }
    1057             : 
    1058        1269 :         if (sta->eapol_sm == NULL) {
    1059        1221 :                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1060             :                                HOSTAPD_LEVEL_DEBUG, "start authentication");
    1061        1221 :                 sta->eapol_sm = ieee802_1x_alloc_eapol_sm(hapd, sta);
    1062        1221 :                 if (sta->eapol_sm == NULL) {
    1063           0 :                         hostapd_logger(hapd, sta->addr,
    1064             :                                        HOSTAPD_MODULE_IEEE8021X,
    1065             :                                        HOSTAPD_LEVEL_INFO,
    1066             :                                        "failed to allocate state machine");
    1067           0 :                         return;
    1068             :                 }
    1069        1221 :                 reassoc = 0;
    1070             :         }
    1071             : 
    1072             : #ifdef CONFIG_WPS
    1073        1269 :         sta->eapol_sm->flags &= ~EAPOL_SM_WAIT_START;
    1074        1549 :         if (!hapd->conf->ieee802_1x && hapd->conf->wps_state &&
    1075         280 :             !(sta->flags & WLAN_STA_WPS2)) {
    1076             :                 /*
    1077             :                  * Delay EAPOL frame transmission until a possible WPS STA
    1078             :                  * initiates the handshake with EAPOL-Start. Only allow the
    1079             :                  * wait to be skipped if the STA is known to support WPS 2.0.
    1080             :                  */
    1081           2 :                 wpa_printf(MSG_DEBUG, "WPS: Do not start EAPOL until "
    1082             :                            "EAPOL-Start is received");
    1083           2 :                 sta->eapol_sm->flags |= EAPOL_SM_WAIT_START;
    1084             :         }
    1085             : #endif /* CONFIG_WPS */
    1086             : 
    1087        1269 :         sta->eapol_sm->eap_if->portEnabled = TRUE;
    1088             : 
    1089             : #ifdef CONFIG_IEEE80211R
    1090        1269 :         if (sta->auth_alg == WLAN_AUTH_FT) {
    1091           4 :                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1092             :                                HOSTAPD_LEVEL_DEBUG,
    1093             :                                "PMK from FT - skip IEEE 802.1X/EAP");
    1094             :                 /* Setup EAPOL state machines to already authenticated state
    1095             :                  * because of existing FT information from R0KH. */
    1096           4 :                 sta->eapol_sm->keyRun = TRUE;
    1097           4 :                 sta->eapol_sm->eap_if->eapKeyAvailable = TRUE;
    1098           4 :                 sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING;
    1099           4 :                 sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS;
    1100           4 :                 sta->eapol_sm->authSuccess = TRUE;
    1101           4 :                 sta->eapol_sm->authFail = FALSE;
    1102           4 :                 if (sta->eapol_sm->eap)
    1103           4 :                         eap_sm_notify_cached(sta->eapol_sm->eap);
    1104             :                 /* TODO: get vlan_id from R0KH using RRB message */
    1105           4 :                 return;
    1106             :         }
    1107             : #endif /* CONFIG_IEEE80211R */
    1108             : 
    1109        1265 :         pmksa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
    1110        1265 :         if (pmksa) {
    1111             :                 int old_vlanid;
    1112             : 
    1113          29 :                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1114             :                                HOSTAPD_LEVEL_DEBUG,
    1115             :                                "PMK from PMKSA cache - skip IEEE 802.1X/EAP");
    1116             :                 /* Setup EAPOL state machines to already authenticated state
    1117             :                  * because of existing PMKSA information in the cache. */
    1118          29 :                 sta->eapol_sm->keyRun = TRUE;
    1119          29 :                 sta->eapol_sm->eap_if->eapKeyAvailable = TRUE;
    1120          29 :                 sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING;
    1121          29 :                 sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS;
    1122          29 :                 sta->eapol_sm->authSuccess = TRUE;
    1123          29 :                 sta->eapol_sm->authFail = FALSE;
    1124          29 :                 if (sta->eapol_sm->eap)
    1125          29 :                         eap_sm_notify_cached(sta->eapol_sm->eap);
    1126          29 :                 old_vlanid = sta->vlan_id;
    1127          29 :                 pmksa_cache_to_eapol_data(pmksa, sta->eapol_sm);
    1128          29 :                 if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED)
    1129          29 :                         sta->vlan_id = 0;
    1130          29 :                 ap_sta_bind_vlan(hapd, sta, old_vlanid);
    1131             :         } else {
    1132        1236 :                 if (reassoc) {
    1133             :                         /*
    1134             :                          * Force EAPOL state machines to start
    1135             :                          * re-authentication without having to wait for the
    1136             :                          * Supplicant to send EAPOL-Start.
    1137             :                          */
    1138          48 :                         sta->eapol_sm->reAuthenticate = TRUE;
    1139             :                 }
    1140        1236 :                 eapol_auth_step(sta->eapol_sm);
    1141             :         }
    1142             : }
    1143             : 
    1144             : 
    1145        3707 : void ieee802_1x_free_station(struct sta_info *sta)
    1146             : {
    1147        3707 :         struct eapol_state_machine *sm = sta->eapol_sm;
    1148             : 
    1149        3707 :         if (sm == NULL)
    1150        6192 :                 return;
    1151             : 
    1152        1222 :         sta->eapol_sm = NULL;
    1153             : 
    1154             : #ifndef CONFIG_NO_RADIUS
    1155        1044 :         radius_msg_free(sm->last_recv_radius);
    1156        1044 :         radius_free_class(&sm->radius_class);
    1157        1044 :         wpabuf_free(sm->radius_cui);
    1158             : #endif /* CONFIG_NO_RADIUS */
    1159             : 
    1160        1222 :         os_free(sm->identity);
    1161        1222 :         eapol_auth_free(sm);
    1162             : }
    1163             : 
    1164             : 
    1165             : #ifndef CONFIG_NO_RADIUS
    1166        3266 : static void ieee802_1x_decapsulate_radius(struct hostapd_data *hapd,
    1167             :                                           struct sta_info *sta)
    1168             : {
    1169             :         struct wpabuf *eap;
    1170             :         const struct eap_hdr *hdr;
    1171        3266 :         int eap_type = -1;
    1172             :         char buf[64];
    1173             :         struct radius_msg *msg;
    1174        3266 :         struct eapol_state_machine *sm = sta->eapol_sm;
    1175             : 
    1176        3266 :         if (sm == NULL || sm->last_recv_radius == NULL) {
    1177           0 :                 if (sm)
    1178           0 :                         sm->eap_if->aaaEapNoReq = TRUE;
    1179          12 :                 return;
    1180             :         }
    1181             : 
    1182        3266 :         msg = sm->last_recv_radius;
    1183             : 
    1184        3266 :         eap = radius_msg_get_eap(msg);
    1185        3266 :         if (eap == NULL) {
    1186             :                 /* RFC 3579, Chap. 2.6.3:
    1187             :                  * RADIUS server SHOULD NOT send Access-Reject/no EAP-Message
    1188             :                  * attribute */
    1189          12 :                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1190             :                                HOSTAPD_LEVEL_WARNING, "could not extract "
    1191             :                                "EAP-Message from RADIUS message");
    1192          12 :                 sm->eap_if->aaaEapNoReq = TRUE;
    1193          12 :                 return;
    1194             :         }
    1195             : 
    1196        3254 :         if (wpabuf_len(eap) < sizeof(*hdr)) {
    1197           0 :                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1198             :                                HOSTAPD_LEVEL_WARNING, "too short EAP packet "
    1199             :                                "received from authentication server");
    1200           0 :                 wpabuf_free(eap);
    1201           0 :                 sm->eap_if->aaaEapNoReq = TRUE;
    1202           0 :                 return;
    1203             :         }
    1204             : 
    1205        3254 :         if (wpabuf_len(eap) > sizeof(*hdr))
    1206        2500 :                 eap_type = (wpabuf_head_u8(eap))[sizeof(*hdr)];
    1207             : 
    1208        3254 :         hdr = wpabuf_head(eap);
    1209        3254 :         switch (hdr->code) {
    1210             :         case EAP_CODE_REQUEST:
    1211        2477 :                 if (eap_type >= 0)
    1212        2477 :                         sm->eap_type_authsrv = eap_type;
    1213        2477 :                 os_snprintf(buf, sizeof(buf), "EAP-Request-%s (%d)",
    1214             :                             eap_server_get_name(0, eap_type), eap_type);
    1215        2477 :                 break;
    1216             :         case EAP_CODE_RESPONSE:
    1217           6 :                 os_snprintf(buf, sizeof(buf), "EAP Response-%s (%d)",
    1218             :                             eap_server_get_name(0, eap_type), eap_type);
    1219           6 :                 break;
    1220             :         case EAP_CODE_SUCCESS:
    1221         563 :                 os_strlcpy(buf, "EAP Success", sizeof(buf));
    1222         563 :                 break;
    1223             :         case EAP_CODE_FAILURE:
    1224         193 :                 os_strlcpy(buf, "EAP Failure", sizeof(buf));
    1225         193 :                 break;
    1226             :         default:
    1227          15 :                 os_strlcpy(buf, "unknown EAP code", sizeof(buf));
    1228          15 :                 break;
    1229             :         }
    1230        3254 :         buf[sizeof(buf) - 1] = '\0';
    1231        9762 :         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1232             :                        HOSTAPD_LEVEL_DEBUG, "decapsulated EAP packet (code=%d "
    1233             :                        "id=%d len=%d) from RADIUS server: %s",
    1234        9762 :                        hdr->code, hdr->identifier, be_to_host16(hdr->length),
    1235             :                        buf);
    1236        3254 :         sm->eap_if->aaaEapReq = TRUE;
    1237             : 
    1238        3254 :         wpabuf_free(sm->eap_if->aaaEapReqData);
    1239        3254 :         sm->eap_if->aaaEapReqData = eap;
    1240             : }
    1241             : 
    1242             : 
    1243         569 : static void ieee802_1x_get_keys(struct hostapd_data *hapd,
    1244             :                                 struct sta_info *sta, struct radius_msg *msg,
    1245             :                                 struct radius_msg *req,
    1246             :                                 const u8 *shared_secret,
    1247             :                                 size_t shared_secret_len)
    1248             : {
    1249             :         struct radius_ms_mppe_keys *keys;
    1250         569 :         struct eapol_state_machine *sm = sta->eapol_sm;
    1251         569 :         if (sm == NULL)
    1252         569 :                 return;
    1253             : 
    1254         569 :         keys = radius_msg_get_ms_keys(msg, req, shared_secret,
    1255             :                                       shared_secret_len);
    1256             : 
    1257        1133 :         if (keys && keys->send && keys->recv) {
    1258         564 :                 size_t len = keys->send_len + keys->recv_len;
    1259        1128 :                 wpa_hexdump_key(MSG_DEBUG, "MS-MPPE-Send-Key",
    1260         564 :                                 keys->send, keys->send_len);
    1261        1128 :                 wpa_hexdump_key(MSG_DEBUG, "MS-MPPE-Recv-Key",
    1262         564 :                                 keys->recv, keys->recv_len);
    1263             : 
    1264         564 :                 os_free(sm->eap_if->aaaEapKeyData);
    1265         564 :                 sm->eap_if->aaaEapKeyData = os_malloc(len);
    1266         564 :                 if (sm->eap_if->aaaEapKeyData) {
    1267         564 :                         os_memcpy(sm->eap_if->aaaEapKeyData, keys->recv,
    1268             :                                   keys->recv_len);
    1269         564 :                         os_memcpy(sm->eap_if->aaaEapKeyData + keys->recv_len,
    1270             :                                   keys->send, keys->send_len);
    1271         564 :                         sm->eap_if->aaaEapKeyDataLen = len;
    1272         564 :                         sm->eap_if->aaaEapKeyAvailable = TRUE;
    1273             :                 }
    1274             :         } else {
    1275           5 :                 wpa_printf(MSG_DEBUG,
    1276             :                            "MS-MPPE: 1x_get_keys, could not get keys: %p  send: %p  recv: %p",
    1277             :                            keys, keys ? keys->send : NULL,
    1278             :                            keys ? keys->recv : NULL);
    1279             :         }
    1280             : 
    1281         569 :         if (keys) {
    1282         568 :                 os_free(keys->send);
    1283         568 :                 os_free(keys->recv);
    1284         568 :                 os_free(keys);
    1285             :         }
    1286             : }
    1287             : 
    1288             : 
    1289         569 : static void ieee802_1x_store_radius_class(struct hostapd_data *hapd,
    1290             :                                           struct sta_info *sta,
    1291             :                                           struct radius_msg *msg)
    1292             : {
    1293             :         u8 *class;
    1294             :         size_t class_len;
    1295         569 :         struct eapol_state_machine *sm = sta->eapol_sm;
    1296             :         int count, i;
    1297             :         struct radius_attr_data *nclass;
    1298             :         size_t nclass_count;
    1299             : 
    1300         569 :         if (!hapd->conf->radius->acct_server || hapd->radius == NULL ||
    1301             :             sm == NULL)
    1302         942 :                 return;
    1303             : 
    1304         191 :         radius_free_class(&sm->radius_class);
    1305         191 :         count = radius_msg_count_attr(msg, RADIUS_ATTR_CLASS, 1);
    1306         191 :         if (count <= 0)
    1307         186 :                 return;
    1308             : 
    1309           5 :         nclass = os_calloc(count, sizeof(struct radius_attr_data));
    1310           5 :         if (nclass == NULL)
    1311           0 :                 return;
    1312             : 
    1313           5 :         nclass_count = 0;
    1314             : 
    1315           5 :         class = NULL;
    1316          10 :         for (i = 0; i < count; i++) {
    1317             :                 do {
    1318           5 :                         if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CLASS,
    1319             :                                                     &class, &class_len,
    1320             :                                                     class) < 0) {
    1321           0 :                                 i = count;
    1322           0 :                                 break;
    1323             :                         }
    1324           5 :                 } while (class_len < 1);
    1325             : 
    1326           5 :                 nclass[nclass_count].data = os_malloc(class_len);
    1327           5 :                 if (nclass[nclass_count].data == NULL)
    1328           0 :                         break;
    1329             : 
    1330           5 :                 os_memcpy(nclass[nclass_count].data, class, class_len);
    1331           5 :                 nclass[nclass_count].len = class_len;
    1332           5 :                 nclass_count++;
    1333             :         }
    1334             : 
    1335           5 :         sm->radius_class.attr = nclass;
    1336           5 :         sm->radius_class.count = nclass_count;
    1337          30 :         wpa_printf(MSG_DEBUG, "IEEE 802.1X: Stored %lu RADIUS Class "
    1338             :                    "attributes for " MACSTR,
    1339             :                    (unsigned long) sm->radius_class.count,
    1340          30 :                    MAC2STR(sta->addr));
    1341             : }
    1342             : 
    1343             : 
    1344             : /* Update sta->identity based on User-Name attribute in Access-Accept */
    1345         569 : static void ieee802_1x_update_sta_identity(struct hostapd_data *hapd,
    1346             :                                            struct sta_info *sta,
    1347             :                                            struct radius_msg *msg)
    1348             : {
    1349             :         u8 *buf, *identity;
    1350             :         size_t len;
    1351         569 :         struct eapol_state_machine *sm = sta->eapol_sm;
    1352             : 
    1353         569 :         if (sm == NULL)
    1354         569 :                 return;
    1355             : 
    1356         569 :         if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_USER_NAME, &buf, &len,
    1357             :                                     NULL) < 0)
    1358         569 :                 return;
    1359             : 
    1360           0 :         identity = (u8 *) dup_binstr(buf, len);
    1361           0 :         if (identity == NULL)
    1362           0 :                 return;
    1363             : 
    1364           0 :         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1365             :                        HOSTAPD_LEVEL_DEBUG, "old identity '%s' updated with "
    1366             :                        "User-Name from Access-Accept '%s'",
    1367           0 :                        sm->identity ? (char *) sm->identity : "N/A",
    1368             :                        (char *) identity);
    1369             : 
    1370           0 :         os_free(sm->identity);
    1371           0 :         sm->identity = identity;
    1372           0 :         sm->identity_len = len;
    1373             : }
    1374             : 
    1375             : 
    1376             : /* Update CUI based on Chargeable-User-Identity attribute in Access-Accept */
    1377         569 : static void ieee802_1x_update_sta_cui(struct hostapd_data *hapd,
    1378             :                                       struct sta_info *sta,
    1379             :                                       struct radius_msg *msg)
    1380             : {
    1381         569 :         struct eapol_state_machine *sm = sta->eapol_sm;
    1382             :         struct wpabuf *cui;
    1383             :         u8 *buf;
    1384             :         size_t len;
    1385             : 
    1386         569 :         if (sm == NULL)
    1387         564 :                 return;
    1388             : 
    1389         569 :         if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
    1390             :                                     &buf, &len, NULL) < 0)
    1391         564 :                 return;
    1392             : 
    1393           5 :         cui = wpabuf_alloc_copy(buf, len);
    1394           5 :         if (cui == NULL)
    1395           0 :                 return;
    1396             : 
    1397           5 :         wpabuf_free(sm->radius_cui);
    1398           5 :         sm->radius_cui = cui;
    1399             : }
    1400             : 
    1401             : 
    1402             : #ifdef CONFIG_HS20
    1403             : 
    1404           2 : static void ieee802_1x_hs20_sub_rem(struct sta_info *sta, u8 *pos, size_t len)
    1405             : {
    1406           2 :         sta->remediation = 1;
    1407           2 :         os_free(sta->remediation_url);
    1408           2 :         if (len > 2) {
    1409           2 :                 sta->remediation_url = os_malloc(len);
    1410           2 :                 if (!sta->remediation_url)
    1411           2 :                         return;
    1412           2 :                 sta->remediation_method = pos[0];
    1413           2 :                 os_memcpy(sta->remediation_url, pos + 1, len - 1);
    1414           2 :                 sta->remediation_url[len - 1] = '\0';
    1415          16 :                 wpa_printf(MSG_DEBUG, "HS 2.0: Subscription remediation needed "
    1416             :                            "for " MACSTR " - server method %u URL %s",
    1417          14 :                            MAC2STR(sta->addr), sta->remediation_method,
    1418             :                            sta->remediation_url);
    1419             :         } else {
    1420           0 :                 sta->remediation_url = NULL;
    1421           0 :                 wpa_printf(MSG_DEBUG, "HS 2.0: Subscription remediation needed "
    1422           0 :                            "for " MACSTR, MAC2STR(sta->addr));
    1423             :         }
    1424             :         /* TODO: assign the STA into remediation VLAN or add filtering */
    1425             : }
    1426             : 
    1427             : 
    1428           1 : static void ieee802_1x_hs20_deauth_req(struct hostapd_data *hapd,
    1429             :                                        struct sta_info *sta, u8 *pos,
    1430             :                                        size_t len)
    1431             : {
    1432           1 :         if (len < 3)
    1433           1 :                 return; /* Malformed information */
    1434           1 :         sta->hs20_deauth_requested = 1;
    1435           2 :         wpa_printf(MSG_DEBUG, "HS 2.0: Deauthentication request - Code %u  "
    1436             :                    "Re-auth Delay %u",
    1437           2 :                    *pos, WPA_GET_LE16(pos + 1));
    1438           1 :         wpabuf_free(sta->hs20_deauth_req);
    1439           1 :         sta->hs20_deauth_req = wpabuf_alloc(len + 1);
    1440           1 :         if (sta->hs20_deauth_req) {
    1441           1 :                 wpabuf_put_data(sta->hs20_deauth_req, pos, 3);
    1442           1 :                 wpabuf_put_u8(sta->hs20_deauth_req, len - 3);
    1443           1 :                 wpabuf_put_data(sta->hs20_deauth_req, pos + 3, len - 3);
    1444             :         }
    1445           1 :         ap_sta_session_timeout(hapd, sta, hapd->conf->hs20_deauth_req_timeout);
    1446             : }
    1447             : 
    1448             : 
    1449           1 : static void ieee802_1x_hs20_session_info(struct hostapd_data *hapd,
    1450             :                                          struct sta_info *sta, u8 *pos,
    1451             :                                          size_t len, int session_timeout)
    1452             : {
    1453             :         unsigned int swt;
    1454             :         int warning_time, beacon_int;
    1455             : 
    1456           1 :         if (len < 1)
    1457           0 :                 return; /* Malformed information */
    1458           1 :         os_free(sta->hs20_session_info_url);
    1459           1 :         sta->hs20_session_info_url = os_malloc(len);
    1460           1 :         if (sta->hs20_session_info_url == NULL)
    1461           0 :                 return;
    1462           1 :         swt = pos[0];
    1463           1 :         os_memcpy(sta->hs20_session_info_url, pos + 1, len - 1);
    1464           1 :         sta->hs20_session_info_url[len - 1] = '\0';
    1465           1 :         wpa_printf(MSG_DEBUG, "HS 2.0: Session Information URL='%s' SWT=%u "
    1466             :                    "(session_timeout=%d)",
    1467             :                    sta->hs20_session_info_url, swt, session_timeout);
    1468           1 :         if (session_timeout < 0) {
    1469           0 :                 wpa_printf(MSG_DEBUG, "HS 2.0: No Session-Timeout set - ignore session info URL");
    1470           0 :                 return;
    1471             :         }
    1472           1 :         if (swt == 255)
    1473           0 :                 swt = 1; /* Use one minute as the AP selected value */
    1474             : 
    1475           1 :         if ((unsigned int) session_timeout < swt * 60)
    1476           0 :                 warning_time = 0;
    1477             :         else
    1478           1 :                 warning_time = session_timeout - swt * 60;
    1479             : 
    1480           1 :         beacon_int = hapd->iconf->beacon_int;
    1481           1 :         if (beacon_int < 1)
    1482           0 :                 beacon_int = 100; /* best guess */
    1483           1 :         sta->hs20_disassoc_timer = swt * 60 * 1000 / beacon_int * 125 / 128;
    1484           1 :         if (sta->hs20_disassoc_timer > 65535)
    1485           0 :                 sta->hs20_disassoc_timer = 65535;
    1486             : 
    1487           1 :         ap_sta_session_warning_timeout(hapd, sta, warning_time);
    1488             : }
    1489             : 
    1490             : #endif /* CONFIG_HS20 */
    1491             : 
    1492             : 
    1493         569 : static void ieee802_1x_check_hs20(struct hostapd_data *hapd,
    1494             :                                   struct sta_info *sta,
    1495             :                                   struct radius_msg *msg,
    1496             :                                   int session_timeout)
    1497             : {
    1498             : #ifdef CONFIG_HS20
    1499             :         u8 *buf, *pos, *end, type, sublen;
    1500             :         size_t len;
    1501             : 
    1502         569 :         buf = NULL;
    1503         569 :         sta->remediation = 0;
    1504         569 :         sta->hs20_deauth_requested = 0;
    1505             : 
    1506             :         for (;;) {
    1507        1709 :                 if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_VENDOR_SPECIFIC,
    1508             :                                             &buf, &len, buf) < 0)
    1509         569 :                         break;
    1510        1140 :                 if (len < 6)
    1511           0 :                         continue;
    1512        1140 :                 pos = buf;
    1513        1140 :                 end = buf + len;
    1514        1140 :                 if (WPA_GET_BE32(pos) != RADIUS_VENDOR_ID_WFA)
    1515        1136 :                         continue;
    1516           4 :                 pos += 4;
    1517             : 
    1518           4 :                 type = *pos++;
    1519           4 :                 sublen = *pos++;
    1520           4 :                 if (sublen < 2)
    1521           0 :                         continue; /* invalid length */
    1522           4 :                 sublen -= 2; /* skip header */
    1523           4 :                 if (pos + sublen > end)
    1524           0 :                         continue; /* invalid WFA VSA */
    1525             : 
    1526           4 :                 switch (type) {
    1527             :                 case RADIUS_VENDOR_ATTR_WFA_HS20_SUBSCR_REMEDIATION:
    1528           2 :                         ieee802_1x_hs20_sub_rem(sta, pos, sublen);
    1529           2 :                         break;
    1530             :                 case RADIUS_VENDOR_ATTR_WFA_HS20_DEAUTH_REQ:
    1531           1 :                         ieee802_1x_hs20_deauth_req(hapd, sta, pos, sublen);
    1532           1 :                         break;
    1533             :                 case RADIUS_VENDOR_ATTR_WFA_HS20_SESSION_INFO_URL:
    1534           1 :                         ieee802_1x_hs20_session_info(hapd, sta, pos, sublen,
    1535             :                                                      session_timeout);
    1536           1 :                         break;
    1537             :                 }
    1538        1140 :         }
    1539             : #endif /* CONFIG_HS20 */
    1540         569 : }
    1541             : 
    1542             : 
    1543             : struct sta_id_search {
    1544             :         u8 identifier;
    1545             :         struct eapol_state_machine *sm;
    1546             : };
    1547             : 
    1548             : 
    1549        3312 : static int ieee802_1x_select_radius_identifier(struct hostapd_data *hapd,
    1550             :                                                struct sta_info *sta,
    1551             :                                                void *ctx)
    1552             : {
    1553        3312 :         struct sta_id_search *id_search = ctx;
    1554        3312 :         struct eapol_state_machine *sm = sta->eapol_sm;
    1555             : 
    1556        6588 :         if (sm && sm->radius_identifier >= 0 &&
    1557        3276 :             sm->radius_identifier == id_search->identifier) {
    1558        3269 :                 id_search->sm = sm;
    1559        3269 :                 return 1;
    1560             :         }
    1561          43 :         return 0;
    1562             : }
    1563             : 
    1564             : 
    1565             : static struct eapol_state_machine *
    1566        3269 : ieee802_1x_search_radius_identifier(struct hostapd_data *hapd, u8 identifier)
    1567             : {
    1568             :         struct sta_id_search id_search;
    1569        3269 :         id_search.identifier = identifier;
    1570        3269 :         id_search.sm = NULL;
    1571        3269 :         ap_for_each_sta(hapd, ieee802_1x_select_radius_identifier, &id_search);
    1572        3269 :         return id_search.sm;
    1573             : }
    1574             : 
    1575             : 
    1576             : /**
    1577             :  * ieee802_1x_receive_auth - Process RADIUS frames from Authentication Server
    1578             :  * @msg: RADIUS response message
    1579             :  * @req: RADIUS request message
    1580             :  * @shared_secret: RADIUS shared secret
    1581             :  * @shared_secret_len: Length of shared_secret in octets
    1582             :  * @data: Context data (struct hostapd_data *)
    1583             :  * Returns: Processing status
    1584             :  */
    1585             : static RadiusRxResult
    1586        3269 : ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
    1587             :                         const u8 *shared_secret, size_t shared_secret_len,
    1588             :                         void *data)
    1589             : {
    1590        3269 :         struct hostapd_data *hapd = data;
    1591             :         struct sta_info *sta;
    1592        3269 :         u32 session_timeout = 0, termination_action, acct_interim_interval;
    1593        3269 :         int session_timeout_set, old_vlanid = 0;
    1594             :         struct eapol_state_machine *sm;
    1595        3269 :         int override_eapReq = 0;
    1596        3269 :         struct radius_hdr *hdr = radius_msg_get_hdr(msg);
    1597             : 
    1598        3269 :         sm = ieee802_1x_search_radius_identifier(hapd, hdr->identifier);
    1599        3269 :         if (sm == NULL) {
    1600           0 :                 wpa_printf(MSG_DEBUG, "IEEE 802.1X: Could not find matching "
    1601             :                            "station for this RADIUS message");
    1602           0 :                 return RADIUS_RX_UNKNOWN;
    1603             :         }
    1604        3269 :         sta = sm->sta;
    1605             : 
    1606             :         /* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be
    1607             :          * present when packet contains an EAP-Message attribute */
    1608        3358 :         if (hdr->code == RADIUS_CODE_ACCESS_REJECT &&
    1609          89 :             radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,
    1610           0 :                                 0) < 0 &&
    1611           0 :             radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {
    1612           0 :                 wpa_printf(MSG_DEBUG, "Allowing RADIUS Access-Reject without "
    1613             :                            "Message-Authenticator since it does not include "
    1614             :                            "EAP-Message");
    1615        3269 :         } else if (radius_msg_verify(msg, shared_secret, shared_secret_len,
    1616             :                                      req, 1)) {
    1617           3 :                 wpa_printf(MSG_INFO, "Incoming RADIUS packet did not have correct Message-Authenticator - dropped");
    1618           3 :                 return RADIUS_RX_INVALID_AUTHENTICATOR;
    1619             :         }
    1620             : 
    1621        5962 :         if (hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
    1622        5303 :             hdr->code != RADIUS_CODE_ACCESS_REJECT &&
    1623        2607 :             hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {
    1624           0 :                 wpa_printf(MSG_INFO, "Unknown RADIUS message code");
    1625           0 :                 return RADIUS_RX_UNKNOWN;
    1626             :         }
    1627             : 
    1628        3266 :         sm->radius_identifier = -1;
    1629       19596 :         wpa_printf(MSG_DEBUG, "RADIUS packet matching with station " MACSTR,
    1630       19596 :                    MAC2STR(sta->addr));
    1631             : 
    1632        3266 :         radius_msg_free(sm->last_recv_radius);
    1633        3266 :         sm->last_recv_radius = msg;
    1634             : 
    1635        3266 :         session_timeout_set =
    1636        3266 :                 !radius_msg_get_attr_int32(msg, RADIUS_ATTR_SESSION_TIMEOUT,
    1637             :                                            &session_timeout);
    1638        3266 :         if (radius_msg_get_attr_int32(msg, RADIUS_ATTR_TERMINATION_ACTION,
    1639             :                                       &termination_action))
    1640        3266 :                 termination_action = RADIUS_TERMINATION_ACTION_DEFAULT;
    1641             : 
    1642        6526 :         if (hapd->conf->acct_interim_interval == 0 &&
    1643        3828 :             hdr->code == RADIUS_CODE_ACCESS_ACCEPT &&
    1644         568 :             radius_msg_get_attr_int32(msg, RADIUS_ATTR_ACCT_INTERIM_INTERVAL,
    1645             :                                       &acct_interim_interval) == 0) {
    1646           0 :                 if (acct_interim_interval < 60) {
    1647           0 :                         hostapd_logger(hapd, sta->addr,
    1648             :                                        HOSTAPD_MODULE_IEEE8021X,
    1649             :                                        HOSTAPD_LEVEL_INFO,
    1650             :                                        "ignored too small "
    1651             :                                        "Acct-Interim-Interval %d",
    1652             :                                        acct_interim_interval);
    1653             :                 } else
    1654           0 :                         sta->acct_interim_interval = acct_interim_interval;
    1655             :         }
    1656             : 
    1657             : 
    1658        3266 :         switch (hdr->code) {
    1659             :         case RADIUS_CODE_ACCESS_ACCEPT:
    1660         570 :                 if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED)
    1661         563 :                         sta->vlan_id = 0;
    1662             : #ifndef CONFIG_NO_VLAN
    1663             :                 else {
    1664           7 :                         old_vlanid = sta->vlan_id;
    1665           7 :                         sta->vlan_id = radius_msg_get_vlanid(msg);
    1666             :                 }
    1667         575 :                 if (sta->vlan_id > 0 &&
    1668           5 :                     hostapd_vlan_id_valid(hapd->conf->vlan, sta->vlan_id)) {
    1669           5 :                         hostapd_logger(hapd, sta->addr,
    1670             :                                        HOSTAPD_MODULE_RADIUS,
    1671             :                                        HOSTAPD_LEVEL_INFO,
    1672             :                                        "VLAN ID %d", sta->vlan_id);
    1673         565 :                 } else if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_REQUIRED) {
    1674           1 :                         sta->eapol_sm->authFail = TRUE;
    1675           1 :                         hostapd_logger(hapd, sta->addr,
    1676             :                                        HOSTAPD_MODULE_IEEE8021X,
    1677             :                                        HOSTAPD_LEVEL_INFO, "authentication "
    1678             :                                        "server did not include required VLAN "
    1679             :                                        "ID in Access-Accept");
    1680           1 :                         break;
    1681             :                 }
    1682             : #endif /* CONFIG_NO_VLAN */
    1683             : 
    1684         569 :                 if (ap_sta_bind_vlan(hapd, sta, old_vlanid) < 0)
    1685           0 :                         break;
    1686             : 
    1687         569 :                 sta->session_timeout_set = !!session_timeout_set;
    1688         569 :                 sta->session_timeout = session_timeout;
    1689             : 
    1690             :                 /* RFC 3580, Ch. 3.17 */
    1691         569 :                 if (session_timeout_set && termination_action ==
    1692             :                     RADIUS_TERMINATION_ACTION_RADIUS_REQUEST) {
    1693           0 :                         sm->reAuthPeriod = session_timeout;
    1694         569 :                 } else if (session_timeout_set)
    1695           9 :                         ap_sta_session_timeout(hapd, sta, session_timeout);
    1696             : 
    1697         569 :                 sm->eap_if->aaaSuccess = TRUE;
    1698         569 :                 override_eapReq = 1;
    1699         569 :                 ieee802_1x_get_keys(hapd, sta, msg, req, shared_secret,
    1700             :                                     shared_secret_len);
    1701         569 :                 ieee802_1x_store_radius_class(hapd, sta, msg);
    1702         569 :                 ieee802_1x_update_sta_identity(hapd, sta, msg);
    1703         569 :                 ieee802_1x_update_sta_cui(hapd, sta, msg);
    1704         578 :                 ieee802_1x_check_hs20(hapd, sta, msg,
    1705             :                                       session_timeout_set ?
    1706           9 :                                       (int) session_timeout : -1);
    1707         569 :                 if (sm->eap_if->eapKeyAvailable && !sta->remediation &&
    1708           0 :                     !sta->hs20_deauth_requested &&
    1709           0 :                     wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt,
    1710             :                                        session_timeout_set ?
    1711           0 :                                        (int) session_timeout : -1, sm) == 0) {
    1712           0 :                         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
    1713             :                                        HOSTAPD_LEVEL_DEBUG,
    1714             :                                        "Added PMKSA cache entry");
    1715             :                 }
    1716         569 :                 break;
    1717             :         case RADIUS_CODE_ACCESS_REJECT:
    1718          89 :                 sm->eap_if->aaaFail = TRUE;
    1719          89 :                 override_eapReq = 1;
    1720          89 :                 break;
    1721             :         case RADIUS_CODE_ACCESS_CHALLENGE:
    1722        2607 :                 sm->eap_if->aaaEapReq = TRUE;
    1723        2607 :                 if (session_timeout_set) {
    1724             :                         /* RFC 2869, Ch. 2.3.2; RFC 3580, Ch. 3.17 */
    1725           0 :                         sm->eap_if->aaaMethodTimeout = session_timeout;
    1726           0 :                         hostapd_logger(hapd, sm->addr,
    1727             :                                        HOSTAPD_MODULE_IEEE8021X,
    1728             :                                        HOSTAPD_LEVEL_DEBUG,
    1729             :                                        "using EAP timeout of %d seconds (from "
    1730             :                                        "RADIUS)",
    1731           0 :                                        sm->eap_if->aaaMethodTimeout);
    1732             :                 } else {
    1733             :                         /*
    1734             :                          * Use dynamic retransmission behavior per EAP
    1735             :                          * specification.
    1736             :                          */
    1737        2607 :                         sm->eap_if->aaaMethodTimeout = 0;
    1738             :                 }
    1739        2607 :                 break;
    1740             :         }
    1741             : 
    1742        3266 :         ieee802_1x_decapsulate_radius(hapd, sta);
    1743        3266 :         if (override_eapReq)
    1744         658 :                 sm->eap_if->aaaEapReq = FALSE;
    1745             : 
    1746        3266 :         eapol_auth_step(sm);
    1747             : 
    1748        3266 :         return RADIUS_RX_QUEUED;
    1749             : }
    1750             : #endif /* CONFIG_NO_RADIUS */
    1751             : 
    1752             : 
    1753        1245 : void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta)
    1754             : {
    1755        1245 :         struct eapol_state_machine *sm = sta->eapol_sm;
    1756        1245 :         if (sm == NULL)
    1757        2467 :                 return;
    1758             : 
    1759          23 :         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    1760             :                        HOSTAPD_LEVEL_DEBUG, "aborting authentication");
    1761             : 
    1762             : #ifndef CONFIG_NO_RADIUS
    1763          23 :         radius_msg_free(sm->last_recv_radius);
    1764          23 :         sm->last_recv_radius = NULL;
    1765             : #endif /* CONFIG_NO_RADIUS */
    1766             : 
    1767          23 :         if (sm->eap_if->eapTimeout) {
    1768             :                 /*
    1769             :                  * Disconnect the STA since it did not reply to the last EAP
    1770             :                  * request and we cannot continue EAP processing (EAP-Failure
    1771             :                  * could only be sent if the EAP peer actually replied).
    1772             :                  */
    1773           0 :                 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "EAP Timeout, STA " MACSTR,
    1774             :                         MAC2STR(sta->addr));
    1775             : 
    1776           0 :                 sm->eap_if->portEnabled = FALSE;
    1777           0 :                 ap_sta_disconnect(hapd, sta, sta->addr,
    1778             :                                   WLAN_REASON_PREV_AUTH_NOT_VALID);
    1779             :         }
    1780             : }
    1781             : 
    1782             : 
    1783           2 : static int ieee802_1x_rekey_broadcast(struct hostapd_data *hapd)
    1784             : {
    1785           2 :         struct eapol_authenticator *eapol = hapd->eapol_auth;
    1786             : 
    1787           2 :         if (hapd->conf->default_wep_key_len < 1)
    1788           0 :                 return 0;
    1789             : 
    1790           2 :         os_free(eapol->default_wep_key);
    1791           2 :         eapol->default_wep_key = os_malloc(hapd->conf->default_wep_key_len);
    1792           4 :         if (eapol->default_wep_key == NULL ||
    1793           2 :             random_get_bytes(eapol->default_wep_key,
    1794             :                              hapd->conf->default_wep_key_len)) {
    1795           0 :                 wpa_printf(MSG_INFO, "Could not generate random WEP key");
    1796           0 :                 os_free(eapol->default_wep_key);
    1797           0 :                 eapol->default_wep_key = NULL;
    1798           0 :                 return -1;
    1799             :         }
    1800             : 
    1801           4 :         wpa_hexdump_key(MSG_DEBUG, "IEEE 802.1X: New default WEP key",
    1802           2 :                         eapol->default_wep_key,
    1803           2 :                         hapd->conf->default_wep_key_len);
    1804             : 
    1805           2 :         return 0;
    1806             : }
    1807             : 
    1808             : 
    1809           0 : static int ieee802_1x_sta_key_available(struct hostapd_data *hapd,
    1810             :                                         struct sta_info *sta, void *ctx)
    1811             : {
    1812           0 :         if (sta->eapol_sm) {
    1813           0 :                 sta->eapol_sm->eap_if->eapKeyAvailable = TRUE;
    1814           0 :                 eapol_auth_step(sta->eapol_sm);
    1815             :         }
    1816           0 :         return 0;
    1817             : }
    1818             : 
    1819             : 
    1820           2 : static void ieee802_1x_rekey(void *eloop_ctx, void *timeout_ctx)
    1821             : {
    1822           2 :         struct hostapd_data *hapd = eloop_ctx;
    1823           2 :         struct eapol_authenticator *eapol = hapd->eapol_auth;
    1824             : 
    1825           2 :         if (eapol->default_wep_key_idx >= 3)
    1826           0 :                 eapol->default_wep_key_idx =
    1827           0 :                         hapd->conf->individual_wep_key_len > 0 ? 1 : 0;
    1828             :         else
    1829           2 :                 eapol->default_wep_key_idx++;
    1830             : 
    1831           2 :         wpa_printf(MSG_DEBUG, "IEEE 802.1X: New default WEP key index %d",
    1832           2 :                    eapol->default_wep_key_idx);
    1833             :                       
    1834           2 :         if (ieee802_1x_rekey_broadcast(hapd)) {
    1835           0 :                 hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE8021X,
    1836             :                                HOSTAPD_LEVEL_WARNING, "failed to generate a "
    1837             :                                "new broadcast key");
    1838           0 :                 os_free(eapol->default_wep_key);
    1839           0 :                 eapol->default_wep_key = NULL;
    1840           0 :                 return;
    1841             :         }
    1842             : 
    1843             :         /* TODO: Could setup key for RX here, but change default TX keyid only
    1844             :          * after new broadcast key has been sent to all stations. */
    1845           4 :         if (hostapd_drv_set_key(hapd->conf->iface, hapd, WPA_ALG_WEP,
    1846             :                                 broadcast_ether_addr,
    1847           2 :                                 eapol->default_wep_key_idx, 1, NULL, 0,
    1848           2 :                                 eapol->default_wep_key,
    1849           2 :                                 hapd->conf->default_wep_key_len)) {
    1850           0 :                 hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE8021X,
    1851             :                                HOSTAPD_LEVEL_WARNING, "failed to configure a "
    1852             :                                "new broadcast key");
    1853           0 :                 os_free(eapol->default_wep_key);
    1854           0 :                 eapol->default_wep_key = NULL;
    1855           0 :                 return;
    1856             :         }
    1857             : 
    1858           2 :         ap_for_each_sta(hapd, ieee802_1x_sta_key_available, NULL);
    1859             : 
    1860           2 :         if (hapd->conf->wep_rekeying_period > 0) {
    1861           2 :                 eloop_register_timeout(hapd->conf->wep_rekeying_period, 0,
    1862             :                                        ieee802_1x_rekey, hapd, NULL);
    1863             :         }
    1864             : }
    1865             : 
    1866             : 
    1867        6560 : static void ieee802_1x_eapol_send(void *ctx, void *sta_ctx, u8 type,
    1868             :                                   const u8 *data, size_t datalen)
    1869             : {
    1870             : #ifdef CONFIG_WPS
    1871        6560 :         struct sta_info *sta = sta_ctx;
    1872             : 
    1873        6560 :         if ((sta->flags & (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS)) ==
    1874             :             WLAN_STA_MAYBE_WPS) {
    1875             :                 const u8 *identity;
    1876             :                 size_t identity_len;
    1877           0 :                 struct eapol_state_machine *sm = sta->eapol_sm;
    1878             : 
    1879           0 :                 identity = eap_get_identity(sm->eap, &identity_len);
    1880           0 :                 if (identity &&
    1881           0 :                     ((identity_len == WSC_ID_ENROLLEE_LEN &&
    1882           0 :                       os_memcmp(identity, WSC_ID_ENROLLEE,
    1883           0 :                                 WSC_ID_ENROLLEE_LEN) == 0) ||
    1884           0 :                      (identity_len == WSC_ID_REGISTRAR_LEN &&
    1885           0 :                       os_memcmp(identity, WSC_ID_REGISTRAR,
    1886             :                                 WSC_ID_REGISTRAR_LEN) == 0))) {
    1887           0 :                         wpa_printf(MSG_DEBUG, "WPS: WLAN_STA_MAYBE_WPS -> "
    1888             :                                    "WLAN_STA_WPS");
    1889           0 :                         sta->flags |= WLAN_STA_WPS;
    1890             :                 }
    1891             :         }
    1892             : #endif /* CONFIG_WPS */
    1893             : 
    1894        6560 :         ieee802_1x_send(ctx, sta_ctx, type, data, datalen);
    1895        6560 : }
    1896             : 
    1897             : 
    1898        3291 : static void ieee802_1x_aaa_send(void *ctx, void *sta_ctx,
    1899             :                                 const u8 *data, size_t datalen)
    1900             : {
    1901             : #ifndef CONFIG_NO_RADIUS
    1902        3291 :         struct hostapd_data *hapd = ctx;
    1903        3291 :         struct sta_info *sta = sta_ctx;
    1904             : 
    1905        3291 :         ieee802_1x_encapsulate_radius(hapd, sta, data, datalen);
    1906             : #endif /* CONFIG_NO_RADIUS */
    1907        3291 : }
    1908             : 
    1909             : 
    1910        1024 : static void _ieee802_1x_finished(void *ctx, void *sta_ctx, int success,
    1911             :                                  int preauth, int remediation)
    1912             : {
    1913        1024 :         struct hostapd_data *hapd = ctx;
    1914        1024 :         struct sta_info *sta = sta_ctx;
    1915        1024 :         if (preauth)
    1916           2 :                 rsn_preauth_finished(hapd, sta, success);
    1917             :         else
    1918        1022 :                 ieee802_1x_finished(hapd, sta, success, remediation);
    1919        1024 : }
    1920             : 
    1921             : 
    1922         385 : static int ieee802_1x_get_eap_user(void *ctx, const u8 *identity,
    1923             :                                    size_t identity_len, int phase2,
    1924             :                                    struct eap_user *user)
    1925             : {
    1926         385 :         struct hostapd_data *hapd = ctx;
    1927             :         const struct hostapd_eap_user *eap_user;
    1928             :         int i;
    1929             : 
    1930         385 :         eap_user = hostapd_get_eap_user(hapd, identity, identity_len, phase2);
    1931         385 :         if (eap_user == NULL)
    1932           2 :                 return -1;
    1933             : 
    1934         383 :         os_memset(user, 0, sizeof(*user));
    1935         383 :         user->phase2 = phase2;
    1936        3447 :         for (i = 0; i < EAP_MAX_METHODS; i++) {
    1937        3064 :                 user->methods[i].vendor = eap_user->methods[i].vendor;
    1938        3064 :                 user->methods[i].method = eap_user->methods[i].method;
    1939             :         }
    1940             : 
    1941         383 :         if (eap_user->password) {
    1942          87 :                 user->password = os_malloc(eap_user->password_len);
    1943          87 :                 if (user->password == NULL)
    1944           0 :                         return -1;
    1945          87 :                 os_memcpy(user->password, eap_user->password,
    1946             :                           eap_user->password_len);
    1947          87 :                 user->password_len = eap_user->password_len;
    1948          87 :                 user->password_hash = eap_user->password_hash;
    1949             :         }
    1950         383 :         user->force_version = eap_user->force_version;
    1951         383 :         user->macacl = eap_user->macacl;
    1952         383 :         user->ttls_auth = eap_user->ttls_auth;
    1953         383 :         user->remediation = eap_user->remediation;
    1954             : 
    1955         383 :         return 0;
    1956             : }
    1957             : 
    1958             : 
    1959      264127 : static int ieee802_1x_sta_entry_alive(void *ctx, const u8 *addr)
    1960             : {
    1961      264127 :         struct hostapd_data *hapd = ctx;
    1962             :         struct sta_info *sta;
    1963      264127 :         sta = ap_get_sta(hapd, addr);
    1964      264127 :         if (sta == NULL || sta->eapol_sm == NULL)
    1965        4888 :                 return 0;
    1966      259239 :         return 1;
    1967             : }
    1968             : 
    1969             : 
    1970        7877 : static void ieee802_1x_logger(void *ctx, const u8 *addr,
    1971             :                               eapol_logger_level level, const char *txt)
    1972             : {
    1973             : #ifndef CONFIG_NO_HOSTAPD_LOGGER
    1974        7877 :         struct hostapd_data *hapd = ctx;
    1975             :         int hlevel;
    1976             : 
    1977        7877 :         switch (level) {
    1978             :         case EAPOL_LOGGER_WARNING:
    1979         383 :                 hlevel = HOSTAPD_LEVEL_WARNING;
    1980         383 :                 break;
    1981             :         case EAPOL_LOGGER_INFO:
    1982         936 :                 hlevel = HOSTAPD_LEVEL_INFO;
    1983         936 :                 break;
    1984             :         case EAPOL_LOGGER_DEBUG:
    1985             :         default:
    1986        6558 :                 hlevel = HOSTAPD_LEVEL_DEBUG;
    1987        6558 :                 break;
    1988             :         }
    1989             : 
    1990        7877 :         hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE8021X, hlevel, "%s",
    1991             :                        txt);
    1992             : #endif /* CONFIG_NO_HOSTAPD_LOGGER */
    1993        7877 : }
    1994             : 
    1995             : 
    1996        2261 : static void ieee802_1x_set_port_authorized(void *ctx, void *sta_ctx,
    1997             :                                            int authorized)
    1998             : {
    1999        2261 :         struct hostapd_data *hapd = ctx;
    2000        2261 :         struct sta_info *sta = sta_ctx;
    2001        2261 :         ieee802_1x_set_sta_authorized(hapd, sta, authorized);
    2002        2261 : }
    2003             : 
    2004             : 
    2005        1245 : static void _ieee802_1x_abort_auth(void *ctx, void *sta_ctx)
    2006             : {
    2007        1245 :         struct hostapd_data *hapd = ctx;
    2008        1245 :         struct sta_info *sta = sta_ctx;
    2009        1245 :         ieee802_1x_abort_auth(hapd, sta);
    2010        1245 : }
    2011             : 
    2012             : 
    2013           2 : static void _ieee802_1x_tx_key(void *ctx, void *sta_ctx)
    2014             : {
    2015           2 :         struct hostapd_data *hapd = ctx;
    2016           2 :         struct sta_info *sta = sta_ctx;
    2017           2 :         ieee802_1x_tx_key(hapd, sta);
    2018           2 : }
    2019             : 
    2020             : 
    2021       15519 : static void ieee802_1x_eapol_event(void *ctx, void *sta_ctx,
    2022             :                                    enum eapol_event type)
    2023             : {
    2024             :         /* struct hostapd_data *hapd = ctx; */
    2025       15519 :         struct sta_info *sta = sta_ctx;
    2026       15519 :         switch (type) {
    2027             :         case EAPOL_AUTH_SM_CHANGE:
    2028       15518 :                 wpa_auth_sm_notify(sta->wpa_sm);
    2029       15518 :                 break;
    2030             :         case EAPOL_AUTH_REAUTHENTICATE:
    2031           1 :                 wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH_EAPOL);
    2032           1 :                 break;
    2033             :         }
    2034       15519 : }
    2035             : 
    2036             : 
    2037             : #ifdef CONFIG_ERP
    2038             : 
    2039             : static struct eap_server_erp_key *
    2040           5 : ieee802_1x_erp_get_key(void *ctx, const char *keyname)
    2041             : {
    2042           5 :         struct hostapd_data *hapd = ctx;
    2043             :         struct eap_server_erp_key *erp;
    2044             : 
    2045           5 :         dl_list_for_each(erp, &hapd->erp_keys, struct eap_server_erp_key,
    2046             :                          list) {
    2047           4 :                 if (os_strcmp(erp->keyname_nai, keyname) == 0)
    2048           4 :                         return erp;
    2049             :         }
    2050             : 
    2051           1 :         return NULL;
    2052             : }
    2053             : 
    2054             : 
    2055           5 : static int ieee802_1x_erp_add_key(void *ctx, struct eap_server_erp_key *erp)
    2056             : {
    2057           5 :         struct hostapd_data *hapd = ctx;
    2058             : 
    2059           5 :         dl_list_add(&hapd->erp_keys, &erp->list);
    2060           5 :         return 0;
    2061             : }
    2062             : 
    2063             : #endif /* CONFIG_ERP */
    2064             : 
    2065             : 
    2066        1248 : int ieee802_1x_init(struct hostapd_data *hapd)
    2067             : {
    2068             :         int i;
    2069             :         struct eapol_auth_config conf;
    2070             :         struct eapol_auth_cb cb;
    2071             : 
    2072        1248 :         dl_list_init(&hapd->erp_keys);
    2073             : 
    2074        1248 :         os_memset(&conf, 0, sizeof(conf));
    2075        1248 :         conf.ctx = hapd;
    2076        1248 :         conf.eap_reauth_period = hapd->conf->eap_reauth_period;
    2077        1248 :         conf.wpa = hapd->conf->wpa;
    2078        1248 :         conf.individual_wep_key_len = hapd->conf->individual_wep_key_len;
    2079        1248 :         conf.eap_server = hapd->conf->eap_server;
    2080        1248 :         conf.ssl_ctx = hapd->ssl_ctx;
    2081        1248 :         conf.msg_ctx = hapd->msg_ctx;
    2082        1248 :         conf.eap_sim_db_priv = hapd->eap_sim_db_priv;
    2083        1248 :         conf.eap_req_id_text = hapd->conf->eap_req_id_text;
    2084        1248 :         conf.eap_req_id_text_len = hapd->conf->eap_req_id_text_len;
    2085        1248 :         conf.erp_send_reauth_start = hapd->conf->erp_send_reauth_start;
    2086        1248 :         conf.erp_domain = hapd->conf->erp_domain;
    2087        1248 :         conf.erp = hapd->conf->eap_server_erp;
    2088        1248 :         conf.pac_opaque_encr_key = hapd->conf->pac_opaque_encr_key;
    2089        1248 :         conf.eap_fast_a_id = hapd->conf->eap_fast_a_id;
    2090        1248 :         conf.eap_fast_a_id_len = hapd->conf->eap_fast_a_id_len;
    2091        1248 :         conf.eap_fast_a_id_info = hapd->conf->eap_fast_a_id_info;
    2092        1248 :         conf.eap_fast_prov = hapd->conf->eap_fast_prov;
    2093        1248 :         conf.pac_key_lifetime = hapd->conf->pac_key_lifetime;
    2094        1248 :         conf.pac_key_refresh_time = hapd->conf->pac_key_refresh_time;
    2095        1248 :         conf.eap_sim_aka_result_ind = hapd->conf->eap_sim_aka_result_ind;
    2096        1248 :         conf.tnc = hapd->conf->tnc;
    2097        1248 :         conf.wps = hapd->wps;
    2098        1248 :         conf.fragment_size = hapd->conf->fragment_size;
    2099        1248 :         conf.pwd_group = hapd->conf->pwd_group;
    2100        1248 :         conf.pbc_in_m1 = hapd->conf->pbc_in_m1;
    2101        1248 :         if (hapd->conf->server_id) {
    2102          10 :                 conf.server_id = (const u8 *) hapd->conf->server_id;
    2103          10 :                 conf.server_id_len = os_strlen(hapd->conf->server_id);
    2104             :         } else {
    2105        1238 :                 conf.server_id = (const u8 *) "hostapd";
    2106        1238 :                 conf.server_id_len = 7;
    2107             :         }
    2108             : 
    2109        1248 :         os_memset(&cb, 0, sizeof(cb));
    2110        1248 :         cb.eapol_send = ieee802_1x_eapol_send;
    2111        1248 :         cb.aaa_send = ieee802_1x_aaa_send;
    2112        1248 :         cb.finished = _ieee802_1x_finished;
    2113        1248 :         cb.get_eap_user = ieee802_1x_get_eap_user;
    2114        1248 :         cb.sta_entry_alive = ieee802_1x_sta_entry_alive;
    2115        1248 :         cb.logger = ieee802_1x_logger;
    2116        1248 :         cb.set_port_authorized = ieee802_1x_set_port_authorized;
    2117        1248 :         cb.abort_auth = _ieee802_1x_abort_auth;
    2118        1248 :         cb.tx_key = _ieee802_1x_tx_key;
    2119        1248 :         cb.eapol_event = ieee802_1x_eapol_event;
    2120             : #ifdef CONFIG_ERP
    2121        1248 :         cb.erp_get_key = ieee802_1x_erp_get_key;
    2122        1248 :         cb.erp_add_key = ieee802_1x_erp_add_key;
    2123             : #endif /* CONFIG_ERP */
    2124             : 
    2125        1248 :         hapd->eapol_auth = eapol_auth_init(&conf, &cb);
    2126        1248 :         if (hapd->eapol_auth == NULL)
    2127           0 :                 return -1;
    2128             : 
    2129        2104 :         if ((hapd->conf->ieee802_1x || hapd->conf->wpa) &&
    2130         856 :             hostapd_set_drv_ieee8021x(hapd, hapd->conf->iface, 1))
    2131           0 :                 return -1;
    2132             : 
    2133             : #ifndef CONFIG_NO_RADIUS
    2134         983 :         if (radius_client_register(hapd->radius, RADIUS_AUTH,
    2135             :                                    ieee802_1x_receive_auth, hapd))
    2136           0 :                 return -1;
    2137             : #endif /* CONFIG_NO_RADIUS */
    2138             : 
    2139        1248 :         if (hapd->conf->default_wep_key_len) {
    2140          10 :                 for (i = 0; i < 4; i++)
    2141           8 :                         hostapd_drv_set_key(hapd->conf->iface, hapd,
    2142             :                                             WPA_ALG_NONE, NULL, i, 0, NULL, 0,
    2143             :                                             NULL, 0);
    2144             : 
    2145           2 :                 ieee802_1x_rekey(hapd, NULL);
    2146             : 
    2147           2 :                 if (hapd->eapol_auth->default_wep_key == NULL)
    2148           0 :                         return -1;
    2149             :         }
    2150             : 
    2151        1248 :         return 0;
    2152             : }
    2153             : 
    2154             : 
    2155        1253 : void ieee802_1x_erp_flush(struct hostapd_data *hapd)
    2156             : {
    2157             :         struct eap_server_erp_key *erp;
    2158             : 
    2159        2511 :         while ((erp = dl_list_first(&hapd->erp_keys, struct eap_server_erp_key,
    2160             :                                     list)) != NULL) {
    2161           5 :                 dl_list_del(&erp->list);
    2162           5 :                 bin_clear_free(erp, sizeof(*erp));
    2163             :         }
    2164        1253 : }
    2165             : 
    2166             : 
    2167        1252 : void ieee802_1x_deinit(struct hostapd_data *hapd)
    2168             : {
    2169        1252 :         eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
    2170             : 
    2171        2504 :         if (hapd->driver != NULL &&
    2172        2115 :             (hapd->conf->ieee802_1x || hapd->conf->wpa))
    2173         881 :                 hostapd_set_drv_ieee8021x(hapd, hapd->conf->iface, 0);
    2174             : 
    2175        1252 :         eapol_auth_deinit(hapd->eapol_auth);
    2176        1252 :         hapd->eapol_auth = NULL;
    2177             : 
    2178        1252 :         ieee802_1x_erp_flush(hapd);
    2179        1252 : }
    2180             : 
    2181             : 
    2182        1415 : int ieee802_1x_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
    2183             :                          const u8 *buf, size_t len, int ack)
    2184             : {
    2185             :         struct ieee80211_hdr *hdr;
    2186             :         u8 *pos;
    2187        1415 :         const unsigned char rfc1042_hdr[ETH_ALEN] =
    2188             :                 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
    2189             : 
    2190        1415 :         if (sta == NULL)
    2191           0 :                 return -1;
    2192        1415 :         if (len < sizeof(*hdr) + sizeof(rfc1042_hdr) + 2)
    2193         347 :                 return 0;
    2194             : 
    2195        1068 :         hdr = (struct ieee80211_hdr *) buf;
    2196        1068 :         pos = (u8 *) (hdr + 1);
    2197        1068 :         if (os_memcmp(pos, rfc1042_hdr, sizeof(rfc1042_hdr)) != 0)
    2198        1068 :                 return 0;
    2199           0 :         pos += sizeof(rfc1042_hdr);
    2200           0 :         if (WPA_GET_BE16(pos) != ETH_P_PAE)
    2201           0 :                 return 0;
    2202           0 :         pos += 2;
    2203             : 
    2204           0 :         return ieee802_1x_eapol_tx_status(hapd, sta, pos, buf + len - pos,
    2205             :                                           ack);
    2206             : }
    2207             : 
    2208             : 
    2209        7352 : int ieee802_1x_eapol_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
    2210             :                                const u8 *buf, int len, int ack)
    2211             : {
    2212        7352 :         const struct ieee802_1x_hdr *xhdr =
    2213             :                 (const struct ieee802_1x_hdr *) buf;
    2214        7352 :         const u8 *pos = buf + sizeof(*xhdr);
    2215             :         struct ieee802_1x_eapol_key *key;
    2216             : 
    2217        7352 :         if (len < (int) sizeof(*xhdr))
    2218           0 :                 return 0;
    2219       66168 :         wpa_printf(MSG_DEBUG, "IEEE 802.1X: " MACSTR " TX status - version=%d "
    2220             :                    "type=%d length=%d - ack=%d",
    2221       58816 :                    MAC2STR(sta->addr), xhdr->version, xhdr->type,
    2222        7352 :                    be_to_host16(xhdr->length), ack);
    2223             : 
    2224        7352 :         if (xhdr->type != IEEE802_1X_TYPE_EAPOL_KEY)
    2225        5143 :                 return 0;
    2226             : 
    2227        2209 :         if (pos + sizeof(struct wpa_eapol_key) <= buf + len) {
    2228             :                 const struct wpa_eapol_key *wpa;
    2229        2205 :                 wpa = (const struct wpa_eapol_key *) pos;
    2230        2269 :                 if (wpa->type == EAPOL_KEY_TYPE_RSN ||
    2231          64 :                     wpa->type == EAPOL_KEY_TYPE_WPA)
    2232        2205 :                         wpa_auth_eapol_key_tx_status(hapd->wpa_auth,
    2233             :                                                      sta->wpa_sm, ack);
    2234             :         }
    2235             : 
    2236             :         /* EAPOL EAP-Packet packets are eventually re-sent by either Supplicant
    2237             :          * or Authenticator state machines, but EAPOL-Key packets are not
    2238             :          * retransmitted in case of failure. Try to re-send failed EAPOL-Key
    2239             :          * packets couple of times because otherwise STA keys become
    2240             :          * unsynchronized with AP. */
    2241        2209 :         if (!ack && pos + sizeof(*key) <= buf + len) {
    2242           1 :                 key = (struct ieee802_1x_eapol_key *) pos;
    2243           2 :                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
    2244             :                                HOSTAPD_LEVEL_DEBUG, "did not Ack EAPOL-Key "
    2245             :                                "frame (%scast index=%d)",
    2246           1 :                                key->key_index & BIT(7) ? "uni" : "broad",
    2247           1 :                                key->key_index & ~BIT(7));
    2248             :                 /* TODO: re-send EAPOL-Key couple of times (with short delay
    2249             :                  * between them?). If all attempt fail, report error and
    2250             :                  * deauthenticate STA so that it will get new keys when
    2251             :                  * authenticating again (e.g., after returning in range).
    2252             :                  * Separate limit/transmit state needed both for unicast and
    2253             :                  * broadcast keys(?) */
    2254             :         }
    2255             :         /* TODO: could move unicast key configuration from ieee802_1x_tx_key()
    2256             :          * to here and change the key only if the EAPOL-Key packet was Acked.
    2257             :          */
    2258             : 
    2259        2209 :         return 1;
    2260             : }
    2261             : 
    2262             : 
    2263         390 : u8 * ieee802_1x_get_identity(struct eapol_state_machine *sm, size_t *len)
    2264             : {
    2265         390 :         if (sm == NULL || sm->identity == NULL)
    2266           6 :                 return NULL;
    2267             : 
    2268         384 :         *len = sm->identity_len;
    2269         384 :         return sm->identity;
    2270             : }
    2271             : 
    2272             : 
    2273         395 : u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
    2274             :                                  int idx)
    2275             : {
    2276         419 :         if (sm == NULL || sm->radius_class.attr == NULL ||
    2277          24 :             idx >= (int) sm->radius_class.count)
    2278         383 :                 return NULL;
    2279             : 
    2280          12 :         *len = sm->radius_class.attr[idx].len;
    2281          12 :         return sm->radius_class.attr[idx].data;
    2282             : }
    2283             : 
    2284             : 
    2285         386 : struct wpabuf * ieee802_1x_get_radius_cui(struct eapol_state_machine *sm)
    2286             : {
    2287         386 :         if (sm == NULL)
    2288           6 :                 return NULL;
    2289         380 :         return sm->radius_cui;
    2290             : }
    2291             : 
    2292             : 
    2293        1639 : const u8 * ieee802_1x_get_key(struct eapol_state_machine *sm, size_t *len)
    2294             : {
    2295        1639 :         *len = 0;
    2296        1639 :         if (sm == NULL)
    2297           0 :                 return NULL;
    2298             : 
    2299        1639 :         *len = sm->eap_if->eapKeyDataLen;
    2300        1639 :         return sm->eap_if->eapKeyData;
    2301             : }
    2302             : 
    2303             : 
    2304        9471 : void ieee802_1x_notify_port_enabled(struct eapol_state_machine *sm,
    2305             :                                     int enabled)
    2306             : {
    2307        9471 :         if (sm == NULL)
    2308       13304 :                 return;
    2309        5638 :         sm->eap_if->portEnabled = enabled ? TRUE : FALSE;
    2310        5638 :         eapol_auth_step(sm);
    2311             : }
    2312             : 
    2313             : 
    2314        4290 : void ieee802_1x_notify_port_valid(struct eapol_state_machine *sm,
    2315             :                                   int valid)
    2316             : {
    2317        4290 :         if (sm == NULL)
    2318        6101 :                 return;
    2319        2479 :         sm->portValid = valid ? TRUE : FALSE;
    2320        2479 :         eapol_auth_step(sm);
    2321             : }
    2322             : 
    2323             : 
    2324        2528 : void ieee802_1x_notify_pre_auth(struct eapol_state_machine *sm, int pre_auth)
    2325             : {
    2326        2528 :         if (sm == NULL)
    2327        5006 :                 return;
    2328          50 :         if (pre_auth)
    2329           0 :                 sm->flags |= EAPOL_SM_PREAUTH;
    2330             :         else
    2331          50 :                 sm->flags &= ~EAPOL_SM_PREAUTH;
    2332             : }
    2333             : 
    2334             : 
    2335          14 : static const char * bool_txt(Boolean bool)
    2336             : {
    2337          14 :         return bool ? "TRUE" : "FALSE";
    2338             : }
    2339             : 
    2340             : 
    2341           8 : int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
    2342             : {
    2343             :         /* TODO */
    2344           8 :         return 0;
    2345             : }
    2346             : 
    2347             : 
    2348          50 : int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
    2349             :                            char *buf, size_t buflen)
    2350             : {
    2351          50 :         int len = 0, ret;
    2352          50 :         struct eapol_state_machine *sm = sta->eapol_sm;
    2353             :         struct os_reltime diff;
    2354             :         const char *name1;
    2355             :         const char *name2;
    2356             : 
    2357          50 :         if (sm == NULL)
    2358          43 :                 return 0;
    2359             : 
    2360           7 :         ret = os_snprintf(buf + len, buflen - len,
    2361             :                           "dot1xPaePortNumber=%d\n"
    2362             :                           "dot1xPaePortProtocolVersion=%d\n"
    2363             :                           "dot1xPaePortCapabilities=1\n"
    2364             :                           "dot1xPaePortInitialize=%d\n"
    2365             :                           "dot1xPaePortReauthenticate=FALSE\n",
    2366           7 :                           sta->aid,
    2367             :                           EAPOL_VERSION,
    2368           7 :                           sm->initialize);
    2369           7 :         if (os_snprintf_error(buflen - len, ret))
    2370           0 :                 return len;
    2371           7 :         len += ret;
    2372             : 
    2373             :         /* dot1xAuthConfigTable */
    2374          21 :         ret = os_snprintf(buf + len, buflen - len,
    2375             :                           "dot1xAuthPaeState=%d\n"
    2376             :                           "dot1xAuthBackendAuthState=%d\n"
    2377             :                           "dot1xAuthAdminControlledDirections=%d\n"
    2378             :                           "dot1xAuthOperControlledDirections=%d\n"
    2379             :                           "dot1xAuthAuthControlledPortStatus=%d\n"
    2380             :                           "dot1xAuthAuthControlledPortControl=%d\n"
    2381             :                           "dot1xAuthQuietPeriod=%u\n"
    2382             :                           "dot1xAuthServerTimeout=%u\n"
    2383             :                           "dot1xAuthReAuthPeriod=%u\n"
    2384             :                           "dot1xAuthReAuthEnabled=%s\n"
    2385             :                           "dot1xAuthKeyTxEnabled=%s\n",
    2386           7 :                           sm->auth_pae_state + 1,
    2387           7 :                           sm->be_auth_state + 1,
    2388           7 :                           sm->adminControlledDirections,
    2389           7 :                           sm->operControlledDirections,
    2390           7 :                           sm->authPortStatus,
    2391           7 :                           sm->portControl,
    2392             :                           sm->quietPeriod,
    2393             :                           sm->serverTimeout,
    2394             :                           sm->reAuthPeriod,
    2395             :                           bool_txt(sm->reAuthEnabled),
    2396             :                           bool_txt(sm->keyTxEnabled));
    2397           7 :         if (os_snprintf_error(buflen - len, ret))
    2398           0 :                 return len;
    2399           7 :         len += ret;
    2400             : 
    2401             :         /* dot1xAuthStatsTable */
    2402          42 :         ret = os_snprintf(buf + len, buflen - len,
    2403             :                           "dot1xAuthEapolFramesRx=%u\n"
    2404             :                           "dot1xAuthEapolFramesTx=%u\n"
    2405             :                           "dot1xAuthEapolStartFramesRx=%u\n"
    2406             :                           "dot1xAuthEapolLogoffFramesRx=%u\n"
    2407             :                           "dot1xAuthEapolRespIdFramesRx=%u\n"
    2408             :                           "dot1xAuthEapolRespFramesRx=%u\n"
    2409             :                           "dot1xAuthEapolReqIdFramesTx=%u\n"
    2410             :                           "dot1xAuthEapolReqFramesTx=%u\n"
    2411             :                           "dot1xAuthInvalidEapolFramesRx=%u\n"
    2412             :                           "dot1xAuthEapLengthErrorFramesRx=%u\n"
    2413             :                           "dot1xAuthLastEapolFrameVersion=%u\n"
    2414             :                           "dot1xAuthLastEapolFrameSource=" MACSTR "\n",
    2415             :                           sm->dot1xAuthEapolFramesRx,
    2416             :                           sm->dot1xAuthEapolFramesTx,
    2417             :                           sm->dot1xAuthEapolStartFramesRx,
    2418             :                           sm->dot1xAuthEapolLogoffFramesRx,
    2419             :                           sm->dot1xAuthEapolRespIdFramesRx,
    2420             :                           sm->dot1xAuthEapolRespFramesRx,
    2421             :                           sm->dot1xAuthEapolReqIdFramesTx,
    2422             :                           sm->dot1xAuthEapolReqFramesTx,
    2423             :                           sm->dot1xAuthInvalidEapolFramesRx,
    2424             :                           sm->dot1xAuthEapLengthErrorFramesRx,
    2425             :                           sm->dot1xAuthLastEapolFrameVersion,
    2426          42 :                           MAC2STR(sm->addr));
    2427           7 :         if (os_snprintf_error(buflen - len, ret))
    2428           0 :                 return len;
    2429           7 :         len += ret;
    2430             : 
    2431             :         /* dot1xAuthDiagTable */
    2432           7 :         ret = os_snprintf(buf + len, buflen - len,
    2433             :                           "dot1xAuthEntersConnecting=%u\n"
    2434             :                           "dot1xAuthEapLogoffsWhileConnecting=%u\n"
    2435             :                           "dot1xAuthEntersAuthenticating=%u\n"
    2436             :                           "dot1xAuthAuthSuccessesWhileAuthenticating=%u\n"
    2437             :                           "dot1xAuthAuthTimeoutsWhileAuthenticating=%u\n"
    2438             :                           "dot1xAuthAuthFailWhileAuthenticating=%u\n"
    2439             :                           "dot1xAuthAuthEapStartsWhileAuthenticating=%u\n"
    2440             :                           "dot1xAuthAuthEapLogoffWhileAuthenticating=%u\n"
    2441             :                           "dot1xAuthAuthReauthsWhileAuthenticated=%u\n"
    2442             :                           "dot1xAuthAuthEapStartsWhileAuthenticated=%u\n"
    2443             :                           "dot1xAuthAuthEapLogoffWhileAuthenticated=%u\n"
    2444             :                           "dot1xAuthBackendResponses=%u\n"
    2445             :                           "dot1xAuthBackendAccessChallenges=%u\n"
    2446             :                           "dot1xAuthBackendOtherRequestsToSupplicant=%u\n"
    2447             :                           "dot1xAuthBackendAuthSuccesses=%u\n"
    2448             :                           "dot1xAuthBackendAuthFails=%u\n",
    2449             :                           sm->authEntersConnecting,
    2450             :                           sm->authEapLogoffsWhileConnecting,
    2451             :                           sm->authEntersAuthenticating,
    2452             :                           sm->authAuthSuccessesWhileAuthenticating,
    2453             :                           sm->authAuthTimeoutsWhileAuthenticating,
    2454             :                           sm->authAuthFailWhileAuthenticating,
    2455             :                           sm->authAuthEapStartsWhileAuthenticating,
    2456             :                           sm->authAuthEapLogoffWhileAuthenticating,
    2457             :                           sm->authAuthReauthsWhileAuthenticated,
    2458             :                           sm->authAuthEapStartsWhileAuthenticated,
    2459             :                           sm->authAuthEapLogoffWhileAuthenticated,
    2460             :                           sm->backendResponses,
    2461             :                           sm->backendAccessChallenges,
    2462             :                           sm->backendOtherRequestsToSupplicant,
    2463             :                           sm->backendAuthSuccesses,
    2464             :                           sm->backendAuthFails);
    2465           7 :         if (os_snprintf_error(buflen - len, ret))
    2466           0 :                 return len;
    2467           7 :         len += ret;
    2468             : 
    2469             :         /* dot1xAuthSessionStatsTable */
    2470           7 :         os_reltime_age(&sta->acct_session_start, &diff);
    2471          21 :         ret = os_snprintf(buf + len, buflen - len,
    2472             :                           /* TODO: dot1xAuthSessionOctetsRx */
    2473             :                           /* TODO: dot1xAuthSessionOctetsTx */
    2474             :                           /* TODO: dot1xAuthSessionFramesRx */
    2475             :                           /* TODO: dot1xAuthSessionFramesTx */
    2476             :                           "dot1xAuthSessionId=%08X-%08X\n"
    2477             :                           "dot1xAuthSessionAuthenticMethod=%d\n"
    2478             :                           "dot1xAuthSessionTime=%u\n"
    2479             :                           "dot1xAuthSessionTerminateCause=999\n"
    2480             :                           "dot1xAuthSessionUserName=%s\n",
    2481             :                           sta->acct_session_id_hi, sta->acct_session_id_lo,
    2482           7 :                           (wpa_key_mgmt_wpa_ieee8021x(
    2483             :                                    wpa_auth_sta_key_mgmt(sta->wpa_sm))) ?
    2484             :                           1 : 2,
    2485           7 :                           (unsigned int) diff.sec,
    2486             :                           sm->identity);
    2487           7 :         if (os_snprintf_error(buflen - len, ret))
    2488           0 :                 return len;
    2489           7 :         len += ret;
    2490             : 
    2491           7 :         if (sm->acct_multi_session_id_hi) {
    2492           7 :                 ret = os_snprintf(buf + len, buflen - len,
    2493             :                                   "authMultiSessionId=%08X+%08X\n",
    2494             :                                   sm->acct_multi_session_id_hi,
    2495             :                                   sm->acct_multi_session_id_lo);
    2496           7 :                 if (os_snprintf_error(buflen - len, ret))
    2497           0 :                         return len;
    2498           7 :                 len += ret;
    2499             :         }
    2500             : 
    2501           7 :         name1 = eap_server_get_name(0, sm->eap_type_authsrv);
    2502           7 :         name2 = eap_server_get_name(0, sm->eap_type_supp);
    2503          14 :         ret = os_snprintf(buf + len, buflen - len,
    2504             :                           "last_eap_type_as=%d (%s)\n"
    2505             :                           "last_eap_type_sta=%d (%s)\n",
    2506           7 :                           sm->eap_type_authsrv, name1,
    2507           7 :                           sm->eap_type_supp, name2);
    2508           7 :         if (os_snprintf_error(buflen - len, ret))
    2509           0 :                 return len;
    2510           7 :         len += ret;
    2511             : 
    2512           7 :         return len;
    2513             : }
    2514             : 
    2515             : 
    2516        1022 : static void ieee802_1x_finished(struct hostapd_data *hapd,
    2517             :                                 struct sta_info *sta, int success,
    2518             :                                 int remediation)
    2519             : {
    2520             :         const u8 *key;
    2521             :         size_t len;
    2522             :         /* TODO: get PMKLifetime from WPA parameters */
    2523             :         static const int dot11RSNAConfigPMKLifetime = 43200;
    2524             :         unsigned int session_timeout;
    2525             : 
    2526             : #ifdef CONFIG_HS20
    2527        1022 :         if (remediation && !sta->remediation) {
    2528           0 :                 sta->remediation = 1;
    2529           0 :                 os_free(sta->remediation_url);
    2530           0 :                 sta->remediation_url =
    2531           0 :                         os_strdup(hapd->conf->subscr_remediation_url);
    2532           0 :                 sta->remediation_method = 1; /* SOAP-XML SPP */
    2533             :         }
    2534             : 
    2535        1022 :         if (success) {
    2536         637 :                 if (sta->remediation) {
    2537          12 :                         wpa_printf(MSG_DEBUG, "HS 2.0: Send WNM-Notification "
    2538             :                                    "to " MACSTR " to indicate Subscription "
    2539             :                                    "Remediation",
    2540          12 :                                    MAC2STR(sta->addr));
    2541           2 :                         hs20_send_wnm_notification(hapd, sta->addr,
    2542           2 :                                                    sta->remediation_method,
    2543           2 :                                                    sta->remediation_url);
    2544           2 :                         os_free(sta->remediation_url);
    2545           2 :                         sta->remediation_url = NULL;
    2546             :                 }
    2547             : 
    2548         637 :                 if (sta->hs20_deauth_req) {
    2549           6 :                         wpa_printf(MSG_DEBUG, "HS 2.0: Send WNM-Notification "
    2550             :                                    "to " MACSTR " to indicate imminent "
    2551           6 :                                    "deauthentication", MAC2STR(sta->addr));
    2552           1 :                         hs20_send_wnm_notification_deauth_req(
    2553           1 :                                 hapd, sta->addr, sta->hs20_deauth_req);
    2554             :                 }
    2555             :         }
    2556             : #endif /* CONFIG_HS20 */
    2557             : 
    2558        1022 :         key = ieee802_1x_get_key(sta->eapol_sm, &len);
    2559        1022 :         if (sta->session_timeout_set)
    2560          11 :                 session_timeout = sta->session_timeout;
    2561             :         else
    2562        1011 :                 session_timeout = dot11RSNAConfigPMKLifetime;
    2563        1628 :         if (success && key && len >= PMK_LEN && !sta->remediation &&
    2564        1211 :             !sta->hs20_deauth_requested &&
    2565         605 :             wpa_auth_pmksa_add(sta->wpa_sm, key, session_timeout,
    2566             :                                sta->eapol_sm) == 0) {
    2567         552 :                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
    2568             :                                HOSTAPD_LEVEL_DEBUG,
    2569             :                                "Added PMKSA cache entry (IEEE 802.1X)");
    2570             :         }
    2571             : 
    2572        1022 :         if (!success) {
    2573             :                 /*
    2574             :                  * Many devices require deauthentication after WPS provisioning
    2575             :                  * and some may not be be able to do that themselves, so
    2576             :                  * disconnect the client here. In addition, this may also
    2577             :                  * benefit IEEE 802.1X/EAPOL authentication cases, too since
    2578             :                  * the EAPOL PAE state machine would remain in HELD state for
    2579             :                  * considerable amount of time and some EAP methods, like
    2580             :                  * EAP-FAST with anonymous provisioning, may require another
    2581             :                  * EAPOL authentication to be started to complete connection.
    2582             :                  */
    2583         385 :                 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "IEEE 802.1X: Force "
    2584             :                         "disconnection after EAP-Failure");
    2585             :                 /* Add a small sleep to increase likelihood of previously
    2586             :                  * requested EAP-Failure TX getting out before this should the
    2587             :                  * driver reorder operations.
    2588             :                  */
    2589         385 :                 os_sleep(0, 10000);
    2590         385 :                 ap_sta_disconnect(hapd, sta, sta->addr,
    2591             :                                   WLAN_REASON_IEEE_802_1X_AUTH_FAILED);
    2592         385 :                 hostapd_wps_eap_completed(hapd);
    2593             :         }
    2594        1022 : }

Generated by: LCOV version 1.10