[PATCH] AP: Optionally deauth station that auths twice

Paul Stewart pstew
Mon Jun 6 14:12:44 PDT 2011


The 802.11 spec has a clause that states that if a STA
authenticates while the AP has state indicating the STA
is already authenticated, it should send a DEAUTH with
WLAN_REASON_PREV_AUTH_NOT_VALID to the station first.
Add an optional parameter to hostapd so it can replicate
this behavior.

This doesn't add any (desirable) function persay, but
makes hostapd capable of being used to test that STAs
handle this behaviour correctly.

Signed-off-by: Paul Stewart <pstew at chromium.org>
---
 hostapd/config_file.c |    2 ++
 hostapd/hostapd.conf  |    7 +++++++
 src/ap/ap_config.h    |    1 +
 src/ap/ieee802_11.c   |   18 ++++++++++++++++++
 4 files changed, 28 insertions(+), 0 deletions(-)

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 835f050..e78fbcf 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -1286,6 +1286,8 @@ struct hostapd_config * hostapd_config_read(const char *fname)
 					   line, pos);
 				errors++;
 			}
+		} else if (os_strcmp(buf, "strict_auth") == 0) {
+			bss->strict_auth = atoi(pos);
 		} else if (os_strcmp(buf, "wds_sta") == 0) {
 			bss->wds_sta = atoi(pos);
 		} else if (os_strcmp(buf, "ap_isolate") == 0) {
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index e0525e4..833fdd1 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -365,6 +365,13 @@ wmm_ac_vo_acm=0
 # associated stations in the BSS. By default, this bridging is allowed.
 #ap_isolate=1
 
+# The AP can optionally replicate IEEE specified behavior where a station
+# that authenticates without having deauthenticated (the AP still has a
+# record of this previous authentication) should receive a DEAUTH message
+# with the reason code "Previous Authentication not Valid".
+# 0 = disable this behavior (default)
+# 1 = enable
+#strict_auth=0
 ##### IEEE 802.11n related configuration ######################################
 
 # ieee80211n: Whether IEEE 802.11n (HT) is enabled
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 0a3e76e..55edd6a 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -333,6 +333,7 @@ struct hostapd_bss_config {
 #define TDLS_PROHIBIT_CHAN_SWITCH BIT(1)
 	int tdls;
 	int disable_11n;
+	int strict_auth;
 };
 
 
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 4d8dd25..d3a5240 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -447,6 +447,24 @@ static void handle_auth(struct hostapd_data *hapd,
 		return;
 	}
 
+	if (hapd->conf->strict_auth) {
+		/* In strict-auth, an already-associated station is deauthed */
+		sta = ap_get_sta(hapd, mgmt->sa);
+		if (sta != NULL) {
+			hostapd_drv_sta_deauth(hapd, sta->addr,
+					       WLAN_REASON_PREV_AUTH_NOT_VALID);
+			ap_sta_deauthenticate(hapd, sta,
+					      WLAN_REASON_PREV_AUTH_NOT_VALID);
+			ap_free_sta(hapd, sta);
+			hostapd_logger(hapd, sta->addr,
+				       HOSTAPD_MODULE_IEEE80211,
+				       HOSTAPD_LEVEL_INFO, "deauthenticated "
+				       "due to new incoming authentication "
+				       "request");
+			return;
+		}
+	}
+
 	sta = ap_sta_add(hapd, mgmt->sa);
 	if (!sta) {
 		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
-- 
1.7.3.1




More information about the Hostap mailing list