Line data Source code
1 : /*
2 : * hostapd / Configuration helper functions
3 : * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi>
4 : *
5 : * This software may be distributed under the terms of the BSD license.
6 : * See README for more details.
7 : */
8 :
9 : #include "utils/includes.h"
10 :
11 : #include "utils/common.h"
12 : #include "crypto/sha1.h"
13 : #include "radius/radius_client.h"
14 : #include "common/ieee802_11_defs.h"
15 : #include "common/eapol_common.h"
16 : #include "eap_common/eap_wsc_common.h"
17 : #include "eap_server/eap.h"
18 : #include "wpa_auth.h"
19 : #include "sta_info.h"
20 : #include "ap_config.h"
21 :
22 :
23 2759 : static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)
24 : {
25 : struct hostapd_vlan *vlan, *prev;
26 :
27 2759 : vlan = bss->vlan;
28 2759 : prev = NULL;
29 5548 : while (vlan) {
30 30 : prev = vlan;
31 30 : vlan = vlan->next;
32 30 : os_free(prev);
33 : }
34 :
35 2759 : bss->vlan = NULL;
36 2759 : }
37 :
38 :
39 2759 : void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
40 : {
41 2759 : dl_list_init(&bss->anqp_elem);
42 :
43 2759 : bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;
44 2759 : bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;
45 2759 : bss->logger_syslog = (unsigned int) -1;
46 2759 : bss->logger_stdout = (unsigned int) -1;
47 :
48 2759 : bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;
49 :
50 2759 : bss->wep_rekeying_period = 300;
51 : /* use key0 in individual key and key1 in broadcast key */
52 2759 : bss->broadcast_key_idx_min = 1;
53 2759 : bss->broadcast_key_idx_max = 2;
54 2759 : bss->eap_reauth_period = 3600;
55 :
56 2759 : bss->wpa_group_rekey = 600;
57 2759 : bss->wpa_gmk_rekey = 86400;
58 2759 : bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
59 2759 : bss->wpa_pairwise = WPA_CIPHER_TKIP;
60 2759 : bss->wpa_group = WPA_CIPHER_TKIP;
61 2759 : bss->rsn_pairwise = 0;
62 :
63 2759 : bss->max_num_sta = MAX_STA_COUNT;
64 :
65 2759 : bss->dtim_period = 2;
66 :
67 2759 : bss->radius_server_auth_port = 1812;
68 2759 : bss->eap_sim_db_timeout = 1;
69 2759 : bss->ap_max_inactivity = AP_MAX_INACTIVITY;
70 2759 : bss->eapol_version = EAPOL_VERSION;
71 :
72 2759 : bss->max_listen_interval = 65535;
73 :
74 2759 : bss->pwd_group = 19; /* ECC: GF(p=256) */
75 :
76 : #ifdef CONFIG_IEEE80211W
77 2759 : bss->assoc_sa_query_max_timeout = 1000;
78 2759 : bss->assoc_sa_query_retry_timeout = 201;
79 2759 : bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
80 : #endif /* CONFIG_IEEE80211W */
81 : #ifdef EAP_SERVER_FAST
82 : /* both anonymous and authenticated provisioning */
83 2128 : bss->eap_fast_prov = 3;
84 2128 : bss->pac_key_lifetime = 7 * 24 * 60 * 60;
85 2128 : bss->pac_key_refresh_time = 1 * 24 * 60 * 60;
86 : #endif /* EAP_SERVER_FAST */
87 :
88 : /* Set to -1 as defaults depends on HT in setup */
89 2759 : bss->wmm_enabled = -1;
90 :
91 : #ifdef CONFIG_IEEE80211R
92 2759 : bss->ft_over_ds = 1;
93 : #endif /* CONFIG_IEEE80211R */
94 :
95 2759 : bss->radius_das_time_window = 300;
96 :
97 2759 : bss->sae_anti_clogging_threshold = 5;
98 2759 : }
99 :
100 :
101 2769 : struct hostapd_config * hostapd_config_defaults(void)
102 : {
103 : #define ecw2cw(ecw) ((1 << (ecw)) - 1)
104 :
105 : struct hostapd_config *conf;
106 : struct hostapd_bss_config *bss;
107 2769 : const int aCWmin = 4, aCWmax = 10;
108 2769 : const struct hostapd_wmm_ac_params ac_bk =
109 : { aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
110 2769 : const struct hostapd_wmm_ac_params ac_be =
111 : { aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
112 2769 : const struct hostapd_wmm_ac_params ac_vi = /* video traffic */
113 2769 : { aCWmin - 1, aCWmin, 2, 3008 / 32, 0 };
114 5538 : const struct hostapd_wmm_ac_params ac_vo = /* voice traffic */
115 5538 : { aCWmin - 2, aCWmin - 1, 2, 1504 / 32, 0 };
116 8307 : const struct hostapd_tx_queue_params txq_bk =
117 5538 : { 7, ecw2cw(aCWmin), ecw2cw(aCWmax), 0 };
118 8307 : const struct hostapd_tx_queue_params txq_be =
119 5538 : { 3, ecw2cw(aCWmin), 4 * (ecw2cw(aCWmin) + 1) - 1, 0};
120 8307 : const struct hostapd_tx_queue_params txq_vi =
121 5538 : { 1, (ecw2cw(aCWmin) + 1) / 2 - 1, ecw2cw(aCWmin), 30};
122 8307 : const struct hostapd_tx_queue_params txq_vo =
123 2769 : { 1, (ecw2cw(aCWmin) + 1) / 4 - 1,
124 2769 : (ecw2cw(aCWmin) + 1) / 2 - 1, 15};
125 :
126 : #undef ecw2cw
127 :
128 2769 : conf = os_zalloc(sizeof(*conf));
129 2769 : bss = os_zalloc(sizeof(*bss));
130 2769 : if (conf == NULL || bss == NULL) {
131 12 : wpa_printf(MSG_ERROR, "Failed to allocate memory for "
132 : "configuration data.");
133 12 : os_free(conf);
134 12 : os_free(bss);
135 12 : return NULL;
136 : }
137 2757 : conf->bss = os_calloc(1, sizeof(struct hostapd_bss_config *));
138 2757 : if (conf->bss == NULL) {
139 5 : os_free(conf);
140 5 : os_free(bss);
141 5 : return NULL;
142 : }
143 2752 : conf->bss[0] = bss;
144 :
145 2752 : bss->radius = os_zalloc(sizeof(*bss->radius));
146 2752 : if (bss->radius == NULL) {
147 5 : os_free(conf->bss);
148 5 : os_free(conf);
149 5 : os_free(bss);
150 5 : return NULL;
151 : }
152 :
153 2747 : hostapd_config_defaults_bss(bss);
154 :
155 2747 : conf->num_bss = 1;
156 :
157 2747 : conf->beacon_int = 100;
158 2747 : conf->rts_threshold = -1; /* use driver default: 2347 */
159 2747 : conf->fragm_threshold = -1; /* user driver default: 2346 */
160 2747 : conf->send_probe_response = 1;
161 : /* Set to invalid value means do not add Power Constraint IE */
162 2747 : conf->local_pwr_constraint = -1;
163 :
164 2747 : conf->wmm_ac_params[0] = ac_be;
165 2747 : conf->wmm_ac_params[1] = ac_bk;
166 2747 : conf->wmm_ac_params[2] = ac_vi;
167 2747 : conf->wmm_ac_params[3] = ac_vo;
168 :
169 2747 : conf->tx_queue[0] = txq_vo;
170 2747 : conf->tx_queue[1] = txq_vi;
171 2747 : conf->tx_queue[2] = txq_be;
172 2747 : conf->tx_queue[3] = txq_bk;
173 :
174 2747 : conf->ht_capab = HT_CAP_INFO_SMPS_DISABLED;
175 :
176 2747 : conf->ap_table_max_size = 255;
177 2747 : conf->ap_table_expiration_time = 60;
178 2747 : conf->track_sta_max_age = 180;
179 :
180 : #ifdef CONFIG_TESTING_OPTIONS
181 2747 : conf->ignore_probe_probability = 0.0;
182 2747 : conf->ignore_auth_probability = 0.0;
183 2747 : conf->ignore_assoc_probability = 0.0;
184 2747 : conf->ignore_reassoc_probability = 0.0;
185 2747 : conf->corrupt_gtk_rekey_mic_probability = 0.0;
186 2747 : conf->ecsa_ie_only = 0;
187 : #endif /* CONFIG_TESTING_OPTIONS */
188 :
189 2747 : conf->acs = 0;
190 2747 : conf->acs_ch_list.num = 0;
191 : #ifdef CONFIG_ACS
192 2747 : conf->acs_num_scans = 5;
193 : #endif /* CONFIG_ACS */
194 :
195 2747 : return conf;
196 : }
197 :
198 :
199 74 : int hostapd_mac_comp(const void *a, const void *b)
200 : {
201 74 : return os_memcmp(a, b, sizeof(macaddr));
202 : }
203 :
204 :
205 23 : static int hostapd_config_read_wpa_psk(const char *fname,
206 : struct hostapd_ssid *ssid)
207 : {
208 : FILE *f;
209 : char buf[128], *pos;
210 23 : int line = 0, ret = 0, len, ok;
211 : u8 addr[ETH_ALEN];
212 : struct hostapd_wpa_psk *psk;
213 :
214 23 : if (!fname)
215 0 : return 0;
216 :
217 23 : f = fopen(fname, "r");
218 23 : if (!f) {
219 1 : wpa_printf(MSG_ERROR, "WPA PSK file '%s' not found.", fname);
220 1 : return -1;
221 : }
222 :
223 127 : while (fgets(buf, sizeof(buf), f)) {
224 86 : line++;
225 :
226 86 : if (buf[0] == '#')
227 3 : continue;
228 83 : pos = buf;
229 3839 : while (*pos != '\0') {
230 3756 : if (*pos == '\n') {
231 83 : *pos = '\0';
232 83 : break;
233 : }
234 3673 : pos++;
235 : }
236 83 : if (buf[0] == '\0')
237 1 : continue;
238 :
239 82 : if (hwaddr_aton(buf, addr)) {
240 1 : wpa_printf(MSG_ERROR, "Invalid MAC address '%s' on "
241 : "line %d in '%s'", buf, line, fname);
242 1 : ret = -1;
243 1 : break;
244 : }
245 :
246 81 : psk = os_zalloc(sizeof(*psk));
247 81 : if (psk == NULL) {
248 0 : wpa_printf(MSG_ERROR, "WPA PSK allocation failed");
249 0 : ret = -1;
250 0 : break;
251 : }
252 81 : if (is_zero_ether_addr(addr))
253 30 : psk->group = 1;
254 : else
255 51 : os_memcpy(psk->addr, addr, ETH_ALEN);
256 :
257 81 : pos = buf + 17;
258 81 : if (*pos == '\0') {
259 1 : wpa_printf(MSG_ERROR, "No PSK on line %d in '%s'",
260 : line, fname);
261 1 : os_free(psk);
262 1 : ret = -1;
263 1 : break;
264 : }
265 80 : pos++;
266 :
267 80 : ok = 0;
268 80 : len = os_strlen(pos);
269 80 : if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
270 16 : ok = 1;
271 64 : else if (len >= 8 && len < 64) {
272 63 : pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
273 63 : 4096, psk->psk, PMK_LEN);
274 63 : ok = 1;
275 : }
276 80 : if (!ok) {
277 1 : wpa_printf(MSG_ERROR, "Invalid PSK '%s' on line %d in "
278 : "'%s'", pos, line, fname);
279 1 : os_free(psk);
280 1 : ret = -1;
281 1 : break;
282 : }
283 :
284 79 : psk->next = ssid->wpa_psk;
285 79 : ssid->wpa_psk = psk;
286 : }
287 :
288 22 : fclose(f);
289 :
290 22 : return ret;
291 : }
292 :
293 :
294 483 : static int hostapd_derive_psk(struct hostapd_ssid *ssid)
295 : {
296 483 : ssid->wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
297 483 : if (ssid->wpa_psk == NULL) {
298 0 : wpa_printf(MSG_ERROR, "Unable to alloc space for PSK");
299 0 : return -1;
300 : }
301 966 : wpa_hexdump_ascii(MSG_DEBUG, "SSID",
302 483 : (u8 *) ssid->ssid, ssid->ssid_len);
303 966 : wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)",
304 483 : (u8 *) ssid->wpa_passphrase,
305 483 : os_strlen(ssid->wpa_passphrase));
306 966 : pbkdf2_sha1(ssid->wpa_passphrase,
307 483 : ssid->ssid, ssid->ssid_len,
308 483 : 4096, ssid->wpa_psk->psk, PMK_LEN);
309 483 : wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)",
310 483 : ssid->wpa_psk->psk, PMK_LEN);
311 483 : return 0;
312 : }
313 :
314 :
315 2680 : int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
316 : {
317 2680 : struct hostapd_ssid *ssid = &conf->ssid;
318 :
319 2680 : if (ssid->wpa_passphrase != NULL) {
320 501 : if (ssid->wpa_psk != NULL) {
321 18 : wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK "
322 : "instead of passphrase");
323 : } else {
324 483 : wpa_printf(MSG_DEBUG, "Deriving WPA PSK based on "
325 : "passphrase");
326 483 : if (hostapd_derive_psk(ssid) < 0)
327 0 : return -1;
328 : }
329 501 : ssid->wpa_psk->group = 1;
330 : }
331 :
332 2680 : if (ssid->wpa_psk_file) {
333 23 : if (hostapd_config_read_wpa_psk(ssid->wpa_psk_file,
334 : &conf->ssid))
335 4 : return -1;
336 : }
337 :
338 2676 : return 0;
339 : }
340 :
341 :
342 5518 : static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
343 : int num_servers)
344 : {
345 : int i;
346 :
347 6163 : for (i = 0; i < num_servers; i++) {
348 645 : os_free(servers[i].shared_secret);
349 : }
350 5518 : os_free(servers);
351 5518 : }
352 :
353 :
354 : struct hostapd_radius_attr *
355 94402 : hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type)
356 : {
357 94767 : for (; attr; attr = attr->next) {
358 380 : if (attr->type == type)
359 15 : return attr;
360 : }
361 94387 : return NULL;
362 : }
363 :
364 :
365 17171 : static void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr)
366 : {
367 : struct hostapd_radius_attr *prev;
368 :
369 37376 : while (attr) {
370 3034 : prev = attr;
371 3034 : attr = attr->next;
372 3034 : wpabuf_free(prev->val);
373 3034 : os_free(prev);
374 : }
375 17171 : }
376 :
377 :
378 11653 : void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
379 : {
380 11653 : hostapd_config_free_radius_attr(user->accept_attr);
381 11653 : os_free(user->identity);
382 11653 : bin_clear_free(user->password, user->password_len);
383 11653 : os_free(user);
384 11653 : }
385 :
386 :
387 2759 : static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
388 : {
389 : int i;
390 13795 : for (i = 0; i < NUM_WEP_KEYS; i++) {
391 11036 : bin_clear_free(keys->key[i], keys->len[i]);
392 11036 : keys->key[i] = NULL;
393 : }
394 2759 : }
395 :
396 :
397 3314 : void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **l)
398 : {
399 : struct hostapd_wpa_psk *psk, *tmp;
400 :
401 7657 : for (psk = *l; psk;) {
402 1029 : tmp = psk;
403 1029 : psk = psk->next;
404 1029 : bin_clear_free(tmp, sizeof(*tmp));
405 : }
406 3314 : *l = NULL;
407 3314 : }
408 :
409 :
410 2759 : static void hostapd_config_free_anqp_elem(struct hostapd_bss_config *conf)
411 : {
412 : struct anqp_element *elem;
413 :
414 5528 : while ((elem = dl_list_first(&conf->anqp_elem, struct anqp_element,
415 : list))) {
416 10 : dl_list_del(&elem->list);
417 10 : wpabuf_free(elem->payload);
418 10 : os_free(elem);
419 : }
420 2759 : }
421 :
422 :
423 2759 : void hostapd_config_free_bss(struct hostapd_bss_config *conf)
424 : {
425 : struct hostapd_eap_user *user, *prev_user;
426 :
427 2759 : if (conf == NULL)
428 2759 : return;
429 :
430 2759 : hostapd_config_clear_wpa_psk(&conf->ssid.wpa_psk);
431 :
432 2759 : str_clear_free(conf->ssid.wpa_passphrase);
433 2759 : os_free(conf->ssid.wpa_psk_file);
434 2759 : hostapd_config_free_wep(&conf->ssid.wep);
435 : #ifdef CONFIG_FULL_DYNAMIC_VLAN
436 2128 : os_free(conf->ssid.vlan_tagged_interface);
437 : #endif /* CONFIG_FULL_DYNAMIC_VLAN */
438 :
439 2759 : user = conf->eap_user;
440 16827 : while (user) {
441 11309 : prev_user = user;
442 11309 : user = user->next;
443 11309 : hostapd_config_free_eap_user(prev_user);
444 : }
445 2759 : os_free(conf->eap_user_sqlite);
446 :
447 2759 : os_free(conf->eap_req_id_text);
448 2759 : os_free(conf->erp_domain);
449 2759 : os_free(conf->accept_mac);
450 2759 : os_free(conf->deny_mac);
451 2759 : os_free(conf->nas_identifier);
452 2759 : if (conf->radius) {
453 2759 : hostapd_config_free_radius(conf->radius->auth_servers,
454 2759 : conf->radius->num_auth_servers);
455 2759 : hostapd_config_free_radius(conf->radius->acct_servers,
456 2759 : conf->radius->num_acct_servers);
457 : }
458 2759 : hostapd_config_free_radius_attr(conf->radius_auth_req_attr);
459 2759 : hostapd_config_free_radius_attr(conf->radius_acct_req_attr);
460 2759 : os_free(conf->rsn_preauth_interfaces);
461 2759 : os_free(conf->ctrl_interface);
462 2759 : os_free(conf->ca_cert);
463 2759 : os_free(conf->server_cert);
464 2759 : os_free(conf->private_key);
465 2759 : os_free(conf->private_key_passwd);
466 2759 : os_free(conf->ocsp_stapling_response);
467 2759 : os_free(conf->ocsp_stapling_response_multi);
468 2759 : os_free(conf->dh_file);
469 2759 : os_free(conf->openssl_ciphers);
470 2759 : os_free(conf->pac_opaque_encr_key);
471 2759 : os_free(conf->eap_fast_a_id);
472 2759 : os_free(conf->eap_fast_a_id_info);
473 2759 : os_free(conf->eap_sim_db);
474 2759 : os_free(conf->radius_server_clients);
475 2759 : os_free(conf->radius);
476 2759 : os_free(conf->radius_das_shared_secret);
477 2759 : hostapd_config_free_vlan(conf);
478 2759 : os_free(conf->time_zone);
479 :
480 : #ifdef CONFIG_IEEE80211R
481 : {
482 : struct ft_remote_r0kh *r0kh, *r0kh_prev;
483 : struct ft_remote_r1kh *r1kh, *r1kh_prev;
484 :
485 2759 : r0kh = conf->r0kh_list;
486 2759 : conf->r0kh_list = NULL;
487 5632 : while (r0kh) {
488 114 : r0kh_prev = r0kh;
489 114 : r0kh = r0kh->next;
490 114 : os_free(r0kh_prev);
491 : }
492 :
493 2759 : r1kh = conf->r1kh_list;
494 2759 : conf->r1kh_list = NULL;
495 5575 : while (r1kh) {
496 57 : r1kh_prev = r1kh;
497 57 : r1kh = r1kh->next;
498 57 : os_free(r1kh_prev);
499 : }
500 : }
501 : #endif /* CONFIG_IEEE80211R */
502 :
503 : #ifdef CONFIG_WPS
504 2759 : os_free(conf->wps_pin_requests);
505 2759 : os_free(conf->device_name);
506 2759 : os_free(conf->manufacturer);
507 2759 : os_free(conf->model_name);
508 2759 : os_free(conf->model_number);
509 2759 : os_free(conf->serial_number);
510 2759 : os_free(conf->config_methods);
511 2759 : os_free(conf->ap_pin);
512 2759 : os_free(conf->extra_cred);
513 2759 : os_free(conf->ap_settings);
514 2759 : os_free(conf->upnp_iface);
515 2759 : os_free(conf->friendly_name);
516 2759 : os_free(conf->manufacturer_url);
517 2759 : os_free(conf->model_description);
518 2759 : os_free(conf->model_url);
519 2759 : os_free(conf->upc);
520 : {
521 : unsigned int i;
522 :
523 30349 : for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++)
524 27590 : wpabuf_free(conf->wps_vendor_ext[i]);
525 : }
526 2759 : wpabuf_free(conf->wps_nfc_dh_pubkey);
527 2759 : wpabuf_free(conf->wps_nfc_dh_privkey);
528 2759 : wpabuf_free(conf->wps_nfc_dev_pw);
529 : #endif /* CONFIG_WPS */
530 :
531 2759 : os_free(conf->roaming_consortium);
532 2759 : os_free(conf->venue_name);
533 2759 : os_free(conf->nai_realm_data);
534 2759 : os_free(conf->network_auth_type);
535 2759 : os_free(conf->anqp_3gpp_cell_net);
536 2759 : os_free(conf->domain_name);
537 2759 : hostapd_config_free_anqp_elem(conf);
538 :
539 : #ifdef CONFIG_RADIUS_TEST
540 : os_free(conf->dump_msk_file);
541 : #endif /* CONFIG_RADIUS_TEST */
542 :
543 : #ifdef CONFIG_HS20
544 2759 : os_free(conf->hs20_oper_friendly_name);
545 2759 : os_free(conf->hs20_wan_metrics);
546 2759 : os_free(conf->hs20_connection_capability);
547 2759 : os_free(conf->hs20_operating_class);
548 2759 : os_free(conf->hs20_icons);
549 2759 : if (conf->hs20_osu_providers) {
550 : size_t i;
551 20 : for (i = 0; i < conf->hs20_osu_providers_count; i++) {
552 : struct hs20_osu_provider *p;
553 : size_t j;
554 10 : p = &conf->hs20_osu_providers[i];
555 10 : os_free(p->friendly_name);
556 10 : os_free(p->server_uri);
557 10 : os_free(p->method_list);
558 22 : for (j = 0; j < p->icons_count; j++)
559 12 : os_free(p->icons[j]);
560 10 : os_free(p->icons);
561 10 : os_free(p->osu_nai);
562 10 : os_free(p->service_desc);
563 : }
564 10 : os_free(conf->hs20_osu_providers);
565 : }
566 2759 : os_free(conf->subscr_remediation_url);
567 : #endif /* CONFIG_HS20 */
568 :
569 2759 : wpabuf_free(conf->vendor_elements);
570 2759 : wpabuf_free(conf->assocresp_elements);
571 :
572 2759 : os_free(conf->sae_groups);
573 :
574 2759 : os_free(conf->wowlan_triggers);
575 :
576 2759 : os_free(conf->server_id);
577 :
578 : #ifdef CONFIG_TESTING_OPTIONS
579 2759 : wpabuf_free(conf->own_ie_override);
580 : #endif /* CONFIG_TESTING_OPTIONS */
581 :
582 2759 : os_free(conf->no_probe_resp_if_seen_on);
583 2759 : os_free(conf->no_auth_if_seen_on);
584 :
585 2759 : os_free(conf);
586 : }
587 :
588 :
589 : /**
590 : * hostapd_config_free - Free hostapd configuration
591 : * @conf: Configuration data from hostapd_config_read().
592 : */
593 2780 : void hostapd_config_free(struct hostapd_config *conf)
594 : {
595 : size_t i;
596 :
597 2780 : if (conf == NULL)
598 2813 : return;
599 :
600 5464 : for (i = 0; i < conf->num_bss; i++)
601 2717 : hostapd_config_free_bss(conf->bss[i]);
602 2747 : os_free(conf->bss);
603 2747 : os_free(conf->supported_rates);
604 2747 : os_free(conf->basic_rates);
605 2747 : os_free(conf->acs_ch_list.range);
606 2747 : os_free(conf->driver_params);
607 : #ifdef CONFIG_ACS
608 2747 : os_free(conf->acs_chan_bias);
609 : #endif /* CONFIG_ACS */
610 2747 : wpabuf_free(conf->lci);
611 2747 : wpabuf_free(conf->civic);
612 :
613 2747 : os_free(conf);
614 : }
615 :
616 :
617 : /**
618 : * hostapd_maclist_found - Find a MAC address from a list
619 : * @list: MAC address list
620 : * @num_entries: Number of addresses in the list
621 : * @addr: Address to search for
622 : * @vlan_id: Buffer for returning VLAN ID or %NULL if not needed
623 : * Returns: 1 if address is in the list or 0 if not.
624 : *
625 : * Perform a binary search for given MAC address from a pre-sorted list.
626 : */
627 10403 : int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
628 : const u8 *addr, struct vlan_description *vlan_id)
629 : {
630 : int start, end, middle, res;
631 :
632 10403 : start = 0;
633 10403 : end = num_entries - 1;
634 :
635 20827 : while (start <= end) {
636 185 : middle = (start + end) / 2;
637 185 : res = os_memcmp(list[middle].addr, addr, ETH_ALEN);
638 185 : if (res == 0) {
639 164 : if (vlan_id)
640 164 : *vlan_id = list[middle].vlan_id;
641 164 : return 1;
642 : }
643 21 : if (res < 0)
644 21 : start = middle + 1;
645 : else
646 0 : end = middle - 1;
647 : }
648 :
649 10239 : return 0;
650 : }
651 :
652 :
653 33336 : int hostapd_rate_found(int *list, int rate)
654 : {
655 : int i;
656 :
657 33336 : if (list == NULL)
658 0 : return 0;
659 :
660 145829 : for (i = 0; list[i] >= 0; i++)
661 125872 : if (list[i] == rate)
662 13379 : return 1;
663 :
664 19957 : return 0;
665 : }
666 :
667 :
668 37 : int hostapd_vlan_valid(struct hostapd_vlan *vlan,
669 : struct vlan_description *vlan_desc)
670 : {
671 37 : struct hostapd_vlan *v = vlan;
672 : int i;
673 :
674 74 : if (!vlan_desc->notempty || vlan_desc->untagged < 0 ||
675 37 : vlan_desc->untagged > MAX_VLAN_ID)
676 0 : return 0;
677 1221 : for (i = 0; i < MAX_NUM_TAGGED_VLAN; i++) {
678 2368 : if (vlan_desc->tagged[i] < 0 ||
679 1184 : vlan_desc->tagged[i] > MAX_VLAN_ID)
680 0 : return 0;
681 : }
682 37 : if (!vlan_desc->untagged && !vlan_desc->tagged[0])
683 0 : return 0;
684 :
685 89 : while (v) {
686 104 : if (!vlan_compare(&v->vlan_desc, vlan_desc) ||
687 52 : v->vlan_id == VLAN_ID_WILDCARD)
688 37 : return 1;
689 15 : v = v->next;
690 : }
691 0 : return 0;
692 : }
693 :
694 :
695 66 : const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
696 : {
697 66 : struct hostapd_vlan *v = vlan;
698 139 : while (v) {
699 73 : if (v->vlan_id == vlan_id)
700 66 : return v->ifname;
701 7 : v = v->next;
702 : }
703 0 : return NULL;
704 : }
705 :
706 :
707 2649 : const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
708 : const u8 *addr, const u8 *p2p_dev_addr,
709 : const u8 *prev_psk)
710 : {
711 : struct hostapd_wpa_psk *psk;
712 2649 : int next_ok = prev_psk == NULL;
713 :
714 2649 : if (p2p_dev_addr && !is_zero_ether_addr(p2p_dev_addr)) {
715 10452 : wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
716 : " p2p_dev_addr=" MACSTR " prev_psk=%p",
717 10452 : MAC2STR(addr), MAC2STR(p2p_dev_addr), prev_psk);
718 871 : addr = NULL; /* Use P2P Device Address for matching */
719 : } else {
720 10668 : wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
721 : " prev_psk=%p",
722 10668 : MAC2STR(addr), prev_psk);
723 : }
724 :
725 2698 : for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
726 5317 : if (next_ok &&
727 2736 : (psk->group ||
728 42 : (addr && os_memcmp(psk->addr, addr, ETH_ALEN) == 0) ||
729 96 : (!addr && p2p_dev_addr &&
730 48 : os_memcmp(psk->p2p_dev_addr, p2p_dev_addr, ETH_ALEN) ==
731 : 0)))
732 2622 : return psk->psk;
733 :
734 49 : if (psk->psk == prev_psk)
735 21 : next_ok = 1;
736 : }
737 :
738 27 : return NULL;
739 : }
740 :
741 :
742 32855 : static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
743 : struct hostapd_config *conf,
744 : int full_config)
745 : {
746 33424 : if (full_config && bss->ieee802_1x && !bss->eap_server &&
747 569 : !bss->radius->auth_servers) {
748 1 : wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no "
749 : "EAP authenticator configured).");
750 1 : return -1;
751 : }
752 :
753 32854 : if (bss->wpa) {
754 : int wep, i;
755 :
756 27768 : wep = bss->default_wep_key_len > 0 ||
757 13884 : bss->individual_wep_key_len > 0;
758 69416 : for (i = 0; i < NUM_WEP_KEYS; i++) {
759 55533 : if (bss->ssid.wep.keys_set) {
760 1 : wep = 1;
761 1 : break;
762 : }
763 : }
764 :
765 13884 : if (wep) {
766 1 : wpa_printf(MSG_ERROR, "WEP configuration in a WPA network is not supported");
767 1 : return -1;
768 : }
769 : }
770 :
771 34049 : if (full_config && bss->wpa &&
772 1199 : bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
773 3 : bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
774 1 : wpa_printf(MSG_ERROR, "WPA-PSK using RADIUS enabled, but no "
775 : "RADIUS checking (macaddr_acl=2) enabled.");
776 1 : return -1;
777 : }
778 :
779 33288 : if (full_config && bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
780 836 : bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
781 13 : bss->ssid.wpa_psk_file == NULL &&
782 4 : (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED ||
783 2 : bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) {
784 0 : wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase "
785 : "is not configured.");
786 0 : return -1;
787 : }
788 :
789 32852 : if (full_config && !is_zero_ether_addr(bss->bssid)) {
790 : size_t i;
791 :
792 236 : for (i = 0; i < conf->num_bss; i++) {
793 163 : if (conf->bss[i] != bss &&
794 30 : (hostapd_mac_comp(conf->bss[i]->bssid,
795 30 : bss->bssid) == 0)) {
796 0 : wpa_printf(MSG_ERROR, "Duplicate BSSID " MACSTR
797 : " on interface '%s' and '%s'.",
798 0 : MAC2STR(bss->bssid),
799 0 : conf->bss[i]->iface, bss->iface);
800 0 : return -1;
801 : }
802 : }
803 : }
804 :
805 : #ifdef CONFIG_IEEE80211R
806 32919 : if (full_config && wpa_key_mgmt_ft(bss->wpa_key_mgmt) &&
807 133 : (bss->nas_identifier == NULL ||
808 132 : os_strlen(bss->nas_identifier) < 1 ||
809 66 : os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) {
810 1 : wpa_printf(MSG_ERROR, "FT (IEEE 802.11r) requires "
811 : "nas_identifier to be configured as a 1..48 octet "
812 : "string");
813 1 : return -1;
814 : }
815 : #endif /* CONFIG_IEEE80211R */
816 :
817 : #ifdef CONFIG_IEEE80211N
818 34943 : if (full_config && conf->ieee80211n &&
819 2092 : conf->hw_mode == HOSTAPD_MODE_IEEE80211B) {
820 17 : bss->disable_11n = 1;
821 17 : wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) in 11b mode is not "
822 : "allowed, disabling HT capabilities");
823 : }
824 :
825 34943 : if (full_config && conf->ieee80211n &&
826 2092 : bss->ssid.security_policy == SECURITY_STATIC_WEP) {
827 12 : bss->disable_11n = 1;
828 12 : wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not "
829 : "allowed, disabling HT capabilities");
830 : }
831 :
832 34045 : if (full_config && conf->ieee80211n && bss->wpa &&
833 2385 : !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
834 1191 : !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
835 : WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
836 : {
837 17 : bss->disable_11n = 1;
838 17 : wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 "
839 : "requires CCMP/GCMP to be enabled, disabling HT "
840 : "capabilities");
841 : }
842 : #endif /* CONFIG_IEEE80211N */
843 :
844 : #ifdef CONFIG_IEEE80211AC
845 32880 : if (full_config && conf->ieee80211ac &&
846 29 : bss->ssid.security_policy == SECURITY_STATIC_WEP) {
847 1 : bss->disable_11ac = 1;
848 1 : wpa_printf(MSG_ERROR,
849 : "VHT (IEEE 802.11ac) with WEP is not allowed, disabling VHT capabilities");
850 : }
851 : #endif /* CONFIG_IEEE80211AC */
852 :
853 : #ifdef CONFIG_WPS
854 32851 : if (full_config && bss->wps_state && bss->ignore_broadcast_ssid) {
855 0 : wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid "
856 : "configuration forced WPS to be disabled");
857 0 : bss->wps_state = 0;
858 : }
859 :
860 33116 : if (full_config && bss->wps_state &&
861 265 : bss->ssid.wep.keys_set && bss->wpa == 0) {
862 0 : wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be "
863 : "disabled");
864 0 : bss->wps_state = 0;
865 : }
866 :
867 33080 : if (full_config && bss->wps_state && bss->wpa &&
868 458 : (!(bss->wpa & 2) ||
869 229 : !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)))) {
870 0 : wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without "
871 : "WPA2/CCMP/GCMP forced WPS to be disabled");
872 0 : bss->wps_state = 0;
873 : }
874 : #endif /* CONFIG_WPS */
875 :
876 : #ifdef CONFIG_HS20
877 33052 : if (full_config && bss->hs20 &&
878 401 : (!(bss->wpa & 2) ||
879 200 : !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
880 : WPA_CIPHER_CCMP_256 |
881 : WPA_CIPHER_GCMP_256)))) {
882 1 : wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP "
883 : "configuration is required for Hotspot 2.0 "
884 : "functionality");
885 1 : return -1;
886 : }
887 : #endif /* CONFIG_HS20 */
888 :
889 : #ifdef CONFIG_MBO
890 32851 : if (full_config && bss->mbo_enabled && (bss->wpa & 2) &&
891 1 : bss->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
892 0 : wpa_printf(MSG_ERROR,
893 : "MBO: PMF needs to be enabled whenever using WPA2 with MBO");
894 0 : return -1;
895 : }
896 : #endif /* CONFIG_MBO */
897 :
898 32850 : return 0;
899 : }
900 :
901 :
902 131304 : static int hostapd_config_check_cw(struct hostapd_config *conf, int queue)
903 : {
904 131304 : int tx_cwmin = conf->tx_queue[queue].cwmin;
905 131304 : int tx_cwmax = conf->tx_queue[queue].cwmax;
906 131304 : int ac_cwmin = conf->wmm_ac_params[queue].cwmin;
907 131304 : int ac_cwmax = conf->wmm_ac_params[queue].cwmax;
908 :
909 131304 : if (tx_cwmin > tx_cwmax) {
910 0 : wpa_printf(MSG_ERROR,
911 : "Invalid TX queue cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
912 : tx_cwmin, tx_cwmax);
913 0 : return -1;
914 : }
915 131304 : if (ac_cwmin > ac_cwmax) {
916 0 : wpa_printf(MSG_ERROR,
917 : "Invalid WMM AC cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
918 : ac_cwmin, ac_cwmax);
919 0 : return -1;
920 : }
921 131304 : return 0;
922 : }
923 :
924 :
925 32830 : int hostapd_config_check(struct hostapd_config *conf, int full_config)
926 : {
927 : size_t i;
928 :
929 32881 : if (full_config && conf->ieee80211d &&
930 101 : (!conf->country[0] || !conf->country[1])) {
931 1 : wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11d without "
932 : "setting the country_code");
933 1 : return -1;
934 : }
935 :
936 32829 : if (full_config && conf->ieee80211h && !conf->ieee80211d) {
937 1 : wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11h without "
938 : "IEEE 802.11d enabled");
939 1 : return -1;
940 : }
941 :
942 32831 : if (full_config && conf->local_pwr_constraint != -1 &&
943 3 : !conf->ieee80211d) {
944 1 : wpa_printf(MSG_ERROR, "Cannot add Power Constraint element without Country element");
945 1 : return -1;
946 : }
947 :
948 32829 : if (full_config && conf->spectrum_mgmt_required &&
949 2 : conf->local_pwr_constraint == -1) {
950 1 : wpa_printf(MSG_ERROR, "Cannot set Spectrum Management bit without Country and Power Constraint elements");
951 1 : return -1;
952 : }
953 :
954 164130 : for (i = 0; i < NUM_TX_QUEUES; i++) {
955 131304 : if (hostapd_config_check_cw(conf, i))
956 0 : return -1;
957 : }
958 :
959 65676 : for (i = 0; i < conf->num_bss; i++) {
960 32855 : if (hostapd_config_check_bss(conf->bss[i], conf, full_config))
961 5 : return -1;
962 : }
963 :
964 32821 : return 0;
965 : }
966 :
967 :
968 32855 : void hostapd_set_security_params(struct hostapd_bss_config *bss,
969 : int full_config)
970 : {
971 32855 : if (bss->individual_wep_key_len == 0) {
972 : /* individual keys are not use; can use key idx0 for
973 : * broadcast keys */
974 32836 : bss->broadcast_key_idx_min = 0;
975 : }
976 :
977 32855 : if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
978 1149 : bss->rsn_pairwise = bss->wpa_pairwise;
979 32855 : bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise,
980 : bss->rsn_pairwise);
981 :
982 32855 : if (full_config) {
983 2118 : bss->radius->auth_server = bss->radius->auth_servers;
984 2118 : bss->radius->acct_server = bss->radius->acct_servers;
985 : }
986 :
987 32855 : if (bss->wpa && bss->ieee802_1x) {
988 4889 : bss->ssid.security_policy = SECURITY_WPA;
989 27966 : } else if (bss->wpa) {
990 8995 : bss->ssid.security_policy = SECURITY_WPA_PSK;
991 18971 : } else if (bss->ieee802_1x) {
992 81 : int cipher = WPA_CIPHER_NONE;
993 81 : bss->ssid.security_policy = SECURITY_IEEE_802_1X;
994 81 : bss->ssid.wep.default_len = bss->default_wep_key_len;
995 81 : if (full_config && bss->default_wep_key_len) {
996 6 : cipher = bss->default_wep_key_len >= 13 ?
997 : WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
998 75 : } else if (full_config && bss->ssid.wep.keys_set) {
999 1 : if (bss->ssid.wep.len[0] >= 13)
1000 0 : cipher = WPA_CIPHER_WEP104;
1001 : else
1002 1 : cipher = WPA_CIPHER_WEP40;
1003 : }
1004 81 : bss->wpa_group = cipher;
1005 81 : bss->wpa_pairwise = cipher;
1006 81 : bss->rsn_pairwise = cipher;
1007 81 : if (full_config)
1008 17 : bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
1009 18890 : } else if (bss->ssid.wep.keys_set) {
1010 27 : int cipher = WPA_CIPHER_WEP40;
1011 27 : if (bss->ssid.wep.len[0] >= 13)
1012 12 : cipher = WPA_CIPHER_WEP104;
1013 27 : bss->ssid.security_policy = SECURITY_STATIC_WEP;
1014 27 : bss->wpa_group = cipher;
1015 27 : bss->wpa_pairwise = cipher;
1016 27 : bss->rsn_pairwise = cipher;
1017 27 : if (full_config)
1018 12 : bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1019 18863 : } else if (bss->osen) {
1020 2 : bss->ssid.security_policy = SECURITY_OSEN;
1021 2 : bss->wpa_group = WPA_CIPHER_CCMP;
1022 2 : bss->wpa_pairwise = 0;
1023 2 : bss->rsn_pairwise = WPA_CIPHER_CCMP;
1024 : } else {
1025 18861 : bss->ssid.security_policy = SECURITY_PLAINTEXT;
1026 18861 : if (full_config) {
1027 892 : bss->wpa_group = WPA_CIPHER_NONE;
1028 892 : bss->wpa_pairwise = WPA_CIPHER_NONE;
1029 892 : bss->rsn_pairwise = WPA_CIPHER_NONE;
1030 892 : bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1031 : }
1032 : }
1033 32855 : }
|