]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * hostapd / Configuration helper functions | |
3 | * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi> | |
4 | * | |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include "utils/includes.h" | |
10 | ||
11 | #include "utils/common.h" | |
12 | #include "crypto/sha1.h" | |
13 | #include "radius/radius_client.h" | |
14 | #include "common/ieee802_11_defs.h" | |
15 | #include "common/eapol_common.h" | |
16 | #include "eap_common/eap_wsc_common.h" | |
17 | #include "eap_server/eap.h" | |
18 | #include "wpa_auth.h" | |
19 | #include "sta_info.h" | |
20 | #include "ap_config.h" | |
21 | ||
22 | ||
23 | static void hostapd_config_free_vlan(struct hostapd_bss_config *bss) | |
24 | { | |
25 | struct hostapd_vlan *vlan, *prev; | |
26 | ||
27 | vlan = bss->vlan; | |
28 | prev = NULL; | |
29 | while (vlan) { | |
30 | prev = vlan; | |
31 | vlan = vlan->next; | |
32 | os_free(prev); | |
33 | } | |
34 | ||
35 | bss->vlan = NULL; | |
36 | } | |
37 | ||
38 | ||
39 | void hostapd_config_defaults_bss(struct hostapd_bss_config *bss) | |
40 | { | |
41 | bss->logger_syslog_level = HOSTAPD_LEVEL_INFO; | |
42 | bss->logger_stdout_level = HOSTAPD_LEVEL_INFO; | |
43 | bss->logger_syslog = (unsigned int) -1; | |
44 | bss->logger_stdout = (unsigned int) -1; | |
45 | ||
46 | bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED; | |
47 | ||
48 | bss->wep_rekeying_period = 300; | |
49 | /* use key0 in individual key and key1 in broadcast key */ | |
50 | bss->broadcast_key_idx_min = 1; | |
51 | bss->broadcast_key_idx_max = 2; | |
52 | bss->eap_reauth_period = 3600; | |
53 | ||
54 | bss->wpa_group_rekey = 600; | |
55 | bss->wpa_gmk_rekey = 86400; | |
56 | bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK; | |
57 | bss->wpa_pairwise = WPA_CIPHER_TKIP; | |
58 | bss->wpa_group = WPA_CIPHER_TKIP; | |
59 | bss->rsn_pairwise = 0; | |
60 | ||
61 | bss->max_num_sta = MAX_STA_COUNT; | |
62 | ||
63 | bss->dtim_period = 2; | |
64 | ||
65 | bss->radius_server_auth_port = 1812; | |
66 | bss->ap_max_inactivity = AP_MAX_INACTIVITY; | |
67 | bss->eapol_version = EAPOL_VERSION; | |
68 | ||
69 | bss->max_listen_interval = 65535; | |
70 | ||
71 | bss->pwd_group = 19; /* ECC: GF(p=256) */ | |
72 | ||
73 | #ifdef CONFIG_IEEE80211W | |
74 | bss->assoc_sa_query_max_timeout = 1000; | |
75 | bss->assoc_sa_query_retry_timeout = 201; | |
76 | #endif /* CONFIG_IEEE80211W */ | |
77 | #ifdef EAP_SERVER_FAST | |
78 | /* both anonymous and authenticated provisioning */ | |
79 | bss->eap_fast_prov = 3; | |
80 | bss->pac_key_lifetime = 7 * 24 * 60 * 60; | |
81 | bss->pac_key_refresh_time = 1 * 24 * 60 * 60; | |
82 | #endif /* EAP_SERVER_FAST */ | |
83 | ||
84 | /* Set to -1 as defaults depends on HT in setup */ | |
85 | bss->wmm_enabled = -1; | |
86 | ||
87 | #ifdef CONFIG_IEEE80211R | |
88 | bss->ft_over_ds = 1; | |
89 | #endif /* CONFIG_IEEE80211R */ | |
90 | ||
91 | bss->radius_das_time_window = 300; | |
92 | ||
93 | bss->sae_anti_clogging_threshold = 5; | |
94 | } | |
95 | ||
96 | ||
97 | struct hostapd_config * hostapd_config_defaults(void) | |
98 | { | |
99 | #define ecw2cw(ecw) ((1 << (ecw)) - 1) | |
100 | ||
101 | struct hostapd_config *conf; | |
102 | struct hostapd_bss_config *bss; | |
103 | const int aCWmin = 4, aCWmax = 10; | |
104 | const struct hostapd_wmm_ac_params ac_bk = | |
105 | { aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */ | |
106 | const struct hostapd_wmm_ac_params ac_be = | |
107 | { aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */ | |
108 | const struct hostapd_wmm_ac_params ac_vi = /* video traffic */ | |
109 | { aCWmin - 1, aCWmin, 2, 3000 / 32, 0 }; | |
110 | const struct hostapd_wmm_ac_params ac_vo = /* voice traffic */ | |
111 | { aCWmin - 2, aCWmin - 1, 2, 1500 / 32, 0 }; | |
112 | const struct hostapd_tx_queue_params txq_bk = | |
113 | { 7, ecw2cw(aCWmin), ecw2cw(aCWmax), 0 }; | |
114 | const struct hostapd_tx_queue_params txq_be = | |
115 | { 3, ecw2cw(aCWmin), 4 * (ecw2cw(aCWmin) + 1) - 1, 0}; | |
116 | const struct hostapd_tx_queue_params txq_vi = | |
117 | { 1, (ecw2cw(aCWmin) + 1) / 2 - 1, ecw2cw(aCWmin), 30}; | |
118 | const struct hostapd_tx_queue_params txq_vo = | |
119 | { 1, (ecw2cw(aCWmin) + 1) / 4 - 1, | |
120 | (ecw2cw(aCWmin) + 1) / 2 - 1, 15}; | |
121 | ||
122 | #undef ecw2cw | |
123 | ||
124 | conf = os_zalloc(sizeof(*conf)); | |
125 | bss = os_zalloc(sizeof(*bss)); | |
126 | if (conf == NULL || bss == NULL) { | |
127 | wpa_printf(MSG_ERROR, "Failed to allocate memory for " | |
128 | "configuration data."); | |
129 | os_free(conf); | |
130 | os_free(bss); | |
131 | return NULL; | |
132 | } | |
133 | conf->bss = os_calloc(1, sizeof(struct hostapd_bss_config *)); | |
134 | if (conf->bss == NULL) { | |
135 | os_free(conf); | |
136 | os_free(bss); | |
137 | return NULL; | |
138 | } | |
139 | conf->bss[0] = bss; | |
140 | ||
141 | bss->radius = os_zalloc(sizeof(*bss->radius)); | |
142 | if (bss->radius == NULL) { | |
143 | os_free(conf->bss); | |
144 | os_free(conf); | |
145 | os_free(bss); | |
146 | return NULL; | |
147 | } | |
148 | ||
149 | hostapd_config_defaults_bss(bss); | |
150 | ||
151 | conf->num_bss = 1; | |
152 | ||
153 | conf->beacon_int = 100; | |
154 | conf->rts_threshold = -1; /* use driver default: 2347 */ | |
155 | conf->fragm_threshold = -1; /* user driver default: 2346 */ | |
156 | conf->send_probe_response = 1; | |
157 | ||
158 | conf->wmm_ac_params[0] = ac_be; | |
159 | conf->wmm_ac_params[1] = ac_bk; | |
160 | conf->wmm_ac_params[2] = ac_vi; | |
161 | conf->wmm_ac_params[3] = ac_vo; | |
162 | ||
163 | conf->tx_queue[0] = txq_vo; | |
164 | conf->tx_queue[1] = txq_vi; | |
165 | conf->tx_queue[2] = txq_be; | |
166 | conf->tx_queue[3] = txq_bk; | |
167 | ||
168 | conf->ht_capab = HT_CAP_INFO_SMPS_DISABLED; | |
169 | ||
170 | conf->ap_table_max_size = 255; | |
171 | conf->ap_table_expiration_time = 60; | |
172 | ||
173 | #ifdef CONFIG_TESTING_OPTIONS | |
174 | conf->ignore_probe_probability = 0.0d; | |
175 | conf->ignore_auth_probability = 0.0d; | |
176 | conf->ignore_assoc_probability = 0.0d; | |
177 | conf->ignore_reassoc_probability = 0.0d; | |
178 | conf->corrupt_gtk_rekey_mic_probability = 0.0d; | |
179 | #endif /* CONFIG_TESTING_OPTIONS */ | |
180 | ||
181 | #ifdef CONFIG_ACS | |
182 | conf->acs_num_scans = 5; | |
183 | #endif /* CONFIG_ACS */ | |
184 | ||
185 | return conf; | |
186 | } | |
187 | ||
188 | ||
189 | int hostapd_mac_comp(const void *a, const void *b) | |
190 | { | |
191 | return os_memcmp(a, b, sizeof(macaddr)); | |
192 | } | |
193 | ||
194 | ||
195 | int hostapd_mac_comp_empty(const void *a) | |
196 | { | |
197 | macaddr empty = { 0 }; | |
198 | return os_memcmp(a, empty, sizeof(macaddr)); | |
199 | } | |
200 | ||
201 | ||
202 | static int hostapd_config_read_wpa_psk(const char *fname, | |
203 | struct hostapd_ssid *ssid) | |
204 | { | |
205 | FILE *f; | |
206 | char buf[128], *pos; | |
207 | int line = 0, ret = 0, len, ok; | |
208 | u8 addr[ETH_ALEN]; | |
209 | struct hostapd_wpa_psk *psk; | |
210 | ||
211 | if (!fname) | |
212 | return 0; | |
213 | ||
214 | f = fopen(fname, "r"); | |
215 | if (!f) { | |
216 | wpa_printf(MSG_ERROR, "WPA PSK file '%s' not found.", fname); | |
217 | return -1; | |
218 | } | |
219 | ||
220 | while (fgets(buf, sizeof(buf), f)) { | |
221 | line++; | |
222 | ||
223 | if (buf[0] == '#') | |
224 | continue; | |
225 | pos = buf; | |
226 | while (*pos != '\0') { | |
227 | if (*pos == '\n') { | |
228 | *pos = '\0'; | |
229 | break; | |
230 | } | |
231 | pos++; | |
232 | } | |
233 | if (buf[0] == '\0') | |
234 | continue; | |
235 | ||
236 | if (hwaddr_aton(buf, addr)) { | |
237 | wpa_printf(MSG_ERROR, "Invalid MAC address '%s' on " | |
238 | "line %d in '%s'", buf, line, fname); | |
239 | ret = -1; | |
240 | break; | |
241 | } | |
242 | ||
243 | psk = os_zalloc(sizeof(*psk)); | |
244 | if (psk == NULL) { | |
245 | wpa_printf(MSG_ERROR, "WPA PSK allocation failed"); | |
246 | ret = -1; | |
247 | break; | |
248 | } | |
249 | if (is_zero_ether_addr(addr)) | |
250 | psk->group = 1; | |
251 | else | |
252 | os_memcpy(psk->addr, addr, ETH_ALEN); | |
253 | ||
254 | pos = buf + 17; | |
255 | if (*pos == '\0') { | |
256 | wpa_printf(MSG_ERROR, "No PSK on line %d in '%s'", | |
257 | line, fname); | |
258 | os_free(psk); | |
259 | ret = -1; | |
260 | break; | |
261 | } | |
262 | pos++; | |
263 | ||
264 | ok = 0; | |
265 | len = os_strlen(pos); | |
266 | if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0) | |
267 | ok = 1; | |
268 | else if (len >= 8 && len < 64) { | |
269 | pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len, | |
270 | 4096, psk->psk, PMK_LEN); | |
271 | ok = 1; | |
272 | } | |
273 | if (!ok) { | |
274 | wpa_printf(MSG_ERROR, "Invalid PSK '%s' on line %d in " | |
275 | "'%s'", pos, line, fname); | |
276 | os_free(psk); | |
277 | ret = -1; | |
278 | break; | |
279 | } | |
280 | ||
281 | psk->next = ssid->wpa_psk; | |
282 | ssid->wpa_psk = psk; | |
283 | } | |
284 | ||
285 | fclose(f); | |
286 | ||
287 | return ret; | |
288 | } | |
289 | ||
290 | ||
291 | static int hostapd_derive_psk(struct hostapd_ssid *ssid) | |
292 | { | |
293 | ssid->wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk)); | |
294 | if (ssid->wpa_psk == NULL) { | |
295 | wpa_printf(MSG_ERROR, "Unable to alloc space for PSK"); | |
296 | return -1; | |
297 | } | |
298 | wpa_hexdump_ascii(MSG_DEBUG, "SSID", | |
299 | (u8 *) ssid->ssid, ssid->ssid_len); | |
300 | wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)", | |
301 | (u8 *) ssid->wpa_passphrase, | |
302 | os_strlen(ssid->wpa_passphrase)); | |
303 | pbkdf2_sha1(ssid->wpa_passphrase, | |
304 | ssid->ssid, ssid->ssid_len, | |
305 | 4096, ssid->wpa_psk->psk, PMK_LEN); | |
306 | wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)", | |
307 | ssid->wpa_psk->psk, PMK_LEN); | |
308 | return 0; | |
309 | } | |
310 | ||
311 | ||
312 | int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf) | |
313 | { | |
314 | struct hostapd_ssid *ssid = &conf->ssid; | |
315 | ||
316 | if (ssid->wpa_passphrase != NULL) { | |
317 | if (ssid->wpa_psk != NULL) { | |
318 | wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK " | |
319 | "instead of passphrase"); | |
320 | } else { | |
321 | wpa_printf(MSG_DEBUG, "Deriving WPA PSK based on " | |
322 | "passphrase"); | |
323 | if (hostapd_derive_psk(ssid) < 0) | |
324 | return -1; | |
325 | } | |
326 | ssid->wpa_psk->group = 1; | |
327 | } | |
328 | ||
329 | if (ssid->wpa_psk_file) { | |
330 | if (hostapd_config_read_wpa_psk(ssid->wpa_psk_file, | |
331 | &conf->ssid)) | |
332 | return -1; | |
333 | } | |
334 | ||
335 | return 0; | |
336 | } | |
337 | ||
338 | ||
339 | int hostapd_wep_key_cmp(struct hostapd_wep_keys *a, struct hostapd_wep_keys *b) | |
340 | { | |
341 | int i; | |
342 | ||
343 | if (a->idx != b->idx || a->default_len != b->default_len) | |
344 | return 1; | |
345 | for (i = 0; i < NUM_WEP_KEYS; i++) | |
346 | if (a->len[i] != b->len[i] || | |
347 | os_memcmp(a->key[i], b->key[i], a->len[i]) != 0) | |
348 | return 1; | |
349 | return 0; | |
350 | } | |
351 | ||
352 | ||
353 | static void hostapd_config_free_radius(struct hostapd_radius_server *servers, | |
354 | int num_servers) | |
355 | { | |
356 | int i; | |
357 | ||
358 | for (i = 0; i < num_servers; i++) { | |
359 | os_free(servers[i].shared_secret); | |
360 | } | |
361 | os_free(servers); | |
362 | } | |
363 | ||
364 | ||
365 | struct hostapd_radius_attr * | |
366 | hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type) | |
367 | { | |
368 | for (; attr; attr = attr->next) { | |
369 | if (attr->type == type) | |
370 | return attr; | |
371 | } | |
372 | return NULL; | |
373 | } | |
374 | ||
375 | ||
376 | static void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr) | |
377 | { | |
378 | struct hostapd_radius_attr *prev; | |
379 | ||
380 | while (attr) { | |
381 | prev = attr; | |
382 | attr = attr->next; | |
383 | wpabuf_free(prev->val); | |
384 | os_free(prev); | |
385 | } | |
386 | } | |
387 | ||
388 | ||
389 | static void hostapd_config_free_eap_user(struct hostapd_eap_user *user) | |
390 | { | |
391 | os_free(user->identity); | |
392 | os_free(user->password); | |
393 | os_free(user); | |
394 | } | |
395 | ||
396 | ||
397 | static void hostapd_config_free_wep(struct hostapd_wep_keys *keys) | |
398 | { | |
399 | int i; | |
400 | for (i = 0; i < NUM_WEP_KEYS; i++) { | |
401 | os_free(keys->key[i]); | |
402 | keys->key[i] = NULL; | |
403 | } | |
404 | } | |
405 | ||
406 | ||
407 | void hostapd_config_free_bss(struct hostapd_bss_config *conf) | |
408 | { | |
409 | struct hostapd_wpa_psk *psk, *prev; | |
410 | struct hostapd_eap_user *user, *prev_user; | |
411 | ||
412 | if (conf == NULL) | |
413 | return; | |
414 | ||
415 | psk = conf->ssid.wpa_psk; | |
416 | while (psk) { | |
417 | prev = psk; | |
418 | psk = psk->next; | |
419 | os_free(prev); | |
420 | } | |
421 | ||
422 | os_free(conf->ssid.wpa_passphrase); | |
423 | os_free(conf->ssid.wpa_psk_file); | |
424 | hostapd_config_free_wep(&conf->ssid.wep); | |
425 | #ifdef CONFIG_FULL_DYNAMIC_VLAN | |
426 | os_free(conf->ssid.vlan_tagged_interface); | |
427 | #endif /* CONFIG_FULL_DYNAMIC_VLAN */ | |
428 | ||
429 | user = conf->eap_user; | |
430 | while (user) { | |
431 | prev_user = user; | |
432 | user = user->next; | |
433 | hostapd_config_free_eap_user(prev_user); | |
434 | } | |
435 | os_free(conf->eap_user_sqlite); | |
436 | ||
437 | os_free(conf->eap_req_id_text); | |
438 | os_free(conf->accept_mac); | |
439 | os_free(conf->deny_mac); | |
440 | os_free(conf->nas_identifier); | |
441 | if (conf->radius) { | |
442 | hostapd_config_free_radius(conf->radius->auth_servers, | |
443 | conf->radius->num_auth_servers); | |
444 | hostapd_config_free_radius(conf->radius->acct_servers, | |
445 | conf->radius->num_acct_servers); | |
446 | } | |
447 | hostapd_config_free_radius_attr(conf->radius_auth_req_attr); | |
448 | hostapd_config_free_radius_attr(conf->radius_acct_req_attr); | |
449 | os_free(conf->rsn_preauth_interfaces); | |
450 | os_free(conf->ctrl_interface); | |
451 | os_free(conf->ca_cert); | |
452 | os_free(conf->server_cert); | |
453 | os_free(conf->private_key); | |
454 | os_free(conf->private_key_passwd); | |
455 | os_free(conf->ocsp_stapling_response); | |
456 | os_free(conf->dh_file); | |
457 | os_free(conf->pac_opaque_encr_key); | |
458 | os_free(conf->eap_fast_a_id); | |
459 | os_free(conf->eap_fast_a_id_info); | |
460 | os_free(conf->eap_sim_db); | |
461 | os_free(conf->radius_server_clients); | |
462 | os_free(conf->test_socket); | |
463 | os_free(conf->radius); | |
464 | os_free(conf->radius_das_shared_secret); | |
465 | hostapd_config_free_vlan(conf); | |
466 | os_free(conf->time_zone); | |
467 | ||
468 | #ifdef CONFIG_IEEE80211R | |
469 | { | |
470 | struct ft_remote_r0kh *r0kh, *r0kh_prev; | |
471 | struct ft_remote_r1kh *r1kh, *r1kh_prev; | |
472 | ||
473 | r0kh = conf->r0kh_list; | |
474 | conf->r0kh_list = NULL; | |
475 | while (r0kh) { | |
476 | r0kh_prev = r0kh; | |
477 | r0kh = r0kh->next; | |
478 | os_free(r0kh_prev); | |
479 | } | |
480 | ||
481 | r1kh = conf->r1kh_list; | |
482 | conf->r1kh_list = NULL; | |
483 | while (r1kh) { | |
484 | r1kh_prev = r1kh; | |
485 | r1kh = r1kh->next; | |
486 | os_free(r1kh_prev); | |
487 | } | |
488 | } | |
489 | #endif /* CONFIG_IEEE80211R */ | |
490 | ||
491 | #ifdef CONFIG_WPS | |
492 | os_free(conf->wps_pin_requests); | |
493 | os_free(conf->device_name); | |
494 | os_free(conf->manufacturer); | |
495 | os_free(conf->model_name); | |
496 | os_free(conf->model_number); | |
497 | os_free(conf->serial_number); | |
498 | os_free(conf->config_methods); | |
499 | os_free(conf->ap_pin); | |
500 | os_free(conf->extra_cred); | |
501 | os_free(conf->ap_settings); | |
502 | os_free(conf->upnp_iface); | |
503 | os_free(conf->friendly_name); | |
504 | os_free(conf->manufacturer_url); | |
505 | os_free(conf->model_description); | |
506 | os_free(conf->model_url); | |
507 | os_free(conf->upc); | |
508 | wpabuf_free(conf->wps_nfc_dh_pubkey); | |
509 | wpabuf_free(conf->wps_nfc_dh_privkey); | |
510 | wpabuf_free(conf->wps_nfc_dev_pw); | |
511 | #endif /* CONFIG_WPS */ | |
512 | ||
513 | os_free(conf->roaming_consortium); | |
514 | os_free(conf->venue_name); | |
515 | os_free(conf->nai_realm_data); | |
516 | os_free(conf->network_auth_type); | |
517 | os_free(conf->anqp_3gpp_cell_net); | |
518 | os_free(conf->domain_name); | |
519 | ||
520 | #ifdef CONFIG_RADIUS_TEST | |
521 | os_free(conf->dump_msk_file); | |
522 | #endif /* CONFIG_RADIUS_TEST */ | |
523 | ||
524 | #ifdef CONFIG_HS20 | |
525 | os_free(conf->hs20_oper_friendly_name); | |
526 | os_free(conf->hs20_wan_metrics); | |
527 | os_free(conf->hs20_connection_capability); | |
528 | os_free(conf->hs20_operating_class); | |
529 | #endif /* CONFIG_HS20 */ | |
530 | ||
531 | wpabuf_free(conf->vendor_elements); | |
532 | ||
533 | os_free(conf->sae_groups); | |
534 | ||
535 | os_free(conf->server_id); | |
536 | ||
537 | os_free(conf); | |
538 | } | |
539 | ||
540 | ||
541 | /** | |
542 | * hostapd_config_free - Free hostapd configuration | |
543 | * @conf: Configuration data from hostapd_config_read(). | |
544 | */ | |
545 | void hostapd_config_free(struct hostapd_config *conf) | |
546 | { | |
547 | size_t i; | |
548 | ||
549 | if (conf == NULL) | |
550 | return; | |
551 | ||
552 | for (i = 0; i < conf->num_bss; i++) | |
553 | hostapd_config_free_bss(conf->bss[i]); | |
554 | os_free(conf->bss); | |
555 | os_free(conf->supported_rates); | |
556 | os_free(conf->basic_rates); | |
557 | ||
558 | os_free(conf); | |
559 | } | |
560 | ||
561 | ||
562 | /** | |
563 | * hostapd_maclist_found - Find a MAC address from a list | |
564 | * @list: MAC address list | |
565 | * @num_entries: Number of addresses in the list | |
566 | * @addr: Address to search for | |
567 | * @vlan_id: Buffer for returning VLAN ID or %NULL if not needed | |
568 | * Returns: 1 if address is in the list or 0 if not. | |
569 | * | |
570 | * Perform a binary search for given MAC address from a pre-sorted list. | |
571 | */ | |
572 | int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries, | |
573 | const u8 *addr, int *vlan_id) | |
574 | { | |
575 | int start, end, middle, res; | |
576 | ||
577 | start = 0; | |
578 | end = num_entries - 1; | |
579 | ||
580 | while (start <= end) { | |
581 | middle = (start + end) / 2; | |
582 | res = os_memcmp(list[middle].addr, addr, ETH_ALEN); | |
583 | if (res == 0) { | |
584 | if (vlan_id) | |
585 | *vlan_id = list[middle].vlan_id; | |
586 | return 1; | |
587 | } | |
588 | if (res < 0) | |
589 | start = middle + 1; | |
590 | else | |
591 | end = middle - 1; | |
592 | } | |
593 | ||
594 | return 0; | |
595 | } | |
596 | ||
597 | ||
598 | int hostapd_rate_found(int *list, int rate) | |
599 | { | |
600 | int i; | |
601 | ||
602 | if (list == NULL) | |
603 | return 0; | |
604 | ||
605 | for (i = 0; list[i] >= 0; i++) | |
606 | if (list[i] == rate) | |
607 | return 1; | |
608 | ||
609 | return 0; | |
610 | } | |
611 | ||
612 | ||
613 | int hostapd_vlan_id_valid(struct hostapd_vlan *vlan, int vlan_id) | |
614 | { | |
615 | struct hostapd_vlan *v = vlan; | |
616 | while (v) { | |
617 | if (v->vlan_id == vlan_id || v->vlan_id == VLAN_ID_WILDCARD) | |
618 | return 1; | |
619 | v = v->next; | |
620 | } | |
621 | return 0; | |
622 | } | |
623 | ||
624 | ||
625 | const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id) | |
626 | { | |
627 | struct hostapd_vlan *v = vlan; | |
628 | while (v) { | |
629 | if (v->vlan_id == vlan_id) | |
630 | return v->ifname; | |
631 | v = v->next; | |
632 | } | |
633 | return NULL; | |
634 | } | |
635 | ||
636 | ||
637 | const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf, | |
638 | const u8 *addr, const u8 *p2p_dev_addr, | |
639 | const u8 *prev_psk) | |
640 | { | |
641 | struct hostapd_wpa_psk *psk; | |
642 | int next_ok = prev_psk == NULL; | |
643 | ||
644 | if (p2p_dev_addr) { | |
645 | wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR | |
646 | " p2p_dev_addr=" MACSTR " prev_psk=%p", | |
647 | MAC2STR(addr), MAC2STR(p2p_dev_addr), prev_psk); | |
648 | if (!is_zero_ether_addr(p2p_dev_addr)) | |
649 | addr = NULL; /* Use P2P Device Address for matching */ | |
650 | } else { | |
651 | wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR | |
652 | " prev_psk=%p", | |
653 | MAC2STR(addr), prev_psk); | |
654 | } | |
655 | ||
656 | for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) { | |
657 | if (next_ok && | |
658 | (psk->group || | |
659 | (addr && os_memcmp(psk->addr, addr, ETH_ALEN) == 0) || | |
660 | (!addr && p2p_dev_addr && | |
661 | os_memcmp(psk->p2p_dev_addr, p2p_dev_addr, ETH_ALEN) == | |
662 | 0))) | |
663 | return psk->psk; | |
664 | ||
665 | if (psk->psk == prev_psk) | |
666 | next_ok = 1; | |
667 | } | |
668 | ||
669 | return NULL; | |
670 | } | |
671 | ||
672 | ||
673 | static int hostapd_config_check_bss(struct hostapd_bss_config *bss, | |
674 | struct hostapd_config *conf, | |
675 | int full_config) | |
676 | { | |
677 | if (full_config && bss->ieee802_1x && !bss->eap_server && | |
678 | !bss->radius->auth_servers) { | |
679 | wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no " | |
680 | "EAP authenticator configured)."); | |
681 | return -1; | |
682 | } | |
683 | ||
684 | if (bss->wpa) { | |
685 | int wep, i; | |
686 | ||
687 | wep = bss->default_wep_key_len > 0 || | |
688 | bss->individual_wep_key_len > 0; | |
689 | for (i = 0; i < NUM_WEP_KEYS; i++) { | |
690 | if (bss->ssid.wep.keys_set) { | |
691 | wep = 1; | |
692 | break; | |
693 | } | |
694 | } | |
695 | ||
696 | if (wep) { | |
697 | wpa_printf(MSG_ERROR, "WEP configuration in a WPA network is not supported"); | |
698 | return -1; | |
699 | } | |
700 | } | |
701 | ||
702 | if (full_config && bss->wpa && | |
703 | bss->wpa_psk_radius != PSK_RADIUS_IGNORED && | |
704 | bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) { | |
705 | wpa_printf(MSG_ERROR, "WPA-PSK using RADIUS enabled, but no " | |
706 | "RADIUS checking (macaddr_acl=2) enabled."); | |
707 | return -1; | |
708 | } | |
709 | ||
710 | if (full_config && bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) && | |
711 | bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL && | |
712 | bss->ssid.wpa_psk_file == NULL && | |
713 | (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED || | |
714 | bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) { | |
715 | wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase " | |
716 | "is not configured."); | |
717 | return -1; | |
718 | } | |
719 | ||
720 | if (full_config && hostapd_mac_comp_empty(bss->bssid) != 0) { | |
721 | size_t i; | |
722 | ||
723 | for (i = 0; i < conf->num_bss; i++) { | |
724 | if (conf->bss[i] != bss && | |
725 | (hostapd_mac_comp(conf->bss[i]->bssid, | |
726 | bss->bssid) == 0)) { | |
727 | wpa_printf(MSG_ERROR, "Duplicate BSSID " MACSTR | |
728 | " on interface '%s' and '%s'.", | |
729 | MAC2STR(bss->bssid), | |
730 | conf->bss[i]->iface, bss->iface); | |
731 | return -1; | |
732 | } | |
733 | } | |
734 | } | |
735 | ||
736 | #ifdef CONFIG_IEEE80211R | |
737 | if (full_config && wpa_key_mgmt_ft(bss->wpa_key_mgmt) && | |
738 | (bss->nas_identifier == NULL || | |
739 | os_strlen(bss->nas_identifier) < 1 || | |
740 | os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) { | |
741 | wpa_printf(MSG_ERROR, "FT (IEEE 802.11r) requires " | |
742 | "nas_identifier to be configured as a 1..48 octet " | |
743 | "string"); | |
744 | return -1; | |
745 | } | |
746 | #endif /* CONFIG_IEEE80211R */ | |
747 | ||
748 | #ifdef CONFIG_IEEE80211N | |
749 | if (full_config && conf->ieee80211n && | |
750 | conf->hw_mode == HOSTAPD_MODE_IEEE80211B) { | |
751 | bss->disable_11n = 1; | |
752 | wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) in 11b mode is not " | |
753 | "allowed, disabling HT capabilites"); | |
754 | } | |
755 | ||
756 | if (full_config && conf->ieee80211n && | |
757 | bss->ssid.security_policy == SECURITY_STATIC_WEP) { | |
758 | bss->disable_11n = 1; | |
759 | wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not " | |
760 | "allowed, disabling HT capabilities"); | |
761 | } | |
762 | ||
763 | if (full_config && conf->ieee80211n && bss->wpa && | |
764 | !(bss->wpa_pairwise & WPA_CIPHER_CCMP) && | |
765 | !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | | |
766 | WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256))) | |
767 | { | |
768 | bss->disable_11n = 1; | |
769 | wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 " | |
770 | "requires CCMP/GCMP to be enabled, disabling HT " | |
771 | "capabilities"); | |
772 | } | |
773 | #endif /* CONFIG_IEEE80211N */ | |
774 | ||
775 | #ifdef CONFIG_WPS2 | |
776 | if (full_config && bss->wps_state && bss->ignore_broadcast_ssid) { | |
777 | wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid " | |
778 | "configuration forced WPS to be disabled"); | |
779 | bss->wps_state = 0; | |
780 | } | |
781 | ||
782 | if (full_config && bss->wps_state && | |
783 | bss->ssid.wep.keys_set && bss->wpa == 0) { | |
784 | wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be " | |
785 | "disabled"); | |
786 | bss->wps_state = 0; | |
787 | } | |
788 | ||
789 | if (full_config && bss->wps_state && bss->wpa && | |
790 | (!(bss->wpa & 2) || | |
791 | !(bss->rsn_pairwise & WPA_CIPHER_CCMP))) { | |
792 | wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without " | |
793 | "WPA2/CCMP forced WPS to be disabled"); | |
794 | bss->wps_state = 0; | |
795 | } | |
796 | #endif /* CONFIG_WPS2 */ | |
797 | ||
798 | #ifdef CONFIG_HS20 | |
799 | if (full_config && bss->hs20 && | |
800 | (!(bss->wpa & 2) || | |
801 | !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | | |
802 | WPA_CIPHER_CCMP_256 | | |
803 | WPA_CIPHER_GCMP_256)))) { | |
804 | wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP " | |
805 | "configuration is required for Hotspot 2.0 " | |
806 | "functionality"); | |
807 | return -1; | |
808 | } | |
809 | #endif /* CONFIG_HS20 */ | |
810 | ||
811 | return 0; | |
812 | } | |
813 | ||
814 | ||
815 | int hostapd_config_check(struct hostapd_config *conf, int full_config) | |
816 | { | |
817 | size_t i; | |
818 | ||
819 | if (full_config && conf->ieee80211d && | |
820 | (!conf->country[0] || !conf->country[1])) { | |
821 | wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11d without " | |
822 | "setting the country_code"); | |
823 | return -1; | |
824 | } | |
825 | ||
826 | if (full_config && conf->ieee80211h && !conf->ieee80211d) { | |
827 | wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11h without " | |
828 | "IEEE 802.11d enabled"); | |
829 | return -1; | |
830 | } | |
831 | ||
832 | for (i = 0; i < conf->num_bss; i++) { | |
833 | if (hostapd_config_check_bss(conf->bss[i], conf, full_config)) | |
834 | return -1; | |
835 | } | |
836 | ||
837 | return 0; | |
838 | } | |
839 | ||
840 | ||
841 | void hostapd_set_security_params(struct hostapd_bss_config *bss) | |
842 | { | |
843 | if (bss->individual_wep_key_len == 0) { | |
844 | /* individual keys are not use; can use key idx0 for | |
845 | * broadcast keys */ | |
846 | bss->broadcast_key_idx_min = 0; | |
847 | } | |
848 | ||
849 | if ((bss->wpa & 2) && bss->rsn_pairwise == 0) | |
850 | bss->rsn_pairwise = bss->wpa_pairwise; | |
851 | bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise, | |
852 | bss->rsn_pairwise); | |
853 | ||
854 | bss->radius->auth_server = bss->radius->auth_servers; | |
855 | bss->radius->acct_server = bss->radius->acct_servers; | |
856 | ||
857 | if (bss->wpa && bss->ieee802_1x) { | |
858 | bss->ssid.security_policy = SECURITY_WPA; | |
859 | } else if (bss->wpa) { | |
860 | bss->ssid.security_policy = SECURITY_WPA_PSK; | |
861 | } else if (bss->ieee802_1x) { | |
862 | int cipher = WPA_CIPHER_NONE; | |
863 | bss->ssid.security_policy = SECURITY_IEEE_802_1X; | |
864 | bss->ssid.wep.default_len = bss->default_wep_key_len; | |
865 | if (bss->default_wep_key_len) | |
866 | cipher = bss->default_wep_key_len >= 13 ? | |
867 | WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40; | |
868 | bss->wpa_group = cipher; | |
869 | bss->wpa_pairwise = cipher; | |
870 | bss->rsn_pairwise = cipher; | |
871 | } else if (bss->ssid.wep.keys_set) { | |
872 | int cipher = WPA_CIPHER_WEP40; | |
873 | if (bss->ssid.wep.len[0] >= 13) | |
874 | cipher = WPA_CIPHER_WEP104; | |
875 | bss->ssid.security_policy = SECURITY_STATIC_WEP; | |
876 | bss->wpa_group = cipher; | |
877 | bss->wpa_pairwise = cipher; | |
878 | bss->rsn_pairwise = cipher; | |
879 | } else { | |
880 | bss->ssid.security_policy = SECURITY_PLAINTEXT; | |
881 | bss->wpa_group = WPA_CIPHER_NONE; | |
882 | bss->wpa_pairwise = WPA_CIPHER_NONE; | |
883 | bss->rsn_pairwise = WPA_CIPHER_NONE; | |
884 | } | |
885 | } |