]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/ap_config.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Allow RSNE/RSNXE to be replaced in FT protocol Reassocation Response frame
[thirdparty/hostap.git] / src / ap / ap_config.c
1 /*
2 * hostapd / Configuration helper functions
3 * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "crypto/sha1.h"
13 #include "crypto/tls.h"
14 #include "radius/radius_client.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/ieee802_1x_defs.h"
17 #include "common/eapol_common.h"
18 #include "common/dhcp.h"
19 #include "common/sae.h"
20 #include "eap_common/eap_wsc_common.h"
21 #include "eap_server/eap.h"
22 #include "wpa_auth.h"
23 #include "sta_info.h"
24 #include "airtime_policy.h"
25 #include "ap_config.h"
26
27
28 static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)
29 {
30 struct hostapd_vlan *vlan, *prev;
31
32 vlan = bss->vlan;
33 prev = NULL;
34 while (vlan) {
35 prev = vlan;
36 vlan = vlan->next;
37 os_free(prev);
38 }
39
40 bss->vlan = NULL;
41 }
42
43
44 #ifndef DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES
45 #define DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES 0
46 #endif /* DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES */
47
48 void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
49 {
50 dl_list_init(&bss->anqp_elem);
51
52 bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;
53 bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;
54 bss->logger_syslog = (unsigned int) -1;
55 bss->logger_stdout = (unsigned int) -1;
56
57 #ifdef CONFIG_WEP
58 bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;
59
60 bss->wep_rekeying_period = 300;
61 /* use key0 in individual key and key1 in broadcast key */
62 bss->broadcast_key_idx_min = 1;
63 bss->broadcast_key_idx_max = 2;
64 #else /* CONFIG_WEP */
65 bss->auth_algs = WPA_AUTH_ALG_OPEN;
66 #endif /* CONFIG_WEP */
67 bss->eap_reauth_period = 3600;
68
69 bss->wpa_group_rekey = 600;
70 bss->wpa_gmk_rekey = 86400;
71 bss->wpa_deny_ptk0_rekey = PTK0_REKEY_ALLOW_ALWAYS;
72 bss->wpa_group_update_count = 4;
73 bss->wpa_pairwise_update_count = 4;
74 bss->wpa_disable_eapol_key_retries =
75 DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
76 bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
77 bss->wpa_pairwise = WPA_CIPHER_TKIP;
78 bss->wpa_group = WPA_CIPHER_TKIP;
79 bss->rsn_pairwise = 0;
80
81 bss->max_num_sta = MAX_STA_COUNT;
82
83 bss->dtim_period = 2;
84
85 bss->radius_server_auth_port = 1812;
86 bss->eap_sim_db_timeout = 1;
87 bss->eap_sim_id = 3;
88 bss->ap_max_inactivity = AP_MAX_INACTIVITY;
89 bss->eapol_version = EAPOL_VERSION;
90
91 bss->max_listen_interval = 65535;
92
93 bss->pwd_group = 19; /* ECC: GF(p=256) */
94
95 bss->assoc_sa_query_max_timeout = 1000;
96 bss->assoc_sa_query_retry_timeout = 201;
97 bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
98 #ifdef EAP_SERVER_FAST
99 /* both anonymous and authenticated provisioning */
100 bss->eap_fast_prov = 3;
101 bss->pac_key_lifetime = 7 * 24 * 60 * 60;
102 bss->pac_key_refresh_time = 1 * 24 * 60 * 60;
103 #endif /* EAP_SERVER_FAST */
104
105 /* Set to -1 as defaults depends on HT in setup */
106 bss->wmm_enabled = -1;
107
108 #ifdef CONFIG_IEEE80211R_AP
109 bss->ft_over_ds = 1;
110 bss->rkh_pos_timeout = 86400;
111 bss->rkh_neg_timeout = 60;
112 bss->rkh_pull_timeout = 1000;
113 bss->rkh_pull_retries = 4;
114 bss->r0_key_lifetime = 1209600;
115 #endif /* CONFIG_IEEE80211R_AP */
116
117 bss->radius_das_time_window = 300;
118
119 bss->sae_anti_clogging_threshold = 5;
120 bss->sae_sync = 5;
121
122 bss->gas_frag_limit = 1400;
123
124 #ifdef CONFIG_FILS
125 dl_list_init(&bss->fils_realms);
126 bss->fils_hlp_wait_time = 30;
127 bss->dhcp_server_port = DHCP_SERVER_PORT;
128 bss->dhcp_relay_port = DHCP_SERVER_PORT;
129 #endif /* CONFIG_FILS */
130
131 bss->broadcast_deauth = 1;
132
133 #ifdef CONFIG_MBO
134 bss->mbo_cell_data_conn_pref = -1;
135 #endif /* CONFIG_MBO */
136
137 /* Disable TLS v1.3 by default for now to avoid interoperability issue.
138 * This can be enabled by default once the implementation has been fully
139 * completed and tested with other implementations. */
140 bss->tls_flags = TLS_CONN_DISABLE_TLSv1_3;
141
142 bss->max_auth_rounds = 100;
143 bss->max_auth_rounds_short = 50;
144
145 bss->send_probe_response = 1;
146
147 #ifdef CONFIG_HS20
148 bss->hs20_release = (HS20_VERSION >> 4) + 1;
149 #endif /* CONFIG_HS20 */
150
151 #ifdef CONFIG_MACSEC
152 bss->mka_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
153 bss->macsec_port = 1;
154 #endif /* CONFIG_MACSEC */
155
156 /* Default to strict CRL checking. */
157 bss->check_crl_strict = 1;
158 }
159
160
161 struct hostapd_config * hostapd_config_defaults(void)
162 {
163 #define ecw2cw(ecw) ((1 << (ecw)) - 1)
164
165 struct hostapd_config *conf;
166 struct hostapd_bss_config *bss;
167 const int aCWmin = 4, aCWmax = 10;
168 const struct hostapd_wmm_ac_params ac_bk =
169 { aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
170 const struct hostapd_wmm_ac_params ac_be =
171 { aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
172 const struct hostapd_wmm_ac_params ac_vi = /* video traffic */
173 { aCWmin - 1, aCWmin, 2, 3008 / 32, 0 };
174 const struct hostapd_wmm_ac_params ac_vo = /* voice traffic */
175 { aCWmin - 2, aCWmin - 1, 2, 1504 / 32, 0 };
176 const struct hostapd_tx_queue_params txq_bk =
177 { 7, ecw2cw(aCWmin), ecw2cw(aCWmax), 0 };
178 const struct hostapd_tx_queue_params txq_be =
179 { 3, ecw2cw(aCWmin), 4 * (ecw2cw(aCWmin) + 1) - 1, 0};
180 const struct hostapd_tx_queue_params txq_vi =
181 { 1, (ecw2cw(aCWmin) + 1) / 2 - 1, ecw2cw(aCWmin), 30};
182 const struct hostapd_tx_queue_params txq_vo =
183 { 1, (ecw2cw(aCWmin) + 1) / 4 - 1,
184 (ecw2cw(aCWmin) + 1) / 2 - 1, 15};
185
186 #undef ecw2cw
187
188 conf = os_zalloc(sizeof(*conf));
189 bss = os_zalloc(sizeof(*bss));
190 if (conf == NULL || bss == NULL) {
191 wpa_printf(MSG_ERROR, "Failed to allocate memory for "
192 "configuration data.");
193 os_free(conf);
194 os_free(bss);
195 return NULL;
196 }
197 conf->bss = os_calloc(1, sizeof(struct hostapd_bss_config *));
198 if (conf->bss == NULL) {
199 os_free(conf);
200 os_free(bss);
201 return NULL;
202 }
203 conf->bss[0] = bss;
204
205 bss->radius = os_zalloc(sizeof(*bss->radius));
206 if (bss->radius == NULL) {
207 os_free(conf->bss);
208 os_free(conf);
209 os_free(bss);
210 return NULL;
211 }
212
213 hostapd_config_defaults_bss(bss);
214
215 conf->num_bss = 1;
216
217 conf->beacon_int = 100;
218 conf->rts_threshold = -2; /* use driver default: 2347 */
219 conf->fragm_threshold = -2; /* user driver default: 2346 */
220 /* Set to invalid value means do not add Power Constraint IE */
221 conf->local_pwr_constraint = -1;
222
223 conf->wmm_ac_params[0] = ac_be;
224 conf->wmm_ac_params[1] = ac_bk;
225 conf->wmm_ac_params[2] = ac_vi;
226 conf->wmm_ac_params[3] = ac_vo;
227
228 conf->tx_queue[0] = txq_vo;
229 conf->tx_queue[1] = txq_vi;
230 conf->tx_queue[2] = txq_be;
231 conf->tx_queue[3] = txq_bk;
232
233 conf->ht_capab = HT_CAP_INFO_SMPS_DISABLED;
234
235 conf->ap_table_max_size = 255;
236 conf->ap_table_expiration_time = 60;
237 conf->track_sta_max_age = 180;
238
239 #ifdef CONFIG_TESTING_OPTIONS
240 conf->ignore_probe_probability = 0.0;
241 conf->ignore_auth_probability = 0.0;
242 conf->ignore_assoc_probability = 0.0;
243 conf->ignore_reassoc_probability = 0.0;
244 conf->corrupt_gtk_rekey_mic_probability = 0.0;
245 conf->ecsa_ie_only = 0;
246 #endif /* CONFIG_TESTING_OPTIONS */
247
248 conf->acs = 0;
249 conf->acs_ch_list.num = 0;
250 #ifdef CONFIG_ACS
251 conf->acs_num_scans = 5;
252 #endif /* CONFIG_ACS */
253
254 #ifdef CONFIG_IEEE80211AX
255 conf->he_op.he_rts_threshold = HE_OPERATION_RTS_THRESHOLD_MASK >>
256 HE_OPERATION_RTS_THRESHOLD_OFFSET;
257 /* Set default basic MCS/NSS set to single stream MCS 0-7 */
258 conf->he_op.he_basic_mcs_nss_set = 0xfffc;
259 conf->he_op.he_bss_color_disabled = 1;
260 conf->he_op.he_bss_color_partial = 0;
261 conf->he_op.he_bss_color = 1;
262 #endif /* CONFIG_IEEE80211AX */
263
264 /* The third octet of the country string uses an ASCII space character
265 * by default to indicate that the regulations encompass all
266 * environments for the current frequency band in the country. */
267 conf->country[2] = ' ';
268
269 conf->rssi_reject_assoc_rssi = 0;
270 conf->rssi_reject_assoc_timeout = 30;
271
272 #ifdef CONFIG_AIRTIME_POLICY
273 conf->airtime_update_interval = AIRTIME_DEFAULT_UPDATE_INTERVAL;
274 #endif /* CONFIG_AIRTIME_POLICY */
275
276 return conf;
277 }
278
279
280 int hostapd_mac_comp(const void *a, const void *b)
281 {
282 return os_memcmp(a, b, sizeof(macaddr));
283 }
284
285
286 static int hostapd_config_read_wpa_psk(const char *fname,
287 struct hostapd_ssid *ssid)
288 {
289 FILE *f;
290 char buf[128], *pos;
291 const char *keyid;
292 char *context;
293 char *context2;
294 char *token;
295 char *name;
296 char *value;
297 int line = 0, ret = 0, len, ok;
298 u8 addr[ETH_ALEN];
299 struct hostapd_wpa_psk *psk;
300
301 if (!fname)
302 return 0;
303
304 f = fopen(fname, "r");
305 if (!f) {
306 wpa_printf(MSG_ERROR, "WPA PSK file '%s' not found.", fname);
307 return -1;
308 }
309
310 while (fgets(buf, sizeof(buf), f)) {
311 int vlan_id = 0;
312 int wps = 0;
313
314 line++;
315
316 if (buf[0] == '#')
317 continue;
318 pos = buf;
319 while (*pos != '\0') {
320 if (*pos == '\n') {
321 *pos = '\0';
322 break;
323 }
324 pos++;
325 }
326 if (buf[0] == '\0')
327 continue;
328
329 context = NULL;
330 keyid = NULL;
331 while ((token = str_token(buf, " ", &context))) {
332 if (!os_strchr(token, '='))
333 break;
334 context2 = NULL;
335 name = str_token(token, "=", &context2);
336 if (!name)
337 break;
338 value = str_token(token, "", &context2);
339 if (!value)
340 value = "";
341 if (!os_strcmp(name, "keyid")) {
342 keyid = value;
343 } else if (!os_strcmp(name, "wps")) {
344 wps = atoi(value);
345 } else if (!os_strcmp(name, "vlanid")) {
346 vlan_id = atoi(value);
347 } else {
348 wpa_printf(MSG_ERROR,
349 "Unrecognized '%s=%s' on line %d in '%s'",
350 name, value, line, fname);
351 ret = -1;
352 break;
353 }
354 }
355
356 if (ret == -1)
357 break;
358
359 if (!token)
360 token = "";
361 if (hwaddr_aton(token, addr)) {
362 wpa_printf(MSG_ERROR,
363 "Invalid MAC address '%s' on line %d in '%s'",
364 token, line, fname);
365 ret = -1;
366 break;
367 }
368
369 psk = os_zalloc(sizeof(*psk));
370 if (psk == NULL) {
371 wpa_printf(MSG_ERROR, "WPA PSK allocation failed");
372 ret = -1;
373 break;
374 }
375 psk->vlan_id = vlan_id;
376 if (is_zero_ether_addr(addr))
377 psk->group = 1;
378 else
379 os_memcpy(psk->addr, addr, ETH_ALEN);
380
381 pos = str_token(buf, "", &context);
382 if (!pos) {
383 wpa_printf(MSG_ERROR, "No PSK on line %d in '%s'",
384 line, fname);
385 os_free(psk);
386 ret = -1;
387 break;
388 }
389
390 ok = 0;
391 len = os_strlen(pos);
392 if (len == 2 * PMK_LEN &&
393 hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
394 ok = 1;
395 else if (len >= 8 && len < 64 &&
396 pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
397 4096, psk->psk, PMK_LEN) == 0)
398 ok = 1;
399 if (!ok) {
400 wpa_printf(MSG_ERROR,
401 "Invalid PSK '%s' on line %d in '%s'",
402 pos, line, fname);
403 os_free(psk);
404 ret = -1;
405 break;
406 }
407
408 if (keyid) {
409 len = os_strlcpy(psk->keyid, keyid, sizeof(psk->keyid));
410 if ((size_t) len >= sizeof(psk->keyid)) {
411 wpa_printf(MSG_ERROR,
412 "PSK keyid too long on line %d in '%s'",
413 line, fname);
414 os_free(psk);
415 ret = -1;
416 break;
417 }
418 }
419
420 psk->wps = wps;
421
422 psk->next = ssid->wpa_psk;
423 ssid->wpa_psk = psk;
424 }
425
426 fclose(f);
427
428 return ret;
429 }
430
431
432 static int hostapd_derive_psk(struct hostapd_ssid *ssid)
433 {
434 ssid->wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
435 if (ssid->wpa_psk == NULL) {
436 wpa_printf(MSG_ERROR, "Unable to alloc space for PSK");
437 return -1;
438 }
439 wpa_hexdump_ascii(MSG_DEBUG, "SSID",
440 (u8 *) ssid->ssid, ssid->ssid_len);
441 wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)",
442 (u8 *) ssid->wpa_passphrase,
443 os_strlen(ssid->wpa_passphrase));
444 pbkdf2_sha1(ssid->wpa_passphrase,
445 ssid->ssid, ssid->ssid_len,
446 4096, ssid->wpa_psk->psk, PMK_LEN);
447 wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)",
448 ssid->wpa_psk->psk, PMK_LEN);
449 return 0;
450 }
451
452
453 int hostapd_setup_sae_pt(struct hostapd_bss_config *conf)
454 {
455 #ifdef CONFIG_SAE
456 struct hostapd_ssid *ssid = &conf->ssid;
457 struct sae_password_entry *pw;
458
459 if ((conf->sae_pwe == 0 && !hostapd_sae_pw_id_in_use(conf)) ||
460 conf->sae_pwe == 3 ||
461 !wpa_key_mgmt_sae(conf->wpa_key_mgmt))
462 return 0; /* PT not needed */
463
464 sae_deinit_pt(ssid->pt);
465 ssid->pt = NULL;
466 if (ssid->wpa_passphrase) {
467 ssid->pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
468 ssid->ssid_len,
469 (const u8 *) ssid->wpa_passphrase,
470 os_strlen(ssid->wpa_passphrase),
471 NULL);
472 if (!ssid->pt)
473 return -1;
474 }
475
476 for (pw = conf->sae_passwords; pw; pw = pw->next) {
477 sae_deinit_pt(pw->pt);
478 pw->pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
479 ssid->ssid_len,
480 (const u8 *) pw->password,
481 os_strlen(pw->password),
482 pw->identifier);
483 if (!pw->pt)
484 return -1;
485 }
486 #endif /* CONFIG_SAE */
487
488 return 0;
489 }
490
491
492 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
493 {
494 struct hostapd_ssid *ssid = &conf->ssid;
495
496 if (hostapd_setup_sae_pt(conf) < 0)
497 return -1;
498
499 if (ssid->wpa_passphrase != NULL) {
500 if (ssid->wpa_psk != NULL) {
501 wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK "
502 "instead of passphrase");
503 } else {
504 wpa_printf(MSG_DEBUG, "Deriving WPA PSK based on "
505 "passphrase");
506 if (hostapd_derive_psk(ssid) < 0)
507 return -1;
508 }
509 ssid->wpa_psk->group = 1;
510 }
511
512 return hostapd_config_read_wpa_psk(ssid->wpa_psk_file, &conf->ssid);
513 }
514
515
516 static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
517 int num_servers)
518 {
519 int i;
520
521 for (i = 0; i < num_servers; i++) {
522 os_free(servers[i].shared_secret);
523 }
524 os_free(servers);
525 }
526
527
528 struct hostapd_radius_attr *
529 hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type)
530 {
531 for (; attr; attr = attr->next) {
532 if (attr->type == type)
533 return attr;
534 }
535 return NULL;
536 }
537
538
539 struct hostapd_radius_attr * hostapd_parse_radius_attr(const char *value)
540 {
541 const char *pos;
542 char syntax;
543 struct hostapd_radius_attr *attr;
544 size_t len;
545
546 attr = os_zalloc(sizeof(*attr));
547 if (!attr)
548 return NULL;
549
550 attr->type = atoi(value);
551
552 pos = os_strchr(value, ':');
553 if (!pos) {
554 attr->val = wpabuf_alloc(1);
555 if (!attr->val) {
556 os_free(attr);
557 return NULL;
558 }
559 wpabuf_put_u8(attr->val, 0);
560 return attr;
561 }
562
563 pos++;
564 if (pos[0] == '\0' || pos[1] != ':') {
565 os_free(attr);
566 return NULL;
567 }
568 syntax = *pos++;
569 pos++;
570
571 switch (syntax) {
572 case 's':
573 attr->val = wpabuf_alloc_copy(pos, os_strlen(pos));
574 break;
575 case 'x':
576 len = os_strlen(pos);
577 if (len & 1)
578 break;
579 len /= 2;
580 attr->val = wpabuf_alloc(len);
581 if (!attr->val)
582 break;
583 if (hexstr2bin(pos, wpabuf_put(attr->val, len), len) < 0) {
584 wpabuf_free(attr->val);
585 os_free(attr);
586 return NULL;
587 }
588 break;
589 case 'd':
590 attr->val = wpabuf_alloc(4);
591 if (attr->val)
592 wpabuf_put_be32(attr->val, atoi(pos));
593 break;
594 default:
595 os_free(attr);
596 return NULL;
597 }
598
599 if (!attr->val) {
600 os_free(attr);
601 return NULL;
602 }
603
604 return attr;
605 }
606
607
608 void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr)
609 {
610 struct hostapd_radius_attr *prev;
611
612 while (attr) {
613 prev = attr;
614 attr = attr->next;
615 wpabuf_free(prev->val);
616 os_free(prev);
617 }
618 }
619
620
621 void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
622 {
623 hostapd_config_free_radius_attr(user->accept_attr);
624 os_free(user->identity);
625 bin_clear_free(user->password, user->password_len);
626 bin_clear_free(user->salt, user->salt_len);
627 os_free(user);
628 }
629
630
631 void hostapd_config_free_eap_users(struct hostapd_eap_user *user)
632 {
633 struct hostapd_eap_user *prev_user;
634
635 while (user) {
636 prev_user = user;
637 user = user->next;
638 hostapd_config_free_eap_user(prev_user);
639 }
640 }
641
642
643 #ifdef CONFIG_WEP
644 static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
645 {
646 int i;
647 for (i = 0; i < NUM_WEP_KEYS; i++) {
648 bin_clear_free(keys->key[i], keys->len[i]);
649 keys->key[i] = NULL;
650 }
651 }
652 #endif /* CONFIG_WEP */
653
654
655 void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **l)
656 {
657 struct hostapd_wpa_psk *psk, *tmp;
658
659 for (psk = *l; psk;) {
660 tmp = psk;
661 psk = psk->next;
662 bin_clear_free(tmp, sizeof(*tmp));
663 }
664 *l = NULL;
665 }
666
667
668 static void hostapd_config_free_anqp_elem(struct hostapd_bss_config *conf)
669 {
670 struct anqp_element *elem;
671
672 while ((elem = dl_list_first(&conf->anqp_elem, struct anqp_element,
673 list))) {
674 dl_list_del(&elem->list);
675 wpabuf_free(elem->payload);
676 os_free(elem);
677 }
678 }
679
680
681 static void hostapd_config_free_fils_realms(struct hostapd_bss_config *conf)
682 {
683 #ifdef CONFIG_FILS
684 struct fils_realm *realm;
685
686 while ((realm = dl_list_first(&conf->fils_realms, struct fils_realm,
687 list))) {
688 dl_list_del(&realm->list);
689 os_free(realm);
690 }
691 #endif /* CONFIG_FILS */
692 }
693
694
695 static void hostapd_config_free_sae_passwords(struct hostapd_bss_config *conf)
696 {
697 struct sae_password_entry *pw, *tmp;
698
699 pw = conf->sae_passwords;
700 conf->sae_passwords = NULL;
701 while (pw) {
702 tmp = pw;
703 pw = pw->next;
704 str_clear_free(tmp->password);
705 os_free(tmp->identifier);
706 #ifdef CONFIG_SAE
707 sae_deinit_pt(tmp->pt);
708 #endif /* CONFIG_SAE */
709 os_free(tmp);
710 }
711 }
712
713
714 #ifdef CONFIG_DPP2
715 static void hostapd_dpp_controller_conf_free(struct dpp_controller_conf *conf)
716 {
717 struct dpp_controller_conf *prev;
718
719 while (conf) {
720 prev = conf;
721 conf = conf->next;
722 os_free(prev);
723 }
724 }
725 #endif /* CONFIG_DPP2 */
726
727
728 void hostapd_config_free_bss(struct hostapd_bss_config *conf)
729 {
730 #if defined(CONFIG_WPS) || defined(CONFIG_HS20)
731 size_t i;
732 #endif
733
734 if (conf == NULL)
735 return;
736
737 hostapd_config_clear_wpa_psk(&conf->ssid.wpa_psk);
738
739 str_clear_free(conf->ssid.wpa_passphrase);
740 os_free(conf->ssid.wpa_psk_file);
741 #ifdef CONFIG_WEP
742 hostapd_config_free_wep(&conf->ssid.wep);
743 #endif /* CONFIG_WEP */
744 #ifdef CONFIG_FULL_DYNAMIC_VLAN
745 os_free(conf->ssid.vlan_tagged_interface);
746 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
747 #ifdef CONFIG_SAE
748 sae_deinit_pt(conf->ssid.pt);
749 #endif /* CONFIG_SAE */
750
751 hostapd_config_free_eap_users(conf->eap_user);
752 os_free(conf->eap_user_sqlite);
753
754 os_free(conf->eap_req_id_text);
755 os_free(conf->erp_domain);
756 os_free(conf->accept_mac);
757 os_free(conf->deny_mac);
758 os_free(conf->nas_identifier);
759 if (conf->radius) {
760 hostapd_config_free_radius(conf->radius->auth_servers,
761 conf->radius->num_auth_servers);
762 hostapd_config_free_radius(conf->radius->acct_servers,
763 conf->radius->num_acct_servers);
764 }
765 hostapd_config_free_radius_attr(conf->radius_auth_req_attr);
766 hostapd_config_free_radius_attr(conf->radius_acct_req_attr);
767 os_free(conf->radius_req_attr_sqlite);
768 os_free(conf->rsn_preauth_interfaces);
769 os_free(conf->ctrl_interface);
770 os_free(conf->ca_cert);
771 os_free(conf->server_cert);
772 os_free(conf->server_cert2);
773 os_free(conf->private_key);
774 os_free(conf->private_key2);
775 os_free(conf->private_key_passwd);
776 os_free(conf->private_key_passwd2);
777 os_free(conf->check_cert_subject);
778 os_free(conf->ocsp_stapling_response);
779 os_free(conf->ocsp_stapling_response_multi);
780 os_free(conf->dh_file);
781 os_free(conf->openssl_ciphers);
782 os_free(conf->openssl_ecdh_curves);
783 os_free(conf->pac_opaque_encr_key);
784 os_free(conf->eap_fast_a_id);
785 os_free(conf->eap_fast_a_id_info);
786 os_free(conf->eap_sim_db);
787 os_free(conf->radius_server_clients);
788 os_free(conf->radius);
789 os_free(conf->radius_das_shared_secret);
790 hostapd_config_free_vlan(conf);
791 os_free(conf->time_zone);
792
793 #ifdef CONFIG_IEEE80211R_AP
794 {
795 struct ft_remote_r0kh *r0kh, *r0kh_prev;
796 struct ft_remote_r1kh *r1kh, *r1kh_prev;
797
798 r0kh = conf->r0kh_list;
799 conf->r0kh_list = NULL;
800 while (r0kh) {
801 r0kh_prev = r0kh;
802 r0kh = r0kh->next;
803 os_free(r0kh_prev);
804 }
805
806 r1kh = conf->r1kh_list;
807 conf->r1kh_list = NULL;
808 while (r1kh) {
809 r1kh_prev = r1kh;
810 r1kh = r1kh->next;
811 os_free(r1kh_prev);
812 }
813 }
814 #endif /* CONFIG_IEEE80211R_AP */
815
816 #ifdef CONFIG_WPS
817 os_free(conf->wps_pin_requests);
818 os_free(conf->device_name);
819 os_free(conf->manufacturer);
820 os_free(conf->model_name);
821 os_free(conf->model_number);
822 os_free(conf->serial_number);
823 os_free(conf->config_methods);
824 os_free(conf->ap_pin);
825 os_free(conf->extra_cred);
826 os_free(conf->ap_settings);
827 hostapd_config_clear_wpa_psk(&conf->multi_ap_backhaul_ssid.wpa_psk);
828 str_clear_free(conf->multi_ap_backhaul_ssid.wpa_passphrase);
829 os_free(conf->upnp_iface);
830 os_free(conf->friendly_name);
831 os_free(conf->manufacturer_url);
832 os_free(conf->model_description);
833 os_free(conf->model_url);
834 os_free(conf->upc);
835 for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++)
836 wpabuf_free(conf->wps_vendor_ext[i]);
837 wpabuf_free(conf->wps_application_ext);
838 wpabuf_free(conf->wps_nfc_dh_pubkey);
839 wpabuf_free(conf->wps_nfc_dh_privkey);
840 wpabuf_free(conf->wps_nfc_dev_pw);
841 #endif /* CONFIG_WPS */
842
843 os_free(conf->roaming_consortium);
844 os_free(conf->venue_name);
845 os_free(conf->venue_url);
846 os_free(conf->nai_realm_data);
847 os_free(conf->network_auth_type);
848 os_free(conf->anqp_3gpp_cell_net);
849 os_free(conf->domain_name);
850 hostapd_config_free_anqp_elem(conf);
851
852 #ifdef CONFIG_RADIUS_TEST
853 os_free(conf->dump_msk_file);
854 #endif /* CONFIG_RADIUS_TEST */
855
856 #ifdef CONFIG_HS20
857 os_free(conf->hs20_oper_friendly_name);
858 os_free(conf->hs20_wan_metrics);
859 os_free(conf->hs20_connection_capability);
860 os_free(conf->hs20_operating_class);
861 os_free(conf->hs20_icons);
862 if (conf->hs20_osu_providers) {
863 for (i = 0; i < conf->hs20_osu_providers_count; i++) {
864 struct hs20_osu_provider *p;
865 size_t j;
866 p = &conf->hs20_osu_providers[i];
867 os_free(p->friendly_name);
868 os_free(p->server_uri);
869 os_free(p->method_list);
870 for (j = 0; j < p->icons_count; j++)
871 os_free(p->icons[j]);
872 os_free(p->icons);
873 os_free(p->osu_nai);
874 os_free(p->osu_nai2);
875 os_free(p->service_desc);
876 }
877 os_free(conf->hs20_osu_providers);
878 }
879 if (conf->hs20_operator_icon) {
880 for (i = 0; i < conf->hs20_operator_icon_count; i++)
881 os_free(conf->hs20_operator_icon[i]);
882 os_free(conf->hs20_operator_icon);
883 }
884 os_free(conf->subscr_remediation_url);
885 os_free(conf->hs20_sim_provisioning_url);
886 os_free(conf->t_c_filename);
887 os_free(conf->t_c_server_url);
888 #endif /* CONFIG_HS20 */
889
890 wpabuf_free(conf->vendor_elements);
891 wpabuf_free(conf->assocresp_elements);
892
893 os_free(conf->sae_groups);
894 #ifdef CONFIG_OWE
895 os_free(conf->owe_groups);
896 #endif /* CONFIG_OWE */
897
898 os_free(conf->wowlan_triggers);
899
900 os_free(conf->server_id);
901
902 #ifdef CONFIG_TESTING_OPTIONS
903 wpabuf_free(conf->own_ie_override);
904 wpabuf_free(conf->sae_commit_override);
905 wpabuf_free(conf->rsne_override_eapol);
906 wpabuf_free(conf->rsnxe_override_eapol);
907 wpabuf_free(conf->rsne_override_ft);
908 wpabuf_free(conf->rsnxe_override_ft);
909 wpabuf_free(conf->gtk_rsc_override);
910 wpabuf_free(conf->igtk_rsc_override);
911 #endif /* CONFIG_TESTING_OPTIONS */
912
913 os_free(conf->no_probe_resp_if_seen_on);
914 os_free(conf->no_auth_if_seen_on);
915
916 hostapd_config_free_fils_realms(conf);
917
918 #ifdef CONFIG_DPP
919 os_free(conf->dpp_name);
920 os_free(conf->dpp_mud_url);
921 os_free(conf->dpp_connector);
922 wpabuf_free(conf->dpp_netaccesskey);
923 wpabuf_free(conf->dpp_csign);
924 #ifdef CONFIG_DPP2
925 hostapd_dpp_controller_conf_free(conf->dpp_controller);
926 #endif /* CONFIG_DPP2 */
927 #endif /* CONFIG_DPP */
928
929 hostapd_config_free_sae_passwords(conf);
930
931 #ifdef CONFIG_AIRTIME_POLICY
932 {
933 struct airtime_sta_weight *wt, *wt_prev;
934
935 wt = conf->airtime_weight_list;
936 conf->airtime_weight_list = NULL;
937 while (wt) {
938 wt_prev = wt;
939 wt = wt->next;
940 os_free(wt_prev);
941 }
942 }
943 #endif /* CONFIG_AIRTIME_POLICY */
944
945 os_free(conf);
946 }
947
948
949 /**
950 * hostapd_config_free - Free hostapd configuration
951 * @conf: Configuration data from hostapd_config_read().
952 */
953 void hostapd_config_free(struct hostapd_config *conf)
954 {
955 size_t i;
956
957 if (conf == NULL)
958 return;
959
960 for (i = 0; i < conf->num_bss; i++)
961 hostapd_config_free_bss(conf->bss[i]);
962 os_free(conf->bss);
963 os_free(conf->supported_rates);
964 os_free(conf->basic_rates);
965 os_free(conf->acs_ch_list.range);
966 os_free(conf->acs_freq_list.range);
967 os_free(conf->driver_params);
968 #ifdef CONFIG_ACS
969 os_free(conf->acs_chan_bias);
970 #endif /* CONFIG_ACS */
971 wpabuf_free(conf->lci);
972 wpabuf_free(conf->civic);
973
974 os_free(conf);
975 }
976
977
978 /**
979 * hostapd_maclist_found - Find a MAC address from a list
980 * @list: MAC address list
981 * @num_entries: Number of addresses in the list
982 * @addr: Address to search for
983 * @vlan_id: Buffer for returning VLAN ID or %NULL if not needed
984 * Returns: 1 if address is in the list or 0 if not.
985 *
986 * Perform a binary search for given MAC address from a pre-sorted list.
987 */
988 int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
989 const u8 *addr, struct vlan_description *vlan_id)
990 {
991 int start, end, middle, res;
992
993 start = 0;
994 end = num_entries - 1;
995
996 while (start <= end) {
997 middle = (start + end) / 2;
998 res = os_memcmp(list[middle].addr, addr, ETH_ALEN);
999 if (res == 0) {
1000 if (vlan_id)
1001 *vlan_id = list[middle].vlan_id;
1002 return 1;
1003 }
1004 if (res < 0)
1005 start = middle + 1;
1006 else
1007 end = middle - 1;
1008 }
1009
1010 return 0;
1011 }
1012
1013
1014 int hostapd_rate_found(int *list, int rate)
1015 {
1016 int i;
1017
1018 if (list == NULL)
1019 return 0;
1020
1021 for (i = 0; list[i] >= 0; i++)
1022 if (list[i] == rate)
1023 return 1;
1024
1025 return 0;
1026 }
1027
1028
1029 int hostapd_vlan_valid(struct hostapd_vlan *vlan,
1030 struct vlan_description *vlan_desc)
1031 {
1032 struct hostapd_vlan *v = vlan;
1033 int i;
1034
1035 if (!vlan_desc->notempty || vlan_desc->untagged < 0 ||
1036 vlan_desc->untagged > MAX_VLAN_ID)
1037 return 0;
1038 for (i = 0; i < MAX_NUM_TAGGED_VLAN; i++) {
1039 if (vlan_desc->tagged[i] < 0 ||
1040 vlan_desc->tagged[i] > MAX_VLAN_ID)
1041 return 0;
1042 }
1043 if (!vlan_desc->untagged && !vlan_desc->tagged[0])
1044 return 0;
1045
1046 while (v) {
1047 if (!vlan_compare(&v->vlan_desc, vlan_desc) ||
1048 v->vlan_id == VLAN_ID_WILDCARD)
1049 return 1;
1050 v = v->next;
1051 }
1052 return 0;
1053 }
1054
1055
1056 const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
1057 {
1058 struct hostapd_vlan *v = vlan;
1059 while (v) {
1060 if (v->vlan_id == vlan_id)
1061 return v->ifname;
1062 v = v->next;
1063 }
1064 return NULL;
1065 }
1066
1067
1068 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
1069 const u8 *addr, const u8 *p2p_dev_addr,
1070 const u8 *prev_psk, int *vlan_id)
1071 {
1072 struct hostapd_wpa_psk *psk;
1073 int next_ok = prev_psk == NULL;
1074
1075 if (vlan_id)
1076 *vlan_id = 0;
1077
1078 if (p2p_dev_addr && !is_zero_ether_addr(p2p_dev_addr)) {
1079 wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
1080 " p2p_dev_addr=" MACSTR " prev_psk=%p",
1081 MAC2STR(addr), MAC2STR(p2p_dev_addr), prev_psk);
1082 addr = NULL; /* Use P2P Device Address for matching */
1083 } else {
1084 wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
1085 " prev_psk=%p",
1086 MAC2STR(addr), prev_psk);
1087 }
1088
1089 for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
1090 if (next_ok &&
1091 (psk->group ||
1092 (addr && os_memcmp(psk->addr, addr, ETH_ALEN) == 0) ||
1093 (!addr && p2p_dev_addr &&
1094 os_memcmp(psk->p2p_dev_addr, p2p_dev_addr, ETH_ALEN) ==
1095 0))) {
1096 if (vlan_id)
1097 *vlan_id = psk->vlan_id;
1098 return psk->psk;
1099 }
1100
1101 if (psk->psk == prev_psk)
1102 next_ok = 1;
1103 }
1104
1105 return NULL;
1106 }
1107
1108
1109 static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
1110 struct hostapd_config *conf,
1111 int full_config)
1112 {
1113 if (full_config && bss->ieee802_1x && !bss->eap_server &&
1114 !bss->radius->auth_servers) {
1115 wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no "
1116 "EAP authenticator configured).");
1117 return -1;
1118 }
1119
1120 #ifdef CONFIG_WEP
1121 if (bss->wpa) {
1122 int wep, i;
1123
1124 wep = bss->default_wep_key_len > 0 ||
1125 bss->individual_wep_key_len > 0;
1126 for (i = 0; i < NUM_WEP_KEYS; i++) {
1127 if (bss->ssid.wep.keys_set) {
1128 wep = 1;
1129 break;
1130 }
1131 }
1132
1133 if (wep) {
1134 wpa_printf(MSG_ERROR, "WEP configuration in a WPA network is not supported");
1135 return -1;
1136 }
1137 }
1138 #endif /* CONFIG_WEP */
1139
1140 if (full_config && bss->wpa &&
1141 bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
1142 bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
1143 wpa_printf(MSG_ERROR, "WPA-PSK using RADIUS enabled, but no "
1144 "RADIUS checking (macaddr_acl=2) enabled.");
1145 return -1;
1146 }
1147
1148 if (full_config && bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
1149 bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
1150 bss->ssid.wpa_psk_file == NULL &&
1151 (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED ||
1152 bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) {
1153 wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase "
1154 "is not configured.");
1155 return -1;
1156 }
1157
1158 if (full_config && !is_zero_ether_addr(bss->bssid)) {
1159 size_t i;
1160
1161 for (i = 0; i < conf->num_bss; i++) {
1162 if (conf->bss[i] != bss &&
1163 (hostapd_mac_comp(conf->bss[i]->bssid,
1164 bss->bssid) == 0)) {
1165 wpa_printf(MSG_ERROR, "Duplicate BSSID " MACSTR
1166 " on interface '%s' and '%s'.",
1167 MAC2STR(bss->bssid),
1168 conf->bss[i]->iface, bss->iface);
1169 return -1;
1170 }
1171 }
1172 }
1173
1174 #ifdef CONFIG_IEEE80211R_AP
1175 if (full_config && wpa_key_mgmt_ft(bss->wpa_key_mgmt) &&
1176 (bss->nas_identifier == NULL ||
1177 os_strlen(bss->nas_identifier) < 1 ||
1178 os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) {
1179 wpa_printf(MSG_ERROR, "FT (IEEE 802.11r) requires "
1180 "nas_identifier to be configured as a 1..48 octet "
1181 "string");
1182 return -1;
1183 }
1184 #endif /* CONFIG_IEEE80211R_AP */
1185
1186 if (full_config && conf->ieee80211n &&
1187 conf->hw_mode == HOSTAPD_MODE_IEEE80211B) {
1188 bss->disable_11n = 1;
1189 wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) in 11b mode is not "
1190 "allowed, disabling HT capabilities");
1191 }
1192
1193 #ifdef CONFIG_WEP
1194 if (full_config && conf->ieee80211n &&
1195 bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1196 bss->disable_11n = 1;
1197 wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not "
1198 "allowed, disabling HT capabilities");
1199 }
1200 #endif /* CONFIG_WEP */
1201
1202 if (full_config && conf->ieee80211n && bss->wpa &&
1203 !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1204 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1205 WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1206 {
1207 bss->disable_11n = 1;
1208 wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 "
1209 "requires CCMP/GCMP to be enabled, disabling HT "
1210 "capabilities");
1211 }
1212
1213 #ifdef CONFIG_IEEE80211AC
1214 #ifdef CONFIG_WEP
1215 if (full_config && conf->ieee80211ac &&
1216 bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1217 bss->disable_11ac = 1;
1218 wpa_printf(MSG_ERROR,
1219 "VHT (IEEE 802.11ac) with WEP is not allowed, disabling VHT capabilities");
1220 }
1221 #endif /* CONFIG_WEP */
1222
1223 if (full_config && conf->ieee80211ac && bss->wpa &&
1224 !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1225 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1226 WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1227 {
1228 bss->disable_11ac = 1;
1229 wpa_printf(MSG_ERROR,
1230 "VHT (IEEE 802.11ac) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling VHT capabilities");
1231 }
1232 #endif /* CONFIG_IEEE80211AC */
1233
1234 #ifdef CONFIG_WPS
1235 if (full_config && bss->wps_state && bss->ignore_broadcast_ssid) {
1236 wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid "
1237 "configuration forced WPS to be disabled");
1238 bss->wps_state = 0;
1239 }
1240
1241 #ifdef CONFIG_WEP
1242 if (full_config && bss->wps_state &&
1243 bss->ssid.wep.keys_set && bss->wpa == 0) {
1244 wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be "
1245 "disabled");
1246 bss->wps_state = 0;
1247 }
1248 #endif /* CONFIG_WEP */
1249
1250 if (full_config && bss->wps_state && bss->wpa &&
1251 (!(bss->wpa & 2) ||
1252 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1253 WPA_CIPHER_CCMP_256 |
1254 WPA_CIPHER_GCMP_256)))) {
1255 wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without "
1256 "WPA2/CCMP/GCMP forced WPS to be disabled");
1257 bss->wps_state = 0;
1258 }
1259 #endif /* CONFIG_WPS */
1260
1261 #ifdef CONFIG_HS20
1262 if (full_config && bss->hs20 &&
1263 (!(bss->wpa & 2) ||
1264 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1265 WPA_CIPHER_CCMP_256 |
1266 WPA_CIPHER_GCMP_256)))) {
1267 wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP "
1268 "configuration is required for Hotspot 2.0 "
1269 "functionality");
1270 return -1;
1271 }
1272 #endif /* CONFIG_HS20 */
1273
1274 #ifdef CONFIG_MBO
1275 if (full_config && bss->mbo_enabled && (bss->wpa & 2) &&
1276 bss->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
1277 wpa_printf(MSG_ERROR,
1278 "MBO: PMF needs to be enabled whenever using WPA2 with MBO");
1279 return -1;
1280 }
1281 #endif /* CONFIG_MBO */
1282
1283 #ifdef CONFIG_OCV
1284 if (full_config && bss->ieee80211w == NO_MGMT_FRAME_PROTECTION &&
1285 bss->ocv) {
1286 wpa_printf(MSG_ERROR,
1287 "OCV: PMF needs to be enabled whenever using OCV");
1288 return -1;
1289 }
1290 #endif /* CONFIG_OCV */
1291
1292 return 0;
1293 }
1294
1295
1296 static int hostapd_config_check_cw(struct hostapd_config *conf, int queue)
1297 {
1298 int tx_cwmin = conf->tx_queue[queue].cwmin;
1299 int tx_cwmax = conf->tx_queue[queue].cwmax;
1300 int ac_cwmin = conf->wmm_ac_params[queue].cwmin;
1301 int ac_cwmax = conf->wmm_ac_params[queue].cwmax;
1302
1303 if (tx_cwmin > tx_cwmax) {
1304 wpa_printf(MSG_ERROR,
1305 "Invalid TX queue cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1306 tx_cwmin, tx_cwmax);
1307 return -1;
1308 }
1309 if (ac_cwmin > ac_cwmax) {
1310 wpa_printf(MSG_ERROR,
1311 "Invalid WMM AC cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1312 ac_cwmin, ac_cwmax);
1313 return -1;
1314 }
1315 return 0;
1316 }
1317
1318
1319 int hostapd_config_check(struct hostapd_config *conf, int full_config)
1320 {
1321 size_t i;
1322
1323 if (full_config && conf->ieee80211d &&
1324 (!conf->country[0] || !conf->country[1])) {
1325 wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11d without "
1326 "setting the country_code");
1327 return -1;
1328 }
1329
1330 if (full_config && conf->ieee80211h && !conf->ieee80211d) {
1331 wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11h without "
1332 "IEEE 802.11d enabled");
1333 return -1;
1334 }
1335
1336 if (full_config && conf->local_pwr_constraint != -1 &&
1337 !conf->ieee80211d) {
1338 wpa_printf(MSG_ERROR, "Cannot add Power Constraint element without Country element");
1339 return -1;
1340 }
1341
1342 if (full_config && conf->spectrum_mgmt_required &&
1343 conf->local_pwr_constraint == -1) {
1344 wpa_printf(MSG_ERROR, "Cannot set Spectrum Management bit without Country and Power Constraint elements");
1345 return -1;
1346 }
1347
1348 #ifdef CONFIG_AIRTIME_POLICY
1349 if (full_config && conf->airtime_mode > AIRTIME_MODE_STATIC &&
1350 !conf->airtime_update_interval) {
1351 wpa_printf(MSG_ERROR, "Airtime update interval cannot be zero");
1352 return -1;
1353 }
1354 #endif /* CONFIG_AIRTIME_POLICY */
1355 for (i = 0; i < NUM_TX_QUEUES; i++) {
1356 if (hostapd_config_check_cw(conf, i))
1357 return -1;
1358 }
1359
1360 for (i = 0; i < conf->num_bss; i++) {
1361 if (hostapd_config_check_bss(conf->bss[i], conf, full_config))
1362 return -1;
1363 }
1364
1365 return 0;
1366 }
1367
1368
1369 void hostapd_set_security_params(struct hostapd_bss_config *bss,
1370 int full_config)
1371 {
1372 #ifdef CONFIG_WEP
1373 if (bss->individual_wep_key_len == 0) {
1374 /* individual keys are not use; can use key idx0 for
1375 * broadcast keys */
1376 bss->broadcast_key_idx_min = 0;
1377 }
1378 #endif /* CONFIG_WEP */
1379
1380 if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
1381 bss->rsn_pairwise = bss->wpa_pairwise;
1382 if (bss->group_cipher)
1383 bss->wpa_group = bss->group_cipher;
1384 else
1385 bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
1386 bss->wpa_pairwise,
1387 bss->rsn_pairwise);
1388 if (!bss->wpa_group_rekey_set)
1389 bss->wpa_group_rekey = bss->wpa_group == WPA_CIPHER_TKIP ?
1390 600 : 86400;
1391
1392 if (full_config) {
1393 bss->radius->auth_server = bss->radius->auth_servers;
1394 bss->radius->acct_server = bss->radius->acct_servers;
1395 }
1396
1397 if (bss->wpa && bss->ieee802_1x) {
1398 bss->ssid.security_policy = SECURITY_WPA;
1399 } else if (bss->wpa) {
1400 bss->ssid.security_policy = SECURITY_WPA_PSK;
1401 } else if (bss->ieee802_1x) {
1402 int cipher = WPA_CIPHER_NONE;
1403 bss->ssid.security_policy = SECURITY_IEEE_802_1X;
1404 #ifdef CONFIG_WEP
1405 bss->ssid.wep.default_len = bss->default_wep_key_len;
1406 if (full_config && bss->default_wep_key_len) {
1407 cipher = bss->default_wep_key_len >= 13 ?
1408 WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
1409 } else if (full_config && bss->ssid.wep.keys_set) {
1410 if (bss->ssid.wep.len[0] >= 13)
1411 cipher = WPA_CIPHER_WEP104;
1412 else
1413 cipher = WPA_CIPHER_WEP40;
1414 }
1415 #endif /* CONFIG_WEP */
1416 bss->wpa_group = cipher;
1417 bss->wpa_pairwise = cipher;
1418 bss->rsn_pairwise = cipher;
1419 if (full_config)
1420 bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
1421 #ifdef CONFIG_WEP
1422 } else if (bss->ssid.wep.keys_set) {
1423 int cipher = WPA_CIPHER_WEP40;
1424 if (bss->ssid.wep.len[0] >= 13)
1425 cipher = WPA_CIPHER_WEP104;
1426 bss->ssid.security_policy = SECURITY_STATIC_WEP;
1427 bss->wpa_group = cipher;
1428 bss->wpa_pairwise = cipher;
1429 bss->rsn_pairwise = cipher;
1430 if (full_config)
1431 bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1432 #endif /* CONFIG_WEP */
1433 } else if (bss->osen) {
1434 bss->ssid.security_policy = SECURITY_OSEN;
1435 bss->wpa_group = WPA_CIPHER_CCMP;
1436 bss->wpa_pairwise = 0;
1437 bss->rsn_pairwise = WPA_CIPHER_CCMP;
1438 } else {
1439 bss->ssid.security_policy = SECURITY_PLAINTEXT;
1440 if (full_config) {
1441 bss->wpa_group = WPA_CIPHER_NONE;
1442 bss->wpa_pairwise = WPA_CIPHER_NONE;
1443 bss->rsn_pairwise = WPA_CIPHER_NONE;
1444 bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1445 }
1446 }
1447 }
1448
1449
1450 int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf)
1451 {
1452 int with_id = 0, without_id = 0;
1453 struct sae_password_entry *pw;
1454
1455 if (conf->ssid.wpa_passphrase)
1456 without_id = 1;
1457
1458 for (pw = conf->sae_passwords; pw; pw = pw->next) {
1459 if (pw->identifier)
1460 with_id = 1;
1461 else
1462 without_id = 1;
1463 if (with_id && without_id)
1464 break;
1465 }
1466
1467 if (with_id && !without_id)
1468 return 2;
1469 return with_id;
1470 }
Unnamed repository; edit this file 'description' to name the repository.