]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/ap_config.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaround
[thirdparty/hostap.git] / src / ap / ap_config.c
1 /*
2 * hostapd / Configuration helper functions
3 * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "crypto/sha1.h"
13 #include "crypto/tls.h"
14 #include "radius/radius_client.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/ieee802_1x_defs.h"
17 #include "common/eapol_common.h"
18 #include "common/dhcp.h"
19 #include "common/sae.h"
20 #include "eap_common/eap_wsc_common.h"
21 #include "eap_server/eap.h"
22 #include "wpa_auth.h"
23 #include "sta_info.h"
24 #include "airtime_policy.h"
25 #include "ap_config.h"
26
27
28 static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)
29 {
30 struct hostapd_vlan *vlan, *prev;
31
32 vlan = bss->vlan;
33 prev = NULL;
34 while (vlan) {
35 prev = vlan;
36 vlan = vlan->next;
37 os_free(prev);
38 }
39
40 bss->vlan = NULL;
41 }
42
43
44 #ifndef DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES
45 #define DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES 0
46 #endif /* DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES */
47
48 void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
49 {
50 dl_list_init(&bss->anqp_elem);
51
52 bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;
53 bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;
54 bss->logger_syslog = (unsigned int) -1;
55 bss->logger_stdout = (unsigned int) -1;
56
57 bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;
58
59 bss->wep_rekeying_period = 300;
60 /* use key0 in individual key and key1 in broadcast key */
61 bss->broadcast_key_idx_min = 1;
62 bss->broadcast_key_idx_max = 2;
63 bss->eap_reauth_period = 3600;
64
65 bss->wpa_group_rekey = 600;
66 bss->wpa_gmk_rekey = 86400;
67 bss->wpa_deny_ptk0_rekey = PTK0_REKEY_ALLOW_ALWAYS;
68 bss->wpa_group_update_count = 4;
69 bss->wpa_pairwise_update_count = 4;
70 bss->wpa_disable_eapol_key_retries =
71 DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
72 bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
73 bss->wpa_pairwise = WPA_CIPHER_TKIP;
74 bss->wpa_group = WPA_CIPHER_TKIP;
75 bss->rsn_pairwise = 0;
76
77 bss->max_num_sta = MAX_STA_COUNT;
78
79 bss->dtim_period = 2;
80
81 bss->radius_server_auth_port = 1812;
82 bss->eap_sim_db_timeout = 1;
83 bss->eap_sim_id = 3;
84 bss->ap_max_inactivity = AP_MAX_INACTIVITY;
85 bss->eapol_version = EAPOL_VERSION;
86
87 bss->max_listen_interval = 65535;
88
89 bss->pwd_group = 19; /* ECC: GF(p=256) */
90
91 bss->assoc_sa_query_max_timeout = 1000;
92 bss->assoc_sa_query_retry_timeout = 201;
93 bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
94 #ifdef EAP_SERVER_FAST
95 /* both anonymous and authenticated provisioning */
96 bss->eap_fast_prov = 3;
97 bss->pac_key_lifetime = 7 * 24 * 60 * 60;
98 bss->pac_key_refresh_time = 1 * 24 * 60 * 60;
99 #endif /* EAP_SERVER_FAST */
100
101 /* Set to -1 as defaults depends on HT in setup */
102 bss->wmm_enabled = -1;
103
104 #ifdef CONFIG_IEEE80211R_AP
105 bss->ft_over_ds = 1;
106 bss->rkh_pos_timeout = 86400;
107 bss->rkh_neg_timeout = 60;
108 bss->rkh_pull_timeout = 1000;
109 bss->rkh_pull_retries = 4;
110 bss->r0_key_lifetime = 1209600;
111 #endif /* CONFIG_IEEE80211R_AP */
112
113 bss->radius_das_time_window = 300;
114
115 bss->sae_anti_clogging_threshold = 5;
116 bss->sae_sync = 5;
117
118 bss->gas_frag_limit = 1400;
119
120 #ifdef CONFIG_FILS
121 dl_list_init(&bss->fils_realms);
122 bss->fils_hlp_wait_time = 30;
123 bss->dhcp_server_port = DHCP_SERVER_PORT;
124 bss->dhcp_relay_port = DHCP_SERVER_PORT;
125 #endif /* CONFIG_FILS */
126
127 bss->broadcast_deauth = 1;
128
129 #ifdef CONFIG_MBO
130 bss->mbo_cell_data_conn_pref = -1;
131 #endif /* CONFIG_MBO */
132
133 /* Disable TLS v1.3 by default for now to avoid interoperability issue.
134 * This can be enabled by default once the implementation has been fully
135 * completed and tested with other implementations. */
136 bss->tls_flags = TLS_CONN_DISABLE_TLSv1_3;
137
138 bss->max_auth_rounds = 100;
139 bss->max_auth_rounds_short = 50;
140
141 bss->send_probe_response = 1;
142
143 #ifdef CONFIG_HS20
144 bss->hs20_release = (HS20_VERSION >> 4) + 1;
145 #endif /* CONFIG_HS20 */
146
147 #ifdef CONFIG_MACSEC
148 bss->mka_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
149 bss->macsec_port = 1;
150 #endif /* CONFIG_MACSEC */
151
152 /* Default to strict CRL checking. */
153 bss->check_crl_strict = 1;
154 }
155
156
157 struct hostapd_config * hostapd_config_defaults(void)
158 {
159 #define ecw2cw(ecw) ((1 << (ecw)) - 1)
160
161 struct hostapd_config *conf;
162 struct hostapd_bss_config *bss;
163 const int aCWmin = 4, aCWmax = 10;
164 const struct hostapd_wmm_ac_params ac_bk =
165 { aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
166 const struct hostapd_wmm_ac_params ac_be =
167 { aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
168 const struct hostapd_wmm_ac_params ac_vi = /* video traffic */
169 { aCWmin - 1, aCWmin, 2, 3008 / 32, 0 };
170 const struct hostapd_wmm_ac_params ac_vo = /* voice traffic */
171 { aCWmin - 2, aCWmin - 1, 2, 1504 / 32, 0 };
172 const struct hostapd_tx_queue_params txq_bk =
173 { 7, ecw2cw(aCWmin), ecw2cw(aCWmax), 0 };
174 const struct hostapd_tx_queue_params txq_be =
175 { 3, ecw2cw(aCWmin), 4 * (ecw2cw(aCWmin) + 1) - 1, 0};
176 const struct hostapd_tx_queue_params txq_vi =
177 { 1, (ecw2cw(aCWmin) + 1) / 2 - 1, ecw2cw(aCWmin), 30};
178 const struct hostapd_tx_queue_params txq_vo =
179 { 1, (ecw2cw(aCWmin) + 1) / 4 - 1,
180 (ecw2cw(aCWmin) + 1) / 2 - 1, 15};
181
182 #undef ecw2cw
183
184 conf = os_zalloc(sizeof(*conf));
185 bss = os_zalloc(sizeof(*bss));
186 if (conf == NULL || bss == NULL) {
187 wpa_printf(MSG_ERROR, "Failed to allocate memory for "
188 "configuration data.");
189 os_free(conf);
190 os_free(bss);
191 return NULL;
192 }
193 conf->bss = os_calloc(1, sizeof(struct hostapd_bss_config *));
194 if (conf->bss == NULL) {
195 os_free(conf);
196 os_free(bss);
197 return NULL;
198 }
199 conf->bss[0] = bss;
200
201 bss->radius = os_zalloc(sizeof(*bss->radius));
202 if (bss->radius == NULL) {
203 os_free(conf->bss);
204 os_free(conf);
205 os_free(bss);
206 return NULL;
207 }
208
209 hostapd_config_defaults_bss(bss);
210
211 conf->num_bss = 1;
212
213 conf->beacon_int = 100;
214 conf->rts_threshold = -2; /* use driver default: 2347 */
215 conf->fragm_threshold = -2; /* user driver default: 2346 */
216 /* Set to invalid value means do not add Power Constraint IE */
217 conf->local_pwr_constraint = -1;
218
219 conf->wmm_ac_params[0] = ac_be;
220 conf->wmm_ac_params[1] = ac_bk;
221 conf->wmm_ac_params[2] = ac_vi;
222 conf->wmm_ac_params[3] = ac_vo;
223
224 conf->tx_queue[0] = txq_vo;
225 conf->tx_queue[1] = txq_vi;
226 conf->tx_queue[2] = txq_be;
227 conf->tx_queue[3] = txq_bk;
228
229 conf->ht_capab = HT_CAP_INFO_SMPS_DISABLED;
230
231 conf->ap_table_max_size = 255;
232 conf->ap_table_expiration_time = 60;
233 conf->track_sta_max_age = 180;
234
235 #ifdef CONFIG_TESTING_OPTIONS
236 conf->ignore_probe_probability = 0.0;
237 conf->ignore_auth_probability = 0.0;
238 conf->ignore_assoc_probability = 0.0;
239 conf->ignore_reassoc_probability = 0.0;
240 conf->corrupt_gtk_rekey_mic_probability = 0.0;
241 conf->ecsa_ie_only = 0;
242 #endif /* CONFIG_TESTING_OPTIONS */
243
244 conf->acs = 0;
245 conf->acs_ch_list.num = 0;
246 #ifdef CONFIG_ACS
247 conf->acs_num_scans = 5;
248 #endif /* CONFIG_ACS */
249
250 #ifdef CONFIG_IEEE80211AX
251 conf->he_op.he_rts_threshold = HE_OPERATION_RTS_THRESHOLD_MASK >>
252 HE_OPERATION_RTS_THRESHOLD_OFFSET;
253 /* Set default basic MCS/NSS set to single stream MCS 0-7 */
254 conf->he_op.he_basic_mcs_nss_set = 0xfffc;
255 conf->he_op.he_bss_color_disabled = 1;
256 conf->he_op.he_bss_color_partial = 0;
257 conf->he_op.he_bss_color = 1;
258 #endif /* CONFIG_IEEE80211AX */
259
260 /* The third octet of the country string uses an ASCII space character
261 * by default to indicate that the regulations encompass all
262 * environments for the current frequency band in the country. */
263 conf->country[2] = ' ';
264
265 conf->rssi_reject_assoc_rssi = 0;
266 conf->rssi_reject_assoc_timeout = 30;
267
268 #ifdef CONFIG_AIRTIME_POLICY
269 conf->airtime_update_interval = AIRTIME_DEFAULT_UPDATE_INTERVAL;
270 #endif /* CONFIG_AIRTIME_POLICY */
271
272 return conf;
273 }
274
275
276 int hostapd_mac_comp(const void *a, const void *b)
277 {
278 return os_memcmp(a, b, sizeof(macaddr));
279 }
280
281
282 static int hostapd_config_read_wpa_psk(const char *fname,
283 struct hostapd_ssid *ssid)
284 {
285 FILE *f;
286 char buf[128], *pos;
287 const char *keyid;
288 char *context;
289 char *context2;
290 char *token;
291 char *name;
292 char *value;
293 int line = 0, ret = 0, len, ok;
294 u8 addr[ETH_ALEN];
295 struct hostapd_wpa_psk *psk;
296
297 if (!fname)
298 return 0;
299
300 f = fopen(fname, "r");
301 if (!f) {
302 wpa_printf(MSG_ERROR, "WPA PSK file '%s' not found.", fname);
303 return -1;
304 }
305
306 while (fgets(buf, sizeof(buf), f)) {
307 int vlan_id = 0;
308 int wps = 0;
309
310 line++;
311
312 if (buf[0] == '#')
313 continue;
314 pos = buf;
315 while (*pos != '\0') {
316 if (*pos == '\n') {
317 *pos = '\0';
318 break;
319 }
320 pos++;
321 }
322 if (buf[0] == '\0')
323 continue;
324
325 context = NULL;
326 keyid = NULL;
327 while ((token = str_token(buf, " ", &context))) {
328 if (!os_strchr(token, '='))
329 break;
330 context2 = NULL;
331 name = str_token(token, "=", &context2);
332 if (!name)
333 break;
334 value = str_token(token, "", &context2);
335 if (!value)
336 value = "";
337 if (!os_strcmp(name, "keyid")) {
338 keyid = value;
339 } else if (!os_strcmp(name, "wps")) {
340 wps = atoi(value);
341 } else if (!os_strcmp(name, "vlanid")) {
342 vlan_id = atoi(value);
343 } else {
344 wpa_printf(MSG_ERROR,
345 "Unrecognized '%s=%s' on line %d in '%s'",
346 name, value, line, fname);
347 ret = -1;
348 break;
349 }
350 }
351
352 if (ret == -1)
353 break;
354
355 if (!token)
356 token = "";
357 if (hwaddr_aton(token, addr)) {
358 wpa_printf(MSG_ERROR,
359 "Invalid MAC address '%s' on line %d in '%s'",
360 token, line, fname);
361 ret = -1;
362 break;
363 }
364
365 psk = os_zalloc(sizeof(*psk));
366 if (psk == NULL) {
367 wpa_printf(MSG_ERROR, "WPA PSK allocation failed");
368 ret = -1;
369 break;
370 }
371 psk->vlan_id = vlan_id;
372 if (is_zero_ether_addr(addr))
373 psk->group = 1;
374 else
375 os_memcpy(psk->addr, addr, ETH_ALEN);
376
377 pos = str_token(buf, "", &context);
378 if (!pos) {
379 wpa_printf(MSG_ERROR, "No PSK on line %d in '%s'",
380 line, fname);
381 os_free(psk);
382 ret = -1;
383 break;
384 }
385
386 ok = 0;
387 len = os_strlen(pos);
388 if (len == 2 * PMK_LEN &&
389 hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
390 ok = 1;
391 else if (len >= 8 && len < 64 &&
392 pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
393 4096, psk->psk, PMK_LEN) == 0)
394 ok = 1;
395 if (!ok) {
396 wpa_printf(MSG_ERROR,
397 "Invalid PSK '%s' on line %d in '%s'",
398 pos, line, fname);
399 os_free(psk);
400 ret = -1;
401 break;
402 }
403
404 if (keyid) {
405 len = os_strlcpy(psk->keyid, keyid, sizeof(psk->keyid));
406 if ((size_t) len >= sizeof(psk->keyid)) {
407 wpa_printf(MSG_ERROR,
408 "PSK keyid too long on line %d in '%s'",
409 line, fname);
410 os_free(psk);
411 ret = -1;
412 break;
413 }
414 }
415
416 psk->wps = wps;
417
418 psk->next = ssid->wpa_psk;
419 ssid->wpa_psk = psk;
420 }
421
422 fclose(f);
423
424 return ret;
425 }
426
427
428 static int hostapd_derive_psk(struct hostapd_ssid *ssid)
429 {
430 ssid->wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
431 if (ssid->wpa_psk == NULL) {
432 wpa_printf(MSG_ERROR, "Unable to alloc space for PSK");
433 return -1;
434 }
435 wpa_hexdump_ascii(MSG_DEBUG, "SSID",
436 (u8 *) ssid->ssid, ssid->ssid_len);
437 wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)",
438 (u8 *) ssid->wpa_passphrase,
439 os_strlen(ssid->wpa_passphrase));
440 pbkdf2_sha1(ssid->wpa_passphrase,
441 ssid->ssid, ssid->ssid_len,
442 4096, ssid->wpa_psk->psk, PMK_LEN);
443 wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)",
444 ssid->wpa_psk->psk, PMK_LEN);
445 return 0;
446 }
447
448
449 int hostapd_setup_sae_pt(struct hostapd_bss_config *conf)
450 {
451 #ifdef CONFIG_SAE
452 struct hostapd_ssid *ssid = &conf->ssid;
453 struct sae_password_entry *pw;
454
455 if ((conf->sae_pwe == 0 && !hostapd_sae_pw_id_in_use(conf)) ||
456 conf->sae_pwe == 3 ||
457 !wpa_key_mgmt_sae(conf->wpa_key_mgmt))
458 return 0; /* PT not needed */
459
460 sae_deinit_pt(ssid->pt);
461 ssid->pt = NULL;
462 if (ssid->wpa_passphrase) {
463 ssid->pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
464 ssid->ssid_len,
465 (const u8 *) ssid->wpa_passphrase,
466 os_strlen(ssid->wpa_passphrase),
467 NULL);
468 if (!ssid->pt)
469 return -1;
470 }
471
472 for (pw = conf->sae_passwords; pw; pw = pw->next) {
473 sae_deinit_pt(pw->pt);
474 pw->pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
475 ssid->ssid_len,
476 (const u8 *) pw->password,
477 os_strlen(pw->password),
478 pw->identifier);
479 if (!pw->pt)
480 return -1;
481 }
482 #endif /* CONFIG_SAE */
483
484 return 0;
485 }
486
487
488 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
489 {
490 struct hostapd_ssid *ssid = &conf->ssid;
491
492 if (hostapd_setup_sae_pt(conf) < 0)
493 return -1;
494
495 if (ssid->wpa_passphrase != NULL) {
496 if (ssid->wpa_psk != NULL) {
497 wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK "
498 "instead of passphrase");
499 } else {
500 wpa_printf(MSG_DEBUG, "Deriving WPA PSK based on "
501 "passphrase");
502 if (hostapd_derive_psk(ssid) < 0)
503 return -1;
504 }
505 ssid->wpa_psk->group = 1;
506 }
507
508 return hostapd_config_read_wpa_psk(ssid->wpa_psk_file, &conf->ssid);
509 }
510
511
512 static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
513 int num_servers)
514 {
515 int i;
516
517 for (i = 0; i < num_servers; i++) {
518 os_free(servers[i].shared_secret);
519 }
520 os_free(servers);
521 }
522
523
524 struct hostapd_radius_attr *
525 hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type)
526 {
527 for (; attr; attr = attr->next) {
528 if (attr->type == type)
529 return attr;
530 }
531 return NULL;
532 }
533
534
535 struct hostapd_radius_attr * hostapd_parse_radius_attr(const char *value)
536 {
537 const char *pos;
538 char syntax;
539 struct hostapd_radius_attr *attr;
540 size_t len;
541
542 attr = os_zalloc(sizeof(*attr));
543 if (!attr)
544 return NULL;
545
546 attr->type = atoi(value);
547
548 pos = os_strchr(value, ':');
549 if (!pos) {
550 attr->val = wpabuf_alloc(1);
551 if (!attr->val) {
552 os_free(attr);
553 return NULL;
554 }
555 wpabuf_put_u8(attr->val, 0);
556 return attr;
557 }
558
559 pos++;
560 if (pos[0] == '\0' || pos[1] != ':') {
561 os_free(attr);
562 return NULL;
563 }
564 syntax = *pos++;
565 pos++;
566
567 switch (syntax) {
568 case 's':
569 attr->val = wpabuf_alloc_copy(pos, os_strlen(pos));
570 break;
571 case 'x':
572 len = os_strlen(pos);
573 if (len & 1)
574 break;
575 len /= 2;
576 attr->val = wpabuf_alloc(len);
577 if (!attr->val)
578 break;
579 if (hexstr2bin(pos, wpabuf_put(attr->val, len), len) < 0) {
580 wpabuf_free(attr->val);
581 os_free(attr);
582 return NULL;
583 }
584 break;
585 case 'd':
586 attr->val = wpabuf_alloc(4);
587 if (attr->val)
588 wpabuf_put_be32(attr->val, atoi(pos));
589 break;
590 default:
591 os_free(attr);
592 return NULL;
593 }
594
595 if (!attr->val) {
596 os_free(attr);
597 return NULL;
598 }
599
600 return attr;
601 }
602
603
604 void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr)
605 {
606 struct hostapd_radius_attr *prev;
607
608 while (attr) {
609 prev = attr;
610 attr = attr->next;
611 wpabuf_free(prev->val);
612 os_free(prev);
613 }
614 }
615
616
617 void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
618 {
619 hostapd_config_free_radius_attr(user->accept_attr);
620 os_free(user->identity);
621 bin_clear_free(user->password, user->password_len);
622 bin_clear_free(user->salt, user->salt_len);
623 os_free(user);
624 }
625
626
627 void hostapd_config_free_eap_users(struct hostapd_eap_user *user)
628 {
629 struct hostapd_eap_user *prev_user;
630
631 while (user) {
632 prev_user = user;
633 user = user->next;
634 hostapd_config_free_eap_user(prev_user);
635 }
636 }
637
638
639 static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
640 {
641 int i;
642 for (i = 0; i < NUM_WEP_KEYS; i++) {
643 bin_clear_free(keys->key[i], keys->len[i]);
644 keys->key[i] = NULL;
645 }
646 }
647
648
649 void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **l)
650 {
651 struct hostapd_wpa_psk *psk, *tmp;
652
653 for (psk = *l; psk;) {
654 tmp = psk;
655 psk = psk->next;
656 bin_clear_free(tmp, sizeof(*tmp));
657 }
658 *l = NULL;
659 }
660
661
662 static void hostapd_config_free_anqp_elem(struct hostapd_bss_config *conf)
663 {
664 struct anqp_element *elem;
665
666 while ((elem = dl_list_first(&conf->anqp_elem, struct anqp_element,
667 list))) {
668 dl_list_del(&elem->list);
669 wpabuf_free(elem->payload);
670 os_free(elem);
671 }
672 }
673
674
675 static void hostapd_config_free_fils_realms(struct hostapd_bss_config *conf)
676 {
677 #ifdef CONFIG_FILS
678 struct fils_realm *realm;
679
680 while ((realm = dl_list_first(&conf->fils_realms, struct fils_realm,
681 list))) {
682 dl_list_del(&realm->list);
683 os_free(realm);
684 }
685 #endif /* CONFIG_FILS */
686 }
687
688
689 static void hostapd_config_free_sae_passwords(struct hostapd_bss_config *conf)
690 {
691 struct sae_password_entry *pw, *tmp;
692
693 pw = conf->sae_passwords;
694 conf->sae_passwords = NULL;
695 while (pw) {
696 tmp = pw;
697 pw = pw->next;
698 str_clear_free(tmp->password);
699 os_free(tmp->identifier);
700 #ifdef CONFIG_SAE
701 sae_deinit_pt(tmp->pt);
702 #endif /* CONFIG_SAE */
703 os_free(tmp);
704 }
705 }
706
707
708 #ifdef CONFIG_DPP2
709 static void hostapd_dpp_controller_conf_free(struct dpp_controller_conf *conf)
710 {
711 struct dpp_controller_conf *prev;
712
713 while (conf) {
714 prev = conf;
715 conf = conf->next;
716 os_free(prev);
717 }
718 }
719 #endif /* CONFIG_DPP2 */
720
721
722 void hostapd_config_free_bss(struct hostapd_bss_config *conf)
723 {
724 #if defined(CONFIG_WPS) || defined(CONFIG_HS20)
725 size_t i;
726 #endif
727
728 if (conf == NULL)
729 return;
730
731 hostapd_config_clear_wpa_psk(&conf->ssid.wpa_psk);
732
733 str_clear_free(conf->ssid.wpa_passphrase);
734 os_free(conf->ssid.wpa_psk_file);
735 hostapd_config_free_wep(&conf->ssid.wep);
736 #ifdef CONFIG_FULL_DYNAMIC_VLAN
737 os_free(conf->ssid.vlan_tagged_interface);
738 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
739 #ifdef CONFIG_SAE
740 sae_deinit_pt(conf->ssid.pt);
741 #endif /* CONFIG_SAE */
742
743 hostapd_config_free_eap_users(conf->eap_user);
744 os_free(conf->eap_user_sqlite);
745
746 os_free(conf->eap_req_id_text);
747 os_free(conf->erp_domain);
748 os_free(conf->accept_mac);
749 os_free(conf->deny_mac);
750 os_free(conf->nas_identifier);
751 if (conf->radius) {
752 hostapd_config_free_radius(conf->radius->auth_servers,
753 conf->radius->num_auth_servers);
754 hostapd_config_free_radius(conf->radius->acct_servers,
755 conf->radius->num_acct_servers);
756 }
757 hostapd_config_free_radius_attr(conf->radius_auth_req_attr);
758 hostapd_config_free_radius_attr(conf->radius_acct_req_attr);
759 os_free(conf->radius_req_attr_sqlite);
760 os_free(conf->rsn_preauth_interfaces);
761 os_free(conf->ctrl_interface);
762 os_free(conf->ca_cert);
763 os_free(conf->server_cert);
764 os_free(conf->server_cert2);
765 os_free(conf->private_key);
766 os_free(conf->private_key2);
767 os_free(conf->private_key_passwd);
768 os_free(conf->private_key_passwd2);
769 os_free(conf->check_cert_subject);
770 os_free(conf->ocsp_stapling_response);
771 os_free(conf->ocsp_stapling_response_multi);
772 os_free(conf->dh_file);
773 os_free(conf->openssl_ciphers);
774 os_free(conf->openssl_ecdh_curves);
775 os_free(conf->pac_opaque_encr_key);
776 os_free(conf->eap_fast_a_id);
777 os_free(conf->eap_fast_a_id_info);
778 os_free(conf->eap_sim_db);
779 os_free(conf->radius_server_clients);
780 os_free(conf->radius);
781 os_free(conf->radius_das_shared_secret);
782 hostapd_config_free_vlan(conf);
783 os_free(conf->time_zone);
784
785 #ifdef CONFIG_IEEE80211R_AP
786 {
787 struct ft_remote_r0kh *r0kh, *r0kh_prev;
788 struct ft_remote_r1kh *r1kh, *r1kh_prev;
789
790 r0kh = conf->r0kh_list;
791 conf->r0kh_list = NULL;
792 while (r0kh) {
793 r0kh_prev = r0kh;
794 r0kh = r0kh->next;
795 os_free(r0kh_prev);
796 }
797
798 r1kh = conf->r1kh_list;
799 conf->r1kh_list = NULL;
800 while (r1kh) {
801 r1kh_prev = r1kh;
802 r1kh = r1kh->next;
803 os_free(r1kh_prev);
804 }
805 }
806 #endif /* CONFIG_IEEE80211R_AP */
807
808 #ifdef CONFIG_WPS
809 os_free(conf->wps_pin_requests);
810 os_free(conf->device_name);
811 os_free(conf->manufacturer);
812 os_free(conf->model_name);
813 os_free(conf->model_number);
814 os_free(conf->serial_number);
815 os_free(conf->config_methods);
816 os_free(conf->ap_pin);
817 os_free(conf->extra_cred);
818 os_free(conf->ap_settings);
819 hostapd_config_clear_wpa_psk(&conf->multi_ap_backhaul_ssid.wpa_psk);
820 str_clear_free(conf->multi_ap_backhaul_ssid.wpa_passphrase);
821 os_free(conf->upnp_iface);
822 os_free(conf->friendly_name);
823 os_free(conf->manufacturer_url);
824 os_free(conf->model_description);
825 os_free(conf->model_url);
826 os_free(conf->upc);
827 for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++)
828 wpabuf_free(conf->wps_vendor_ext[i]);
829 wpabuf_free(conf->wps_application_ext);
830 wpabuf_free(conf->wps_nfc_dh_pubkey);
831 wpabuf_free(conf->wps_nfc_dh_privkey);
832 wpabuf_free(conf->wps_nfc_dev_pw);
833 #endif /* CONFIG_WPS */
834
835 os_free(conf->roaming_consortium);
836 os_free(conf->venue_name);
837 os_free(conf->venue_url);
838 os_free(conf->nai_realm_data);
839 os_free(conf->network_auth_type);
840 os_free(conf->anqp_3gpp_cell_net);
841 os_free(conf->domain_name);
842 hostapd_config_free_anqp_elem(conf);
843
844 #ifdef CONFIG_RADIUS_TEST
845 os_free(conf->dump_msk_file);
846 #endif /* CONFIG_RADIUS_TEST */
847
848 #ifdef CONFIG_HS20
849 os_free(conf->hs20_oper_friendly_name);
850 os_free(conf->hs20_wan_metrics);
851 os_free(conf->hs20_connection_capability);
852 os_free(conf->hs20_operating_class);
853 os_free(conf->hs20_icons);
854 if (conf->hs20_osu_providers) {
855 for (i = 0; i < conf->hs20_osu_providers_count; i++) {
856 struct hs20_osu_provider *p;
857 size_t j;
858 p = &conf->hs20_osu_providers[i];
859 os_free(p->friendly_name);
860 os_free(p->server_uri);
861 os_free(p->method_list);
862 for (j = 0; j < p->icons_count; j++)
863 os_free(p->icons[j]);
864 os_free(p->icons);
865 os_free(p->osu_nai);
866 os_free(p->osu_nai2);
867 os_free(p->service_desc);
868 }
869 os_free(conf->hs20_osu_providers);
870 }
871 if (conf->hs20_operator_icon) {
872 for (i = 0; i < conf->hs20_operator_icon_count; i++)
873 os_free(conf->hs20_operator_icon[i]);
874 os_free(conf->hs20_operator_icon);
875 }
876 os_free(conf->subscr_remediation_url);
877 os_free(conf->hs20_sim_provisioning_url);
878 os_free(conf->t_c_filename);
879 os_free(conf->t_c_server_url);
880 #endif /* CONFIG_HS20 */
881
882 wpabuf_free(conf->vendor_elements);
883 wpabuf_free(conf->assocresp_elements);
884
885 os_free(conf->sae_groups);
886 #ifdef CONFIG_OWE
887 os_free(conf->owe_groups);
888 #endif /* CONFIG_OWE */
889
890 os_free(conf->wowlan_triggers);
891
892 os_free(conf->server_id);
893
894 #ifdef CONFIG_TESTING_OPTIONS
895 wpabuf_free(conf->own_ie_override);
896 wpabuf_free(conf->sae_commit_override);
897 wpabuf_free(conf->rsnxe_override_eapol);
898 wpabuf_free(conf->gtk_rsc_override);
899 wpabuf_free(conf->igtk_rsc_override);
900 #endif /* CONFIG_TESTING_OPTIONS */
901
902 os_free(conf->no_probe_resp_if_seen_on);
903 os_free(conf->no_auth_if_seen_on);
904
905 hostapd_config_free_fils_realms(conf);
906
907 #ifdef CONFIG_DPP
908 os_free(conf->dpp_name);
909 os_free(conf->dpp_mud_url);
910 os_free(conf->dpp_connector);
911 wpabuf_free(conf->dpp_netaccesskey);
912 wpabuf_free(conf->dpp_csign);
913 #ifdef CONFIG_DPP2
914 hostapd_dpp_controller_conf_free(conf->dpp_controller);
915 #endif /* CONFIG_DPP2 */
916 #endif /* CONFIG_DPP */
917
918 hostapd_config_free_sae_passwords(conf);
919
920 #ifdef CONFIG_AIRTIME_POLICY
921 {
922 struct airtime_sta_weight *wt, *wt_prev;
923
924 wt = conf->airtime_weight_list;
925 conf->airtime_weight_list = NULL;
926 while (wt) {
927 wt_prev = wt;
928 wt = wt->next;
929 os_free(wt_prev);
930 }
931 }
932 #endif /* CONFIG_AIRTIME_POLICY */
933
934 os_free(conf);
935 }
936
937
938 /**
939 * hostapd_config_free - Free hostapd configuration
940 * @conf: Configuration data from hostapd_config_read().
941 */
942 void hostapd_config_free(struct hostapd_config *conf)
943 {
944 size_t i;
945
946 if (conf == NULL)
947 return;
948
949 for (i = 0; i < conf->num_bss; i++)
950 hostapd_config_free_bss(conf->bss[i]);
951 os_free(conf->bss);
952 os_free(conf->supported_rates);
953 os_free(conf->basic_rates);
954 os_free(conf->acs_ch_list.range);
955 os_free(conf->acs_freq_list.range);
956 os_free(conf->driver_params);
957 #ifdef CONFIG_ACS
958 os_free(conf->acs_chan_bias);
959 #endif /* CONFIG_ACS */
960 wpabuf_free(conf->lci);
961 wpabuf_free(conf->civic);
962
963 os_free(conf);
964 }
965
966
967 /**
968 * hostapd_maclist_found - Find a MAC address from a list
969 * @list: MAC address list
970 * @num_entries: Number of addresses in the list
971 * @addr: Address to search for
972 * @vlan_id: Buffer for returning VLAN ID or %NULL if not needed
973 * Returns: 1 if address is in the list or 0 if not.
974 *
975 * Perform a binary search for given MAC address from a pre-sorted list.
976 */
977 int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
978 const u8 *addr, struct vlan_description *vlan_id)
979 {
980 int start, end, middle, res;
981
982 start = 0;
983 end = num_entries - 1;
984
985 while (start <= end) {
986 middle = (start + end) / 2;
987 res = os_memcmp(list[middle].addr, addr, ETH_ALEN);
988 if (res == 0) {
989 if (vlan_id)
990 *vlan_id = list[middle].vlan_id;
991 return 1;
992 }
993 if (res < 0)
994 start = middle + 1;
995 else
996 end = middle - 1;
997 }
998
999 return 0;
1000 }
1001
1002
1003 int hostapd_rate_found(int *list, int rate)
1004 {
1005 int i;
1006
1007 if (list == NULL)
1008 return 0;
1009
1010 for (i = 0; list[i] >= 0; i++)
1011 if (list[i] == rate)
1012 return 1;
1013
1014 return 0;
1015 }
1016
1017
1018 int hostapd_vlan_valid(struct hostapd_vlan *vlan,
1019 struct vlan_description *vlan_desc)
1020 {
1021 struct hostapd_vlan *v = vlan;
1022 int i;
1023
1024 if (!vlan_desc->notempty || vlan_desc->untagged < 0 ||
1025 vlan_desc->untagged > MAX_VLAN_ID)
1026 return 0;
1027 for (i = 0; i < MAX_NUM_TAGGED_VLAN; i++) {
1028 if (vlan_desc->tagged[i] < 0 ||
1029 vlan_desc->tagged[i] > MAX_VLAN_ID)
1030 return 0;
1031 }
1032 if (!vlan_desc->untagged && !vlan_desc->tagged[0])
1033 return 0;
1034
1035 while (v) {
1036 if (!vlan_compare(&v->vlan_desc, vlan_desc) ||
1037 v->vlan_id == VLAN_ID_WILDCARD)
1038 return 1;
1039 v = v->next;
1040 }
1041 return 0;
1042 }
1043
1044
1045 const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
1046 {
1047 struct hostapd_vlan *v = vlan;
1048 while (v) {
1049 if (v->vlan_id == vlan_id)
1050 return v->ifname;
1051 v = v->next;
1052 }
1053 return NULL;
1054 }
1055
1056
1057 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
1058 const u8 *addr, const u8 *p2p_dev_addr,
1059 const u8 *prev_psk, int *vlan_id)
1060 {
1061 struct hostapd_wpa_psk *psk;
1062 int next_ok = prev_psk == NULL;
1063
1064 if (vlan_id)
1065 *vlan_id = 0;
1066
1067 if (p2p_dev_addr && !is_zero_ether_addr(p2p_dev_addr)) {
1068 wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
1069 " p2p_dev_addr=" MACSTR " prev_psk=%p",
1070 MAC2STR(addr), MAC2STR(p2p_dev_addr), prev_psk);
1071 addr = NULL; /* Use P2P Device Address for matching */
1072 } else {
1073 wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
1074 " prev_psk=%p",
1075 MAC2STR(addr), prev_psk);
1076 }
1077
1078 for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
1079 if (next_ok &&
1080 (psk->group ||
1081 (addr && os_memcmp(psk->addr, addr, ETH_ALEN) == 0) ||
1082 (!addr && p2p_dev_addr &&
1083 os_memcmp(psk->p2p_dev_addr, p2p_dev_addr, ETH_ALEN) ==
1084 0))) {
1085 if (vlan_id)
1086 *vlan_id = psk->vlan_id;
1087 return psk->psk;
1088 }
1089
1090 if (psk->psk == prev_psk)
1091 next_ok = 1;
1092 }
1093
1094 return NULL;
1095 }
1096
1097
1098 static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
1099 struct hostapd_config *conf,
1100 int full_config)
1101 {
1102 if (full_config && bss->ieee802_1x && !bss->eap_server &&
1103 !bss->radius->auth_servers) {
1104 wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no "
1105 "EAP authenticator configured).");
1106 return -1;
1107 }
1108
1109 if (bss->wpa) {
1110 int wep, i;
1111
1112 wep = bss->default_wep_key_len > 0 ||
1113 bss->individual_wep_key_len > 0;
1114 for (i = 0; i < NUM_WEP_KEYS; i++) {
1115 if (bss->ssid.wep.keys_set) {
1116 wep = 1;
1117 break;
1118 }
1119 }
1120
1121 if (wep) {
1122 wpa_printf(MSG_ERROR, "WEP configuration in a WPA network is not supported");
1123 return -1;
1124 }
1125 }
1126
1127 if (full_config && bss->wpa &&
1128 bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
1129 bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
1130 wpa_printf(MSG_ERROR, "WPA-PSK using RADIUS enabled, but no "
1131 "RADIUS checking (macaddr_acl=2) enabled.");
1132 return -1;
1133 }
1134
1135 if (full_config && bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
1136 bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
1137 bss->ssid.wpa_psk_file == NULL &&
1138 (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED ||
1139 bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) {
1140 wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase "
1141 "is not configured.");
1142 return -1;
1143 }
1144
1145 if (full_config && !is_zero_ether_addr(bss->bssid)) {
1146 size_t i;
1147
1148 for (i = 0; i < conf->num_bss; i++) {
1149 if (conf->bss[i] != bss &&
1150 (hostapd_mac_comp(conf->bss[i]->bssid,
1151 bss->bssid) == 0)) {
1152 wpa_printf(MSG_ERROR, "Duplicate BSSID " MACSTR
1153 " on interface '%s' and '%s'.",
1154 MAC2STR(bss->bssid),
1155 conf->bss[i]->iface, bss->iface);
1156 return -1;
1157 }
1158 }
1159 }
1160
1161 #ifdef CONFIG_IEEE80211R_AP
1162 if (full_config && wpa_key_mgmt_ft(bss->wpa_key_mgmt) &&
1163 (bss->nas_identifier == NULL ||
1164 os_strlen(bss->nas_identifier) < 1 ||
1165 os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) {
1166 wpa_printf(MSG_ERROR, "FT (IEEE 802.11r) requires "
1167 "nas_identifier to be configured as a 1..48 octet "
1168 "string");
1169 return -1;
1170 }
1171 #endif /* CONFIG_IEEE80211R_AP */
1172
1173 if (full_config && conf->ieee80211n &&
1174 conf->hw_mode == HOSTAPD_MODE_IEEE80211B) {
1175 bss->disable_11n = 1;
1176 wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) in 11b mode is not "
1177 "allowed, disabling HT capabilities");
1178 }
1179
1180 if (full_config && conf->ieee80211n &&
1181 bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1182 bss->disable_11n = 1;
1183 wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not "
1184 "allowed, disabling HT capabilities");
1185 }
1186
1187 if (full_config && conf->ieee80211n && bss->wpa &&
1188 !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1189 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1190 WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1191 {
1192 bss->disable_11n = 1;
1193 wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 "
1194 "requires CCMP/GCMP to be enabled, disabling HT "
1195 "capabilities");
1196 }
1197
1198 #ifdef CONFIG_IEEE80211AC
1199 if (full_config && conf->ieee80211ac &&
1200 bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1201 bss->disable_11ac = 1;
1202 wpa_printf(MSG_ERROR,
1203 "VHT (IEEE 802.11ac) with WEP is not allowed, disabling VHT capabilities");
1204 }
1205
1206 if (full_config && conf->ieee80211ac && bss->wpa &&
1207 !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1208 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1209 WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1210 {
1211 bss->disable_11ac = 1;
1212 wpa_printf(MSG_ERROR,
1213 "VHT (IEEE 802.11ac) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling VHT capabilities");
1214 }
1215 #endif /* CONFIG_IEEE80211AC */
1216
1217 #ifdef CONFIG_WPS
1218 if (full_config && bss->wps_state && bss->ignore_broadcast_ssid) {
1219 wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid "
1220 "configuration forced WPS to be disabled");
1221 bss->wps_state = 0;
1222 }
1223
1224 if (full_config && bss->wps_state &&
1225 bss->ssid.wep.keys_set && bss->wpa == 0) {
1226 wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be "
1227 "disabled");
1228 bss->wps_state = 0;
1229 }
1230
1231 if (full_config && bss->wps_state && bss->wpa &&
1232 (!(bss->wpa & 2) ||
1233 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1234 WPA_CIPHER_CCMP_256 |
1235 WPA_CIPHER_GCMP_256)))) {
1236 wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without "
1237 "WPA2/CCMP/GCMP forced WPS to be disabled");
1238 bss->wps_state = 0;
1239 }
1240 #endif /* CONFIG_WPS */
1241
1242 #ifdef CONFIG_HS20
1243 if (full_config && bss->hs20 &&
1244 (!(bss->wpa & 2) ||
1245 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1246 WPA_CIPHER_CCMP_256 |
1247 WPA_CIPHER_GCMP_256)))) {
1248 wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP "
1249 "configuration is required for Hotspot 2.0 "
1250 "functionality");
1251 return -1;
1252 }
1253 #endif /* CONFIG_HS20 */
1254
1255 #ifdef CONFIG_MBO
1256 if (full_config && bss->mbo_enabled && (bss->wpa & 2) &&
1257 bss->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
1258 wpa_printf(MSG_ERROR,
1259 "MBO: PMF needs to be enabled whenever using WPA2 with MBO");
1260 return -1;
1261 }
1262 #endif /* CONFIG_MBO */
1263
1264 #ifdef CONFIG_OCV
1265 if (full_config && bss->ieee80211w == NO_MGMT_FRAME_PROTECTION &&
1266 bss->ocv) {
1267 wpa_printf(MSG_ERROR,
1268 "OCV: PMF needs to be enabled whenever using OCV");
1269 return -1;
1270 }
1271 #endif /* CONFIG_OCV */
1272
1273 return 0;
1274 }
1275
1276
1277 static int hostapd_config_check_cw(struct hostapd_config *conf, int queue)
1278 {
1279 int tx_cwmin = conf->tx_queue[queue].cwmin;
1280 int tx_cwmax = conf->tx_queue[queue].cwmax;
1281 int ac_cwmin = conf->wmm_ac_params[queue].cwmin;
1282 int ac_cwmax = conf->wmm_ac_params[queue].cwmax;
1283
1284 if (tx_cwmin > tx_cwmax) {
1285 wpa_printf(MSG_ERROR,
1286 "Invalid TX queue cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1287 tx_cwmin, tx_cwmax);
1288 return -1;
1289 }
1290 if (ac_cwmin > ac_cwmax) {
1291 wpa_printf(MSG_ERROR,
1292 "Invalid WMM AC cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1293 ac_cwmin, ac_cwmax);
1294 return -1;
1295 }
1296 return 0;
1297 }
1298
1299
1300 int hostapd_config_check(struct hostapd_config *conf, int full_config)
1301 {
1302 size_t i;
1303
1304 if (full_config && conf->ieee80211d &&
1305 (!conf->country[0] || !conf->country[1])) {
1306 wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11d without "
1307 "setting the country_code");
1308 return -1;
1309 }
1310
1311 if (full_config && conf->ieee80211h && !conf->ieee80211d) {
1312 wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11h without "
1313 "IEEE 802.11d enabled");
1314 return -1;
1315 }
1316
1317 if (full_config && conf->local_pwr_constraint != -1 &&
1318 !conf->ieee80211d) {
1319 wpa_printf(MSG_ERROR, "Cannot add Power Constraint element without Country element");
1320 return -1;
1321 }
1322
1323 if (full_config && conf->spectrum_mgmt_required &&
1324 conf->local_pwr_constraint == -1) {
1325 wpa_printf(MSG_ERROR, "Cannot set Spectrum Management bit without Country and Power Constraint elements");
1326 return -1;
1327 }
1328
1329 #ifdef CONFIG_AIRTIME_POLICY
1330 if (full_config && conf->airtime_mode > AIRTIME_MODE_STATIC &&
1331 !conf->airtime_update_interval) {
1332 wpa_printf(MSG_ERROR, "Airtime update interval cannot be zero");
1333 return -1;
1334 }
1335 #endif /* CONFIG_AIRTIME_POLICY */
1336 for (i = 0; i < NUM_TX_QUEUES; i++) {
1337 if (hostapd_config_check_cw(conf, i))
1338 return -1;
1339 }
1340
1341 for (i = 0; i < conf->num_bss; i++) {
1342 if (hostapd_config_check_bss(conf->bss[i], conf, full_config))
1343 return -1;
1344 }
1345
1346 return 0;
1347 }
1348
1349
1350 void hostapd_set_security_params(struct hostapd_bss_config *bss,
1351 int full_config)
1352 {
1353 if (bss->individual_wep_key_len == 0) {
1354 /* individual keys are not use; can use key idx0 for
1355 * broadcast keys */
1356 bss->broadcast_key_idx_min = 0;
1357 }
1358
1359 if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
1360 bss->rsn_pairwise = bss->wpa_pairwise;
1361 if (bss->group_cipher)
1362 bss->wpa_group = bss->group_cipher;
1363 else
1364 bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
1365 bss->wpa_pairwise,
1366 bss->rsn_pairwise);
1367 if (!bss->wpa_group_rekey_set)
1368 bss->wpa_group_rekey = bss->wpa_group == WPA_CIPHER_TKIP ?
1369 600 : 86400;
1370
1371 if (full_config) {
1372 bss->radius->auth_server = bss->radius->auth_servers;
1373 bss->radius->acct_server = bss->radius->acct_servers;
1374 }
1375
1376 if (bss->wpa && bss->ieee802_1x) {
1377 bss->ssid.security_policy = SECURITY_WPA;
1378 } else if (bss->wpa) {
1379 bss->ssid.security_policy = SECURITY_WPA_PSK;
1380 } else if (bss->ieee802_1x) {
1381 int cipher = WPA_CIPHER_NONE;
1382 bss->ssid.security_policy = SECURITY_IEEE_802_1X;
1383 bss->ssid.wep.default_len = bss->default_wep_key_len;
1384 if (full_config && bss->default_wep_key_len) {
1385 cipher = bss->default_wep_key_len >= 13 ?
1386 WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
1387 } else if (full_config && bss->ssid.wep.keys_set) {
1388 if (bss->ssid.wep.len[0] >= 13)
1389 cipher = WPA_CIPHER_WEP104;
1390 else
1391 cipher = WPA_CIPHER_WEP40;
1392 }
1393 bss->wpa_group = cipher;
1394 bss->wpa_pairwise = cipher;
1395 bss->rsn_pairwise = cipher;
1396 if (full_config)
1397 bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
1398 } else if (bss->ssid.wep.keys_set) {
1399 int cipher = WPA_CIPHER_WEP40;
1400 if (bss->ssid.wep.len[0] >= 13)
1401 cipher = WPA_CIPHER_WEP104;
1402 bss->ssid.security_policy = SECURITY_STATIC_WEP;
1403 bss->wpa_group = cipher;
1404 bss->wpa_pairwise = cipher;
1405 bss->rsn_pairwise = cipher;
1406 if (full_config)
1407 bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1408 } else if (bss->osen) {
1409 bss->ssid.security_policy = SECURITY_OSEN;
1410 bss->wpa_group = WPA_CIPHER_CCMP;
1411 bss->wpa_pairwise = 0;
1412 bss->rsn_pairwise = WPA_CIPHER_CCMP;
1413 } else {
1414 bss->ssid.security_policy = SECURITY_PLAINTEXT;
1415 if (full_config) {
1416 bss->wpa_group = WPA_CIPHER_NONE;
1417 bss->wpa_pairwise = WPA_CIPHER_NONE;
1418 bss->rsn_pairwise = WPA_CIPHER_NONE;
1419 bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1420 }
1421 }
1422 }
1423
1424
1425 int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf)
1426 {
1427 int with_id = 0, without_id = 0;
1428 struct sae_password_entry *pw;
1429
1430 if (conf->ssid.wpa_passphrase)
1431 without_id = 1;
1432
1433 for (pw = conf->sae_passwords; pw; pw = pw->next) {
1434 if (pw->identifier)
1435 with_id = 1;
1436 else
1437 without_id = 1;
1438 if (with_id && without_id)
1439 break;
1440 }
1441
1442 if (with_id && !without_id)
1443 return 2;
1444 return with_id;
1445 }
Unnamed repository; edit this file 'description' to name the repository.