]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/ap_config.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
hostapd: Add testing option to use only ECSA
[thirdparty/hostap.git] / src / ap / ap_config.c
1 /*
2 * hostapd / Configuration helper functions
3 * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "crypto/sha1.h"
13 #include "radius/radius_client.h"
14 #include "common/ieee802_11_defs.h"
15 #include "common/eapol_common.h"
16 #include "eap_common/eap_wsc_common.h"
17 #include "eap_server/eap.h"
18 #include "wpa_auth.h"
19 #include "sta_info.h"
20 #include "ap_config.h"
21
22
23 static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)
24 {
25 struct hostapd_vlan *vlan, *prev;
26
27 vlan = bss->vlan;
28 prev = NULL;
29 while (vlan) {
30 prev = vlan;
31 vlan = vlan->next;
32 os_free(prev);
33 }
34
35 bss->vlan = NULL;
36 }
37
38
39 void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
40 {
41 bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;
42 bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;
43 bss->logger_syslog = (unsigned int) -1;
44 bss->logger_stdout = (unsigned int) -1;
45
46 bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;
47
48 bss->wep_rekeying_period = 300;
49 /* use key0 in individual key and key1 in broadcast key */
50 bss->broadcast_key_idx_min = 1;
51 bss->broadcast_key_idx_max = 2;
52 bss->eap_reauth_period = 3600;
53
54 bss->wpa_group_rekey = 600;
55 bss->wpa_gmk_rekey = 86400;
56 bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
57 bss->wpa_pairwise = WPA_CIPHER_TKIP;
58 bss->wpa_group = WPA_CIPHER_TKIP;
59 bss->rsn_pairwise = 0;
60
61 bss->max_num_sta = MAX_STA_COUNT;
62
63 bss->dtim_period = 2;
64
65 bss->radius_server_auth_port = 1812;
66 bss->ap_max_inactivity = AP_MAX_INACTIVITY;
67 bss->eapol_version = EAPOL_VERSION;
68
69 bss->max_listen_interval = 65535;
70
71 bss->pwd_group = 19; /* ECC: GF(p=256) */
72
73 #ifdef CONFIG_IEEE80211W
74 bss->assoc_sa_query_max_timeout = 1000;
75 bss->assoc_sa_query_retry_timeout = 201;
76 bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
77 #endif /* CONFIG_IEEE80211W */
78 #ifdef EAP_SERVER_FAST
79 /* both anonymous and authenticated provisioning */
80 bss->eap_fast_prov = 3;
81 bss->pac_key_lifetime = 7 * 24 * 60 * 60;
82 bss->pac_key_refresh_time = 1 * 24 * 60 * 60;
83 #endif /* EAP_SERVER_FAST */
84
85 /* Set to -1 as defaults depends on HT in setup */
86 bss->wmm_enabled = -1;
87
88 #ifdef CONFIG_IEEE80211R
89 bss->ft_over_ds = 1;
90 #endif /* CONFIG_IEEE80211R */
91
92 bss->radius_das_time_window = 300;
93
94 bss->sae_anti_clogging_threshold = 5;
95 }
96
97
98 struct hostapd_config * hostapd_config_defaults(void)
99 {
100 #define ecw2cw(ecw) ((1 << (ecw)) - 1)
101
102 struct hostapd_config *conf;
103 struct hostapd_bss_config *bss;
104 const int aCWmin = 4, aCWmax = 10;
105 const struct hostapd_wmm_ac_params ac_bk =
106 { aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
107 const struct hostapd_wmm_ac_params ac_be =
108 { aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
109 const struct hostapd_wmm_ac_params ac_vi = /* video traffic */
110 { aCWmin - 1, aCWmin, 2, 3008 / 32, 0 };
111 const struct hostapd_wmm_ac_params ac_vo = /* voice traffic */
112 { aCWmin - 2, aCWmin - 1, 2, 1504 / 32, 0 };
113 const struct hostapd_tx_queue_params txq_bk =
114 { 7, ecw2cw(aCWmin), ecw2cw(aCWmax), 0 };
115 const struct hostapd_tx_queue_params txq_be =
116 { 3, ecw2cw(aCWmin), 4 * (ecw2cw(aCWmin) + 1) - 1, 0};
117 const struct hostapd_tx_queue_params txq_vi =
118 { 1, (ecw2cw(aCWmin) + 1) / 2 - 1, ecw2cw(aCWmin), 30};
119 const struct hostapd_tx_queue_params txq_vo =
120 { 1, (ecw2cw(aCWmin) + 1) / 4 - 1,
121 (ecw2cw(aCWmin) + 1) / 2 - 1, 15};
122
123 #undef ecw2cw
124
125 conf = os_zalloc(sizeof(*conf));
126 bss = os_zalloc(sizeof(*bss));
127 if (conf == NULL || bss == NULL) {
128 wpa_printf(MSG_ERROR, "Failed to allocate memory for "
129 "configuration data.");
130 os_free(conf);
131 os_free(bss);
132 return NULL;
133 }
134 conf->bss = os_calloc(1, sizeof(struct hostapd_bss_config *));
135 if (conf->bss == NULL) {
136 os_free(conf);
137 os_free(bss);
138 return NULL;
139 }
140 conf->bss[0] = bss;
141
142 bss->radius = os_zalloc(sizeof(*bss->radius));
143 if (bss->radius == NULL) {
144 os_free(conf->bss);
145 os_free(conf);
146 os_free(bss);
147 return NULL;
148 }
149
150 hostapd_config_defaults_bss(bss);
151
152 conf->num_bss = 1;
153
154 conf->beacon_int = 100;
155 conf->rts_threshold = -1; /* use driver default: 2347 */
156 conf->fragm_threshold = -1; /* user driver default: 2346 */
157 conf->send_probe_response = 1;
158 /* Set to invalid value means do not add Power Constraint IE */
159 conf->local_pwr_constraint = -1;
160
161 conf->wmm_ac_params[0] = ac_be;
162 conf->wmm_ac_params[1] = ac_bk;
163 conf->wmm_ac_params[2] = ac_vi;
164 conf->wmm_ac_params[3] = ac_vo;
165
166 conf->tx_queue[0] = txq_vo;
167 conf->tx_queue[1] = txq_vi;
168 conf->tx_queue[2] = txq_be;
169 conf->tx_queue[3] = txq_bk;
170
171 conf->ht_capab = HT_CAP_INFO_SMPS_DISABLED;
172
173 conf->ap_table_max_size = 255;
174 conf->ap_table_expiration_time = 60;
175 conf->track_sta_max_age = 180;
176
177 #ifdef CONFIG_TESTING_OPTIONS
178 conf->ignore_probe_probability = 0.0;
179 conf->ignore_auth_probability = 0.0;
180 conf->ignore_assoc_probability = 0.0;
181 conf->ignore_reassoc_probability = 0.0;
182 conf->corrupt_gtk_rekey_mic_probability = 0.0;
183 conf->ecsa_ie_only = 0;
184 #endif /* CONFIG_TESTING_OPTIONS */
185
186 conf->acs = 0;
187 conf->acs_ch_list.num = 0;
188 #ifdef CONFIG_ACS
189 conf->acs_num_scans = 5;
190 #endif /* CONFIG_ACS */
191
192 return conf;
193 }
194
195
196 int hostapd_mac_comp(const void *a, const void *b)
197 {
198 return os_memcmp(a, b, sizeof(macaddr));
199 }
200
201
202 int hostapd_mac_comp_empty(const void *a)
203 {
204 macaddr empty = { 0 };
205 return os_memcmp(a, empty, sizeof(macaddr));
206 }
207
208
209 static int hostapd_config_read_wpa_psk(const char *fname,
210 struct hostapd_ssid *ssid)
211 {
212 FILE *f;
213 char buf[128], *pos;
214 int line = 0, ret = 0, len, ok;
215 u8 addr[ETH_ALEN];
216 struct hostapd_wpa_psk *psk;
217
218 if (!fname)
219 return 0;
220
221 f = fopen(fname, "r");
222 if (!f) {
223 wpa_printf(MSG_ERROR, "WPA PSK file '%s' not found.", fname);
224 return -1;
225 }
226
227 while (fgets(buf, sizeof(buf), f)) {
228 line++;
229
230 if (buf[0] == '#')
231 continue;
232 pos = buf;
233 while (*pos != '\0') {
234 if (*pos == '\n') {
235 *pos = '\0';
236 break;
237 }
238 pos++;
239 }
240 if (buf[0] == '\0')
241 continue;
242
243 if (hwaddr_aton(buf, addr)) {
244 wpa_printf(MSG_ERROR, "Invalid MAC address '%s' on "
245 "line %d in '%s'", buf, line, fname);
246 ret = -1;
247 break;
248 }
249
250 psk = os_zalloc(sizeof(*psk));
251 if (psk == NULL) {
252 wpa_printf(MSG_ERROR, "WPA PSK allocation failed");
253 ret = -1;
254 break;
255 }
256 if (is_zero_ether_addr(addr))
257 psk->group = 1;
258 else
259 os_memcpy(psk->addr, addr, ETH_ALEN);
260
261 pos = buf + 17;
262 if (*pos == '\0') {
263 wpa_printf(MSG_ERROR, "No PSK on line %d in '%s'",
264 line, fname);
265 os_free(psk);
266 ret = -1;
267 break;
268 }
269 pos++;
270
271 ok = 0;
272 len = os_strlen(pos);
273 if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
274 ok = 1;
275 else if (len >= 8 && len < 64) {
276 pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
277 4096, psk->psk, PMK_LEN);
278 ok = 1;
279 }
280 if (!ok) {
281 wpa_printf(MSG_ERROR, "Invalid PSK '%s' on line %d in "
282 "'%s'", pos, line, fname);
283 os_free(psk);
284 ret = -1;
285 break;
286 }
287
288 psk->next = ssid->wpa_psk;
289 ssid->wpa_psk = psk;
290 }
291
292 fclose(f);
293
294 return ret;
295 }
296
297
298 static int hostapd_derive_psk(struct hostapd_ssid *ssid)
299 {
300 ssid->wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
301 if (ssid->wpa_psk == NULL) {
302 wpa_printf(MSG_ERROR, "Unable to alloc space for PSK");
303 return -1;
304 }
305 wpa_hexdump_ascii(MSG_DEBUG, "SSID",
306 (u8 *) ssid->ssid, ssid->ssid_len);
307 wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)",
308 (u8 *) ssid->wpa_passphrase,
309 os_strlen(ssid->wpa_passphrase));
310 pbkdf2_sha1(ssid->wpa_passphrase,
311 ssid->ssid, ssid->ssid_len,
312 4096, ssid->wpa_psk->psk, PMK_LEN);
313 wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)",
314 ssid->wpa_psk->psk, PMK_LEN);
315 return 0;
316 }
317
318
319 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
320 {
321 struct hostapd_ssid *ssid = &conf->ssid;
322
323 if (ssid->wpa_passphrase != NULL) {
324 if (ssid->wpa_psk != NULL) {
325 wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK "
326 "instead of passphrase");
327 } else {
328 wpa_printf(MSG_DEBUG, "Deriving WPA PSK based on "
329 "passphrase");
330 if (hostapd_derive_psk(ssid) < 0)
331 return -1;
332 }
333 ssid->wpa_psk->group = 1;
334 }
335
336 if (ssid->wpa_psk_file) {
337 if (hostapd_config_read_wpa_psk(ssid->wpa_psk_file,
338 &conf->ssid))
339 return -1;
340 }
341
342 return 0;
343 }
344
345
346 static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
347 int num_servers)
348 {
349 int i;
350
351 for (i = 0; i < num_servers; i++) {
352 os_free(servers[i].shared_secret);
353 }
354 os_free(servers);
355 }
356
357
358 struct hostapd_radius_attr *
359 hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type)
360 {
361 for (; attr; attr = attr->next) {
362 if (attr->type == type)
363 return attr;
364 }
365 return NULL;
366 }
367
368
369 static void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr)
370 {
371 struct hostapd_radius_attr *prev;
372
373 while (attr) {
374 prev = attr;
375 attr = attr->next;
376 wpabuf_free(prev->val);
377 os_free(prev);
378 }
379 }
380
381
382 void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
383 {
384 hostapd_config_free_radius_attr(user->accept_attr);
385 os_free(user->identity);
386 bin_clear_free(user->password, user->password_len);
387 os_free(user);
388 }
389
390
391 static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
392 {
393 int i;
394 for (i = 0; i < NUM_WEP_KEYS; i++) {
395 bin_clear_free(keys->key[i], keys->len[i]);
396 keys->key[i] = NULL;
397 }
398 }
399
400
401 void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **l)
402 {
403 struct hostapd_wpa_psk *psk, *tmp;
404
405 for (psk = *l; psk;) {
406 tmp = psk;
407 psk = psk->next;
408 bin_clear_free(tmp, sizeof(*tmp));
409 }
410 *l = NULL;
411 }
412
413
414 void hostapd_config_free_bss(struct hostapd_bss_config *conf)
415 {
416 struct hostapd_eap_user *user, *prev_user;
417
418 if (conf == NULL)
419 return;
420
421 hostapd_config_clear_wpa_psk(&conf->ssid.wpa_psk);
422
423 str_clear_free(conf->ssid.wpa_passphrase);
424 os_free(conf->ssid.wpa_psk_file);
425 hostapd_config_free_wep(&conf->ssid.wep);
426 #ifdef CONFIG_FULL_DYNAMIC_VLAN
427 os_free(conf->ssid.vlan_tagged_interface);
428 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
429
430 user = conf->eap_user;
431 while (user) {
432 prev_user = user;
433 user = user->next;
434 hostapd_config_free_eap_user(prev_user);
435 }
436 os_free(conf->eap_user_sqlite);
437
438 os_free(conf->eap_req_id_text);
439 os_free(conf->erp_domain);
440 os_free(conf->accept_mac);
441 os_free(conf->deny_mac);
442 os_free(conf->nas_identifier);
443 if (conf->radius) {
444 hostapd_config_free_radius(conf->radius->auth_servers,
445 conf->radius->num_auth_servers);
446 hostapd_config_free_radius(conf->radius->acct_servers,
447 conf->radius->num_acct_servers);
448 }
449 hostapd_config_free_radius_attr(conf->radius_auth_req_attr);
450 hostapd_config_free_radius_attr(conf->radius_acct_req_attr);
451 os_free(conf->rsn_preauth_interfaces);
452 os_free(conf->ctrl_interface);
453 os_free(conf->ca_cert);
454 os_free(conf->server_cert);
455 os_free(conf->private_key);
456 os_free(conf->private_key_passwd);
457 os_free(conf->ocsp_stapling_response);
458 os_free(conf->dh_file);
459 os_free(conf->openssl_ciphers);
460 os_free(conf->pac_opaque_encr_key);
461 os_free(conf->eap_fast_a_id);
462 os_free(conf->eap_fast_a_id_info);
463 os_free(conf->eap_sim_db);
464 os_free(conf->radius_server_clients);
465 os_free(conf->radius);
466 os_free(conf->radius_das_shared_secret);
467 hostapd_config_free_vlan(conf);
468 os_free(conf->time_zone);
469
470 #ifdef CONFIG_IEEE80211R
471 {
472 struct ft_remote_r0kh *r0kh, *r0kh_prev;
473 struct ft_remote_r1kh *r1kh, *r1kh_prev;
474
475 r0kh = conf->r0kh_list;
476 conf->r0kh_list = NULL;
477 while (r0kh) {
478 r0kh_prev = r0kh;
479 r0kh = r0kh->next;
480 os_free(r0kh_prev);
481 }
482
483 r1kh = conf->r1kh_list;
484 conf->r1kh_list = NULL;
485 while (r1kh) {
486 r1kh_prev = r1kh;
487 r1kh = r1kh->next;
488 os_free(r1kh_prev);
489 }
490 }
491 #endif /* CONFIG_IEEE80211R */
492
493 #ifdef CONFIG_WPS
494 os_free(conf->wps_pin_requests);
495 os_free(conf->device_name);
496 os_free(conf->manufacturer);
497 os_free(conf->model_name);
498 os_free(conf->model_number);
499 os_free(conf->serial_number);
500 os_free(conf->config_methods);
501 os_free(conf->ap_pin);
502 os_free(conf->extra_cred);
503 os_free(conf->ap_settings);
504 os_free(conf->upnp_iface);
505 os_free(conf->friendly_name);
506 os_free(conf->manufacturer_url);
507 os_free(conf->model_description);
508 os_free(conf->model_url);
509 os_free(conf->upc);
510 {
511 unsigned int i;
512
513 for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++)
514 wpabuf_free(conf->wps_vendor_ext[i]);
515 }
516 wpabuf_free(conf->wps_nfc_dh_pubkey);
517 wpabuf_free(conf->wps_nfc_dh_privkey);
518 wpabuf_free(conf->wps_nfc_dev_pw);
519 #endif /* CONFIG_WPS */
520
521 os_free(conf->roaming_consortium);
522 os_free(conf->venue_name);
523 os_free(conf->nai_realm_data);
524 os_free(conf->network_auth_type);
525 os_free(conf->anqp_3gpp_cell_net);
526 os_free(conf->domain_name);
527
528 #ifdef CONFIG_RADIUS_TEST
529 os_free(conf->dump_msk_file);
530 #endif /* CONFIG_RADIUS_TEST */
531
532 #ifdef CONFIG_HS20
533 os_free(conf->hs20_oper_friendly_name);
534 os_free(conf->hs20_wan_metrics);
535 os_free(conf->hs20_connection_capability);
536 os_free(conf->hs20_operating_class);
537 os_free(conf->hs20_icons);
538 if (conf->hs20_osu_providers) {
539 size_t i;
540 for (i = 0; i < conf->hs20_osu_providers_count; i++) {
541 struct hs20_osu_provider *p;
542 size_t j;
543 p = &conf->hs20_osu_providers[i];
544 os_free(p->friendly_name);
545 os_free(p->server_uri);
546 os_free(p->method_list);
547 for (j = 0; j < p->icons_count; j++)
548 os_free(p->icons[j]);
549 os_free(p->icons);
550 os_free(p->osu_nai);
551 os_free(p->service_desc);
552 }
553 os_free(conf->hs20_osu_providers);
554 }
555 os_free(conf->subscr_remediation_url);
556 #endif /* CONFIG_HS20 */
557
558 wpabuf_free(conf->vendor_elements);
559
560 os_free(conf->sae_groups);
561
562 os_free(conf->wowlan_triggers);
563
564 os_free(conf->server_id);
565
566 #ifdef CONFIG_TESTING_OPTIONS
567 wpabuf_free(conf->own_ie_override);
568 #endif /* CONFIG_TESTING_OPTIONS */
569
570 os_free(conf->no_probe_resp_if_seen_on);
571 os_free(conf->no_auth_if_seen_on);
572
573 os_free(conf);
574 }
575
576
577 /**
578 * hostapd_config_free - Free hostapd configuration
579 * @conf: Configuration data from hostapd_config_read().
580 */
581 void hostapd_config_free(struct hostapd_config *conf)
582 {
583 size_t i;
584
585 if (conf == NULL)
586 return;
587
588 for (i = 0; i < conf->num_bss; i++)
589 hostapd_config_free_bss(conf->bss[i]);
590 os_free(conf->bss);
591 os_free(conf->supported_rates);
592 os_free(conf->basic_rates);
593 os_free(conf->acs_ch_list.range);
594 os_free(conf->driver_params);
595 #ifdef CONFIG_ACS
596 os_free(conf->acs_chan_bias);
597 #endif /* CONFIG_ACS */
598
599 os_free(conf);
600 }
601
602
603 /**
604 * hostapd_maclist_found - Find a MAC address from a list
605 * @list: MAC address list
606 * @num_entries: Number of addresses in the list
607 * @addr: Address to search for
608 * @vlan_id: Buffer for returning VLAN ID or %NULL if not needed
609 * Returns: 1 if address is in the list or 0 if not.
610 *
611 * Perform a binary search for given MAC address from a pre-sorted list.
612 */
613 int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
614 const u8 *addr, int *vlan_id)
615 {
616 int start, end, middle, res;
617
618 start = 0;
619 end = num_entries - 1;
620
621 while (start <= end) {
622 middle = (start + end) / 2;
623 res = os_memcmp(list[middle].addr, addr, ETH_ALEN);
624 if (res == 0) {
625 if (vlan_id)
626 *vlan_id = list[middle].vlan_id;
627 return 1;
628 }
629 if (res < 0)
630 start = middle + 1;
631 else
632 end = middle - 1;
633 }
634
635 return 0;
636 }
637
638
639 int hostapd_rate_found(int *list, int rate)
640 {
641 int i;
642
643 if (list == NULL)
644 return 0;
645
646 for (i = 0; list[i] >= 0; i++)
647 if (list[i] == rate)
648 return 1;
649
650 return 0;
651 }
652
653
654 int hostapd_vlan_id_valid(struct hostapd_vlan *vlan, int vlan_id)
655 {
656 struct hostapd_vlan *v = vlan;
657 while (v) {
658 if (v->vlan_id == vlan_id || v->vlan_id == VLAN_ID_WILDCARD)
659 return 1;
660 v = v->next;
661 }
662 return 0;
663 }
664
665
666 const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
667 {
668 struct hostapd_vlan *v = vlan;
669 while (v) {
670 if (v->vlan_id == vlan_id)
671 return v->ifname;
672 v = v->next;
673 }
674 return NULL;
675 }
676
677
678 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
679 const u8 *addr, const u8 *p2p_dev_addr,
680 const u8 *prev_psk)
681 {
682 struct hostapd_wpa_psk *psk;
683 int next_ok = prev_psk == NULL;
684
685 if (p2p_dev_addr && !is_zero_ether_addr(p2p_dev_addr)) {
686 wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
687 " p2p_dev_addr=" MACSTR " prev_psk=%p",
688 MAC2STR(addr), MAC2STR(p2p_dev_addr), prev_psk);
689 addr = NULL; /* Use P2P Device Address for matching */
690 } else {
691 wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
692 " prev_psk=%p",
693 MAC2STR(addr), prev_psk);
694 }
695
696 for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
697 if (next_ok &&
698 (psk->group ||
699 (addr && os_memcmp(psk->addr, addr, ETH_ALEN) == 0) ||
700 (!addr && p2p_dev_addr &&
701 os_memcmp(psk->p2p_dev_addr, p2p_dev_addr, ETH_ALEN) ==
702 0)))
703 return psk->psk;
704
705 if (psk->psk == prev_psk)
706 next_ok = 1;
707 }
708
709 return NULL;
710 }
711
712
713 static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
714 struct hostapd_config *conf,
715 int full_config)
716 {
717 if (full_config && bss->ieee802_1x && !bss->eap_server &&
718 !bss->radius->auth_servers) {
719 wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no "
720 "EAP authenticator configured).");
721 return -1;
722 }
723
724 if (bss->wpa) {
725 int wep, i;
726
727 wep = bss->default_wep_key_len > 0 ||
728 bss->individual_wep_key_len > 0;
729 for (i = 0; i < NUM_WEP_KEYS; i++) {
730 if (bss->ssid.wep.keys_set) {
731 wep = 1;
732 break;
733 }
734 }
735
736 if (wep) {
737 wpa_printf(MSG_ERROR, "WEP configuration in a WPA network is not supported");
738 return -1;
739 }
740 }
741
742 if (full_config && bss->wpa &&
743 bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
744 bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
745 wpa_printf(MSG_ERROR, "WPA-PSK using RADIUS enabled, but no "
746 "RADIUS checking (macaddr_acl=2) enabled.");
747 return -1;
748 }
749
750 if (full_config && bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
751 bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
752 bss->ssid.wpa_psk_file == NULL &&
753 (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED ||
754 bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) {
755 wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase "
756 "is not configured.");
757 return -1;
758 }
759
760 if (full_config && hostapd_mac_comp_empty(bss->bssid) != 0) {
761 size_t i;
762
763 for (i = 0; i < conf->num_bss; i++) {
764 if (conf->bss[i] != bss &&
765 (hostapd_mac_comp(conf->bss[i]->bssid,
766 bss->bssid) == 0)) {
767 wpa_printf(MSG_ERROR, "Duplicate BSSID " MACSTR
768 " on interface '%s' and '%s'.",
769 MAC2STR(bss->bssid),
770 conf->bss[i]->iface, bss->iface);
771 return -1;
772 }
773 }
774 }
775
776 #ifdef CONFIG_IEEE80211R
777 if (full_config && wpa_key_mgmt_ft(bss->wpa_key_mgmt) &&
778 (bss->nas_identifier == NULL ||
779 os_strlen(bss->nas_identifier) < 1 ||
780 os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) {
781 wpa_printf(MSG_ERROR, "FT (IEEE 802.11r) requires "
782 "nas_identifier to be configured as a 1..48 octet "
783 "string");
784 return -1;
785 }
786 #endif /* CONFIG_IEEE80211R */
787
788 #ifdef CONFIG_IEEE80211N
789 if (full_config && conf->ieee80211n &&
790 conf->hw_mode == HOSTAPD_MODE_IEEE80211B) {
791 bss->disable_11n = 1;
792 wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) in 11b mode is not "
793 "allowed, disabling HT capabilities");
794 }
795
796 if (full_config && conf->ieee80211n &&
797 bss->ssid.security_policy == SECURITY_STATIC_WEP) {
798 bss->disable_11n = 1;
799 wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not "
800 "allowed, disabling HT capabilities");
801 }
802
803 if (full_config && conf->ieee80211n && bss->wpa &&
804 !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
805 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
806 WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
807 {
808 bss->disable_11n = 1;
809 wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 "
810 "requires CCMP/GCMP to be enabled, disabling HT "
811 "capabilities");
812 }
813 #endif /* CONFIG_IEEE80211N */
814
815 #ifdef CONFIG_WPS
816 if (full_config && bss->wps_state && bss->ignore_broadcast_ssid) {
817 wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid "
818 "configuration forced WPS to be disabled");
819 bss->wps_state = 0;
820 }
821
822 if (full_config && bss->wps_state &&
823 bss->ssid.wep.keys_set && bss->wpa == 0) {
824 wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be "
825 "disabled");
826 bss->wps_state = 0;
827 }
828
829 if (full_config && bss->wps_state && bss->wpa &&
830 (!(bss->wpa & 2) ||
831 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)))) {
832 wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without "
833 "WPA2/CCMP/GCMP forced WPS to be disabled");
834 bss->wps_state = 0;
835 }
836 #endif /* CONFIG_WPS */
837
838 #ifdef CONFIG_HS20
839 if (full_config && bss->hs20 &&
840 (!(bss->wpa & 2) ||
841 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
842 WPA_CIPHER_CCMP_256 |
843 WPA_CIPHER_GCMP_256)))) {
844 wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP "
845 "configuration is required for Hotspot 2.0 "
846 "functionality");
847 return -1;
848 }
849 #endif /* CONFIG_HS20 */
850
851 return 0;
852 }
853
854
855 static int hostapd_config_check_cw(struct hostapd_config *conf, int queue)
856 {
857 int tx_cwmin = conf->tx_queue[queue].cwmin;
858 int tx_cwmax = conf->tx_queue[queue].cwmax;
859 int ac_cwmin = conf->wmm_ac_params[queue].cwmin;
860 int ac_cwmax = conf->wmm_ac_params[queue].cwmax;
861
862 if (tx_cwmin > tx_cwmax) {
863 wpa_printf(MSG_ERROR,
864 "Invalid TX queue cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
865 tx_cwmin, tx_cwmax);
866 return -1;
867 }
868 if (ac_cwmin > ac_cwmax) {
869 wpa_printf(MSG_ERROR,
870 "Invalid WMM AC cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
871 ac_cwmin, ac_cwmax);
872 return -1;
873 }
874 return 0;
875 }
876
877
878 int hostapd_config_check(struct hostapd_config *conf, int full_config)
879 {
880 size_t i;
881
882 if (full_config && conf->ieee80211d &&
883 (!conf->country[0] || !conf->country[1])) {
884 wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11d without "
885 "setting the country_code");
886 return -1;
887 }
888
889 if (full_config && conf->ieee80211h && !conf->ieee80211d) {
890 wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11h without "
891 "IEEE 802.11d enabled");
892 return -1;
893 }
894
895 if (full_config && conf->local_pwr_constraint != -1 &&
896 !conf->ieee80211d) {
897 wpa_printf(MSG_ERROR, "Cannot add Power Constraint element without Country element");
898 return -1;
899 }
900
901 if (full_config && conf->spectrum_mgmt_required &&
902 conf->local_pwr_constraint == -1) {
903 wpa_printf(MSG_ERROR, "Cannot set Spectrum Management bit without Country and Power Constraint elements");
904 return -1;
905 }
906
907 for (i = 0; i < NUM_TX_QUEUES; i++) {
908 if (hostapd_config_check_cw(conf, i))
909 return -1;
910 }
911
912 for (i = 0; i < conf->num_bss; i++) {
913 if (hostapd_config_check_bss(conf->bss[i], conf, full_config))
914 return -1;
915 }
916
917 return 0;
918 }
919
920
921 void hostapd_set_security_params(struct hostapd_bss_config *bss,
922 int full_config)
923 {
924 if (bss->individual_wep_key_len == 0) {
925 /* individual keys are not use; can use key idx0 for
926 * broadcast keys */
927 bss->broadcast_key_idx_min = 0;
928 }
929
930 if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
931 bss->rsn_pairwise = bss->wpa_pairwise;
932 bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise,
933 bss->rsn_pairwise);
934
935 if (full_config) {
936 bss->radius->auth_server = bss->radius->auth_servers;
937 bss->radius->acct_server = bss->radius->acct_servers;
938 }
939
940 if (bss->wpa && bss->ieee802_1x) {
941 bss->ssid.security_policy = SECURITY_WPA;
942 } else if (bss->wpa) {
943 bss->ssid.security_policy = SECURITY_WPA_PSK;
944 } else if (bss->ieee802_1x) {
945 int cipher = WPA_CIPHER_NONE;
946 bss->ssid.security_policy = SECURITY_IEEE_802_1X;
947 bss->ssid.wep.default_len = bss->default_wep_key_len;
948 if (full_config && bss->default_wep_key_len) {
949 cipher = bss->default_wep_key_len >= 13 ?
950 WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
951 } else if (full_config && bss->ssid.wep.keys_set) {
952 if (bss->ssid.wep.len[0] >= 13)
953 cipher = WPA_CIPHER_WEP104;
954 else
955 cipher = WPA_CIPHER_WEP40;
956 }
957 bss->wpa_group = cipher;
958 bss->wpa_pairwise = cipher;
959 bss->rsn_pairwise = cipher;
960 if (full_config)
961 bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
962 } else if (bss->ssid.wep.keys_set) {
963 int cipher = WPA_CIPHER_WEP40;
964 if (bss->ssid.wep.len[0] >= 13)
965 cipher = WPA_CIPHER_WEP104;
966 bss->ssid.security_policy = SECURITY_STATIC_WEP;
967 bss->wpa_group = cipher;
968 bss->wpa_pairwise = cipher;
969 bss->rsn_pairwise = cipher;
970 if (full_config)
971 bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
972 } else if (bss->osen) {
973 bss->ssid.security_policy = SECURITY_OSEN;
974 bss->wpa_group = WPA_CIPHER_CCMP;
975 bss->wpa_pairwise = 0;
976 bss->rsn_pairwise = WPA_CIPHER_CCMP;
977 } else {
978 bss->ssid.security_policy = SECURITY_PLAINTEXT;
979 if (full_config) {
980 bss->wpa_group = WPA_CIPHER_NONE;
981 bss->wpa_pairwise = WPA_CIPHER_NONE;
982 bss->rsn_pairwise = WPA_CIPHER_NONE;
983 bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
984 }
985 }
986 }
Unnamed repository; edit this file 'description' to name the repository.