Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / fdcde7668253a224034e161446c318b36ee76839 / . / src / ap / ap_config.c
blob: 5bf4502b004fc8ef7c30c8072e3ecbf8bc752d56 [file] [log] [blame]
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1/*
2 * hostapd / Configuration helper functions
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]3 * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi>
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]4 *
Dmitry Shmidtc5ec7f52012-03-06 16:33:24 -0800[diff] [blame]5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]7 */
8
9#include "utils/includes.h"
10
11#include "utils/common.h"
12#include "crypto/sha1.h"
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]13#include "crypto/tls.h"
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]14#include "radius/radius_client.h"
15#include "common/ieee802_11_defs.h"
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]16#include "common/ieee802_1x_defs.h"
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]17#include "common/eapol_common.h"
Dmitry Shmidtebd93af2017-02-21 13:40:44 -0800[diff] [blame]18#include "common/dhcp.h"
Hai Shalomc3565922019-10-28 11:58:20 -0700[diff] [blame]19#include "common/sae.h"
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]20#include "eap_common/eap_wsc_common.h"
21#include "eap_server/eap.h"
22#include "wpa_auth.h"
23#include "sta_info.h"
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]24#include "airtime_policy.h"
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]25#include "ap_config.h"
26
27
28static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)
29{
30 struct hostapd_vlan *vlan, *prev;
31
32 vlan = bss->vlan;
33 prev = NULL;
34 while (vlan) {
35 prev = vlan;
36 vlan = vlan->next;
37 os_free(prev);
38 }
39
40 bss->vlan = NULL;
41}
42
43
Dmitry Shmidtd2986c22017-10-23 14:22:09 -0700[diff] [blame]44#ifndef DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES
45#define DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES 0
46#endif /* DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES */
47
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]48void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
49{
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]50 dl_list_init(&bss->anqp_elem);
51
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]52 bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;
53 bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;
54 bss->logger_syslog = (unsigned int) -1;
55 bss->logger_stdout = (unsigned int) -1;
56
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]57#ifdef CONFIG_WEP
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]58 bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;
59
60 bss->wep_rekeying_period = 300;
61 /* use key0 in individual key and key1 in broadcast key */
62 bss->broadcast_key_idx_min = 1;
63 bss->broadcast_key_idx_max = 2;
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]64#else /* CONFIG_WEP */
65 bss->auth_algs = WPA_AUTH_ALG_OPEN;
66#endif /* CONFIG_WEP */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]67 bss->eap_reauth_period = 3600;
68
69 bss->wpa_group_rekey = 600;
70 bss->wpa_gmk_rekey = 86400;
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]71 bss->wpa_deny_ptk0_rekey = PTK0_REKEY_ALLOW_ALWAYS;
Dmitry Shmidtebd93af2017-02-21 13:40:44 -0800[diff] [blame]72 bss->wpa_group_update_count = 4;
73 bss->wpa_pairwise_update_count = 4;
Dmitry Shmidtd2986c22017-10-23 14:22:09 -0700[diff] [blame]74 bss->wpa_disable_eapol_key_retries =
75 DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]76 bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
77 bss->wpa_pairwise = WPA_CIPHER_TKIP;
78 bss->wpa_group = WPA_CIPHER_TKIP;
79 bss->rsn_pairwise = 0;
80
81 bss->max_num_sta = MAX_STA_COUNT;
82
83 bss->dtim_period = 2;
84
85 bss->radius_server_auth_port = 1812;
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]86 bss->eap_sim_db_timeout = 1;
Hai Shalomc3565922019-10-28 11:58:20 -0700[diff] [blame]87 bss->eap_sim_id = 3;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]88 bss->ap_max_inactivity = AP_MAX_INACTIVITY;
89 bss->eapol_version = EAPOL_VERSION;
90
91 bss->max_listen_interval = 65535;
92
93 bss->pwd_group = 19; /* ECC: GF(p=256) */
94
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]95 bss->assoc_sa_query_max_timeout = 1000;
96 bss->assoc_sa_query_retry_timeout = 201;
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]97 bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]98#ifdef EAP_SERVER_FAST
99 /* both anonymous and authenticated provisioning */
100 bss->eap_fast_prov = 3;
101 bss->pac_key_lifetime = 7 * 24 * 60 * 60;
102 bss->pac_key_refresh_time = 1 * 24 * 60 * 60;
103#endif /* EAP_SERVER_FAST */
104
105 /* Set to -1 as defaults depends on HT in setup */
106 bss->wmm_enabled = -1;
107
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame]108#ifdef CONFIG_IEEE80211R_AP
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]109 bss->ft_over_ds = 1;
Dmitry Shmidtd2986c22017-10-23 14:22:09 -0700[diff] [blame]110 bss->rkh_pos_timeout = 86400;
111 bss->rkh_neg_timeout = 60;
112 bss->rkh_pull_timeout = 1000;
113 bss->rkh_pull_retries = 4;
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]114 bss->r0_key_lifetime = 1209600;
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame]115#endif /* CONFIG_IEEE80211R_AP */
Dmitry Shmidt04949592012-07-19 12:16:46 -0700[diff] [blame]116
117 bss->radius_das_time_window = 300;
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]118
119 bss->sae_anti_clogging_threshold = 5;
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]120 bss->sae_sync = 5;
Dmitry Shmidt29333592017-01-09 12:27:11 -0800[diff] [blame]121
122 bss->gas_frag_limit = 1400;
123
124#ifdef CONFIG_FILS
125 dl_list_init(&bss->fils_realms);
Dmitry Shmidtebd93af2017-02-21 13:40:44 -0800[diff] [blame]126 bss->fils_hlp_wait_time = 30;
127 bss->dhcp_server_port = DHCP_SERVER_PORT;
128 bss->dhcp_relay_port = DHCP_SERVER_PORT;
Dmitry Shmidt29333592017-01-09 12:27:11 -0800[diff] [blame]129#endif /* CONFIG_FILS */
Dmitry Shmidtd2986c22017-10-23 14:22:09 -0700[diff] [blame]130
131 bss->broadcast_deauth = 1;
132
133#ifdef CONFIG_MBO
134 bss->mbo_cell_data_conn_pref = -1;
135#endif /* CONFIG_MBO */
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]136
137 /* Disable TLS v1.3 by default for now to avoid interoperability issue.
138 * This can be enabled by default once the implementation has been fully
139 * completed and tested with other implementations. */
140 bss->tls_flags = TLS_CONN_DISABLE_TLSv1_3;
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]141
Hai Shalomc3565922019-10-28 11:58:20 -0700[diff] [blame]142 bss->max_auth_rounds = 100;
143 bss->max_auth_rounds_short = 50;
144
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]145 bss->send_probe_response = 1;
146
147#ifdef CONFIG_HS20
148 bss->hs20_release = (HS20_VERSION >> 4) + 1;
149#endif /* CONFIG_HS20 */
150
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]151#ifdef CONFIG_MACSEC
152 bss->mka_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
153 bss->macsec_port = 1;
154#endif /* CONFIG_MACSEC */
155
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]156 /* Default to strict CRL checking. */
157 bss->check_crl_strict = 1;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]158}
159
160
161struct hostapd_config * hostapd_config_defaults(void)
162{
163#define ecw2cw(ecw) ((1 << (ecw)) - 1)
164
165 struct hostapd_config *conf;
166 struct hostapd_bss_config *bss;
167 const int aCWmin = 4, aCWmax = 10;
168 const struct hostapd_wmm_ac_params ac_bk =
169 { aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
170 const struct hostapd_wmm_ac_params ac_be =
171 { aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
172 const struct hostapd_wmm_ac_params ac_vi = /* video traffic */
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]173 { aCWmin - 1, aCWmin, 2, 3008 / 32, 0 };
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]174 const struct hostapd_wmm_ac_params ac_vo = /* voice traffic */
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]175 { aCWmin - 2, aCWmin - 1, 2, 1504 / 32, 0 };
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]176 const struct hostapd_tx_queue_params txq_bk =
177 { 7, ecw2cw(aCWmin), ecw2cw(aCWmax), 0 };
178 const struct hostapd_tx_queue_params txq_be =
179 { 3, ecw2cw(aCWmin), 4 * (ecw2cw(aCWmin) + 1) - 1, 0};
180 const struct hostapd_tx_queue_params txq_vi =
181 { 1, (ecw2cw(aCWmin) + 1) / 2 - 1, ecw2cw(aCWmin), 30};
182 const struct hostapd_tx_queue_params txq_vo =
183 { 1, (ecw2cw(aCWmin) + 1) / 4 - 1,
184 (ecw2cw(aCWmin) + 1) / 2 - 1, 15};
185
186#undef ecw2cw
187
188 conf = os_zalloc(sizeof(*conf));
189 bss = os_zalloc(sizeof(*bss));
190 if (conf == NULL || bss == NULL) {
191 wpa_printf(MSG_ERROR, "Failed to allocate memory for "
192 "configuration data.");
193 os_free(conf);
194 os_free(bss);
195 return NULL;
196 }
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]197 conf->bss = os_calloc(1, sizeof(struct hostapd_bss_config *));
198 if (conf->bss == NULL) {
199 os_free(conf);
200 os_free(bss);
201 return NULL;
202 }
203 conf->bss[0] = bss;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]204
205 bss->radius = os_zalloc(sizeof(*bss->radius));
206 if (bss->radius == NULL) {
Dmitry Shmidt97672262014-02-03 13:02:54 -0800[diff] [blame]207 os_free(conf->bss);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]208 os_free(conf);
209 os_free(bss);
210 return NULL;
211 }
212
213 hostapd_config_defaults_bss(bss);
214
215 conf->num_bss = 1;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]216
217 conf->beacon_int = 100;
Hai Shalom021b0b52019-04-10 11:17:58 -0700[diff] [blame]218 conf->rts_threshold = -2; /* use driver default: 2347 */
219 conf->fragm_threshold = -2; /* user driver default: 2346 */
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]220 /* Set to invalid value means do not add Power Constraint IE */
221 conf->local_pwr_constraint = -1;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]222
223 conf->wmm_ac_params[0] = ac_be;
224 conf->wmm_ac_params[1] = ac_bk;
225 conf->wmm_ac_params[2] = ac_vi;
226 conf->wmm_ac_params[3] = ac_vo;
227
228 conf->tx_queue[0] = txq_vo;
229 conf->tx_queue[1] = txq_vi;
230 conf->tx_queue[2] = txq_be;
231 conf->tx_queue[3] = txq_bk;
232
233 conf->ht_capab = HT_CAP_INFO_SMPS_DISABLED;
234
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]235 conf->ap_table_max_size = 255;
236 conf->ap_table_expiration_time = 60;
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]237 conf->track_sta_max_age = 180;
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]238
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]239#ifdef CONFIG_TESTING_OPTIONS
Dmitry Shmidt7832adb2014-04-29 10:53:02 -0700[diff] [blame]240 conf->ignore_probe_probability = 0.0;
241 conf->ignore_auth_probability = 0.0;
242 conf->ignore_assoc_probability = 0.0;
243 conf->ignore_reassoc_probability = 0.0;
244 conf->corrupt_gtk_rekey_mic_probability = 0.0;
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]245 conf->ecsa_ie_only = 0;
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]246#endif /* CONFIG_TESTING_OPTIONS */
247
Dmitry Shmidtdda10c22015-03-24 16:05:01 -0700[diff] [blame]248 conf->acs = 0;
249 conf->acs_ch_list.num = 0;
Dmitry Shmidt391c59f2013-09-03 12:16:28 -0700[diff] [blame]250#ifdef CONFIG_ACS
251 conf->acs_num_scans = 5;
252#endif /* CONFIG_ACS */
253
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]254#ifdef CONFIG_IEEE80211AX
255 conf->he_op.he_rts_threshold = HE_OPERATION_RTS_THRESHOLD_MASK >>
256 HE_OPERATION_RTS_THRESHOLD_OFFSET;
257 /* Set default basic MCS/NSS set to single stream MCS 0-7 */
258 conf->he_op.he_basic_mcs_nss_set = 0xfffc;
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]259 conf->he_op.he_bss_color_disabled = 1;
260 conf->he_op.he_bss_color_partial = 0;
261 conf->he_op.he_bss_color = 1;
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]262#endif /* CONFIG_IEEE80211AX */
263
Dmitry Shmidtd2986c22017-10-23 14:22:09 -0700[diff] [blame]264 /* The third octet of the country string uses an ASCII space character
265 * by default to indicate that the regulations encompass all
266 * environments for the current frequency band in the country. */
267 conf->country[2] = ' ';
268
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]269 conf->rssi_reject_assoc_rssi = 0;
270 conf->rssi_reject_assoc_timeout = 30;
271
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]272#ifdef CONFIG_AIRTIME_POLICY
273 conf->airtime_update_interval = AIRTIME_DEFAULT_UPDATE_INTERVAL;
274#endif /* CONFIG_AIRTIME_POLICY */
275
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]276 return conf;
277}
278
279
280int hostapd_mac_comp(const void *a, const void *b)
281{
282 return os_memcmp(a, b, sizeof(macaddr));
283}
284
285
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]286static int hostapd_config_read_wpa_psk(const char *fname,
287 struct hostapd_ssid *ssid)
288{
289 FILE *f;
290 char buf[128], *pos;
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]291 const char *keyid;
292 char *context;
293 char *context2;
294 char *token;
295 char *name;
296 char *value;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]297 int line = 0, ret = 0, len, ok;
298 u8 addr[ETH_ALEN];
299 struct hostapd_wpa_psk *psk;
300
301 if (!fname)
302 return 0;
303
304 f = fopen(fname, "r");
305 if (!f) {
306 wpa_printf(MSG_ERROR, "WPA PSK file '%s' not found.", fname);
307 return -1;
308 }
309
310 while (fgets(buf, sizeof(buf), f)) {
Hai Shalom021b0b52019-04-10 11:17:58 -0700[diff] [blame]311 int vlan_id = 0;
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]312 int wps = 0;
Hai Shalom021b0b52019-04-10 11:17:58 -0700[diff] [blame]313
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]314 line++;
315
316 if (buf[0] == '#')
317 continue;
318 pos = buf;
319 while (*pos != '\0') {
320 if (*pos == '\n') {
321 *pos = '\0';
322 break;
323 }
324 pos++;
325 }
326 if (buf[0] == '\0')
327 continue;
328
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]329 context = NULL;
330 keyid = NULL;
331 while ((token = str_token(buf, " ", &context))) {
332 if (!os_strchr(token, '='))
333 break;
334 context2 = NULL;
335 name = str_token(token, "=", &context2);
Hai Shalom021b0b52019-04-10 11:17:58 -0700[diff] [blame]336 if (!name)
337 break;
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]338 value = str_token(token, "", &context2);
339 if (!value)
340 value = "";
341 if (!os_strcmp(name, "keyid")) {
342 keyid = value;
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]343 } else if (!os_strcmp(name, "wps")) {
344 wps = atoi(value);
Hai Shalom021b0b52019-04-10 11:17:58 -0700[diff] [blame]345 } else if (!os_strcmp(name, "vlanid")) {
346 vlan_id = atoi(value);
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]347 } else {
348 wpa_printf(MSG_ERROR,
349 "Unrecognized '%s=%s' on line %d in '%s'",
350 name, value, line, fname);
351 ret = -1;
352 break;
353 }
354 }
355
356 if (ret == -1)
357 break;
358
359 if (!token)
360 token = "";
361 if (hwaddr_aton(token, addr)) {
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]362 wpa_printf(MSG_ERROR,
363 "Invalid MAC address '%s' on line %d in '%s'",
364 token, line, fname);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]365 ret = -1;
366 break;
367 }
368
369 psk = os_zalloc(sizeof(*psk));
370 if (psk == NULL) {
371 wpa_printf(MSG_ERROR, "WPA PSK allocation failed");
372 ret = -1;
373 break;
374 }
Hai Shalom021b0b52019-04-10 11:17:58 -0700[diff] [blame]375 psk->vlan_id = vlan_id;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]376 if (is_zero_ether_addr(addr))
377 psk->group = 1;
378 else
379 os_memcpy(psk->addr, addr, ETH_ALEN);
380
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]381 pos = str_token(buf, "", &context);
382 if (!pos) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]383 wpa_printf(MSG_ERROR, "No PSK on line %d in '%s'",
384 line, fname);
385 os_free(psk);
386 ret = -1;
387 break;
388 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]389
390 ok = 0;
391 len = os_strlen(pos);
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]392 if (len == 2 * PMK_LEN &&
393 hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]394 ok = 1;
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]395 else if (len >= 8 && len < 64 &&
396 pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
397 4096, psk->psk, PMK_LEN) == 0)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]398 ok = 1;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]399 if (!ok) {
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]400 wpa_printf(MSG_ERROR,
401 "Invalid PSK '%s' on line %d in '%s'",
402 pos, line, fname);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]403 os_free(psk);
404 ret = -1;
405 break;
406 }
407
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]408 if (keyid) {
409 len = os_strlcpy(psk->keyid, keyid, sizeof(psk->keyid));
410 if ((size_t) len >= sizeof(psk->keyid)) {
411 wpa_printf(MSG_ERROR,
412 "PSK keyid too long on line %d in '%s'",
413 line, fname);
414 os_free(psk);
415 ret = -1;
416 break;
417 }
418 }
419
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]420 psk->wps = wps;
421
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]422 psk->next = ssid->wpa_psk;
423 ssid->wpa_psk = psk;
424 }
425
426 fclose(f);
427
428 return ret;
429}
430
431
432static int hostapd_derive_psk(struct hostapd_ssid *ssid)
433{
434 ssid->wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
435 if (ssid->wpa_psk == NULL) {
436 wpa_printf(MSG_ERROR, "Unable to alloc space for PSK");
437 return -1;
438 }
439 wpa_hexdump_ascii(MSG_DEBUG, "SSID",
440 (u8 *) ssid->ssid, ssid->ssid_len);
441 wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)",
442 (u8 *) ssid->wpa_passphrase,
443 os_strlen(ssid->wpa_passphrase));
444 pbkdf2_sha1(ssid->wpa_passphrase,
445 ssid->ssid, ssid->ssid_len,
446 4096, ssid->wpa_psk->psk, PMK_LEN);
447 wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)",
448 ssid->wpa_psk->psk, PMK_LEN);
449 return 0;
450}
451
452
Hai Shalomc3565922019-10-28 11:58:20 -0700[diff] [blame]453int hostapd_setup_sae_pt(struct hostapd_bss_config *conf)
454{
455#ifdef CONFIG_SAE
456 struct hostapd_ssid *ssid = &conf->ssid;
457 struct sae_password_entry *pw;
458
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]459 if ((conf->sae_pwe == 0 && !hostapd_sae_pw_id_in_use(conf)) ||
460 conf->sae_pwe == 3 ||
461 !wpa_key_mgmt_sae(conf->wpa_key_mgmt))
Hai Shalomc3565922019-10-28 11:58:20 -0700[diff] [blame]462 return 0; /* PT not needed */
463
464 sae_deinit_pt(ssid->pt);
465 ssid->pt = NULL;
466 if (ssid->wpa_passphrase) {
467 ssid->pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
468 ssid->ssid_len,
469 (const u8 *) ssid->wpa_passphrase,
470 os_strlen(ssid->wpa_passphrase),
471 NULL);
472 if (!ssid->pt)
473 return -1;
474 }
475
476 for (pw = conf->sae_passwords; pw; pw = pw->next) {
477 sae_deinit_pt(pw->pt);
478 pw->pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
479 ssid->ssid_len,
480 (const u8 *) pw->password,
481 os_strlen(pw->password),
482 pw->identifier);
483 if (!pw->pt)
484 return -1;
485 }
486#endif /* CONFIG_SAE */
487
488 return 0;
489}
490
491
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]492int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
493{
494 struct hostapd_ssid *ssid = &conf->ssid;
495
Hai Shalomc3565922019-10-28 11:58:20 -0700[diff] [blame]496 if (hostapd_setup_sae_pt(conf) < 0)
497 return -1;
498
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]499 if (ssid->wpa_passphrase != NULL) {
500 if (ssid->wpa_psk != NULL) {
501 wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK "
502 "instead of passphrase");
503 } else {
504 wpa_printf(MSG_DEBUG, "Deriving WPA PSK based on "
505 "passphrase");
506 if (hostapd_derive_psk(ssid) < 0)
507 return -1;
508 }
509 ssid->wpa_psk->group = 1;
510 }
511
Dmitry Shmidt29333592017-01-09 12:27:11 -0800[diff] [blame]512 return hostapd_config_read_wpa_psk(ssid->wpa_psk_file, &conf->ssid);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]513}
514
515
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]516static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
517 int num_servers)
518{
519 int i;
520
521 for (i = 0; i < num_servers; i++) {
522 os_free(servers[i].shared_secret);
523 }
524 os_free(servers);
525}
526
527
Dmitry Shmidt04949592012-07-19 12:16:46 -0700[diff] [blame]528struct hostapd_radius_attr *
529hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type)
530{
531 for (; attr; attr = attr->next) {
532 if (attr->type == type)
533 return attr;
534 }
535 return NULL;
536}
537
538
Hai Shalomc3565922019-10-28 11:58:20 -0700[diff] [blame]539struct hostapd_radius_attr * hostapd_parse_radius_attr(const char *value)
540{
541 const char *pos;
542 char syntax;
543 struct hostapd_radius_attr *attr;
544 size_t len;
545
546 attr = os_zalloc(sizeof(*attr));
547 if (!attr)
548 return NULL;
549
550 attr->type = atoi(value);
551
552 pos = os_strchr(value, ':');
553 if (!pos) {
554 attr->val = wpabuf_alloc(1);
555 if (!attr->val) {
556 os_free(attr);
557 return NULL;
558 }
559 wpabuf_put_u8(attr->val, 0);
560 return attr;
561 }
562
563 pos++;
564 if (pos[0] == '\0' || pos[1] != ':') {
565 os_free(attr);
566 return NULL;
567 }
568 syntax = *pos++;
569 pos++;
570
571 switch (syntax) {
572 case 's':
573 attr->val = wpabuf_alloc_copy(pos, os_strlen(pos));
574 break;
575 case 'x':
576 len = os_strlen(pos);
577 if (len & 1)
578 break;
579 len /= 2;
580 attr->val = wpabuf_alloc(len);
581 if (!attr->val)
582 break;
583 if (hexstr2bin(pos, wpabuf_put(attr->val, len), len) < 0) {
584 wpabuf_free(attr->val);
585 os_free(attr);
586 return NULL;
587 }
588 break;
589 case 'd':
590 attr->val = wpabuf_alloc(4);
591 if (attr->val)
592 wpabuf_put_be32(attr->val, atoi(pos));
593 break;
594 default:
595 os_free(attr);
596 return NULL;
597 }
598
599 if (!attr->val) {
600 os_free(attr);
601 return NULL;
602 }
603
604 return attr;
605}
606
607
608void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr)
Dmitry Shmidt04949592012-07-19 12:16:46 -0700[diff] [blame]609{
610 struct hostapd_radius_attr *prev;
611
612 while (attr) {
613 prev = attr;
614 attr = attr->next;
615 wpabuf_free(prev->val);
616 os_free(prev);
617 }
618}
619
620
Dmitry Shmidt818ea482014-03-10 13:15:21 -0700[diff] [blame]621void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]622{
Dmitry Shmidt818ea482014-03-10 13:15:21 -0700[diff] [blame]623 hostapd_config_free_radius_attr(user->accept_attr);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]624 os_free(user->identity);
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]625 bin_clear_free(user->password, user->password_len);
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]626 bin_clear_free(user->salt, user->salt_len);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]627 os_free(user);
628}
629
630
Dmitry Shmidt29333592017-01-09 12:27:11 -0800[diff] [blame]631void hostapd_config_free_eap_users(struct hostapd_eap_user *user)
632{
633 struct hostapd_eap_user *prev_user;
634
635 while (user) {
636 prev_user = user;
637 user = user->next;
638 hostapd_config_free_eap_user(prev_user);
639 }
640}
641
642
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]643#ifdef CONFIG_WEP
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]644static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
645{
646 int i;
647 for (i = 0; i < NUM_WEP_KEYS; i++) {
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]648 bin_clear_free(keys->key[i], keys->len[i]);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]649 keys->key[i] = NULL;
650 }
651}
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]652#endif /* CONFIG_WEP */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]653
654
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame]655void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **l)
656{
657 struct hostapd_wpa_psk *psk, *tmp;
658
659 for (psk = *l; psk;) {
660 tmp = psk;
661 psk = psk->next;
662 bin_clear_free(tmp, sizeof(*tmp));
663 }
664 *l = NULL;
665}
666
667
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]668static void hostapd_config_free_anqp_elem(struct hostapd_bss_config *conf)
669{
670 struct anqp_element *elem;
671
672 while ((elem = dl_list_first(&conf->anqp_elem, struct anqp_element,
673 list))) {
674 dl_list_del(&elem->list);
675 wpabuf_free(elem->payload);
676 os_free(elem);
677 }
678}
679
680
Dmitry Shmidt29333592017-01-09 12:27:11 -0800[diff] [blame]681static void hostapd_config_free_fils_realms(struct hostapd_bss_config *conf)
682{
683#ifdef CONFIG_FILS
684 struct fils_realm *realm;
685
686 while ((realm = dl_list_first(&conf->fils_realms, struct fils_realm,
687 list))) {
688 dl_list_del(&realm->list);
689 os_free(realm);
690 }
691#endif /* CONFIG_FILS */
692}
693
694
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]695static void hostapd_config_free_sae_passwords(struct hostapd_bss_config *conf)
696{
697 struct sae_password_entry *pw, *tmp;
698
699 pw = conf->sae_passwords;
700 conf->sae_passwords = NULL;
701 while (pw) {
702 tmp = pw;
703 pw = pw->next;
704 str_clear_free(tmp->password);
705 os_free(tmp->identifier);
Hai Shalomc3565922019-10-28 11:58:20 -0700[diff] [blame]706#ifdef CONFIG_SAE
707 sae_deinit_pt(tmp->pt);
708#endif /* CONFIG_SAE */
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]709 os_free(tmp);
710 }
711}
712
713
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]714#ifdef CONFIG_DPP2
715static void hostapd_dpp_controller_conf_free(struct dpp_controller_conf *conf)
716{
717 struct dpp_controller_conf *prev;
718
719 while (conf) {
720 prev = conf;
721 conf = conf->next;
722 os_free(prev);
723 }
724}
725#endif /* CONFIG_DPP2 */
726
727
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]728void hostapd_config_free_bss(struct hostapd_bss_config *conf)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]729{
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]730#if defined(CONFIG_WPS) || defined(CONFIG_HS20)
731 size_t i;
732#endif
733
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]734 if (conf == NULL)
735 return;
736
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame]737 hostapd_config_clear_wpa_psk(&conf->ssid.wpa_psk);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]738
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]739 str_clear_free(conf->ssid.wpa_passphrase);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]740 os_free(conf->ssid.wpa_psk_file);
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]741#ifdef CONFIG_WEP
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]742 hostapd_config_free_wep(&conf->ssid.wep);
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]743#endif /* CONFIG_WEP */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]744#ifdef CONFIG_FULL_DYNAMIC_VLAN
745 os_free(conf->ssid.vlan_tagged_interface);
746#endif /* CONFIG_FULL_DYNAMIC_VLAN */
Hai Shalomc3565922019-10-28 11:58:20 -0700[diff] [blame]747#ifdef CONFIG_SAE
748 sae_deinit_pt(conf->ssid.pt);
749#endif /* CONFIG_SAE */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]750
Dmitry Shmidt29333592017-01-09 12:27:11 -0800[diff] [blame]751 hostapd_config_free_eap_users(conf->eap_user);
Dmitry Shmidtd5e49232012-12-03 15:08:10 -0800[diff] [blame]752 os_free(conf->eap_user_sqlite);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]753
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]754 os_free(conf->eap_req_id_text);
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]755 os_free(conf->erp_domain);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]756 os_free(conf->accept_mac);
757 os_free(conf->deny_mac);
758 os_free(conf->nas_identifier);
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]759 if (conf->radius) {
760 hostapd_config_free_radius(conf->radius->auth_servers,
761 conf->radius->num_auth_servers);
762 hostapd_config_free_radius(conf->radius->acct_servers,
763 conf->radius->num_acct_servers);
764 }
Dmitry Shmidt04949592012-07-19 12:16:46 -0700[diff] [blame]765 hostapd_config_free_radius_attr(conf->radius_auth_req_attr);
766 hostapd_config_free_radius_attr(conf->radius_acct_req_attr);
Hai Shalomc3565922019-10-28 11:58:20 -0700[diff] [blame]767 os_free(conf->radius_req_attr_sqlite);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]768 os_free(conf->rsn_preauth_interfaces);
769 os_free(conf->ctrl_interface);
770 os_free(conf->ca_cert);
771 os_free(conf->server_cert);
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]772 os_free(conf->server_cert2);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]773 os_free(conf->private_key);
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]774 os_free(conf->private_key2);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]775 os_free(conf->private_key_passwd);
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]776 os_free(conf->private_key_passwd2);
Hai Shalom021b0b52019-04-10 11:17:58 -0700[diff] [blame]777 os_free(conf->check_cert_subject);
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]778 os_free(conf->ocsp_stapling_response);
Dmitry Shmidt014a3ff2015-12-28 13:27:49 -0800[diff] [blame]779 os_free(conf->ocsp_stapling_response_multi);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]780 os_free(conf->dh_file);
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]781 os_free(conf->openssl_ciphers);
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]782 os_free(conf->openssl_ecdh_curves);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]783 os_free(conf->pac_opaque_encr_key);
784 os_free(conf->eap_fast_a_id);
785 os_free(conf->eap_fast_a_id_info);
786 os_free(conf->eap_sim_db);
787 os_free(conf->radius_server_clients);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]788 os_free(conf->radius);
Dmitry Shmidt04949592012-07-19 12:16:46 -0700[diff] [blame]789 os_free(conf->radius_das_shared_secret);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]790 hostapd_config_free_vlan(conf);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]791 os_free(conf->time_zone);
792
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame]793#ifdef CONFIG_IEEE80211R_AP
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]794 {
795 struct ft_remote_r0kh *r0kh, *r0kh_prev;
796 struct ft_remote_r1kh *r1kh, *r1kh_prev;
797
798 r0kh = conf->r0kh_list;
799 conf->r0kh_list = NULL;
800 while (r0kh) {
801 r0kh_prev = r0kh;
802 r0kh = r0kh->next;
803 os_free(r0kh_prev);
804 }
805
806 r1kh = conf->r1kh_list;
807 conf->r1kh_list = NULL;
808 while (r1kh) {
809 r1kh_prev = r1kh;
810 r1kh = r1kh->next;
811 os_free(r1kh_prev);
812 }
813 }
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame]814#endif /* CONFIG_IEEE80211R_AP */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]815
816#ifdef CONFIG_WPS
817 os_free(conf->wps_pin_requests);
818 os_free(conf->device_name);
819 os_free(conf->manufacturer);
820 os_free(conf->model_name);
821 os_free(conf->model_number);
822 os_free(conf->serial_number);
823 os_free(conf->config_methods);
824 os_free(conf->ap_pin);
825 os_free(conf->extra_cred);
826 os_free(conf->ap_settings);
Hai Shalom021b0b52019-04-10 11:17:58 -0700[diff] [blame]827 hostapd_config_clear_wpa_psk(&conf->multi_ap_backhaul_ssid.wpa_psk);
828 str_clear_free(conf->multi_ap_backhaul_ssid.wpa_passphrase);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]829 os_free(conf->upnp_iface);
830 os_free(conf->friendly_name);
831 os_free(conf->manufacturer_url);
832 os_free(conf->model_description);
833 os_free(conf->model_url);
834 os_free(conf->upc);
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]835 for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++)
836 wpabuf_free(conf->wps_vendor_ext[i]);
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]837 wpabuf_free(conf->wps_application_ext);
Dmitry Shmidt04949592012-07-19 12:16:46 -0700[diff] [blame]838 wpabuf_free(conf->wps_nfc_dh_pubkey);
839 wpabuf_free(conf->wps_nfc_dh_privkey);
840 wpabuf_free(conf->wps_nfc_dev_pw);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]841#endif /* CONFIG_WPS */
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]842
843 os_free(conf->roaming_consortium);
Dmitry Shmidt04949592012-07-19 12:16:46 -0700[diff] [blame]844 os_free(conf->venue_name);
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]845 os_free(conf->venue_url);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]846 os_free(conf->nai_realm_data);
847 os_free(conf->network_auth_type);
848 os_free(conf->anqp_3gpp_cell_net);
849 os_free(conf->domain_name);
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]850 hostapd_config_free_anqp_elem(conf);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]851
852#ifdef CONFIG_RADIUS_TEST
853 os_free(conf->dump_msk_file);
854#endif /* CONFIG_RADIUS_TEST */
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]855
856#ifdef CONFIG_HS20
857 os_free(conf->hs20_oper_friendly_name);
858 os_free(conf->hs20_wan_metrics);
859 os_free(conf->hs20_connection_capability);
860 os_free(conf->hs20_operating_class);
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]861 os_free(conf->hs20_icons);
862 if (conf->hs20_osu_providers) {
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]863 for (i = 0; i < conf->hs20_osu_providers_count; i++) {
864 struct hs20_osu_provider *p;
865 size_t j;
866 p = &conf->hs20_osu_providers[i];
867 os_free(p->friendly_name);
868 os_free(p->server_uri);
869 os_free(p->method_list);
870 for (j = 0; j < p->icons_count; j++)
871 os_free(p->icons[j]);
872 os_free(p->icons);
873 os_free(p->osu_nai);
Hai Shalom39ba6fc2019-01-22 12:40:38 -0800[diff] [blame]874 os_free(p->osu_nai2);
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]875 os_free(p->service_desc);
876 }
877 os_free(conf->hs20_osu_providers);
878 }
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]879 if (conf->hs20_operator_icon) {
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]880 for (i = 0; i < conf->hs20_operator_icon_count; i++)
881 os_free(conf->hs20_operator_icon[i]);
882 os_free(conf->hs20_operator_icon);
883 }
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]884 os_free(conf->subscr_remediation_url);
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]885 os_free(conf->hs20_sim_provisioning_url);
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]886 os_free(conf->t_c_filename);
887 os_free(conf->t_c_server_url);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]888#endif /* CONFIG_HS20 */
889
890 wpabuf_free(conf->vendor_elements);
Dmitry Shmidt849734c2016-05-27 09:59:01 -0700[diff] [blame]891 wpabuf_free(conf->assocresp_elements);
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]892
893 os_free(conf->sae_groups);
Dmitry Shmidtd2986c22017-10-23 14:22:09 -0700[diff] [blame]894#ifdef CONFIG_OWE
895 os_free(conf->owe_groups);
896#endif /* CONFIG_OWE */
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]897
Dmitry Shmidt0207e232014-09-03 14:58:37 -0700[diff] [blame]898 os_free(conf->wowlan_triggers);
899
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]900 os_free(conf->server_id);
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]901
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]902#ifdef CONFIG_TESTING_OPTIONS
903 wpabuf_free(conf->own_ie_override);
Dmitry Shmidtd2986c22017-10-23 14:22:09 -0700[diff] [blame]904 wpabuf_free(conf->sae_commit_override);
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]905 wpabuf_free(conf->rsne_override_eapol);
Ahmed ElArabawy0ff61c52019-12-26 12:38:39 -0800[diff] [blame]906 wpabuf_free(conf->rsnxe_override_eapol);
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]907 wpabuf_free(conf->rsne_override_ft);
908 wpabuf_free(conf->rsnxe_override_ft);
909 wpabuf_free(conf->gtk_rsc_override);
910 wpabuf_free(conf->igtk_rsc_override);
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]911#endif /* CONFIG_TESTING_OPTIONS */
912
913 os_free(conf->no_probe_resp_if_seen_on);
914 os_free(conf->no_auth_if_seen_on);
915
Dmitry Shmidt29333592017-01-09 12:27:11 -0800[diff] [blame]916 hostapd_config_free_fils_realms(conf);
917
Dmitry Shmidtd2986c22017-10-23 14:22:09 -0700[diff] [blame]918#ifdef CONFIG_DPP
Hai Shalomc3565922019-10-28 11:58:20 -0700[diff] [blame]919 os_free(conf->dpp_name);
920 os_free(conf->dpp_mud_url);
Dmitry Shmidtd2986c22017-10-23 14:22:09 -0700[diff] [blame]921 os_free(conf->dpp_connector);
922 wpabuf_free(conf->dpp_netaccesskey);
923 wpabuf_free(conf->dpp_csign);
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]924#ifdef CONFIG_DPP2
925 hostapd_dpp_controller_conf_free(conf->dpp_controller);
926#endif /* CONFIG_DPP2 */
Dmitry Shmidtd2986c22017-10-23 14:22:09 -0700[diff] [blame]927#endif /* CONFIG_DPP */
928
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]929 hostapd_config_free_sae_passwords(conf);
Dmitry Shmidtd2986c22017-10-23 14:22:09 -0700[diff] [blame]930
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]931#ifdef CONFIG_AIRTIME_POLICY
932 {
933 struct airtime_sta_weight *wt, *wt_prev;
934
935 wt = conf->airtime_weight_list;
936 conf->airtime_weight_list = NULL;
937 while (wt) {
938 wt_prev = wt;
939 wt = wt->next;
940 os_free(wt_prev);
941 }
942 }
943#endif /* CONFIG_AIRTIME_POLICY */
944
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]945 os_free(conf);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]946}
947
948
949/**
950 * hostapd_config_free - Free hostapd configuration
951 * @conf: Configuration data from hostapd_config_read().
952 */
953void hostapd_config_free(struct hostapd_config *conf)
954{
955 size_t i;
956
957 if (conf == NULL)
958 return;
959
960 for (i = 0; i < conf->num_bss; i++)
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]961 hostapd_config_free_bss(conf->bss[i]);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]962 os_free(conf->bss);
963 os_free(conf->supported_rates);
964 os_free(conf->basic_rates);
Dmitry Shmidtdda10c22015-03-24 16:05:01 -0700[diff] [blame]965 os_free(conf->acs_ch_list.range);
Ahmed ElArabawy0ff61c52019-12-26 12:38:39 -0800[diff] [blame]966 os_free(conf->acs_freq_list.range);
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]967 os_free(conf->driver_params);
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame]968#ifdef CONFIG_ACS
969 os_free(conf->acs_chan_bias);
970#endif /* CONFIG_ACS */
Dmitry Shmidt849734c2016-05-27 09:59:01 -0700[diff] [blame]971 wpabuf_free(conf->lci);
972 wpabuf_free(conf->civic);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]973
974 os_free(conf);
975}
976
977
978/**
979 * hostapd_maclist_found - Find a MAC address from a list
980 * @list: MAC address list
981 * @num_entries: Number of addresses in the list
982 * @addr: Address to search for
983 * @vlan_id: Buffer for returning VLAN ID or %NULL if not needed
984 * Returns: 1 if address is in the list or 0 if not.
985 *
986 * Perform a binary search for given MAC address from a pre-sorted list.
987 */
988int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
Dmitry Shmidt57c2d392016-02-23 13:40:19 -0800[diff] [blame]989 const u8 *addr, struct vlan_description *vlan_id)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]990{
991 int start, end, middle, res;
992
993 start = 0;
994 end = num_entries - 1;
995
996 while (start <= end) {
997 middle = (start + end) / 2;
998 res = os_memcmp(list[middle].addr, addr, ETH_ALEN);
999 if (res == 0) {
1000 if (vlan_id)
1001 *vlan_id = list[middle].vlan_id;
1002 return 1;
1003 }
1004 if (res < 0)
1005 start = middle + 1;
1006 else
1007 end = middle - 1;
1008 }
1009
1010 return 0;
1011}
1012
1013
1014int hostapd_rate_found(int *list, int rate)
1015{
1016 int i;
1017
1018 if (list == NULL)
1019 return 0;
1020
1021 for (i = 0; list[i] >= 0; i++)
1022 if (list[i] == rate)
1023 return 1;
1024
1025 return 0;
1026}
1027
1028
Dmitry Shmidt57c2d392016-02-23 13:40:19 -0800[diff] [blame]1029int hostapd_vlan_valid(struct hostapd_vlan *vlan,
1030 struct vlan_description *vlan_desc)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1031{
1032 struct hostapd_vlan *v = vlan;
Dmitry Shmidt57c2d392016-02-23 13:40:19 -0800[diff] [blame]1033 int i;
1034
1035 if (!vlan_desc->notempty || vlan_desc->untagged < 0 ||
1036 vlan_desc->untagged > MAX_VLAN_ID)
1037 return 0;
1038 for (i = 0; i < MAX_NUM_TAGGED_VLAN; i++) {
1039 if (vlan_desc->tagged[i] < 0 ||
1040 vlan_desc->tagged[i] > MAX_VLAN_ID)
1041 return 0;
1042 }
1043 if (!vlan_desc->untagged && !vlan_desc->tagged[0])
1044 return 0;
1045
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1046 while (v) {
Dmitry Shmidt57c2d392016-02-23 13:40:19 -0800[diff] [blame]1047 if (!vlan_compare(&v->vlan_desc, vlan_desc) ||
1048 v->vlan_id == VLAN_ID_WILDCARD)
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]1049 return 1;
1050 v = v->next;
1051 }
1052 return 0;
1053}
1054
1055
1056const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
1057{
1058 struct hostapd_vlan *v = vlan;
1059 while (v) {
1060 if (v->vlan_id == vlan_id)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1061 return v->ifname;
1062 v = v->next;
1063 }
1064 return NULL;
1065}
1066
1067
1068const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
Dmitry Shmidt391c59f2013-09-03 12:16:28 -0700[diff] [blame]1069 const u8 *addr, const u8 *p2p_dev_addr,
Hai Shalom021b0b52019-04-10 11:17:58 -0700[diff] [blame]1070 const u8 *prev_psk, int *vlan_id)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1071{
1072 struct hostapd_wpa_psk *psk;
1073 int next_ok = prev_psk == NULL;
1074
Hai Shalom021b0b52019-04-10 11:17:58 -0700[diff] [blame]1075 if (vlan_id)
1076 *vlan_id = 0;
1077
Dmitry Shmidtdf5a7e42014-04-02 12:59:59 -0700[diff] [blame]1078 if (p2p_dev_addr && !is_zero_ether_addr(p2p_dev_addr)) {
Dmitry Shmidt391c59f2013-09-03 12:16:28 -0700[diff] [blame]1079 wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
1080 " p2p_dev_addr=" MACSTR " prev_psk=%p",
1081 MAC2STR(addr), MAC2STR(p2p_dev_addr), prev_psk);
Dmitry Shmidtdf5a7e42014-04-02 12:59:59 -0700[diff] [blame]1082 addr = NULL; /* Use P2P Device Address for matching */
Dmitry Shmidt391c59f2013-09-03 12:16:28 -0700[diff] [blame]1083 } else {
1084 wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
1085 " prev_psk=%p",
1086 MAC2STR(addr), prev_psk);
1087 }
1088
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1089 for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
1090 if (next_ok &&
Dmitry Shmidt391c59f2013-09-03 12:16:28 -0700[diff] [blame]1091 (psk->group ||
1092 (addr && os_memcmp(psk->addr, addr, ETH_ALEN) == 0) ||
1093 (!addr && p2p_dev_addr &&
1094 os_memcmp(psk->p2p_dev_addr, p2p_dev_addr, ETH_ALEN) ==
Hai Shalom021b0b52019-04-10 11:17:58 -0700[diff] [blame]1095 0))) {
1096 if (vlan_id)
1097 *vlan_id = psk->vlan_id;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1098 return psk->psk;
Hai Shalom021b0b52019-04-10 11:17:58 -0700[diff] [blame]1099 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1100
1101 if (psk->psk == prev_psk)
1102 next_ok = 1;
1103 }
1104
1105 return NULL;
1106}
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1107
1108
1109static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1110 struct hostapd_config *conf,
1111 int full_config)
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1112{
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1113 if (full_config && bss->ieee802_1x && !bss->eap_server &&
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1114 !bss->radius->auth_servers) {
1115 wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no "
1116 "EAP authenticator configured).");
1117 return -1;
1118 }
1119
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]1120#ifdef CONFIG_WEP
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1121 if (bss->wpa) {
1122 int wep, i;
1123
1124 wep = bss->default_wep_key_len > 0 ||
1125 bss->individual_wep_key_len > 0;
1126 for (i = 0; i < NUM_WEP_KEYS; i++) {
1127 if (bss->ssid.wep.keys_set) {
1128 wep = 1;
1129 break;
1130 }
1131 }
1132
1133 if (wep) {
1134 wpa_printf(MSG_ERROR, "WEP configuration in a WPA network is not supported");
1135 return -1;
1136 }
1137 }
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]1138#endif /* CONFIG_WEP */
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1139
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1140 if (full_config && bss->wpa &&
1141 bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1142 bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
1143 wpa_printf(MSG_ERROR, "WPA-PSK using RADIUS enabled, but no "
1144 "RADIUS checking (macaddr_acl=2) enabled.");
1145 return -1;
1146 }
1147
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1148 if (full_config && bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1149 bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
1150 bss->ssid.wpa_psk_file == NULL &&
1151 (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED ||
1152 bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) {
1153 wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase "
1154 "is not configured.");
1155 return -1;
1156 }
1157
Dmitry Shmidt9c175262016-03-03 10:20:07 -0800[diff] [blame]1158 if (full_config && !is_zero_ether_addr(bss->bssid)) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1159 size_t i;
1160
1161 for (i = 0; i < conf->num_bss; i++) {
1162 if (conf->bss[i] != bss &&
1163 (hostapd_mac_comp(conf->bss[i]->bssid,
1164 bss->bssid) == 0)) {
1165 wpa_printf(MSG_ERROR, "Duplicate BSSID " MACSTR
1166 " on interface '%s' and '%s'.",
1167 MAC2STR(bss->bssid),
1168 conf->bss[i]->iface, bss->iface);
1169 return -1;
1170 }
1171 }
1172 }
1173
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame]1174#ifdef CONFIG_IEEE80211R_AP
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1175 if (full_config && wpa_key_mgmt_ft(bss->wpa_key_mgmt) &&
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1176 (bss->nas_identifier == NULL ||
1177 os_strlen(bss->nas_identifier) < 1 ||
1178 os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) {
1179 wpa_printf(MSG_ERROR, "FT (IEEE 802.11r) requires "
1180 "nas_identifier to be configured as a 1..48 octet "
1181 "string");
1182 return -1;
1183 }
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame]1184#endif /* CONFIG_IEEE80211R_AP */
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1185
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1186 if (full_config && conf->ieee80211n &&
1187 conf->hw_mode == HOSTAPD_MODE_IEEE80211B) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1188 bss->disable_11n = 1;
1189 wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) in 11b mode is not "
Dmitry Shmidt661b4f72014-09-29 14:58:27 -0700[diff] [blame]1190 "allowed, disabling HT capabilities");
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1191 }
1192
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]1193#ifdef CONFIG_WEP
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1194 if (full_config && conf->ieee80211n &&
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1195 bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1196 bss->disable_11n = 1;
1197 wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not "
1198 "allowed, disabling HT capabilities");
1199 }
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]1200#endif /* CONFIG_WEP */
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1201
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1202 if (full_config && conf->ieee80211n && bss->wpa &&
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1203 !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1204 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1205 WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1206 {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1207 bss->disable_11n = 1;
1208 wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 "
1209 "requires CCMP/GCMP to be enabled, disabling HT "
1210 "capabilities");
1211 }
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1212
Dmitry Shmidt7f2c7532016-08-15 09:48:12 -0700[diff] [blame]1213#ifdef CONFIG_IEEE80211AC
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]1214#ifdef CONFIG_WEP
Dmitry Shmidt7f2c7532016-08-15 09:48:12 -0700[diff] [blame]1215 if (full_config && conf->ieee80211ac &&
1216 bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1217 bss->disable_11ac = 1;
1218 wpa_printf(MSG_ERROR,
1219 "VHT (IEEE 802.11ac) with WEP is not allowed, disabling VHT capabilities");
1220 }
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]1221#endif /* CONFIG_WEP */
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame]1222
1223 if (full_config && conf->ieee80211ac && bss->wpa &&
1224 !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1225 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1226 WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1227 {
1228 bss->disable_11ac = 1;
1229 wpa_printf(MSG_ERROR,
1230 "VHT (IEEE 802.11ac) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling VHT capabilities");
1231 }
Dmitry Shmidt7f2c7532016-08-15 09:48:12 -0700[diff] [blame]1232#endif /* CONFIG_IEEE80211AC */
1233
Dmitry Shmidt15907092014-03-25 10:42:57 -0700[diff] [blame]1234#ifdef CONFIG_WPS
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1235 if (full_config && bss->wps_state && bss->ignore_broadcast_ssid) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1236 wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid "
1237 "configuration forced WPS to be disabled");
1238 bss->wps_state = 0;
1239 }
1240
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]1241#ifdef CONFIG_WEP
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1242 if (full_config && bss->wps_state &&
1243 bss->ssid.wep.keys_set && bss->wpa == 0) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1244 wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be "
1245 "disabled");
1246 bss->wps_state = 0;
1247 }
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]1248#endif /* CONFIG_WEP */
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1249
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1250 if (full_config && bss->wps_state && bss->wpa &&
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1251 (!(bss->wpa & 2) ||
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]1252 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1253 WPA_CIPHER_CCMP_256 |
1254 WPA_CIPHER_GCMP_256)))) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1255 wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without "
Dmitry Shmidt1d755d02015-04-28 10:34:29 -0700[diff] [blame]1256 "WPA2/CCMP/GCMP forced WPS to be disabled");
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1257 bss->wps_state = 0;
1258 }
Dmitry Shmidt15907092014-03-25 10:42:57 -0700[diff] [blame]1259#endif /* CONFIG_WPS */
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1260
1261#ifdef CONFIG_HS20
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1262 if (full_config && bss->hs20 &&
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1263 (!(bss->wpa & 2) ||
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1264 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1265 WPA_CIPHER_CCMP_256 |
1266 WPA_CIPHER_GCMP_256)))) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1267 wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP "
1268 "configuration is required for Hotspot 2.0 "
1269 "functionality");
1270 return -1;
1271 }
1272#endif /* CONFIG_HS20 */
1273
Dmitry Shmidt57c2d392016-02-23 13:40:19 -0800[diff] [blame]1274#ifdef CONFIG_MBO
1275 if (full_config && bss->mbo_enabled && (bss->wpa & 2) &&
1276 bss->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
1277 wpa_printf(MSG_ERROR,
1278 "MBO: PMF needs to be enabled whenever using WPA2 with MBO");
1279 return -1;
1280 }
1281#endif /* CONFIG_MBO */
1282
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]1283#ifdef CONFIG_OCV
1284 if (full_config && bss->ieee80211w == NO_MGMT_FRAME_PROTECTION &&
1285 bss->ocv) {
1286 wpa_printf(MSG_ERROR,
1287 "OCV: PMF needs to be enabled whenever using OCV");
1288 return -1;
1289 }
1290#endif /* CONFIG_OCV */
1291
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1292 return 0;
1293}
1294
1295
Dmitry Shmidt05df46a2015-05-19 11:02:01 -0700[diff] [blame]1296static int hostapd_config_check_cw(struct hostapd_config *conf, int queue)
1297{
1298 int tx_cwmin = conf->tx_queue[queue].cwmin;
1299 int tx_cwmax = conf->tx_queue[queue].cwmax;
1300 int ac_cwmin = conf->wmm_ac_params[queue].cwmin;
1301 int ac_cwmax = conf->wmm_ac_params[queue].cwmax;
1302
1303 if (tx_cwmin > tx_cwmax) {
1304 wpa_printf(MSG_ERROR,
1305 "Invalid TX queue cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1306 tx_cwmin, tx_cwmax);
1307 return -1;
1308 }
1309 if (ac_cwmin > ac_cwmax) {
1310 wpa_printf(MSG_ERROR,
1311 "Invalid WMM AC cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1312 ac_cwmin, ac_cwmax);
1313 return -1;
1314 }
1315 return 0;
1316}
1317
1318
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1319int hostapd_config_check(struct hostapd_config *conf, int full_config)
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1320{
1321 size_t i;
1322
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1323 if (full_config && conf->ieee80211d &&
1324 (!conf->country[0] || !conf->country[1])) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1325 wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11d without "
1326 "setting the country_code");
1327 return -1;
1328 }
1329
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1330 if (full_config && conf->ieee80211h && !conf->ieee80211d) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1331 wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11h without "
1332 "IEEE 802.11d enabled");
1333 return -1;
1334 }
1335
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]1336 if (full_config && conf->local_pwr_constraint != -1 &&
1337 !conf->ieee80211d) {
1338 wpa_printf(MSG_ERROR, "Cannot add Power Constraint element without Country element");
1339 return -1;
1340 }
1341
1342 if (full_config && conf->spectrum_mgmt_required &&
1343 conf->local_pwr_constraint == -1) {
1344 wpa_printf(MSG_ERROR, "Cannot set Spectrum Management bit without Country and Power Constraint elements");
1345 return -1;
1346 }
1347
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]1348#ifdef CONFIG_AIRTIME_POLICY
1349 if (full_config && conf->airtime_mode > AIRTIME_MODE_STATIC &&
1350 !conf->airtime_update_interval) {
1351 wpa_printf(MSG_ERROR, "Airtime update interval cannot be zero");
1352 return -1;
1353 }
1354#endif /* CONFIG_AIRTIME_POLICY */
Dmitry Shmidt05df46a2015-05-19 11:02:01 -0700[diff] [blame]1355 for (i = 0; i < NUM_TX_QUEUES; i++) {
1356 if (hostapd_config_check_cw(conf, i))
1357 return -1;
1358 }
1359
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1360 for (i = 0; i < conf->num_bss; i++) {
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1361 if (hostapd_config_check_bss(conf->bss[i], conf, full_config))
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1362 return -1;
1363 }
1364
1365 return 0;
1366}
1367
1368
Dmitry Shmidt71757432014-06-02 13:50:35 -0700[diff] [blame]1369void hostapd_set_security_params(struct hostapd_bss_config *bss,
1370 int full_config)
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1371{
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]1372#ifdef CONFIG_WEP
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1373 if (bss->individual_wep_key_len == 0) {
1374 /* individual keys are not use; can use key idx0 for
1375 * broadcast keys */
1376 bss->broadcast_key_idx_min = 0;
1377 }
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]1378#endif /* CONFIG_WEP */
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1379
1380 if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
1381 bss->rsn_pairwise = bss->wpa_pairwise;
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]1382 if (bss->group_cipher)
1383 bss->wpa_group = bss->group_cipher;
1384 else
1385 bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
1386 bss->wpa_pairwise,
1387 bss->rsn_pairwise);
Dmitry Shmidtd2986c22017-10-23 14:22:09 -0700[diff] [blame]1388 if (!bss->wpa_group_rekey_set)
1389 bss->wpa_group_rekey = bss->wpa_group == WPA_CIPHER_TKIP ?
1390 600 : 86400;
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1391
Dmitry Shmidt71757432014-06-02 13:50:35 -0700[diff] [blame]1392 if (full_config) {
1393 bss->radius->auth_server = bss->radius->auth_servers;
1394 bss->radius->acct_server = bss->radius->acct_servers;
1395 }
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1396
1397 if (bss->wpa && bss->ieee802_1x) {
1398 bss->ssid.security_policy = SECURITY_WPA;
1399 } else if (bss->wpa) {
1400 bss->ssid.security_policy = SECURITY_WPA_PSK;
1401 } else if (bss->ieee802_1x) {
1402 int cipher = WPA_CIPHER_NONE;
1403 bss->ssid.security_policy = SECURITY_IEEE_802_1X;
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]1404#ifdef CONFIG_WEP
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1405 bss->ssid.wep.default_len = bss->default_wep_key_len;
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]1406 if (full_config && bss->default_wep_key_len) {
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1407 cipher = bss->default_wep_key_len >= 13 ?
1408 WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]1409 } else if (full_config && bss->ssid.wep.keys_set) {
1410 if (bss->ssid.wep.len[0] >= 13)
1411 cipher = WPA_CIPHER_WEP104;
1412 else
1413 cipher = WPA_CIPHER_WEP40;
1414 }
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]1415#endif /* CONFIG_WEP */
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1416 bss->wpa_group = cipher;
1417 bss->wpa_pairwise = cipher;
1418 bss->rsn_pairwise = cipher;
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]1419 if (full_config)
1420 bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]1421#ifdef CONFIG_WEP
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1422 } else if (bss->ssid.wep.keys_set) {
1423 int cipher = WPA_CIPHER_WEP40;
1424 if (bss->ssid.wep.len[0] >= 13)
1425 cipher = WPA_CIPHER_WEP104;
1426 bss->ssid.security_policy = SECURITY_STATIC_WEP;
1427 bss->wpa_group = cipher;
1428 bss->wpa_pairwise = cipher;
1429 bss->rsn_pairwise = cipher;
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]1430 if (full_config)
1431 bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame^]1432#endif /* CONFIG_WEP */
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]1433 } else if (bss->osen) {
1434 bss->ssid.security_policy = SECURITY_OSEN;
1435 bss->wpa_group = WPA_CIPHER_CCMP;
1436 bss->wpa_pairwise = 0;
1437 bss->rsn_pairwise = WPA_CIPHER_CCMP;
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1438 } else {
1439 bss->ssid.security_policy = SECURITY_PLAINTEXT;
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]1440 if (full_config) {
1441 bss->wpa_group = WPA_CIPHER_NONE;
1442 bss->wpa_pairwise = WPA_CIPHER_NONE;
1443 bss->rsn_pairwise = WPA_CIPHER_NONE;
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]1444 bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]1445 }
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1446 }
1447}
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]1448
1449
1450int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf)
1451{
1452 int with_id = 0, without_id = 0;
1453 struct sae_password_entry *pw;
1454
1455 if (conf->ssid.wpa_passphrase)
1456 without_id = 1;
1457
1458 for (pw = conf->sae_passwords; pw; pw = pw->next) {
1459 if (pw->identifier)
1460 with_id = 1;
1461 else
1462 without_id = 1;
1463 if (with_id && without_id)
1464 break;
1465 }
1466
1467 if (with_id && !without_id)
1468 return 2;
1469 return with_id;
1470}