1/* 2 * hostapd / Configuration helper functions 3 * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "utils/includes.h" 10 11#include "utils/common.h" 12#include "crypto/sha1.h" 13#include "radius/radius_client.h" 14#include "common/ieee802_11_defs.h" 15#include "common/eapol_common.h" 16#include "common/dhcp.h" 17#include "eap_common/eap_wsc_common.h" 18#include "eap_server/eap.h" 19#include "wpa_auth.h" 20#include "sta_info.h" 21#include "ap_config.h" 22 23 24static void hostapd_config_free_vlan(struct hostapd_bss_config *bss) 25{ 26 struct hostapd_vlan *vlan, *prev; 27 28 vlan = bss->vlan; 29 prev = NULL; 30 while (vlan) { 31 prev = vlan; 32 vlan = vlan->next; 33 os_free(prev); 34 } 35 36 bss->vlan = NULL; 37} 38 39 40#ifndef DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES 41#define DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES 0 42#endif /* DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES */ 43 44void hostapd_config_defaults_bss(struct hostapd_bss_config *bss) 45{ 46 dl_list_init(&bss->anqp_elem); 47 48 bss->logger_syslog_level = HOSTAPD_LEVEL_INFO; 49 bss->logger_stdout_level = HOSTAPD_LEVEL_INFO; 50 bss->logger_syslog = (unsigned int) -1; 51 bss->logger_stdout = (unsigned int) -1; 52 53 bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED; 54 55 bss->wep_rekeying_period = 300; 56 /* use key0 in individual key and key1 in broadcast key */ 57 bss->broadcast_key_idx_min = 1; 58 bss->broadcast_key_idx_max = 2; 59 bss->eap_reauth_period = 3600; 60 61 bss->wpa_group_rekey = 600; 62 bss->wpa_gmk_rekey = 86400; 63 bss->wpa_group_update_count = 4; 64 bss->wpa_pairwise_update_count = 4; 65 bss->wpa_disable_eapol_key_retries = 66 DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES; 67 bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK; 68 bss->wpa_pairwise = WPA_CIPHER_TKIP; 69 bss->wpa_group = WPA_CIPHER_TKIP; 70 bss->rsn_pairwise = 0; 71 72 bss->max_num_sta = MAX_STA_COUNT; 73 74 bss->dtim_period = 2; 75 76 bss->radius_server_auth_port = 1812; 77 bss->eap_sim_db_timeout = 1; 78 bss->ap_max_inactivity = AP_MAX_INACTIVITY; 79 bss->eapol_version = EAPOL_VERSION; 80 81 bss->max_listen_interval = 65535; 82 83 bss->pwd_group = 19; /* ECC: GF(p=256) */ 84 85#ifdef CONFIG_IEEE80211W 86 bss->assoc_sa_query_max_timeout = 1000; 87 bss->assoc_sa_query_retry_timeout = 201; 88 bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC; 89#endif /* CONFIG_IEEE80211W */ 90#ifdef EAP_SERVER_FAST 91 /* both anonymous and authenticated provisioning */ 92 bss->eap_fast_prov = 3; 93 bss->pac_key_lifetime = 7 * 24 * 60 * 60; 94 bss->pac_key_refresh_time = 1 * 24 * 60 * 60; 95#endif /* EAP_SERVER_FAST */ 96 97 /* Set to -1 as defaults depends on HT in setup */ 98 bss->wmm_enabled = -1; 99 100#ifdef CONFIG_IEEE80211R_AP 101 bss->ft_over_ds = 1; 102 bss->rkh_pos_timeout = 86400; 103 bss->rkh_neg_timeout = 60; 104 bss->rkh_pull_timeout = 1000; 105 bss->rkh_pull_retries = 4; 106#endif /* CONFIG_IEEE80211R_AP */ 107 108 bss->radius_das_time_window = 300; 109 110 bss->sae_anti_clogging_threshold = 5; 111 112 bss->gas_frag_limit = 1400; 113 114#ifdef CONFIG_FILS 115 dl_list_init(&bss->fils_realms); 116 bss->fils_hlp_wait_time = 30; 117 bss->dhcp_server_port = DHCP_SERVER_PORT; 118 bss->dhcp_relay_port = DHCP_SERVER_PORT; 119#endif /* CONFIG_FILS */ 120 121 bss->broadcast_deauth = 1; 122 123#ifdef CONFIG_MBO 124 bss->mbo_cell_data_conn_pref = -1; 125#endif /* CONFIG_MBO */ 126} 127 128 129struct hostapd_config * hostapd_config_defaults(void) 130{ 131#define ecw2cw(ecw) ((1 << (ecw)) - 1) 132 133 struct hostapd_config *conf; 134 struct hostapd_bss_config *bss; 135 const int aCWmin = 4, aCWmax = 10; 136 const struct hostapd_wmm_ac_params ac_bk = 137 { aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */ 138 const struct hostapd_wmm_ac_params ac_be = 139 { aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */ 140 const struct hostapd_wmm_ac_params ac_vi = /* video traffic */ 141 { aCWmin - 1, aCWmin, 2, 3008 / 32, 0 }; 142 const struct hostapd_wmm_ac_params ac_vo = /* voice traffic */ 143 { aCWmin - 2, aCWmin - 1, 2, 1504 / 32, 0 }; 144 const struct hostapd_tx_queue_params txq_bk = 145 { 7, ecw2cw(aCWmin), ecw2cw(aCWmax), 0 }; 146 const struct hostapd_tx_queue_params txq_be = 147 { 3, ecw2cw(aCWmin), 4 * (ecw2cw(aCWmin) + 1) - 1, 0}; 148 const struct hostapd_tx_queue_params txq_vi = 149 { 1, (ecw2cw(aCWmin) + 1) / 2 - 1, ecw2cw(aCWmin), 30}; 150 const struct hostapd_tx_queue_params txq_vo = 151 { 1, (ecw2cw(aCWmin) + 1) / 4 - 1, 152 (ecw2cw(aCWmin) + 1) / 2 - 1, 15}; 153 154#undef ecw2cw 155 156 conf = os_zalloc(sizeof(*conf)); 157 bss = os_zalloc(sizeof(*bss)); 158 if (conf == NULL || bss == NULL) { 159 wpa_printf(MSG_ERROR, "Failed to allocate memory for " 160 "configuration data."); 161 os_free(conf); 162 os_free(bss); 163 return NULL; 164 } 165 conf->bss = os_calloc(1, sizeof(struct hostapd_bss_config *)); 166 if (conf->bss == NULL) { 167 os_free(conf); 168 os_free(bss); 169 return NULL; 170 } 171 conf->bss[0] = bss; 172 173 bss->radius = os_zalloc(sizeof(*bss->radius)); 174 if (bss->radius == NULL) { 175 os_free(conf->bss); 176 os_free(conf); 177 os_free(bss); 178 return NULL; 179 } 180 181 hostapd_config_defaults_bss(bss); 182 183 conf->num_bss = 1; 184 185 conf->beacon_int = 100; 186 conf->rts_threshold = -1; /* use driver default: 2347 */ 187 conf->fragm_threshold = -1; /* user driver default: 2346 */ 188 conf->send_probe_response = 1; 189 /* Set to invalid value means do not add Power Constraint IE */ 190 conf->local_pwr_constraint = -1; 191 192 conf->wmm_ac_params[0] = ac_be; 193 conf->wmm_ac_params[1] = ac_bk; 194 conf->wmm_ac_params[2] = ac_vi; 195 conf->wmm_ac_params[3] = ac_vo; 196 197 conf->tx_queue[0] = txq_vo; 198 conf->tx_queue[1] = txq_vi; 199 conf->tx_queue[2] = txq_be; 200 conf->tx_queue[3] = txq_bk; 201 202 conf->ht_capab = HT_CAP_INFO_SMPS_DISABLED; 203 204 conf->ap_table_max_size = 255; 205 conf->ap_table_expiration_time = 60; 206 conf->track_sta_max_age = 180; 207 208#ifdef CONFIG_TESTING_OPTIONS 209 conf->ignore_probe_probability = 0.0; 210 conf->ignore_auth_probability = 0.0; 211 conf->ignore_assoc_probability = 0.0; 212 conf->ignore_reassoc_probability = 0.0; 213 conf->corrupt_gtk_rekey_mic_probability = 0.0; 214 conf->ecsa_ie_only = 0; 215#endif /* CONFIG_TESTING_OPTIONS */ 216 217 conf->acs = 0; 218 conf->acs_ch_list.num = 0; 219#ifdef CONFIG_ACS 220 conf->acs_num_scans = 5; 221#endif /* CONFIG_ACS */ 222 223 /* The third octet of the country string uses an ASCII space character 224 * by default to indicate that the regulations encompass all 225 * environments for the current frequency band in the country. */ 226 conf->country[2] = ' '; 227 228 return conf; 229} 230 231 232int hostapd_mac_comp(const void *a, const void *b) 233{ 234 return os_memcmp(a, b, sizeof(macaddr)); 235} 236 237 238static int hostapd_config_read_wpa_psk(const char *fname, 239 struct hostapd_ssid *ssid) 240{ 241 FILE *f; 242 char buf[128], *pos; 243 int line = 0, ret = 0, len, ok; 244 u8 addr[ETH_ALEN]; 245 struct hostapd_wpa_psk *psk; 246 247 if (!fname) 248 return 0; 249 250 f = fopen(fname, "r"); 251 if (!f) { 252 wpa_printf(MSG_ERROR, "WPA PSK file '%s' not found.", fname); 253 return -1; 254 } 255 256 while (fgets(buf, sizeof(buf), f)) { 257 line++; 258 259 if (buf[0] == '#') 260 continue; 261 pos = buf; 262 while (*pos != '\0') { 263 if (*pos == '\n') { 264 *pos = '\0'; 265 break; 266 } 267 pos++; 268 } 269 if (buf[0] == '\0') 270 continue; 271 272 if (hwaddr_aton(buf, addr)) { 273 wpa_printf(MSG_ERROR, "Invalid MAC address '%s' on " 274 "line %d in '%s'", buf, line, fname); 275 ret = -1; 276 break; 277 } 278 279 psk = os_zalloc(sizeof(*psk)); 280 if (psk == NULL) { 281 wpa_printf(MSG_ERROR, "WPA PSK allocation failed"); 282 ret = -1; 283 break; 284 } 285 if (is_zero_ether_addr(addr)) 286 psk->group = 1; 287 else 288 os_memcpy(psk->addr, addr, ETH_ALEN); 289 290 pos = buf + 17; 291 if (*pos == '\0') { 292 wpa_printf(MSG_ERROR, "No PSK on line %d in '%s'", 293 line, fname); 294 os_free(psk); 295 ret = -1; 296 break; 297 } 298 pos++; 299 300 ok = 0; 301 len = os_strlen(pos); 302 if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0) 303 ok = 1; 304 else if (len >= 8 && len < 64) { 305 pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len, 306 4096, psk->psk, PMK_LEN); 307 ok = 1; 308 } 309 if (!ok) { 310 wpa_printf(MSG_ERROR, "Invalid PSK '%s' on line %d in " 311 "'%s'", pos, line, fname); 312 os_free(psk); 313 ret = -1; 314 break; 315 } 316 317 psk->next = ssid->wpa_psk; 318 ssid->wpa_psk = psk; 319 } 320 321 fclose(f); 322 323 return ret; 324} 325 326 327static int hostapd_derive_psk(struct hostapd_ssid *ssid) 328{ 329 ssid->wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk)); 330 if (ssid->wpa_psk == NULL) { 331 wpa_printf(MSG_ERROR, "Unable to alloc space for PSK"); 332 return -1; 333 } 334 wpa_hexdump_ascii(MSG_DEBUG, "SSID", 335 (u8 *) ssid->ssid, ssid->ssid_len); 336 wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)", 337 (u8 *) ssid->wpa_passphrase, 338 os_strlen(ssid->wpa_passphrase)); 339 pbkdf2_sha1(ssid->wpa_passphrase, 340 ssid->ssid, ssid->ssid_len, 341 4096, ssid->wpa_psk->psk, PMK_LEN); 342 wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)", 343 ssid->wpa_psk->psk, PMK_LEN); 344 return 0; 345} 346 347 348int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf) 349{ 350 struct hostapd_ssid *ssid = &conf->ssid; 351 352 if (ssid->wpa_passphrase != NULL) { 353 if (ssid->wpa_psk != NULL) { 354 wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK " 355 "instead of passphrase"); 356 } else { 357 wpa_printf(MSG_DEBUG, "Deriving WPA PSK based on " 358 "passphrase"); 359 if (hostapd_derive_psk(ssid) < 0) 360 return -1; 361 } 362 ssid->wpa_psk->group = 1; 363 } 364 365 return hostapd_config_read_wpa_psk(ssid->wpa_psk_file, &conf->ssid); 366} 367 368 369static void hostapd_config_free_radius(struct hostapd_radius_server *servers, 370 int num_servers) 371{ 372 int i; 373 374 for (i = 0; i < num_servers; i++) { 375 os_free(servers[i].shared_secret); 376 } 377 os_free(servers); 378} 379 380 381struct hostapd_radius_attr * 382hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type) 383{ 384 for (; attr; attr = attr->next) { 385 if (attr->type == type) 386 return attr; 387 } 388 return NULL; 389} 390 391 392static void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr) 393{ 394 struct hostapd_radius_attr *prev; 395 396 while (attr) { 397 prev = attr; 398 attr = attr->next; 399 wpabuf_free(prev->val); 400 os_free(prev); 401 } 402} 403 404 405void hostapd_config_free_eap_user(struct hostapd_eap_user *user) 406{ 407 hostapd_config_free_radius_attr(user->accept_attr); 408 os_free(user->identity); 409 bin_clear_free(user->password, user->password_len); 410 os_free(user); 411} 412 413 414void hostapd_config_free_eap_users(struct hostapd_eap_user *user) 415{ 416 struct hostapd_eap_user *prev_user; 417 418 while (user) { 419 prev_user = user; 420 user = user->next; 421 hostapd_config_free_eap_user(prev_user); 422 } 423} 424 425 426static void hostapd_config_free_wep(struct hostapd_wep_keys *keys) 427{ 428 int i; 429 for (i = 0; i < NUM_WEP_KEYS; i++) { 430 bin_clear_free(keys->key[i], keys->len[i]); 431 keys->key[i] = NULL; 432 } 433} 434 435 436void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **l) 437{ 438 struct hostapd_wpa_psk *psk, *tmp; 439 440 for (psk = *l; psk;) { 441 tmp = psk; 442 psk = psk->next; 443 bin_clear_free(tmp, sizeof(*tmp)); 444 } 445 *l = NULL; 446} 447 448 449static void hostapd_config_free_anqp_elem(struct hostapd_bss_config *conf) 450{ 451 struct anqp_element *elem; 452 453 while ((elem = dl_list_first(&conf->anqp_elem, struct anqp_element, 454 list))) { 455 dl_list_del(&elem->list); 456 wpabuf_free(elem->payload); 457 os_free(elem); 458 } 459} 460 461 462static void hostapd_config_free_fils_realms(struct hostapd_bss_config *conf) 463{ 464#ifdef CONFIG_FILS 465 struct fils_realm *realm; 466 467 while ((realm = dl_list_first(&conf->fils_realms, struct fils_realm, 468 list))) { 469 dl_list_del(&realm->list); 470 os_free(realm); 471 } 472#endif /* CONFIG_FILS */ 473} 474 475 476void hostapd_config_free_bss(struct hostapd_bss_config *conf) 477{ 478 if (conf == NULL) 479 return; 480 481 hostapd_config_clear_wpa_psk(&conf->ssid.wpa_psk); 482 483 str_clear_free(conf->ssid.wpa_passphrase); 484 os_free(conf->ssid.wpa_psk_file); 485 hostapd_config_free_wep(&conf->ssid.wep); 486#ifdef CONFIG_FULL_DYNAMIC_VLAN 487 os_free(conf->ssid.vlan_tagged_interface); 488#endif /* CONFIG_FULL_DYNAMIC_VLAN */ 489 490 hostapd_config_free_eap_users(conf->eap_user); 491 os_free(conf->eap_user_sqlite); 492 493 os_free(conf->eap_req_id_text); 494 os_free(conf->erp_domain); 495 os_free(conf->accept_mac); 496 os_free(conf->deny_mac); 497 os_free(conf->nas_identifier); 498 if (conf->radius) { 499 hostapd_config_free_radius(conf->radius->auth_servers, 500 conf->radius->num_auth_servers); 501 hostapd_config_free_radius(conf->radius->acct_servers, 502 conf->radius->num_acct_servers); 503 } 504 hostapd_config_free_radius_attr(conf->radius_auth_req_attr); 505 hostapd_config_free_radius_attr(conf->radius_acct_req_attr); 506 os_free(conf->rsn_preauth_interfaces); 507 os_free(conf->ctrl_interface); 508 os_free(conf->ca_cert); 509 os_free(conf->server_cert); 510 os_free(conf->private_key); 511 os_free(conf->private_key_passwd); 512 os_free(conf->ocsp_stapling_response); 513 os_free(conf->ocsp_stapling_response_multi); 514 os_free(conf->dh_file); 515 os_free(conf->openssl_ciphers); 516 os_free(conf->pac_opaque_encr_key); 517 os_free(conf->eap_fast_a_id); 518 os_free(conf->eap_fast_a_id_info); 519 os_free(conf->eap_sim_db); 520 os_free(conf->radius_server_clients); 521 os_free(conf->radius); 522 os_free(conf->radius_das_shared_secret); 523 hostapd_config_free_vlan(conf); 524 os_free(conf->time_zone); 525 526#ifdef CONFIG_IEEE80211R_AP 527 { 528 struct ft_remote_r0kh *r0kh, *r0kh_prev; 529 struct ft_remote_r1kh *r1kh, *r1kh_prev; 530 531 r0kh = conf->r0kh_list; 532 conf->r0kh_list = NULL; 533 while (r0kh) { 534 r0kh_prev = r0kh; 535 r0kh = r0kh->next; 536 os_free(r0kh_prev); 537 } 538 539 r1kh = conf->r1kh_list; 540 conf->r1kh_list = NULL; 541 while (r1kh) { 542 r1kh_prev = r1kh; 543 r1kh = r1kh->next; 544 os_free(r1kh_prev); 545 } 546 } 547#endif /* CONFIG_IEEE80211R_AP */ 548 549#ifdef CONFIG_WPS 550 os_free(conf->wps_pin_requests); 551 os_free(conf->device_name); 552 os_free(conf->manufacturer); 553 os_free(conf->model_name); 554 os_free(conf->model_number); 555 os_free(conf->serial_number); 556 os_free(conf->config_methods); 557 os_free(conf->ap_pin); 558 os_free(conf->extra_cred); 559 os_free(conf->ap_settings); 560 os_free(conf->upnp_iface); 561 os_free(conf->friendly_name); 562 os_free(conf->manufacturer_url); 563 os_free(conf->model_description); 564 os_free(conf->model_url); 565 os_free(conf->upc); 566 { 567 unsigned int i; 568 569 for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++) 570 wpabuf_free(conf->wps_vendor_ext[i]); 571 } 572 wpabuf_free(conf->wps_nfc_dh_pubkey); 573 wpabuf_free(conf->wps_nfc_dh_privkey); 574 wpabuf_free(conf->wps_nfc_dev_pw); 575#endif /* CONFIG_WPS */ 576 577 os_free(conf->roaming_consortium); 578 os_free(conf->venue_name); 579 os_free(conf->nai_realm_data); 580 os_free(conf->network_auth_type); 581 os_free(conf->anqp_3gpp_cell_net); 582 os_free(conf->domain_name); 583 hostapd_config_free_anqp_elem(conf); 584 585#ifdef CONFIG_RADIUS_TEST 586 os_free(conf->dump_msk_file); 587#endif /* CONFIG_RADIUS_TEST */ 588 589#ifdef CONFIG_HS20 590 os_free(conf->hs20_oper_friendly_name); 591 os_free(conf->hs20_wan_metrics); 592 os_free(conf->hs20_connection_capability); 593 os_free(conf->hs20_operating_class); 594 os_free(conf->hs20_icons); 595 if (conf->hs20_osu_providers) { 596 size_t i; 597 for (i = 0; i < conf->hs20_osu_providers_count; i++) { 598 struct hs20_osu_provider *p; 599 size_t j; 600 p = &conf->hs20_osu_providers[i]; 601 os_free(p->friendly_name); 602 os_free(p->server_uri); 603 os_free(p->method_list); 604 for (j = 0; j < p->icons_count; j++) 605 os_free(p->icons[j]); 606 os_free(p->icons); 607 os_free(p->osu_nai); 608 os_free(p->service_desc); 609 } 610 os_free(conf->hs20_osu_providers); 611 } 612 os_free(conf->subscr_remediation_url); 613#endif /* CONFIG_HS20 */ 614 615 wpabuf_free(conf->vendor_elements); 616 wpabuf_free(conf->assocresp_elements); 617 618 os_free(conf->sae_groups); 619#ifdef CONFIG_OWE 620 os_free(conf->owe_groups); 621#endif /* CONFIG_OWE */ 622 623 os_free(conf->wowlan_triggers); 624 625 os_free(conf->server_id); 626 627#ifdef CONFIG_TESTING_OPTIONS 628 wpabuf_free(conf->own_ie_override); 629 wpabuf_free(conf->sae_commit_override); 630#endif /* CONFIG_TESTING_OPTIONS */ 631 632 os_free(conf->no_probe_resp_if_seen_on); 633 os_free(conf->no_auth_if_seen_on); 634 635 hostapd_config_free_fils_realms(conf); 636 637#ifdef CONFIG_DPP 638 os_free(conf->dpp_connector); 639 wpabuf_free(conf->dpp_netaccesskey); 640 wpabuf_free(conf->dpp_csign); 641#endif /* CONFIG_DPP */ 642 643 os_free(conf->sae_password); 644 645 os_free(conf); 646} 647 648 649/** 650 * hostapd_config_free - Free hostapd configuration 651 * @conf: Configuration data from hostapd_config_read(). 652 */ 653void hostapd_config_free(struct hostapd_config *conf) 654{ 655 size_t i; 656 657 if (conf == NULL) 658 return; 659 660 for (i = 0; i < conf->num_bss; i++) 661 hostapd_config_free_bss(conf->bss[i]); 662 os_free(conf->bss); 663 os_free(conf->supported_rates); 664 os_free(conf->basic_rates); 665 os_free(conf->acs_ch_list.range); 666 os_free(conf->driver_params); 667#ifdef CONFIG_ACS 668 os_free(conf->acs_chan_bias); 669#endif /* CONFIG_ACS */ 670 wpabuf_free(conf->lci); 671 wpabuf_free(conf->civic); 672 673 os_free(conf); 674} 675 676 677/** 678 * hostapd_maclist_found - Find a MAC address from a list 679 * @list: MAC address list 680 * @num_entries: Number of addresses in the list 681 * @addr: Address to search for 682 * @vlan_id: Buffer for returning VLAN ID or %NULL if not needed 683 * Returns: 1 if address is in the list or 0 if not. 684 * 685 * Perform a binary search for given MAC address from a pre-sorted list. 686 */ 687int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries, 688 const u8 *addr, struct vlan_description *vlan_id) 689{ 690 int start, end, middle, res; 691 692 start = 0; 693 end = num_entries - 1; 694 695 while (start <= end) { 696 middle = (start + end) / 2; 697 res = os_memcmp(list[middle].addr, addr, ETH_ALEN); 698 if (res == 0) { 699 if (vlan_id) 700 *vlan_id = list[middle].vlan_id; 701 return 1; 702 } 703 if (res < 0) 704 start = middle + 1; 705 else 706 end = middle - 1; 707 } 708 709 return 0; 710} 711 712 713int hostapd_rate_found(int *list, int rate) 714{ 715 int i; 716 717 if (list == NULL) 718 return 0; 719 720 for (i = 0; list[i] >= 0; i++) 721 if (list[i] == rate) 722 return 1; 723 724 return 0; 725} 726 727 728int hostapd_vlan_valid(struct hostapd_vlan *vlan, 729 struct vlan_description *vlan_desc) 730{ 731 struct hostapd_vlan *v = vlan; 732 int i; 733 734 if (!vlan_desc->notempty || vlan_desc->untagged < 0 || 735 vlan_desc->untagged > MAX_VLAN_ID) 736 return 0; 737 for (i = 0; i < MAX_NUM_TAGGED_VLAN; i++) { 738 if (vlan_desc->tagged[i] < 0 || 739 vlan_desc->tagged[i] > MAX_VLAN_ID) 740 return 0; 741 } 742 if (!vlan_desc->untagged && !vlan_desc->tagged[0]) 743 return 0; 744 745 while (v) { 746 if (!vlan_compare(&v->vlan_desc, vlan_desc) || 747 v->vlan_id == VLAN_ID_WILDCARD) 748 return 1; 749 v = v->next; 750 } 751 return 0; 752} 753 754 755const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id) 756{ 757 struct hostapd_vlan *v = vlan; 758 while (v) { 759 if (v->vlan_id == vlan_id) 760 return v->ifname; 761 v = v->next; 762 } 763 return NULL; 764} 765 766 767const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf, 768 const u8 *addr, const u8 *p2p_dev_addr, 769 const u8 *prev_psk) 770{ 771 struct hostapd_wpa_psk *psk; 772 int next_ok = prev_psk == NULL; 773 774 if (p2p_dev_addr && !is_zero_ether_addr(p2p_dev_addr)) { 775 wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR 776 " p2p_dev_addr=" MACSTR " prev_psk=%p", 777 MAC2STR(addr), MAC2STR(p2p_dev_addr), prev_psk); 778 addr = NULL; /* Use P2P Device Address for matching */ 779 } else { 780 wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR 781 " prev_psk=%p", 782 MAC2STR(addr), prev_psk); 783 } 784 785 for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) { 786 if (next_ok && 787 (psk->group || 788 (addr && os_memcmp(psk->addr, addr, ETH_ALEN) == 0) || 789 (!addr && p2p_dev_addr && 790 os_memcmp(psk->p2p_dev_addr, p2p_dev_addr, ETH_ALEN) == 791 0))) 792 return psk->psk; 793 794 if (psk->psk == prev_psk) 795 next_ok = 1; 796 } 797 798 return NULL; 799} 800 801 802static int hostapd_config_check_bss(struct hostapd_bss_config *bss, 803 struct hostapd_config *conf, 804 int full_config) 805{ 806 if (full_config && bss->ieee802_1x && !bss->eap_server && 807 !bss->radius->auth_servers) { 808 wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no " 809 "EAP authenticator configured)."); 810 return -1; 811 } 812 813 if (bss->wpa) { 814 int wep, i; 815 816 wep = bss->default_wep_key_len > 0 || 817 bss->individual_wep_key_len > 0; 818 for (i = 0; i < NUM_WEP_KEYS; i++) { 819 if (bss->ssid.wep.keys_set) { 820 wep = 1; 821 break; 822 } 823 } 824 825 if (wep) { 826 wpa_printf(MSG_ERROR, "WEP configuration in a WPA network is not supported"); 827 return -1; 828 } 829 } 830 831 if (full_config && bss->wpa && 832 bss->wpa_psk_radius != PSK_RADIUS_IGNORED && 833 bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) { 834 wpa_printf(MSG_ERROR, "WPA-PSK using RADIUS enabled, but no " 835 "RADIUS checking (macaddr_acl=2) enabled."); 836 return -1; 837 } 838 839 if (full_config && bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) && 840 bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL && 841 bss->ssid.wpa_psk_file == NULL && 842 (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED || 843 bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) { 844 wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase " 845 "is not configured."); 846 return -1; 847 } 848 849 if (full_config && !is_zero_ether_addr(bss->bssid)) { 850 size_t i; 851 852 for (i = 0; i < conf->num_bss; i++) { 853 if (conf->bss[i] != bss && 854 (hostapd_mac_comp(conf->bss[i]->bssid, 855 bss->bssid) == 0)) { 856 wpa_printf(MSG_ERROR, "Duplicate BSSID " MACSTR 857 " on interface '%s' and '%s'.", 858 MAC2STR(bss->bssid), 859 conf->bss[i]->iface, bss->iface); 860 return -1; 861 } 862 } 863 } 864 865#ifdef CONFIG_IEEE80211R_AP 866 if (full_config && wpa_key_mgmt_ft(bss->wpa_key_mgmt) && 867 (bss->nas_identifier == NULL || 868 os_strlen(bss->nas_identifier) < 1 || 869 os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) { 870 wpa_printf(MSG_ERROR, "FT (IEEE 802.11r) requires " 871 "nas_identifier to be configured as a 1..48 octet " 872 "string"); 873 return -1; 874 } 875#endif /* CONFIG_IEEE80211R_AP */ 876 877#ifdef CONFIG_IEEE80211N 878 if (full_config && conf->ieee80211n && 879 conf->hw_mode == HOSTAPD_MODE_IEEE80211B) { 880 bss->disable_11n = 1; 881 wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) in 11b mode is not " 882 "allowed, disabling HT capabilities"); 883 } 884 885 if (full_config && conf->ieee80211n && 886 bss->ssid.security_policy == SECURITY_STATIC_WEP) { 887 bss->disable_11n = 1; 888 wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not " 889 "allowed, disabling HT capabilities"); 890 } 891 892 if (full_config && conf->ieee80211n && bss->wpa && 893 !(bss->wpa_pairwise & WPA_CIPHER_CCMP) && 894 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | 895 WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256))) 896 { 897 bss->disable_11n = 1; 898 wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 " 899 "requires CCMP/GCMP to be enabled, disabling HT " 900 "capabilities"); 901 } 902#endif /* CONFIG_IEEE80211N */ 903 904#ifdef CONFIG_IEEE80211AC 905 if (full_config && conf->ieee80211ac && 906 bss->ssid.security_policy == SECURITY_STATIC_WEP) { 907 bss->disable_11ac = 1; 908 wpa_printf(MSG_ERROR, 909 "VHT (IEEE 802.11ac) with WEP is not allowed, disabling VHT capabilities"); 910 } 911 912 if (full_config && conf->ieee80211ac && bss->wpa && 913 !(bss->wpa_pairwise & WPA_CIPHER_CCMP) && 914 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | 915 WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256))) 916 { 917 bss->disable_11ac = 1; 918 wpa_printf(MSG_ERROR, 919 "VHT (IEEE 802.11ac) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling VHT capabilities"); 920 } 921#endif /* CONFIG_IEEE80211AC */ 922 923#ifdef CONFIG_WPS 924 if (full_config && bss->wps_state && bss->ignore_broadcast_ssid) { 925 wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid " 926 "configuration forced WPS to be disabled"); 927 bss->wps_state = 0; 928 } 929 930 if (full_config && bss->wps_state && 931 bss->ssid.wep.keys_set && bss->wpa == 0) { 932 wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be " 933 "disabled"); 934 bss->wps_state = 0; 935 } 936 937 if (full_config && bss->wps_state && bss->wpa && 938 (!(bss->wpa & 2) || 939 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)))) { 940 wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without " 941 "WPA2/CCMP/GCMP forced WPS to be disabled"); 942 bss->wps_state = 0; 943 } 944#endif /* CONFIG_WPS */ 945 946#ifdef CONFIG_HS20 947 if (full_config && bss->hs20 && 948 (!(bss->wpa & 2) || 949 !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | 950 WPA_CIPHER_CCMP_256 | 951 WPA_CIPHER_GCMP_256)))) { 952 wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP " 953 "configuration is required for Hotspot 2.0 " 954 "functionality"); 955 return -1; 956 } 957#endif /* CONFIG_HS20 */ 958 959#ifdef CONFIG_MBO 960 if (full_config && bss->mbo_enabled && (bss->wpa & 2) && 961 bss->ieee80211w == NO_MGMT_FRAME_PROTECTION) { 962 wpa_printf(MSG_ERROR, 963 "MBO: PMF needs to be enabled whenever using WPA2 with MBO"); 964 return -1; 965 } 966#endif /* CONFIG_MBO */ 967 968 return 0; 969} 970 971 972static int hostapd_config_check_cw(struct hostapd_config *conf, int queue) 973{ 974 int tx_cwmin = conf->tx_queue[queue].cwmin; 975 int tx_cwmax = conf->tx_queue[queue].cwmax; 976 int ac_cwmin = conf->wmm_ac_params[queue].cwmin; 977 int ac_cwmax = conf->wmm_ac_params[queue].cwmax; 978 979 if (tx_cwmin > tx_cwmax) { 980 wpa_printf(MSG_ERROR, 981 "Invalid TX queue cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)", 982 tx_cwmin, tx_cwmax); 983 return -1; 984 } 985 if (ac_cwmin > ac_cwmax) { 986 wpa_printf(MSG_ERROR, 987 "Invalid WMM AC cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)", 988 ac_cwmin, ac_cwmax); 989 return -1; 990 } 991 return 0; 992} 993 994 995int hostapd_config_check(struct hostapd_config *conf, int full_config) 996{ 997 size_t i; 998 999 if (full_config && conf->ieee80211d && 1000 (!conf->country[0] || !conf->country[1])) { 1001 wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11d without " 1002 "setting the country_code"); 1003 return -1; 1004 } 1005 1006 if (full_config && conf->ieee80211h && !conf->ieee80211d) { 1007 wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11h without " 1008 "IEEE 802.11d enabled"); 1009 return -1; 1010 } 1011 1012 if (full_config && conf->local_pwr_constraint != -1 && 1013 !conf->ieee80211d) { 1014 wpa_printf(MSG_ERROR, "Cannot add Power Constraint element without Country element"); 1015 return -1; 1016 } 1017 1018 if (full_config && conf->spectrum_mgmt_required && 1019 conf->local_pwr_constraint == -1) { 1020 wpa_printf(MSG_ERROR, "Cannot set Spectrum Management bit without Country and Power Constraint elements"); 1021 return -1; 1022 } 1023 1024 for (i = 0; i < NUM_TX_QUEUES; i++) { 1025 if (hostapd_config_check_cw(conf, i)) 1026 return -1; 1027 } 1028 1029 for (i = 0; i < conf->num_bss; i++) { 1030 if (hostapd_config_check_bss(conf->bss[i], conf, full_config)) 1031 return -1; 1032 } 1033 1034 return 0; 1035} 1036 1037 1038void hostapd_set_security_params(struct hostapd_bss_config *bss, 1039 int full_config) 1040{ 1041 if (bss->individual_wep_key_len == 0) { 1042 /* individual keys are not use; can use key idx0 for 1043 * broadcast keys */ 1044 bss->broadcast_key_idx_min = 0; 1045 } 1046 1047 if ((bss->wpa & 2) && bss->rsn_pairwise == 0) 1048 bss->rsn_pairwise = bss->wpa_pairwise; 1049 bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise, 1050 bss->rsn_pairwise); 1051 if (!bss->wpa_group_rekey_set) 1052 bss->wpa_group_rekey = bss->wpa_group == WPA_CIPHER_TKIP ? 1053 600 : 86400; 1054 1055 if (full_config) { 1056 bss->radius->auth_server = bss->radius->auth_servers; 1057 bss->radius->acct_server = bss->radius->acct_servers; 1058 } 1059 1060 if (bss->wpa && bss->ieee802_1x) { 1061 bss->ssid.security_policy = SECURITY_WPA; 1062 } else if (bss->wpa) { 1063 bss->ssid.security_policy = SECURITY_WPA_PSK; 1064 } else if (bss->ieee802_1x) { 1065 int cipher = WPA_CIPHER_NONE; 1066 bss->ssid.security_policy = SECURITY_IEEE_802_1X; 1067 bss->ssid.wep.default_len = bss->default_wep_key_len; 1068 if (full_config && bss->default_wep_key_len) { 1069 cipher = bss->default_wep_key_len >= 13 ? 1070 WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40; 1071 } else if (full_config && bss->ssid.wep.keys_set) { 1072 if (bss->ssid.wep.len[0] >= 13) 1073 cipher = WPA_CIPHER_WEP104; 1074 else 1075 cipher = WPA_CIPHER_WEP40; 1076 } 1077 bss->wpa_group = cipher; 1078 bss->wpa_pairwise = cipher; 1079 bss->rsn_pairwise = cipher; 1080 if (full_config) 1081 bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA; 1082 } else if (bss->ssid.wep.keys_set) { 1083 int cipher = WPA_CIPHER_WEP40; 1084 if (bss->ssid.wep.len[0] >= 13) 1085 cipher = WPA_CIPHER_WEP104; 1086 bss->ssid.security_policy = SECURITY_STATIC_WEP; 1087 bss->wpa_group = cipher; 1088 bss->wpa_pairwise = cipher; 1089 bss->rsn_pairwise = cipher; 1090 if (full_config) 1091 bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE; 1092 } else if (bss->osen) { 1093 bss->ssid.security_policy = SECURITY_OSEN; 1094 bss->wpa_group = WPA_CIPHER_CCMP; 1095 bss->wpa_pairwise = 0; 1096 bss->rsn_pairwise = WPA_CIPHER_CCMP; 1097 } else { 1098 bss->ssid.security_policy = SECURITY_PLAINTEXT; 1099 if (full_config) { 1100 bss->wpa_group = WPA_CIPHER_NONE; 1101 bss->wpa_pairwise = WPA_CIPHER_NONE; 1102 bss->rsn_pairwise = WPA_CIPHER_NONE; 1103 bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE; 1104 } 1105 } 1106} 1107