xref: /dragonfly/contrib/wpa_supplicant/src/ap/ap_config.c (revision 3a84a4273475ed07d0ab1c2dfeffdfedef35d9cd)
1 /*
2  * hostapd / Configuration helper functions
3  * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 
11 #include "utils/common.h"
12 #include "crypto/sha1.h"
13 #include "crypto/tls.h"
14 #include "radius/radius_client.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/ieee802_1x_defs.h"
17 #include "common/eapol_common.h"
18 #include "common/dhcp.h"
19 #include "eap_common/eap_wsc_common.h"
20 #include "eap_server/eap.h"
21 #include "wpa_auth.h"
22 #include "sta_info.h"
23 #include "airtime_policy.h"
24 #include "ap_config.h"
25 
26 
hostapd_config_free_vlan(struct hostapd_bss_config * bss)27 static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)
28 {
29           struct hostapd_vlan *vlan, *prev;
30 
31           vlan = bss->vlan;
32           prev = NULL;
33           while (vlan) {
34                     prev = vlan;
35                     vlan = vlan->next;
36                     os_free(prev);
37           }
38 
39           bss->vlan = NULL;
40 }
41 
42 
43 #ifndef DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES
44 #define DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES 0
45 #endif /* DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES */
46 
hostapd_config_defaults_bss(struct hostapd_bss_config * bss)47 void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
48 {
49           dl_list_init(&bss->anqp_elem);
50 
51           bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;
52           bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;
53           bss->logger_syslog = (unsigned int) -1;
54           bss->logger_stdout = (unsigned int) -1;
55 
56           bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;
57 
58           bss->wep_rekeying_period = 300;
59           /* use key0 in individual key and key1 in broadcast key */
60           bss->broadcast_key_idx_min = 1;
61           bss->broadcast_key_idx_max = 2;
62           bss->eap_reauth_period = 3600;
63 
64           bss->wpa_group_rekey = 600;
65           bss->wpa_gmk_rekey = 86400;
66           bss->wpa_group_update_count = 4;
67           bss->wpa_pairwise_update_count = 4;
68           bss->wpa_disable_eapol_key_retries =
69                     DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
70           bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
71           bss->wpa_pairwise = WPA_CIPHER_TKIP;
72           bss->wpa_group = WPA_CIPHER_TKIP;
73           bss->rsn_pairwise = 0;
74 
75           bss->max_num_sta = MAX_STA_COUNT;
76 
77           bss->dtim_period = 2;
78 
79           bss->radius_server_auth_port = 1812;
80           bss->eap_sim_db_timeout = 1;
81           bss->eap_sim_id = 3;
82           bss->ap_max_inactivity = AP_MAX_INACTIVITY;
83           bss->eapol_version = EAPOL_VERSION;
84 
85           bss->max_listen_interval = 65535;
86 
87           bss->pwd_group = 19; /* ECC: GF(p=256) */
88 
89 #ifdef CONFIG_IEEE80211W
90           bss->assoc_sa_query_max_timeout = 1000;
91           bss->assoc_sa_query_retry_timeout = 201;
92           bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
93 #endif /* CONFIG_IEEE80211W */
94 #ifdef EAP_SERVER_FAST
95            /* both anonymous and authenticated provisioning */
96           bss->eap_fast_prov = 3;
97           bss->pac_key_lifetime = 7 * 24 * 60 * 60;
98           bss->pac_key_refresh_time = 1 * 24 * 60 * 60;
99 #endif /* EAP_SERVER_FAST */
100 
101           /* Set to -1 as defaults depends on HT in setup */
102           bss->wmm_enabled = -1;
103 
104 #ifdef CONFIG_IEEE80211R_AP
105           bss->ft_over_ds = 1;
106           bss->rkh_pos_timeout = 86400;
107           bss->rkh_neg_timeout = 60;
108           bss->rkh_pull_timeout = 1000;
109           bss->rkh_pull_retries = 4;
110           bss->r0_key_lifetime = 1209600;
111 #endif /* CONFIG_IEEE80211R_AP */
112 
113           bss->radius_das_time_window = 300;
114 
115           bss->sae_anti_clogging_threshold = 5;
116           bss->sae_sync = 5;
117 
118           bss->gas_frag_limit = 1400;
119 
120 #ifdef CONFIG_FILS
121           dl_list_init(&bss->fils_realms);
122           bss->fils_hlp_wait_time = 30;
123           bss->dhcp_server_port = DHCP_SERVER_PORT;
124           bss->dhcp_relay_port = DHCP_SERVER_PORT;
125 #endif /* CONFIG_FILS */
126 
127           bss->broadcast_deauth = 1;
128 
129 #ifdef CONFIG_MBO
130           bss->mbo_cell_data_conn_pref = -1;
131 #endif /* CONFIG_MBO */
132 
133           /* Disable TLS v1.3 by default for now to avoid interoperability issue.
134            * This can be enabled by default once the implementation has been fully
135            * completed and tested with other implementations. */
136           bss->tls_flags = TLS_CONN_DISABLE_TLSv1_3;
137 
138           bss->send_probe_response = 1;
139 
140 #ifdef CONFIG_HS20
141           bss->hs20_release = (HS20_VERSION >> 4) + 1;
142 #endif /* CONFIG_HS20 */
143 
144 #ifdef CONFIG_MACSEC
145           bss->mka_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
146           bss->macsec_port = 1;
147 #endif /* CONFIG_MACSEC */
148 
149           /* Default to strict CRL checking. */
150           bss->check_crl_strict = 1;
151 }
152 
153 
hostapd_config_defaults(void)154 struct hostapd_config * hostapd_config_defaults(void)
155 {
156 #define ecw2cw(ecw) ((1 << (ecw)) - 1)
157 
158           struct hostapd_config *conf;
159           struct hostapd_bss_config *bss;
160           const int aCWmin = 4, aCWmax = 10;
161           const struct hostapd_wmm_ac_params ac_bk =
162                     { aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
163           const struct hostapd_wmm_ac_params ac_be =
164                     { aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
165           const struct hostapd_wmm_ac_params ac_vi = /* video traffic */
166                     { aCWmin - 1, aCWmin, 2, 3008 / 32, 0 };
167           const struct hostapd_wmm_ac_params ac_vo = /* voice traffic */
168                     { aCWmin - 2, aCWmin - 1, 2, 1504 / 32, 0 };
169           const struct hostapd_tx_queue_params txq_bk =
170                     { 7, ecw2cw(aCWmin), ecw2cw(aCWmax), 0 };
171           const struct hostapd_tx_queue_params txq_be =
172                     { 3, ecw2cw(aCWmin), 4 * (ecw2cw(aCWmin) + 1) - 1, 0};
173           const struct hostapd_tx_queue_params txq_vi =
174                     { 1, (ecw2cw(aCWmin) + 1) / 2 - 1, ecw2cw(aCWmin), 30};
175           const struct hostapd_tx_queue_params txq_vo =
176                     { 1, (ecw2cw(aCWmin) + 1) / 4 - 1,
177                       (ecw2cw(aCWmin) + 1) / 2 - 1, 15};
178 
179 #undef ecw2cw
180 
181           conf = os_zalloc(sizeof(*conf));
182           bss = os_zalloc(sizeof(*bss));
183           if (conf == NULL || bss == NULL) {
184                     wpa_printf(MSG_ERROR, "Failed to allocate memory for "
185                                  "configuration data.");
186                     os_free(conf);
187                     os_free(bss);
188                     return NULL;
189           }
190           conf->bss = os_calloc(1, sizeof(struct hostapd_bss_config *));
191           if (conf->bss == NULL) {
192                     os_free(conf);
193                     os_free(bss);
194                     return NULL;
195           }
196           conf->bss[0] = bss;
197 
198           bss->radius = os_zalloc(sizeof(*bss->radius));
199           if (bss->radius == NULL) {
200                     os_free(conf->bss);
201                     os_free(conf);
202                     os_free(bss);
203                     return NULL;
204           }
205 
206           hostapd_config_defaults_bss(bss);
207 
208           conf->num_bss = 1;
209 
210           conf->beacon_int = 100;
211           conf->rts_threshold = -2; /* use driver default: 2347 */
212           conf->fragm_threshold = -2; /* user driver default: 2346 */
213           /* Set to invalid value means do not add Power Constraint IE */
214           conf->local_pwr_constraint = -1;
215 
216           conf->wmm_ac_params[0] = ac_be;
217           conf->wmm_ac_params[1] = ac_bk;
218           conf->wmm_ac_params[2] = ac_vi;
219           conf->wmm_ac_params[3] = ac_vo;
220 
221           conf->tx_queue[0] = txq_vo;
222           conf->tx_queue[1] = txq_vi;
223           conf->tx_queue[2] = txq_be;
224           conf->tx_queue[3] = txq_bk;
225 
226           conf->ht_capab = HT_CAP_INFO_SMPS_DISABLED;
227 
228           conf->ap_table_max_size = 255;
229           conf->ap_table_expiration_time = 60;
230           conf->track_sta_max_age = 180;
231 
232 #ifdef CONFIG_TESTING_OPTIONS
233           conf->ignore_probe_probability = 0.0;
234           conf->ignore_auth_probability = 0.0;
235           conf->ignore_assoc_probability = 0.0;
236           conf->ignore_reassoc_probability = 0.0;
237           conf->corrupt_gtk_rekey_mic_probability = 0.0;
238           conf->ecsa_ie_only = 0;
239 #endif /* CONFIG_TESTING_OPTIONS */
240 
241           conf->acs = 0;
242           conf->acs_ch_list.num = 0;
243 #ifdef CONFIG_ACS
244           conf->acs_num_scans = 5;
245 #endif /* CONFIG_ACS */
246 
247 #ifdef CONFIG_IEEE80211AX
248           conf->he_op.he_rts_threshold = HE_OPERATION_RTS_THRESHOLD_MASK >>
249                     HE_OPERATION_RTS_THRESHOLD_OFFSET;
250           /* Set default basic MCS/NSS set to single stream MCS 0-7 */
251           conf->he_op.he_basic_mcs_nss_set = 0xfffc;
252 #endif /* CONFIG_IEEE80211AX */
253 
254           /* The third octet of the country string uses an ASCII space character
255            * by default to indicate that the regulations encompass all
256            * environments for the current frequency band in the country. */
257           conf->country[2] = ' ';
258 
259           conf->rssi_reject_assoc_rssi = 0;
260           conf->rssi_reject_assoc_timeout = 30;
261 
262 #ifdef CONFIG_AIRTIME_POLICY
263           conf->airtime_update_interval = AIRTIME_DEFAULT_UPDATE_INTERVAL;
264 #endif /* CONFIG_AIRTIME_POLICY */
265 
266           return conf;
267 }
268 
269 
hostapd_mac_comp(const void * a,const void * b)270 int hostapd_mac_comp(const void *a, const void *b)
271 {
272           return os_memcmp(a, b, sizeof(macaddr));
273 }
274 
275 
hostapd_config_read_wpa_psk(const char * fname,struct hostapd_ssid * ssid)276 static int hostapd_config_read_wpa_psk(const char *fname,
277                                                struct hostapd_ssid *ssid)
278 {
279           FILE *f;
280           char buf[128], *pos;
281           const char *keyid;
282           char *context;
283           char *context2;
284           char *token;
285           char *name;
286           char *value;
287           int line = 0, ret = 0, len, ok;
288           u8 addr[ETH_ALEN];
289           struct hostapd_wpa_psk *psk;
290 
291           if (!fname)
292                     return 0;
293 
294           f = fopen(fname, "r");
295           if (!f) {
296                     wpa_printf(MSG_ERROR, "WPA PSK file '%s' not found.", fname);
297                     return -1;
298           }
299 
300           while (fgets(buf, sizeof(buf), f)) {
301                     int vlan_id = 0;
302 
303                     line++;
304 
305                     if (buf[0] == '#')
306                               continue;
307                     pos = buf;
308                     while (*pos != '\0') {
309                               if (*pos == '\n') {
310                                         *pos = '\0';
311                                         break;
312                               }
313                               pos++;
314                     }
315                     if (buf[0] == '\0')
316                               continue;
317 
318                     context = NULL;
319                     keyid = NULL;
320                     while ((token = str_token(buf, " ", &context))) {
321                               if (!os_strchr(token, '='))
322                                         break;
323                               context2 = NULL;
324                               name = str_token(token, "=", &context2);
325                               if (!name)
326                                         break;
327                               value = str_token(token, "", &context2);
328                               if (!value)
329                                         value = "";
330                               if (!os_strcmp(name, "keyid")) {
331                                         keyid = value;
332                               } else if (!os_strcmp(name, "vlanid")) {
333                                         vlan_id = atoi(value);
334                               } else {
335                                         wpa_printf(MSG_ERROR,
336                                                      "Unrecognized '%s=%s' on line %d in '%s'",
337                                                      name, value, line, fname);
338                                         ret = -1;
339                                         break;
340                               }
341                     }
342 
343                     if (ret == -1)
344                               break;
345 
346                     if (!token)
347                               token = "";
348                     if (hwaddr_aton(token, addr)) {
349                               wpa_printf(MSG_ERROR, "Invalid MAC address '%s' on "
350                                            "line %d in '%s'", token, line, fname);
351                               ret = -1;
352                               break;
353                     }
354 
355                     psk = os_zalloc(sizeof(*psk));
356                     if (psk == NULL) {
357                               wpa_printf(MSG_ERROR, "WPA PSK allocation failed");
358                               ret = -1;
359                               break;
360                     }
361                     psk->vlan_id = vlan_id;
362                     if (is_zero_ether_addr(addr))
363                               psk->group = 1;
364                     else
365                               os_memcpy(psk->addr, addr, ETH_ALEN);
366 
367                     pos = str_token(buf, "", &context);
368                     if (!pos) {
369                               wpa_printf(MSG_ERROR, "No PSK on line %d in '%s'",
370                                            line, fname);
371                               os_free(psk);
372                               ret = -1;
373                               break;
374                     }
375 
376                     ok = 0;
377                     len = os_strlen(pos);
378                     if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
379                               ok = 1;
380                     else if (len >= 8 && len < 64) {
381                               pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
382                                             4096, psk->psk, PMK_LEN);
383                               ok = 1;
384                     }
385                     if (!ok) {
386                               wpa_printf(MSG_ERROR, "Invalid PSK '%s' on line %d in "
387                                            "'%s'", pos, line, fname);
388                               os_free(psk);
389                               ret = -1;
390                               break;
391                     }
392 
393                     if (keyid) {
394                               len = os_strlcpy(psk->keyid, keyid, sizeof(psk->keyid));
395                               if ((size_t) len >= sizeof(psk->keyid)) {
396                                         wpa_printf(MSG_ERROR,
397                                                      "PSK keyid too long on line %d in '%s'",
398                                                      line, fname);
399                                         os_free(psk);
400                                         ret = -1;
401                                         break;
402                               }
403                     }
404 
405                     psk->next = ssid->wpa_psk;
406                     ssid->wpa_psk = psk;
407           }
408 
409           fclose(f);
410 
411           return ret;
412 }
413 
414 
hostapd_derive_psk(struct hostapd_ssid * ssid)415 static int hostapd_derive_psk(struct hostapd_ssid *ssid)
416 {
417           ssid->wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
418           if (ssid->wpa_psk == NULL) {
419                     wpa_printf(MSG_ERROR, "Unable to alloc space for PSK");
420                     return -1;
421           }
422           wpa_hexdump_ascii(MSG_DEBUG, "SSID",
423                                 (u8 *) ssid->ssid, ssid->ssid_len);
424           wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)",
425                                     (u8 *) ssid->wpa_passphrase,
426                                     os_strlen(ssid->wpa_passphrase));
427           pbkdf2_sha1(ssid->wpa_passphrase,
428                         ssid->ssid, ssid->ssid_len,
429                         4096, ssid->wpa_psk->psk, PMK_LEN);
430           wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)",
431                               ssid->wpa_psk->psk, PMK_LEN);
432           return 0;
433 }
434 
435 
hostapd_setup_wpa_psk(struct hostapd_bss_config * conf)436 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
437 {
438           struct hostapd_ssid *ssid = &conf->ssid;
439 
440           if (ssid->wpa_passphrase != NULL) {
441                     if (ssid->wpa_psk != NULL) {
442                               wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK "
443                                            "instead of passphrase");
444                     } else {
445                               wpa_printf(MSG_DEBUG, "Deriving WPA PSK based on "
446                                            "passphrase");
447                               if (hostapd_derive_psk(ssid) < 0)
448                                         return -1;
449                     }
450                     ssid->wpa_psk->group = 1;
451           }
452 
453           return hostapd_config_read_wpa_psk(ssid->wpa_psk_file, &conf->ssid);
454 }
455 
456 
hostapd_config_free_radius(struct hostapd_radius_server * servers,int num_servers)457 static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
458                                                int num_servers)
459 {
460           int i;
461 
462           for (i = 0; i < num_servers; i++) {
463                     os_free(servers[i].shared_secret);
464           }
465           os_free(servers);
466 }
467 
468 
469 struct hostapd_radius_attr *
hostapd_config_get_radius_attr(struct hostapd_radius_attr * attr,u8 type)470 hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type)
471 {
472           for (; attr; attr = attr->next) {
473                     if (attr->type == type)
474                               return attr;
475           }
476           return NULL;
477 }
478 
479 
hostapd_parse_radius_attr(const char * value)480 struct hostapd_radius_attr * hostapd_parse_radius_attr(const char *value)
481 {
482           const char *pos;
483           char syntax;
484           struct hostapd_radius_attr *attr;
485           size_t len;
486 
487           attr = os_zalloc(sizeof(*attr));
488           if (!attr)
489                     return NULL;
490 
491           attr->type = atoi(value);
492 
493           pos = os_strchr(value, ':');
494           if (!pos) {
495                     attr->val = wpabuf_alloc(1);
496                     if (!attr->val) {
497                               os_free(attr);
498                               return NULL;
499                     }
500                     wpabuf_put_u8(attr->val, 0);
501                     return attr;
502           }
503 
504           pos++;
505           if (pos[0] == '\0' || pos[1] != ':') {
506                     os_free(attr);
507                     return NULL;
508           }
509           syntax = *pos++;
510           pos++;
511 
512           switch (syntax) {
513           case 's':
514                     attr->val = wpabuf_alloc_copy(pos, os_strlen(pos));
515                     break;
516           case 'x':
517                     len = os_strlen(pos);
518                     if (len & 1)
519                               break;
520                     len /= 2;
521                     attr->val = wpabuf_alloc(len);
522                     if (!attr->val)
523                               break;
524                     if (hexstr2bin(pos, wpabuf_put(attr->val, len), len) < 0) {
525                               wpabuf_free(attr->val);
526                               os_free(attr);
527                               return NULL;
528                     }
529                     break;
530           case 'd':
531                     attr->val = wpabuf_alloc(4);
532                     if (attr->val)
533                               wpabuf_put_be32(attr->val, atoi(pos));
534                     break;
535           default:
536                     os_free(attr);
537                     return NULL;
538           }
539 
540           if (!attr->val) {
541                     os_free(attr);
542                     return NULL;
543           }
544 
545           return attr;
546 }
547 
548 
hostapd_config_free_radius_attr(struct hostapd_radius_attr * attr)549 void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr)
550 {
551           struct hostapd_radius_attr *prev;
552 
553           while (attr) {
554                     prev = attr;
555                     attr = attr->next;
556                     wpabuf_free(prev->val);
557                     os_free(prev);
558           }
559 }
560 
561 
hostapd_config_free_eap_user(struct hostapd_eap_user * user)562 void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
563 {
564           hostapd_config_free_radius_attr(user->accept_attr);
565           os_free(user->identity);
566           bin_clear_free(user->password, user->password_len);
567           bin_clear_free(user->salt, user->salt_len);
568           os_free(user);
569 }
570 
571 
hostapd_config_free_eap_users(struct hostapd_eap_user * user)572 void hostapd_config_free_eap_users(struct hostapd_eap_user *user)
573 {
574           struct hostapd_eap_user *prev_user;
575 
576           while (user) {
577                     prev_user = user;
578                     user = user->next;
579                     hostapd_config_free_eap_user(prev_user);
580           }
581 }
582 
583 
hostapd_config_free_wep(struct hostapd_wep_keys * keys)584 static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
585 {
586           int i;
587           for (i = 0; i < NUM_WEP_KEYS; i++) {
588                     bin_clear_free(keys->key[i], keys->len[i]);
589                     keys->key[i] = NULL;
590           }
591 }
592 
593 
hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk ** l)594 void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **l)
595 {
596           struct hostapd_wpa_psk *psk, *tmp;
597 
598           for (psk = *l; psk;) {
599                     tmp = psk;
600                     psk = psk->next;
601                     bin_clear_free(tmp, sizeof(*tmp));
602           }
603           *l = NULL;
604 }
605 
606 
hostapd_config_free_anqp_elem(struct hostapd_bss_config * conf)607 static void hostapd_config_free_anqp_elem(struct hostapd_bss_config *conf)
608 {
609           struct anqp_element *elem;
610 
611           while ((elem = dl_list_first(&conf->anqp_elem, struct anqp_element,
612                                              list))) {
613                     dl_list_del(&elem->list);
614                     wpabuf_free(elem->payload);
615                     os_free(elem);
616           }
617 }
618 
619 
hostapd_config_free_fils_realms(struct hostapd_bss_config * conf)620 static void hostapd_config_free_fils_realms(struct hostapd_bss_config *conf)
621 {
622 #ifdef CONFIG_FILS
623           struct fils_realm *realm;
624 
625           while ((realm = dl_list_first(&conf->fils_realms, struct fils_realm,
626                                               list))) {
627                     dl_list_del(&realm->list);
628                     os_free(realm);
629           }
630 #endif /* CONFIG_FILS */
631 }
632 
633 
hostapd_config_free_sae_passwords(struct hostapd_bss_config * conf)634 static void hostapd_config_free_sae_passwords(struct hostapd_bss_config *conf)
635 {
636           struct sae_password_entry *pw, *tmp;
637 
638           pw = conf->sae_passwords;
639           conf->sae_passwords = NULL;
640           while (pw) {
641                     tmp = pw;
642                     pw = pw->next;
643                     str_clear_free(tmp->password);
644                     os_free(tmp->identifier);
645                     os_free(tmp);
646           }
647 }
648 
649 
650 #ifdef CONFIG_DPP2
hostapd_dpp_controller_conf_free(struct dpp_controller_conf * conf)651 static void hostapd_dpp_controller_conf_free(struct dpp_controller_conf *conf)
652 {
653           struct dpp_controller_conf *prev;
654 
655           while (conf) {
656                     prev = conf;
657                     conf = conf->next;
658                     os_free(prev);
659           }
660 }
661 #endif /* CONFIG_DPP2 */
662 
663 
hostapd_config_free_bss(struct hostapd_bss_config * conf)664 void hostapd_config_free_bss(struct hostapd_bss_config *conf)
665 {
666 #if defined(CONFIG_WPS) || defined(CONFIG_HS20)
667           size_t i;
668 #endif
669 
670           if (conf == NULL)
671                     return;
672 
673           hostapd_config_clear_wpa_psk(&conf->ssid.wpa_psk);
674 
675           str_clear_free(conf->ssid.wpa_passphrase);
676           os_free(conf->ssid.wpa_psk_file);
677           hostapd_config_free_wep(&conf->ssid.wep);
678 #ifdef CONFIG_FULL_DYNAMIC_VLAN
679           os_free(conf->ssid.vlan_tagged_interface);
680 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
681 
682           hostapd_config_free_eap_users(conf->eap_user);
683           os_free(conf->eap_user_sqlite);
684 
685           os_free(conf->eap_req_id_text);
686           os_free(conf->erp_domain);
687           os_free(conf->accept_mac);
688           os_free(conf->deny_mac);
689           os_free(conf->nas_identifier);
690           if (conf->radius) {
691                     hostapd_config_free_radius(conf->radius->auth_servers,
692                                                      conf->radius->num_auth_servers);
693                     hostapd_config_free_radius(conf->radius->acct_servers,
694                                                      conf->radius->num_acct_servers);
695           }
696           hostapd_config_free_radius_attr(conf->radius_auth_req_attr);
697           hostapd_config_free_radius_attr(conf->radius_acct_req_attr);
698           os_free(conf->radius_req_attr_sqlite);
699           os_free(conf->rsn_preauth_interfaces);
700           os_free(conf->ctrl_interface);
701           os_free(conf->ca_cert);
702           os_free(conf->server_cert);
703           os_free(conf->server_cert2);
704           os_free(conf->private_key);
705           os_free(conf->private_key2);
706           os_free(conf->private_key_passwd);
707           os_free(conf->private_key_passwd2);
708           os_free(conf->check_cert_subject);
709           os_free(conf->ocsp_stapling_response);
710           os_free(conf->ocsp_stapling_response_multi);
711           os_free(conf->dh_file);
712           os_free(conf->openssl_ciphers);
713           os_free(conf->openssl_ecdh_curves);
714           os_free(conf->pac_opaque_encr_key);
715           os_free(conf->eap_fast_a_id);
716           os_free(conf->eap_fast_a_id_info);
717           os_free(conf->eap_sim_db);
718           os_free(conf->radius_server_clients);
719           os_free(conf->radius);
720           os_free(conf->radius_das_shared_secret);
721           hostapd_config_free_vlan(conf);
722           os_free(conf->time_zone);
723 
724 #ifdef CONFIG_IEEE80211R_AP
725           {
726                     struct ft_remote_r0kh *r0kh, *r0kh_prev;
727                     struct ft_remote_r1kh *r1kh, *r1kh_prev;
728 
729                     r0kh = conf->r0kh_list;
730                     conf->r0kh_list = NULL;
731                     while (r0kh) {
732                               r0kh_prev = r0kh;
733                               r0kh = r0kh->next;
734                               os_free(r0kh_prev);
735                     }
736 
737                     r1kh = conf->r1kh_list;
738                     conf->r1kh_list = NULL;
739                     while (r1kh) {
740                               r1kh_prev = r1kh;
741                               r1kh = r1kh->next;
742                               os_free(r1kh_prev);
743                     }
744           }
745 #endif /* CONFIG_IEEE80211R_AP */
746 
747 #ifdef CONFIG_WPS
748           os_free(conf->wps_pin_requests);
749           os_free(conf->device_name);
750           os_free(conf->manufacturer);
751           os_free(conf->model_name);
752           os_free(conf->model_number);
753           os_free(conf->serial_number);
754           os_free(conf->config_methods);
755           os_free(conf->ap_pin);
756           os_free(conf->extra_cred);
757           os_free(conf->ap_settings);
758           hostapd_config_clear_wpa_psk(&conf->multi_ap_backhaul_ssid.wpa_psk);
759           str_clear_free(conf->multi_ap_backhaul_ssid.wpa_passphrase);
760           os_free(conf->upnp_iface);
761           os_free(conf->friendly_name);
762           os_free(conf->manufacturer_url);
763           os_free(conf->model_description);
764           os_free(conf->model_url);
765           os_free(conf->upc);
766           for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++)
767                     wpabuf_free(conf->wps_vendor_ext[i]);
768           wpabuf_free(conf->wps_nfc_dh_pubkey);
769           wpabuf_free(conf->wps_nfc_dh_privkey);
770           wpabuf_free(conf->wps_nfc_dev_pw);
771 #endif /* CONFIG_WPS */
772 
773           os_free(conf->roaming_consortium);
774           os_free(conf->venue_name);
775           os_free(conf->venue_url);
776           os_free(conf->nai_realm_data);
777           os_free(conf->network_auth_type);
778           os_free(conf->anqp_3gpp_cell_net);
779           os_free(conf->domain_name);
780           hostapd_config_free_anqp_elem(conf);
781 
782 #ifdef CONFIG_RADIUS_TEST
783           os_free(conf->dump_msk_file);
784 #endif /* CONFIG_RADIUS_TEST */
785 
786 #ifdef CONFIG_HS20
787           os_free(conf->hs20_oper_friendly_name);
788           os_free(conf->hs20_wan_metrics);
789           os_free(conf->hs20_connection_capability);
790           os_free(conf->hs20_operating_class);
791           os_free(conf->hs20_icons);
792           if (conf->hs20_osu_providers) {
793                     for (i = 0; i < conf->hs20_osu_providers_count; i++) {
794                               struct hs20_osu_provider *p;
795                               size_t j;
796                               p = &conf->hs20_osu_providers[i];
797                               os_free(p->friendly_name);
798                               os_free(p->server_uri);
799                               os_free(p->method_list);
800                               for (j = 0; j < p->icons_count; j++)
801                                         os_free(p->icons[j]);
802                               os_free(p->icons);
803                               os_free(p->osu_nai);
804                               os_free(p->osu_nai2);
805                               os_free(p->service_desc);
806                     }
807                     os_free(conf->hs20_osu_providers);
808           }
809           if (conf->hs20_operator_icon) {
810                     for (i = 0; i < conf->hs20_operator_icon_count; i++)
811                               os_free(conf->hs20_operator_icon[i]);
812                     os_free(conf->hs20_operator_icon);
813           }
814           os_free(conf->subscr_remediation_url);
815           os_free(conf->hs20_sim_provisioning_url);
816           os_free(conf->t_c_filename);
817           os_free(conf->t_c_server_url);
818 #endif /* CONFIG_HS20 */
819 
820           wpabuf_free(conf->vendor_elements);
821           wpabuf_free(conf->assocresp_elements);
822 
823           os_free(conf->sae_groups);
824 #ifdef CONFIG_OWE
825           os_free(conf->owe_groups);
826 #endif /* CONFIG_OWE */
827 
828           os_free(conf->wowlan_triggers);
829 
830           os_free(conf->server_id);
831 
832 #ifdef CONFIG_TESTING_OPTIONS
833           wpabuf_free(conf->own_ie_override);
834           wpabuf_free(conf->sae_commit_override);
835 #endif /* CONFIG_TESTING_OPTIONS */
836 
837           os_free(conf->no_probe_resp_if_seen_on);
838           os_free(conf->no_auth_if_seen_on);
839 
840           hostapd_config_free_fils_realms(conf);
841 
842 #ifdef CONFIG_DPP
843           os_free(conf->dpp_connector);
844           wpabuf_free(conf->dpp_netaccesskey);
845           wpabuf_free(conf->dpp_csign);
846 #ifdef CONFIG_DPP2
847           hostapd_dpp_controller_conf_free(conf->dpp_controller);
848 #endif /* CONFIG_DPP2 */
849 #endif /* CONFIG_DPP */
850 
851           hostapd_config_free_sae_passwords(conf);
852 
853 #ifdef CONFIG_AIRTIME_POLICY
854           {
855                     struct airtime_sta_weight *wt, *wt_prev;
856 
857                     wt = conf->airtime_weight_list;
858                     conf->airtime_weight_list = NULL;
859                     while (wt) {
860                               wt_prev = wt;
861                               wt = wt->next;
862                               os_free(wt_prev);
863                     }
864           }
865 #endif /* CONFIG_AIRTIME_POLICY */
866 
867           os_free(conf);
868 }
869 
870 
871 /**
872  * hostapd_config_free - Free hostapd configuration
873  * @conf: Configuration data from hostapd_config_read().
874  */
hostapd_config_free(struct hostapd_config * conf)875 void hostapd_config_free(struct hostapd_config *conf)
876 {
877           size_t i;
878 
879           if (conf == NULL)
880                     return;
881 
882           for (i = 0; i < conf->num_bss; i++)
883                     hostapd_config_free_bss(conf->bss[i]);
884           os_free(conf->bss);
885           os_free(conf->supported_rates);
886           os_free(conf->basic_rates);
887           os_free(conf->acs_ch_list.range);
888           os_free(conf->driver_params);
889 #ifdef CONFIG_ACS
890           os_free(conf->acs_chan_bias);
891 #endif /* CONFIG_ACS */
892           wpabuf_free(conf->lci);
893           wpabuf_free(conf->civic);
894 
895           os_free(conf);
896 }
897 
898 
899 /**
900  * hostapd_maclist_found - Find a MAC address from a list
901  * @list: MAC address list
902  * @num_entries: Number of addresses in the list
903  * @addr: Address to search for
904  * @vlan_id: Buffer for returning VLAN ID or %NULL if not needed
905  * Returns: 1 if address is in the list or 0 if not.
906  *
907  * Perform a binary search for given MAC address from a pre-sorted list.
908  */
hostapd_maclist_found(struct mac_acl_entry * list,int num_entries,const u8 * addr,struct vlan_description * vlan_id)909 int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
910                                 const u8 *addr, struct vlan_description *vlan_id)
911 {
912           int start, end, middle, res;
913 
914           start = 0;
915           end = num_entries - 1;
916 
917           while (start <= end) {
918                     middle = (start + end) / 2;
919                     res = os_memcmp(list[middle].addr, addr, ETH_ALEN);
920                     if (res == 0) {
921                               if (vlan_id)
922                                         *vlan_id = list[middle].vlan_id;
923                               return 1;
924                     }
925                     if (res < 0)
926                               start = middle + 1;
927                     else
928                               end = middle - 1;
929           }
930 
931           return 0;
932 }
933 
934 
hostapd_rate_found(int * list,int rate)935 int hostapd_rate_found(int *list, int rate)
936 {
937           int i;
938 
939           if (list == NULL)
940                     return 0;
941 
942           for (i = 0; list[i] >= 0; i++)
943                     if (list[i] == rate)
944                               return 1;
945 
946           return 0;
947 }
948 
949 
hostapd_vlan_valid(struct hostapd_vlan * vlan,struct vlan_description * vlan_desc)950 int hostapd_vlan_valid(struct hostapd_vlan *vlan,
951                            struct vlan_description *vlan_desc)
952 {
953           struct hostapd_vlan *v = vlan;
954           int i;
955 
956           if (!vlan_desc->notempty || vlan_desc->untagged < 0 ||
957               vlan_desc->untagged > MAX_VLAN_ID)
958                     return 0;
959           for (i = 0; i < MAX_NUM_TAGGED_VLAN; i++) {
960                     if (vlan_desc->tagged[i] < 0 ||
961                         vlan_desc->tagged[i] > MAX_VLAN_ID)
962                               return 0;
963           }
964           if (!vlan_desc->untagged && !vlan_desc->tagged[0])
965                     return 0;
966 
967           while (v) {
968                     if (!vlan_compare(&v->vlan_desc, vlan_desc) ||
969                         v->vlan_id == VLAN_ID_WILDCARD)
970                               return 1;
971                     v = v->next;
972           }
973           return 0;
974 }
975 
976 
hostapd_get_vlan_id_ifname(struct hostapd_vlan * vlan,int vlan_id)977 const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
978 {
979           struct hostapd_vlan *v = vlan;
980           while (v) {
981                     if (v->vlan_id == vlan_id)
982                               return v->ifname;
983                     v = v->next;
984           }
985           return NULL;
986 }
987 
988 
hostapd_get_psk(const struct hostapd_bss_config * conf,const u8 * addr,const u8 * p2p_dev_addr,const u8 * prev_psk,int * vlan_id)989 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
990                                  const u8 *addr, const u8 *p2p_dev_addr,
991                                  const u8 *prev_psk, int *vlan_id)
992 {
993           struct hostapd_wpa_psk *psk;
994           int next_ok = prev_psk == NULL;
995 
996           if (vlan_id)
997                     *vlan_id = 0;
998 
999           if (p2p_dev_addr && !is_zero_ether_addr(p2p_dev_addr)) {
1000                     wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
1001                                  " p2p_dev_addr=" MACSTR " prev_psk=%p",
1002                                  MAC2STR(addr), MAC2STR(p2p_dev_addr), prev_psk);
1003                     addr = NULL; /* Use P2P Device Address for matching */
1004           } else {
1005                     wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
1006                                  " prev_psk=%p",
1007                                  MAC2STR(addr), prev_psk);
1008           }
1009 
1010           for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
1011                     if (next_ok &&
1012                         (psk->group ||
1013                          (addr && os_memcmp(psk->addr, addr, ETH_ALEN) == 0) ||
1014                          (!addr && p2p_dev_addr &&
1015                           os_memcmp(psk->p2p_dev_addr, p2p_dev_addr, ETH_ALEN) ==
1016                           0))) {
1017                               if (vlan_id)
1018                                         *vlan_id = psk->vlan_id;
1019                               return psk->psk;
1020                     }
1021 
1022                     if (psk->psk == prev_psk)
1023                               next_ok = 1;
1024           }
1025 
1026           return NULL;
1027 }
1028 
1029 
hostapd_config_check_bss(struct hostapd_bss_config * bss,struct hostapd_config * conf,int full_config)1030 static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
1031                                             struct hostapd_config *conf,
1032                                             int full_config)
1033 {
1034           if (full_config && bss->ieee802_1x && !bss->eap_server &&
1035               !bss->radius->auth_servers) {
1036                     wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no "
1037                                  "EAP authenticator configured).");
1038                     return -1;
1039           }
1040 
1041           if (bss->wpa) {
1042                     int wep, i;
1043 
1044                     wep = bss->default_wep_key_len > 0 ||
1045                            bss->individual_wep_key_len > 0;
1046                     for (i = 0; i < NUM_WEP_KEYS; i++) {
1047                               if (bss->ssid.wep.keys_set) {
1048                                         wep = 1;
1049                                         break;
1050                               }
1051                     }
1052 
1053                     if (wep) {
1054                               wpa_printf(MSG_ERROR, "WEP configuration in a WPA network is not supported");
1055                               return -1;
1056                     }
1057           }
1058 
1059           if (full_config && bss->wpa &&
1060               bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
1061               bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
1062                     wpa_printf(MSG_ERROR, "WPA-PSK using RADIUS enabled, but no "
1063                                  "RADIUS checking (macaddr_acl=2) enabled.");
1064                     return -1;
1065           }
1066 
1067           if (full_config && bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
1068               bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
1069               bss->ssid.wpa_psk_file == NULL &&
1070               (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED ||
1071                bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) {
1072                     wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase "
1073                                  "is not configured.");
1074                     return -1;
1075           }
1076 
1077           if (full_config && !is_zero_ether_addr(bss->bssid)) {
1078                     size_t i;
1079 
1080                     for (i = 0; i < conf->num_bss; i++) {
1081                               if (conf->bss[i] != bss &&
1082                                   (hostapd_mac_comp(conf->bss[i]->bssid,
1083                                                         bss->bssid) == 0)) {
1084                                         wpa_printf(MSG_ERROR, "Duplicate BSSID " MACSTR
1085                                                      " on interface '%s' and '%s'.",
1086                                                      MAC2STR(bss->bssid),
1087                                                      conf->bss[i]->iface, bss->iface);
1088                                         return -1;
1089                               }
1090                     }
1091           }
1092 
1093 #ifdef CONFIG_IEEE80211R_AP
1094           if (full_config && wpa_key_mgmt_ft(bss->wpa_key_mgmt) &&
1095               (bss->nas_identifier == NULL ||
1096                os_strlen(bss->nas_identifier) < 1 ||
1097                os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) {
1098                     wpa_printf(MSG_ERROR, "FT (IEEE 802.11r) requires "
1099                                  "nas_identifier to be configured as a 1..48 octet "
1100                                  "string");
1101                     return -1;
1102           }
1103 #endif /* CONFIG_IEEE80211R_AP */
1104 
1105 #ifdef CONFIG_IEEE80211N
1106           if (full_config && conf->ieee80211n &&
1107               conf->hw_mode == HOSTAPD_MODE_IEEE80211B) {
1108                     bss->disable_11n = 1;
1109                     wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) in 11b mode is not "
1110                                  "allowed, disabling HT capabilities");
1111           }
1112 
1113           if (full_config && conf->ieee80211n &&
1114               bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1115                     bss->disable_11n = 1;
1116                     wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not "
1117                                  "allowed, disabling HT capabilities");
1118           }
1119 
1120           if (full_config && conf->ieee80211n && bss->wpa &&
1121               !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1122               !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1123                                            WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1124           {
1125                     bss->disable_11n = 1;
1126                     wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 "
1127                                  "requires CCMP/GCMP to be enabled, disabling HT "
1128                                  "capabilities");
1129           }
1130 #endif /* CONFIG_IEEE80211N */
1131 
1132 #ifdef CONFIG_IEEE80211AC
1133           if (full_config && conf->ieee80211ac &&
1134               bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1135                     bss->disable_11ac = 1;
1136                     wpa_printf(MSG_ERROR,
1137                                  "VHT (IEEE 802.11ac) with WEP is not allowed, disabling VHT capabilities");
1138           }
1139 
1140           if (full_config && conf->ieee80211ac && bss->wpa &&
1141               !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1142               !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1143                                            WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1144           {
1145                     bss->disable_11ac = 1;
1146                     wpa_printf(MSG_ERROR,
1147                                  "VHT (IEEE 802.11ac) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling VHT capabilities");
1148           }
1149 #endif /* CONFIG_IEEE80211AC */
1150 
1151 #ifdef CONFIG_WPS
1152           if (full_config && bss->wps_state && bss->ignore_broadcast_ssid) {
1153                     wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid "
1154                                  "configuration forced WPS to be disabled");
1155                     bss->wps_state = 0;
1156           }
1157 
1158           if (full_config && bss->wps_state &&
1159               bss->ssid.wep.keys_set && bss->wpa == 0) {
1160                     wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be "
1161                                  "disabled");
1162                     bss->wps_state = 0;
1163           }
1164 
1165           if (full_config && bss->wps_state && bss->wpa &&
1166               (!(bss->wpa & 2) ||
1167                !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1168                                             WPA_CIPHER_CCMP_256 |
1169                                             WPA_CIPHER_GCMP_256)))) {
1170                     wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without "
1171                                  "WPA2/CCMP/GCMP forced WPS to be disabled");
1172                     bss->wps_state = 0;
1173           }
1174 #endif /* CONFIG_WPS */
1175 
1176 #ifdef CONFIG_HS20
1177           if (full_config && bss->hs20 &&
1178               (!(bss->wpa & 2) ||
1179                !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1180                                             WPA_CIPHER_CCMP_256 |
1181                                             WPA_CIPHER_GCMP_256)))) {
1182                     wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP "
1183                                  "configuration is required for Hotspot 2.0 "
1184                                  "functionality");
1185                     return -1;
1186           }
1187 #endif /* CONFIG_HS20 */
1188 
1189 #ifdef CONFIG_MBO
1190           if (full_config && bss->mbo_enabled && (bss->wpa & 2) &&
1191               bss->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
1192                     wpa_printf(MSG_ERROR,
1193                                  "MBO: PMF needs to be enabled whenever using WPA2 with MBO");
1194                     return -1;
1195           }
1196 #endif /* CONFIG_MBO */
1197 
1198 #ifdef CONFIG_OCV
1199           if (full_config && bss->ieee80211w == NO_MGMT_FRAME_PROTECTION &&
1200               bss->ocv) {
1201                     wpa_printf(MSG_ERROR,
1202                                  "OCV: PMF needs to be enabled whenever using OCV");
1203                     return -1;
1204           }
1205 #endif /* CONFIG_OCV */
1206 
1207           return 0;
1208 }
1209 
1210 
hostapd_config_check_cw(struct hostapd_config * conf,int queue)1211 static int hostapd_config_check_cw(struct hostapd_config *conf, int queue)
1212 {
1213           int tx_cwmin = conf->tx_queue[queue].cwmin;
1214           int tx_cwmax = conf->tx_queue[queue].cwmax;
1215           int ac_cwmin = conf->wmm_ac_params[queue].cwmin;
1216           int ac_cwmax = conf->wmm_ac_params[queue].cwmax;
1217 
1218           if (tx_cwmin > tx_cwmax) {
1219                     wpa_printf(MSG_ERROR,
1220                                  "Invalid TX queue cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1221                                  tx_cwmin, tx_cwmax);
1222                     return -1;
1223           }
1224           if (ac_cwmin > ac_cwmax) {
1225                     wpa_printf(MSG_ERROR,
1226                                  "Invalid WMM AC cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1227                                  ac_cwmin, ac_cwmax);
1228                     return -1;
1229           }
1230           return 0;
1231 }
1232 
1233 
hostapd_config_check(struct hostapd_config * conf,int full_config)1234 int hostapd_config_check(struct hostapd_config *conf, int full_config)
1235 {
1236           size_t i;
1237 
1238           if (full_config && conf->ieee80211d &&
1239               (!conf->country[0] || !conf->country[1])) {
1240                     wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11d without "
1241                                  "setting the country_code");
1242                     return -1;
1243           }
1244 
1245           if (full_config && conf->ieee80211h && !conf->ieee80211d) {
1246                     wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11h without "
1247                                  "IEEE 802.11d enabled");
1248                     return -1;
1249           }
1250 
1251           if (full_config && conf->local_pwr_constraint != -1 &&
1252               !conf->ieee80211d) {
1253                     wpa_printf(MSG_ERROR, "Cannot add Power Constraint element without Country element");
1254                     return -1;
1255           }
1256 
1257           if (full_config && conf->spectrum_mgmt_required &&
1258               conf->local_pwr_constraint == -1) {
1259                     wpa_printf(MSG_ERROR, "Cannot set Spectrum Management bit without Country and Power Constraint elements");
1260                     return -1;
1261           }
1262 
1263 #ifdef CONFIG_AIRTIME_POLICY
1264           if (full_config && conf->airtime_mode > AIRTIME_MODE_STATIC &&
1265               !conf->airtime_update_interval) {
1266                     wpa_printf(MSG_ERROR, "Airtime update interval cannot be zero");
1267                     return -1;
1268           }
1269 #endif /* CONFIG_AIRTIME_POLICY */
1270           for (i = 0; i < NUM_TX_QUEUES; i++) {
1271                     if (hostapd_config_check_cw(conf, i))
1272                               return -1;
1273           }
1274 
1275           for (i = 0; i < conf->num_bss; i++) {
1276                     if (hostapd_config_check_bss(conf->bss[i], conf, full_config))
1277                               return -1;
1278           }
1279 
1280           return 0;
1281 }
1282 
1283 
hostapd_set_security_params(struct hostapd_bss_config * bss,int full_config)1284 void hostapd_set_security_params(struct hostapd_bss_config *bss,
1285                                          int full_config)
1286 {
1287           if (bss->individual_wep_key_len == 0) {
1288                     /* individual keys are not use; can use key idx0 for
1289                      * broadcast keys */
1290                     bss->broadcast_key_idx_min = 0;
1291           }
1292 
1293           if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
1294                     bss->rsn_pairwise = bss->wpa_pairwise;
1295           if (bss->group_cipher)
1296                     bss->wpa_group = bss->group_cipher;
1297           else
1298                     bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
1299                                                                           bss->wpa_pairwise,
1300                                                                           bss->rsn_pairwise);
1301           if (!bss->wpa_group_rekey_set)
1302                     bss->wpa_group_rekey = bss->wpa_group == WPA_CIPHER_TKIP ?
1303                               600 : 86400;
1304 
1305           if (full_config) {
1306                     bss->radius->auth_server = bss->radius->auth_servers;
1307                     bss->radius->acct_server = bss->radius->acct_servers;
1308           }
1309 
1310           if (bss->wpa && bss->ieee802_1x) {
1311                     bss->ssid.security_policy = SECURITY_WPA;
1312           } else if (bss->wpa) {
1313                     bss->ssid.security_policy = SECURITY_WPA_PSK;
1314           } else if (bss->ieee802_1x) {
1315                     int cipher = WPA_CIPHER_NONE;
1316                     bss->ssid.security_policy = SECURITY_IEEE_802_1X;
1317                     bss->ssid.wep.default_len = bss->default_wep_key_len;
1318                     if (full_config && bss->default_wep_key_len) {
1319                               cipher = bss->default_wep_key_len >= 13 ?
1320                                         WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
1321                     } else if (full_config && bss->ssid.wep.keys_set) {
1322                               if (bss->ssid.wep.len[0] >= 13)
1323                                         cipher = WPA_CIPHER_WEP104;
1324                               else
1325                                         cipher = WPA_CIPHER_WEP40;
1326                     }
1327                     bss->wpa_group = cipher;
1328                     bss->wpa_pairwise = cipher;
1329                     bss->rsn_pairwise = cipher;
1330                     if (full_config)
1331                               bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
1332           } else if (bss->ssid.wep.keys_set) {
1333                     int cipher = WPA_CIPHER_WEP40;
1334                     if (bss->ssid.wep.len[0] >= 13)
1335                               cipher = WPA_CIPHER_WEP104;
1336                     bss->ssid.security_policy = SECURITY_STATIC_WEP;
1337                     bss->wpa_group = cipher;
1338                     bss->wpa_pairwise = cipher;
1339                     bss->rsn_pairwise = cipher;
1340                     if (full_config)
1341                               bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1342           } else if (bss->osen) {
1343                     bss->ssid.security_policy = SECURITY_OSEN;
1344                     bss->wpa_group = WPA_CIPHER_CCMP;
1345                     bss->wpa_pairwise = 0;
1346                     bss->rsn_pairwise = WPA_CIPHER_CCMP;
1347           } else {
1348                     bss->ssid.security_policy = SECURITY_PLAINTEXT;
1349                     if (full_config) {
1350                               bss->wpa_group = WPA_CIPHER_NONE;
1351                               bss->wpa_pairwise = WPA_CIPHER_NONE;
1352                               bss->rsn_pairwise = WPA_CIPHER_NONE;
1353                               bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1354                     }
1355           }
1356 }
1357 
1358 
hostapd_sae_pw_id_in_use(struct hostapd_bss_config * conf)1359 int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf)
1360 {
1361           int with_id = 0, without_id = 0;
1362           struct sae_password_entry *pw;
1363 
1364           if (conf->ssid.wpa_passphrase)
1365                     without_id = 1;
1366 
1367           for (pw = conf->sae_passwords; pw; pw = pw->next) {
1368                     if (pw->identifier)
1369                               with_id = 1;
1370                     else
1371                               without_id = 1;
1372                     if (with_id && without_id)
1373                               break;
1374           }
1375 
1376           if (with_id && !without_id)
1377                     return 2;
1378           return with_id;
1379 }
1380