config.c 55 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238
  1. /*
  2. * hostapd / Configuration file
  3. * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
  4. *
  5. * This program is free software; you can redistribute it and/or modify
  6. * it under the terms of the GNU General Public License version 2 as
  7. * published by the Free Software Foundation.
  8. *
  9. * Alternatively, this software may be distributed under the terms of BSD
  10. * license.
  11. *
  12. * See README and COPYING for more details.
  13. */
  14. #include "includes.h"
  15. #ifndef CONFIG_NATIVE_WINDOWS
  16. #include <grp.h>
  17. #endif /* CONFIG_NATIVE_WINDOWS */
  18. #include "hostapd.h"
  19. #include "driver.h"
  20. #include "sha1.h"
  21. #include "eap_server/eap.h"
  22. #include "radius/radius_client.h"
  23. #include "wpa_common.h"
  24. #include "wpa.h"
  25. #include "uuid.h"
  26. #define MAX_STA_COUNT 2007
  27. extern struct wpa_driver_ops *hostapd_drivers[];
  28. static int hostapd_config_read_vlan_file(struct hostapd_bss_config *bss,
  29. const char *fname)
  30. {
  31. FILE *f;
  32. char buf[128], *pos, *pos2;
  33. int line = 0, vlan_id;
  34. struct hostapd_vlan *vlan;
  35. f = fopen(fname, "r");
  36. if (!f) {
  37. printf("VLAN file '%s' not readable.\n", fname);
  38. return -1;
  39. }
  40. while (fgets(buf, sizeof(buf), f)) {
  41. line++;
  42. if (buf[0] == '#')
  43. continue;
  44. pos = buf;
  45. while (*pos != '\0') {
  46. if (*pos == '\n') {
  47. *pos = '\0';
  48. break;
  49. }
  50. pos++;
  51. }
  52. if (buf[0] == '\0')
  53. continue;
  54. if (buf[0] == '*') {
  55. vlan_id = VLAN_ID_WILDCARD;
  56. pos = buf + 1;
  57. } else {
  58. vlan_id = strtol(buf, &pos, 10);
  59. if (buf == pos || vlan_id < 1 ||
  60. vlan_id > MAX_VLAN_ID) {
  61. printf("Invalid VLAN ID at line %d in '%s'\n",
  62. line, fname);
  63. fclose(f);
  64. return -1;
  65. }
  66. }
  67. while (*pos == ' ' || *pos == '\t')
  68. pos++;
  69. pos2 = pos;
  70. while (*pos2 != ' ' && *pos2 != '\t' && *pos2 != '\0')
  71. pos2++;
  72. *pos2 = '\0';
  73. if (*pos == '\0' || os_strlen(pos) > IFNAMSIZ) {
  74. printf("Invalid VLAN ifname at line %d in '%s'\n",
  75. line, fname);
  76. fclose(f);
  77. return -1;
  78. }
  79. vlan = os_malloc(sizeof(*vlan));
  80. if (vlan == NULL) {
  81. printf("Out of memory while reading VLAN interfaces "
  82. "from '%s'\n", fname);
  83. fclose(f);
  84. return -1;
  85. }
  86. os_memset(vlan, 0, sizeof(*vlan));
  87. vlan->vlan_id = vlan_id;
  88. os_strlcpy(vlan->ifname, pos, sizeof(vlan->ifname));
  89. if (bss->vlan_tail)
  90. bss->vlan_tail->next = vlan;
  91. else
  92. bss->vlan = vlan;
  93. bss->vlan_tail = vlan;
  94. }
  95. fclose(f);
  96. return 0;
  97. }
  98. static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)
  99. {
  100. struct hostapd_vlan *vlan, *prev;
  101. vlan = bss->vlan;
  102. prev = NULL;
  103. while (vlan) {
  104. prev = vlan;
  105. vlan = vlan->next;
  106. os_free(prev);
  107. }
  108. bss->vlan = NULL;
  109. }
  110. /* convert floats with one decimal place to value*10 int, i.e.,
  111. * "1.5" will return 15 */
  112. static int hostapd_config_read_int10(const char *value)
  113. {
  114. int i, d;
  115. char *pos;
  116. i = atoi(value);
  117. pos = os_strchr(value, '.');
  118. d = 0;
  119. if (pos) {
  120. pos++;
  121. if (*pos >= '0' && *pos <= '9')
  122. d = *pos - '0';
  123. }
  124. return i * 10 + d;
  125. }
  126. static void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
  127. {
  128. bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;
  129. bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;
  130. bss->logger_syslog = (unsigned int) -1;
  131. bss->logger_stdout = (unsigned int) -1;
  132. bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;
  133. bss->wep_rekeying_period = 300;
  134. /* use key0 in individual key and key1 in broadcast key */
  135. bss->broadcast_key_idx_min = 1;
  136. bss->broadcast_key_idx_max = 2;
  137. bss->eap_reauth_period = 3600;
  138. bss->wpa_group_rekey = 600;
  139. bss->wpa_gmk_rekey = 86400;
  140. bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
  141. bss->wpa_pairwise = WPA_CIPHER_TKIP;
  142. bss->wpa_group = WPA_CIPHER_TKIP;
  143. bss->rsn_pairwise = 0;
  144. bss->max_num_sta = MAX_STA_COUNT;
  145. bss->dtim_period = 2;
  146. bss->radius_server_auth_port = 1812;
  147. bss->ap_max_inactivity = AP_MAX_INACTIVITY;
  148. bss->eapol_version = EAPOL_VERSION;
  149. }
  150. static struct hostapd_config * hostapd_config_defaults(void)
  151. {
  152. struct hostapd_config *conf;
  153. struct hostapd_bss_config *bss;
  154. int i;
  155. const int aCWmin = 15, aCWmax = 1024;
  156. const struct hostapd_wme_ac_params ac_bk =
  157. { aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
  158. const struct hostapd_wme_ac_params ac_be =
  159. { aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
  160. const struct hostapd_wme_ac_params ac_vi = /* video traffic */
  161. { aCWmin >> 1, aCWmin, 2, 3000 / 32, 1 };
  162. const struct hostapd_wme_ac_params ac_vo = /* voice traffic */
  163. { aCWmin >> 2, aCWmin >> 1, 2, 1500 / 32, 1 };
  164. conf = os_zalloc(sizeof(*conf));
  165. bss = os_zalloc(sizeof(*bss));
  166. if (conf == NULL || bss == NULL) {
  167. printf("Failed to allocate memory for configuration data.\n");
  168. os_free(conf);
  169. os_free(bss);
  170. return NULL;
  171. }
  172. /* set default driver based on configuration */
  173. conf->driver = hostapd_drivers[0];
  174. if (conf->driver == NULL) {
  175. printf("No driver wrappers registered!\n");
  176. os_free(conf);
  177. os_free(bss);
  178. return NULL;
  179. }
  180. bss->radius = os_zalloc(sizeof(*bss->radius));
  181. if (bss->radius == NULL) {
  182. os_free(conf);
  183. os_free(bss);
  184. return NULL;
  185. }
  186. hostapd_config_defaults_bss(bss);
  187. conf->num_bss = 1;
  188. conf->bss = bss;
  189. conf->beacon_int = 100;
  190. conf->rts_threshold = -1; /* use driver default: 2347 */
  191. conf->fragm_threshold = -1; /* user driver default: 2346 */
  192. conf->send_probe_response = 1;
  193. conf->bridge_packets = INTERNAL_BRIDGE_DO_NOT_CONTROL;
  194. os_memcpy(conf->country, "US ", 3);
  195. for (i = 0; i < NUM_TX_QUEUES; i++)
  196. conf->tx_queue[i].aifs = -1; /* use hw default */
  197. conf->wme_ac_params[0] = ac_be;
  198. conf->wme_ac_params[1] = ac_bk;
  199. conf->wme_ac_params[2] = ac_vi;
  200. conf->wme_ac_params[3] = ac_vo;
  201. return conf;
  202. }
  203. int hostapd_mac_comp(const void *a, const void *b)
  204. {
  205. return os_memcmp(a, b, sizeof(macaddr));
  206. }
  207. int hostapd_mac_comp_empty(const void *a)
  208. {
  209. macaddr empty = { 0 };
  210. return os_memcmp(a, empty, sizeof(macaddr));
  211. }
  212. static int hostapd_config_read_maclist(const char *fname, macaddr **acl,
  213. int *num)
  214. {
  215. FILE *f;
  216. char buf[128], *pos;
  217. int line = 0;
  218. u8 addr[ETH_ALEN];
  219. macaddr *newacl;
  220. if (!fname)
  221. return 0;
  222. f = fopen(fname, "r");
  223. if (!f) {
  224. printf("MAC list file '%s' not found.\n", fname);
  225. return -1;
  226. }
  227. while (fgets(buf, sizeof(buf), f)) {
  228. line++;
  229. if (buf[0] == '#')
  230. continue;
  231. pos = buf;
  232. while (*pos != '\0') {
  233. if (*pos == '\n') {
  234. *pos = '\0';
  235. break;
  236. }
  237. pos++;
  238. }
  239. if (buf[0] == '\0')
  240. continue;
  241. if (hwaddr_aton(buf, addr)) {
  242. printf("Invalid MAC address '%s' at line %d in '%s'\n",
  243. buf, line, fname);
  244. fclose(f);
  245. return -1;
  246. }
  247. newacl = os_realloc(*acl, (*num + 1) * ETH_ALEN);
  248. if (newacl == NULL) {
  249. printf("MAC list reallocation failed\n");
  250. fclose(f);
  251. return -1;
  252. }
  253. *acl = newacl;
  254. os_memcpy((*acl)[*num], addr, ETH_ALEN);
  255. (*num)++;
  256. }
  257. fclose(f);
  258. qsort(*acl, *num, sizeof(macaddr), hostapd_mac_comp);
  259. return 0;
  260. }
  261. static int hostapd_config_read_wpa_psk(const char *fname,
  262. struct hostapd_ssid *ssid)
  263. {
  264. FILE *f;
  265. char buf[128], *pos;
  266. int line = 0, ret = 0, len, ok;
  267. u8 addr[ETH_ALEN];
  268. struct hostapd_wpa_psk *psk;
  269. if (!fname)
  270. return 0;
  271. f = fopen(fname, "r");
  272. if (!f) {
  273. printf("WPA PSK file '%s' not found.\n", fname);
  274. return -1;
  275. }
  276. while (fgets(buf, sizeof(buf), f)) {
  277. line++;
  278. if (buf[0] == '#')
  279. continue;
  280. pos = buf;
  281. while (*pos != '\0') {
  282. if (*pos == '\n') {
  283. *pos = '\0';
  284. break;
  285. }
  286. pos++;
  287. }
  288. if (buf[0] == '\0')
  289. continue;
  290. if (hwaddr_aton(buf, addr)) {
  291. printf("Invalid MAC address '%s' on line %d in '%s'\n",
  292. buf, line, fname);
  293. ret = -1;
  294. break;
  295. }
  296. psk = os_zalloc(sizeof(*psk));
  297. if (psk == NULL) {
  298. printf("WPA PSK allocation failed\n");
  299. ret = -1;
  300. break;
  301. }
  302. if (os_memcmp(addr, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
  303. psk->group = 1;
  304. else
  305. os_memcpy(psk->addr, addr, ETH_ALEN);
  306. pos = buf + 17;
  307. if (pos == '\0') {
  308. printf("No PSK on line %d in '%s'\n", line, fname);
  309. os_free(psk);
  310. ret = -1;
  311. break;
  312. }
  313. pos++;
  314. ok = 0;
  315. len = os_strlen(pos);
  316. if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
  317. ok = 1;
  318. else if (len >= 8 && len < 64) {
  319. pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
  320. 4096, psk->psk, PMK_LEN);
  321. ok = 1;
  322. }
  323. if (!ok) {
  324. printf("Invalid PSK '%s' on line %d in '%s'\n",
  325. pos, line, fname);
  326. os_free(psk);
  327. ret = -1;
  328. break;
  329. }
  330. psk->next = ssid->wpa_psk;
  331. ssid->wpa_psk = psk;
  332. }
  333. fclose(f);
  334. return ret;
  335. }
  336. int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
  337. {
  338. struct hostapd_ssid *ssid = &conf->ssid;
  339. if (ssid->wpa_passphrase != NULL) {
  340. if (ssid->wpa_psk != NULL) {
  341. printf("Warning: both WPA PSK and passphrase set. "
  342. "Using passphrase.\n");
  343. os_free(ssid->wpa_psk);
  344. }
  345. ssid->wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
  346. if (ssid->wpa_psk == NULL) {
  347. printf("Unable to alloc space for PSK\n");
  348. return -1;
  349. }
  350. wpa_hexdump_ascii(MSG_DEBUG, "SSID",
  351. (u8 *) ssid->ssid, ssid->ssid_len);
  352. wpa_hexdump_ascii(MSG_DEBUG, "PSK (ASCII passphrase)",
  353. (u8 *) ssid->wpa_passphrase,
  354. os_strlen(ssid->wpa_passphrase));
  355. pbkdf2_sha1(ssid->wpa_passphrase,
  356. ssid->ssid, ssid->ssid_len,
  357. 4096, ssid->wpa_psk->psk, PMK_LEN);
  358. wpa_hexdump(MSG_DEBUG, "PSK (from passphrase)",
  359. ssid->wpa_psk->psk, PMK_LEN);
  360. ssid->wpa_psk->group = 1;
  361. os_memset(ssid->wpa_passphrase, 0,
  362. os_strlen(ssid->wpa_passphrase));
  363. os_free(ssid->wpa_passphrase);
  364. ssid->wpa_passphrase = NULL;
  365. }
  366. if (ssid->wpa_psk_file) {
  367. if (hostapd_config_read_wpa_psk(ssid->wpa_psk_file,
  368. &conf->ssid))
  369. return -1;
  370. }
  371. return 0;
  372. }
  373. #ifdef EAP_SERVER
  374. static int hostapd_config_read_eap_user(const char *fname,
  375. struct hostapd_bss_config *conf)
  376. {
  377. FILE *f;
  378. char buf[512], *pos, *start, *pos2;
  379. int line = 0, ret = 0, num_methods;
  380. struct hostapd_eap_user *user, *tail = NULL;
  381. if (!fname)
  382. return 0;
  383. f = fopen(fname, "r");
  384. if (!f) {
  385. printf("EAP user file '%s' not found.\n", fname);
  386. return -1;
  387. }
  388. /* Lines: "user" METHOD,METHOD2 "password" (password optional) */
  389. while (fgets(buf, sizeof(buf), f)) {
  390. line++;
  391. if (buf[0] == '#')
  392. continue;
  393. pos = buf;
  394. while (*pos != '\0') {
  395. if (*pos == '\n') {
  396. *pos = '\0';
  397. break;
  398. }
  399. pos++;
  400. }
  401. if (buf[0] == '\0')
  402. continue;
  403. user = NULL;
  404. if (buf[0] != '"' && buf[0] != '*') {
  405. printf("Invalid EAP identity (no \" in start) on "
  406. "line %d in '%s'\n", line, fname);
  407. goto failed;
  408. }
  409. user = os_zalloc(sizeof(*user));
  410. if (user == NULL) {
  411. printf("EAP user allocation failed\n");
  412. goto failed;
  413. }
  414. user->force_version = -1;
  415. if (buf[0] == '*') {
  416. pos = buf;
  417. } else {
  418. pos = buf + 1;
  419. start = pos;
  420. while (*pos != '"' && *pos != '\0')
  421. pos++;
  422. if (*pos == '\0') {
  423. printf("Invalid EAP identity (no \" in end) on"
  424. " line %d in '%s'\n", line, fname);
  425. goto failed;
  426. }
  427. user->identity = os_malloc(pos - start);
  428. if (user->identity == NULL) {
  429. printf("Failed to allocate memory for EAP "
  430. "identity\n");
  431. goto failed;
  432. }
  433. os_memcpy(user->identity, start, pos - start);
  434. user->identity_len = pos - start;
  435. if (pos[0] == '"' && pos[1] == '*') {
  436. user->wildcard_prefix = 1;
  437. pos++;
  438. }
  439. }
  440. pos++;
  441. while (*pos == ' ' || *pos == '\t')
  442. pos++;
  443. if (*pos == '\0') {
  444. printf("No EAP method on line %d in '%s'\n",
  445. line, fname);
  446. goto failed;
  447. }
  448. start = pos;
  449. while (*pos != ' ' && *pos != '\t' && *pos != '\0')
  450. pos++;
  451. if (*pos == '\0') {
  452. pos = NULL;
  453. } else {
  454. *pos = '\0';
  455. pos++;
  456. }
  457. num_methods = 0;
  458. while (*start) {
  459. char *pos3 = os_strchr(start, ',');
  460. if (pos3) {
  461. *pos3++ = '\0';
  462. }
  463. user->methods[num_methods].method =
  464. eap_server_get_type(
  465. start,
  466. &user->methods[num_methods].vendor);
  467. if (user->methods[num_methods].vendor ==
  468. EAP_VENDOR_IETF &&
  469. user->methods[num_methods].method == EAP_TYPE_NONE)
  470. {
  471. if (os_strcmp(start, "TTLS-PAP") == 0) {
  472. user->ttls_auth |= EAP_TTLS_AUTH_PAP;
  473. goto skip_eap;
  474. }
  475. if (os_strcmp(start, "TTLS-CHAP") == 0) {
  476. user->ttls_auth |= EAP_TTLS_AUTH_CHAP;
  477. goto skip_eap;
  478. }
  479. if (os_strcmp(start, "TTLS-MSCHAP") == 0) {
  480. user->ttls_auth |=
  481. EAP_TTLS_AUTH_MSCHAP;
  482. goto skip_eap;
  483. }
  484. if (os_strcmp(start, "TTLS-MSCHAPV2") == 0) {
  485. user->ttls_auth |=
  486. EAP_TTLS_AUTH_MSCHAPV2;
  487. goto skip_eap;
  488. }
  489. printf("Unsupported EAP type '%s' on line %d "
  490. "in '%s'\n", start, line, fname);
  491. goto failed;
  492. }
  493. num_methods++;
  494. if (num_methods >= EAP_USER_MAX_METHODS)
  495. break;
  496. skip_eap:
  497. if (pos3 == NULL)
  498. break;
  499. start = pos3;
  500. }
  501. if (num_methods == 0 && user->ttls_auth == 0) {
  502. printf("No EAP types configured on line %d in '%s'\n",
  503. line, fname);
  504. goto failed;
  505. }
  506. if (pos == NULL)
  507. goto done;
  508. while (*pos == ' ' || *pos == '\t')
  509. pos++;
  510. if (*pos == '\0')
  511. goto done;
  512. if (os_strncmp(pos, "[ver=0]", 7) == 0) {
  513. user->force_version = 0;
  514. goto done;
  515. }
  516. if (os_strncmp(pos, "[ver=1]", 7) == 0) {
  517. user->force_version = 1;
  518. goto done;
  519. }
  520. if (os_strncmp(pos, "[2]", 3) == 0) {
  521. user->phase2 = 1;
  522. goto done;
  523. }
  524. if (*pos == '"') {
  525. pos++;
  526. start = pos;
  527. while (*pos != '"' && *pos != '\0')
  528. pos++;
  529. if (*pos == '\0') {
  530. printf("Invalid EAP password (no \" in end) "
  531. "on line %d in '%s'\n", line, fname);
  532. goto failed;
  533. }
  534. user->password = os_malloc(pos - start);
  535. if (user->password == NULL) {
  536. printf("Failed to allocate memory for EAP "
  537. "password\n");
  538. goto failed;
  539. }
  540. os_memcpy(user->password, start, pos - start);
  541. user->password_len = pos - start;
  542. pos++;
  543. } else if (os_strncmp(pos, "hash:", 5) == 0) {
  544. pos += 5;
  545. pos2 = pos;
  546. while (*pos2 != '\0' && *pos2 != ' ' &&
  547. *pos2 != '\t' && *pos2 != '#')
  548. pos2++;
  549. if (pos2 - pos != 32) {
  550. printf("Invalid password hash on line %d in "
  551. "'%s'\n", line, fname);
  552. goto failed;
  553. }
  554. user->password = os_malloc(16);
  555. if (user->password == NULL) {
  556. printf("Failed to allocate memory for EAP "
  557. "password hash\n");
  558. goto failed;
  559. }
  560. if (hexstr2bin(pos, user->password, 16) < 0) {
  561. printf("Invalid hash password on line %d in "
  562. "'%s'\n", line, fname);
  563. goto failed;
  564. }
  565. user->password_len = 16;
  566. user->password_hash = 1;
  567. pos = pos2;
  568. } else {
  569. pos2 = pos;
  570. while (*pos2 != '\0' && *pos2 != ' ' &&
  571. *pos2 != '\t' && *pos2 != '#')
  572. pos2++;
  573. if ((pos2 - pos) & 1) {
  574. printf("Invalid hex password on line %d in "
  575. "'%s'\n", line, fname);
  576. goto failed;
  577. }
  578. user->password = os_malloc((pos2 - pos) / 2);
  579. if (user->password == NULL) {
  580. printf("Failed to allocate memory for EAP "
  581. "password\n");
  582. goto failed;
  583. }
  584. if (hexstr2bin(pos, user->password,
  585. (pos2 - pos) / 2) < 0) {
  586. printf("Invalid hex password on line %d in "
  587. "'%s'\n", line, fname);
  588. goto failed;
  589. }
  590. user->password_len = (pos2 - pos) / 2;
  591. pos = pos2;
  592. }
  593. while (*pos == ' ' || *pos == '\t')
  594. pos++;
  595. if (os_strncmp(pos, "[2]", 3) == 0) {
  596. user->phase2 = 1;
  597. }
  598. done:
  599. if (tail == NULL) {
  600. tail = conf->eap_user = user;
  601. } else {
  602. tail->next = user;
  603. tail = user;
  604. }
  605. continue;
  606. failed:
  607. if (user) {
  608. os_free(user->password);
  609. os_free(user->identity);
  610. os_free(user);
  611. }
  612. ret = -1;
  613. break;
  614. }
  615. fclose(f);
  616. return ret;
  617. }
  618. #endif /* EAP_SERVER */
  619. static int
  620. hostapd_config_read_radius_addr(struct hostapd_radius_server **server,
  621. int *num_server, const char *val, int def_port,
  622. struct hostapd_radius_server **curr_serv)
  623. {
  624. struct hostapd_radius_server *nserv;
  625. int ret;
  626. static int server_index = 1;
  627. nserv = os_realloc(*server, (*num_server + 1) * sizeof(*nserv));
  628. if (nserv == NULL)
  629. return -1;
  630. *server = nserv;
  631. nserv = &nserv[*num_server];
  632. (*num_server)++;
  633. (*curr_serv) = nserv;
  634. os_memset(nserv, 0, sizeof(*nserv));
  635. nserv->port = def_port;
  636. ret = hostapd_parse_ip_addr(val, &nserv->addr);
  637. nserv->index = server_index++;
  638. return ret;
  639. }
  640. static int hostapd_config_parse_key_mgmt(int line, const char *value)
  641. {
  642. int val = 0, last;
  643. char *start, *end, *buf;
  644. buf = os_strdup(value);
  645. if (buf == NULL)
  646. return -1;
  647. start = buf;
  648. while (start != '\0') {
  649. while (*start == ' ' || *start == '\t')
  650. start++;
  651. if (*start == '\0')
  652. break;
  653. end = start;
  654. while (*end != ' ' && *end != '\t' && *end != '\0')
  655. end++;
  656. last = *end == '\0';
  657. *end = '\0';
  658. if (os_strcmp(start, "WPA-PSK") == 0)
  659. val |= WPA_KEY_MGMT_PSK;
  660. else if (os_strcmp(start, "WPA-EAP") == 0)
  661. val |= WPA_KEY_MGMT_IEEE8021X;
  662. #ifdef CONFIG_IEEE80211R
  663. else if (os_strcmp(start, "FT-PSK") == 0)
  664. val |= WPA_KEY_MGMT_FT_PSK;
  665. else if (os_strcmp(start, "FT-EAP") == 0)
  666. val |= WPA_KEY_MGMT_FT_IEEE8021X;
  667. #endif /* CONFIG_IEEE80211R */
  668. else {
  669. printf("Line %d: invalid key_mgmt '%s'\n",
  670. line, start);
  671. os_free(buf);
  672. return -1;
  673. }
  674. if (last)
  675. break;
  676. start = end + 1;
  677. }
  678. os_free(buf);
  679. if (val == 0) {
  680. printf("Line %d: no key_mgmt values configured.\n", line);
  681. return -1;
  682. }
  683. return val;
  684. }
  685. static int hostapd_config_parse_cipher(int line, const char *value)
  686. {
  687. int val = 0, last;
  688. char *start, *end, *buf;
  689. buf = os_strdup(value);
  690. if (buf == NULL)
  691. return -1;
  692. start = buf;
  693. while (start != '\0') {
  694. while (*start == ' ' || *start == '\t')
  695. start++;
  696. if (*start == '\0')
  697. break;
  698. end = start;
  699. while (*end != ' ' && *end != '\t' && *end != '\0')
  700. end++;
  701. last = *end == '\0';
  702. *end = '\0';
  703. if (os_strcmp(start, "CCMP") == 0)
  704. val |= WPA_CIPHER_CCMP;
  705. else if (os_strcmp(start, "TKIP") == 0)
  706. val |= WPA_CIPHER_TKIP;
  707. else if (os_strcmp(start, "WEP104") == 0)
  708. val |= WPA_CIPHER_WEP104;
  709. else if (os_strcmp(start, "WEP40") == 0)
  710. val |= WPA_CIPHER_WEP40;
  711. else if (os_strcmp(start, "NONE") == 0)
  712. val |= WPA_CIPHER_NONE;
  713. else {
  714. printf("Line %d: invalid cipher '%s'.", line, start);
  715. os_free(buf);
  716. return -1;
  717. }
  718. if (last)
  719. break;
  720. start = end + 1;
  721. }
  722. os_free(buf);
  723. if (val == 0) {
  724. printf("Line %d: no cipher values configured.", line);
  725. return -1;
  726. }
  727. return val;
  728. }
  729. static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
  730. struct hostapd_config *conf)
  731. {
  732. if (bss->ieee802_1x && !bss->eap_server &&
  733. !bss->radius->auth_servers) {
  734. printf("Invalid IEEE 802.1X configuration (no EAP "
  735. "authenticator configured).\n");
  736. return -1;
  737. }
  738. if (bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
  739. bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
  740. bss->ssid.wpa_psk_file == NULL) {
  741. printf("WPA-PSK enabled, but PSK or passphrase is not "
  742. "configured.\n");
  743. return -1;
  744. }
  745. if (hostapd_mac_comp_empty(bss->bssid) != 0) {
  746. size_t i;
  747. for (i = 0; i < conf->num_bss; i++) {
  748. if ((&conf->bss[i] != bss) &&
  749. (hostapd_mac_comp(conf->bss[i].bssid,
  750. bss->bssid) == 0)) {
  751. printf("Duplicate BSSID " MACSTR
  752. " on interface '%s' and '%s'.\n",
  753. MAC2STR(bss->bssid),
  754. conf->bss[i].iface, bss->iface);
  755. return -1;
  756. }
  757. }
  758. }
  759. #ifdef CONFIG_IEEE80211R
  760. if ((bss->wpa_key_mgmt &
  761. (WPA_KEY_MGMT_FT_PSK | WPA_KEY_MGMT_FT_IEEE8021X)) &&
  762. (bss->nas_identifier == NULL ||
  763. os_strlen(bss->nas_identifier) < 1 ||
  764. os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) {
  765. printf("FT (IEEE 802.11r) requires nas_identifier to be "
  766. "configured as a 1..48 octet string\n");
  767. return -1;
  768. }
  769. #endif /* CONFIG_IEEE80211R */
  770. return 0;
  771. }
  772. static int hostapd_config_check(struct hostapd_config *conf)
  773. {
  774. size_t i;
  775. for (i = 0; i < conf->num_bss; i++) {
  776. if (hostapd_config_check_bss(&conf->bss[i], conf))
  777. return -1;
  778. }
  779. return 0;
  780. }
  781. static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx,
  782. char *val)
  783. {
  784. size_t len = os_strlen(val);
  785. if (keyidx < 0 || keyidx > 3 || wep->key[keyidx] != NULL)
  786. return -1;
  787. if (val[0] == '"') {
  788. if (len < 2 || val[len - 1] != '"')
  789. return -1;
  790. len -= 2;
  791. wep->key[keyidx] = os_malloc(len);
  792. if (wep->key[keyidx] == NULL)
  793. return -1;
  794. os_memcpy(wep->key[keyidx], val + 1, len);
  795. wep->len[keyidx] = len;
  796. } else {
  797. if (len & 1)
  798. return -1;
  799. len /= 2;
  800. wep->key[keyidx] = os_malloc(len);
  801. if (wep->key[keyidx] == NULL)
  802. return -1;
  803. wep->len[keyidx] = len;
  804. if (hexstr2bin(val, wep->key[keyidx], len) < 0)
  805. return -1;
  806. }
  807. wep->keys_set++;
  808. return 0;
  809. }
  810. static int hostapd_parse_rates(int **rate_list, char *val)
  811. {
  812. int *list;
  813. int count;
  814. char *pos, *end;
  815. os_free(*rate_list);
  816. *rate_list = NULL;
  817. pos = val;
  818. count = 0;
  819. while (*pos != '\0') {
  820. if (*pos == ' ')
  821. count++;
  822. pos++;
  823. }
  824. list = os_malloc(sizeof(int) * (count + 2));
  825. if (list == NULL)
  826. return -1;
  827. pos = val;
  828. count = 0;
  829. while (*pos != '\0') {
  830. end = os_strchr(pos, ' ');
  831. if (end)
  832. *end = '\0';
  833. list[count++] = atoi(pos);
  834. if (!end)
  835. break;
  836. pos = end + 1;
  837. }
  838. list[count] = -1;
  839. *rate_list = list;
  840. return 0;
  841. }
  842. static int hostapd_config_bss(struct hostapd_config *conf, const char *ifname)
  843. {
  844. struct hostapd_bss_config *bss;
  845. if (*ifname == '\0')
  846. return -1;
  847. bss = os_realloc(conf->bss, (conf->num_bss + 1) *
  848. sizeof(struct hostapd_bss_config));
  849. if (bss == NULL) {
  850. printf("Failed to allocate memory for multi-BSS entry\n");
  851. return -1;
  852. }
  853. conf->bss = bss;
  854. bss = &(conf->bss[conf->num_bss]);
  855. os_memset(bss, 0, sizeof(*bss));
  856. bss->radius = os_zalloc(sizeof(*bss->radius));
  857. if (bss->radius == NULL) {
  858. printf("Failed to allocate memory for multi-BSS RADIUS "
  859. "data\n");
  860. return -1;
  861. }
  862. conf->num_bss++;
  863. conf->last_bss = bss;
  864. hostapd_config_defaults_bss(bss);
  865. os_strlcpy(bss->iface, ifname, sizeof(bss->iface));
  866. os_memcpy(bss->ssid.vlan, bss->iface, IFNAMSIZ + 1);
  867. return 0;
  868. }
  869. static int valid_cw(int cw)
  870. {
  871. return (cw == 1 || cw == 3 || cw == 7 || cw == 15 || cw == 31 ||
  872. cw == 63 || cw == 127 || cw == 255 || cw == 511 || cw == 1023);
  873. }
  874. enum {
  875. IEEE80211_TX_QUEUE_DATA0 = 0, /* used for EDCA AC_VO data */
  876. IEEE80211_TX_QUEUE_DATA1 = 1, /* used for EDCA AC_VI data */
  877. IEEE80211_TX_QUEUE_DATA2 = 2, /* used for EDCA AC_BE data */
  878. IEEE80211_TX_QUEUE_DATA3 = 3, /* used for EDCA AC_BK data */
  879. IEEE80211_TX_QUEUE_DATA4 = 4,
  880. IEEE80211_TX_QUEUE_AFTER_BEACON = 6,
  881. IEEE80211_TX_QUEUE_BEACON = 7
  882. };
  883. static int hostapd_config_tx_queue(struct hostapd_config *conf, char *name,
  884. char *val)
  885. {
  886. int num;
  887. char *pos;
  888. struct hostapd_tx_queue_params *queue;
  889. /* skip 'tx_queue_' prefix */
  890. pos = name + 9;
  891. if (os_strncmp(pos, "data", 4) == 0 &&
  892. pos[4] >= '0' && pos[4] <= '9' && pos[5] == '_') {
  893. num = pos[4] - '0';
  894. pos += 6;
  895. } else if (os_strncmp(pos, "after_beacon_", 13) == 0) {
  896. num = IEEE80211_TX_QUEUE_AFTER_BEACON;
  897. pos += 13;
  898. } else if (os_strncmp(pos, "beacon_", 7) == 0) {
  899. num = IEEE80211_TX_QUEUE_BEACON;
  900. pos += 7;
  901. } else {
  902. printf("Unknown tx_queue name '%s'\n", pos);
  903. return -1;
  904. }
  905. queue = &conf->tx_queue[num];
  906. if (os_strcmp(pos, "aifs") == 0) {
  907. queue->aifs = atoi(val);
  908. if (queue->aifs < 0 || queue->aifs > 255) {
  909. printf("Invalid AIFS value %d\n", queue->aifs);
  910. return -1;
  911. }
  912. } else if (os_strcmp(pos, "cwmin") == 0) {
  913. queue->cwmin = atoi(val);
  914. if (!valid_cw(queue->cwmin)) {
  915. printf("Invalid cwMin value %d\n", queue->cwmin);
  916. return -1;
  917. }
  918. } else if (os_strcmp(pos, "cwmax") == 0) {
  919. queue->cwmax = atoi(val);
  920. if (!valid_cw(queue->cwmax)) {
  921. printf("Invalid cwMax value %d\n", queue->cwmax);
  922. return -1;
  923. }
  924. } else if (os_strcmp(pos, "burst") == 0) {
  925. queue->burst = hostapd_config_read_int10(val);
  926. } else {
  927. printf("Unknown tx_queue field '%s'\n", pos);
  928. return -1;
  929. }
  930. queue->configured = 1;
  931. return 0;
  932. }
  933. static int hostapd_config_wme_ac(struct hostapd_config *conf, char *name,
  934. char *val)
  935. {
  936. int num, v;
  937. char *pos;
  938. struct hostapd_wme_ac_params *ac;
  939. /* skip 'wme_ac_' prefix */
  940. pos = name + 7;
  941. if (os_strncmp(pos, "be_", 3) == 0) {
  942. num = 0;
  943. pos += 3;
  944. } else if (os_strncmp(pos, "bk_", 3) == 0) {
  945. num = 1;
  946. pos += 3;
  947. } else if (os_strncmp(pos, "vi_", 3) == 0) {
  948. num = 2;
  949. pos += 3;
  950. } else if (os_strncmp(pos, "vo_", 3) == 0) {
  951. num = 3;
  952. pos += 3;
  953. } else {
  954. printf("Unknown wme name '%s'\n", pos);
  955. return -1;
  956. }
  957. ac = &conf->wme_ac_params[num];
  958. if (os_strcmp(pos, "aifs") == 0) {
  959. v = atoi(val);
  960. if (v < 1 || v > 255) {
  961. printf("Invalid AIFS value %d\n", v);
  962. return -1;
  963. }
  964. ac->aifs = v;
  965. } else if (os_strcmp(pos, "cwmin") == 0) {
  966. v = atoi(val);
  967. if (v < 0 || v > 12) {
  968. printf("Invalid cwMin value %d\n", v);
  969. return -1;
  970. }
  971. ac->cwmin = v;
  972. } else if (os_strcmp(pos, "cwmax") == 0) {
  973. v = atoi(val);
  974. if (v < 0 || v > 12) {
  975. printf("Invalid cwMax value %d\n", v);
  976. return -1;
  977. }
  978. ac->cwmax = v;
  979. } else if (os_strcmp(pos, "txop_limit") == 0) {
  980. v = atoi(val);
  981. if (v < 0 || v > 0xffff) {
  982. printf("Invalid txop value %d\n", v);
  983. return -1;
  984. }
  985. ac->txopLimit = v;
  986. } else if (os_strcmp(pos, "acm") == 0) {
  987. v = atoi(val);
  988. if (v < 0 || v > 1) {
  989. printf("Invalid acm value %d\n", v);
  990. return -1;
  991. }
  992. ac->admission_control_mandatory = v;
  993. } else {
  994. printf("Unknown wme_ac_ field '%s'\n", pos);
  995. return -1;
  996. }
  997. return 0;
  998. }
  999. #ifdef CONFIG_IEEE80211R
  1000. static int add_r0kh(struct hostapd_bss_config *bss, char *value)
  1001. {
  1002. struct ft_remote_r0kh *r0kh;
  1003. char *pos, *next;
  1004. r0kh = os_zalloc(sizeof(*r0kh));
  1005. if (r0kh == NULL)
  1006. return -1;
  1007. /* 02:01:02:03:04:05 a.example.com 000102030405060708090a0b0c0d0e0f */
  1008. pos = value;
  1009. next = os_strchr(pos, ' ');
  1010. if (next)
  1011. *next++ = '\0';
  1012. if (next == NULL || hwaddr_aton(pos, r0kh->addr)) {
  1013. printf("Invalid R0KH MAC address: '%s'\n", pos);
  1014. os_free(r0kh);
  1015. return -1;
  1016. }
  1017. pos = next;
  1018. next = os_strchr(pos, ' ');
  1019. if (next)
  1020. *next++ = '\0';
  1021. if (next == NULL || next - pos > FT_R0KH_ID_MAX_LEN) {
  1022. printf("Invalid R0KH-ID: '%s'\n", pos);
  1023. os_free(r0kh);
  1024. return -1;
  1025. }
  1026. r0kh->id_len = next - pos - 1;
  1027. os_memcpy(r0kh->id, pos, r0kh->id_len);
  1028. pos = next;
  1029. if (hexstr2bin(pos, r0kh->key, sizeof(r0kh->key))) {
  1030. printf("Invalid R0KH key: '%s'\n", pos);
  1031. os_free(r0kh);
  1032. return -1;
  1033. }
  1034. r0kh->next = bss->r0kh_list;
  1035. bss->r0kh_list = r0kh;
  1036. return 0;
  1037. }
  1038. static int add_r1kh(struct hostapd_bss_config *bss, char *value)
  1039. {
  1040. struct ft_remote_r1kh *r1kh;
  1041. char *pos, *next;
  1042. r1kh = os_zalloc(sizeof(*r1kh));
  1043. if (r1kh == NULL)
  1044. return -1;
  1045. /* 02:01:02:03:04:05 02:01:02:03:04:05
  1046. * 000102030405060708090a0b0c0d0e0f */
  1047. pos = value;
  1048. next = os_strchr(pos, ' ');
  1049. if (next)
  1050. *next++ = '\0';
  1051. if (next == NULL || hwaddr_aton(pos, r1kh->addr)) {
  1052. printf("Invalid R1KH MAC address: '%s'\n", pos);
  1053. os_free(r1kh);
  1054. return -1;
  1055. }
  1056. pos = next;
  1057. next = os_strchr(pos, ' ');
  1058. if (next)
  1059. *next++ = '\0';
  1060. if (next == NULL || hwaddr_aton(pos, r1kh->id)) {
  1061. printf("Invalid R1KH-ID: '%s'\n", pos);
  1062. os_free(r1kh);
  1063. return -1;
  1064. }
  1065. pos = next;
  1066. if (hexstr2bin(pos, r1kh->key, sizeof(r1kh->key))) {
  1067. printf("Invalid R1KH key: '%s'\n", pos);
  1068. os_free(r1kh);
  1069. return -1;
  1070. }
  1071. r1kh->next = bss->r1kh_list;
  1072. bss->r1kh_list = r1kh;
  1073. return 0;
  1074. }
  1075. #endif /* CONFIG_IEEE80211R */
  1076. struct hostapd_config * hostapd_config_read(const char *fname)
  1077. {
  1078. struct hostapd_config *conf;
  1079. struct hostapd_bss_config *bss;
  1080. FILE *f;
  1081. char buf[256], *pos;
  1082. int line = 0;
  1083. int errors = 0;
  1084. int pairwise;
  1085. size_t i;
  1086. f = fopen(fname, "r");
  1087. if (f == NULL) {
  1088. printf("Could not open configuration file '%s' for reading.\n",
  1089. fname);
  1090. return NULL;
  1091. }
  1092. conf = hostapd_config_defaults();
  1093. if (conf == NULL) {
  1094. fclose(f);
  1095. return NULL;
  1096. }
  1097. bss = conf->last_bss = conf->bss;
  1098. while (fgets(buf, sizeof(buf), f)) {
  1099. bss = conf->last_bss;
  1100. line++;
  1101. if (buf[0] == '#')
  1102. continue;
  1103. pos = buf;
  1104. while (*pos != '\0') {
  1105. if (*pos == '\n') {
  1106. *pos = '\0';
  1107. break;
  1108. }
  1109. pos++;
  1110. }
  1111. if (buf[0] == '\0')
  1112. continue;
  1113. pos = os_strchr(buf, '=');
  1114. if (pos == NULL) {
  1115. printf("Line %d: invalid line '%s'\n", line, buf);
  1116. errors++;
  1117. continue;
  1118. }
  1119. *pos = '\0';
  1120. pos++;
  1121. if (os_strcmp(buf, "interface") == 0) {
  1122. os_strlcpy(conf->bss[0].iface, pos,
  1123. sizeof(conf->bss[0].iface));
  1124. } else if (os_strcmp(buf, "bridge") == 0) {
  1125. os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
  1126. } else if (os_strcmp(buf, "driver") == 0) {
  1127. int i;
  1128. /* clear to get error below if setting is invalid */
  1129. conf->driver = NULL;
  1130. for (i = 0; hostapd_drivers[i]; i++) {
  1131. if (os_strcmp(pos, hostapd_drivers[i]->name) ==
  1132. 0) {
  1133. conf->driver = hostapd_drivers[i];
  1134. break;
  1135. }
  1136. }
  1137. if (conf->driver == NULL) {
  1138. printf("Line %d: invalid/unknown driver "
  1139. "'%s'\n", line, pos);
  1140. errors++;
  1141. }
  1142. } else if (os_strcmp(buf, "debug") == 0) {
  1143. wpa_printf(MSG_DEBUG, "Line %d: DEPRECATED: 'debug' "
  1144. "configuration variable is not used "
  1145. "anymore", line);
  1146. } else if (os_strcmp(buf, "logger_syslog_level") == 0) {
  1147. bss->logger_syslog_level = atoi(pos);
  1148. } else if (os_strcmp(buf, "logger_stdout_level") == 0) {
  1149. bss->logger_stdout_level = atoi(pos);
  1150. } else if (os_strcmp(buf, "logger_syslog") == 0) {
  1151. bss->logger_syslog = atoi(pos);
  1152. } else if (os_strcmp(buf, "logger_stdout") == 0) {
  1153. bss->logger_stdout = atoi(pos);
  1154. } else if (os_strcmp(buf, "dump_file") == 0) {
  1155. bss->dump_log_name = os_strdup(pos);
  1156. } else if (os_strcmp(buf, "ssid") == 0) {
  1157. bss->ssid.ssid_len = os_strlen(pos);
  1158. if (bss->ssid.ssid_len > HOSTAPD_MAX_SSID_LEN ||
  1159. bss->ssid.ssid_len < 1) {
  1160. printf("Line %d: invalid SSID '%s'\n", line,
  1161. pos);
  1162. errors++;
  1163. } else {
  1164. os_memcpy(bss->ssid.ssid, pos,
  1165. bss->ssid.ssid_len);
  1166. bss->ssid.ssid[bss->ssid.ssid_len] = '\0';
  1167. bss->ssid.ssid_set = 1;
  1168. }
  1169. } else if (os_strcmp(buf, "macaddr_acl") == 0) {
  1170. bss->macaddr_acl = atoi(pos);
  1171. if (bss->macaddr_acl != ACCEPT_UNLESS_DENIED &&
  1172. bss->macaddr_acl != DENY_UNLESS_ACCEPTED &&
  1173. bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
  1174. printf("Line %d: unknown macaddr_acl %d\n",
  1175. line, bss->macaddr_acl);
  1176. }
  1177. } else if (os_strcmp(buf, "accept_mac_file") == 0) {
  1178. if (hostapd_config_read_maclist(pos, &bss->accept_mac,
  1179. &bss->num_accept_mac))
  1180. {
  1181. printf("Line %d: Failed to read "
  1182. "accept_mac_file '%s'\n",
  1183. line, pos);
  1184. errors++;
  1185. }
  1186. } else if (os_strcmp(buf, "deny_mac_file") == 0) {
  1187. if (hostapd_config_read_maclist(pos, &bss->deny_mac,
  1188. &bss->num_deny_mac))
  1189. {
  1190. printf("Line %d: Failed to read "
  1191. "deny_mac_file '%s'\n",
  1192. line, pos);
  1193. errors++;
  1194. }
  1195. } else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
  1196. bss->ap_max_inactivity = atoi(pos);
  1197. } else if (os_strcmp(buf, "country_code") == 0) {
  1198. os_memcpy(conf->country, pos, 2);
  1199. /* FIX: make this configurable */
  1200. conf->country[2] = ' ';
  1201. } else if (os_strcmp(buf, "ieee80211d") == 0) {
  1202. conf->ieee80211d = atoi(pos);
  1203. } else if (os_strcmp(buf, "ieee80211h") == 0) {
  1204. conf->ieee80211h = atoi(pos);
  1205. } else if (os_strcmp(buf, "assoc_ap_addr") == 0) {
  1206. if (hwaddr_aton(pos, bss->assoc_ap_addr)) {
  1207. printf("Line %d: invalid MAC address '%s'\n",
  1208. line, pos);
  1209. errors++;
  1210. }
  1211. bss->assoc_ap = 1;
  1212. } else if (os_strcmp(buf, "ieee8021x") == 0) {
  1213. bss->ieee802_1x = atoi(pos);
  1214. } else if (os_strcmp(buf, "eapol_version") == 0) {
  1215. bss->eapol_version = atoi(pos);
  1216. if (bss->eapol_version < 1 ||
  1217. bss->eapol_version > 2) {
  1218. printf("Line %d: invalid EAPOL "
  1219. "version (%d): '%s'.\n",
  1220. line, bss->eapol_version, pos);
  1221. errors++;
  1222. } else
  1223. wpa_printf(MSG_DEBUG, "eapol_version=%d",
  1224. bss->eapol_version);
  1225. #ifdef EAP_SERVER
  1226. } else if (os_strcmp(buf, "eap_authenticator") == 0) {
  1227. bss->eap_server = atoi(pos);
  1228. printf("Line %d: obsolete eap_authenticator used; "
  1229. "this has been renamed to eap_server\n", line);
  1230. } else if (os_strcmp(buf, "eap_server") == 0) {
  1231. bss->eap_server = atoi(pos);
  1232. } else if (os_strcmp(buf, "eap_user_file") == 0) {
  1233. if (hostapd_config_read_eap_user(pos, bss))
  1234. errors++;
  1235. } else if (os_strcmp(buf, "ca_cert") == 0) {
  1236. os_free(bss->ca_cert);
  1237. bss->ca_cert = os_strdup(pos);
  1238. } else if (os_strcmp(buf, "server_cert") == 0) {
  1239. os_free(bss->server_cert);
  1240. bss->server_cert = os_strdup(pos);
  1241. } else if (os_strcmp(buf, "private_key") == 0) {
  1242. os_free(bss->private_key);
  1243. bss->private_key = os_strdup(pos);
  1244. } else if (os_strcmp(buf, "private_key_passwd") == 0) {
  1245. os_free(bss->private_key_passwd);
  1246. bss->private_key_passwd = os_strdup(pos);
  1247. } else if (os_strcmp(buf, "check_crl") == 0) {
  1248. bss->check_crl = atoi(pos);
  1249. } else if (os_strcmp(buf, "dh_file") == 0) {
  1250. os_free(bss->dh_file);
  1251. bss->dh_file = os_strdup(pos);
  1252. #ifdef EAP_FAST
  1253. } else if (os_strcmp(buf, "pac_opaque_encr_key") == 0) {
  1254. os_free(bss->pac_opaque_encr_key);
  1255. bss->pac_opaque_encr_key = os_malloc(16);
  1256. if (bss->pac_opaque_encr_key == NULL) {
  1257. printf("Line %d: No memory for "
  1258. "pac_opque_encr_key\n", line);
  1259. errors++;
  1260. } else if (hexstr2bin(pos, bss->pac_opaque_encr_key,
  1261. 16)) {
  1262. printf("Line %d: Invalid pac_opque_encr_key\n",
  1263. line);
  1264. errors++;
  1265. }
  1266. } else if (os_strcmp(buf, "eap_fast_a_id") == 0) {
  1267. os_free(bss->eap_fast_a_id);
  1268. bss->eap_fast_a_id = os_strdup(pos);
  1269. #endif /* EAP_FAST */
  1270. #ifdef EAP_SIM
  1271. } else if (os_strcmp(buf, "eap_sim_db") == 0) {
  1272. os_free(bss->eap_sim_db);
  1273. bss->eap_sim_db = os_strdup(pos);
  1274. } else if (os_strcmp(buf, "eap_sim_aka_result_ind") == 0) {
  1275. bss->eap_sim_aka_result_ind = atoi(pos);
  1276. #endif /* EAP_SIM */
  1277. #endif /* EAP_SERVER */
  1278. } else if (os_strcmp(buf, "eap_message") == 0) {
  1279. char *term;
  1280. bss->eap_req_id_text = os_strdup(pos);
  1281. if (bss->eap_req_id_text == NULL) {
  1282. printf("Line %d: Failed to allocate memory "
  1283. "for eap_req_id_text\n", line);
  1284. errors++;
  1285. continue;
  1286. }
  1287. bss->eap_req_id_text_len =
  1288. os_strlen(bss->eap_req_id_text);
  1289. term = os_strstr(bss->eap_req_id_text, "\\0");
  1290. if (term) {
  1291. *term++ = '\0';
  1292. os_memmove(term, term + 1,
  1293. bss->eap_req_id_text_len -
  1294. (term - bss->eap_req_id_text) - 1);
  1295. bss->eap_req_id_text_len--;
  1296. }
  1297. } else if (os_strcmp(buf, "wep_key_len_broadcast") == 0) {
  1298. bss->default_wep_key_len = atoi(pos);
  1299. if (bss->default_wep_key_len > 13) {
  1300. printf("Line %d: invalid WEP key len %lu "
  1301. "(= %lu bits)\n", line,
  1302. (unsigned long)
  1303. bss->default_wep_key_len,
  1304. (unsigned long)
  1305. bss->default_wep_key_len * 8);
  1306. errors++;
  1307. }
  1308. } else if (os_strcmp(buf, "wep_key_len_unicast") == 0) {
  1309. bss->individual_wep_key_len = atoi(pos);
  1310. if (bss->individual_wep_key_len < 0 ||
  1311. bss->individual_wep_key_len > 13) {
  1312. printf("Line %d: invalid WEP key len %d "
  1313. "(= %d bits)\n", line,
  1314. bss->individual_wep_key_len,
  1315. bss->individual_wep_key_len * 8);
  1316. errors++;
  1317. }
  1318. } else if (os_strcmp(buf, "wep_rekey_period") == 0) {
  1319. bss->wep_rekeying_period = atoi(pos);
  1320. if (bss->wep_rekeying_period < 0) {
  1321. printf("Line %d: invalid period %d\n",
  1322. line, bss->wep_rekeying_period);
  1323. errors++;
  1324. }
  1325. } else if (os_strcmp(buf, "eap_reauth_period") == 0) {
  1326. bss->eap_reauth_period = atoi(pos);
  1327. if (bss->eap_reauth_period < 0) {
  1328. printf("Line %d: invalid period %d\n",
  1329. line, bss->eap_reauth_period);
  1330. errors++;
  1331. }
  1332. } else if (os_strcmp(buf, "eapol_key_index_workaround") == 0) {
  1333. bss->eapol_key_index_workaround = atoi(pos);
  1334. #ifdef CONFIG_IAPP
  1335. } else if (os_strcmp(buf, "iapp_interface") == 0) {
  1336. bss->ieee802_11f = 1;
  1337. os_strlcpy(bss->iapp_iface, pos,
  1338. sizeof(bss->iapp_iface));
  1339. #endif /* CONFIG_IAPP */
  1340. } else if (os_strcmp(buf, "own_ip_addr") == 0) {
  1341. if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) {
  1342. printf("Line %d: invalid IP address '%s'\n",
  1343. line, pos);
  1344. errors++;
  1345. }
  1346. } else if (os_strcmp(buf, "nas_identifier") == 0) {
  1347. bss->nas_identifier = os_strdup(pos);
  1348. } else if (os_strcmp(buf, "auth_server_addr") == 0) {
  1349. if (hostapd_config_read_radius_addr(
  1350. &bss->radius->auth_servers,
  1351. &bss->radius->num_auth_servers, pos, 1812,
  1352. &bss->radius->auth_server)) {
  1353. printf("Line %d: invalid IP address '%s'\n",
  1354. line, pos);
  1355. errors++;
  1356. }
  1357. } else if (bss->radius->auth_server &&
  1358. os_strcmp(buf, "auth_server_port") == 0) {
  1359. bss->radius->auth_server->port = atoi(pos);
  1360. } else if (bss->radius->auth_server &&
  1361. os_strcmp(buf, "auth_server_shared_secret") == 0) {
  1362. int len = os_strlen(pos);
  1363. if (len == 0) {
  1364. /* RFC 2865, Ch. 3 */
  1365. printf("Line %d: empty shared secret is not "
  1366. "allowed.\n", line);
  1367. errors++;
  1368. }
  1369. bss->radius->auth_server->shared_secret =
  1370. (u8 *) os_strdup(pos);
  1371. bss->radius->auth_server->shared_secret_len = len;
  1372. } else if (os_strcmp(buf, "acct_server_addr") == 0) {
  1373. if (hostapd_config_read_radius_addr(
  1374. &bss->radius->acct_servers,
  1375. &bss->radius->num_acct_servers, pos, 1813,
  1376. &bss->radius->acct_server)) {
  1377. printf("Line %d: invalid IP address '%s'\n",
  1378. line, pos);
  1379. errors++;
  1380. }
  1381. } else if (bss->radius->acct_server &&
  1382. os_strcmp(buf, "acct_server_port") == 0) {
  1383. bss->radius->acct_server->port = atoi(pos);
  1384. } else if (bss->radius->acct_server &&
  1385. os_strcmp(buf, "acct_server_shared_secret") == 0) {
  1386. int len = os_strlen(pos);
  1387. if (len == 0) {
  1388. /* RFC 2865, Ch. 3 */
  1389. printf("Line %d: empty shared secret is not "
  1390. "allowed.\n", line);
  1391. errors++;
  1392. }
  1393. bss->radius->acct_server->shared_secret =
  1394. (u8 *) os_strdup(pos);
  1395. bss->radius->acct_server->shared_secret_len = len;
  1396. } else if (os_strcmp(buf, "radius_retry_primary_interval") ==
  1397. 0) {
  1398. bss->radius->retry_primary_interval = atoi(pos);
  1399. } else if (os_strcmp(buf, "radius_acct_interim_interval") == 0)
  1400. {
  1401. bss->radius->acct_interim_interval = atoi(pos);
  1402. } else if (os_strcmp(buf, "auth_algs") == 0) {
  1403. bss->auth_algs = atoi(pos);
  1404. if (bss->auth_algs == 0) {
  1405. printf("Line %d: no authentication algorithms "
  1406. "allowed\n",
  1407. line);
  1408. errors++;
  1409. }
  1410. } else if (os_strcmp(buf, "max_num_sta") == 0) {
  1411. bss->max_num_sta = atoi(pos);
  1412. if (bss->max_num_sta < 0 ||
  1413. bss->max_num_sta > MAX_STA_COUNT) {
  1414. printf("Line %d: Invalid max_num_sta=%d; "
  1415. "allowed range 0..%d\n", line,
  1416. bss->max_num_sta, MAX_STA_COUNT);
  1417. errors++;
  1418. }
  1419. } else if (os_strcmp(buf, "wpa") == 0) {
  1420. bss->wpa = atoi(pos);
  1421. } else if (os_strcmp(buf, "wpa_group_rekey") == 0) {
  1422. bss->wpa_group_rekey = atoi(pos);
  1423. } else if (os_strcmp(buf, "wpa_strict_rekey") == 0) {
  1424. bss->wpa_strict_rekey = atoi(pos);
  1425. } else if (os_strcmp(buf, "wpa_gmk_rekey") == 0) {
  1426. bss->wpa_gmk_rekey = atoi(pos);
  1427. } else if (os_strcmp(buf, "wpa_passphrase") == 0) {
  1428. int len = os_strlen(pos);
  1429. if (len < 8 || len > 63) {
  1430. printf("Line %d: invalid WPA passphrase length"
  1431. " %d (expected 8..63)\n", line, len);
  1432. errors++;
  1433. } else {
  1434. os_free(bss->ssid.wpa_passphrase);
  1435. bss->ssid.wpa_passphrase = os_strdup(pos);
  1436. }
  1437. } else if (os_strcmp(buf, "wpa_psk") == 0) {
  1438. os_free(bss->ssid.wpa_psk);
  1439. bss->ssid.wpa_psk =
  1440. os_zalloc(sizeof(struct hostapd_wpa_psk));
  1441. if (bss->ssid.wpa_psk == NULL)
  1442. errors++;
  1443. else if (hexstr2bin(pos, bss->ssid.wpa_psk->psk,
  1444. PMK_LEN) ||
  1445. pos[PMK_LEN * 2] != '\0') {
  1446. printf("Line %d: Invalid PSK '%s'.\n", line,
  1447. pos);
  1448. errors++;
  1449. } else {
  1450. bss->ssid.wpa_psk->group = 1;
  1451. }
  1452. } else if (os_strcmp(buf, "wpa_psk_file") == 0) {
  1453. os_free(bss->ssid.wpa_psk_file);
  1454. bss->ssid.wpa_psk_file = os_strdup(pos);
  1455. if (!bss->ssid.wpa_psk_file) {
  1456. printf("Line %d: allocation failed\n", line);
  1457. errors++;
  1458. }
  1459. } else if (os_strcmp(buf, "wpa_key_mgmt") == 0) {
  1460. bss->wpa_key_mgmt =
  1461. hostapd_config_parse_key_mgmt(line, pos);
  1462. if (bss->wpa_key_mgmt == -1)
  1463. errors++;
  1464. } else if (os_strcmp(buf, "wpa_pairwise") == 0) {
  1465. bss->wpa_pairwise =
  1466. hostapd_config_parse_cipher(line, pos);
  1467. if (bss->wpa_pairwise == -1 ||
  1468. bss->wpa_pairwise == 0)
  1469. errors++;
  1470. else if (bss->wpa_pairwise &
  1471. (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
  1472. WPA_CIPHER_WEP104)) {
  1473. printf("Line %d: unsupported pairwise "
  1474. "cipher suite '%s'\n",
  1475. bss->wpa_pairwise, pos);
  1476. errors++;
  1477. }
  1478. } else if (os_strcmp(buf, "rsn_pairwise") == 0) {
  1479. bss->rsn_pairwise =
  1480. hostapd_config_parse_cipher(line, pos);
  1481. if (bss->rsn_pairwise == -1 ||
  1482. bss->rsn_pairwise == 0)
  1483. errors++;
  1484. else if (bss->rsn_pairwise &
  1485. (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
  1486. WPA_CIPHER_WEP104)) {
  1487. printf("Line %d: unsupported pairwise "
  1488. "cipher suite '%s'\n",
  1489. bss->rsn_pairwise, pos);
  1490. errors++;
  1491. }
  1492. #ifdef CONFIG_RSN_PREAUTH
  1493. } else if (os_strcmp(buf, "rsn_preauth") == 0) {
  1494. bss->rsn_preauth = atoi(pos);
  1495. } else if (os_strcmp(buf, "rsn_preauth_interfaces") == 0) {
  1496. bss->rsn_preauth_interfaces = os_strdup(pos);
  1497. #endif /* CONFIG_RSN_PREAUTH */
  1498. #ifdef CONFIG_PEERKEY
  1499. } else if (os_strcmp(buf, "peerkey") == 0) {
  1500. bss->peerkey = atoi(pos);
  1501. #endif /* CONFIG_PEERKEY */
  1502. #ifdef CONFIG_IEEE80211R
  1503. } else if (os_strcmp(buf, "mobility_domain") == 0) {
  1504. if (os_strlen(pos) != 2 * MOBILITY_DOMAIN_ID_LEN ||
  1505. hexstr2bin(pos, bss->mobility_domain,
  1506. MOBILITY_DOMAIN_ID_LEN) != 0) {
  1507. wpa_printf(MSG_DEBUG, "Line %d: Invalid "
  1508. "mobility_domain '%s'", line, pos);
  1509. errors++;
  1510. continue;
  1511. }
  1512. } else if (os_strcmp(buf, "r1_key_holder") == 0) {
  1513. if (os_strlen(pos) != 2 * FT_R1KH_ID_LEN ||
  1514. hexstr2bin(pos, bss->r1_key_holder,
  1515. FT_R1KH_ID_LEN) != 0) {
  1516. wpa_printf(MSG_DEBUG, "Line %d: Invalid "
  1517. "r1_key_holder '%s'", line, pos);
  1518. errors++;
  1519. continue;
  1520. }
  1521. } else if (os_strcmp(buf, "r0_key_lifetime") == 0) {
  1522. bss->r0_key_lifetime = atoi(pos);
  1523. } else if (os_strcmp(buf, "reassociation_deadline") == 0) {
  1524. bss->reassociation_deadline = atoi(pos);
  1525. } else if (os_strcmp(buf, "r0kh") == 0) {
  1526. if (add_r0kh(bss, pos) < 0) {
  1527. wpa_printf(MSG_DEBUG, "Line %d: Invalid "
  1528. "r0kh '%s'", line, pos);
  1529. errors++;
  1530. continue;
  1531. }
  1532. } else if (os_strcmp(buf, "r1kh") == 0) {
  1533. if (add_r1kh(bss, pos) < 0) {
  1534. wpa_printf(MSG_DEBUG, "Line %d: Invalid "
  1535. "r1kh '%s'", line, pos);
  1536. errors++;
  1537. continue;
  1538. }
  1539. } else if (os_strcmp(buf, "pmk_r1_push") == 0) {
  1540. bss->pmk_r1_push = atoi(pos);
  1541. #endif /* CONFIG_IEEE80211R */
  1542. } else if (os_strcmp(buf, "ctrl_interface") == 0) {
  1543. os_free(bss->ctrl_interface);
  1544. bss->ctrl_interface = os_strdup(pos);
  1545. } else if (os_strcmp(buf, "ctrl_interface_group") == 0) {
  1546. #ifndef CONFIG_NATIVE_WINDOWS
  1547. struct group *grp;
  1548. char *endp;
  1549. const char *group = pos;
  1550. grp = getgrnam(group);
  1551. if (grp) {
  1552. bss->ctrl_interface_gid = grp->gr_gid;
  1553. bss->ctrl_interface_gid_set = 1;
  1554. wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
  1555. " (from group name '%s')",
  1556. bss->ctrl_interface_gid, group);
  1557. continue;
  1558. }
  1559. /* Group name not found - try to parse this as gid */
  1560. bss->ctrl_interface_gid = strtol(group, &endp, 10);
  1561. if (*group == '\0' || *endp != '\0') {
  1562. wpa_printf(MSG_DEBUG, "Line %d: Invalid group "
  1563. "'%s'", line, group);
  1564. errors++;
  1565. continue;
  1566. }
  1567. bss->ctrl_interface_gid_set = 1;
  1568. wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
  1569. bss->ctrl_interface_gid);
  1570. #endif /* CONFIG_NATIVE_WINDOWS */
  1571. #ifdef RADIUS_SERVER
  1572. } else if (os_strcmp(buf, "radius_server_clients") == 0) {
  1573. os_free(bss->radius_server_clients);
  1574. bss->radius_server_clients = os_strdup(pos);
  1575. } else if (os_strcmp(buf, "radius_server_auth_port") == 0) {
  1576. bss->radius_server_auth_port = atoi(pos);
  1577. } else if (os_strcmp(buf, "radius_server_ipv6") == 0) {
  1578. bss->radius_server_ipv6 = atoi(pos);
  1579. #endif /* RADIUS_SERVER */
  1580. } else if (os_strcmp(buf, "test_socket") == 0) {
  1581. os_free(bss->test_socket);
  1582. bss->test_socket = os_strdup(pos);
  1583. } else if (os_strcmp(buf, "use_pae_group_addr") == 0) {
  1584. bss->use_pae_group_addr = atoi(pos);
  1585. } else if (os_strcmp(buf, "hw_mode") == 0) {
  1586. if (os_strcmp(pos, "a") == 0)
  1587. conf->hw_mode = HOSTAPD_MODE_IEEE80211A;
  1588. else if (os_strcmp(pos, "b") == 0)
  1589. conf->hw_mode = HOSTAPD_MODE_IEEE80211B;
  1590. else if (os_strcmp(pos, "g") == 0)
  1591. conf->hw_mode = HOSTAPD_MODE_IEEE80211G;
  1592. else {
  1593. printf("Line %d: unknown hw_mode '%s'\n",
  1594. line, pos);
  1595. errors++;
  1596. }
  1597. } else if (os_strcmp(buf, "channel") == 0) {
  1598. conf->channel = atoi(pos);
  1599. } else if (os_strcmp(buf, "beacon_int") == 0) {
  1600. int val = atoi(pos);
  1601. /* MIB defines range as 1..65535, but very small values
  1602. * cause problems with the current implementation.
  1603. * Since it is unlikely that this small numbers are
  1604. * useful in real life scenarios, do not allow beacon
  1605. * period to be set below 15 TU. */
  1606. if (val < 15 || val > 65535) {
  1607. printf("Line %d: invalid beacon_int %d "
  1608. "(expected 15..65535)\n",
  1609. line, val);
  1610. errors++;
  1611. } else
  1612. conf->beacon_int = val;
  1613. } else if (os_strcmp(buf, "dtim_period") == 0) {
  1614. bss->dtim_period = atoi(pos);
  1615. if (bss->dtim_period < 1 || bss->dtim_period > 255) {
  1616. printf("Line %d: invalid dtim_period %d\n",
  1617. line, bss->dtim_period);
  1618. errors++;
  1619. }
  1620. } else if (os_strcmp(buf, "rts_threshold") == 0) {
  1621. conf->rts_threshold = atoi(pos);
  1622. if (conf->rts_threshold < 0 ||
  1623. conf->rts_threshold > 2347) {
  1624. printf("Line %d: invalid rts_threshold %d\n",
  1625. line, conf->rts_threshold);
  1626. errors++;
  1627. }
  1628. } else if (os_strcmp(buf, "fragm_threshold") == 0) {
  1629. conf->fragm_threshold = atoi(pos);
  1630. if (conf->fragm_threshold < 256 ||
  1631. conf->fragm_threshold > 2346) {
  1632. printf("Line %d: invalid fragm_threshold %d\n",
  1633. line, conf->fragm_threshold);
  1634. errors++;
  1635. }
  1636. } else if (os_strcmp(buf, "send_probe_response") == 0) {
  1637. int val = atoi(pos);
  1638. if (val != 0 && val != 1) {
  1639. printf("Line %d: invalid send_probe_response "
  1640. "%d (expected 0 or 1)\n", line, val);
  1641. } else
  1642. conf->send_probe_response = val;
  1643. } else if (os_strcmp(buf, "supported_rates") == 0) {
  1644. if (hostapd_parse_rates(&conf->supported_rates, pos)) {
  1645. printf("Line %d: invalid rate list\n", line);
  1646. errors++;
  1647. }
  1648. } else if (os_strcmp(buf, "basic_rates") == 0) {
  1649. if (hostapd_parse_rates(&conf->basic_rates, pos)) {
  1650. printf("Line %d: invalid rate list\n", line);
  1651. errors++;
  1652. }
  1653. } else if (os_strcmp(buf, "ignore_broadcast_ssid") == 0) {
  1654. bss->ignore_broadcast_ssid = atoi(pos);
  1655. } else if (os_strcmp(buf, "bridge_packets") == 0) {
  1656. conf->bridge_packets = atoi(pos);
  1657. } else if (os_strcmp(buf, "wep_default_key") == 0) {
  1658. bss->ssid.wep.idx = atoi(pos);
  1659. if (bss->ssid.wep.idx > 3) {
  1660. printf("Invalid wep_default_key index %d\n",
  1661. bss->ssid.wep.idx);
  1662. errors++;
  1663. }
  1664. } else if (os_strcmp(buf, "wep_key0") == 0 ||
  1665. os_strcmp(buf, "wep_key1") == 0 ||
  1666. os_strcmp(buf, "wep_key2") == 0 ||
  1667. os_strcmp(buf, "wep_key3") == 0) {
  1668. if (hostapd_config_read_wep(&bss->ssid.wep,
  1669. buf[7] - '0', pos)) {
  1670. printf("Line %d: invalid WEP key '%s'\n",
  1671. line, buf);
  1672. errors++;
  1673. }
  1674. } else if (os_strcmp(buf, "dynamic_vlan") == 0) {
  1675. bss->ssid.dynamic_vlan = atoi(pos);
  1676. } else if (os_strcmp(buf, "vlan_file") == 0) {
  1677. if (hostapd_config_read_vlan_file(bss, pos)) {
  1678. printf("Line %d: failed to read VLAN file "
  1679. "'%s'\n", line, pos);
  1680. errors++;
  1681. }
  1682. #ifdef CONFIG_FULL_DYNAMIC_VLAN
  1683. } else if (os_strcmp(buf, "vlan_tagged_interface") == 0) {
  1684. bss->ssid.vlan_tagged_interface = os_strdup(pos);
  1685. #endif /* CONFIG_FULL_DYNAMIC_VLAN */
  1686. } else if (os_strcmp(buf, "passive_scan_interval") == 0) {
  1687. conf->passive_scan_interval = atoi(pos);
  1688. } else if (os_strcmp(buf, "passive_scan_listen") == 0) {
  1689. conf->passive_scan_listen = atoi(pos);
  1690. } else if (os_strcmp(buf, "passive_scan_mode") == 0) {
  1691. conf->passive_scan_mode = atoi(pos);
  1692. } else if (os_strcmp(buf, "ap_table_max_size") == 0) {
  1693. conf->ap_table_max_size = atoi(pos);
  1694. } else if (os_strcmp(buf, "ap_table_expiration_time") == 0) {
  1695. conf->ap_table_expiration_time = atoi(pos);
  1696. } else if (os_strncmp(buf, "tx_queue_", 9) == 0) {
  1697. if (hostapd_config_tx_queue(conf, buf, pos)) {
  1698. printf("Line %d: invalid TX queue item\n",
  1699. line);
  1700. errors++;
  1701. }
  1702. } else if (os_strcmp(buf, "wme_enabled") == 0) {
  1703. bss->wme_enabled = atoi(pos);
  1704. } else if (os_strncmp(buf, "wme_ac_", 7) == 0) {
  1705. if (hostapd_config_wme_ac(conf, buf, pos)) {
  1706. printf("Line %d: invalid wme ac item\n",
  1707. line);
  1708. errors++;
  1709. }
  1710. } else if (os_strcmp(buf, "bss") == 0) {
  1711. if (hostapd_config_bss(conf, pos)) {
  1712. printf("Line %d: invalid bss item\n", line);
  1713. errors++;
  1714. }
  1715. } else if (os_strcmp(buf, "bssid") == 0) {
  1716. if (bss == conf->bss &&
  1717. (!conf->driver || !conf->driver->init_bssid)) {
  1718. printf("Line %d: bssid item not allowed "
  1719. "for the default interface and this "
  1720. "driver\n", line);
  1721. errors++;
  1722. } else if (hwaddr_aton(pos, bss->bssid)) {
  1723. printf("Line %d: invalid bssid item\n", line);
  1724. errors++;
  1725. }
  1726. #ifdef CONFIG_IEEE80211W
  1727. } else if (os_strcmp(buf, "ieee80211w") == 0) {
  1728. bss->ieee80211w = atoi(pos);
  1729. #endif /* CONFIG_IEEE80211W */
  1730. } else {
  1731. printf("Line %d: unknown configuration item '%s'\n",
  1732. line, buf);
  1733. errors++;
  1734. }
  1735. }
  1736. fclose(f);
  1737. if (bss->individual_wep_key_len == 0) {
  1738. /* individual keys are not use; can use key idx0 for broadcast
  1739. * keys */
  1740. bss->broadcast_key_idx_min = 0;
  1741. }
  1742. /* Select group cipher based on the enabled pairwise cipher suites */
  1743. pairwise = 0;
  1744. if (bss->wpa & 1)
  1745. pairwise |= bss->wpa_pairwise;
  1746. if (bss->wpa & 2) {
  1747. if (bss->rsn_pairwise == 0)
  1748. bss->rsn_pairwise = bss->wpa_pairwise;
  1749. pairwise |= bss->rsn_pairwise;
  1750. }
  1751. if (pairwise & WPA_CIPHER_TKIP)
  1752. bss->wpa_group = WPA_CIPHER_TKIP;
  1753. else
  1754. bss->wpa_group = WPA_CIPHER_CCMP;
  1755. for (i = 0; i < conf->num_bss; i++) {
  1756. bss = &conf->bss[i];
  1757. bss->radius->auth_server = bss->radius->auth_servers;
  1758. bss->radius->acct_server = bss->radius->acct_servers;
  1759. if (bss->wpa && bss->ieee802_1x) {
  1760. bss->ssid.security_policy = SECURITY_WPA;
  1761. } else if (bss->wpa) {
  1762. bss->ssid.security_policy = SECURITY_WPA_PSK;
  1763. } else if (bss->ieee802_1x) {
  1764. bss->ssid.security_policy = SECURITY_IEEE_802_1X;
  1765. bss->ssid.wep.default_len = bss->default_wep_key_len;
  1766. } else if (bss->ssid.wep.keys_set)
  1767. bss->ssid.security_policy = SECURITY_STATIC_WEP;
  1768. else
  1769. bss->ssid.security_policy = SECURITY_PLAINTEXT;
  1770. }
  1771. if (hostapd_config_check(conf))
  1772. errors++;
  1773. if (errors) {
  1774. printf("%d errors found in configuration file '%s'\n",
  1775. errors, fname);
  1776. hostapd_config_free(conf);
  1777. conf = NULL;
  1778. }
  1779. return conf;
  1780. }
  1781. int hostapd_wep_key_cmp(struct hostapd_wep_keys *a, struct hostapd_wep_keys *b)
  1782. {
  1783. int i;
  1784. if (a->idx != b->idx || a->default_len != b->default_len)
  1785. return 1;
  1786. for (i = 0; i < NUM_WEP_KEYS; i++)
  1787. if (a->len[i] != b->len[i] ||
  1788. os_memcmp(a->key[i], b->key[i], a->len[i]) != 0)
  1789. return 1;
  1790. return 0;
  1791. }
  1792. static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
  1793. int num_servers)
  1794. {
  1795. int i;
  1796. for (i = 0; i < num_servers; i++) {
  1797. os_free(servers[i].shared_secret);
  1798. }
  1799. os_free(servers);
  1800. }
  1801. static void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
  1802. {
  1803. os_free(user->identity);
  1804. os_free(user->password);
  1805. os_free(user);
  1806. }
  1807. static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
  1808. {
  1809. int i;
  1810. for (i = 0; i < NUM_WEP_KEYS; i++) {
  1811. os_free(keys->key[i]);
  1812. keys->key[i] = NULL;
  1813. }
  1814. }
  1815. static void hostapd_config_free_bss(struct hostapd_bss_config *conf)
  1816. {
  1817. struct hostapd_wpa_psk *psk, *prev;
  1818. struct hostapd_eap_user *user, *prev_user;
  1819. if (conf == NULL)
  1820. return;
  1821. psk = conf->ssid.wpa_psk;
  1822. while (psk) {
  1823. prev = psk;
  1824. psk = psk->next;
  1825. os_free(prev);
  1826. }
  1827. os_free(conf->ssid.wpa_passphrase);
  1828. os_free(conf->ssid.wpa_psk_file);
  1829. #ifdef CONFIG_FULL_DYNAMIC_VLAN
  1830. os_free(conf->ssid.vlan_tagged_interface);
  1831. #endif /* CONFIG_FULL_DYNAMIC_VLAN */
  1832. user = conf->eap_user;
  1833. while (user) {
  1834. prev_user = user;
  1835. user = user->next;
  1836. hostapd_config_free_eap_user(prev_user);
  1837. }
  1838. os_free(conf->dump_log_name);
  1839. os_free(conf->eap_req_id_text);
  1840. os_free(conf->accept_mac);
  1841. os_free(conf->deny_mac);
  1842. os_free(conf->nas_identifier);
  1843. hostapd_config_free_radius(conf->radius->auth_servers,
  1844. conf->radius->num_auth_servers);
  1845. hostapd_config_free_radius(conf->radius->acct_servers,
  1846. conf->radius->num_acct_servers);
  1847. os_free(conf->rsn_preauth_interfaces);
  1848. os_free(conf->ctrl_interface);
  1849. os_free(conf->ca_cert);
  1850. os_free(conf->server_cert);
  1851. os_free(conf->private_key);
  1852. os_free(conf->private_key_passwd);
  1853. os_free(conf->dh_file);
  1854. os_free(conf->pac_opaque_encr_key);
  1855. os_free(conf->eap_fast_a_id);
  1856. os_free(conf->eap_sim_db);
  1857. os_free(conf->radius_server_clients);
  1858. os_free(conf->test_socket);
  1859. os_free(conf->radius);
  1860. hostapd_config_free_vlan(conf);
  1861. if (conf->ssid.dyn_vlan_keys) {
  1862. struct hostapd_ssid *ssid = &conf->ssid;
  1863. size_t i;
  1864. for (i = 0; i <= ssid->max_dyn_vlan_keys; i++) {
  1865. if (ssid->dyn_vlan_keys[i] == NULL)
  1866. continue;
  1867. hostapd_config_free_wep(ssid->dyn_vlan_keys[i]);
  1868. os_free(ssid->dyn_vlan_keys[i]);
  1869. }
  1870. os_free(ssid->dyn_vlan_keys);
  1871. ssid->dyn_vlan_keys = NULL;
  1872. }
  1873. #ifdef CONFIG_IEEE80211R
  1874. {
  1875. struct ft_remote_r0kh *r0kh, *r0kh_prev;
  1876. struct ft_remote_r1kh *r1kh, *r1kh_prev;
  1877. r0kh = conf->r0kh_list;
  1878. conf->r0kh_list = NULL;
  1879. while (r0kh) {
  1880. r0kh_prev = r0kh;
  1881. r0kh = r0kh->next;
  1882. os_free(r0kh_prev);
  1883. }
  1884. r1kh = conf->r1kh_list;
  1885. conf->r1kh_list = NULL;
  1886. while (r1kh) {
  1887. r1kh_prev = r1kh;
  1888. r1kh = r1kh->next;
  1889. os_free(r1kh_prev);
  1890. }
  1891. }
  1892. #endif /* CONFIG_IEEE80211R */
  1893. }
  1894. void hostapd_config_free(struct hostapd_config *conf)
  1895. {
  1896. size_t i;
  1897. if (conf == NULL)
  1898. return;
  1899. for (i = 0; i < conf->num_bss; i++)
  1900. hostapd_config_free_bss(&conf->bss[i]);
  1901. os_free(conf->bss);
  1902. os_free(conf);
  1903. }
  1904. /* Perform a binary search for given MAC address from a pre-sorted list.
  1905. * Returns 1 if address is in the list or 0 if not. */
  1906. int hostapd_maclist_found(macaddr *list, int num_entries, const u8 *addr)
  1907. {
  1908. int start, end, middle, res;
  1909. start = 0;
  1910. end = num_entries - 1;
  1911. while (start <= end) {
  1912. middle = (start + end) / 2;
  1913. res = os_memcmp(list[middle], addr, ETH_ALEN);
  1914. if (res == 0)
  1915. return 1;
  1916. if (res < 0)
  1917. start = middle + 1;
  1918. else
  1919. end = middle - 1;
  1920. }
  1921. return 0;
  1922. }
  1923. int hostapd_rate_found(int *list, int rate)
  1924. {
  1925. int i;
  1926. if (list == NULL)
  1927. return 0;
  1928. for (i = 0; list[i] >= 0; i++)
  1929. if (list[i] == rate)
  1930. return 1;
  1931. return 0;
  1932. }
  1933. const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
  1934. {
  1935. struct hostapd_vlan *v = vlan;
  1936. while (v) {
  1937. if (v->vlan_id == vlan_id || v->vlan_id == VLAN_ID_WILDCARD)
  1938. return v->ifname;
  1939. v = v->next;
  1940. }
  1941. return NULL;
  1942. }
  1943. const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
  1944. const u8 *addr, const u8 *prev_psk)
  1945. {
  1946. struct hostapd_wpa_psk *psk;
  1947. int next_ok = prev_psk == NULL;
  1948. for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
  1949. if (next_ok &&
  1950. (psk->group || os_memcmp(psk->addr, addr, ETH_ALEN) == 0))
  1951. return psk->psk;
  1952. if (psk->psk == prev_psk)
  1953. next_ok = 1;
  1954. }
  1955. return NULL;
  1956. }
  1957. const struct hostapd_eap_user *
  1958. hostapd_get_eap_user(const struct hostapd_bss_config *conf, const u8 *identity,
  1959. size_t identity_len, int phase2)
  1960. {
  1961. struct hostapd_eap_user *user = conf->eap_user;
  1962. while (user) {
  1963. if (!phase2 && user->identity == NULL) {
  1964. /* Wildcard match */
  1965. break;
  1966. }
  1967. if (user->phase2 == !!phase2 && user->wildcard_prefix &&
  1968. identity_len >= user->identity_len &&
  1969. os_memcmp(user->identity, identity, user->identity_len) ==
  1970. 0) {
  1971. /* Wildcard prefix match */
  1972. break;
  1973. }
  1974. if (user->phase2 == !!phase2 &&
  1975. user->identity_len == identity_len &&
  1976. os_memcmp(user->identity, identity, identity_len) == 0)
  1977. break;
  1978. user = user->next;
  1979. }
  1980. return user;
  1981. }