config_file.c 57 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123
  1. /*
  2. * hostapd / Configuration file parser
  3. * Copyright (c) 2003-2009, Jouni Malinen <j@w1.fi>
  4. *
  5. * This program is free software; you can redistribute it and/or modify
  6. * it under the terms of the GNU General Public License version 2 as
  7. * published by the Free Software Foundation.
  8. *
  9. * Alternatively, this software may be distributed under the terms of BSD
  10. * license.
  11. *
  12. * See README and COPYING for more details.
  13. */
  14. #include "utils/includes.h"
  15. #ifndef CONFIG_NATIVE_WINDOWS
  16. #include <grp.h>
  17. #endif /* CONFIG_NATIVE_WINDOWS */
  18. #include "utils/common.h"
  19. #include "utils/uuid.h"
  20. #include "common/ieee802_11_defs.h"
  21. #include "drivers/driver.h"
  22. #include "eap_server/eap.h"
  23. #include "radius/radius_client.h"
  24. #include "ap/wpa_auth.h"
  25. #include "ap/ap_config.h"
  26. #include "config_file.h"
  27. extern struct wpa_driver_ops *wpa_drivers[];
  28. #ifndef CONFIG_NO_VLAN
  29. static int hostapd_config_read_vlan_file(struct hostapd_bss_config *bss,
  30. const char *fname)
  31. {
  32. FILE *f;
  33. char buf[128], *pos, *pos2;
  34. int line = 0, vlan_id;
  35. struct hostapd_vlan *vlan;
  36. f = fopen(fname, "r");
  37. if (!f) {
  38. wpa_printf(MSG_ERROR, "VLAN file '%s' not readable.", fname);
  39. return -1;
  40. }
  41. while (fgets(buf, sizeof(buf), f)) {
  42. line++;
  43. if (buf[0] == '#')
  44. continue;
  45. pos = buf;
  46. while (*pos != '\0') {
  47. if (*pos == '\n') {
  48. *pos = '\0';
  49. break;
  50. }
  51. pos++;
  52. }
  53. if (buf[0] == '\0')
  54. continue;
  55. if (buf[0] == '*') {
  56. vlan_id = VLAN_ID_WILDCARD;
  57. pos = buf + 1;
  58. } else {
  59. vlan_id = strtol(buf, &pos, 10);
  60. if (buf == pos || vlan_id < 1 ||
  61. vlan_id > MAX_VLAN_ID) {
  62. wpa_printf(MSG_ERROR, "Invalid VLAN ID at "
  63. "line %d in '%s'", line, fname);
  64. fclose(f);
  65. return -1;
  66. }
  67. }
  68. while (*pos == ' ' || *pos == '\t')
  69. pos++;
  70. pos2 = pos;
  71. while (*pos2 != ' ' && *pos2 != '\t' && *pos2 != '\0')
  72. pos2++;
  73. *pos2 = '\0';
  74. if (*pos == '\0' || os_strlen(pos) > IFNAMSIZ) {
  75. wpa_printf(MSG_ERROR, "Invalid VLAN ifname at line %d "
  76. "in '%s'", line, fname);
  77. fclose(f);
  78. return -1;
  79. }
  80. vlan = os_malloc(sizeof(*vlan));
  81. if (vlan == NULL) {
  82. wpa_printf(MSG_ERROR, "Out of memory while reading "
  83. "VLAN interfaces from '%s'", fname);
  84. fclose(f);
  85. return -1;
  86. }
  87. os_memset(vlan, 0, sizeof(*vlan));
  88. vlan->vlan_id = vlan_id;
  89. os_strlcpy(vlan->ifname, pos, sizeof(vlan->ifname));
  90. if (bss->vlan_tail)
  91. bss->vlan_tail->next = vlan;
  92. else
  93. bss->vlan = vlan;
  94. bss->vlan_tail = vlan;
  95. }
  96. fclose(f);
  97. return 0;
  98. }
  99. #endif /* CONFIG_NO_VLAN */
  100. static int hostapd_acl_comp(const void *a, const void *b)
  101. {
  102. const struct mac_acl_entry *aa = a;
  103. const struct mac_acl_entry *bb = b;
  104. return os_memcmp(aa->addr, bb->addr, sizeof(macaddr));
  105. }
  106. static int hostapd_config_read_maclist(const char *fname,
  107. struct mac_acl_entry **acl, int *num)
  108. {
  109. FILE *f;
  110. char buf[128], *pos;
  111. int line = 0;
  112. u8 addr[ETH_ALEN];
  113. struct mac_acl_entry *newacl;
  114. int vlan_id;
  115. if (!fname)
  116. return 0;
  117. f = fopen(fname, "r");
  118. if (!f) {
  119. wpa_printf(MSG_ERROR, "MAC list file '%s' not found.", fname);
  120. return -1;
  121. }
  122. while (fgets(buf, sizeof(buf), f)) {
  123. line++;
  124. if (buf[0] == '#')
  125. continue;
  126. pos = buf;
  127. while (*pos != '\0') {
  128. if (*pos == '\n') {
  129. *pos = '\0';
  130. break;
  131. }
  132. pos++;
  133. }
  134. if (buf[0] == '\0')
  135. continue;
  136. if (hwaddr_aton(buf, addr)) {
  137. wpa_printf(MSG_ERROR, "Invalid MAC address '%s' at "
  138. "line %d in '%s'", buf, line, fname);
  139. fclose(f);
  140. return -1;
  141. }
  142. vlan_id = 0;
  143. pos = buf;
  144. while (*pos != '\0' && *pos != ' ' && *pos != '\t')
  145. pos++;
  146. while (*pos == ' ' || *pos == '\t')
  147. pos++;
  148. if (*pos != '\0')
  149. vlan_id = atoi(pos);
  150. newacl = os_realloc(*acl, (*num + 1) * sizeof(**acl));
  151. if (newacl == NULL) {
  152. wpa_printf(MSG_ERROR, "MAC list reallocation failed");
  153. fclose(f);
  154. return -1;
  155. }
  156. *acl = newacl;
  157. os_memcpy((*acl)[*num].addr, addr, ETH_ALEN);
  158. (*acl)[*num].vlan_id = vlan_id;
  159. (*num)++;
  160. }
  161. fclose(f);
  162. qsort(*acl, *num, sizeof(**acl), hostapd_acl_comp);
  163. return 0;
  164. }
  165. #ifdef EAP_SERVER
  166. static int hostapd_config_read_eap_user(const char *fname,
  167. struct hostapd_bss_config *conf)
  168. {
  169. FILE *f;
  170. char buf[512], *pos, *start, *pos2;
  171. int line = 0, ret = 0, num_methods;
  172. struct hostapd_eap_user *user, *tail = NULL;
  173. if (!fname)
  174. return 0;
  175. f = fopen(fname, "r");
  176. if (!f) {
  177. wpa_printf(MSG_ERROR, "EAP user file '%s' not found.", fname);
  178. return -1;
  179. }
  180. /* Lines: "user" METHOD,METHOD2 "password" (password optional) */
  181. while (fgets(buf, sizeof(buf), f)) {
  182. line++;
  183. if (buf[0] == '#')
  184. continue;
  185. pos = buf;
  186. while (*pos != '\0') {
  187. if (*pos == '\n') {
  188. *pos = '\0';
  189. break;
  190. }
  191. pos++;
  192. }
  193. if (buf[0] == '\0')
  194. continue;
  195. user = NULL;
  196. if (buf[0] != '"' && buf[0] != '*') {
  197. wpa_printf(MSG_ERROR, "Invalid EAP identity (no \" in "
  198. "start) on line %d in '%s'", line, fname);
  199. goto failed;
  200. }
  201. user = os_zalloc(sizeof(*user));
  202. if (user == NULL) {
  203. wpa_printf(MSG_ERROR, "EAP user allocation failed");
  204. goto failed;
  205. }
  206. user->force_version = -1;
  207. if (buf[0] == '*') {
  208. pos = buf;
  209. } else {
  210. pos = buf + 1;
  211. start = pos;
  212. while (*pos != '"' && *pos != '\0')
  213. pos++;
  214. if (*pos == '\0') {
  215. wpa_printf(MSG_ERROR, "Invalid EAP identity "
  216. "(no \" in end) on line %d in '%s'",
  217. line, fname);
  218. goto failed;
  219. }
  220. user->identity = os_malloc(pos - start);
  221. if (user->identity == NULL) {
  222. wpa_printf(MSG_ERROR, "Failed to allocate "
  223. "memory for EAP identity");
  224. goto failed;
  225. }
  226. os_memcpy(user->identity, start, pos - start);
  227. user->identity_len = pos - start;
  228. if (pos[0] == '"' && pos[1] == '*') {
  229. user->wildcard_prefix = 1;
  230. pos++;
  231. }
  232. }
  233. pos++;
  234. while (*pos == ' ' || *pos == '\t')
  235. pos++;
  236. if (*pos == '\0') {
  237. wpa_printf(MSG_ERROR, "No EAP method on line %d in "
  238. "'%s'", line, fname);
  239. goto failed;
  240. }
  241. start = pos;
  242. while (*pos != ' ' && *pos != '\t' && *pos != '\0')
  243. pos++;
  244. if (*pos == '\0') {
  245. pos = NULL;
  246. } else {
  247. *pos = '\0';
  248. pos++;
  249. }
  250. num_methods = 0;
  251. while (*start) {
  252. char *pos3 = os_strchr(start, ',');
  253. if (pos3) {
  254. *pos3++ = '\0';
  255. }
  256. user->methods[num_methods].method =
  257. eap_server_get_type(
  258. start,
  259. &user->methods[num_methods].vendor);
  260. if (user->methods[num_methods].vendor ==
  261. EAP_VENDOR_IETF &&
  262. user->methods[num_methods].method == EAP_TYPE_NONE)
  263. {
  264. if (os_strcmp(start, "TTLS-PAP") == 0) {
  265. user->ttls_auth |= EAP_TTLS_AUTH_PAP;
  266. goto skip_eap;
  267. }
  268. if (os_strcmp(start, "TTLS-CHAP") == 0) {
  269. user->ttls_auth |= EAP_TTLS_AUTH_CHAP;
  270. goto skip_eap;
  271. }
  272. if (os_strcmp(start, "TTLS-MSCHAP") == 0) {
  273. user->ttls_auth |=
  274. EAP_TTLS_AUTH_MSCHAP;
  275. goto skip_eap;
  276. }
  277. if (os_strcmp(start, "TTLS-MSCHAPV2") == 0) {
  278. user->ttls_auth |=
  279. EAP_TTLS_AUTH_MSCHAPV2;
  280. goto skip_eap;
  281. }
  282. wpa_printf(MSG_ERROR, "Unsupported EAP type "
  283. "'%s' on line %d in '%s'",
  284. start, line, fname);
  285. goto failed;
  286. }
  287. num_methods++;
  288. if (num_methods >= EAP_USER_MAX_METHODS)
  289. break;
  290. skip_eap:
  291. if (pos3 == NULL)
  292. break;
  293. start = pos3;
  294. }
  295. if (num_methods == 0 && user->ttls_auth == 0) {
  296. wpa_printf(MSG_ERROR, "No EAP types configured on "
  297. "line %d in '%s'", line, fname);
  298. goto failed;
  299. }
  300. if (pos == NULL)
  301. goto done;
  302. while (*pos == ' ' || *pos == '\t')
  303. pos++;
  304. if (*pos == '\0')
  305. goto done;
  306. if (os_strncmp(pos, "[ver=0]", 7) == 0) {
  307. user->force_version = 0;
  308. goto done;
  309. }
  310. if (os_strncmp(pos, "[ver=1]", 7) == 0) {
  311. user->force_version = 1;
  312. goto done;
  313. }
  314. if (os_strncmp(pos, "[2]", 3) == 0) {
  315. user->phase2 = 1;
  316. goto done;
  317. }
  318. if (*pos == '"') {
  319. pos++;
  320. start = pos;
  321. while (*pos != '"' && *pos != '\0')
  322. pos++;
  323. if (*pos == '\0') {
  324. wpa_printf(MSG_ERROR, "Invalid EAP password "
  325. "(no \" in end) on line %d in '%s'",
  326. line, fname);
  327. goto failed;
  328. }
  329. user->password = os_malloc(pos - start);
  330. if (user->password == NULL) {
  331. wpa_printf(MSG_ERROR, "Failed to allocate "
  332. "memory for EAP password");
  333. goto failed;
  334. }
  335. os_memcpy(user->password, start, pos - start);
  336. user->password_len = pos - start;
  337. pos++;
  338. } else if (os_strncmp(pos, "hash:", 5) == 0) {
  339. pos += 5;
  340. pos2 = pos;
  341. while (*pos2 != '\0' && *pos2 != ' ' &&
  342. *pos2 != '\t' && *pos2 != '#')
  343. pos2++;
  344. if (pos2 - pos != 32) {
  345. wpa_printf(MSG_ERROR, "Invalid password hash "
  346. "on line %d in '%s'", line, fname);
  347. goto failed;
  348. }
  349. user->password = os_malloc(16);
  350. if (user->password == NULL) {
  351. wpa_printf(MSG_ERROR, "Failed to allocate "
  352. "memory for EAP password hash");
  353. goto failed;
  354. }
  355. if (hexstr2bin(pos, user->password, 16) < 0) {
  356. wpa_printf(MSG_ERROR, "Invalid hash password "
  357. "on line %d in '%s'", line, fname);
  358. goto failed;
  359. }
  360. user->password_len = 16;
  361. user->password_hash = 1;
  362. pos = pos2;
  363. } else {
  364. pos2 = pos;
  365. while (*pos2 != '\0' && *pos2 != ' ' &&
  366. *pos2 != '\t' && *pos2 != '#')
  367. pos2++;
  368. if ((pos2 - pos) & 1) {
  369. wpa_printf(MSG_ERROR, "Invalid hex password "
  370. "on line %d in '%s'", line, fname);
  371. goto failed;
  372. }
  373. user->password = os_malloc((pos2 - pos) / 2);
  374. if (user->password == NULL) {
  375. wpa_printf(MSG_ERROR, "Failed to allocate "
  376. "memory for EAP password");
  377. goto failed;
  378. }
  379. if (hexstr2bin(pos, user->password,
  380. (pos2 - pos) / 2) < 0) {
  381. wpa_printf(MSG_ERROR, "Invalid hex password "
  382. "on line %d in '%s'", line, fname);
  383. goto failed;
  384. }
  385. user->password_len = (pos2 - pos) / 2;
  386. pos = pos2;
  387. }
  388. while (*pos == ' ' || *pos == '\t')
  389. pos++;
  390. if (os_strncmp(pos, "[2]", 3) == 0) {
  391. user->phase2 = 1;
  392. }
  393. done:
  394. if (tail == NULL) {
  395. tail = conf->eap_user = user;
  396. } else {
  397. tail->next = user;
  398. tail = user;
  399. }
  400. continue;
  401. failed:
  402. if (user) {
  403. os_free(user->password);
  404. os_free(user->identity);
  405. os_free(user);
  406. }
  407. ret = -1;
  408. break;
  409. }
  410. fclose(f);
  411. return ret;
  412. }
  413. #endif /* EAP_SERVER */
  414. #ifndef CONFIG_NO_RADIUS
  415. static int
  416. hostapd_config_read_radius_addr(struct hostapd_radius_server **server,
  417. int *num_server, const char *val, int def_port,
  418. struct hostapd_radius_server **curr_serv)
  419. {
  420. struct hostapd_radius_server *nserv;
  421. int ret;
  422. static int server_index = 1;
  423. nserv = os_realloc(*server, (*num_server + 1) * sizeof(*nserv));
  424. if (nserv == NULL)
  425. return -1;
  426. *server = nserv;
  427. nserv = &nserv[*num_server];
  428. (*num_server)++;
  429. (*curr_serv) = nserv;
  430. os_memset(nserv, 0, sizeof(*nserv));
  431. nserv->port = def_port;
  432. ret = hostapd_parse_ip_addr(val, &nserv->addr);
  433. nserv->index = server_index++;
  434. return ret;
  435. }
  436. #endif /* CONFIG_NO_RADIUS */
  437. static int hostapd_config_parse_key_mgmt(int line, const char *value)
  438. {
  439. int val = 0, last;
  440. char *start, *end, *buf;
  441. buf = os_strdup(value);
  442. if (buf == NULL)
  443. return -1;
  444. start = buf;
  445. while (*start != '\0') {
  446. while (*start == ' ' || *start == '\t')
  447. start++;
  448. if (*start == '\0')
  449. break;
  450. end = start;
  451. while (*end != ' ' && *end != '\t' && *end != '\0')
  452. end++;
  453. last = *end == '\0';
  454. *end = '\0';
  455. if (os_strcmp(start, "WPA-PSK") == 0)
  456. val |= WPA_KEY_MGMT_PSK;
  457. else if (os_strcmp(start, "WPA-EAP") == 0)
  458. val |= WPA_KEY_MGMT_IEEE8021X;
  459. #ifdef CONFIG_IEEE80211R
  460. else if (os_strcmp(start, "FT-PSK") == 0)
  461. val |= WPA_KEY_MGMT_FT_PSK;
  462. else if (os_strcmp(start, "FT-EAP") == 0)
  463. val |= WPA_KEY_MGMT_FT_IEEE8021X;
  464. #endif /* CONFIG_IEEE80211R */
  465. #ifdef CONFIG_IEEE80211W
  466. else if (os_strcmp(start, "WPA-PSK-SHA256") == 0)
  467. val |= WPA_KEY_MGMT_PSK_SHA256;
  468. else if (os_strcmp(start, "WPA-EAP-SHA256") == 0)
  469. val |= WPA_KEY_MGMT_IEEE8021X_SHA256;
  470. #endif /* CONFIG_IEEE80211W */
  471. else {
  472. wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
  473. line, start);
  474. os_free(buf);
  475. return -1;
  476. }
  477. if (last)
  478. break;
  479. start = end + 1;
  480. }
  481. os_free(buf);
  482. if (val == 0) {
  483. wpa_printf(MSG_ERROR, "Line %d: no key_mgmt values "
  484. "configured.", line);
  485. return -1;
  486. }
  487. return val;
  488. }
  489. static int hostapd_config_parse_cipher(int line, const char *value)
  490. {
  491. int val = 0, last;
  492. char *start, *end, *buf;
  493. buf = os_strdup(value);
  494. if (buf == NULL)
  495. return -1;
  496. start = buf;
  497. while (*start != '\0') {
  498. while (*start == ' ' || *start == '\t')
  499. start++;
  500. if (*start == '\0')
  501. break;
  502. end = start;
  503. while (*end != ' ' && *end != '\t' && *end != '\0')
  504. end++;
  505. last = *end == '\0';
  506. *end = '\0';
  507. if (os_strcmp(start, "CCMP") == 0)
  508. val |= WPA_CIPHER_CCMP;
  509. else if (os_strcmp(start, "TKIP") == 0)
  510. val |= WPA_CIPHER_TKIP;
  511. else if (os_strcmp(start, "WEP104") == 0)
  512. val |= WPA_CIPHER_WEP104;
  513. else if (os_strcmp(start, "WEP40") == 0)
  514. val |= WPA_CIPHER_WEP40;
  515. else if (os_strcmp(start, "NONE") == 0)
  516. val |= WPA_CIPHER_NONE;
  517. else {
  518. wpa_printf(MSG_ERROR, "Line %d: invalid cipher '%s'.",
  519. line, start);
  520. os_free(buf);
  521. return -1;
  522. }
  523. if (last)
  524. break;
  525. start = end + 1;
  526. }
  527. os_free(buf);
  528. if (val == 0) {
  529. wpa_printf(MSG_ERROR, "Line %d: no cipher values configured.",
  530. line);
  531. return -1;
  532. }
  533. return val;
  534. }
  535. static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx,
  536. char *val)
  537. {
  538. size_t len = os_strlen(val);
  539. if (keyidx < 0 || keyidx > 3 || wep->key[keyidx] != NULL)
  540. return -1;
  541. if (val[0] == '"') {
  542. if (len < 2 || val[len - 1] != '"')
  543. return -1;
  544. len -= 2;
  545. wep->key[keyidx] = os_malloc(len);
  546. if (wep->key[keyidx] == NULL)
  547. return -1;
  548. os_memcpy(wep->key[keyidx], val + 1, len);
  549. wep->len[keyidx] = len;
  550. } else {
  551. if (len & 1)
  552. return -1;
  553. len /= 2;
  554. wep->key[keyidx] = os_malloc(len);
  555. if (wep->key[keyidx] == NULL)
  556. return -1;
  557. wep->len[keyidx] = len;
  558. if (hexstr2bin(val, wep->key[keyidx], len) < 0)
  559. return -1;
  560. }
  561. wep->keys_set++;
  562. return 0;
  563. }
  564. static int hostapd_parse_rates(int **rate_list, char *val)
  565. {
  566. int *list;
  567. int count;
  568. char *pos, *end;
  569. os_free(*rate_list);
  570. *rate_list = NULL;
  571. pos = val;
  572. count = 0;
  573. while (*pos != '\0') {
  574. if (*pos == ' ')
  575. count++;
  576. pos++;
  577. }
  578. list = os_malloc(sizeof(int) * (count + 2));
  579. if (list == NULL)
  580. return -1;
  581. pos = val;
  582. count = 0;
  583. while (*pos != '\0') {
  584. end = os_strchr(pos, ' ');
  585. if (end)
  586. *end = '\0';
  587. list[count++] = atoi(pos);
  588. if (!end)
  589. break;
  590. pos = end + 1;
  591. }
  592. list[count] = -1;
  593. *rate_list = list;
  594. return 0;
  595. }
  596. static int hostapd_config_bss(struct hostapd_config *conf, const char *ifname)
  597. {
  598. struct hostapd_bss_config *bss;
  599. if (*ifname == '\0')
  600. return -1;
  601. bss = os_realloc(conf->bss, (conf->num_bss + 1) *
  602. sizeof(struct hostapd_bss_config));
  603. if (bss == NULL) {
  604. wpa_printf(MSG_ERROR, "Failed to allocate memory for "
  605. "multi-BSS entry");
  606. return -1;
  607. }
  608. conf->bss = bss;
  609. bss = &(conf->bss[conf->num_bss]);
  610. os_memset(bss, 0, sizeof(*bss));
  611. bss->radius = os_zalloc(sizeof(*bss->radius));
  612. if (bss->radius == NULL) {
  613. wpa_printf(MSG_ERROR, "Failed to allocate memory for "
  614. "multi-BSS RADIUS data");
  615. return -1;
  616. }
  617. conf->num_bss++;
  618. conf->last_bss = bss;
  619. hostapd_config_defaults_bss(bss);
  620. os_strlcpy(bss->iface, ifname, sizeof(bss->iface));
  621. os_memcpy(bss->ssid.vlan, bss->iface, IFNAMSIZ + 1);
  622. return 0;
  623. }
  624. /* convert floats with one decimal place to value*10 int, i.e.,
  625. * "1.5" will return 15 */
  626. static int hostapd_config_read_int10(const char *value)
  627. {
  628. int i, d;
  629. char *pos;
  630. i = atoi(value);
  631. pos = os_strchr(value, '.');
  632. d = 0;
  633. if (pos) {
  634. pos++;
  635. if (*pos >= '0' && *pos <= '9')
  636. d = *pos - '0';
  637. }
  638. return i * 10 + d;
  639. }
  640. static int valid_cw(int cw)
  641. {
  642. return (cw == 1 || cw == 3 || cw == 7 || cw == 15 || cw == 31 ||
  643. cw == 63 || cw == 127 || cw == 255 || cw == 511 || cw == 1023);
  644. }
  645. enum {
  646. IEEE80211_TX_QUEUE_DATA0 = 0, /* used for EDCA AC_VO data */
  647. IEEE80211_TX_QUEUE_DATA1 = 1, /* used for EDCA AC_VI data */
  648. IEEE80211_TX_QUEUE_DATA2 = 2, /* used for EDCA AC_BE data */
  649. IEEE80211_TX_QUEUE_DATA3 = 3 /* used for EDCA AC_BK data */
  650. };
  651. static int hostapd_config_tx_queue(struct hostapd_config *conf, char *name,
  652. char *val)
  653. {
  654. int num;
  655. char *pos;
  656. struct hostapd_tx_queue_params *queue;
  657. /* skip 'tx_queue_' prefix */
  658. pos = name + 9;
  659. if (os_strncmp(pos, "data", 4) == 0 &&
  660. pos[4] >= '0' && pos[4] <= '9' && pos[5] == '_') {
  661. num = pos[4] - '0';
  662. pos += 6;
  663. } else if (os_strncmp(pos, "after_beacon_", 13) == 0 ||
  664. os_strncmp(pos, "beacon_", 7) == 0) {
  665. wpa_printf(MSG_INFO, "DEPRECATED: '%s' not used", name);
  666. return 0;
  667. } else {
  668. wpa_printf(MSG_ERROR, "Unknown tx_queue name '%s'", pos);
  669. return -1;
  670. }
  671. if (num >= NUM_TX_QUEUES) {
  672. /* for backwards compatibility, do not trigger failure */
  673. wpa_printf(MSG_INFO, "DEPRECATED: '%s' not used", name);
  674. return 0;
  675. }
  676. queue = &conf->tx_queue[num];
  677. if (os_strcmp(pos, "aifs") == 0) {
  678. queue->aifs = atoi(val);
  679. if (queue->aifs < 0 || queue->aifs > 255) {
  680. wpa_printf(MSG_ERROR, "Invalid AIFS value %d",
  681. queue->aifs);
  682. return -1;
  683. }
  684. } else if (os_strcmp(pos, "cwmin") == 0) {
  685. queue->cwmin = atoi(val);
  686. if (!valid_cw(queue->cwmin)) {
  687. wpa_printf(MSG_ERROR, "Invalid cwMin value %d",
  688. queue->cwmin);
  689. return -1;
  690. }
  691. } else if (os_strcmp(pos, "cwmax") == 0) {
  692. queue->cwmax = atoi(val);
  693. if (!valid_cw(queue->cwmax)) {
  694. wpa_printf(MSG_ERROR, "Invalid cwMax value %d",
  695. queue->cwmax);
  696. return -1;
  697. }
  698. } else if (os_strcmp(pos, "burst") == 0) {
  699. queue->burst = hostapd_config_read_int10(val);
  700. } else {
  701. wpa_printf(MSG_ERROR, "Unknown tx_queue field '%s'", pos);
  702. return -1;
  703. }
  704. return 0;
  705. }
  706. static int hostapd_config_wmm_ac(struct hostapd_config *conf, char *name,
  707. char *val)
  708. {
  709. int num, v;
  710. char *pos;
  711. struct hostapd_wmm_ac_params *ac;
  712. /* skip 'wme_ac_' or 'wmm_ac_' prefix */
  713. pos = name + 7;
  714. if (os_strncmp(pos, "be_", 3) == 0) {
  715. num = 0;
  716. pos += 3;
  717. } else if (os_strncmp(pos, "bk_", 3) == 0) {
  718. num = 1;
  719. pos += 3;
  720. } else if (os_strncmp(pos, "vi_", 3) == 0) {
  721. num = 2;
  722. pos += 3;
  723. } else if (os_strncmp(pos, "vo_", 3) == 0) {
  724. num = 3;
  725. pos += 3;
  726. } else {
  727. wpa_printf(MSG_ERROR, "Unknown WMM name '%s'", pos);
  728. return -1;
  729. }
  730. ac = &conf->wmm_ac_params[num];
  731. if (os_strcmp(pos, "aifs") == 0) {
  732. v = atoi(val);
  733. if (v < 1 || v > 255) {
  734. wpa_printf(MSG_ERROR, "Invalid AIFS value %d", v);
  735. return -1;
  736. }
  737. ac->aifs = v;
  738. } else if (os_strcmp(pos, "cwmin") == 0) {
  739. v = atoi(val);
  740. if (v < 0 || v > 12) {
  741. wpa_printf(MSG_ERROR, "Invalid cwMin value %d", v);
  742. return -1;
  743. }
  744. ac->cwmin = v;
  745. } else if (os_strcmp(pos, "cwmax") == 0) {
  746. v = atoi(val);
  747. if (v < 0 || v > 12) {
  748. wpa_printf(MSG_ERROR, "Invalid cwMax value %d", v);
  749. return -1;
  750. }
  751. ac->cwmax = v;
  752. } else if (os_strcmp(pos, "txop_limit") == 0) {
  753. v = atoi(val);
  754. if (v < 0 || v > 0xffff) {
  755. wpa_printf(MSG_ERROR, "Invalid txop value %d", v);
  756. return -1;
  757. }
  758. ac->txop_limit = v;
  759. } else if (os_strcmp(pos, "acm") == 0) {
  760. v = atoi(val);
  761. if (v < 0 || v > 1) {
  762. wpa_printf(MSG_ERROR, "Invalid acm value %d", v);
  763. return -1;
  764. }
  765. ac->admission_control_mandatory = v;
  766. } else {
  767. wpa_printf(MSG_ERROR, "Unknown wmm_ac_ field '%s'", pos);
  768. return -1;
  769. }
  770. return 0;
  771. }
  772. #ifdef CONFIG_IEEE80211R
  773. static int add_r0kh(struct hostapd_bss_config *bss, char *value)
  774. {
  775. struct ft_remote_r0kh *r0kh;
  776. char *pos, *next;
  777. r0kh = os_zalloc(sizeof(*r0kh));
  778. if (r0kh == NULL)
  779. return -1;
  780. /* 02:01:02:03:04:05 a.example.com 000102030405060708090a0b0c0d0e0f */
  781. pos = value;
  782. next = os_strchr(pos, ' ');
  783. if (next)
  784. *next++ = '\0';
  785. if (next == NULL || hwaddr_aton(pos, r0kh->addr)) {
  786. wpa_printf(MSG_ERROR, "Invalid R0KH MAC address: '%s'", pos);
  787. os_free(r0kh);
  788. return -1;
  789. }
  790. pos = next;
  791. next = os_strchr(pos, ' ');
  792. if (next)
  793. *next++ = '\0';
  794. if (next == NULL || next - pos > FT_R0KH_ID_MAX_LEN) {
  795. wpa_printf(MSG_ERROR, "Invalid R0KH-ID: '%s'", pos);
  796. os_free(r0kh);
  797. return -1;
  798. }
  799. r0kh->id_len = next - pos - 1;
  800. os_memcpy(r0kh->id, pos, r0kh->id_len);
  801. pos = next;
  802. if (hexstr2bin(pos, r0kh->key, sizeof(r0kh->key))) {
  803. wpa_printf(MSG_ERROR, "Invalid R0KH key: '%s'", pos);
  804. os_free(r0kh);
  805. return -1;
  806. }
  807. r0kh->next = bss->r0kh_list;
  808. bss->r0kh_list = r0kh;
  809. return 0;
  810. }
  811. static int add_r1kh(struct hostapd_bss_config *bss, char *value)
  812. {
  813. struct ft_remote_r1kh *r1kh;
  814. char *pos, *next;
  815. r1kh = os_zalloc(sizeof(*r1kh));
  816. if (r1kh == NULL)
  817. return -1;
  818. /* 02:01:02:03:04:05 02:01:02:03:04:05
  819. * 000102030405060708090a0b0c0d0e0f */
  820. pos = value;
  821. next = os_strchr(pos, ' ');
  822. if (next)
  823. *next++ = '\0';
  824. if (next == NULL || hwaddr_aton(pos, r1kh->addr)) {
  825. wpa_printf(MSG_ERROR, "Invalid R1KH MAC address: '%s'", pos);
  826. os_free(r1kh);
  827. return -1;
  828. }
  829. pos = next;
  830. next = os_strchr(pos, ' ');
  831. if (next)
  832. *next++ = '\0';
  833. if (next == NULL || hwaddr_aton(pos, r1kh->id)) {
  834. wpa_printf(MSG_ERROR, "Invalid R1KH-ID: '%s'", pos);
  835. os_free(r1kh);
  836. return -1;
  837. }
  838. pos = next;
  839. if (hexstr2bin(pos, r1kh->key, sizeof(r1kh->key))) {
  840. wpa_printf(MSG_ERROR, "Invalid R1KH key: '%s'", pos);
  841. os_free(r1kh);
  842. return -1;
  843. }
  844. r1kh->next = bss->r1kh_list;
  845. bss->r1kh_list = r1kh;
  846. return 0;
  847. }
  848. #endif /* CONFIG_IEEE80211R */
  849. #ifdef CONFIG_IEEE80211N
  850. static int hostapd_config_ht_capab(struct hostapd_config *conf,
  851. const char *capab)
  852. {
  853. if (os_strstr(capab, "[LDPC]"))
  854. conf->ht_capab |= HT_CAP_INFO_LDPC_CODING_CAP;
  855. if (os_strstr(capab, "[HT40-]")) {
  856. conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
  857. conf->secondary_channel = -1;
  858. }
  859. if (os_strstr(capab, "[HT40+]")) {
  860. conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
  861. conf->secondary_channel = 1;
  862. }
  863. if (os_strstr(capab, "[SMPS-STATIC]")) {
  864. conf->ht_capab &= ~HT_CAP_INFO_SMPS_MASK;
  865. conf->ht_capab |= HT_CAP_INFO_SMPS_STATIC;
  866. }
  867. if (os_strstr(capab, "[SMPS-DYNAMIC]")) {
  868. conf->ht_capab &= ~HT_CAP_INFO_SMPS_MASK;
  869. conf->ht_capab |= HT_CAP_INFO_SMPS_DYNAMIC;
  870. }
  871. if (os_strstr(capab, "[GF]"))
  872. conf->ht_capab |= HT_CAP_INFO_GREEN_FIELD;
  873. if (os_strstr(capab, "[SHORT-GI-20]"))
  874. conf->ht_capab |= HT_CAP_INFO_SHORT_GI20MHZ;
  875. if (os_strstr(capab, "[SHORT-GI-40]"))
  876. conf->ht_capab |= HT_CAP_INFO_SHORT_GI40MHZ;
  877. if (os_strstr(capab, "[TX-STBC]"))
  878. conf->ht_capab |= HT_CAP_INFO_TX_STBC;
  879. if (os_strstr(capab, "[RX-STBC1]")) {
  880. conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
  881. conf->ht_capab |= HT_CAP_INFO_RX_STBC_1;
  882. }
  883. if (os_strstr(capab, "[RX-STBC12]")) {
  884. conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
  885. conf->ht_capab |= HT_CAP_INFO_RX_STBC_12;
  886. }
  887. if (os_strstr(capab, "[RX-STBC123]")) {
  888. conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
  889. conf->ht_capab |= HT_CAP_INFO_RX_STBC_123;
  890. }
  891. if (os_strstr(capab, "[DELAYED-BA]"))
  892. conf->ht_capab |= HT_CAP_INFO_DELAYED_BA;
  893. if (os_strstr(capab, "[MAX-AMSDU-7935]"))
  894. conf->ht_capab |= HT_CAP_INFO_MAX_AMSDU_SIZE;
  895. if (os_strstr(capab, "[DSSS_CCK-40]"))
  896. conf->ht_capab |= HT_CAP_INFO_DSSS_CCK40MHZ;
  897. if (os_strstr(capab, "[PSMP]"))
  898. conf->ht_capab |= HT_CAP_INFO_PSMP_SUPP;
  899. if (os_strstr(capab, "[LSIG-TXOP-PROT]"))
  900. conf->ht_capab |= HT_CAP_INFO_LSIG_TXOP_PROTECT_SUPPORT;
  901. return 0;
  902. }
  903. #endif /* CONFIG_IEEE80211N */
  904. static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
  905. struct hostapd_config *conf)
  906. {
  907. if (bss->ieee802_1x && !bss->eap_server &&
  908. !bss->radius->auth_servers) {
  909. wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no "
  910. "EAP authenticator configured).");
  911. return -1;
  912. }
  913. if (bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
  914. bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
  915. bss->ssid.wpa_psk_file == NULL) {
  916. wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase "
  917. "is not configured.");
  918. return -1;
  919. }
  920. if (hostapd_mac_comp_empty(bss->bssid) != 0) {
  921. size_t i;
  922. for (i = 0; i < conf->num_bss; i++) {
  923. if ((&conf->bss[i] != bss) &&
  924. (hostapd_mac_comp(conf->bss[i].bssid,
  925. bss->bssid) == 0)) {
  926. wpa_printf(MSG_ERROR, "Duplicate BSSID " MACSTR
  927. " on interface '%s' and '%s'.",
  928. MAC2STR(bss->bssid),
  929. conf->bss[i].iface, bss->iface);
  930. return -1;
  931. }
  932. }
  933. }
  934. #ifdef CONFIG_IEEE80211R
  935. if ((bss->wpa_key_mgmt &
  936. (WPA_KEY_MGMT_FT_PSK | WPA_KEY_MGMT_FT_IEEE8021X)) &&
  937. (bss->nas_identifier == NULL ||
  938. os_strlen(bss->nas_identifier) < 1 ||
  939. os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) {
  940. wpa_printf(MSG_ERROR, "FT (IEEE 802.11r) requires "
  941. "nas_identifier to be configured as a 1..48 octet "
  942. "string");
  943. return -1;
  944. }
  945. #endif /* CONFIG_IEEE80211R */
  946. #ifdef CONFIG_IEEE80211N
  947. if (conf->ieee80211n &&
  948. bss->ssid.security_policy == SECURITY_STATIC_WEP) {
  949. bss->disable_11n = 1;
  950. wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not "
  951. "allowed, disabling HT capabilities");
  952. }
  953. if (conf->ieee80211n && bss->wpa &&
  954. !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
  955. !(bss->rsn_pairwise & WPA_CIPHER_CCMP)) {
  956. bss->disable_11n = 1;
  957. wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 "
  958. "requires CCMP to be enabled, disabling HT "
  959. "capabilities");
  960. }
  961. #endif /* CONFIG_IEEE80211N */
  962. #ifdef CONFIG_WPS2
  963. if (bss->wps_state && bss->ignore_broadcast_ssid) {
  964. wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid "
  965. "configuration forced WPS to be disabled");
  966. bss->wps_state = 0;
  967. }
  968. if (bss->wps_state && bss->ssid.wep.keys_set && bss->wpa == 0) {
  969. wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be "
  970. "disabled");
  971. bss->wps_state = 0;
  972. }
  973. #endif /* CONFIG_WPS2 */
  974. return 0;
  975. }
  976. static int hostapd_config_check(struct hostapd_config *conf)
  977. {
  978. size_t i;
  979. if (conf->ieee80211d && (!conf->country[0] || !conf->country[1])) {
  980. wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11d without "
  981. "setting the country_code");
  982. return -1;
  983. }
  984. for (i = 0; i < conf->num_bss; i++) {
  985. if (hostapd_config_check_bss(&conf->bss[i], conf))
  986. return -1;
  987. }
  988. return 0;
  989. }
  990. /**
  991. * hostapd_config_read - Read and parse a configuration file
  992. * @fname: Configuration file name (including path, if needed)
  993. * Returns: Allocated configuration data structure
  994. */
  995. struct hostapd_config * hostapd_config_read(const char *fname)
  996. {
  997. struct hostapd_config *conf;
  998. struct hostapd_bss_config *bss;
  999. FILE *f;
  1000. char buf[256], *pos;
  1001. int line = 0;
  1002. int errors = 0;
  1003. int pairwise;
  1004. size_t i;
  1005. f = fopen(fname, "r");
  1006. if (f == NULL) {
  1007. wpa_printf(MSG_ERROR, "Could not open configuration file '%s' "
  1008. "for reading.", fname);
  1009. return NULL;
  1010. }
  1011. conf = hostapd_config_defaults();
  1012. if (conf == NULL) {
  1013. fclose(f);
  1014. return NULL;
  1015. }
  1016. /* set default driver based on configuration */
  1017. conf->driver = wpa_drivers[0];
  1018. if (conf->driver == NULL) {
  1019. wpa_printf(MSG_ERROR, "No driver wrappers registered!");
  1020. hostapd_config_free(conf);
  1021. fclose(f);
  1022. return NULL;
  1023. }
  1024. bss = conf->last_bss = conf->bss;
  1025. while (fgets(buf, sizeof(buf), f)) {
  1026. bss = conf->last_bss;
  1027. line++;
  1028. if (buf[0] == '#')
  1029. continue;
  1030. pos = buf;
  1031. while (*pos != '\0') {
  1032. if (*pos == '\n') {
  1033. *pos = '\0';
  1034. break;
  1035. }
  1036. pos++;
  1037. }
  1038. if (buf[0] == '\0')
  1039. continue;
  1040. pos = os_strchr(buf, '=');
  1041. if (pos == NULL) {
  1042. wpa_printf(MSG_ERROR, "Line %d: invalid line '%s'",
  1043. line, buf);
  1044. errors++;
  1045. continue;
  1046. }
  1047. *pos = '\0';
  1048. pos++;
  1049. if (os_strcmp(buf, "interface") == 0) {
  1050. os_strlcpy(conf->bss[0].iface, pos,
  1051. sizeof(conf->bss[0].iface));
  1052. } else if (os_strcmp(buf, "bridge") == 0) {
  1053. os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
  1054. } else if (os_strcmp(buf, "wds_bridge") == 0) {
  1055. os_strlcpy(bss->wds_bridge, pos,
  1056. sizeof(bss->wds_bridge));
  1057. } else if (os_strcmp(buf, "driver") == 0) {
  1058. int j;
  1059. /* clear to get error below if setting is invalid */
  1060. conf->driver = NULL;
  1061. for (j = 0; wpa_drivers[j]; j++) {
  1062. if (os_strcmp(pos, wpa_drivers[j]->name) == 0)
  1063. {
  1064. conf->driver = wpa_drivers[j];
  1065. break;
  1066. }
  1067. }
  1068. if (conf->driver == NULL) {
  1069. wpa_printf(MSG_ERROR, "Line %d: invalid/"
  1070. "unknown driver '%s'", line, pos);
  1071. errors++;
  1072. }
  1073. } else if (os_strcmp(buf, "debug") == 0) {
  1074. wpa_printf(MSG_DEBUG, "Line %d: DEPRECATED: 'debug' "
  1075. "configuration variable is not used "
  1076. "anymore", line);
  1077. } else if (os_strcmp(buf, "logger_syslog_level") == 0) {
  1078. bss->logger_syslog_level = atoi(pos);
  1079. } else if (os_strcmp(buf, "logger_stdout_level") == 0) {
  1080. bss->logger_stdout_level = atoi(pos);
  1081. } else if (os_strcmp(buf, "logger_syslog") == 0) {
  1082. bss->logger_syslog = atoi(pos);
  1083. } else if (os_strcmp(buf, "logger_stdout") == 0) {
  1084. bss->logger_stdout = atoi(pos);
  1085. } else if (os_strcmp(buf, "dump_file") == 0) {
  1086. bss->dump_log_name = os_strdup(pos);
  1087. } else if (os_strcmp(buf, "ssid") == 0) {
  1088. bss->ssid.ssid_len = os_strlen(pos);
  1089. if (bss->ssid.ssid_len > HOSTAPD_MAX_SSID_LEN ||
  1090. bss->ssid.ssid_len < 1) {
  1091. wpa_printf(MSG_ERROR, "Line %d: invalid SSID "
  1092. "'%s'", line, pos);
  1093. errors++;
  1094. } else {
  1095. os_memcpy(bss->ssid.ssid, pos,
  1096. bss->ssid.ssid_len);
  1097. bss->ssid.ssid[bss->ssid.ssid_len] = '\0';
  1098. bss->ssid.ssid_set = 1;
  1099. }
  1100. } else if (os_strcmp(buf, "macaddr_acl") == 0) {
  1101. bss->macaddr_acl = atoi(pos);
  1102. if (bss->macaddr_acl != ACCEPT_UNLESS_DENIED &&
  1103. bss->macaddr_acl != DENY_UNLESS_ACCEPTED &&
  1104. bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
  1105. wpa_printf(MSG_ERROR, "Line %d: unknown "
  1106. "macaddr_acl %d",
  1107. line, bss->macaddr_acl);
  1108. }
  1109. } else if (os_strcmp(buf, "accept_mac_file") == 0) {
  1110. if (hostapd_config_read_maclist(pos, &bss->accept_mac,
  1111. &bss->num_accept_mac))
  1112. {
  1113. wpa_printf(MSG_ERROR, "Line %d: Failed to "
  1114. "read accept_mac_file '%s'",
  1115. line, pos);
  1116. errors++;
  1117. }
  1118. } else if (os_strcmp(buf, "deny_mac_file") == 0) {
  1119. if (hostapd_config_read_maclist(pos, &bss->deny_mac,
  1120. &bss->num_deny_mac)) {
  1121. wpa_printf(MSG_ERROR, "Line %d: Failed to "
  1122. "read deny_mac_file '%s'",
  1123. line, pos);
  1124. errors++;
  1125. }
  1126. } else if (os_strcmp(buf, "wds_sta") == 0) {
  1127. bss->wds_sta = atoi(pos);
  1128. } else if (os_strcmp(buf, "ap_isolate") == 0) {
  1129. bss->isolate = atoi(pos);
  1130. } else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
  1131. bss->ap_max_inactivity = atoi(pos);
  1132. } else if (os_strcmp(buf, "country_code") == 0) {
  1133. os_memcpy(conf->country, pos, 2);
  1134. /* FIX: make this configurable */
  1135. conf->country[2] = ' ';
  1136. } else if (os_strcmp(buf, "ieee80211d") == 0) {
  1137. conf->ieee80211d = atoi(pos);
  1138. } else if (os_strcmp(buf, "ieee8021x") == 0) {
  1139. bss->ieee802_1x = atoi(pos);
  1140. } else if (os_strcmp(buf, "eapol_version") == 0) {
  1141. bss->eapol_version = atoi(pos);
  1142. if (bss->eapol_version < 1 ||
  1143. bss->eapol_version > 2) {
  1144. wpa_printf(MSG_ERROR, "Line %d: invalid EAPOL "
  1145. "version (%d): '%s'.",
  1146. line, bss->eapol_version, pos);
  1147. errors++;
  1148. } else
  1149. wpa_printf(MSG_DEBUG, "eapol_version=%d",
  1150. bss->eapol_version);
  1151. #ifdef EAP_SERVER
  1152. } else if (os_strcmp(buf, "eap_authenticator") == 0) {
  1153. bss->eap_server = atoi(pos);
  1154. wpa_printf(MSG_ERROR, "Line %d: obsolete "
  1155. "eap_authenticator used; this has been "
  1156. "renamed to eap_server", line);
  1157. } else if (os_strcmp(buf, "eap_server") == 0) {
  1158. bss->eap_server = atoi(pos);
  1159. } else if (os_strcmp(buf, "eap_user_file") == 0) {
  1160. if (hostapd_config_read_eap_user(pos, bss))
  1161. errors++;
  1162. } else if (os_strcmp(buf, "ca_cert") == 0) {
  1163. os_free(bss->ca_cert);
  1164. bss->ca_cert = os_strdup(pos);
  1165. } else if (os_strcmp(buf, "server_cert") == 0) {
  1166. os_free(bss->server_cert);
  1167. bss->server_cert = os_strdup(pos);
  1168. } else if (os_strcmp(buf, "private_key") == 0) {
  1169. os_free(bss->private_key);
  1170. bss->private_key = os_strdup(pos);
  1171. } else if (os_strcmp(buf, "private_key_passwd") == 0) {
  1172. os_free(bss->private_key_passwd);
  1173. bss->private_key_passwd = os_strdup(pos);
  1174. } else if (os_strcmp(buf, "check_crl") == 0) {
  1175. bss->check_crl = atoi(pos);
  1176. } else if (os_strcmp(buf, "dh_file") == 0) {
  1177. os_free(bss->dh_file);
  1178. bss->dh_file = os_strdup(pos);
  1179. } else if (os_strcmp(buf, "fragment_size") == 0) {
  1180. bss->fragment_size = atoi(pos);
  1181. #ifdef EAP_SERVER_FAST
  1182. } else if (os_strcmp(buf, "pac_opaque_encr_key") == 0) {
  1183. os_free(bss->pac_opaque_encr_key);
  1184. bss->pac_opaque_encr_key = os_malloc(16);
  1185. if (bss->pac_opaque_encr_key == NULL) {
  1186. wpa_printf(MSG_ERROR, "Line %d: No memory for "
  1187. "pac_opaque_encr_key", line);
  1188. errors++;
  1189. } else if (hexstr2bin(pos, bss->pac_opaque_encr_key,
  1190. 16)) {
  1191. wpa_printf(MSG_ERROR, "Line %d: Invalid "
  1192. "pac_opaque_encr_key", line);
  1193. errors++;
  1194. }
  1195. } else if (os_strcmp(buf, "eap_fast_a_id") == 0) {
  1196. size_t idlen = os_strlen(pos);
  1197. if (idlen & 1) {
  1198. wpa_printf(MSG_ERROR, "Line %d: Invalid "
  1199. "eap_fast_a_id", line);
  1200. errors++;
  1201. } else {
  1202. os_free(bss->eap_fast_a_id);
  1203. bss->eap_fast_a_id = os_malloc(idlen / 2);
  1204. if (bss->eap_fast_a_id == NULL ||
  1205. hexstr2bin(pos, bss->eap_fast_a_id,
  1206. idlen / 2)) {
  1207. wpa_printf(MSG_ERROR, "Line %d: "
  1208. "Failed to parse "
  1209. "eap_fast_a_id", line);
  1210. errors++;
  1211. } else
  1212. bss->eap_fast_a_id_len = idlen / 2;
  1213. }
  1214. } else if (os_strcmp(buf, "eap_fast_a_id_info") == 0) {
  1215. os_free(bss->eap_fast_a_id_info);
  1216. bss->eap_fast_a_id_info = os_strdup(pos);
  1217. } else if (os_strcmp(buf, "eap_fast_prov") == 0) {
  1218. bss->eap_fast_prov = atoi(pos);
  1219. } else if (os_strcmp(buf, "pac_key_lifetime") == 0) {
  1220. bss->pac_key_lifetime = atoi(pos);
  1221. } else if (os_strcmp(buf, "pac_key_refresh_time") == 0) {
  1222. bss->pac_key_refresh_time = atoi(pos);
  1223. #endif /* EAP_SERVER_FAST */
  1224. #ifdef EAP_SERVER_SIM
  1225. } else if (os_strcmp(buf, "eap_sim_db") == 0) {
  1226. os_free(bss->eap_sim_db);
  1227. bss->eap_sim_db = os_strdup(pos);
  1228. } else if (os_strcmp(buf, "eap_sim_aka_result_ind") == 0) {
  1229. bss->eap_sim_aka_result_ind = atoi(pos);
  1230. #endif /* EAP_SERVER_SIM */
  1231. #ifdef EAP_SERVER_TNC
  1232. } else if (os_strcmp(buf, "tnc") == 0) {
  1233. bss->tnc = atoi(pos);
  1234. #endif /* EAP_SERVER_TNC */
  1235. #ifdef EAP_SERVER_PWD
  1236. } else if (os_strcmp(buf, "pwd_group") == 0) {
  1237. bss->pwd_group = atoi(pos);
  1238. #endif /* EAP_SERVER_PWD */
  1239. #endif /* EAP_SERVER */
  1240. } else if (os_strcmp(buf, "eap_message") == 0) {
  1241. char *term;
  1242. bss->eap_req_id_text = os_strdup(pos);
  1243. if (bss->eap_req_id_text == NULL) {
  1244. wpa_printf(MSG_ERROR, "Line %d: Failed to "
  1245. "allocate memory for "
  1246. "eap_req_id_text", line);
  1247. errors++;
  1248. continue;
  1249. }
  1250. bss->eap_req_id_text_len =
  1251. os_strlen(bss->eap_req_id_text);
  1252. term = os_strstr(bss->eap_req_id_text, "\\0");
  1253. if (term) {
  1254. *term++ = '\0';
  1255. os_memmove(term, term + 1,
  1256. bss->eap_req_id_text_len -
  1257. (term - bss->eap_req_id_text) - 1);
  1258. bss->eap_req_id_text_len--;
  1259. }
  1260. } else if (os_strcmp(buf, "wep_key_len_broadcast") == 0) {
  1261. bss->default_wep_key_len = atoi(pos);
  1262. if (bss->default_wep_key_len > 13) {
  1263. wpa_printf(MSG_ERROR, "Line %d: invalid WEP "
  1264. "key len %lu (= %lu bits)", line,
  1265. (unsigned long)
  1266. bss->default_wep_key_len,
  1267. (unsigned long)
  1268. bss->default_wep_key_len * 8);
  1269. errors++;
  1270. }
  1271. } else if (os_strcmp(buf, "wep_key_len_unicast") == 0) {
  1272. bss->individual_wep_key_len = atoi(pos);
  1273. if (bss->individual_wep_key_len < 0 ||
  1274. bss->individual_wep_key_len > 13) {
  1275. wpa_printf(MSG_ERROR, "Line %d: invalid WEP "
  1276. "key len %d (= %d bits)", line,
  1277. bss->individual_wep_key_len,
  1278. bss->individual_wep_key_len * 8);
  1279. errors++;
  1280. }
  1281. } else if (os_strcmp(buf, "wep_rekey_period") == 0) {
  1282. bss->wep_rekeying_period = atoi(pos);
  1283. if (bss->wep_rekeying_period < 0) {
  1284. wpa_printf(MSG_ERROR, "Line %d: invalid "
  1285. "period %d",
  1286. line, bss->wep_rekeying_period);
  1287. errors++;
  1288. }
  1289. } else if (os_strcmp(buf, "eap_reauth_period") == 0) {
  1290. bss->eap_reauth_period = atoi(pos);
  1291. if (bss->eap_reauth_period < 0) {
  1292. wpa_printf(MSG_ERROR, "Line %d: invalid "
  1293. "period %d",
  1294. line, bss->eap_reauth_period);
  1295. errors++;
  1296. }
  1297. } else if (os_strcmp(buf, "eapol_key_index_workaround") == 0) {
  1298. bss->eapol_key_index_workaround = atoi(pos);
  1299. #ifdef CONFIG_IAPP
  1300. } else if (os_strcmp(buf, "iapp_interface") == 0) {
  1301. bss->ieee802_11f = 1;
  1302. os_strlcpy(bss->iapp_iface, pos,
  1303. sizeof(bss->iapp_iface));
  1304. #endif /* CONFIG_IAPP */
  1305. } else if (os_strcmp(buf, "own_ip_addr") == 0) {
  1306. if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) {
  1307. wpa_printf(MSG_ERROR, "Line %d: invalid IP "
  1308. "address '%s'", line, pos);
  1309. errors++;
  1310. }
  1311. } else if (os_strcmp(buf, "nas_identifier") == 0) {
  1312. bss->nas_identifier = os_strdup(pos);
  1313. #ifndef CONFIG_NO_RADIUS
  1314. } else if (os_strcmp(buf, "auth_server_addr") == 0) {
  1315. if (hostapd_config_read_radius_addr(
  1316. &bss->radius->auth_servers,
  1317. &bss->radius->num_auth_servers, pos, 1812,
  1318. &bss->radius->auth_server)) {
  1319. wpa_printf(MSG_ERROR, "Line %d: invalid IP "
  1320. "address '%s'", line, pos);
  1321. errors++;
  1322. }
  1323. } else if (bss->radius->auth_server &&
  1324. os_strcmp(buf, "auth_server_port") == 0) {
  1325. bss->radius->auth_server->port = atoi(pos);
  1326. } else if (bss->radius->auth_server &&
  1327. os_strcmp(buf, "auth_server_shared_secret") == 0) {
  1328. int len = os_strlen(pos);
  1329. if (len == 0) {
  1330. /* RFC 2865, Ch. 3 */
  1331. wpa_printf(MSG_ERROR, "Line %d: empty shared "
  1332. "secret is not allowed.", line);
  1333. errors++;
  1334. }
  1335. bss->radius->auth_server->shared_secret =
  1336. (u8 *) os_strdup(pos);
  1337. bss->radius->auth_server->shared_secret_len = len;
  1338. } else if (os_strcmp(buf, "acct_server_addr") == 0) {
  1339. if (hostapd_config_read_radius_addr(
  1340. &bss->radius->acct_servers,
  1341. &bss->radius->num_acct_servers, pos, 1813,
  1342. &bss->radius->acct_server)) {
  1343. wpa_printf(MSG_ERROR, "Line %d: invalid IP "
  1344. "address '%s'", line, pos);
  1345. errors++;
  1346. }
  1347. } else if (bss->radius->acct_server &&
  1348. os_strcmp(buf, "acct_server_port") == 0) {
  1349. bss->radius->acct_server->port = atoi(pos);
  1350. } else if (bss->radius->acct_server &&
  1351. os_strcmp(buf, "acct_server_shared_secret") == 0) {
  1352. int len = os_strlen(pos);
  1353. if (len == 0) {
  1354. /* RFC 2865, Ch. 3 */
  1355. wpa_printf(MSG_ERROR, "Line %d: empty shared "
  1356. "secret is not allowed.", line);
  1357. errors++;
  1358. }
  1359. bss->radius->acct_server->shared_secret =
  1360. (u8 *) os_strdup(pos);
  1361. bss->radius->acct_server->shared_secret_len = len;
  1362. } else if (os_strcmp(buf, "radius_retry_primary_interval") ==
  1363. 0) {
  1364. bss->radius->retry_primary_interval = atoi(pos);
  1365. } else if (os_strcmp(buf, "radius_acct_interim_interval") == 0)
  1366. {
  1367. bss->acct_interim_interval = atoi(pos);
  1368. #endif /* CONFIG_NO_RADIUS */
  1369. } else if (os_strcmp(buf, "auth_algs") == 0) {
  1370. bss->auth_algs = atoi(pos);
  1371. if (bss->auth_algs == 0) {
  1372. wpa_printf(MSG_ERROR, "Line %d: no "
  1373. "authentication algorithms allowed",
  1374. line);
  1375. errors++;
  1376. }
  1377. } else if (os_strcmp(buf, "max_num_sta") == 0) {
  1378. bss->max_num_sta = atoi(pos);
  1379. if (bss->max_num_sta < 0 ||
  1380. bss->max_num_sta > MAX_STA_COUNT) {
  1381. wpa_printf(MSG_ERROR, "Line %d: Invalid "
  1382. "max_num_sta=%d; allowed range "
  1383. "0..%d", line, bss->max_num_sta,
  1384. MAX_STA_COUNT);
  1385. errors++;
  1386. }
  1387. } else if (os_strcmp(buf, "wpa") == 0) {
  1388. bss->wpa = atoi(pos);
  1389. } else if (os_strcmp(buf, "wpa_group_rekey") == 0) {
  1390. bss->wpa_group_rekey = atoi(pos);
  1391. } else if (os_strcmp(buf, "wpa_strict_rekey") == 0) {
  1392. bss->wpa_strict_rekey = atoi(pos);
  1393. } else if (os_strcmp(buf, "wpa_gmk_rekey") == 0) {
  1394. bss->wpa_gmk_rekey = atoi(pos);
  1395. } else if (os_strcmp(buf, "wpa_ptk_rekey") == 0) {
  1396. bss->wpa_ptk_rekey = atoi(pos);
  1397. } else if (os_strcmp(buf, "wpa_passphrase") == 0) {
  1398. int len = os_strlen(pos);
  1399. if (len < 8 || len > 63) {
  1400. wpa_printf(MSG_ERROR, "Line %d: invalid WPA "
  1401. "passphrase length %d (expected "
  1402. "8..63)", line, len);
  1403. errors++;
  1404. } else {
  1405. os_free(bss->ssid.wpa_passphrase);
  1406. bss->ssid.wpa_passphrase = os_strdup(pos);
  1407. }
  1408. } else if (os_strcmp(buf, "wpa_psk") == 0) {
  1409. os_free(bss->ssid.wpa_psk);
  1410. bss->ssid.wpa_psk =
  1411. os_zalloc(sizeof(struct hostapd_wpa_psk));
  1412. if (bss->ssid.wpa_psk == NULL)
  1413. errors++;
  1414. else if (hexstr2bin(pos, bss->ssid.wpa_psk->psk,
  1415. PMK_LEN) ||
  1416. pos[PMK_LEN * 2] != '\0') {
  1417. wpa_printf(MSG_ERROR, "Line %d: Invalid PSK "
  1418. "'%s'.", line, pos);
  1419. errors++;
  1420. } else {
  1421. bss->ssid.wpa_psk->group = 1;
  1422. }
  1423. } else if (os_strcmp(buf, "wpa_psk_file") == 0) {
  1424. os_free(bss->ssid.wpa_psk_file);
  1425. bss->ssid.wpa_psk_file = os_strdup(pos);
  1426. if (!bss->ssid.wpa_psk_file) {
  1427. wpa_printf(MSG_ERROR, "Line %d: allocation "
  1428. "failed", line);
  1429. errors++;
  1430. }
  1431. } else if (os_strcmp(buf, "wpa_key_mgmt") == 0) {
  1432. bss->wpa_key_mgmt =
  1433. hostapd_config_parse_key_mgmt(line, pos);
  1434. if (bss->wpa_key_mgmt == -1)
  1435. errors++;
  1436. } else if (os_strcmp(buf, "wpa_pairwise") == 0) {
  1437. bss->wpa_pairwise =
  1438. hostapd_config_parse_cipher(line, pos);
  1439. if (bss->wpa_pairwise == -1 ||
  1440. bss->wpa_pairwise == 0)
  1441. errors++;
  1442. else if (bss->wpa_pairwise &
  1443. (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
  1444. WPA_CIPHER_WEP104)) {
  1445. wpa_printf(MSG_ERROR, "Line %d: unsupported "
  1446. "pairwise cipher suite '%s'",
  1447. bss->wpa_pairwise, pos);
  1448. errors++;
  1449. }
  1450. } else if (os_strcmp(buf, "rsn_pairwise") == 0) {
  1451. bss->rsn_pairwise =
  1452. hostapd_config_parse_cipher(line, pos);
  1453. if (bss->rsn_pairwise == -1 ||
  1454. bss->rsn_pairwise == 0)
  1455. errors++;
  1456. else if (bss->rsn_pairwise &
  1457. (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
  1458. WPA_CIPHER_WEP104)) {
  1459. wpa_printf(MSG_ERROR, "Line %d: unsupported "
  1460. "pairwise cipher suite '%s'",
  1461. bss->rsn_pairwise, pos);
  1462. errors++;
  1463. }
  1464. #ifdef CONFIG_RSN_PREAUTH
  1465. } else if (os_strcmp(buf, "rsn_preauth") == 0) {
  1466. bss->rsn_preauth = atoi(pos);
  1467. } else if (os_strcmp(buf, "rsn_preauth_interfaces") == 0) {
  1468. bss->rsn_preauth_interfaces = os_strdup(pos);
  1469. #endif /* CONFIG_RSN_PREAUTH */
  1470. #ifdef CONFIG_PEERKEY
  1471. } else if (os_strcmp(buf, "peerkey") == 0) {
  1472. bss->peerkey = atoi(pos);
  1473. #endif /* CONFIG_PEERKEY */
  1474. #ifdef CONFIG_IEEE80211R
  1475. } else if (os_strcmp(buf, "mobility_domain") == 0) {
  1476. if (os_strlen(pos) != 2 * MOBILITY_DOMAIN_ID_LEN ||
  1477. hexstr2bin(pos, bss->mobility_domain,
  1478. MOBILITY_DOMAIN_ID_LEN) != 0) {
  1479. wpa_printf(MSG_DEBUG, "Line %d: Invalid "
  1480. "mobility_domain '%s'", line, pos);
  1481. errors++;
  1482. continue;
  1483. }
  1484. } else if (os_strcmp(buf, "r1_key_holder") == 0) {
  1485. if (os_strlen(pos) != 2 * FT_R1KH_ID_LEN ||
  1486. hexstr2bin(pos, bss->r1_key_holder,
  1487. FT_R1KH_ID_LEN) != 0) {
  1488. wpa_printf(MSG_DEBUG, "Line %d: Invalid "
  1489. "r1_key_holder '%s'", line, pos);
  1490. errors++;
  1491. continue;
  1492. }
  1493. } else if (os_strcmp(buf, "r0_key_lifetime") == 0) {
  1494. bss->r0_key_lifetime = atoi(pos);
  1495. } else if (os_strcmp(buf, "reassociation_deadline") == 0) {
  1496. bss->reassociation_deadline = atoi(pos);
  1497. } else if (os_strcmp(buf, "r0kh") == 0) {
  1498. if (add_r0kh(bss, pos) < 0) {
  1499. wpa_printf(MSG_DEBUG, "Line %d: Invalid "
  1500. "r0kh '%s'", line, pos);
  1501. errors++;
  1502. continue;
  1503. }
  1504. } else if (os_strcmp(buf, "r1kh") == 0) {
  1505. if (add_r1kh(bss, pos) < 0) {
  1506. wpa_printf(MSG_DEBUG, "Line %d: Invalid "
  1507. "r1kh '%s'", line, pos);
  1508. errors++;
  1509. continue;
  1510. }
  1511. } else if (os_strcmp(buf, "pmk_r1_push") == 0) {
  1512. bss->pmk_r1_push = atoi(pos);
  1513. } else if (os_strcmp(buf, "ft_over_ds") == 0) {
  1514. bss->ft_over_ds = atoi(pos);
  1515. #endif /* CONFIG_IEEE80211R */
  1516. #ifndef CONFIG_NO_CTRL_IFACE
  1517. } else if (os_strcmp(buf, "ctrl_interface") == 0) {
  1518. os_free(bss->ctrl_interface);
  1519. bss->ctrl_interface = os_strdup(pos);
  1520. } else if (os_strcmp(buf, "ctrl_interface_group") == 0) {
  1521. #ifndef CONFIG_NATIVE_WINDOWS
  1522. struct group *grp;
  1523. char *endp;
  1524. const char *group = pos;
  1525. grp = getgrnam(group);
  1526. if (grp) {
  1527. bss->ctrl_interface_gid = grp->gr_gid;
  1528. bss->ctrl_interface_gid_set = 1;
  1529. wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
  1530. " (from group name '%s')",
  1531. bss->ctrl_interface_gid, group);
  1532. continue;
  1533. }
  1534. /* Group name not found - try to parse this as gid */
  1535. bss->ctrl_interface_gid = strtol(group, &endp, 10);
  1536. if (*group == '\0' || *endp != '\0') {
  1537. wpa_printf(MSG_DEBUG, "Line %d: Invalid group "
  1538. "'%s'", line, group);
  1539. errors++;
  1540. continue;
  1541. }
  1542. bss->ctrl_interface_gid_set = 1;
  1543. wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
  1544. bss->ctrl_interface_gid);
  1545. #endif /* CONFIG_NATIVE_WINDOWS */
  1546. #endif /* CONFIG_NO_CTRL_IFACE */
  1547. #ifdef RADIUS_SERVER
  1548. } else if (os_strcmp(buf, "radius_server_clients") == 0) {
  1549. os_free(bss->radius_server_clients);
  1550. bss->radius_server_clients = os_strdup(pos);
  1551. } else if (os_strcmp(buf, "radius_server_auth_port") == 0) {
  1552. bss->radius_server_auth_port = atoi(pos);
  1553. } else if (os_strcmp(buf, "radius_server_ipv6") == 0) {
  1554. bss->radius_server_ipv6 = atoi(pos);
  1555. #endif /* RADIUS_SERVER */
  1556. } else if (os_strcmp(buf, "test_socket") == 0) {
  1557. os_free(bss->test_socket);
  1558. bss->test_socket = os_strdup(pos);
  1559. } else if (os_strcmp(buf, "use_pae_group_addr") == 0) {
  1560. bss->use_pae_group_addr = atoi(pos);
  1561. } else if (os_strcmp(buf, "hw_mode") == 0) {
  1562. if (os_strcmp(pos, "a") == 0)
  1563. conf->hw_mode = HOSTAPD_MODE_IEEE80211A;
  1564. else if (os_strcmp(pos, "b") == 0)
  1565. conf->hw_mode = HOSTAPD_MODE_IEEE80211B;
  1566. else if (os_strcmp(pos, "g") == 0)
  1567. conf->hw_mode = HOSTAPD_MODE_IEEE80211G;
  1568. else {
  1569. wpa_printf(MSG_ERROR, "Line %d: unknown "
  1570. "hw_mode '%s'", line, pos);
  1571. errors++;
  1572. }
  1573. } else if (os_strcmp(buf, "channel") == 0) {
  1574. conf->channel = atoi(pos);
  1575. } else if (os_strcmp(buf, "beacon_int") == 0) {
  1576. int val = atoi(pos);
  1577. /* MIB defines range as 1..65535, but very small values
  1578. * cause problems with the current implementation.
  1579. * Since it is unlikely that this small numbers are
  1580. * useful in real life scenarios, do not allow beacon
  1581. * period to be set below 15 TU. */
  1582. if (val < 15 || val > 65535) {
  1583. wpa_printf(MSG_ERROR, "Line %d: invalid "
  1584. "beacon_int %d (expected "
  1585. "15..65535)", line, val);
  1586. errors++;
  1587. } else
  1588. conf->beacon_int = val;
  1589. } else if (os_strcmp(buf, "dtim_period") == 0) {
  1590. bss->dtim_period = atoi(pos);
  1591. if (bss->dtim_period < 1 || bss->dtim_period > 255) {
  1592. wpa_printf(MSG_ERROR, "Line %d: invalid "
  1593. "dtim_period %d",
  1594. line, bss->dtim_period);
  1595. errors++;
  1596. }
  1597. } else if (os_strcmp(buf, "rts_threshold") == 0) {
  1598. conf->rts_threshold = atoi(pos);
  1599. if (conf->rts_threshold < 0 ||
  1600. conf->rts_threshold > 2347) {
  1601. wpa_printf(MSG_ERROR, "Line %d: invalid "
  1602. "rts_threshold %d",
  1603. line, conf->rts_threshold);
  1604. errors++;
  1605. }
  1606. } else if (os_strcmp(buf, "fragm_threshold") == 0) {
  1607. conf->fragm_threshold = atoi(pos);
  1608. if (conf->fragm_threshold < 256 ||
  1609. conf->fragm_threshold > 2346) {
  1610. wpa_printf(MSG_ERROR, "Line %d: invalid "
  1611. "fragm_threshold %d",
  1612. line, conf->fragm_threshold);
  1613. errors++;
  1614. }
  1615. } else if (os_strcmp(buf, "send_probe_response") == 0) {
  1616. int val = atoi(pos);
  1617. if (val != 0 && val != 1) {
  1618. wpa_printf(MSG_ERROR, "Line %d: invalid "
  1619. "send_probe_response %d (expected "
  1620. "0 or 1)", line, val);
  1621. } else
  1622. conf->send_probe_response = val;
  1623. } else if (os_strcmp(buf, "supported_rates") == 0) {
  1624. if (hostapd_parse_rates(&conf->supported_rates, pos)) {
  1625. wpa_printf(MSG_ERROR, "Line %d: invalid rate "
  1626. "list", line);
  1627. errors++;
  1628. }
  1629. } else if (os_strcmp(buf, "basic_rates") == 0) {
  1630. if (hostapd_parse_rates(&conf->basic_rates, pos)) {
  1631. wpa_printf(MSG_ERROR, "Line %d: invalid rate "
  1632. "list", line);
  1633. errors++;
  1634. }
  1635. } else if (os_strcmp(buf, "preamble") == 0) {
  1636. if (atoi(pos))
  1637. conf->preamble = SHORT_PREAMBLE;
  1638. else
  1639. conf->preamble = LONG_PREAMBLE;
  1640. } else if (os_strcmp(buf, "ignore_broadcast_ssid") == 0) {
  1641. bss->ignore_broadcast_ssid = atoi(pos);
  1642. } else if (os_strcmp(buf, "wep_default_key") == 0) {
  1643. bss->ssid.wep.idx = atoi(pos);
  1644. if (bss->ssid.wep.idx > 3) {
  1645. wpa_printf(MSG_ERROR, "Invalid "
  1646. "wep_default_key index %d",
  1647. bss->ssid.wep.idx);
  1648. errors++;
  1649. }
  1650. } else if (os_strcmp(buf, "wep_key0") == 0 ||
  1651. os_strcmp(buf, "wep_key1") == 0 ||
  1652. os_strcmp(buf, "wep_key2") == 0 ||
  1653. os_strcmp(buf, "wep_key3") == 0) {
  1654. if (hostapd_config_read_wep(&bss->ssid.wep,
  1655. buf[7] - '0', pos)) {
  1656. wpa_printf(MSG_ERROR, "Line %d: invalid WEP "
  1657. "key '%s'", line, buf);
  1658. errors++;
  1659. }
  1660. #ifndef CONFIG_NO_VLAN
  1661. } else if (os_strcmp(buf, "dynamic_vlan") == 0) {
  1662. bss->ssid.dynamic_vlan = atoi(pos);
  1663. } else if (os_strcmp(buf, "vlan_file") == 0) {
  1664. if (hostapd_config_read_vlan_file(bss, pos)) {
  1665. wpa_printf(MSG_ERROR, "Line %d: failed to "
  1666. "read VLAN file '%s'", line, pos);
  1667. errors++;
  1668. }
  1669. #ifdef CONFIG_FULL_DYNAMIC_VLAN
  1670. } else if (os_strcmp(buf, "vlan_tagged_interface") == 0) {
  1671. bss->ssid.vlan_tagged_interface = os_strdup(pos);
  1672. #endif /* CONFIG_FULL_DYNAMIC_VLAN */
  1673. #endif /* CONFIG_NO_VLAN */
  1674. } else if (os_strcmp(buf, "ap_table_max_size") == 0) {
  1675. conf->ap_table_max_size = atoi(pos);
  1676. } else if (os_strcmp(buf, "ap_table_expiration_time") == 0) {
  1677. conf->ap_table_expiration_time = atoi(pos);
  1678. } else if (os_strncmp(buf, "tx_queue_", 9) == 0) {
  1679. if (hostapd_config_tx_queue(conf, buf, pos)) {
  1680. wpa_printf(MSG_ERROR, "Line %d: invalid TX "
  1681. "queue item", line);
  1682. errors++;
  1683. }
  1684. } else if (os_strcmp(buf, "wme_enabled") == 0 ||
  1685. os_strcmp(buf, "wmm_enabled") == 0) {
  1686. bss->wmm_enabled = atoi(pos);
  1687. } else if (os_strcmp(buf, "uapsd_advertisement_enabled") == 0) {
  1688. bss->wmm_uapsd = atoi(pos);
  1689. } else if (os_strncmp(buf, "wme_ac_", 7) == 0 ||
  1690. os_strncmp(buf, "wmm_ac_", 7) == 0) {
  1691. if (hostapd_config_wmm_ac(conf, buf, pos)) {
  1692. wpa_printf(MSG_ERROR, "Line %d: invalid WMM "
  1693. "ac item", line);
  1694. errors++;
  1695. }
  1696. } else if (os_strcmp(buf, "bss") == 0) {
  1697. if (hostapd_config_bss(conf, pos)) {
  1698. wpa_printf(MSG_ERROR, "Line %d: invalid bss "
  1699. "item", line);
  1700. errors++;
  1701. }
  1702. } else if (os_strcmp(buf, "bssid") == 0) {
  1703. if (hwaddr_aton(pos, bss->bssid)) {
  1704. wpa_printf(MSG_ERROR, "Line %d: invalid bssid "
  1705. "item", line);
  1706. errors++;
  1707. }
  1708. #ifdef CONFIG_IEEE80211W
  1709. } else if (os_strcmp(buf, "ieee80211w") == 0) {
  1710. bss->ieee80211w = atoi(pos);
  1711. } else if (os_strcmp(buf, "assoc_sa_query_max_timeout") == 0) {
  1712. bss->assoc_sa_query_max_timeout = atoi(pos);
  1713. if (bss->assoc_sa_query_max_timeout == 0) {
  1714. wpa_printf(MSG_ERROR, "Line %d: invalid "
  1715. "assoc_sa_query_max_timeout", line);
  1716. errors++;
  1717. }
  1718. } else if (os_strcmp(buf, "assoc_sa_query_retry_timeout") == 0)
  1719. {
  1720. bss->assoc_sa_query_retry_timeout = atoi(pos);
  1721. if (bss->assoc_sa_query_retry_timeout == 0) {
  1722. wpa_printf(MSG_ERROR, "Line %d: invalid "
  1723. "assoc_sa_query_retry_timeout",
  1724. line);
  1725. errors++;
  1726. }
  1727. #endif /* CONFIG_IEEE80211W */
  1728. #ifdef CONFIG_IEEE80211N
  1729. } else if (os_strcmp(buf, "ieee80211n") == 0) {
  1730. conf->ieee80211n = atoi(pos);
  1731. } else if (os_strcmp(buf, "ht_capab") == 0) {
  1732. if (hostapd_config_ht_capab(conf, pos) < 0) {
  1733. wpa_printf(MSG_ERROR, "Line %d: invalid "
  1734. "ht_capab", line);
  1735. errors++;
  1736. }
  1737. } else if (os_strcmp(buf, "require_ht") == 0) {
  1738. conf->require_ht = atoi(pos);
  1739. #endif /* CONFIG_IEEE80211N */
  1740. } else if (os_strcmp(buf, "max_listen_interval") == 0) {
  1741. bss->max_listen_interval = atoi(pos);
  1742. } else if (os_strcmp(buf, "disable_pmksa_caching") == 0) {
  1743. bss->disable_pmksa_caching = atoi(pos);
  1744. } else if (os_strcmp(buf, "okc") == 0) {
  1745. bss->okc = atoi(pos);
  1746. #ifdef CONFIG_WPS
  1747. } else if (os_strcmp(buf, "wps_state") == 0) {
  1748. bss->wps_state = atoi(pos);
  1749. if (bss->wps_state < 0 || bss->wps_state > 2) {
  1750. wpa_printf(MSG_ERROR, "Line %d: invalid "
  1751. "wps_state", line);
  1752. errors++;
  1753. }
  1754. } else if (os_strcmp(buf, "ap_setup_locked") == 0) {
  1755. bss->ap_setup_locked = atoi(pos);
  1756. } else if (os_strcmp(buf, "uuid") == 0) {
  1757. if (uuid_str2bin(pos, bss->uuid)) {
  1758. wpa_printf(MSG_ERROR, "Line %d: invalid UUID",
  1759. line);
  1760. errors++;
  1761. }
  1762. } else if (os_strcmp(buf, "wps_pin_requests") == 0) {
  1763. os_free(bss->wps_pin_requests);
  1764. bss->wps_pin_requests = os_strdup(pos);
  1765. } else if (os_strcmp(buf, "device_name") == 0) {
  1766. if (os_strlen(pos) > 32) {
  1767. wpa_printf(MSG_ERROR, "Line %d: Too long "
  1768. "device_name", line);
  1769. errors++;
  1770. }
  1771. os_free(bss->device_name);
  1772. bss->device_name = os_strdup(pos);
  1773. } else if (os_strcmp(buf, "manufacturer") == 0) {
  1774. if (os_strlen(pos) > 64) {
  1775. wpa_printf(MSG_ERROR, "Line %d: Too long "
  1776. "manufacturer", line);
  1777. errors++;
  1778. }
  1779. os_free(bss->manufacturer);
  1780. bss->manufacturer = os_strdup(pos);
  1781. } else if (os_strcmp(buf, "model_name") == 0) {
  1782. if (os_strlen(pos) > 32) {
  1783. wpa_printf(MSG_ERROR, "Line %d: Too long "
  1784. "model_name", line);
  1785. errors++;
  1786. }
  1787. os_free(bss->model_name);
  1788. bss->model_name = os_strdup(pos);
  1789. } else if (os_strcmp(buf, "model_number") == 0) {
  1790. if (os_strlen(pos) > 32) {
  1791. wpa_printf(MSG_ERROR, "Line %d: Too long "
  1792. "model_number", line);
  1793. errors++;
  1794. }
  1795. os_free(bss->model_number);
  1796. bss->model_number = os_strdup(pos);
  1797. } else if (os_strcmp(buf, "serial_number") == 0) {
  1798. if (os_strlen(pos) > 32) {
  1799. wpa_printf(MSG_ERROR, "Line %d: Too long "
  1800. "serial_number", line);
  1801. errors++;
  1802. }
  1803. os_free(bss->serial_number);
  1804. bss->serial_number = os_strdup(pos);
  1805. } else if (os_strcmp(buf, "device_type") == 0) {
  1806. if (wps_dev_type_str2bin(pos, bss->device_type))
  1807. errors++;
  1808. } else if (os_strcmp(buf, "config_methods") == 0) {
  1809. os_free(bss->config_methods);
  1810. bss->config_methods = os_strdup(pos);
  1811. } else if (os_strcmp(buf, "os_version") == 0) {
  1812. if (hexstr2bin(pos, bss->os_version, 4)) {
  1813. wpa_printf(MSG_ERROR, "Line %d: invalid "
  1814. "os_version", line);
  1815. errors++;
  1816. }
  1817. } else if (os_strcmp(buf, "ap_pin") == 0) {
  1818. os_free(bss->ap_pin);
  1819. bss->ap_pin = os_strdup(pos);
  1820. } else if (os_strcmp(buf, "skip_cred_build") == 0) {
  1821. bss->skip_cred_build = atoi(pos);
  1822. } else if (os_strcmp(buf, "extra_cred") == 0) {
  1823. os_free(bss->extra_cred);
  1824. bss->extra_cred =
  1825. (u8 *) os_readfile(pos, &bss->extra_cred_len);
  1826. if (bss->extra_cred == NULL) {
  1827. wpa_printf(MSG_ERROR, "Line %d: could not "
  1828. "read Credentials from '%s'",
  1829. line, pos);
  1830. errors++;
  1831. }
  1832. } else if (os_strcmp(buf, "wps_cred_processing") == 0) {
  1833. bss->wps_cred_processing = atoi(pos);
  1834. } else if (os_strcmp(buf, "ap_settings") == 0) {
  1835. os_free(bss->ap_settings);
  1836. bss->ap_settings =
  1837. (u8 *) os_readfile(pos, &bss->ap_settings_len);
  1838. if (bss->ap_settings == NULL) {
  1839. wpa_printf(MSG_ERROR, "Line %d: could not "
  1840. "read AP Settings from '%s'",
  1841. line, pos);
  1842. errors++;
  1843. }
  1844. } else if (os_strcmp(buf, "upnp_iface") == 0) {
  1845. bss->upnp_iface = os_strdup(pos);
  1846. } else if (os_strcmp(buf, "friendly_name") == 0) {
  1847. os_free(bss->friendly_name);
  1848. bss->friendly_name = os_strdup(pos);
  1849. } else if (os_strcmp(buf, "manufacturer_url") == 0) {
  1850. os_free(bss->manufacturer_url);
  1851. bss->manufacturer_url = os_strdup(pos);
  1852. } else if (os_strcmp(buf, "model_description") == 0) {
  1853. os_free(bss->model_description);
  1854. bss->model_description = os_strdup(pos);
  1855. } else if (os_strcmp(buf, "model_url") == 0) {
  1856. os_free(bss->model_url);
  1857. bss->model_url = os_strdup(pos);
  1858. } else if (os_strcmp(buf, "upc") == 0) {
  1859. os_free(bss->upc);
  1860. bss->upc = os_strdup(pos);
  1861. } else if (os_strcmp(buf, "pbc_in_m1") == 0) {
  1862. bss->pbc_in_m1 = atoi(pos);
  1863. #endif /* CONFIG_WPS */
  1864. #ifdef CONFIG_P2P_MANAGER
  1865. } else if (os_strcmp(buf, "manage_p2p") == 0) {
  1866. int manage = atoi(pos);
  1867. if (manage)
  1868. bss->p2p |= P2P_MANAGE;
  1869. else
  1870. bss->p2p &= ~P2P_MANAGE;
  1871. } else if (os_strcmp(buf, "allow_cross_connection") == 0) {
  1872. if (atoi(pos))
  1873. bss->p2p |= P2P_ALLOW_CROSS_CONNECTION;
  1874. else
  1875. bss->p2p &= ~P2P_ALLOW_CROSS_CONNECTION;
  1876. #endif /* CONFIG_P2P_MANAGER */
  1877. } else if (os_strcmp(buf, "disassoc_low_ack") == 0) {
  1878. bss->disassoc_low_ack = atoi(pos);
  1879. } else if (os_strcmp(buf, "tdls_prohibit") == 0) {
  1880. int val = atoi(pos);
  1881. if (val)
  1882. bss->tdls |= TDLS_PROHIBIT;
  1883. else
  1884. bss->tdls &= ~TDLS_PROHIBIT;
  1885. } else if (os_strcmp(buf, "tdls_prohibit_chan_switch") == 0) {
  1886. int val = atoi(pos);
  1887. if (val)
  1888. bss->tdls |= TDLS_PROHIBIT_CHAN_SWITCH;
  1889. else
  1890. bss->tdls &= ~TDLS_PROHIBIT_CHAN_SWITCH;
  1891. #ifdef CONFIG_RSN_TESTING
  1892. } else if (os_strcmp(buf, "rsn_testing") == 0) {
  1893. extern int rsn_testing;
  1894. rsn_testing = atoi(pos);
  1895. #endif /* CONFIG_RSN_TESTING */
  1896. } else {
  1897. wpa_printf(MSG_ERROR, "Line %d: unknown configuration "
  1898. "item '%s'", line, buf);
  1899. errors++;
  1900. }
  1901. }
  1902. fclose(f);
  1903. for (i = 0; i < conf->num_bss; i++) {
  1904. bss = &conf->bss[i];
  1905. if (bss->individual_wep_key_len == 0) {
  1906. /* individual keys are not use; can use key idx0 for
  1907. * broadcast keys */
  1908. bss->broadcast_key_idx_min = 0;
  1909. }
  1910. /* Select group cipher based on the enabled pairwise cipher
  1911. * suites */
  1912. pairwise = 0;
  1913. if (bss->wpa & 1)
  1914. pairwise |= bss->wpa_pairwise;
  1915. if (bss->wpa & 2) {
  1916. if (bss->rsn_pairwise == 0)
  1917. bss->rsn_pairwise = bss->wpa_pairwise;
  1918. pairwise |= bss->rsn_pairwise;
  1919. }
  1920. if (pairwise & WPA_CIPHER_TKIP)
  1921. bss->wpa_group = WPA_CIPHER_TKIP;
  1922. else
  1923. bss->wpa_group = WPA_CIPHER_CCMP;
  1924. bss->radius->auth_server = bss->radius->auth_servers;
  1925. bss->radius->acct_server = bss->radius->acct_servers;
  1926. if (bss->wpa && bss->ieee802_1x) {
  1927. bss->ssid.security_policy = SECURITY_WPA;
  1928. } else if (bss->wpa) {
  1929. bss->ssid.security_policy = SECURITY_WPA_PSK;
  1930. } else if (bss->ieee802_1x) {
  1931. bss->ssid.security_policy = SECURITY_IEEE_802_1X;
  1932. bss->ssid.wep.default_len = bss->default_wep_key_len;
  1933. } else if (bss->ssid.wep.keys_set)
  1934. bss->ssid.security_policy = SECURITY_STATIC_WEP;
  1935. else
  1936. bss->ssid.security_policy = SECURITY_PLAINTEXT;
  1937. }
  1938. if (hostapd_config_check(conf))
  1939. errors++;
  1940. #ifndef WPA_IGNORE_CONFIG_ERRORS
  1941. if (errors) {
  1942. wpa_printf(MSG_ERROR, "%d errors found in configuration file "
  1943. "'%s'", errors, fname);
  1944. hostapd_config_free(conf);
  1945. conf = NULL;
  1946. }
  1947. #endif /* WPA_IGNORE_CONFIG_ERRORS */
  1948. return conf;
  1949. }