| /* |
| * hostapd / Initialization and configuration |
| * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> |
| * |
| * This program is free software; you can redistribute it and/or modify |
| * it under the terms of the GNU General Public License version 2 as |
| * published by the Free Software Foundation. |
| * |
| * Alternatively, this software may be distributed under the terms of BSD |
| * license. |
| * |
| * See README and COPYING for more details. |
| */ |
| |
| #include "includes.h" |
| |
| #include "eloop.h" |
| #include "hostapd.h" |
| #include "ieee802_1x.h" |
| #include "beacon.h" |
| #include "hw_features.h" |
| #include "accounting.h" |
| #include "eapol_sm.h" |
| #include "iapp.h" |
| #include "ieee802_11_defs.h" |
| #include "ieee802_11_auth.h" |
| #include "sta_info.h" |
| #include "ap_list.h" |
| #include "driver_i.h" |
| #include "radius/radius_client.h" |
| #include "radius/radius_server.h" |
| #include "wpa.h" |
| #include "preauth.h" |
| #include "vlan_init.h" |
| #include "ctrl_iface.h" |
| #include "tls.h" |
| #include "eap_server/eap_sim_db.h" |
| #include "eap_server/eap.h" |
| #include "eap_server/tncs.h" |
| #include "version.h" |
| #include "l2_packet/l2_packet.h" |
| #include "wps_hostapd.h" |
| #include "tkip_countermeasures.h" |
| |
| |
| static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity, |
| size_t identity_len, int phase2, |
| struct eap_user *user); |
| static int hostapd_flush_old_stations(struct hostapd_data *hapd); |
| static int hostapd_setup_wpa(struct hostapd_data *hapd); |
| static int hostapd_setup_encryption(char *iface, struct hostapd_data *hapd); |
| |
| extern int wpa_debug_level; |
| |
| |
| #ifdef EAP_SERVER |
| static int hostapd_sim_db_cb_sta(struct hostapd_data *hapd, |
| struct sta_info *sta, void *ctx) |
| { |
| if (eapol_auth_eap_pending_cb(sta->eapol_sm, ctx) == 0) |
| return 1; |
| return 0; |
| } |
| |
| |
| static void hostapd_sim_db_cb(void *ctx, void *session_ctx) |
| { |
| struct hostapd_data *hapd = ctx; |
| if (ap_for_each_sta(hapd, hostapd_sim_db_cb_sta, session_ctx) == 0) |
| radius_server_eap_pending_cb(hapd->radius_srv, session_ctx); |
| } |
| #endif /* EAP_SERVER */ |
| |
| |
| static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf, |
| struct wpa_auth_config *wconf) |
| { |
| wconf->wpa = conf->wpa; |
| wconf->wpa_key_mgmt = conf->wpa_key_mgmt; |
| wconf->wpa_pairwise = conf->wpa_pairwise; |
| wconf->wpa_group = conf->wpa_group; |
| wconf->wpa_group_rekey = conf->wpa_group_rekey; |
| wconf->wpa_strict_rekey = conf->wpa_strict_rekey; |
| wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey; |
| wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey; |
| wconf->rsn_pairwise = conf->rsn_pairwise; |
| wconf->rsn_preauth = conf->rsn_preauth; |
| wconf->eapol_version = conf->eapol_version; |
| wconf->peerkey = conf->peerkey; |
| wconf->wmm_enabled = conf->wmm_enabled; |
| wconf->okc = conf->okc; |
| #ifdef CONFIG_IEEE80211W |
| wconf->ieee80211w = conf->ieee80211w; |
| #endif /* CONFIG_IEEE80211W */ |
| #ifdef CONFIG_IEEE80211R |
| wconf->ssid_len = conf->ssid.ssid_len; |
| if (wconf->ssid_len > SSID_LEN) |
| wconf->ssid_len = SSID_LEN; |
| os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len); |
| os_memcpy(wconf->mobility_domain, conf->mobility_domain, |
| MOBILITY_DOMAIN_ID_LEN); |
| if (conf->nas_identifier && |
| os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) { |
| wconf->r0_key_holder_len = os_strlen(conf->nas_identifier); |
| os_memcpy(wconf->r0_key_holder, conf->nas_identifier, |
| wconf->r0_key_holder_len); |
| } |
| os_memcpy(wconf->r1_key_holder, conf->r1_key_holder, FT_R1KH_ID_LEN); |
| wconf->r0_key_lifetime = conf->r0_key_lifetime; |
| wconf->reassociation_deadline = conf->reassociation_deadline; |
| wconf->r0kh_list = conf->r0kh_list; |
| wconf->r1kh_list = conf->r1kh_list; |
| wconf->pmk_r1_push = conf->pmk_r1_push; |
| #endif /* CONFIG_IEEE80211R */ |
| } |
| |
| |
| int hostapd_reload_config(struct hostapd_iface *iface) |
| { |
| struct hostapd_data *hapd = iface->bss[0]; |
| struct hostapd_config *newconf, *oldconf; |
| struct wpa_auth_config wpa_auth_conf; |
| size_t j; |
| |
| newconf = hostapd_config_read(iface->config_fname); |
| if (newconf == NULL) |
| return -1; |
| |
| /* |
| * Deauthenticate all stations since the new configuration may not |
| * allow them to use the BSS anymore. |
| */ |
| for (j = 0; j < iface->num_bss; j++) |
| hostapd_flush_old_stations(iface->bss[j]); |
| |
| /* TODO: update dynamic data based on changed configuration |
| * items (e.g., open/close sockets, etc.) */ |
| radius_client_flush(hapd->radius, 0); |
| |
| oldconf = hapd->iconf; |
| hapd->iconf = newconf; |
| hapd->conf = &newconf->bss[0]; |
| iface->conf = newconf; |
| |
| if (hostapd_setup_wpa_psk(hapd->conf)) { |
| wpa_printf(MSG_ERROR, "Failed to re-configure WPA PSK " |
| "after reloading configuration"); |
| } |
| |
| if (hapd->conf->wpa && hapd->wpa_auth == NULL) |
| hostapd_setup_wpa(hapd); |
| else if (hapd->conf->wpa) { |
| hostapd_wpa_auth_conf(&newconf->bss[0], &wpa_auth_conf); |
| wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf); |
| } else if (hapd->wpa_auth) { |
| wpa_deinit(hapd->wpa_auth); |
| hapd->wpa_auth = NULL; |
| hostapd_set_privacy(hapd, 0); |
| hostapd_setup_encryption(hapd->conf->iface, hapd); |
| } |
| |
| ieee802_11_set_beacon(hapd); |
| |
| if (hapd->conf->ssid.ssid_set && |
| hostapd_set_ssid(hapd, (u8 *) hapd->conf->ssid.ssid, |
| hapd->conf->ssid.ssid_len)) { |
| wpa_printf(MSG_ERROR, "Could not set SSID for kernel driver"); |
| /* try to continue */ |
| } |
| |
| if (hapd->conf->ieee802_1x || hapd->conf->wpa) |
| hostapd_set_ieee8021x(hapd->conf->iface, hapd, 1); |
| |
| hostapd_config_free(oldconf); |
| |
| wpa_printf(MSG_DEBUG, "Reconfigured interface %s", hapd->conf->iface); |
| |
| return 0; |
| } |
| |
| |
| int handle_reload_iface(struct hostapd_iface *iface, void *ctx) |
| { |
| if (hostapd_reload_config(iface) < 0) { |
| wpa_printf(MSG_WARNING, "Failed to read new configuration " |
| "file - continuing with old."); |
| } |
| return 0; |
| } |
| |
| |
| #ifdef HOSTAPD_DUMP_STATE |
| /** |
| * hostapd_dump_state - SIGUSR1 handler to dump hostapd state to a text file |
| */ |
| static void hostapd_dump_state(struct hostapd_data *hapd) |
| { |
| FILE *f; |
| time_t now; |
| struct sta_info *sta; |
| int i; |
| char *buf; |
| |
| if (!hapd->conf->dump_log_name) { |
| wpa_printf(MSG_DEBUG, "Dump file not defined - ignoring dump " |
| "request"); |
| return; |
| } |
| |
| wpa_printf(MSG_DEBUG, "Dumping hostapd state to '%s'", |
| hapd->conf->dump_log_name); |
| f = fopen(hapd->conf->dump_log_name, "w"); |
| if (f == NULL) { |
| wpa_printf(MSG_WARNING, "Could not open dump file '%s' for " |
| "writing.", hapd->conf->dump_log_name); |
| return; |
| } |
| |
| time(&now); |
| fprintf(f, "hostapd state dump - %s", ctime(&now)); |
| fprintf(f, "num_sta=%d num_sta_non_erp=%d " |
| "num_sta_no_short_slot_time=%d\n" |
| "num_sta_no_short_preamble=%d\n", |
| hapd->num_sta, hapd->iface->num_sta_non_erp, |
| hapd->iface->num_sta_no_short_slot_time, |
| hapd->iface->num_sta_no_short_preamble); |
| |
| for (sta = hapd->sta_list; sta != NULL; sta = sta->next) { |
| fprintf(f, "\nSTA=" MACSTR "\n", MAC2STR(sta->addr)); |
| |
| fprintf(f, |
| " AID=%d flags=0x%x %s%s%s%s%s%s%s%s%s%s%s%s%s%s\n" |
| " capability=0x%x listen_interval=%d\n", |
| sta->aid, |
| sta->flags, |
| (sta->flags & WLAN_STA_AUTH ? "[AUTH]" : ""), |
| (sta->flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""), |
| (sta->flags & WLAN_STA_PS ? "[PS]" : ""), |
| (sta->flags & WLAN_STA_TIM ? "[TIM]" : ""), |
| (sta->flags & WLAN_STA_PERM ? "[PERM]" : ""), |
| (sta->flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : |
| ""), |
| (sta->flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" : |
| ""), |
| (sta->flags & WLAN_STA_SHORT_PREAMBLE ? |
| "[SHORT_PREAMBLE]" : ""), |
| (sta->flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""), |
| (sta->flags & WLAN_STA_WMM ? "[WMM]" : ""), |
| (sta->flags & WLAN_STA_MFP ? "[MFP]" : ""), |
| (sta->flags & WLAN_STA_WPS ? "[WPS]" : ""), |
| (sta->flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""), |
| (sta->flags & WLAN_STA_NONERP ? "[NonERP]" : ""), |
| sta->capability, |
| sta->listen_interval); |
| |
| fprintf(f, " supported_rates="); |
| for (i = 0; i < sta->supported_rates_len; i++) |
| fprintf(f, "%02x ", sta->supported_rates[i]); |
| fprintf(f, "\n"); |
| |
| fprintf(f, |
| " timeout_next=%s\n", |
| (sta->timeout_next == STA_NULLFUNC ? "NULLFUNC POLL" : |
| (sta->timeout_next == STA_DISASSOC ? "DISASSOC" : |
| "DEAUTH"))); |
| |
| ieee802_1x_dump_state(f, " ", sta); |
| } |
| |
| buf = os_malloc(4096); |
| if (buf) { |
| int count = radius_client_get_mib(hapd->radius, buf, 4096); |
| if (count < 0) |
| count = 0; |
| else if (count > 4095) |
| count = 4095; |
| buf[count] = '\0'; |
| fprintf(f, "%s", buf); |
| |
| count = radius_server_get_mib(hapd->radius_srv, buf, 4096); |
| if (count < 0) |
| count = 0; |
| else if (count > 4095) |
| count = 4095; |
| buf[count] = '\0'; |
| fprintf(f, "%s", buf); |
| os_free(buf); |
| } |
| fclose(f); |
| } |
| |
| |
| int handle_dump_state_iface(struct hostapd_iface *iface, void *ctx) |
| { |
| size_t i; |
| |
| for (i = 0; i < iface->num_bss; i++) |
| hostapd_dump_state(iface->bss[i]); |
| |
| return 0; |
| } |
| #endif /* HOSTAPD_DUMP_STATE */ |
| |
| |
| static void hostapd_broadcast_key_clear_iface(struct hostapd_data *hapd, |
| char *ifname) |
| { |
| int i; |
| |
| for (i = 0; i < NUM_WEP_KEYS; i++) { |
| if (hostapd_set_key(ifname, hapd, WPA_ALG_NONE, NULL, i, |
| i == 0 ? 1 : 0, NULL, 0, NULL, 0)) { |
| wpa_printf(MSG_DEBUG, "Failed to clear default " |
| "encryption keys (ifname=%s keyidx=%d)", |
| ifname, i); |
| } |
| } |
| #ifdef CONFIG_IEEE80211W |
| if (hapd->conf->ieee80211w) { |
| for (i = NUM_WEP_KEYS; i < NUM_WEP_KEYS + 2; i++) { |
| if (hostapd_set_key(ifname, hapd, WPA_ALG_NONE, NULL, |
| i, i == 0 ? 1 : 0, NULL, 0, |
| NULL, 0)) { |
| wpa_printf(MSG_DEBUG, "Failed to clear " |
| "default mgmt encryption keys " |
| "(ifname=%s keyidx=%d)", ifname, i); |
| } |
| } |
| } |
| #endif /* CONFIG_IEEE80211W */ |
| } |
| |
| |
| static int hostapd_broadcast_wep_clear(struct hostapd_data *hapd) |
| { |
| hostapd_broadcast_key_clear_iface(hapd, hapd->conf->iface); |
| return 0; |
| } |
| |
| |
| static int hostapd_broadcast_wep_set(struct hostapd_data *hapd) |
| { |
| int errors = 0, idx; |
| struct hostapd_ssid *ssid = &hapd->conf->ssid; |
| |
| idx = ssid->wep.idx; |
| if (ssid->wep.default_len && |
| hostapd_set_key(hapd->conf->iface, |
| hapd, WPA_ALG_WEP, NULL, idx, idx == ssid->wep.idx, |
| NULL, 0, ssid->wep.key[idx], ssid->wep.len[idx])) { |
| wpa_printf(MSG_WARNING, "Could not set WEP encryption."); |
| errors++; |
| } |
| |
| if (ssid->dyn_vlan_keys) { |
| size_t i; |
| for (i = 0; i <= ssid->max_dyn_vlan_keys; i++) { |
| const char *ifname; |
| struct hostapd_wep_keys *key = ssid->dyn_vlan_keys[i]; |
| if (key == NULL) |
| continue; |
| ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, |
| i); |
| if (ifname == NULL) |
| continue; |
| |
| idx = key->idx; |
| if (hostapd_set_key(ifname, hapd, WPA_ALG_WEP, NULL, |
| idx, idx == key->idx, NULL, 0, |
| key->key[idx], key->len[idx])) { |
| wpa_printf(MSG_WARNING, "Could not set " |
| "dynamic VLAN WEP encryption."); |
| errors++; |
| } |
| } |
| } |
| |
| return errors; |
| } |
| |
| /** |
| * hostapd_cleanup - Per-BSS cleanup (deinitialization) |
| * @hapd: Pointer to BSS data |
| * |
| * This function is used to free all per-BSS data structures and resources. |
| * This gets called in a loop for each BSS between calls to |
| * hostapd_cleanup_iface_pre() and hostapd_cleanup_iface() when an interface |
| * is deinitialized. Most of the modules that are initialized in |
| * hostapd_setup_bss() are deinitialized here. |
| */ |
| static void hostapd_cleanup(struct hostapd_data *hapd) |
| { |
| hostapd_ctrl_iface_deinit(hapd); |
| |
| iapp_deinit(hapd->iapp); |
| hapd->iapp = NULL; |
| accounting_deinit(hapd); |
| rsn_preauth_iface_deinit(hapd); |
| if (hapd->wpa_auth) { |
| wpa_deinit(hapd->wpa_auth); |
| hapd->wpa_auth = NULL; |
| |
| if (hostapd_set_privacy(hapd, 0)) { |
| wpa_printf(MSG_DEBUG, "Could not disable " |
| "PrivacyInvoked for interface %s", |
| hapd->conf->iface); |
| } |
| |
| if (hostapd_set_generic_elem(hapd, (u8 *) "", 0)) { |
| wpa_printf(MSG_DEBUG, "Could not remove generic " |
| "information element from interface %s", |
| hapd->conf->iface); |
| } |
| } |
| ieee802_1x_deinit(hapd); |
| vlan_deinit(hapd); |
| hostapd_acl_deinit(hapd); |
| radius_client_deinit(hapd->radius); |
| hapd->radius = NULL; |
| radius_server_deinit(hapd->radius_srv); |
| hapd->radius_srv = NULL; |
| |
| #ifdef CONFIG_IEEE80211R |
| l2_packet_deinit(hapd->l2); |
| #endif /* CONFIG_IEEE80211R */ |
| |
| hostapd_deinit_wps(hapd); |
| |
| #ifdef EAP_TLS_FUNCS |
| if (hapd->ssl_ctx) { |
| tls_deinit(hapd->ssl_ctx); |
| hapd->ssl_ctx = NULL; |
| } |
| #endif /* EAP_TLS_FUNCS */ |
| |
| #ifdef EAP_SERVER |
| if (hapd->eap_sim_db_priv) { |
| eap_sim_db_deinit(hapd->eap_sim_db_priv); |
| hapd->eap_sim_db_priv = NULL; |
| } |
| #endif /* EAP_SERVER */ |
| |
| if (hapd->interface_added && |
| hostapd_bss_remove(hapd, hapd->conf->iface)) { |
| wpa_printf(MSG_WARNING, "Failed to remove BSS interface %s", |
| hapd->conf->iface); |
| } |
| |
| os_free(hapd->probereq_cb); |
| hapd->probereq_cb = NULL; |
| } |
| |
| |
| /** |
| * hostapd_cleanup_iface_pre - Preliminary per-interface cleanup |
| * @iface: Pointer to interface data |
| * |
| * This function is called before per-BSS data structures are deinitialized |
| * with hostapd_cleanup(). |
| */ |
| static void hostapd_cleanup_iface_pre(struct hostapd_iface *iface) |
| { |
| } |
| |
| |
| /** |
| * hostapd_cleanup_iface - Complete per-interface cleanup |
| * @iface: Pointer to interface data |
| * |
| * This function is called after per-BSS data structures are deinitialized |
| * with hostapd_cleanup(). |
| */ |
| static void hostapd_cleanup_iface(struct hostapd_iface *iface) |
| { |
| hostapd_free_hw_features(iface->hw_features, iface->num_hw_features); |
| iface->hw_features = NULL; |
| os_free(iface->current_rates); |
| iface->current_rates = NULL; |
| ap_list_deinit(iface); |
| hostapd_config_free(iface->conf); |
| iface->conf = NULL; |
| |
| os_free(iface->config_fname); |
| os_free(iface->bss); |
| os_free(iface); |
| } |
| |
| |
| static int hostapd_setup_encryption(char *iface, struct hostapd_data *hapd) |
| { |
| int i; |
| |
| hostapd_broadcast_wep_set(hapd); |
| |
| if (hapd->conf->ssid.wep.default_len) |
| return 0; |
| |
| for (i = 0; i < 4; i++) { |
| if (hapd->conf->ssid.wep.key[i] && |
| hostapd_set_key(iface, hapd, WPA_ALG_WEP, NULL, i, |
| i == hapd->conf->ssid.wep.idx, NULL, 0, |
| hapd->conf->ssid.wep.key[i], |
| hapd->conf->ssid.wep.len[i])) { |
| wpa_printf(MSG_WARNING, "Could not set WEP " |
| "encryption."); |
| return -1; |
| } |
| if (hapd->conf->ssid.wep.key[i] && |
| i == hapd->conf->ssid.wep.idx) |
| hostapd_set_privacy(hapd, 1); |
| } |
| |
| return 0; |
| } |
| |
| |
| static int hostapd_flush_old_stations(struct hostapd_data *hapd) |
| { |
| int ret = 0; |
| |
| if (hostapd_drv_none(hapd)) |
| return 0; |
| |
| wpa_printf(MSG_DEBUG, "Flushing old station entries"); |
| if (hostapd_flush(hapd)) { |
| wpa_printf(MSG_WARNING, "Could not connect to kernel driver."); |
| ret = -1; |
| } |
| wpa_printf(MSG_DEBUG, "Deauthenticate all stations"); |
| |
| /* New Prism2.5/3 STA firmware versions seem to have issues with this |
| * broadcast deauth frame. This gets the firmware in odd state where |
| * nothing works correctly, so let's skip sending this for the hostap |
| * driver. */ |
| if (hapd->driver && os_strcmp(hapd->driver->name, "hostap") != 0) { |
| u8 addr[ETH_ALEN]; |
| os_memset(addr, 0xff, ETH_ALEN); |
| hostapd_sta_deauth(hapd, addr, |
| WLAN_REASON_PREV_AUTH_NOT_VALID); |
| } |
| |
| return ret; |
| } |
| |
| |
| static void hostapd_wpa_auth_logger(void *ctx, const u8 *addr, |
| logger_level level, const char *txt) |
| { |
| #ifndef CONFIG_NO_HOSTAPD_LOGGER |
| struct hostapd_data *hapd = ctx; |
| int hlevel; |
| |
| switch (level) { |
| case LOGGER_WARNING: |
| hlevel = HOSTAPD_LEVEL_WARNING; |
| break; |
| case LOGGER_INFO: |
| hlevel = HOSTAPD_LEVEL_INFO; |
| break; |
| case LOGGER_DEBUG: |
| default: |
| hlevel = HOSTAPD_LEVEL_DEBUG; |
| break; |
| } |
| |
| hostapd_logger(hapd, addr, HOSTAPD_MODULE_WPA, hlevel, "%s", txt); |
| #endif /* CONFIG_NO_HOSTAPD_LOGGER */ |
| } |
| |
| |
| static void hostapd_wpa_auth_disconnect(void *ctx, const u8 *addr, |
| u16 reason) |
| { |
| struct hostapd_data *hapd = ctx; |
| struct sta_info *sta; |
| |
| wpa_printf(MSG_DEBUG, "%s: WPA authenticator requests disconnect: " |
| "STA " MACSTR " reason %d", |
| __func__, MAC2STR(addr), reason); |
| |
| sta = ap_get_sta(hapd, addr); |
| hostapd_sta_deauth(hapd, addr, reason); |
| if (sta == NULL) |
| return; |
| sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_AUTHORIZED); |
| eloop_cancel_timeout(ap_handle_timer, hapd, sta); |
| eloop_register_timeout(0, 0, ap_handle_timer, hapd, sta); |
| sta->timeout_next = STA_REMOVE; |
| } |
| |
| |
| static void hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr) |
| { |
| struct hostapd_data *hapd = ctx; |
| michael_mic_failure(hapd, addr, 0); |
| } |
| |
| |
| static void hostapd_wpa_auth_set_eapol(void *ctx, const u8 *addr, |
| wpa_eapol_variable var, int value) |
| { |
| struct hostapd_data *hapd = ctx; |
| struct sta_info *sta = ap_get_sta(hapd, addr); |
| if (sta == NULL) |
| return; |
| switch (var) { |
| case WPA_EAPOL_portEnabled: |
| ieee802_1x_notify_port_enabled(sta->eapol_sm, value); |
| break; |
| case WPA_EAPOL_portValid: |
| ieee802_1x_notify_port_valid(sta->eapol_sm, value); |
| break; |
| case WPA_EAPOL_authorized: |
| ieee802_1x_set_sta_authorized(hapd, sta, value); |
| break; |
| case WPA_EAPOL_portControl_Auto: |
| if (sta->eapol_sm) |
| sta->eapol_sm->portControl = Auto; |
| break; |
| case WPA_EAPOL_keyRun: |
| if (sta->eapol_sm) |
| sta->eapol_sm->keyRun = value ? TRUE : FALSE; |
| break; |
| case WPA_EAPOL_keyAvailable: |
| if (sta->eapol_sm) |
| sta->eapol_sm->eap_if->eapKeyAvailable = |
| value ? TRUE : FALSE; |
| break; |
| case WPA_EAPOL_keyDone: |
| if (sta->eapol_sm) |
| sta->eapol_sm->keyDone = value ? TRUE : FALSE; |
| break; |
| case WPA_EAPOL_inc_EapolFramesTx: |
| if (sta->eapol_sm) |
| sta->eapol_sm->dot1xAuthEapolFramesTx++; |
| break; |
| } |
| } |
| |
| |
| static int hostapd_wpa_auth_get_eapol(void *ctx, const u8 *addr, |
| wpa_eapol_variable var) |
| { |
| struct hostapd_data *hapd = ctx; |
| struct sta_info *sta = ap_get_sta(hapd, addr); |
| if (sta == NULL || sta->eapol_sm == NULL) |
| return -1; |
| switch (var) { |
| case WPA_EAPOL_keyRun: |
| return sta->eapol_sm->keyRun; |
| case WPA_EAPOL_keyAvailable: |
| return sta->eapol_sm->eap_if->eapKeyAvailable; |
| default: |
| return -1; |
| } |
| } |
| |
| |
| static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr, |
| const u8 *prev_psk) |
| { |
| struct hostapd_data *hapd = ctx; |
| return hostapd_get_psk(hapd->conf, addr, prev_psk); |
| } |
| |
| |
| static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk, |
| size_t *len) |
| { |
| struct hostapd_data *hapd = ctx; |
| const u8 *key; |
| size_t keylen; |
| struct sta_info *sta; |
| |
| sta = ap_get_sta(hapd, addr); |
| if (sta == NULL) |
| return -1; |
| |
| key = ieee802_1x_get_key(sta->eapol_sm, &keylen); |
| if (key == NULL) |
| return -1; |
| |
| if (keylen > *len) |
| keylen = *len; |
| os_memcpy(msk, key, keylen); |
| *len = keylen; |
| |
| return 0; |
| } |
| |
| |
| static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, wpa_alg alg, |
| const u8 *addr, int idx, u8 *key, |
| size_t key_len) |
| { |
| struct hostapd_data *hapd = ctx; |
| const char *ifname = hapd->conf->iface; |
| |
| if (vlan_id > 0) { |
| ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id); |
| if (ifname == NULL) |
| return -1; |
| } |
| |
| return hostapd_set_key(ifname, hapd, alg, addr, idx, 1, NULL, 0, |
| key, key_len); |
| } |
| |
| |
| static int hostapd_wpa_auth_get_seqnum(void *ctx, const u8 *addr, int idx, |
| u8 *seq) |
| { |
| struct hostapd_data *hapd = ctx; |
| return hostapd_get_seqnum(hapd->conf->iface, hapd, addr, idx, seq); |
| } |
| |
| |
| static int hostapd_wpa_auth_get_seqnum_igtk(void *ctx, const u8 *addr, int idx, |
| u8 *seq) |
| { |
| struct hostapd_data *hapd = ctx; |
| return hostapd_get_seqnum_igtk(hapd->conf->iface, hapd, addr, idx, |
| seq); |
| } |
| |
| |
| static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr, |
| const u8 *data, size_t data_len, |
| int encrypt) |
| { |
| struct hostapd_data *hapd = ctx; |
| return hostapd_send_eapol(hapd, addr, data, data_len, encrypt); |
| } |
| |
| |
| static int hostapd_wpa_auth_for_each_sta( |
| void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx), |
| void *cb_ctx) |
| { |
| struct hostapd_data *hapd = ctx; |
| struct sta_info *sta; |
| |
| for (sta = hapd->sta_list; sta; sta = sta->next) { |
| if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx)) |
| return 1; |
| } |
| return 0; |
| } |
| |
| |
| struct wpa_auth_iface_iter_data { |
| int (*cb)(struct wpa_authenticator *sm, void *ctx); |
| void *cb_ctx; |
| }; |
| |
| static int wpa_auth_iface_iter(struct hostapd_iface *iface, void *ctx) |
| { |
| struct wpa_auth_iface_iter_data *data = ctx; |
| size_t i; |
| for (i = 0; i < iface->num_bss; i++) { |
| if (data->cb(iface->bss[i]->wpa_auth, data->cb_ctx)) |
| return 1; |
| } |
| return 0; |
| } |
| |
| |
| static int hostapd_wpa_auth_for_each_auth( |
| void *ctx, int (*cb)(struct wpa_authenticator *sm, void *ctx), |
| void *cb_ctx) |
| { |
| struct wpa_auth_iface_iter_data data; |
| data.cb = cb; |
| data.cb_ctx = cb_ctx; |
| return hostapd_for_each_interface(wpa_auth_iface_iter, &data); |
| } |
| |
| |
| static int hostapd_wpa_auth_send_ether(void *ctx, const u8 *dst, u16 proto, |
| const u8 *data, size_t data_len) |
| { |
| struct hostapd_data *hapd = ctx; |
| |
| if (hapd->driver && hapd->driver->send_ether) |
| return hapd->driver->send_ether(hapd->drv_priv, dst, |
| hapd->own_addr, proto, |
| data, data_len); |
| if (hapd->l2 == NULL) |
| return -1; |
| return l2_packet_send(hapd->l2, dst, proto, data, data_len); |
| } |
| |
| |
| #ifdef CONFIG_IEEE80211R |
| |
| static int hostapd_wpa_auth_send_ft_action(void *ctx, const u8 *dst, |
| const u8 *data, size_t data_len) |
| { |
| struct hostapd_data *hapd = ctx; |
| int res; |
| struct ieee80211_mgmt *m; |
| size_t mlen; |
| struct sta_info *sta; |
| |
| sta = ap_get_sta(hapd, dst); |
| if (sta == NULL || sta->wpa_sm == NULL) |
| return -1; |
| |
| m = os_zalloc(sizeof(*m) + data_len); |
| if (m == NULL) |
| return -1; |
| mlen = ((u8 *) &m->u - (u8 *) m) + data_len; |
| m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, |
| WLAN_FC_STYPE_ACTION); |
| os_memcpy(m->da, dst, ETH_ALEN); |
| os_memcpy(m->sa, hapd->own_addr, ETH_ALEN); |
| os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN); |
| os_memcpy(&m->u, data, data_len); |
| |
| res = hostapd_send_mgmt_frame(hapd, (u8 *) m, mlen); |
| os_free(m); |
| return res; |
| } |
| |
| |
| static struct wpa_state_machine * |
| hostapd_wpa_auth_add_sta(void *ctx, const u8 *sta_addr) |
| { |
| struct hostapd_data *hapd = ctx; |
| struct sta_info *sta; |
| |
| sta = ap_sta_add(hapd, sta_addr); |
| if (sta == NULL) |
| return NULL; |
| if (sta->wpa_sm) |
| return sta->wpa_sm; |
| |
| sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr); |
| if (sta->wpa_sm == NULL) { |
| ap_free_sta(hapd, sta); |
| return NULL; |
| } |
| sta->auth_alg = WLAN_AUTH_FT; |
| |
| return sta->wpa_sm; |
| } |
| |
| |
| static void hostapd_rrb_receive(void *ctx, const u8 *src_addr, const u8 *buf, |
| size_t len) |
| { |
| struct hostapd_data *hapd = ctx; |
| wpa_ft_rrb_rx(hapd->wpa_auth, src_addr, buf, len); |
| } |
| |
| #endif /* CONFIG_IEEE80211R */ |
| |
| |
| /** |
| * hostapd_validate_bssid_configuration - Validate BSSID configuration |
| * @iface: Pointer to interface data |
| * Returns: 0 on success, -1 on failure |
| * |
| * This function is used to validate that the configured BSSIDs are valid. |
| */ |
| static int hostapd_validate_bssid_configuration(struct hostapd_iface *iface) |
| { |
| u8 mask[ETH_ALEN] = { 0 }; |
| struct hostapd_data *hapd = iface->bss[0]; |
| unsigned int i = iface->conf->num_bss, bits = 0, j; |
| int res; |
| int auto_addr = 0; |
| |
| if (hostapd_drv_none(hapd)) |
| return 0; |
| |
| /* Generate BSSID mask that is large enough to cover the BSSIDs. */ |
| |
| /* Determine the bits necessary to cover the number of BSSIDs. */ |
| for (i--; i; i >>= 1) |
| bits++; |
| |
| /* Determine the bits necessary to any configured BSSIDs, |
| if they are higher than the number of BSSIDs. */ |
| for (j = 0; j < iface->conf->num_bss; j++) { |
| if (hostapd_mac_comp_empty(iface->conf->bss[j].bssid) == 0) { |
| if (j) |
| auto_addr++; |
| continue; |
| } |
| |
| for (i = 0; i < ETH_ALEN; i++) { |
| mask[i] |= |
| iface->conf->bss[j].bssid[i] ^ |
| hapd->own_addr[i]; |
| } |
| } |
| |
| if (!auto_addr) |
| goto skip_mask_ext; |
| |
| for (i = 0; i < ETH_ALEN && mask[i] == 0; i++) |
| ; |
| j = 0; |
| if (i < ETH_ALEN) { |
| j = (5 - i) * 8; |
| |
| while (mask[i] != 0) { |
| mask[i] >>= 1; |
| j++; |
| } |
| } |
| |
| if (bits < j) |
| bits = j; |
| |
| if (bits > 40) { |
| wpa_printf(MSG_ERROR, "Too many bits in the BSSID mask (%u)", |
| bits); |
| return -1; |
| } |
| |
| os_memset(mask, 0xff, ETH_ALEN); |
| j = bits / 8; |
| for (i = 5; i > 5 - j; i--) |
| mask[i] = 0; |
| j = bits % 8; |
| while (j--) |
| mask[i] <<= 1; |
| |
| skip_mask_ext: |
| wpa_printf(MSG_DEBUG, "BSS count %lu, BSSID mask " MACSTR " (%d bits)", |
| (unsigned long) iface->conf->num_bss, MAC2STR(mask), bits); |
| |
| res = hostapd_valid_bss_mask(hapd, hapd->own_addr, mask); |
| if (res == 0) |
| return 0; |
| |
| if (res < 0) { |
| wpa_printf(MSG_ERROR, "Driver did not accept BSSID mask " |
| MACSTR " for start address " MACSTR ".", |
| MAC2STR(mask), MAC2STR(hapd->own_addr)); |
| return -1; |
| } |
| |
| if (!auto_addr) |
| return 0; |
| |
| for (i = 0; i < ETH_ALEN; i++) { |
| if ((hapd->own_addr[i] & mask[i]) != hapd->own_addr[i]) { |
| wpa_printf(MSG_ERROR, "Invalid BSSID mask " MACSTR |
| " for start address " MACSTR ".", |
| MAC2STR(mask), MAC2STR(hapd->own_addr)); |
| wpa_printf(MSG_ERROR, "Start address must be the " |
| "first address in the block (i.e., addr " |
| "AND mask == addr)."); |
| return -1; |
| } |
| } |
| |
| return 0; |
| } |
| |
| |
| static int mac_in_conf(struct hostapd_config *conf, const void *a) |
| { |
| size_t i; |
| |
| for (i = 0; i < conf->num_bss; i++) { |
| if (hostapd_mac_comp(conf->bss[i].bssid, a) == 0) { |
| return 1; |
| } |
| } |
| |
| return 0; |
| } |
| |
| |
| static int hostapd_setup_wpa(struct hostapd_data *hapd) |
| { |
| struct wpa_auth_config _conf; |
| struct wpa_auth_callbacks cb; |
| const u8 *wpa_ie; |
| size_t wpa_ie_len; |
| |
| hostapd_wpa_auth_conf(hapd->conf, &_conf); |
| os_memset(&cb, 0, sizeof(cb)); |
| cb.ctx = hapd; |
| cb.logger = hostapd_wpa_auth_logger; |
| cb.disconnect = hostapd_wpa_auth_disconnect; |
| cb.mic_failure_report = hostapd_wpa_auth_mic_failure_report; |
| cb.set_eapol = hostapd_wpa_auth_set_eapol; |
| cb.get_eapol = hostapd_wpa_auth_get_eapol; |
| cb.get_psk = hostapd_wpa_auth_get_psk; |
| cb.get_msk = hostapd_wpa_auth_get_msk; |
| cb.set_key = hostapd_wpa_auth_set_key; |
| cb.get_seqnum = hostapd_wpa_auth_get_seqnum; |
| cb.get_seqnum_igtk = hostapd_wpa_auth_get_seqnum_igtk; |
| cb.send_eapol = hostapd_wpa_auth_send_eapol; |
| cb.for_each_sta = hostapd_wpa_auth_for_each_sta; |
| cb.for_each_auth = hostapd_wpa_auth_for_each_auth; |
| cb.send_ether = hostapd_wpa_auth_send_ether; |
| #ifdef CONFIG_IEEE80211R |
| cb.send_ft_action = hostapd_wpa_auth_send_ft_action; |
| cb.add_sta = hostapd_wpa_auth_add_sta; |
| #endif /* CONFIG_IEEE80211R */ |
| hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb); |
| if (hapd->wpa_auth == NULL) { |
| wpa_printf(MSG_ERROR, "WPA initialization failed."); |
| return -1; |
| } |
| |
| if (hostapd_set_privacy(hapd, 1)) { |
| wpa_printf(MSG_ERROR, "Could not set PrivacyInvoked " |
| "for interface %s", hapd->conf->iface); |
| return -1; |
| } |
| |
| wpa_ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &wpa_ie_len); |
| if (hostapd_set_generic_elem(hapd, wpa_ie, wpa_ie_len)) { |
| wpa_printf(MSG_ERROR, "Failed to configure WPA IE for " |
| "the kernel driver."); |
| return -1; |
| } |
| |
| if (rsn_preauth_iface_init(hapd)) { |
| wpa_printf(MSG_ERROR, "Initialization of RSN " |
| "pre-authentication failed."); |
| return -1; |
| } |
| |
| return 0; |
| |
| } |
| |
| |
| static int hostapd_setup_radius_srv(struct hostapd_data *hapd, |
| struct hostapd_bss_config *conf) |
| { |
| struct radius_server_conf srv; |
| os_memset(&srv, 0, sizeof(srv)); |
| srv.client_file = conf->radius_server_clients; |
| srv.auth_port = conf->radius_server_auth_port; |
| srv.conf_ctx = conf; |
| srv.eap_sim_db_priv = hapd->eap_sim_db_priv; |
| srv.ssl_ctx = hapd->ssl_ctx; |
| srv.pac_opaque_encr_key = conf->pac_opaque_encr_key; |
| srv.eap_fast_a_id = conf->eap_fast_a_id; |
| srv.eap_fast_a_id_len = conf->eap_fast_a_id_len; |
| srv.eap_fast_a_id_info = conf->eap_fast_a_id_info; |
| srv.eap_fast_prov = conf->eap_fast_prov; |
| srv.pac_key_lifetime = conf->pac_key_lifetime; |
| srv.pac_key_refresh_time = conf->pac_key_refresh_time; |
| srv.eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind; |
| srv.tnc = conf->tnc; |
| srv.wps = hapd->wps; |
| srv.ipv6 = conf->radius_server_ipv6; |
| srv.get_eap_user = hostapd_radius_get_eap_user; |
| srv.eap_req_id_text = conf->eap_req_id_text; |
| srv.eap_req_id_text_len = conf->eap_req_id_text_len; |
| |
| hapd->radius_srv = radius_server_init(&srv); |
| if (hapd->radius_srv == NULL) { |
| wpa_printf(MSG_ERROR, "RADIUS server initialization failed."); |
| return -1; |
| } |
| |
| return 0; |
| } |
| |
| |
| /** |
| * hostapd_setup_bss - Per-BSS setup (initialization) |
| * @hapd: Pointer to BSS data |
| * @first: Whether this BSS is the first BSS of an interface |
| * |
| * This function is used to initialize all per-BSS data structures and |
| * resources. This gets called in a loop for each BSS when an interface is |
| * initialized. Most of the modules that are initialized here will be |
| * deinitialized in hostapd_cleanup(). |
| */ |
| static int hostapd_setup_bss(struct hostapd_data *hapd, int first) |
| { |
| struct hostapd_bss_config *conf = hapd->conf; |
| u8 ssid[HOSTAPD_MAX_SSID_LEN + 1]; |
| int ssid_len, set_ssid; |
| |
| if (!first) { |
| if (hostapd_mac_comp_empty(hapd->conf->bssid) == 0) { |
| /* Allocate the next available BSSID. */ |
| do { |
| inc_byte_array(hapd->own_addr, ETH_ALEN); |
| } while (mac_in_conf(hapd->iconf, hapd->own_addr)); |
| } else { |
| /* Allocate the configured BSSID. */ |
| os_memcpy(hapd->own_addr, hapd->conf->bssid, ETH_ALEN); |
| |
| if (hostapd_mac_comp(hapd->own_addr, |
| hapd->iface->bss[0]->own_addr) == |
| 0) { |
| wpa_printf(MSG_ERROR, "BSS '%s' may not have " |
| "BSSID set to the MAC address of " |
| "the radio", hapd->conf->iface); |
| return -1; |
| } |
| } |
| |
| hapd->interface_added = 1; |
| if (hostapd_bss_add(hapd->iface->bss[0], hapd->conf->iface, |
| hapd->own_addr)) { |
| wpa_printf(MSG_ERROR, "Failed to add BSS (BSSID=" |
| MACSTR ")", MAC2STR(hapd->own_addr)); |
| return -1; |
| } |
| } |
| |
| hostapd_flush_old_stations(hapd); |
| hostapd_set_privacy(hapd, 0); |
| |
| hostapd_broadcast_wep_clear(hapd); |
| if (hostapd_setup_encryption(hapd->conf->iface, hapd)) |
| return -1; |
| |
| /* |
| * Fetch the SSID from the system and use it or, |
| * if one was specified in the config file, verify they |
| * match. |
| */ |
| ssid_len = hostapd_get_ssid(hapd, ssid, sizeof(ssid)); |
| if (ssid_len < 0) { |
| wpa_printf(MSG_ERROR, "Could not read SSID from system"); |
| return -1; |
| } |
| if (conf->ssid.ssid_set) { |
| /* |
| * If SSID is specified in the config file and it differs |
| * from what is being used then force installation of the |
| * new SSID. |
| */ |
| set_ssid = (conf->ssid.ssid_len != (size_t) ssid_len || |
| os_memcmp(conf->ssid.ssid, ssid, ssid_len) != 0); |
| } else { |
| /* |
| * No SSID in the config file; just use the one we got |
| * from the system. |
| */ |
| set_ssid = 0; |
| conf->ssid.ssid_len = ssid_len; |
| os_memcpy(conf->ssid.ssid, ssid, conf->ssid.ssid_len); |
| conf->ssid.ssid[conf->ssid.ssid_len] = '\0'; |
| } |
| |
| if (!hostapd_drv_none(hapd)) { |
| wpa_printf(MSG_ERROR, "Using interface %s with hwaddr " MACSTR |
| " and ssid '%s'", |
| hapd->conf->iface, MAC2STR(hapd->own_addr), |
| hapd->conf->ssid.ssid); |
| } |
| |
| if (hostapd_setup_wpa_psk(conf)) { |
| wpa_printf(MSG_ERROR, "WPA-PSK setup failed."); |
| return -1; |
| } |
| |
| /* Set SSID for the kernel driver (to be used in beacon and probe |
| * response frames) */ |
| if (set_ssid && hostapd_set_ssid(hapd, (u8 *) conf->ssid.ssid, |
| conf->ssid.ssid_len)) { |
| wpa_printf(MSG_ERROR, "Could not set SSID for kernel driver"); |
| return -1; |
| } |
| |
| if (wpa_debug_level == MSG_MSGDUMP) |
| conf->radius->msg_dumps = 1; |
| hapd->radius = radius_client_init(hapd, conf->radius); |
| if (hapd->radius == NULL) { |
| wpa_printf(MSG_ERROR, "RADIUS client initialization failed."); |
| return -1; |
| } |
| |
| if (hostapd_acl_init(hapd)) { |
| wpa_printf(MSG_ERROR, "ACL initialization failed."); |
| return -1; |
| } |
| if (hostapd_init_wps(hapd, conf)) |
| return -1; |
| |
| if (ieee802_1x_init(hapd)) { |
| wpa_printf(MSG_ERROR, "IEEE 802.1X initialization failed."); |
| return -1; |
| } |
| |
| if (hapd->conf->wpa && hostapd_setup_wpa(hapd)) |
| return -1; |
| |
| if (accounting_init(hapd)) { |
| wpa_printf(MSG_ERROR, "Accounting initialization failed."); |
| return -1; |
| } |
| |
| if (hapd->conf->ieee802_11f && |
| (hapd->iapp = iapp_init(hapd, hapd->conf->iapp_iface)) == NULL) { |
| wpa_printf(MSG_ERROR, "IEEE 802.11F (IAPP) initialization " |
| "failed."); |
| return -1; |
| } |
| |
| if (hostapd_ctrl_iface_init(hapd)) { |
| wpa_printf(MSG_ERROR, "Failed to setup control interface"); |
| return -1; |
| } |
| |
| if (!hostapd_drv_none(hapd) && vlan_init(hapd)) { |
| wpa_printf(MSG_ERROR, "VLAN initialization failed."); |
| return -1; |
| } |
| |
| #ifdef CONFIG_IEEE80211R |
| if (!hostapd_drv_none(hapd)) { |
| hapd->l2 = l2_packet_init(hapd->conf->iface, NULL, ETH_P_RRB, |
| hostapd_rrb_receive, hapd, 0); |
| if (hapd->l2 == NULL && |
| (hapd->driver == NULL || |
| hapd->driver->send_ether == NULL)) { |
| wpa_printf(MSG_ERROR, "Failed to open l2_packet " |
| "interface"); |
| return -1; |
| } |
| } |
| #endif /* CONFIG_IEEE80211R */ |
| |
| ieee802_11_set_beacon(hapd); |
| |
| if (conf->radius_server_clients && |
| hostapd_setup_radius_srv(hapd, conf)) |
| return -1; |
| |
| return 0; |
| } |
| |
| |
| static void hostapd_tx_queue_params(struct hostapd_iface *iface) |
| { |
| struct hostapd_data *hapd = iface->bss[0]; |
| int i; |
| struct hostapd_tx_queue_params *p; |
| |
| for (i = 0; i < NUM_TX_QUEUES; i++) { |
| p = &iface->conf->tx_queue[i]; |
| |
| if (!p->configured) |
| continue; |
| |
| if (hostapd_set_tx_queue_params(hapd, i, p->aifs, p->cwmin, |
| p->cwmax, p->burst)) { |
| wpa_printf(MSG_DEBUG, "Failed to set TX queue " |
| "parameters for queue %d.", i); |
| /* Continue anyway */ |
| } |
| } |
| } |
| |
| |
| static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity, |
| size_t identity_len, int phase2, |
| struct eap_user *user) |
| { |
| const struct hostapd_eap_user *eap_user; |
| int i, count; |
| |
| eap_user = hostapd_get_eap_user(ctx, identity, identity_len, phase2); |
| if (eap_user == NULL) |
| return -1; |
| |
| if (user == NULL) |
| return 0; |
| |
| os_memset(user, 0, sizeof(*user)); |
| count = EAP_USER_MAX_METHODS; |
| if (count > EAP_MAX_METHODS) |
| count = EAP_MAX_METHODS; |
| for (i = 0; i < count; i++) { |
| user->methods[i].vendor = eap_user->methods[i].vendor; |
| user->methods[i].method = eap_user->methods[i].method; |
| } |
| |
| if (eap_user->password) { |
| user->password = os_malloc(eap_user->password_len); |
| if (user->password == NULL) |
| return -1; |
| os_memcpy(user->password, eap_user->password, |
| eap_user->password_len); |
| user->password_len = eap_user->password_len; |
| user->password_hash = eap_user->password_hash; |
| } |
| user->force_version = eap_user->force_version; |
| user->ttls_auth = eap_user->ttls_auth; |
| |
| return 0; |
| } |
| |
| |
| static int setup_interface(struct hostapd_iface *iface) |
| { |
| struct hostapd_data *hapd = iface->bss[0]; |
| struct hostapd_bss_config *conf = hapd->conf; |
| size_t i; |
| char country[4]; |
| u8 *b = conf->bssid; |
| |
| /* |
| * Initialize the driver interface and make sure that all BSSes get |
| * configured with a pointer to this driver interface. |
| */ |
| if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5])) |
| b = NULL; |
| hapd->drv_priv = hostapd_driver_init(hapd, b); |
| |
| if (hapd->drv_priv == NULL) { |
| wpa_printf(MSG_ERROR, "%s driver initialization failed.", |
| hapd->driver ? hapd->driver->name : "Unknown"); |
| hapd->driver = NULL; |
| return -1; |
| } |
| for (i = 0; i < iface->num_bss; i++) { |
| iface->bss[i]->driver = hapd->driver; |
| iface->bss[i]->drv_priv = hapd->drv_priv; |
| } |
| |
| if (hostapd_driver_set_mode(hapd, IEEE80211_MODE_AP)) { |
| wpa_printf(MSG_ERROR, "Failed to set driver in AP mode"); |
| return -1; |
| } |
| |
| if (hostapd_validate_bssid_configuration(iface)) |
| return -1; |
| |
| #ifdef CONFIG_IEEE80211N |
| SET_2BIT_LE16(&iface->ht_op_mode, |
| HT_INFO_OPERATION_MODE_OP_MODE_OFFSET, |
| OP_MODE_PURE); |
| #endif /* CONFIG_IEEE80211N */ |
| |
| if (hapd->iconf->country[0] && hapd->iconf->country[1]) { |
| os_memcpy(country, hapd->iconf->country, 3); |
| country[3] = '\0'; |
| if (hostapd_set_country(hapd, country) < 0) { |
| wpa_printf(MSG_ERROR, "Failed to set country code"); |
| return -1; |
| } |
| } |
| |
| if (hapd->iconf->bridge_packets != INTERNAL_BRIDGE_DO_NOT_CONTROL && |
| hostapd_set_internal_bridge(hapd, hapd->iconf->bridge_packets)) { |
| wpa_printf(MSG_ERROR, "Failed to set bridge_packets for " |
| "kernel driver"); |
| return -1; |
| } |
| |
| if (hostapd_get_hw_features(iface)) { |
| /* Not all drivers support this yet, so continue without hw |
| * feature data. */ |
| } else { |
| int ret = hostapd_select_hw_mode(iface); |
| if (ret < 0) { |
| wpa_printf(MSG_ERROR, "Could not select hw_mode and " |
| "channel. (%d)", ret); |
| return -1; |
| } |
| ret = hostapd_check_ht_capab(iface); |
| if (ret < 0) |
| return -1; |
| if (ret == 1) { |
| wpa_printf(MSG_DEBUG, "Interface initialization will " |
| "be completed in a callback"); |
| return 0; |
| } |
| } |
| return hostapd_setup_interface_complete(iface, 0); |
| } |
| |
| |
| int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err) |
| { |
| struct hostapd_data *hapd = iface->bss[0]; |
| int freq; |
| size_t j; |
| u8 *prev_addr; |
| |
| if (err) { |
| wpa_printf(MSG_ERROR, "Interface initialization failed"); |
| eloop_terminate(); |
| return -1; |
| } |
| |
| wpa_printf(MSG_DEBUG, "Completing interface initialization"); |
| if (hapd->iconf->channel) { |
| freq = hostapd_hw_get_freq(hapd, hapd->iconf->channel); |
| wpa_printf(MSG_DEBUG, "Mode: %s Channel: %d " |
| "Frequency: %d MHz", |
| hostapd_hw_mode_txt(hapd->iconf->hw_mode), |
| hapd->iconf->channel, freq); |
| |
| if (hostapd_set_freq(hapd, hapd->iconf->hw_mode, freq, |
| hapd->iconf->channel, |
| hapd->iconf->ieee80211n, |
| hapd->iconf->secondary_channel)) { |
| wpa_printf(MSG_ERROR, "Could not set channel for " |
| "kernel driver"); |
| return -1; |
| } |
| } |
| |
| hostapd_set_beacon_int(hapd, hapd->iconf->beacon_int); |
| |
| if (hapd->iconf->rts_threshold > -1 && |
| hostapd_set_rts(hapd, hapd->iconf->rts_threshold)) { |
| wpa_printf(MSG_ERROR, "Could not set RTS threshold for " |
| "kernel driver"); |
| return -1; |
| } |
| |
| if (hapd->iconf->fragm_threshold > -1 && |
| hostapd_set_frag(hapd, hapd->iconf->fragm_threshold)) { |
| wpa_printf(MSG_ERROR, "Could not set fragmentation threshold " |
| "for kernel driver"); |
| return -1; |
| } |
| |
| prev_addr = hapd->own_addr; |
| |
| for (j = 0; j < iface->num_bss; j++) { |
| hapd = iface->bss[j]; |
| if (j) |
| os_memcpy(hapd->own_addr, prev_addr, ETH_ALEN); |
| if (hostapd_setup_bss(hapd, j == 0)) |
| return -1; |
| if (hostapd_mac_comp_empty(hapd->conf->bssid) == 0) |
| prev_addr = hapd->own_addr; |
| } |
| |
| hostapd_tx_queue_params(iface); |
| |
| ap_list_init(iface); |
| |
| if (hostapd_driver_commit(hapd) < 0) { |
| wpa_printf(MSG_ERROR, "%s: Failed to commit driver " |
| "configuration", __func__); |
| return -1; |
| } |
| |
| wpa_printf(MSG_DEBUG, "%s: Setup of interface done.", |
| iface->bss[0]->conf->iface); |
| |
| return 0; |
| } |
| |
| |
| /** |
| * hostapd_setup_interface - Setup of an interface |
| * @iface: Pointer to interface data. |
| * Returns: 0 on success, -1 on failure |
| * |
| * Initializes the driver interface, validates the configuration, |
| * and sets driver parameters based on the configuration. |
| * Flushes old stations, sets the channel, encryption, |
| * beacons, and WDS links based on the configuration. |
| */ |
| int hostapd_setup_interface(struct hostapd_iface *iface) |
| { |
| int ret; |
| |
| ret = setup_interface(iface); |
| if (ret) { |
| wpa_printf(MSG_DEBUG, "%s: Unable to setup interface.", |
| iface->bss[0]->conf->iface); |
| eloop_terminate(); |
| return -1; |
| } |
| |
| return 0; |
| } |
| |
| |
| /** |
| * hostapd_alloc_bss_data - Allocate and initialize per-BSS data |
| * @hapd_iface: Pointer to interface data |
| * @conf: Pointer to per-interface configuration |
| * @bss: Pointer to per-BSS configuration for this BSS |
| * Returns: Pointer to allocated BSS data |
| * |
| * This function is used to allocate per-BSS data structure. This data will be |
| * freed after hostapd_cleanup() is called for it during interface |
| * deinitialization. |
| */ |
| struct hostapd_data * |
| hostapd_alloc_bss_data(struct hostapd_iface *hapd_iface, |
| struct hostapd_config *conf, |
| struct hostapd_bss_config *bss) |
| { |
| struct hostapd_data *hapd; |
| |
| hapd = os_zalloc(sizeof(*hapd)); |
| if (hapd == NULL) |
| return NULL; |
| |
| hapd->iconf = conf; |
| hapd->conf = bss; |
| hapd->iface = hapd_iface; |
| |
| #ifdef EAP_TLS_FUNCS |
| if (hapd->conf->eap_server && |
| (hapd->conf->ca_cert || hapd->conf->server_cert || |
| hapd->conf->dh_file)) { |
| struct tls_connection_params params; |
| |
| hapd->ssl_ctx = tls_init(NULL); |
| if (hapd->ssl_ctx == NULL) { |
| wpa_printf(MSG_ERROR, "Failed to initialize TLS"); |
| goto fail; |
| } |
| |
| os_memset(¶ms, 0, sizeof(params)); |
| params.ca_cert = hapd->conf->ca_cert; |
| params.client_cert = hapd->conf->server_cert; |
| params.private_key = hapd->conf->private_key; |
| params.private_key_passwd = hapd->conf->private_key_passwd; |
| params.dh_file = hapd->conf->dh_file; |
| |
| if (tls_global_set_params(hapd->ssl_ctx, ¶ms)) { |
| wpa_printf(MSG_ERROR, "Failed to set TLS parameters"); |
| goto fail; |
| } |
| |
| if (tls_global_set_verify(hapd->ssl_ctx, |
| hapd->conf->check_crl)) { |
| wpa_printf(MSG_ERROR, "Failed to enable check_crl"); |
| goto fail; |
| } |
| } |
| #endif /* EAP_TLS_FUNCS */ |
| |
| #ifdef EAP_SERVER |
| if (hapd->conf->eap_sim_db) { |
| hapd->eap_sim_db_priv = |
| eap_sim_db_init(hapd->conf->eap_sim_db, |
| hostapd_sim_db_cb, hapd); |
| if (hapd->eap_sim_db_priv == NULL) { |
| wpa_printf(MSG_ERROR, "Failed to initialize EAP-SIM " |
| "database interface"); |
| goto fail; |
| } |
| } |
| #endif /* EAP_SERVER */ |
| |
| hapd->driver = hapd->iconf->driver; |
| |
| return hapd; |
| |
| #if defined(EAP_TLS_FUNCS) || defined(EAP_SERVER) |
| fail: |
| #endif |
| /* TODO: cleanup allocated resources(?) */ |
| os_free(hapd); |
| return NULL; |
| } |
| |
| |
| void hostapd_interface_deinit(struct hostapd_iface *iface) |
| { |
| size_t j; |
| |
| if (iface == NULL) |
| return; |
| |
| hostapd_cleanup_iface_pre(iface); |
| for (j = 0; j < iface->num_bss; j++) { |
| struct hostapd_data *hapd = iface->bss[j]; |
| hostapd_free_stas(hapd); |
| hostapd_flush_old_stations(hapd); |
| hostapd_cleanup(hapd); |
| if (j == iface->num_bss - 1 && hapd->driver) |
| hostapd_driver_deinit(hapd); |
| } |
| for (j = 0; j < iface->num_bss; j++) |
| os_free(iface->bss[j]); |
| hostapd_cleanup_iface(iface); |
| } |
| |
| |
| int hostapd_register_probereq_cb(struct hostapd_data *hapd, |
| void (*cb)(void *ctx, const u8 *sa, |
| const u8 *ie, size_t ie_len), |
| void *ctx) |
| { |
| struct hostapd_probereq_cb *n; |
| |
| n = os_realloc(hapd->probereq_cb, (hapd->num_probereq_cb + 1) * |
| sizeof(struct hostapd_probereq_cb)); |
| if (n == NULL) |
| return -1; |
| |
| hapd->probereq_cb = n; |
| n = &hapd->probereq_cb[hapd->num_probereq_cb]; |
| hapd->num_probereq_cb++; |
| |
| n->cb = cb; |
| n->ctx = ctx; |
| |
| return 0; |
| } |