mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 08:48:31 -05:00
9c6d8e1db5
Since we have the channel number, we could as well pass it to the driver wrapper should there be drivers that use channel number instead of frequency.
1588 lines
40 KiB
C
1588 lines
40 KiB
C
/*
|
|
* hostapd / Initialization and configuration
|
|
* Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* Alternatively, this software may be distributed under the terms of BSD
|
|
* license.
|
|
*
|
|
* See README and COPYING for more details.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
|
|
#include "eloop.h"
|
|
#include "hostapd.h"
|
|
#include "ieee802_1x.h"
|
|
#include "beacon.h"
|
|
#include "hw_features.h"
|
|
#include "accounting.h"
|
|
#include "eapol_sm.h"
|
|
#include "iapp.h"
|
|
#include "ieee802_11_defs.h"
|
|
#include "ieee802_11_auth.h"
|
|
#include "sta_info.h"
|
|
#include "ap_list.h"
|
|
#include "driver_i.h"
|
|
#include "radius/radius_client.h"
|
|
#include "radius/radius_server.h"
|
|
#include "wpa.h"
|
|
#include "preauth.h"
|
|
#include "vlan_init.h"
|
|
#include "ctrl_iface.h"
|
|
#include "tls.h"
|
|
#include "eap_server/eap_sim_db.h"
|
|
#include "eap_server/eap.h"
|
|
#include "eap_server/tncs.h"
|
|
#include "version.h"
|
|
#include "l2_packet/l2_packet.h"
|
|
#include "wps_hostapd.h"
|
|
#include "tkip_countermeasures.h"
|
|
|
|
|
|
static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
|
|
size_t identity_len, int phase2,
|
|
struct eap_user *user);
|
|
static int hostapd_flush_old_stations(struct hostapd_data *hapd);
|
|
static int hostapd_setup_wpa(struct hostapd_data *hapd);
|
|
static int hostapd_setup_encryption(char *iface, struct hostapd_data *hapd);
|
|
|
|
extern int wpa_debug_level;
|
|
|
|
|
|
#ifdef EAP_SERVER
|
|
static int hostapd_sim_db_cb_sta(struct hostapd_data *hapd,
|
|
struct sta_info *sta, void *ctx)
|
|
{
|
|
if (eapol_auth_eap_pending_cb(sta->eapol_sm, ctx) == 0)
|
|
return 1;
|
|
return 0;
|
|
}
|
|
|
|
|
|
static void hostapd_sim_db_cb(void *ctx, void *session_ctx)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
if (ap_for_each_sta(hapd, hostapd_sim_db_cb_sta, session_ctx) == 0)
|
|
radius_server_eap_pending_cb(hapd->radius_srv, session_ctx);
|
|
}
|
|
#endif /* EAP_SERVER */
|
|
|
|
|
|
static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
|
|
struct wpa_auth_config *wconf)
|
|
{
|
|
wconf->wpa = conf->wpa;
|
|
wconf->wpa_key_mgmt = conf->wpa_key_mgmt;
|
|
wconf->wpa_pairwise = conf->wpa_pairwise;
|
|
wconf->wpa_group = conf->wpa_group;
|
|
wconf->wpa_group_rekey = conf->wpa_group_rekey;
|
|
wconf->wpa_strict_rekey = conf->wpa_strict_rekey;
|
|
wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey;
|
|
wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey;
|
|
wconf->rsn_pairwise = conf->rsn_pairwise;
|
|
wconf->rsn_preauth = conf->rsn_preauth;
|
|
wconf->eapol_version = conf->eapol_version;
|
|
wconf->peerkey = conf->peerkey;
|
|
wconf->wmm_enabled = conf->wmm_enabled;
|
|
wconf->okc = conf->okc;
|
|
#ifdef CONFIG_IEEE80211W
|
|
wconf->ieee80211w = conf->ieee80211w;
|
|
#endif /* CONFIG_IEEE80211W */
|
|
#ifdef CONFIG_IEEE80211R
|
|
wconf->ssid_len = conf->ssid.ssid_len;
|
|
if (wconf->ssid_len > SSID_LEN)
|
|
wconf->ssid_len = SSID_LEN;
|
|
os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len);
|
|
os_memcpy(wconf->mobility_domain, conf->mobility_domain,
|
|
MOBILITY_DOMAIN_ID_LEN);
|
|
if (conf->nas_identifier &&
|
|
os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) {
|
|
wconf->r0_key_holder_len = os_strlen(conf->nas_identifier);
|
|
os_memcpy(wconf->r0_key_holder, conf->nas_identifier,
|
|
wconf->r0_key_holder_len);
|
|
}
|
|
os_memcpy(wconf->r1_key_holder, conf->r1_key_holder, FT_R1KH_ID_LEN);
|
|
wconf->r0_key_lifetime = conf->r0_key_lifetime;
|
|
wconf->reassociation_deadline = conf->reassociation_deadline;
|
|
wconf->r0kh_list = conf->r0kh_list;
|
|
wconf->r1kh_list = conf->r1kh_list;
|
|
wconf->pmk_r1_push = conf->pmk_r1_push;
|
|
#endif /* CONFIG_IEEE80211R */
|
|
}
|
|
|
|
|
|
int hostapd_reload_config(struct hostapd_iface *iface)
|
|
{
|
|
struct hostapd_data *hapd = iface->bss[0];
|
|
struct hostapd_config *newconf, *oldconf;
|
|
struct wpa_auth_config wpa_auth_conf;
|
|
|
|
newconf = hostapd_config_read(iface->config_fname);
|
|
if (newconf == NULL)
|
|
return -1;
|
|
|
|
/*
|
|
* Deauthenticate all stations since the new configuration may not
|
|
* allow them to use the BSS anymore.
|
|
*/
|
|
hostapd_flush_old_stations(hapd);
|
|
|
|
/* TODO: update dynamic data based on changed configuration
|
|
* items (e.g., open/close sockets, etc.) */
|
|
radius_client_flush(hapd->radius, 0);
|
|
|
|
oldconf = hapd->iconf;
|
|
hapd->iconf = newconf;
|
|
hapd->conf = &newconf->bss[0];
|
|
iface->conf = newconf;
|
|
|
|
if (hostapd_setup_wpa_psk(hapd->conf)) {
|
|
wpa_printf(MSG_ERROR, "Failed to re-configure WPA PSK "
|
|
"after reloading configuration");
|
|
}
|
|
|
|
if (hapd->conf->wpa && hapd->wpa_auth == NULL)
|
|
hostapd_setup_wpa(hapd);
|
|
else if (hapd->conf->wpa) {
|
|
hostapd_wpa_auth_conf(&newconf->bss[0], &wpa_auth_conf);
|
|
wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf);
|
|
} else if (hapd->wpa_auth) {
|
|
wpa_deinit(hapd->wpa_auth);
|
|
hapd->wpa_auth = NULL;
|
|
hostapd_set_privacy(hapd, 0);
|
|
hostapd_setup_encryption(hapd->conf->iface, hapd);
|
|
}
|
|
|
|
ieee802_11_set_beacon(hapd);
|
|
|
|
if (hapd->conf->ssid.ssid_set &&
|
|
hostapd_set_ssid(hapd, (u8 *) hapd->conf->ssid.ssid,
|
|
hapd->conf->ssid.ssid_len)) {
|
|
wpa_printf(MSG_ERROR, "Could not set SSID for kernel driver");
|
|
/* try to continue */
|
|
}
|
|
|
|
if (hapd->conf->ieee802_1x || hapd->conf->wpa)
|
|
hostapd_set_ieee8021x(hapd->conf->iface, hapd, 1);
|
|
|
|
hostapd_config_free(oldconf);
|
|
|
|
wpa_printf(MSG_DEBUG, "Reconfigured interface %s", hapd->conf->iface);
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
int handle_reload_iface(struct hostapd_iface *iface, void *ctx)
|
|
{
|
|
if (hostapd_reload_config(iface) < 0) {
|
|
wpa_printf(MSG_WARNING, "Failed to read new configuration "
|
|
"file - continuing with old.");
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
|
|
#ifdef HOSTAPD_DUMP_STATE
|
|
/**
|
|
* hostapd_dump_state - SIGUSR1 handler to dump hostapd state to a text file
|
|
*/
|
|
static void hostapd_dump_state(struct hostapd_data *hapd)
|
|
{
|
|
FILE *f;
|
|
time_t now;
|
|
struct sta_info *sta;
|
|
int i;
|
|
char *buf;
|
|
|
|
if (!hapd->conf->dump_log_name) {
|
|
wpa_printf(MSG_DEBUG, "Dump file not defined - ignoring dump "
|
|
"request");
|
|
return;
|
|
}
|
|
|
|
wpa_printf(MSG_DEBUG, "Dumping hostapd state to '%s'",
|
|
hapd->conf->dump_log_name);
|
|
f = fopen(hapd->conf->dump_log_name, "w");
|
|
if (f == NULL) {
|
|
wpa_printf(MSG_WARNING, "Could not open dump file '%s' for "
|
|
"writing.", hapd->conf->dump_log_name);
|
|
return;
|
|
}
|
|
|
|
time(&now);
|
|
fprintf(f, "hostapd state dump - %s", ctime(&now));
|
|
fprintf(f, "num_sta=%d num_sta_non_erp=%d "
|
|
"num_sta_no_short_slot_time=%d\n"
|
|
"num_sta_no_short_preamble=%d\n",
|
|
hapd->num_sta, hapd->iface->num_sta_non_erp,
|
|
hapd->iface->num_sta_no_short_slot_time,
|
|
hapd->iface->num_sta_no_short_preamble);
|
|
|
|
for (sta = hapd->sta_list; sta != NULL; sta = sta->next) {
|
|
fprintf(f, "\nSTA=" MACSTR "\n", MAC2STR(sta->addr));
|
|
|
|
fprintf(f,
|
|
" AID=%d flags=0x%x %s%s%s%s%s%s%s%s%s%s%s%s%s%s\n"
|
|
" capability=0x%x listen_interval=%d\n",
|
|
sta->aid,
|
|
sta->flags,
|
|
(sta->flags & WLAN_STA_AUTH ? "[AUTH]" : ""),
|
|
(sta->flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""),
|
|
(sta->flags & WLAN_STA_PS ? "[PS]" : ""),
|
|
(sta->flags & WLAN_STA_TIM ? "[TIM]" : ""),
|
|
(sta->flags & WLAN_STA_PERM ? "[PERM]" : ""),
|
|
(sta->flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" :
|
|
""),
|
|
(sta->flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" :
|
|
""),
|
|
(sta->flags & WLAN_STA_SHORT_PREAMBLE ?
|
|
"[SHORT_PREAMBLE]" : ""),
|
|
(sta->flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""),
|
|
(sta->flags & WLAN_STA_WMM ? "[WMM]" : ""),
|
|
(sta->flags & WLAN_STA_MFP ? "[MFP]" : ""),
|
|
(sta->flags & WLAN_STA_WPS ? "[WPS]" : ""),
|
|
(sta->flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""),
|
|
(sta->flags & WLAN_STA_NONERP ? "[NonERP]" : ""),
|
|
sta->capability,
|
|
sta->listen_interval);
|
|
|
|
fprintf(f, " supported_rates=");
|
|
for (i = 0; i < sta->supported_rates_len; i++)
|
|
fprintf(f, "%02x ", sta->supported_rates[i]);
|
|
fprintf(f, "\n");
|
|
|
|
fprintf(f,
|
|
" timeout_next=%s\n",
|
|
(sta->timeout_next == STA_NULLFUNC ? "NULLFUNC POLL" :
|
|
(sta->timeout_next == STA_DISASSOC ? "DISASSOC" :
|
|
"DEAUTH")));
|
|
|
|
ieee802_1x_dump_state(f, " ", sta);
|
|
}
|
|
|
|
buf = os_malloc(4096);
|
|
if (buf) {
|
|
int count = radius_client_get_mib(hapd->radius, buf, 4096);
|
|
if (count < 0)
|
|
count = 0;
|
|
else if (count > 4095)
|
|
count = 4095;
|
|
buf[count] = '\0';
|
|
fprintf(f, "%s", buf);
|
|
|
|
count = radius_server_get_mib(hapd->radius_srv, buf, 4096);
|
|
if (count < 0)
|
|
count = 0;
|
|
else if (count > 4095)
|
|
count = 4095;
|
|
buf[count] = '\0';
|
|
fprintf(f, "%s", buf);
|
|
os_free(buf);
|
|
}
|
|
fclose(f);
|
|
}
|
|
|
|
|
|
int handle_dump_state_iface(struct hostapd_iface *iface, void *ctx)
|
|
{
|
|
size_t i;
|
|
|
|
for (i = 0; i < iface->num_bss; i++)
|
|
hostapd_dump_state(iface->bss[i]);
|
|
|
|
return 0;
|
|
}
|
|
#endif /* HOSTAPD_DUMP_STATE */
|
|
|
|
|
|
static void hostapd_broadcast_key_clear_iface(struct hostapd_data *hapd,
|
|
char *ifname)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < NUM_WEP_KEYS; i++) {
|
|
if (hostapd_set_key(ifname, hapd, WPA_ALG_NONE, NULL, i,
|
|
i == 0 ? 1 : 0, NULL, 0, NULL, 0)) {
|
|
wpa_printf(MSG_DEBUG, "Failed to clear default "
|
|
"encryption keys (ifname=%s keyidx=%d)",
|
|
ifname, i);
|
|
}
|
|
}
|
|
#ifdef CONFIG_IEEE80211W
|
|
if (hapd->conf->ieee80211w) {
|
|
for (i = NUM_WEP_KEYS; i < NUM_WEP_KEYS + 2; i++) {
|
|
if (hostapd_set_key(ifname, hapd, WPA_ALG_NONE, NULL,
|
|
i, i == 0 ? 1 : 0, NULL, 0,
|
|
NULL, 0)) {
|
|
wpa_printf(MSG_DEBUG, "Failed to clear "
|
|
"default mgmt encryption keys "
|
|
"(ifname=%s keyidx=%d)", ifname, i);
|
|
}
|
|
}
|
|
}
|
|
#endif /* CONFIG_IEEE80211W */
|
|
}
|
|
|
|
|
|
static int hostapd_broadcast_wep_clear(struct hostapd_data *hapd)
|
|
{
|
|
hostapd_broadcast_key_clear_iface(hapd, hapd->conf->iface);
|
|
return 0;
|
|
}
|
|
|
|
|
|
static int hostapd_broadcast_wep_set(struct hostapd_data *hapd)
|
|
{
|
|
int errors = 0, idx;
|
|
struct hostapd_ssid *ssid = &hapd->conf->ssid;
|
|
|
|
idx = ssid->wep.idx;
|
|
if (ssid->wep.default_len &&
|
|
hostapd_set_key(hapd->conf->iface,
|
|
hapd, WPA_ALG_WEP, NULL, idx, idx == ssid->wep.idx,
|
|
NULL, 0, ssid->wep.key[idx], ssid->wep.len[idx])) {
|
|
wpa_printf(MSG_WARNING, "Could not set WEP encryption.");
|
|
errors++;
|
|
}
|
|
|
|
if (ssid->dyn_vlan_keys) {
|
|
size_t i;
|
|
for (i = 0; i <= ssid->max_dyn_vlan_keys; i++) {
|
|
const char *ifname;
|
|
struct hostapd_wep_keys *key = ssid->dyn_vlan_keys[i];
|
|
if (key == NULL)
|
|
continue;
|
|
ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan,
|
|
i);
|
|
if (ifname == NULL)
|
|
continue;
|
|
|
|
idx = key->idx;
|
|
if (hostapd_set_key(ifname, hapd, WPA_ALG_WEP, NULL,
|
|
idx, idx == key->idx, NULL, 0,
|
|
key->key[idx], key->len[idx])) {
|
|
wpa_printf(MSG_WARNING, "Could not set "
|
|
"dynamic VLAN WEP encryption.");
|
|
errors++;
|
|
}
|
|
}
|
|
}
|
|
|
|
return errors;
|
|
}
|
|
|
|
/**
|
|
* hostapd_cleanup - Per-BSS cleanup (deinitialization)
|
|
* @hapd: Pointer to BSS data
|
|
*
|
|
* This function is used to free all per-BSS data structures and resources.
|
|
* This gets called in a loop for each BSS between calls to
|
|
* hostapd_cleanup_iface_pre() and hostapd_cleanup_iface() when an interface
|
|
* is deinitialized. Most of the modules that are initialized in
|
|
* hostapd_setup_bss() are deinitialized here.
|
|
*/
|
|
static void hostapd_cleanup(struct hostapd_data *hapd)
|
|
{
|
|
hostapd_ctrl_iface_deinit(hapd);
|
|
|
|
os_free(hapd->default_wep_key);
|
|
hapd->default_wep_key = NULL;
|
|
iapp_deinit(hapd->iapp);
|
|
hapd->iapp = NULL;
|
|
accounting_deinit(hapd);
|
|
rsn_preauth_iface_deinit(hapd);
|
|
if (hapd->wpa_auth) {
|
|
wpa_deinit(hapd->wpa_auth);
|
|
hapd->wpa_auth = NULL;
|
|
|
|
if (hostapd_set_privacy(hapd, 0)) {
|
|
wpa_printf(MSG_DEBUG, "Could not disable "
|
|
"PrivacyInvoked for interface %s",
|
|
hapd->conf->iface);
|
|
}
|
|
|
|
if (hostapd_set_generic_elem(hapd, (u8 *) "", 0)) {
|
|
wpa_printf(MSG_DEBUG, "Could not remove generic "
|
|
"information element from interface %s",
|
|
hapd->conf->iface);
|
|
}
|
|
}
|
|
ieee802_1x_deinit(hapd);
|
|
vlan_deinit(hapd);
|
|
hostapd_acl_deinit(hapd);
|
|
radius_client_deinit(hapd->radius);
|
|
hapd->radius = NULL;
|
|
radius_server_deinit(hapd->radius_srv);
|
|
hapd->radius_srv = NULL;
|
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
l2_packet_deinit(hapd->l2);
|
|
#endif /* CONFIG_IEEE80211R */
|
|
|
|
hostapd_deinit_wps(hapd);
|
|
|
|
hostapd_wireless_event_deinit(hapd);
|
|
|
|
#ifdef EAP_TLS_FUNCS
|
|
if (hapd->ssl_ctx) {
|
|
tls_deinit(hapd->ssl_ctx);
|
|
hapd->ssl_ctx = NULL;
|
|
}
|
|
#endif /* EAP_TLS_FUNCS */
|
|
|
|
#ifdef EAP_SERVER
|
|
if (hapd->eap_sim_db_priv) {
|
|
eap_sim_db_deinit(hapd->eap_sim_db_priv);
|
|
hapd->eap_sim_db_priv = NULL;
|
|
}
|
|
#endif /* EAP_SERVER */
|
|
|
|
if (hapd->interface_added &&
|
|
hostapd_bss_remove(hapd, hapd->conf->iface)) {
|
|
wpa_printf(MSG_WARNING, "Failed to remove BSS interface %s",
|
|
hapd->conf->iface);
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* hostapd_cleanup_iface_pre - Preliminary per-interface cleanup
|
|
* @iface: Pointer to interface data
|
|
*
|
|
* This function is called before per-BSS data structures are deinitialized
|
|
* with hostapd_cleanup().
|
|
*/
|
|
static void hostapd_cleanup_iface_pre(struct hostapd_iface *iface)
|
|
{
|
|
}
|
|
|
|
|
|
/**
|
|
* hostapd_cleanup_iface - Complete per-interface cleanup
|
|
* @iface: Pointer to interface data
|
|
*
|
|
* This function is called after per-BSS data structures are deinitialized
|
|
* with hostapd_cleanup().
|
|
*/
|
|
static void hostapd_cleanup_iface(struct hostapd_iface *iface)
|
|
{
|
|
hostapd_free_hw_features(iface->hw_features, iface->num_hw_features);
|
|
iface->hw_features = NULL;
|
|
os_free(iface->current_rates);
|
|
iface->current_rates = NULL;
|
|
ap_list_deinit(iface);
|
|
hostapd_config_free(iface->conf);
|
|
iface->conf = NULL;
|
|
|
|
os_free(iface->config_fname);
|
|
os_free(iface->bss);
|
|
os_free(iface);
|
|
}
|
|
|
|
|
|
static int hostapd_setup_encryption(char *iface, struct hostapd_data *hapd)
|
|
{
|
|
int i;
|
|
|
|
hostapd_broadcast_wep_set(hapd);
|
|
|
|
if (hapd->conf->ssid.wep.default_len)
|
|
return 0;
|
|
|
|
for (i = 0; i < 4; i++) {
|
|
if (hapd->conf->ssid.wep.key[i] &&
|
|
hostapd_set_key(iface, hapd, WPA_ALG_WEP, NULL, i,
|
|
i == hapd->conf->ssid.wep.idx, NULL, 0,
|
|
hapd->conf->ssid.wep.key[i],
|
|
hapd->conf->ssid.wep.len[i])) {
|
|
wpa_printf(MSG_WARNING, "Could not set WEP "
|
|
"encryption.");
|
|
return -1;
|
|
}
|
|
if (hapd->conf->ssid.wep.key[i] &&
|
|
i == hapd->conf->ssid.wep.idx)
|
|
hostapd_set_privacy(hapd, 1);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
static int hostapd_flush_old_stations(struct hostapd_data *hapd)
|
|
{
|
|
int ret = 0;
|
|
|
|
if (hostapd_drv_none(hapd))
|
|
return 0;
|
|
|
|
wpa_printf(MSG_DEBUG, "Flushing old station entries");
|
|
if (hostapd_flush(hapd)) {
|
|
wpa_printf(MSG_WARNING, "Could not connect to kernel driver.");
|
|
ret = -1;
|
|
}
|
|
wpa_printf(MSG_DEBUG, "Deauthenticate all stations");
|
|
|
|
/* New Prism2.5/3 STA firmware versions seem to have issues with this
|
|
* broadcast deauth frame. This gets the firmware in odd state where
|
|
* nothing works correctly, so let's skip sending this for the hostap
|
|
* driver. */
|
|
if (hapd->driver && os_strcmp(hapd->driver->name, "hostap") != 0) {
|
|
u8 addr[ETH_ALEN];
|
|
os_memset(addr, 0xff, ETH_ALEN);
|
|
hostapd_sta_deauth(hapd, addr,
|
|
WLAN_REASON_PREV_AUTH_NOT_VALID);
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
|
|
static void hostapd_wpa_auth_logger(void *ctx, const u8 *addr,
|
|
logger_level level, const char *txt)
|
|
{
|
|
#ifndef CONFIG_NO_HOSTAPD_LOGGER
|
|
struct hostapd_data *hapd = ctx;
|
|
int hlevel;
|
|
|
|
switch (level) {
|
|
case LOGGER_WARNING:
|
|
hlevel = HOSTAPD_LEVEL_WARNING;
|
|
break;
|
|
case LOGGER_INFO:
|
|
hlevel = HOSTAPD_LEVEL_INFO;
|
|
break;
|
|
case LOGGER_DEBUG:
|
|
default:
|
|
hlevel = HOSTAPD_LEVEL_DEBUG;
|
|
break;
|
|
}
|
|
|
|
hostapd_logger(hapd, addr, HOSTAPD_MODULE_WPA, hlevel, "%s", txt);
|
|
#endif /* CONFIG_NO_HOSTAPD_LOGGER */
|
|
}
|
|
|
|
|
|
static void hostapd_wpa_auth_disconnect(void *ctx, const u8 *addr,
|
|
u16 reason)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
struct sta_info *sta;
|
|
|
|
wpa_printf(MSG_DEBUG, "%s: WPA authenticator requests disconnect: "
|
|
"STA " MACSTR " reason %d",
|
|
__func__, MAC2STR(addr), reason);
|
|
|
|
sta = ap_get_sta(hapd, addr);
|
|
hostapd_sta_deauth(hapd, addr, reason);
|
|
if (sta == NULL)
|
|
return;
|
|
sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_AUTHORIZED);
|
|
eloop_cancel_timeout(ap_handle_timer, hapd, sta);
|
|
eloop_register_timeout(0, 0, ap_handle_timer, hapd, sta);
|
|
sta->timeout_next = STA_REMOVE;
|
|
}
|
|
|
|
|
|
static void hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
michael_mic_failure(hapd, addr, 0);
|
|
}
|
|
|
|
|
|
static void hostapd_wpa_auth_set_eapol(void *ctx, const u8 *addr,
|
|
wpa_eapol_variable var, int value)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
struct sta_info *sta = ap_get_sta(hapd, addr);
|
|
if (sta == NULL)
|
|
return;
|
|
switch (var) {
|
|
case WPA_EAPOL_portEnabled:
|
|
ieee802_1x_notify_port_enabled(sta->eapol_sm, value);
|
|
break;
|
|
case WPA_EAPOL_portValid:
|
|
ieee802_1x_notify_port_valid(sta->eapol_sm, value);
|
|
break;
|
|
case WPA_EAPOL_authorized:
|
|
ieee802_1x_set_sta_authorized(hapd, sta, value);
|
|
break;
|
|
case WPA_EAPOL_portControl_Auto:
|
|
if (sta->eapol_sm)
|
|
sta->eapol_sm->portControl = Auto;
|
|
break;
|
|
case WPA_EAPOL_keyRun:
|
|
if (sta->eapol_sm)
|
|
sta->eapol_sm->keyRun = value ? TRUE : FALSE;
|
|
break;
|
|
case WPA_EAPOL_keyAvailable:
|
|
if (sta->eapol_sm)
|
|
sta->eapol_sm->eap_if->eapKeyAvailable =
|
|
value ? TRUE : FALSE;
|
|
break;
|
|
case WPA_EAPOL_keyDone:
|
|
if (sta->eapol_sm)
|
|
sta->eapol_sm->keyDone = value ? TRUE : FALSE;
|
|
break;
|
|
case WPA_EAPOL_inc_EapolFramesTx:
|
|
if (sta->eapol_sm)
|
|
sta->eapol_sm->dot1xAuthEapolFramesTx++;
|
|
break;
|
|
}
|
|
}
|
|
|
|
|
|
static int hostapd_wpa_auth_get_eapol(void *ctx, const u8 *addr,
|
|
wpa_eapol_variable var)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
struct sta_info *sta = ap_get_sta(hapd, addr);
|
|
if (sta == NULL || sta->eapol_sm == NULL)
|
|
return -1;
|
|
switch (var) {
|
|
case WPA_EAPOL_keyRun:
|
|
return sta->eapol_sm->keyRun;
|
|
case WPA_EAPOL_keyAvailable:
|
|
return sta->eapol_sm->eap_if->eapKeyAvailable;
|
|
default:
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
|
|
static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
|
|
const u8 *prev_psk)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
return hostapd_get_psk(hapd->conf, addr, prev_psk);
|
|
}
|
|
|
|
|
|
static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
|
|
size_t *len)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
const u8 *key;
|
|
size_t keylen;
|
|
struct sta_info *sta;
|
|
|
|
sta = ap_get_sta(hapd, addr);
|
|
if (sta == NULL)
|
|
return -1;
|
|
|
|
key = ieee802_1x_get_key(sta->eapol_sm, &keylen);
|
|
if (key == NULL)
|
|
return -1;
|
|
|
|
if (keylen > *len)
|
|
keylen = *len;
|
|
os_memcpy(msk, key, keylen);
|
|
*len = keylen;
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, wpa_alg alg,
|
|
const u8 *addr, int idx, u8 *key,
|
|
size_t key_len)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
const char *ifname = hapd->conf->iface;
|
|
|
|
if (vlan_id > 0) {
|
|
ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id);
|
|
if (ifname == NULL)
|
|
return -1;
|
|
}
|
|
|
|
return hostapd_set_key(ifname, hapd, alg, addr, idx, 1, NULL, 0,
|
|
key, key_len);
|
|
}
|
|
|
|
|
|
static int hostapd_wpa_auth_get_seqnum(void *ctx, const u8 *addr, int idx,
|
|
u8 *seq)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
return hostapd_get_seqnum(hapd->conf->iface, hapd, addr, idx, seq);
|
|
}
|
|
|
|
|
|
static int hostapd_wpa_auth_get_seqnum_igtk(void *ctx, const u8 *addr, int idx,
|
|
u8 *seq)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
return hostapd_get_seqnum_igtk(hapd->conf->iface, hapd, addr, idx,
|
|
seq);
|
|
}
|
|
|
|
|
|
static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
|
|
const u8 *data, size_t data_len,
|
|
int encrypt)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
return hostapd_send_eapol(hapd, addr, data, data_len, encrypt);
|
|
}
|
|
|
|
|
|
static int hostapd_wpa_auth_for_each_sta(
|
|
void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx),
|
|
void *cb_ctx)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
struct sta_info *sta;
|
|
|
|
for (sta = hapd->sta_list; sta; sta = sta->next) {
|
|
if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx))
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
|
|
struct wpa_auth_iface_iter_data {
|
|
int (*cb)(struct wpa_authenticator *sm, void *ctx);
|
|
void *cb_ctx;
|
|
};
|
|
|
|
static int wpa_auth_iface_iter(struct hostapd_iface *iface, void *ctx)
|
|
{
|
|
struct wpa_auth_iface_iter_data *data = ctx;
|
|
size_t i;
|
|
for (i = 0; i < iface->num_bss; i++) {
|
|
if (data->cb(iface->bss[i]->wpa_auth, data->cb_ctx))
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
|
|
static int hostapd_wpa_auth_for_each_auth(
|
|
void *ctx, int (*cb)(struct wpa_authenticator *sm, void *ctx),
|
|
void *cb_ctx)
|
|
{
|
|
struct wpa_auth_iface_iter_data data;
|
|
data.cb = cb;
|
|
data.cb_ctx = cb_ctx;
|
|
return hostapd_for_each_interface(wpa_auth_iface_iter, &data);
|
|
}
|
|
|
|
|
|
static int hostapd_wpa_auth_send_ether(void *ctx, const u8 *dst, u16 proto,
|
|
const u8 *data, size_t data_len)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
|
|
if (hapd->driver && hapd->driver->send_ether)
|
|
return hapd->driver->send_ether(hapd->drv_priv, dst,
|
|
hapd->own_addr, proto,
|
|
data, data_len);
|
|
if (hapd->l2 == NULL)
|
|
return -1;
|
|
return l2_packet_send(hapd->l2, dst, proto, data, data_len);
|
|
}
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
|
|
static int hostapd_wpa_auth_send_ft_action(void *ctx, const u8 *dst,
|
|
const u8 *data, size_t data_len)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
int res;
|
|
struct ieee80211_mgmt *m;
|
|
size_t mlen;
|
|
struct sta_info *sta;
|
|
|
|
sta = ap_get_sta(hapd, dst);
|
|
if (sta == NULL || sta->wpa_sm == NULL)
|
|
return -1;
|
|
|
|
m = os_zalloc(sizeof(*m) + data_len);
|
|
if (m == NULL)
|
|
return -1;
|
|
mlen = ((u8 *) &m->u - (u8 *) m) + data_len;
|
|
m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
|
|
WLAN_FC_STYPE_ACTION);
|
|
os_memcpy(m->da, dst, ETH_ALEN);
|
|
os_memcpy(m->sa, hapd->own_addr, ETH_ALEN);
|
|
os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
|
|
os_memcpy(&m->u, data, data_len);
|
|
|
|
res = hostapd_send_mgmt_frame(hapd, (u8 *) m, mlen, 0);
|
|
os_free(m);
|
|
return res;
|
|
}
|
|
|
|
|
|
static struct wpa_state_machine *
|
|
hostapd_wpa_auth_add_sta(void *ctx, const u8 *sta_addr)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
struct sta_info *sta;
|
|
|
|
sta = ap_sta_add(hapd, sta_addr);
|
|
if (sta == NULL)
|
|
return NULL;
|
|
if (sta->wpa_sm)
|
|
return sta->wpa_sm;
|
|
|
|
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr);
|
|
if (sta->wpa_sm == NULL) {
|
|
ap_free_sta(hapd, sta);
|
|
return NULL;
|
|
}
|
|
sta->auth_alg = WLAN_AUTH_FT;
|
|
|
|
return sta->wpa_sm;
|
|
}
|
|
|
|
|
|
static void hostapd_rrb_receive(void *ctx, const u8 *src_addr, const u8 *buf,
|
|
size_t len)
|
|
{
|
|
struct hostapd_data *hapd = ctx;
|
|
wpa_ft_rrb_rx(hapd->wpa_auth, src_addr, buf, len);
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211R */
|
|
|
|
|
|
/**
|
|
* hostapd_validate_bssid_configuration - Validate BSSID configuration
|
|
* @iface: Pointer to interface data
|
|
* Returns: 0 on success, -1 on failure
|
|
*
|
|
* This function is used to validate that the configured BSSIDs are valid.
|
|
*/
|
|
static int hostapd_validate_bssid_configuration(struct hostapd_iface *iface)
|
|
{
|
|
u8 mask[ETH_ALEN] = { 0 };
|
|
struct hostapd_data *hapd = iface->bss[0];
|
|
unsigned int i = iface->conf->num_bss, bits = 0, j;
|
|
int res;
|
|
int auto_addr = 0;
|
|
|
|
if (hostapd_drv_none(hapd))
|
|
return 0;
|
|
|
|
/* Generate BSSID mask that is large enough to cover the BSSIDs. */
|
|
|
|
/* Determine the bits necessary to cover the number of BSSIDs. */
|
|
for (i--; i; i >>= 1)
|
|
bits++;
|
|
|
|
/* Determine the bits necessary to any configured BSSIDs,
|
|
if they are higher than the number of BSSIDs. */
|
|
for (j = 0; j < iface->conf->num_bss; j++) {
|
|
if (hostapd_mac_comp_empty(iface->conf->bss[j].bssid) == 0) {
|
|
if (j)
|
|
auto_addr++;
|
|
continue;
|
|
}
|
|
|
|
for (i = 0; i < ETH_ALEN; i++) {
|
|
mask[i] |=
|
|
iface->conf->bss[j].bssid[i] ^
|
|
hapd->own_addr[i];
|
|
}
|
|
}
|
|
|
|
if (!auto_addr)
|
|
goto skip_mask_ext;
|
|
|
|
for (i = 0; i < ETH_ALEN && mask[i] == 0; i++)
|
|
;
|
|
j = 0;
|
|
if (i < ETH_ALEN) {
|
|
j = (5 - i) * 8;
|
|
|
|
while (mask[i] != 0) {
|
|
mask[i] >>= 1;
|
|
j++;
|
|
}
|
|
}
|
|
|
|
if (bits < j)
|
|
bits = j;
|
|
|
|
if (bits > 40) {
|
|
wpa_printf(MSG_ERROR, "Too many bits in the BSSID mask (%u)",
|
|
bits);
|
|
return -1;
|
|
}
|
|
|
|
os_memset(mask, 0xff, ETH_ALEN);
|
|
j = bits / 8;
|
|
for (i = 5; i > 5 - j; i--)
|
|
mask[i] = 0;
|
|
j = bits % 8;
|
|
while (j--)
|
|
mask[i] <<= 1;
|
|
|
|
skip_mask_ext:
|
|
wpa_printf(MSG_DEBUG, "BSS count %lu, BSSID mask " MACSTR " (%d bits)",
|
|
(unsigned long) iface->conf->num_bss, MAC2STR(mask), bits);
|
|
|
|
res = hostapd_valid_bss_mask(hapd, hapd->own_addr, mask);
|
|
if (res == 0)
|
|
return 0;
|
|
|
|
if (res < 0) {
|
|
wpa_printf(MSG_ERROR, "Driver did not accept BSSID mask "
|
|
MACSTR " for start address " MACSTR ".",
|
|
MAC2STR(mask), MAC2STR(hapd->own_addr));
|
|
return -1;
|
|
}
|
|
|
|
if (!auto_addr)
|
|
return 0;
|
|
|
|
for (i = 0; i < ETH_ALEN; i++) {
|
|
if ((hapd->own_addr[i] & mask[i]) != hapd->own_addr[i]) {
|
|
wpa_printf(MSG_ERROR, "Invalid BSSID mask " MACSTR
|
|
" for start address " MACSTR ".",
|
|
MAC2STR(mask), MAC2STR(hapd->own_addr));
|
|
wpa_printf(MSG_ERROR, "Start address must be the "
|
|
"first address in the block (i.e., addr "
|
|
"AND mask == addr).");
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
static int mac_in_conf(struct hostapd_config *conf, const void *a)
|
|
{
|
|
size_t i;
|
|
|
|
for (i = 0; i < conf->num_bss; i++) {
|
|
if (hostapd_mac_comp(conf->bss[i].bssid, a) == 0) {
|
|
return 1;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
static int hostapd_setup_wpa(struct hostapd_data *hapd)
|
|
{
|
|
struct wpa_auth_config _conf;
|
|
struct wpa_auth_callbacks cb;
|
|
const u8 *wpa_ie;
|
|
size_t wpa_ie_len;
|
|
|
|
hostapd_wpa_auth_conf(hapd->conf, &_conf);
|
|
os_memset(&cb, 0, sizeof(cb));
|
|
cb.ctx = hapd;
|
|
cb.logger = hostapd_wpa_auth_logger;
|
|
cb.disconnect = hostapd_wpa_auth_disconnect;
|
|
cb.mic_failure_report = hostapd_wpa_auth_mic_failure_report;
|
|
cb.set_eapol = hostapd_wpa_auth_set_eapol;
|
|
cb.get_eapol = hostapd_wpa_auth_get_eapol;
|
|
cb.get_psk = hostapd_wpa_auth_get_psk;
|
|
cb.get_msk = hostapd_wpa_auth_get_msk;
|
|
cb.set_key = hostapd_wpa_auth_set_key;
|
|
cb.get_seqnum = hostapd_wpa_auth_get_seqnum;
|
|
cb.get_seqnum_igtk = hostapd_wpa_auth_get_seqnum_igtk;
|
|
cb.send_eapol = hostapd_wpa_auth_send_eapol;
|
|
cb.for_each_sta = hostapd_wpa_auth_for_each_sta;
|
|
cb.for_each_auth = hostapd_wpa_auth_for_each_auth;
|
|
cb.send_ether = hostapd_wpa_auth_send_ether;
|
|
#ifdef CONFIG_IEEE80211R
|
|
cb.send_ft_action = hostapd_wpa_auth_send_ft_action;
|
|
cb.add_sta = hostapd_wpa_auth_add_sta;
|
|
#endif /* CONFIG_IEEE80211R */
|
|
hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb);
|
|
if (hapd->wpa_auth == NULL) {
|
|
wpa_printf(MSG_ERROR, "WPA initialization failed.");
|
|
return -1;
|
|
}
|
|
|
|
if (hostapd_set_privacy(hapd, 1)) {
|
|
wpa_printf(MSG_ERROR, "Could not set PrivacyInvoked "
|
|
"for interface %s", hapd->conf->iface);
|
|
return -1;
|
|
}
|
|
|
|
wpa_ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &wpa_ie_len);
|
|
if (hostapd_set_generic_elem(hapd, wpa_ie, wpa_ie_len)) {
|
|
wpa_printf(MSG_ERROR, "Failed to configure WPA IE for "
|
|
"the kernel driver.");
|
|
return -1;
|
|
}
|
|
|
|
if (rsn_preauth_iface_init(hapd)) {
|
|
wpa_printf(MSG_ERROR, "Initialization of RSN "
|
|
"pre-authentication failed.");
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
static int hostapd_setup_radius_srv(struct hostapd_data *hapd,
|
|
struct hostapd_bss_config *conf)
|
|
{
|
|
struct radius_server_conf srv;
|
|
os_memset(&srv, 0, sizeof(srv));
|
|
srv.client_file = conf->radius_server_clients;
|
|
srv.auth_port = conf->radius_server_auth_port;
|
|
srv.conf_ctx = conf;
|
|
srv.eap_sim_db_priv = hapd->eap_sim_db_priv;
|
|
srv.ssl_ctx = hapd->ssl_ctx;
|
|
srv.pac_opaque_encr_key = conf->pac_opaque_encr_key;
|
|
srv.eap_fast_a_id = conf->eap_fast_a_id;
|
|
srv.eap_fast_a_id_len = conf->eap_fast_a_id_len;
|
|
srv.eap_fast_a_id_info = conf->eap_fast_a_id_info;
|
|
srv.eap_fast_prov = conf->eap_fast_prov;
|
|
srv.pac_key_lifetime = conf->pac_key_lifetime;
|
|
srv.pac_key_refresh_time = conf->pac_key_refresh_time;
|
|
srv.eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
|
|
srv.tnc = conf->tnc;
|
|
srv.wps = hapd->wps;
|
|
srv.ipv6 = conf->radius_server_ipv6;
|
|
srv.get_eap_user = hostapd_radius_get_eap_user;
|
|
srv.eap_req_id_text = conf->eap_req_id_text;
|
|
srv.eap_req_id_text_len = conf->eap_req_id_text_len;
|
|
|
|
hapd->radius_srv = radius_server_init(&srv);
|
|
if (hapd->radius_srv == NULL) {
|
|
wpa_printf(MSG_ERROR, "RADIUS server initialization failed.");
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
/**
|
|
* hostapd_setup_bss - Per-BSS setup (initialization)
|
|
* @hapd: Pointer to BSS data
|
|
* @first: Whether this BSS is the first BSS of an interface
|
|
*
|
|
* This function is used to initialize all per-BSS data structures and
|
|
* resources. This gets called in a loop for each BSS when an interface is
|
|
* initialized. Most of the modules that are initialized here will be
|
|
* deinitialized in hostapd_cleanup().
|
|
*/
|
|
static int hostapd_setup_bss(struct hostapd_data *hapd, int first)
|
|
{
|
|
struct hostapd_bss_config *conf = hapd->conf;
|
|
u8 ssid[HOSTAPD_MAX_SSID_LEN + 1];
|
|
int ssid_len, set_ssid;
|
|
|
|
if (!first) {
|
|
if (hostapd_mac_comp_empty(hapd->conf->bssid) == 0) {
|
|
/* Allocate the next available BSSID. */
|
|
do {
|
|
inc_byte_array(hapd->own_addr, ETH_ALEN);
|
|
} while (mac_in_conf(hapd->iconf, hapd->own_addr));
|
|
} else {
|
|
/* Allocate the configured BSSID. */
|
|
os_memcpy(hapd->own_addr, hapd->conf->bssid, ETH_ALEN);
|
|
|
|
if (hostapd_mac_comp(hapd->own_addr,
|
|
hapd->iface->bss[0]->own_addr) ==
|
|
0) {
|
|
wpa_printf(MSG_ERROR, "BSS '%s' may not have "
|
|
"BSSID set to the MAC address of "
|
|
"the radio", hapd->conf->iface);
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
hapd->interface_added = 1;
|
|
if (hostapd_bss_add(hapd->iface->bss[0], hapd->conf->iface,
|
|
hapd->own_addr)) {
|
|
wpa_printf(MSG_ERROR, "Failed to add BSS (BSSID="
|
|
MACSTR ")", MAC2STR(hapd->own_addr));
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Fetch the SSID from the system and use it or,
|
|
* if one was specified in the config file, verify they
|
|
* match.
|
|
*/
|
|
ssid_len = hostapd_get_ssid(hapd, ssid, sizeof(ssid));
|
|
if (ssid_len < 0) {
|
|
wpa_printf(MSG_ERROR, "Could not read SSID from system");
|
|
return -1;
|
|
}
|
|
if (conf->ssid.ssid_set) {
|
|
/*
|
|
* If SSID is specified in the config file and it differs
|
|
* from what is being used then force installation of the
|
|
* new SSID.
|
|
*/
|
|
set_ssid = (conf->ssid.ssid_len != (size_t) ssid_len ||
|
|
os_memcmp(conf->ssid.ssid, ssid, ssid_len) != 0);
|
|
} else {
|
|
/*
|
|
* No SSID in the config file; just use the one we got
|
|
* from the system.
|
|
*/
|
|
set_ssid = 0;
|
|
conf->ssid.ssid_len = ssid_len;
|
|
os_memcpy(conf->ssid.ssid, ssid, conf->ssid.ssid_len);
|
|
conf->ssid.ssid[conf->ssid.ssid_len] = '\0';
|
|
}
|
|
|
|
if (!hostapd_drv_none(hapd)) {
|
|
wpa_printf(MSG_ERROR, "Using interface %s with hwaddr " MACSTR
|
|
" and ssid '%s'",
|
|
hapd->conf->iface, MAC2STR(hapd->own_addr),
|
|
hapd->conf->ssid.ssid);
|
|
}
|
|
|
|
if (hostapd_setup_wpa_psk(conf)) {
|
|
wpa_printf(MSG_ERROR, "WPA-PSK setup failed.");
|
|
return -1;
|
|
}
|
|
|
|
/* Set flag for whether SSID is broadcast in beacons */
|
|
if (hostapd_set_broadcast_ssid(hapd,
|
|
!!hapd->conf->ignore_broadcast_ssid)) {
|
|
wpa_printf(MSG_ERROR, "Could not set broadcast SSID flag for "
|
|
"kernel driver");
|
|
return -1;
|
|
}
|
|
|
|
/* Set SSID for the kernel driver (to be used in beacon and probe
|
|
* response frames) */
|
|
if (set_ssid && hostapd_set_ssid(hapd, (u8 *) conf->ssid.ssid,
|
|
conf->ssid.ssid_len)) {
|
|
wpa_printf(MSG_ERROR, "Could not set SSID for kernel driver");
|
|
return -1;
|
|
}
|
|
|
|
if (wpa_debug_level == MSG_MSGDUMP)
|
|
conf->radius->msg_dumps = 1;
|
|
hapd->radius = radius_client_init(hapd, conf->radius);
|
|
if (hapd->radius == NULL) {
|
|
wpa_printf(MSG_ERROR, "RADIUS client initialization failed.");
|
|
return -1;
|
|
}
|
|
|
|
if (hostapd_acl_init(hapd)) {
|
|
wpa_printf(MSG_ERROR, "ACL initialization failed.");
|
|
return -1;
|
|
}
|
|
if (hostapd_init_wps(hapd, conf))
|
|
return -1;
|
|
|
|
if (ieee802_1x_init(hapd)) {
|
|
wpa_printf(MSG_ERROR, "IEEE 802.1X initialization failed.");
|
|
return -1;
|
|
}
|
|
|
|
if (hapd->conf->wpa && hostapd_setup_wpa(hapd))
|
|
return -1;
|
|
|
|
if (accounting_init(hapd)) {
|
|
wpa_printf(MSG_ERROR, "Accounting initialization failed.");
|
|
return -1;
|
|
}
|
|
|
|
if (hapd->conf->ieee802_11f &&
|
|
(hapd->iapp = iapp_init(hapd, hapd->conf->iapp_iface)) == NULL) {
|
|
wpa_printf(MSG_ERROR, "IEEE 802.11F (IAPP) initialization "
|
|
"failed.");
|
|
return -1;
|
|
}
|
|
|
|
if (hostapd_ctrl_iface_init(hapd)) {
|
|
wpa_printf(MSG_ERROR, "Failed to setup control interface");
|
|
return -1;
|
|
}
|
|
|
|
if (!hostapd_drv_none(hapd) && vlan_init(hapd)) {
|
|
wpa_printf(MSG_ERROR, "VLAN initialization failed.");
|
|
return -1;
|
|
}
|
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
if (!hostapd_drv_none(hapd)) {
|
|
hapd->l2 = l2_packet_init(hapd->conf->iface, NULL, ETH_P_RRB,
|
|
hostapd_rrb_receive, hapd, 0);
|
|
if (hapd->l2 == NULL &&
|
|
(hapd->driver == NULL ||
|
|
hapd->driver->send_ether == NULL)) {
|
|
wpa_printf(MSG_ERROR, "Failed to open l2_packet "
|
|
"interface");
|
|
return -1;
|
|
}
|
|
}
|
|
#endif /* CONFIG_IEEE80211R */
|
|
|
|
ieee802_11_set_beacon(hapd);
|
|
|
|
if (conf->radius_server_clients &&
|
|
hostapd_setup_radius_srv(hapd, conf))
|
|
return -1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
static void hostapd_tx_queue_params(struct hostapd_iface *iface)
|
|
{
|
|
struct hostapd_data *hapd = iface->bss[0];
|
|
int i;
|
|
struct hostapd_tx_queue_params *p;
|
|
|
|
for (i = 0; i < NUM_TX_QUEUES; i++) {
|
|
p = &iface->conf->tx_queue[i];
|
|
|
|
if (!p->configured)
|
|
continue;
|
|
|
|
if (hostapd_set_tx_queue_params(hapd, i, p->aifs, p->cwmin,
|
|
p->cwmax, p->burst)) {
|
|
wpa_printf(MSG_DEBUG, "Failed to set TX queue "
|
|
"parameters for queue %d.", i);
|
|
/* Continue anyway */
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
|
|
size_t identity_len, int phase2,
|
|
struct eap_user *user)
|
|
{
|
|
const struct hostapd_eap_user *eap_user;
|
|
int i, count;
|
|
|
|
eap_user = hostapd_get_eap_user(ctx, identity, identity_len, phase2);
|
|
if (eap_user == NULL)
|
|
return -1;
|
|
|
|
if (user == NULL)
|
|
return 0;
|
|
|
|
os_memset(user, 0, sizeof(*user));
|
|
count = EAP_USER_MAX_METHODS;
|
|
if (count > EAP_MAX_METHODS)
|
|
count = EAP_MAX_METHODS;
|
|
for (i = 0; i < count; i++) {
|
|
user->methods[i].vendor = eap_user->methods[i].vendor;
|
|
user->methods[i].method = eap_user->methods[i].method;
|
|
}
|
|
|
|
if (eap_user->password) {
|
|
user->password = os_malloc(eap_user->password_len);
|
|
if (user->password == NULL)
|
|
return -1;
|
|
os_memcpy(user->password, eap_user->password,
|
|
eap_user->password_len);
|
|
user->password_len = eap_user->password_len;
|
|
user->password_hash = eap_user->password_hash;
|
|
}
|
|
user->force_version = eap_user->force_version;
|
|
user->ttls_auth = eap_user->ttls_auth;
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
static int setup_interface(struct hostapd_iface *iface)
|
|
{
|
|
struct hostapd_data *hapd = iface->bss[0];
|
|
struct hostapd_bss_config *conf = hapd->conf;
|
|
size_t i;
|
|
char country[4];
|
|
u8 *b = conf->bssid;
|
|
int freq;
|
|
size_t j;
|
|
u8 *prev_addr;
|
|
|
|
/*
|
|
* Initialize the driver interface and make sure that all BSSes get
|
|
* configured with a pointer to this driver interface.
|
|
*/
|
|
if (b[0] | b[1] | b[2] | b[3] | b[4] | b[5]) {
|
|
hapd->drv_priv = hostapd_driver_init_bssid(hapd, b);
|
|
} else {
|
|
hapd->drv_priv = hostapd_driver_init(hapd);
|
|
}
|
|
|
|
if (hapd->drv_priv == NULL) {
|
|
wpa_printf(MSG_ERROR, "%s driver initialization failed.",
|
|
hapd->driver ? hapd->driver->name : "Unknown");
|
|
hapd->driver = NULL;
|
|
return -1;
|
|
}
|
|
for (i = 0; i < iface->num_bss; i++) {
|
|
iface->bss[i]->driver = hapd->driver;
|
|
iface->bss[i]->drv_priv = hapd->drv_priv;
|
|
}
|
|
|
|
if (hostapd_validate_bssid_configuration(iface))
|
|
return -1;
|
|
|
|
#ifdef CONFIG_IEEE80211N
|
|
SET_2BIT_LE16(&iface->ht_op_mode,
|
|
HT_INFO_OPERATION_MODE_OP_MODE_OFFSET,
|
|
OP_MODE_PURE);
|
|
#endif /* CONFIG_IEEE80211N */
|
|
|
|
if (hapd->iconf->country[0] && hapd->iconf->country[1]) {
|
|
os_memcpy(country, hapd->iconf->country, 3);
|
|
country[3] = '\0';
|
|
if (hostapd_set_country(hapd, country) < 0) {
|
|
wpa_printf(MSG_ERROR, "Failed to set country code");
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
if (hapd->iconf->ieee80211d &&
|
|
hostapd_set_ieee80211d(hapd, 1) < 0) {
|
|
wpa_printf(MSG_ERROR, "Failed to set ieee80211d (%d)",
|
|
hapd->iconf->ieee80211d);
|
|
return -1;
|
|
}
|
|
|
|
if (hapd->iconf->bridge_packets != INTERNAL_BRIDGE_DO_NOT_CONTROL &&
|
|
hostapd_set_internal_bridge(hapd, hapd->iconf->bridge_packets)) {
|
|
wpa_printf(MSG_ERROR, "Failed to set bridge_packets for "
|
|
"kernel driver");
|
|
return -1;
|
|
}
|
|
|
|
/* TODO: merge with hostapd_driver_init() ? */
|
|
if (hostapd_wireless_event_init(hapd) < 0)
|
|
return -1;
|
|
|
|
if (hostapd_get_hw_features(iface)) {
|
|
/* Not all drivers support this yet, so continue without hw
|
|
* feature data. */
|
|
} else {
|
|
int ret = hostapd_select_hw_mode(iface);
|
|
if (ret < 0) {
|
|
wpa_printf(MSG_ERROR, "Could not select hw_mode and "
|
|
"channel. (%d)", ret);
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
hostapd_flush_old_stations(hapd);
|
|
hostapd_set_privacy(hapd, 0);
|
|
|
|
if (hapd->iconf->channel) {
|
|
freq = hostapd_hw_get_freq(hapd, hapd->iconf->channel);
|
|
wpa_printf(MSG_DEBUG, "Mode: %s Channel: %d "
|
|
"Frequency: %d MHz",
|
|
hostapd_hw_mode_txt(hapd->iconf->hw_mode),
|
|
hapd->iconf->channel, freq);
|
|
|
|
if (hostapd_set_freq(hapd, hapd->iconf->hw_mode, freq,
|
|
hapd->iconf->channel,
|
|
hapd->iconf->ieee80211n,
|
|
hapd->iconf->secondary_channel)) {
|
|
wpa_printf(MSG_ERROR, "Could not set channel for "
|
|
"kernel driver");
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
hostapd_broadcast_wep_clear(hapd);
|
|
if (hostapd_setup_encryption(hapd->conf->iface, hapd))
|
|
return -1;
|
|
|
|
hostapd_set_beacon_int(hapd, hapd->iconf->beacon_int);
|
|
ieee802_11_set_beacon(hapd);
|
|
|
|
if (hapd->iconf->rts_threshold > -1 &&
|
|
hostapd_set_rts(hapd, hapd->iconf->rts_threshold)) {
|
|
wpa_printf(MSG_ERROR, "Could not set RTS threshold for "
|
|
"kernel driver");
|
|
return -1;
|
|
}
|
|
|
|
if (hapd->iconf->fragm_threshold > -1 &&
|
|
hostapd_set_frag(hapd, hapd->iconf->fragm_threshold)) {
|
|
wpa_printf(MSG_ERROR, "Could not set fragmentation threshold "
|
|
"for kernel driver");
|
|
return -1;
|
|
}
|
|
|
|
prev_addr = hapd->own_addr;
|
|
|
|
for (j = 0; j < iface->num_bss; j++) {
|
|
hapd = iface->bss[j];
|
|
if (j)
|
|
os_memcpy(hapd->own_addr, prev_addr, ETH_ALEN);
|
|
if (hostapd_setup_bss(hapd, j == 0))
|
|
return -1;
|
|
if (hostapd_mac_comp_empty(hapd->conf->bssid) == 0)
|
|
prev_addr = hapd->own_addr;
|
|
}
|
|
|
|
hostapd_tx_queue_params(iface);
|
|
|
|
ap_list_init(iface);
|
|
|
|
if (hostapd_driver_commit(hapd) < 0) {
|
|
wpa_printf(MSG_ERROR, "%s: Failed to commit driver "
|
|
"configuration", __func__);
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
/**
|
|
* hostapd_setup_interface - Setup of an interface
|
|
* @iface: Pointer to interface data.
|
|
* Returns: 0 on success, -1 on failure
|
|
*
|
|
* Initializes the driver interface, validates the configuration,
|
|
* and sets driver parameters based on the configuration.
|
|
* Flushes old stations, sets the channel, encryption,
|
|
* beacons, and WDS links based on the configuration.
|
|
*/
|
|
int hostapd_setup_interface(struct hostapd_iface *iface)
|
|
{
|
|
int ret;
|
|
|
|
ret = setup_interface(iface);
|
|
if (ret) {
|
|
wpa_printf(MSG_DEBUG, "%s: Unable to setup interface.",
|
|
iface->bss[0]->conf->iface);
|
|
eloop_terminate();
|
|
return -1;
|
|
} else if (!hostapd_drv_none(iface->bss[0])) {
|
|
wpa_printf(MSG_DEBUG, "%s: Setup of interface done.",
|
|
iface->bss[0]->conf->iface);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
/**
|
|
* hostapd_alloc_bss_data - Allocate and initialize per-BSS data
|
|
* @hapd_iface: Pointer to interface data
|
|
* @conf: Pointer to per-interface configuration
|
|
* @bss: Pointer to per-BSS configuration for this BSS
|
|
* Returns: Pointer to allocated BSS data
|
|
*
|
|
* This function is used to allocate per-BSS data structure. This data will be
|
|
* freed after hostapd_cleanup() is called for it during interface
|
|
* deinitialization.
|
|
*/
|
|
struct hostapd_data *
|
|
hostapd_alloc_bss_data(struct hostapd_iface *hapd_iface,
|
|
struct hostapd_config *conf,
|
|
struct hostapd_bss_config *bss)
|
|
{
|
|
struct hostapd_data *hapd;
|
|
|
|
hapd = os_zalloc(sizeof(*hapd));
|
|
if (hapd == NULL)
|
|
return NULL;
|
|
|
|
hapd->iconf = conf;
|
|
hapd->conf = bss;
|
|
hapd->iface = hapd_iface;
|
|
|
|
if (hapd->conf->individual_wep_key_len > 0) {
|
|
/* use key0 in individual key and key1 in broadcast key */
|
|
hapd->default_wep_key_idx = 1;
|
|
}
|
|
|
|
#ifdef EAP_TLS_FUNCS
|
|
if (hapd->conf->eap_server &&
|
|
(hapd->conf->ca_cert || hapd->conf->server_cert ||
|
|
hapd->conf->dh_file)) {
|
|
struct tls_connection_params params;
|
|
|
|
hapd->ssl_ctx = tls_init(NULL);
|
|
if (hapd->ssl_ctx == NULL) {
|
|
wpa_printf(MSG_ERROR, "Failed to initialize TLS");
|
|
goto fail;
|
|
}
|
|
|
|
os_memset(¶ms, 0, sizeof(params));
|
|
params.ca_cert = hapd->conf->ca_cert;
|
|
params.client_cert = hapd->conf->server_cert;
|
|
params.private_key = hapd->conf->private_key;
|
|
params.private_key_passwd = hapd->conf->private_key_passwd;
|
|
params.dh_file = hapd->conf->dh_file;
|
|
|
|
if (tls_global_set_params(hapd->ssl_ctx, ¶ms)) {
|
|
wpa_printf(MSG_ERROR, "Failed to set TLS parameters");
|
|
goto fail;
|
|
}
|
|
|
|
if (tls_global_set_verify(hapd->ssl_ctx,
|
|
hapd->conf->check_crl)) {
|
|
wpa_printf(MSG_ERROR, "Failed to enable check_crl");
|
|
goto fail;
|
|
}
|
|
}
|
|
#endif /* EAP_TLS_FUNCS */
|
|
|
|
#ifdef EAP_SERVER
|
|
if (hapd->conf->eap_sim_db) {
|
|
hapd->eap_sim_db_priv =
|
|
eap_sim_db_init(hapd->conf->eap_sim_db,
|
|
hostapd_sim_db_cb, hapd);
|
|
if (hapd->eap_sim_db_priv == NULL) {
|
|
wpa_printf(MSG_ERROR, "Failed to initialize EAP-SIM "
|
|
"database interface");
|
|
goto fail;
|
|
}
|
|
}
|
|
#endif /* EAP_SERVER */
|
|
|
|
hapd->driver = hapd->iconf->driver;
|
|
|
|
return hapd;
|
|
|
|
#if defined(EAP_TLS_FUNCS) || defined(EAP_SERVER)
|
|
fail:
|
|
#endif
|
|
/* TODO: cleanup allocated resources(?) */
|
|
os_free(hapd);
|
|
return NULL;
|
|
}
|
|
|
|
|
|
void hostapd_interface_deinit(struct hostapd_iface *iface)
|
|
{
|
|
size_t j;
|
|
|
|
if (iface == NULL)
|
|
return;
|
|
|
|
hostapd_cleanup_iface_pre(iface);
|
|
for (j = 0; j < iface->num_bss; j++) {
|
|
struct hostapd_data *hapd = iface->bss[j];
|
|
hostapd_free_stas(hapd);
|
|
hostapd_flush_old_stations(hapd);
|
|
hostapd_cleanup(hapd);
|
|
if (j == iface->num_bss - 1 && hapd->driver)
|
|
hostapd_driver_deinit(hapd);
|
|
}
|
|
for (j = 0; j < iface->num_bss; j++)
|
|
os_free(iface->bss[j]);
|
|
hostapd_cleanup_iface(iface);
|
|
}
|