fragattacks/hostapd/hostapd.c
Jouni Malinen 3484a18a13 hostapd: Remove unused bridge_packets configuration option
There was code for configuring this, but no driver wrapper actually
implements the actual setting. Remove this for now to reduce potential
confusion and to simply the driver interface.
2009-12-09 22:06:43 +02:00

1499 lines
38 KiB
C

/*
* hostapd / Initialization and configuration
* Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#include "includes.h"
#include "common.h"
#include "eloop.h"
#include "crypto/tls.h"
#include "common/ieee802_11_defs.h"
#include "eapol_auth/eapol_auth_sm.h"
#include "eapol_auth/eapol_auth_sm_i.h"
#include "radius/radius_client.h"
#include "radius/radius_server.h"
#include "eap_server/eap_sim_db.h"
#include "eap_server/eap.h"
#include "eap_server/tncs.h"
#include "l2_packet/l2_packet.h"
#include "hostapd.h"
#include "ieee802_1x.h"
#include "beacon.h"
#include "hw_features.h"
#include "accounting.h"
#include "iapp.h"
#include "ieee802_11_auth.h"
#include "sta_flags.h"
#include "sta_info.h"
#include "ap_list.h"
#include "driver_i.h"
#include "wpa.h"
#include "preauth.h"
#include "vlan_init.h"
#include "ctrl_iface.h"
#include "wps_hostapd.h"
#include "tkip_countermeasures.h"
static int hostapd_flush_old_stations(struct hostapd_data *hapd);
static int hostapd_setup_wpa(struct hostapd_data *hapd);
static int hostapd_setup_encryption(char *iface, struct hostapd_data *hapd);
extern int wpa_debug_level;
#if defined(EAP_SERVER_SIM) || defined(EAP_SERVER_AKA)
#define EAP_SIM_DB
#endif /* EAP_SERVER_SIM || EAP_SERVER_AKA */
#ifdef EAP_SIM_DB
static int hostapd_sim_db_cb_sta(struct hostapd_data *hapd,
struct sta_info *sta, void *ctx)
{
if (eapol_auth_eap_pending_cb(sta->eapol_sm, ctx) == 0)
return 1;
return 0;
}
static void hostapd_sim_db_cb(void *ctx, void *session_ctx)
{
struct hostapd_data *hapd = ctx;
if (ap_for_each_sta(hapd, hostapd_sim_db_cb_sta, session_ctx) == 0) {
#ifdef RADIUS_SERVER
radius_server_eap_pending_cb(hapd->radius_srv, session_ctx);
#endif /* RADIUS_SERVER */
}
}
#endif /* EAP_SIM_DB */
static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
struct wpa_auth_config *wconf)
{
wconf->wpa = conf->wpa;
wconf->wpa_key_mgmt = conf->wpa_key_mgmt;
wconf->wpa_pairwise = conf->wpa_pairwise;
wconf->wpa_group = conf->wpa_group;
wconf->wpa_group_rekey = conf->wpa_group_rekey;
wconf->wpa_strict_rekey = conf->wpa_strict_rekey;
wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey;
wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey;
wconf->rsn_pairwise = conf->rsn_pairwise;
wconf->rsn_preauth = conf->rsn_preauth;
wconf->eapol_version = conf->eapol_version;
wconf->peerkey = conf->peerkey;
wconf->wmm_enabled = conf->wmm_enabled;
wconf->okc = conf->okc;
#ifdef CONFIG_IEEE80211W
wconf->ieee80211w = conf->ieee80211w;
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_IEEE80211R
wconf->ssid_len = conf->ssid.ssid_len;
if (wconf->ssid_len > SSID_LEN)
wconf->ssid_len = SSID_LEN;
os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len);
os_memcpy(wconf->mobility_domain, conf->mobility_domain,
MOBILITY_DOMAIN_ID_LEN);
if (conf->nas_identifier &&
os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) {
wconf->r0_key_holder_len = os_strlen(conf->nas_identifier);
os_memcpy(wconf->r0_key_holder, conf->nas_identifier,
wconf->r0_key_holder_len);
}
os_memcpy(wconf->r1_key_holder, conf->r1_key_holder, FT_R1KH_ID_LEN);
wconf->r0_key_lifetime = conf->r0_key_lifetime;
wconf->reassociation_deadline = conf->reassociation_deadline;
wconf->r0kh_list = conf->r0kh_list;
wconf->r1kh_list = conf->r1kh_list;
wconf->pmk_r1_push = conf->pmk_r1_push;
#endif /* CONFIG_IEEE80211R */
}
int hostapd_reload_config(struct hostapd_iface *iface)
{
struct hostapd_data *hapd = iface->bss[0];
struct hostapd_config *newconf, *oldconf;
struct wpa_auth_config wpa_auth_conf;
size_t j;
newconf = hostapd_config_read(iface->config_fname);
if (newconf == NULL)
return -1;
/*
* Deauthenticate all stations since the new configuration may not
* allow them to use the BSS anymore.
*/
for (j = 0; j < iface->num_bss; j++)
hostapd_flush_old_stations(iface->bss[j]);
#ifndef CONFIG_NO_RADIUS
/* TODO: update dynamic data based on changed configuration
* items (e.g., open/close sockets, etc.) */
radius_client_flush(hapd->radius, 0);
#endif /* CONFIG_NO_RADIUS */
oldconf = hapd->iconf;
hapd->iconf = newconf;
hapd->conf = &newconf->bss[0];
iface->conf = newconf;
if (hostapd_setup_wpa_psk(hapd->conf)) {
wpa_printf(MSG_ERROR, "Failed to re-configure WPA PSK "
"after reloading configuration");
}
if (hapd->conf->wpa && hapd->wpa_auth == NULL)
hostapd_setup_wpa(hapd);
else if (hapd->conf->wpa) {
hostapd_wpa_auth_conf(&newconf->bss[0], &wpa_auth_conf);
wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf);
} else if (hapd->wpa_auth) {
wpa_deinit(hapd->wpa_auth);
hapd->wpa_auth = NULL;
hostapd_set_privacy(hapd, 0);
hostapd_setup_encryption(hapd->conf->iface, hapd);
}
ieee802_11_set_beacon(hapd);
if (hapd->conf->ssid.ssid_set &&
hostapd_set_ssid(hapd, (u8 *) hapd->conf->ssid.ssid,
hapd->conf->ssid.ssid_len)) {
wpa_printf(MSG_ERROR, "Could not set SSID for kernel driver");
/* try to continue */
}
if (hapd->conf->ieee802_1x || hapd->conf->wpa)
hostapd_set_ieee8021x(hapd->conf->iface, hapd, 1);
hostapd_config_free(oldconf);
wpa_printf(MSG_DEBUG, "Reconfigured interface %s", hapd->conf->iface);
return 0;
}
int handle_reload_iface(struct hostapd_iface *iface, void *ctx)
{
if (hostapd_reload_config(iface) < 0) {
wpa_printf(MSG_WARNING, "Failed to read new configuration "
"file - continuing with old.");
}
return 0;
}
static void hostapd_broadcast_key_clear_iface(struct hostapd_data *hapd,
char *ifname)
{
int i;
for (i = 0; i < NUM_WEP_KEYS; i++) {
if (hostapd_set_key(ifname, hapd, WPA_ALG_NONE, NULL, i,
i == 0 ? 1 : 0, NULL, 0, NULL, 0)) {
wpa_printf(MSG_DEBUG, "Failed to clear default "
"encryption keys (ifname=%s keyidx=%d)",
ifname, i);
}
}
#ifdef CONFIG_IEEE80211W
if (hapd->conf->ieee80211w) {
for (i = NUM_WEP_KEYS; i < NUM_WEP_KEYS + 2; i++) {
if (hostapd_set_key(ifname, hapd, WPA_ALG_NONE, NULL,
i, i == 0 ? 1 : 0, NULL, 0,
NULL, 0)) {
wpa_printf(MSG_DEBUG, "Failed to clear "
"default mgmt encryption keys "
"(ifname=%s keyidx=%d)", ifname, i);
}
}
}
#endif /* CONFIG_IEEE80211W */
}
static int hostapd_broadcast_wep_clear(struct hostapd_data *hapd)
{
hostapd_broadcast_key_clear_iface(hapd, hapd->conf->iface);
return 0;
}
static int hostapd_broadcast_wep_set(struct hostapd_data *hapd)
{
int errors = 0, idx;
struct hostapd_ssid *ssid = &hapd->conf->ssid;
idx = ssid->wep.idx;
if (ssid->wep.default_len &&
hostapd_set_key(hapd->conf->iface,
hapd, WPA_ALG_WEP, NULL, idx, idx == ssid->wep.idx,
NULL, 0, ssid->wep.key[idx], ssid->wep.len[idx])) {
wpa_printf(MSG_WARNING, "Could not set WEP encryption.");
errors++;
}
if (ssid->dyn_vlan_keys) {
size_t i;
for (i = 0; i <= ssid->max_dyn_vlan_keys; i++) {
const char *ifname;
struct hostapd_wep_keys *key = ssid->dyn_vlan_keys[i];
if (key == NULL)
continue;
ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan,
i);
if (ifname == NULL)
continue;
idx = key->idx;
if (hostapd_set_key(ifname, hapd, WPA_ALG_WEP, NULL,
idx, idx == key->idx, NULL, 0,
key->key[idx], key->len[idx])) {
wpa_printf(MSG_WARNING, "Could not set "
"dynamic VLAN WEP encryption.");
errors++;
}
}
}
return errors;
}
/**
* hostapd_cleanup - Per-BSS cleanup (deinitialization)
* @hapd: Pointer to BSS data
*
* This function is used to free all per-BSS data structures and resources.
* This gets called in a loop for each BSS between calls to
* hostapd_cleanup_iface_pre() and hostapd_cleanup_iface() when an interface
* is deinitialized. Most of the modules that are initialized in
* hostapd_setup_bss() are deinitialized here.
*/
static void hostapd_cleanup(struct hostapd_data *hapd)
{
hostapd_ctrl_iface_deinit(hapd);
iapp_deinit(hapd->iapp);
hapd->iapp = NULL;
accounting_deinit(hapd);
rsn_preauth_iface_deinit(hapd);
if (hapd->wpa_auth) {
wpa_deinit(hapd->wpa_auth);
hapd->wpa_auth = NULL;
if (hostapd_set_privacy(hapd, 0)) {
wpa_printf(MSG_DEBUG, "Could not disable "
"PrivacyInvoked for interface %s",
hapd->conf->iface);
}
if (hostapd_set_generic_elem(hapd, (u8 *) "", 0)) {
wpa_printf(MSG_DEBUG, "Could not remove generic "
"information element from interface %s",
hapd->conf->iface);
}
}
ieee802_1x_deinit(hapd);
vlan_deinit(hapd);
hostapd_acl_deinit(hapd);
#ifndef CONFIG_NO_RADIUS
radius_client_deinit(hapd->radius);
hapd->radius = NULL;
#endif /* CONFIG_NO_RADIUS */
#ifdef RADIUS_SERVER
radius_server_deinit(hapd->radius_srv);
hapd->radius_srv = NULL;
#endif /* RADIUS_SERVER */
#ifdef CONFIG_IEEE80211R
l2_packet_deinit(hapd->l2);
#endif /* CONFIG_IEEE80211R */
hostapd_deinit_wps(hapd);
#ifdef EAP_TLS_FUNCS
if (hapd->ssl_ctx) {
tls_deinit(hapd->ssl_ctx);
hapd->ssl_ctx = NULL;
}
#endif /* EAP_TLS_FUNCS */
#if defined(EAP_SERVER_SIM) || defined(EAP_SERVER_AKA)
if (hapd->eap_sim_db_priv) {
eap_sim_db_deinit(hapd->eap_sim_db_priv);
hapd->eap_sim_db_priv = NULL;
}
#endif /* EAP_SERVER_SIM || EAP_SERVER_AKA */
if (hapd->interface_added &&
hostapd_if_remove(hapd, WPA_IF_AP_BSS, hapd->conf->iface)) {
wpa_printf(MSG_WARNING, "Failed to remove BSS interface %s",
hapd->conf->iface);
}
os_free(hapd->probereq_cb);
hapd->probereq_cb = NULL;
}
/**
* hostapd_cleanup_iface_pre - Preliminary per-interface cleanup
* @iface: Pointer to interface data
*
* This function is called before per-BSS data structures are deinitialized
* with hostapd_cleanup().
*/
static void hostapd_cleanup_iface_pre(struct hostapd_iface *iface)
{
}
/**
* hostapd_cleanup_iface - Complete per-interface cleanup
* @iface: Pointer to interface data
*
* This function is called after per-BSS data structures are deinitialized
* with hostapd_cleanup().
*/
static void hostapd_cleanup_iface(struct hostapd_iface *iface)
{
hostapd_free_hw_features(iface->hw_features, iface->num_hw_features);
iface->hw_features = NULL;
os_free(iface->current_rates);
iface->current_rates = NULL;
ap_list_deinit(iface);
hostapd_config_free(iface->conf);
iface->conf = NULL;
os_free(iface->config_fname);
os_free(iface->bss);
os_free(iface);
}
static int hostapd_setup_encryption(char *iface, struct hostapd_data *hapd)
{
int i;
hostapd_broadcast_wep_set(hapd);
if (hapd->conf->ssid.wep.default_len)
return 0;
for (i = 0; i < 4; i++) {
if (hapd->conf->ssid.wep.key[i] &&
hostapd_set_key(iface, hapd, WPA_ALG_WEP, NULL, i,
i == hapd->conf->ssid.wep.idx, NULL, 0,
hapd->conf->ssid.wep.key[i],
hapd->conf->ssid.wep.len[i])) {
wpa_printf(MSG_WARNING, "Could not set WEP "
"encryption.");
return -1;
}
if (hapd->conf->ssid.wep.key[i] &&
i == hapd->conf->ssid.wep.idx)
hostapd_set_privacy(hapd, 1);
}
return 0;
}
static int hostapd_flush_old_stations(struct hostapd_data *hapd)
{
int ret = 0;
if (hostapd_drv_none(hapd))
return 0;
wpa_printf(MSG_DEBUG, "Flushing old station entries");
if (hostapd_flush(hapd)) {
wpa_printf(MSG_WARNING, "Could not connect to kernel driver.");
ret = -1;
}
wpa_printf(MSG_DEBUG, "Deauthenticate all stations");
/* New Prism2.5/3 STA firmware versions seem to have issues with this
* broadcast deauth frame. This gets the firmware in odd state where
* nothing works correctly, so let's skip sending this for the hostap
* driver. */
if (hapd->driver && os_strcmp(hapd->driver->name, "hostap") != 0) {
u8 addr[ETH_ALEN];
os_memset(addr, 0xff, ETH_ALEN);
hostapd_sta_deauth(hapd, addr,
WLAN_REASON_PREV_AUTH_NOT_VALID);
}
return ret;
}
static void hostapd_wpa_auth_logger(void *ctx, const u8 *addr,
logger_level level, const char *txt)
{
#ifndef CONFIG_NO_HOSTAPD_LOGGER
struct hostapd_data *hapd = ctx;
int hlevel;
switch (level) {
case LOGGER_WARNING:
hlevel = HOSTAPD_LEVEL_WARNING;
break;
case LOGGER_INFO:
hlevel = HOSTAPD_LEVEL_INFO;
break;
case LOGGER_DEBUG:
default:
hlevel = HOSTAPD_LEVEL_DEBUG;
break;
}
hostapd_logger(hapd, addr, HOSTAPD_MODULE_WPA, hlevel, "%s", txt);
#endif /* CONFIG_NO_HOSTAPD_LOGGER */
}
static void hostapd_wpa_auth_disconnect(void *ctx, const u8 *addr,
u16 reason)
{
struct hostapd_data *hapd = ctx;
struct sta_info *sta;
wpa_printf(MSG_DEBUG, "%s: WPA authenticator requests disconnect: "
"STA " MACSTR " reason %d",
__func__, MAC2STR(addr), reason);
sta = ap_get_sta(hapd, addr);
hostapd_sta_deauth(hapd, addr, reason);
if (sta == NULL)
return;
sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_AUTHORIZED);
eloop_cancel_timeout(ap_handle_timer, hapd, sta);
eloop_register_timeout(0, 0, ap_handle_timer, hapd, sta);
sta->timeout_next = STA_REMOVE;
}
static void hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr)
{
struct hostapd_data *hapd = ctx;
michael_mic_failure(hapd, addr, 0);
}
static void hostapd_wpa_auth_set_eapol(void *ctx, const u8 *addr,
wpa_eapol_variable var, int value)
{
struct hostapd_data *hapd = ctx;
struct sta_info *sta = ap_get_sta(hapd, addr);
if (sta == NULL)
return;
switch (var) {
case WPA_EAPOL_portEnabled:
ieee802_1x_notify_port_enabled(sta->eapol_sm, value);
break;
case WPA_EAPOL_portValid:
ieee802_1x_notify_port_valid(sta->eapol_sm, value);
break;
case WPA_EAPOL_authorized:
ieee802_1x_set_sta_authorized(hapd, sta, value);
break;
case WPA_EAPOL_portControl_Auto:
if (sta->eapol_sm)
sta->eapol_sm->portControl = Auto;
break;
case WPA_EAPOL_keyRun:
if (sta->eapol_sm)
sta->eapol_sm->keyRun = value ? TRUE : FALSE;
break;
case WPA_EAPOL_keyAvailable:
if (sta->eapol_sm)
sta->eapol_sm->eap_if->eapKeyAvailable =
value ? TRUE : FALSE;
break;
case WPA_EAPOL_keyDone:
if (sta->eapol_sm)
sta->eapol_sm->keyDone = value ? TRUE : FALSE;
break;
case WPA_EAPOL_inc_EapolFramesTx:
if (sta->eapol_sm)
sta->eapol_sm->dot1xAuthEapolFramesTx++;
break;
}
}
static int hostapd_wpa_auth_get_eapol(void *ctx, const u8 *addr,
wpa_eapol_variable var)
{
struct hostapd_data *hapd = ctx;
struct sta_info *sta = ap_get_sta(hapd, addr);
if (sta == NULL || sta->eapol_sm == NULL)
return -1;
switch (var) {
case WPA_EAPOL_keyRun:
return sta->eapol_sm->keyRun;
case WPA_EAPOL_keyAvailable:
return sta->eapol_sm->eap_if->eapKeyAvailable;
default:
return -1;
}
}
static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
const u8 *prev_psk)
{
struct hostapd_data *hapd = ctx;
return hostapd_get_psk(hapd->conf, addr, prev_psk);
}
static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
size_t *len)
{
struct hostapd_data *hapd = ctx;
const u8 *key;
size_t keylen;
struct sta_info *sta;
sta = ap_get_sta(hapd, addr);
if (sta == NULL)
return -1;
key = ieee802_1x_get_key(sta->eapol_sm, &keylen);
if (key == NULL)
return -1;
if (keylen > *len)
keylen = *len;
os_memcpy(msk, key, keylen);
*len = keylen;
return 0;
}
static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, wpa_alg alg,
const u8 *addr, int idx, u8 *key,
size_t key_len)
{
struct hostapd_data *hapd = ctx;
const char *ifname = hapd->conf->iface;
if (vlan_id > 0) {
ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id);
if (ifname == NULL)
return -1;
}
return hostapd_set_key(ifname, hapd, alg, addr, idx, 1, NULL, 0,
key, key_len);
}
static int hostapd_wpa_auth_get_seqnum(void *ctx, const u8 *addr, int idx,
u8 *seq)
{
struct hostapd_data *hapd = ctx;
return hostapd_get_seqnum(hapd->conf->iface, hapd, addr, idx, seq);
}
static int hostapd_wpa_auth_get_seqnum_igtk(void *ctx, const u8 *addr, int idx,
u8 *seq)
{
struct hostapd_data *hapd = ctx;
return hostapd_get_seqnum_igtk(hapd->conf->iface, hapd, addr, idx,
seq);
}
static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
const u8 *data, size_t data_len,
int encrypt)
{
struct hostapd_data *hapd = ctx;
return hostapd_send_eapol(hapd, addr, data, data_len, encrypt);
}
static int hostapd_wpa_auth_for_each_sta(
void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx),
void *cb_ctx)
{
struct hostapd_data *hapd = ctx;
struct sta_info *sta;
for (sta = hapd->sta_list; sta; sta = sta->next) {
if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx))
return 1;
}
return 0;
}
struct wpa_auth_iface_iter_data {
int (*cb)(struct wpa_authenticator *sm, void *ctx);
void *cb_ctx;
};
static int wpa_auth_iface_iter(struct hostapd_iface *iface, void *ctx)
{
struct wpa_auth_iface_iter_data *data = ctx;
size_t i;
for (i = 0; i < iface->num_bss; i++) {
if (data->cb(iface->bss[i]->wpa_auth, data->cb_ctx))
return 1;
}
return 0;
}
static int hostapd_wpa_auth_for_each_auth(
void *ctx, int (*cb)(struct wpa_authenticator *sm, void *ctx),
void *cb_ctx)
{
struct wpa_auth_iface_iter_data data;
data.cb = cb;
data.cb_ctx = cb_ctx;
return hostapd_for_each_interface(wpa_auth_iface_iter, &data);
}
static int hostapd_wpa_auth_send_ether(void *ctx, const u8 *dst, u16 proto,
const u8 *data, size_t data_len)
{
struct hostapd_data *hapd = ctx;
if (hapd->driver && hapd->driver->send_ether)
return hapd->driver->send_ether(hapd->drv_priv, dst,
hapd->own_addr, proto,
data, data_len);
if (hapd->l2 == NULL)
return -1;
return l2_packet_send(hapd->l2, dst, proto, data, data_len);
}
#ifdef CONFIG_IEEE80211R
static int hostapd_wpa_auth_send_ft_action(void *ctx, const u8 *dst,
const u8 *data, size_t data_len)
{
struct hostapd_data *hapd = ctx;
int res;
struct ieee80211_mgmt *m;
size_t mlen;
struct sta_info *sta;
sta = ap_get_sta(hapd, dst);
if (sta == NULL || sta->wpa_sm == NULL)
return -1;
m = os_zalloc(sizeof(*m) + data_len);
if (m == NULL)
return -1;
mlen = ((u8 *) &m->u - (u8 *) m) + data_len;
m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
WLAN_FC_STYPE_ACTION);
os_memcpy(m->da, dst, ETH_ALEN);
os_memcpy(m->sa, hapd->own_addr, ETH_ALEN);
os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
os_memcpy(&m->u, data, data_len);
res = hostapd_send_mgmt_frame(hapd, (u8 *) m, mlen);
os_free(m);
return res;
}
static struct wpa_state_machine *
hostapd_wpa_auth_add_sta(void *ctx, const u8 *sta_addr)
{
struct hostapd_data *hapd = ctx;
struct sta_info *sta;
sta = ap_sta_add(hapd, sta_addr);
if (sta == NULL)
return NULL;
if (sta->wpa_sm)
return sta->wpa_sm;
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr);
if (sta->wpa_sm == NULL) {
ap_free_sta(hapd, sta);
return NULL;
}
sta->auth_alg = WLAN_AUTH_FT;
return sta->wpa_sm;
}
static void hostapd_rrb_receive(void *ctx, const u8 *src_addr, const u8 *buf,
size_t len)
{
struct hostapd_data *hapd = ctx;
wpa_ft_rrb_rx(hapd->wpa_auth, src_addr, buf, len);
}
#endif /* CONFIG_IEEE80211R */
/**
* hostapd_validate_bssid_configuration - Validate BSSID configuration
* @iface: Pointer to interface data
* Returns: 0 on success, -1 on failure
*
* This function is used to validate that the configured BSSIDs are valid.
*/
static int hostapd_validate_bssid_configuration(struct hostapd_iface *iface)
{
u8 mask[ETH_ALEN] = { 0 };
struct hostapd_data *hapd = iface->bss[0];
unsigned int i = iface->conf->num_bss, bits = 0, j;
int res;
int auto_addr = 0;
if (hostapd_drv_none(hapd))
return 0;
/* Generate BSSID mask that is large enough to cover the BSSIDs. */
/* Determine the bits necessary to cover the number of BSSIDs. */
for (i--; i; i >>= 1)
bits++;
/* Determine the bits necessary to any configured BSSIDs,
if they are higher than the number of BSSIDs. */
for (j = 0; j < iface->conf->num_bss; j++) {
if (hostapd_mac_comp_empty(iface->conf->bss[j].bssid) == 0) {
if (j)
auto_addr++;
continue;
}
for (i = 0; i < ETH_ALEN; i++) {
mask[i] |=
iface->conf->bss[j].bssid[i] ^
hapd->own_addr[i];
}
}
if (!auto_addr)
goto skip_mask_ext;
for (i = 0; i < ETH_ALEN && mask[i] == 0; i++)
;
j = 0;
if (i < ETH_ALEN) {
j = (5 - i) * 8;
while (mask[i] != 0) {
mask[i] >>= 1;
j++;
}
}
if (bits < j)
bits = j;
if (bits > 40) {
wpa_printf(MSG_ERROR, "Too many bits in the BSSID mask (%u)",
bits);
return -1;
}
os_memset(mask, 0xff, ETH_ALEN);
j = bits / 8;
for (i = 5; i > 5 - j; i--)
mask[i] = 0;
j = bits % 8;
while (j--)
mask[i] <<= 1;
skip_mask_ext:
wpa_printf(MSG_DEBUG, "BSS count %lu, BSSID mask " MACSTR " (%d bits)",
(unsigned long) iface->conf->num_bss, MAC2STR(mask), bits);
res = hostapd_valid_bss_mask(hapd, hapd->own_addr, mask);
if (res == 0)
return 0;
if (res < 0) {
wpa_printf(MSG_ERROR, "Driver did not accept BSSID mask "
MACSTR " for start address " MACSTR ".",
MAC2STR(mask), MAC2STR(hapd->own_addr));
return -1;
}
if (!auto_addr)
return 0;
for (i = 0; i < ETH_ALEN; i++) {
if ((hapd->own_addr[i] & mask[i]) != hapd->own_addr[i]) {
wpa_printf(MSG_ERROR, "Invalid BSSID mask " MACSTR
" for start address " MACSTR ".",
MAC2STR(mask), MAC2STR(hapd->own_addr));
wpa_printf(MSG_ERROR, "Start address must be the "
"first address in the block (i.e., addr "
"AND mask == addr).");
return -1;
}
}
return 0;
}
static int mac_in_conf(struct hostapd_config *conf, const void *a)
{
size_t i;
for (i = 0; i < conf->num_bss; i++) {
if (hostapd_mac_comp(conf->bss[i].bssid, a) == 0) {
return 1;
}
}
return 0;
}
static int hostapd_setup_wpa(struct hostapd_data *hapd)
{
struct wpa_auth_config _conf;
struct wpa_auth_callbacks cb;
const u8 *wpa_ie;
size_t wpa_ie_len;
hostapd_wpa_auth_conf(hapd->conf, &_conf);
os_memset(&cb, 0, sizeof(cb));
cb.ctx = hapd;
cb.logger = hostapd_wpa_auth_logger;
cb.disconnect = hostapd_wpa_auth_disconnect;
cb.mic_failure_report = hostapd_wpa_auth_mic_failure_report;
cb.set_eapol = hostapd_wpa_auth_set_eapol;
cb.get_eapol = hostapd_wpa_auth_get_eapol;
cb.get_psk = hostapd_wpa_auth_get_psk;
cb.get_msk = hostapd_wpa_auth_get_msk;
cb.set_key = hostapd_wpa_auth_set_key;
cb.get_seqnum = hostapd_wpa_auth_get_seqnum;
cb.get_seqnum_igtk = hostapd_wpa_auth_get_seqnum_igtk;
cb.send_eapol = hostapd_wpa_auth_send_eapol;
cb.for_each_sta = hostapd_wpa_auth_for_each_sta;
cb.for_each_auth = hostapd_wpa_auth_for_each_auth;
cb.send_ether = hostapd_wpa_auth_send_ether;
#ifdef CONFIG_IEEE80211R
cb.send_ft_action = hostapd_wpa_auth_send_ft_action;
cb.add_sta = hostapd_wpa_auth_add_sta;
#endif /* CONFIG_IEEE80211R */
hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb);
if (hapd->wpa_auth == NULL) {
wpa_printf(MSG_ERROR, "WPA initialization failed.");
return -1;
}
if (hostapd_set_privacy(hapd, 1)) {
wpa_printf(MSG_ERROR, "Could not set PrivacyInvoked "
"for interface %s", hapd->conf->iface);
return -1;
}
wpa_ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &wpa_ie_len);
if (hostapd_set_generic_elem(hapd, wpa_ie, wpa_ie_len)) {
wpa_printf(MSG_ERROR, "Failed to configure WPA IE for "
"the kernel driver.");
return -1;
}
if (rsn_preauth_iface_init(hapd)) {
wpa_printf(MSG_ERROR, "Initialization of RSN "
"pre-authentication failed.");
return -1;
}
return 0;
}
#ifdef RADIUS_SERVER
static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
size_t identity_len, int phase2,
struct eap_user *user)
{
const struct hostapd_eap_user *eap_user;
int i, count;
eap_user = hostapd_get_eap_user(ctx, identity, identity_len, phase2);
if (eap_user == NULL)
return -1;
if (user == NULL)
return 0;
os_memset(user, 0, sizeof(*user));
count = EAP_USER_MAX_METHODS;
if (count > EAP_MAX_METHODS)
count = EAP_MAX_METHODS;
for (i = 0; i < count; i++) {
user->methods[i].vendor = eap_user->methods[i].vendor;
user->methods[i].method = eap_user->methods[i].method;
}
if (eap_user->password) {
user->password = os_malloc(eap_user->password_len);
if (user->password == NULL)
return -1;
os_memcpy(user->password, eap_user->password,
eap_user->password_len);
user->password_len = eap_user->password_len;
user->password_hash = eap_user->password_hash;
}
user->force_version = eap_user->force_version;
user->ttls_auth = eap_user->ttls_auth;
return 0;
}
static int hostapd_setup_radius_srv(struct hostapd_data *hapd,
struct hostapd_bss_config *conf)
{
struct radius_server_conf srv;
os_memset(&srv, 0, sizeof(srv));
srv.client_file = conf->radius_server_clients;
srv.auth_port = conf->radius_server_auth_port;
srv.conf_ctx = conf;
srv.eap_sim_db_priv = hapd->eap_sim_db_priv;
srv.ssl_ctx = hapd->ssl_ctx;
srv.pac_opaque_encr_key = conf->pac_opaque_encr_key;
srv.eap_fast_a_id = conf->eap_fast_a_id;
srv.eap_fast_a_id_len = conf->eap_fast_a_id_len;
srv.eap_fast_a_id_info = conf->eap_fast_a_id_info;
srv.eap_fast_prov = conf->eap_fast_prov;
srv.pac_key_lifetime = conf->pac_key_lifetime;
srv.pac_key_refresh_time = conf->pac_key_refresh_time;
srv.eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
srv.tnc = conf->tnc;
srv.wps = hapd->wps;
srv.ipv6 = conf->radius_server_ipv6;
srv.get_eap_user = hostapd_radius_get_eap_user;
srv.eap_req_id_text = conf->eap_req_id_text;
srv.eap_req_id_text_len = conf->eap_req_id_text_len;
hapd->radius_srv = radius_server_init(&srv);
if (hapd->radius_srv == NULL) {
wpa_printf(MSG_ERROR, "RADIUS server initialization failed.");
return -1;
}
return 0;
}
#endif /* RADIUS_SERVER */
/**
* hostapd_setup_bss - Per-BSS setup (initialization)
* @hapd: Pointer to BSS data
* @first: Whether this BSS is the first BSS of an interface
*
* This function is used to initialize all per-BSS data structures and
* resources. This gets called in a loop for each BSS when an interface is
* initialized. Most of the modules that are initialized here will be
* deinitialized in hostapd_cleanup().
*/
static int hostapd_setup_bss(struct hostapd_data *hapd, int first)
{
struct hostapd_bss_config *conf = hapd->conf;
u8 ssid[HOSTAPD_MAX_SSID_LEN + 1];
int ssid_len, set_ssid;
if (!first) {
if (hostapd_mac_comp_empty(hapd->conf->bssid) == 0) {
/* Allocate the next available BSSID. */
do {
inc_byte_array(hapd->own_addr, ETH_ALEN);
} while (mac_in_conf(hapd->iconf, hapd->own_addr));
} else {
/* Allocate the configured BSSID. */
os_memcpy(hapd->own_addr, hapd->conf->bssid, ETH_ALEN);
if (hostapd_mac_comp(hapd->own_addr,
hapd->iface->bss[0]->own_addr) ==
0) {
wpa_printf(MSG_ERROR, "BSS '%s' may not have "
"BSSID set to the MAC address of "
"the radio", hapd->conf->iface);
return -1;
}
}
hapd->interface_added = 1;
if (hostapd_if_add(hapd->iface->bss[0], WPA_IF_AP_BSS,
hapd->conf->iface, hapd->own_addr)) {
wpa_printf(MSG_ERROR, "Failed to add BSS (BSSID="
MACSTR ")", MAC2STR(hapd->own_addr));
return -1;
}
}
hostapd_flush_old_stations(hapd);
hostapd_set_privacy(hapd, 0);
hostapd_broadcast_wep_clear(hapd);
if (hostapd_setup_encryption(hapd->conf->iface, hapd))
return -1;
/*
* Fetch the SSID from the system and use it or,
* if one was specified in the config file, verify they
* match.
*/
ssid_len = hostapd_get_ssid(hapd, ssid, sizeof(ssid));
if (ssid_len < 0) {
wpa_printf(MSG_ERROR, "Could not read SSID from system");
return -1;
}
if (conf->ssid.ssid_set) {
/*
* If SSID is specified in the config file and it differs
* from what is being used then force installation of the
* new SSID.
*/
set_ssid = (conf->ssid.ssid_len != (size_t) ssid_len ||
os_memcmp(conf->ssid.ssid, ssid, ssid_len) != 0);
} else {
/*
* No SSID in the config file; just use the one we got
* from the system.
*/
set_ssid = 0;
conf->ssid.ssid_len = ssid_len;
os_memcpy(conf->ssid.ssid, ssid, conf->ssid.ssid_len);
conf->ssid.ssid[conf->ssid.ssid_len] = '\0';
}
if (!hostapd_drv_none(hapd)) {
wpa_printf(MSG_ERROR, "Using interface %s with hwaddr " MACSTR
" and ssid '%s'",
hapd->conf->iface, MAC2STR(hapd->own_addr),
hapd->conf->ssid.ssid);
}
if (hostapd_setup_wpa_psk(conf)) {
wpa_printf(MSG_ERROR, "WPA-PSK setup failed.");
return -1;
}
/* Set SSID for the kernel driver (to be used in beacon and probe
* response frames) */
if (set_ssid && hostapd_set_ssid(hapd, (u8 *) conf->ssid.ssid,
conf->ssid.ssid_len)) {
wpa_printf(MSG_ERROR, "Could not set SSID for kernel driver");
return -1;
}
if (wpa_debug_level == MSG_MSGDUMP)
conf->radius->msg_dumps = 1;
#ifndef CONFIG_NO_RADIUS
hapd->radius = radius_client_init(hapd, conf->radius);
if (hapd->radius == NULL) {
wpa_printf(MSG_ERROR, "RADIUS client initialization failed.");
return -1;
}
#endif /* CONFIG_NO_RADIUS */
if (hostapd_acl_init(hapd)) {
wpa_printf(MSG_ERROR, "ACL initialization failed.");
return -1;
}
if (hostapd_init_wps(hapd, conf))
return -1;
if (ieee802_1x_init(hapd)) {
wpa_printf(MSG_ERROR, "IEEE 802.1X initialization failed.");
return -1;
}
if (hapd->conf->wpa && hostapd_setup_wpa(hapd))
return -1;
if (accounting_init(hapd)) {
wpa_printf(MSG_ERROR, "Accounting initialization failed.");
return -1;
}
if (hapd->conf->ieee802_11f &&
(hapd->iapp = iapp_init(hapd, hapd->conf->iapp_iface)) == NULL) {
wpa_printf(MSG_ERROR, "IEEE 802.11F (IAPP) initialization "
"failed.");
return -1;
}
if (hostapd_ctrl_iface_init(hapd)) {
wpa_printf(MSG_ERROR, "Failed to setup control interface");
return -1;
}
if (!hostapd_drv_none(hapd) && vlan_init(hapd)) {
wpa_printf(MSG_ERROR, "VLAN initialization failed.");
return -1;
}
#ifdef CONFIG_IEEE80211R
if (!hostapd_drv_none(hapd)) {
hapd->l2 = l2_packet_init(hapd->conf->iface, NULL, ETH_P_RRB,
hostapd_rrb_receive, hapd, 0);
if (hapd->l2 == NULL &&
(hapd->driver == NULL ||
hapd->driver->send_ether == NULL)) {
wpa_printf(MSG_ERROR, "Failed to open l2_packet "
"interface");
return -1;
}
}
#endif /* CONFIG_IEEE80211R */
ieee802_11_set_beacon(hapd);
#ifdef RADIUS_SERVER
if (conf->radius_server_clients &&
hostapd_setup_radius_srv(hapd, conf))
return -1;
#endif /* RADIUS_SERVER */
return 0;
}
static void hostapd_tx_queue_params(struct hostapd_iface *iface)
{
struct hostapd_data *hapd = iface->bss[0];
int i;
struct hostapd_tx_queue_params *p;
for (i = 0; i < NUM_TX_QUEUES; i++) {
p = &iface->conf->tx_queue[i];
if (!p->configured)
continue;
if (hostapd_set_tx_queue_params(hapd, i, p->aifs, p->cwmin,
p->cwmax, p->burst)) {
wpa_printf(MSG_DEBUG, "Failed to set TX queue "
"parameters for queue %d.", i);
/* Continue anyway */
}
}
}
static int setup_interface(struct hostapd_iface *iface)
{
struct hostapd_data *hapd = iface->bss[0];
struct hostapd_bss_config *conf = hapd->conf;
size_t i;
char country[4];
u8 *b = conf->bssid;
/*
* Initialize the driver interface and make sure that all BSSes get
* configured with a pointer to this driver interface.
*/
if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5]))
b = NULL;
hapd->drv_priv = hostapd_driver_init(hapd, b);
if (hapd->drv_priv == NULL) {
wpa_printf(MSG_ERROR, "%s driver initialization failed.",
hapd->driver ? hapd->driver->name : "Unknown");
hapd->driver = NULL;
return -1;
}
for (i = 0; i < iface->num_bss; i++) {
iface->bss[i]->driver = hapd->driver;
iface->bss[i]->drv_priv = hapd->drv_priv;
}
if (hostapd_validate_bssid_configuration(iface))
return -1;
if (hapd->iconf->country[0] && hapd->iconf->country[1]) {
os_memcpy(country, hapd->iconf->country, 3);
country[3] = '\0';
if (hostapd_set_country(hapd, country) < 0) {
wpa_printf(MSG_ERROR, "Failed to set country code");
return -1;
}
}
if (hostapd_get_hw_features(iface)) {
/* Not all drivers support this yet, so continue without hw
* feature data. */
} else {
int ret = hostapd_select_hw_mode(iface);
if (ret < 0) {
wpa_printf(MSG_ERROR, "Could not select hw_mode and "
"channel. (%d)", ret);
return -1;
}
ret = hostapd_check_ht_capab(iface);
if (ret < 0)
return -1;
if (ret == 1) {
wpa_printf(MSG_DEBUG, "Interface initialization will "
"be completed in a callback");
return 0;
}
}
return hostapd_setup_interface_complete(iface, 0);
}
int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err)
{
struct hostapd_data *hapd = iface->bss[0];
int freq;
size_t j;
u8 *prev_addr;
if (err) {
wpa_printf(MSG_ERROR, "Interface initialization failed");
eloop_terminate();
return -1;
}
wpa_printf(MSG_DEBUG, "Completing interface initialization");
if (hapd->iconf->channel) {
freq = hostapd_hw_get_freq(hapd, hapd->iconf->channel);
wpa_printf(MSG_DEBUG, "Mode: %s Channel: %d "
"Frequency: %d MHz",
hostapd_hw_mode_txt(hapd->iconf->hw_mode),
hapd->iconf->channel, freq);
if (hostapd_set_freq(hapd, hapd->iconf->hw_mode, freq,
hapd->iconf->channel,
hapd->iconf->ieee80211n,
hapd->iconf->secondary_channel)) {
wpa_printf(MSG_ERROR, "Could not set channel for "
"kernel driver");
return -1;
}
}
if (hapd->iconf->rts_threshold > -1 &&
hostapd_set_rts(hapd, hapd->iconf->rts_threshold)) {
wpa_printf(MSG_ERROR, "Could not set RTS threshold for "
"kernel driver");
return -1;
}
if (hapd->iconf->fragm_threshold > -1 &&
hostapd_set_frag(hapd, hapd->iconf->fragm_threshold)) {
wpa_printf(MSG_ERROR, "Could not set fragmentation threshold "
"for kernel driver");
return -1;
}
prev_addr = hapd->own_addr;
for (j = 0; j < iface->num_bss; j++) {
hapd = iface->bss[j];
if (j)
os_memcpy(hapd->own_addr, prev_addr, ETH_ALEN);
if (hostapd_setup_bss(hapd, j == 0))
return -1;
if (hostapd_mac_comp_empty(hapd->conf->bssid) == 0)
prev_addr = hapd->own_addr;
}
hostapd_tx_queue_params(iface);
ap_list_init(iface);
if (hostapd_driver_commit(hapd) < 0) {
wpa_printf(MSG_ERROR, "%s: Failed to commit driver "
"configuration", __func__);
return -1;
}
wpa_printf(MSG_DEBUG, "%s: Setup of interface done.",
iface->bss[0]->conf->iface);
return 0;
}
/**
* hostapd_setup_interface - Setup of an interface
* @iface: Pointer to interface data.
* Returns: 0 on success, -1 on failure
*
* Initializes the driver interface, validates the configuration,
* and sets driver parameters based on the configuration.
* Flushes old stations, sets the channel, encryption,
* beacons, and WDS links based on the configuration.
*/
int hostapd_setup_interface(struct hostapd_iface *iface)
{
int ret;
ret = setup_interface(iface);
if (ret) {
wpa_printf(MSG_DEBUG, "%s: Unable to setup interface.",
iface->bss[0]->conf->iface);
eloop_terminate();
return -1;
}
return 0;
}
/**
* hostapd_alloc_bss_data - Allocate and initialize per-BSS data
* @hapd_iface: Pointer to interface data
* @conf: Pointer to per-interface configuration
* @bss: Pointer to per-BSS configuration for this BSS
* Returns: Pointer to allocated BSS data
*
* This function is used to allocate per-BSS data structure. This data will be
* freed after hostapd_cleanup() is called for it during interface
* deinitialization.
*/
struct hostapd_data *
hostapd_alloc_bss_data(struct hostapd_iface *hapd_iface,
struct hostapd_config *conf,
struct hostapd_bss_config *bss)
{
struct hostapd_data *hapd;
hapd = os_zalloc(sizeof(*hapd));
if (hapd == NULL)
return NULL;
hapd->iconf = conf;
hapd->conf = bss;
hapd->iface = hapd_iface;
#ifdef EAP_TLS_FUNCS
if (hapd->conf->eap_server &&
(hapd->conf->ca_cert || hapd->conf->server_cert ||
hapd->conf->dh_file)) {
struct tls_connection_params params;
hapd->ssl_ctx = tls_init(NULL);
if (hapd->ssl_ctx == NULL) {
wpa_printf(MSG_ERROR, "Failed to initialize TLS");
goto fail;
}
os_memset(&params, 0, sizeof(params));
params.ca_cert = hapd->conf->ca_cert;
params.client_cert = hapd->conf->server_cert;
params.private_key = hapd->conf->private_key;
params.private_key_passwd = hapd->conf->private_key_passwd;
params.dh_file = hapd->conf->dh_file;
if (tls_global_set_params(hapd->ssl_ctx, &params)) {
wpa_printf(MSG_ERROR, "Failed to set TLS parameters");
goto fail;
}
if (tls_global_set_verify(hapd->ssl_ctx,
hapd->conf->check_crl)) {
wpa_printf(MSG_ERROR, "Failed to enable check_crl");
goto fail;
}
}
#endif /* EAP_TLS_FUNCS */
#ifdef EAP_SIM_DB
if (hapd->conf->eap_sim_db) {
hapd->eap_sim_db_priv =
eap_sim_db_init(hapd->conf->eap_sim_db,
hostapd_sim_db_cb, hapd);
if (hapd->eap_sim_db_priv == NULL) {
wpa_printf(MSG_ERROR, "Failed to initialize EAP-SIM "
"database interface");
goto fail;
}
}
#endif /* EAP_SIM_DB */
hapd->driver = hapd->iconf->driver;
return hapd;
#if defined(EAP_TLS_FUNCS) || defined(EAP_SIM_DB)
fail:
#endif
/* TODO: cleanup allocated resources(?) */
os_free(hapd);
return NULL;
}
void hostapd_interface_deinit(struct hostapd_iface *iface)
{
size_t j;
if (iface == NULL)
return;
hostapd_cleanup_iface_pre(iface);
for (j = 0; j < iface->num_bss; j++) {
struct hostapd_data *hapd = iface->bss[j];
hostapd_free_stas(hapd);
hostapd_flush_old_stations(hapd);
hostapd_cleanup(hapd);
if (j == iface->num_bss - 1 && hapd->driver)
hostapd_driver_deinit(hapd);
}
for (j = 0; j < iface->num_bss; j++)
os_free(iface->bss[j]);
hostapd_cleanup_iface(iface);
}
int hostapd_register_probereq_cb(struct hostapd_data *hapd,
void (*cb)(void *ctx, const u8 *sa,
const u8 *ie, size_t ie_len),
void *ctx)
{
struct hostapd_probereq_cb *n;
n = os_realloc(hapd->probereq_cb, (hapd->num_probereq_cb + 1) *
sizeof(struct hostapd_probereq_cb));
if (n == NULL)
return -1;
hapd->probereq_cb = n;
n = &hapd->probereq_cb[hapd->num_probereq_cb];
hapd->num_probereq_cb++;
n->cb = cb;
n->ctx = ctx;
return 0;
}