• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * hostapd / Configuration helper functions
3  * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 
11 #include "utils/common.h"
12 #include "crypto/sha1.h"
13 #include "crypto/tls.h"
14 #include "radius/radius_client.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/eapol_common.h"
17 #include "common/dhcp.h"
18 #include "eap_common/eap_wsc_common.h"
19 #include "eap_server/eap.h"
20 #include "wpa_auth.h"
21 #include "sta_info.h"
22 #include "ap_config.h"
23 
24 
hostapd_config_free_vlan(struct hostapd_bss_config * bss)25 static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)
26 {
27 	struct hostapd_vlan *vlan, *prev;
28 
29 	vlan = bss->vlan;
30 	prev = NULL;
31 	while (vlan) {
32 		prev = vlan;
33 		vlan = vlan->next;
34 		os_free(prev);
35 	}
36 
37 	bss->vlan = NULL;
38 }
39 
40 
41 #ifndef DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES
42 #define DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES 0
43 #endif /* DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES */
44 
hostapd_config_defaults_bss(struct hostapd_bss_config * bss)45 void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
46 {
47 	dl_list_init(&bss->anqp_elem);
48 
49 	bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;
50 	bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;
51 	bss->logger_syslog = (unsigned int) -1;
52 	bss->logger_stdout = (unsigned int) -1;
53 
54 	bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;
55 
56 	bss->wep_rekeying_period = 300;
57 	/* use key0 in individual key and key1 in broadcast key */
58 	bss->broadcast_key_idx_min = 1;
59 	bss->broadcast_key_idx_max = 2;
60 	bss->eap_reauth_period = 3600;
61 
62 	bss->wpa_group_rekey = 600;
63 	bss->wpa_gmk_rekey = 86400;
64 	bss->wpa_group_update_count = 4;
65 	bss->wpa_pairwise_update_count = 4;
66 	bss->wpa_disable_eapol_key_retries =
67 		DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
68 	bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
69 	bss->wpa_pairwise = WPA_CIPHER_TKIP;
70 	bss->wpa_group = WPA_CIPHER_TKIP;
71 	bss->rsn_pairwise = 0;
72 
73 	bss->max_num_sta = MAX_STA_COUNT;
74 
75 	bss->dtim_period = 2;
76 
77 	bss->radius_server_auth_port = 1812;
78 	bss->eap_sim_db_timeout = 1;
79 	bss->ap_max_inactivity = AP_MAX_INACTIVITY;
80 	bss->eapol_version = EAPOL_VERSION;
81 
82 	bss->max_listen_interval = 65535;
83 
84 	bss->pwd_group = 19; /* ECC: GF(p=256) */
85 
86 #ifdef CONFIG_IEEE80211W
87 	bss->assoc_sa_query_max_timeout = 1000;
88 	bss->assoc_sa_query_retry_timeout = 201;
89 	bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
90 #endif /* CONFIG_IEEE80211W */
91 #ifdef EAP_SERVER_FAST
92 	 /* both anonymous and authenticated provisioning */
93 	bss->eap_fast_prov = 3;
94 	bss->pac_key_lifetime = 7 * 24 * 60 * 60;
95 	bss->pac_key_refresh_time = 1 * 24 * 60 * 60;
96 #endif /* EAP_SERVER_FAST */
97 
98 	/* Set to -1 as defaults depends on HT in setup */
99 	bss->wmm_enabled = -1;
100 
101 #ifdef CONFIG_IEEE80211R_AP
102 	bss->ft_over_ds = 1;
103 	bss->rkh_pos_timeout = 86400;
104 	bss->rkh_neg_timeout = 60;
105 	bss->rkh_pull_timeout = 1000;
106 	bss->rkh_pull_retries = 4;
107 	bss->r0_key_lifetime = 1209600;
108 #endif /* CONFIG_IEEE80211R_AP */
109 
110 	bss->radius_das_time_window = 300;
111 
112 	bss->sae_anti_clogging_threshold = 5;
113 	bss->sae_sync = 5;
114 
115 	bss->gas_frag_limit = 1400;
116 
117 #ifdef CONFIG_FILS
118 	dl_list_init(&bss->fils_realms);
119 	bss->fils_hlp_wait_time = 30;
120 	bss->dhcp_server_port = DHCP_SERVER_PORT;
121 	bss->dhcp_relay_port = DHCP_SERVER_PORT;
122 #endif /* CONFIG_FILS */
123 
124 	bss->broadcast_deauth = 1;
125 
126 #ifdef CONFIG_MBO
127 	bss->mbo_cell_data_conn_pref = -1;
128 #endif /* CONFIG_MBO */
129 
130 	/* Disable TLS v1.3 by default for now to avoid interoperability issue.
131 	 * This can be enabled by default once the implementation has been fully
132 	 * completed and tested with other implementations. */
133 	bss->tls_flags = TLS_CONN_DISABLE_TLSv1_3;
134 
135 	bss->send_probe_response = 1;
136 
137 #ifdef CONFIG_HS20
138 	bss->hs20_release = (HS20_VERSION >> 4) + 1;
139 #endif /* CONFIG_HS20 */
140 
141 	/* Default to strict CRL checking. */
142 	bss->check_crl_strict = 1;
143 }
144 
145 
hostapd_config_defaults(void)146 struct hostapd_config * hostapd_config_defaults(void)
147 {
148 #define ecw2cw(ecw) ((1 << (ecw)) - 1)
149 
150 	struct hostapd_config *conf;
151 	struct hostapd_bss_config *bss;
152 	const int aCWmin = 4, aCWmax = 10;
153 	const struct hostapd_wmm_ac_params ac_bk =
154 		{ aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
155 	const struct hostapd_wmm_ac_params ac_be =
156 		{ aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
157 	const struct hostapd_wmm_ac_params ac_vi = /* video traffic */
158 		{ aCWmin - 1, aCWmin, 2, 3008 / 32, 0 };
159 	const struct hostapd_wmm_ac_params ac_vo = /* voice traffic */
160 		{ aCWmin - 2, aCWmin - 1, 2, 1504 / 32, 0 };
161 	const struct hostapd_tx_queue_params txq_bk =
162 		{ 7, ecw2cw(aCWmin), ecw2cw(aCWmax), 0 };
163 	const struct hostapd_tx_queue_params txq_be =
164 		{ 3, ecw2cw(aCWmin), 4 * (ecw2cw(aCWmin) + 1) - 1, 0};
165 	const struct hostapd_tx_queue_params txq_vi =
166 		{ 1, (ecw2cw(aCWmin) + 1) / 2 - 1, ecw2cw(aCWmin), 30};
167 	const struct hostapd_tx_queue_params txq_vo =
168 		{ 1, (ecw2cw(aCWmin) + 1) / 4 - 1,
169 		  (ecw2cw(aCWmin) + 1) / 2 - 1, 15};
170 
171 #undef ecw2cw
172 
173 	conf = os_zalloc(sizeof(*conf));
174 	bss = os_zalloc(sizeof(*bss));
175 	if (conf == NULL || bss == NULL) {
176 		wpa_printf(MSG_ERROR, "Failed to allocate memory for "
177 			   "configuration data.");
178 		os_free(conf);
179 		os_free(bss);
180 		return NULL;
181 	}
182 	conf->bss = os_calloc(1, sizeof(struct hostapd_bss_config *));
183 	if (conf->bss == NULL) {
184 		os_free(conf);
185 		os_free(bss);
186 		return NULL;
187 	}
188 	conf->bss[0] = bss;
189 
190 	bss->radius = os_zalloc(sizeof(*bss->radius));
191 	if (bss->radius == NULL) {
192 		os_free(conf->bss);
193 		os_free(conf);
194 		os_free(bss);
195 		return NULL;
196 	}
197 
198 	hostapd_config_defaults_bss(bss);
199 
200 	conf->num_bss = 1;
201 
202 	conf->beacon_int = 100;
203 	conf->rts_threshold = -2; /* use driver default: 2347 */
204 	conf->fragm_threshold = -2; /* user driver default: 2346 */
205 	/* Set to invalid value means do not add Power Constraint IE */
206 	conf->local_pwr_constraint = -1;
207 
208 	conf->wmm_ac_params[0] = ac_be;
209 	conf->wmm_ac_params[1] = ac_bk;
210 	conf->wmm_ac_params[2] = ac_vi;
211 	conf->wmm_ac_params[3] = ac_vo;
212 
213 	conf->tx_queue[0] = txq_vo;
214 	conf->tx_queue[1] = txq_vi;
215 	conf->tx_queue[2] = txq_be;
216 	conf->tx_queue[3] = txq_bk;
217 
218 	conf->ht_capab = HT_CAP_INFO_SMPS_DISABLED;
219 
220 	conf->ap_table_max_size = 255;
221 	conf->ap_table_expiration_time = 60;
222 	conf->track_sta_max_age = 180;
223 
224 #ifdef CONFIG_TESTING_OPTIONS
225 	conf->ignore_probe_probability = 0.0;
226 	conf->ignore_auth_probability = 0.0;
227 	conf->ignore_assoc_probability = 0.0;
228 	conf->ignore_reassoc_probability = 0.0;
229 	conf->corrupt_gtk_rekey_mic_probability = 0.0;
230 	conf->ecsa_ie_only = 0;
231 #endif /* CONFIG_TESTING_OPTIONS */
232 
233 	conf->acs = 0;
234 	conf->acs_ch_list.num = 0;
235 #ifdef CONFIG_ACS
236 	conf->acs_num_scans = 5;
237 #endif /* CONFIG_ACS */
238 
239 	/* The third octet of the country string uses an ASCII space character
240 	 * by default to indicate that the regulations encompass all
241 	 * environments for the current frequency band in the country. */
242 	conf->country[2] = ' ';
243 
244 	conf->rssi_reject_assoc_rssi = 0;
245 	conf->rssi_reject_assoc_timeout = 30;
246 
247 	return conf;
248 }
249 
250 
hostapd_mac_comp(const void * a,const void * b)251 int hostapd_mac_comp(const void *a, const void *b)
252 {
253 	return os_memcmp(a, b, sizeof(macaddr));
254 }
255 
256 
hostapd_config_read_wpa_psk(const char * fname,struct hostapd_ssid * ssid)257 static int hostapd_config_read_wpa_psk(const char *fname,
258 				       struct hostapd_ssid *ssid)
259 {
260 	FILE *f;
261 	char buf[128], *pos;
262 	const char *keyid;
263 	char *context;
264 	char *context2;
265 	char *token;
266 	char *name;
267 	char *value;
268 	int line = 0, ret = 0, len, ok;
269 	u8 addr[ETH_ALEN];
270 	struct hostapd_wpa_psk *psk;
271 
272 	if (!fname)
273 		return 0;
274 
275 	f = fopen(fname, "r");
276 	if (!f) {
277 		wpa_printf(MSG_ERROR, "WPA PSK file '%s' not found.", fname);
278 		return -1;
279 	}
280 
281 	while (fgets(buf, sizeof(buf), f)) {
282 		int vlan_id = 0;
283 
284 		line++;
285 
286 		if (buf[0] == '#')
287 			continue;
288 		pos = buf;
289 		while (*pos != '\0') {
290 			if (*pos == '\n') {
291 				*pos = '\0';
292 				break;
293 			}
294 			pos++;
295 		}
296 		if (buf[0] == '\0')
297 			continue;
298 
299 		context = NULL;
300 		keyid = NULL;
301 		while ((token = str_token(buf, " ", &context))) {
302 			if (!os_strchr(token, '='))
303 				break;
304 			context2 = NULL;
305 			name = str_token(token, "=", &context2);
306 			if (!name)
307 				break;
308 			value = str_token(token, "", &context2);
309 			if (!value)
310 				value = "";
311 			if (!os_strcmp(name, "keyid")) {
312 				keyid = value;
313 			} else if (!os_strcmp(name, "vlanid")) {
314 				vlan_id = atoi(value);
315 			} else {
316 				wpa_printf(MSG_ERROR,
317 					   "Unrecognized '%s=%s' on line %d in '%s'",
318 					   name, value, line, fname);
319 				ret = -1;
320 				break;
321 			}
322 		}
323 
324 		if (ret == -1)
325 			break;
326 
327 		if (!token)
328 			token = "";
329 		if (hwaddr_aton(token, addr)) {
330 			wpa_printf(MSG_ERROR, "Invalid MAC address '%s' on "
331 				   "line %d in '%s'", token, line, fname);
332 			ret = -1;
333 			break;
334 		}
335 
336 		psk = os_zalloc(sizeof(*psk));
337 		if (psk == NULL) {
338 			wpa_printf(MSG_ERROR, "WPA PSK allocation failed");
339 			ret = -1;
340 			break;
341 		}
342 		psk->vlan_id = vlan_id;
343 		if (is_zero_ether_addr(addr))
344 			psk->group = 1;
345 		else
346 			os_memcpy(psk->addr, addr, ETH_ALEN);
347 
348 		pos = str_token(buf, "", &context);
349 		if (!pos) {
350 			wpa_printf(MSG_ERROR, "No PSK on line %d in '%s'",
351 				   line, fname);
352 			os_free(psk);
353 			ret = -1;
354 			break;
355 		}
356 
357 		ok = 0;
358 		len = os_strlen(pos);
359 		if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
360 			ok = 1;
361 		else if (len >= 8 && len < 64) {
362 			pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
363 				    4096, psk->psk, PMK_LEN);
364 			ok = 1;
365 		}
366 		if (!ok) {
367 			wpa_printf(MSG_ERROR, "Invalid PSK '%s' on line %d in "
368 				   "'%s'", pos, line, fname);
369 			os_free(psk);
370 			ret = -1;
371 			break;
372 		}
373 
374 		if (keyid) {
375 			len = os_strlcpy(psk->keyid, keyid, sizeof(psk->keyid));
376 			if ((size_t) len >= sizeof(psk->keyid)) {
377 				wpa_printf(MSG_ERROR,
378 					   "PSK keyid too long on line %d in '%s'",
379 					   line, fname);
380 				os_free(psk);
381 				ret = -1;
382 				break;
383 			}
384 		}
385 
386 		psk->next = ssid->wpa_psk;
387 		ssid->wpa_psk = psk;
388 	}
389 
390 	fclose(f);
391 
392 	return ret;
393 }
394 
395 
hostapd_derive_psk(struct hostapd_ssid * ssid)396 static int hostapd_derive_psk(struct hostapd_ssid *ssid)
397 {
398 	ssid->wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
399 	if (ssid->wpa_psk == NULL) {
400 		wpa_printf(MSG_ERROR, "Unable to alloc space for PSK");
401 		return -1;
402 	}
403 	wpa_hexdump_ascii(MSG_DEBUG, "SSID",
404 			  (u8 *) ssid->ssid, ssid->ssid_len);
405 	wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)",
406 			      (u8 *) ssid->wpa_passphrase,
407 			      os_strlen(ssid->wpa_passphrase));
408 	pbkdf2_sha1(ssid->wpa_passphrase,
409 		    ssid->ssid, ssid->ssid_len,
410 		    4096, ssid->wpa_psk->psk, PMK_LEN);
411 	wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)",
412 			ssid->wpa_psk->psk, PMK_LEN);
413 	return 0;
414 }
415 
416 
hostapd_setup_wpa_psk(struct hostapd_bss_config * conf)417 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
418 {
419 	struct hostapd_ssid *ssid = &conf->ssid;
420 
421 	if (ssid->wpa_passphrase != NULL) {
422 		if (ssid->wpa_psk != NULL) {
423 			wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK "
424 				   "instead of passphrase");
425 		} else {
426 			wpa_printf(MSG_DEBUG, "Deriving WPA PSK based on "
427 				   "passphrase");
428 			if (hostapd_derive_psk(ssid) < 0)
429 				return -1;
430 		}
431 		ssid->wpa_psk->group = 1;
432 	}
433 
434 	return hostapd_config_read_wpa_psk(ssid->wpa_psk_file, &conf->ssid);
435 }
436 
437 
hostapd_config_free_radius(struct hostapd_radius_server * servers,int num_servers)438 static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
439 				       int num_servers)
440 {
441 	int i;
442 
443 	for (i = 0; i < num_servers; i++) {
444 		os_free(servers[i].shared_secret);
445 	}
446 	os_free(servers);
447 }
448 
449 
450 struct hostapd_radius_attr *
hostapd_config_get_radius_attr(struct hostapd_radius_attr * attr,u8 type)451 hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type)
452 {
453 	for (; attr; attr = attr->next) {
454 		if (attr->type == type)
455 			return attr;
456 	}
457 	return NULL;
458 }
459 
460 
hostapd_config_free_radius_attr(struct hostapd_radius_attr * attr)461 static void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr)
462 {
463 	struct hostapd_radius_attr *prev;
464 
465 	while (attr) {
466 		prev = attr;
467 		attr = attr->next;
468 		wpabuf_free(prev->val);
469 		os_free(prev);
470 	}
471 }
472 
473 
hostapd_config_free_eap_user(struct hostapd_eap_user * user)474 void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
475 {
476 	hostapd_config_free_radius_attr(user->accept_attr);
477 	os_free(user->identity);
478 	bin_clear_free(user->password, user->password_len);
479 	bin_clear_free(user->salt, user->salt_len);
480 	os_free(user);
481 }
482 
483 
hostapd_config_free_eap_users(struct hostapd_eap_user * user)484 void hostapd_config_free_eap_users(struct hostapd_eap_user *user)
485 {
486 	struct hostapd_eap_user *prev_user;
487 
488 	while (user) {
489 		prev_user = user;
490 		user = user->next;
491 		hostapd_config_free_eap_user(prev_user);
492 	}
493 }
494 
495 
hostapd_config_free_wep(struct hostapd_wep_keys * keys)496 static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
497 {
498 	int i;
499 	for (i = 0; i < NUM_WEP_KEYS; i++) {
500 		bin_clear_free(keys->key[i], keys->len[i]);
501 		keys->key[i] = NULL;
502 	}
503 }
504 
505 
hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk ** l)506 void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **l)
507 {
508 	struct hostapd_wpa_psk *psk, *tmp;
509 
510 	for (psk = *l; psk;) {
511 		tmp = psk;
512 		psk = psk->next;
513 		bin_clear_free(tmp, sizeof(*tmp));
514 	}
515 	*l = NULL;
516 }
517 
518 
hostapd_config_free_anqp_elem(struct hostapd_bss_config * conf)519 static void hostapd_config_free_anqp_elem(struct hostapd_bss_config *conf)
520 {
521 	struct anqp_element *elem;
522 
523 	while ((elem = dl_list_first(&conf->anqp_elem, struct anqp_element,
524 				     list))) {
525 		dl_list_del(&elem->list);
526 		wpabuf_free(elem->payload);
527 		os_free(elem);
528 	}
529 }
530 
531 
hostapd_config_free_fils_realms(struct hostapd_bss_config * conf)532 static void hostapd_config_free_fils_realms(struct hostapd_bss_config *conf)
533 {
534 #ifdef CONFIG_FILS
535 	struct fils_realm *realm;
536 
537 	while ((realm = dl_list_first(&conf->fils_realms, struct fils_realm,
538 				      list))) {
539 		dl_list_del(&realm->list);
540 		os_free(realm);
541 	}
542 #endif /* CONFIG_FILS */
543 }
544 
545 
hostapd_config_free_sae_passwords(struct hostapd_bss_config * conf)546 static void hostapd_config_free_sae_passwords(struct hostapd_bss_config *conf)
547 {
548 	struct sae_password_entry *pw, *tmp;
549 
550 	pw = conf->sae_passwords;
551 	conf->sae_passwords = NULL;
552 	while (pw) {
553 		tmp = pw;
554 		pw = pw->next;
555 		str_clear_free(tmp->password);
556 		os_free(tmp->identifier);
557 		os_free(tmp);
558 	}
559 }
560 
561 
hostapd_config_free_bss(struct hostapd_bss_config * conf)562 void hostapd_config_free_bss(struct hostapd_bss_config *conf)
563 {
564 	if (conf == NULL)
565 		return;
566 
567 	hostapd_config_clear_wpa_psk(&conf->ssid.wpa_psk);
568 
569 	str_clear_free(conf->ssid.wpa_passphrase);
570 	os_free(conf->ssid.wpa_psk_file);
571 	hostapd_config_free_wep(&conf->ssid.wep);
572 #ifdef CONFIG_FULL_DYNAMIC_VLAN
573 	os_free(conf->ssid.vlan_tagged_interface);
574 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
575 
576 	hostapd_config_free_eap_users(conf->eap_user);
577 	os_free(conf->eap_user_sqlite);
578 
579 	os_free(conf->eap_req_id_text);
580 	os_free(conf->erp_domain);
581 	os_free(conf->accept_mac);
582 	os_free(conf->deny_mac);
583 	os_free(conf->nas_identifier);
584 	if (conf->radius) {
585 		hostapd_config_free_radius(conf->radius->auth_servers,
586 					   conf->radius->num_auth_servers);
587 		hostapd_config_free_radius(conf->radius->acct_servers,
588 					   conf->radius->num_acct_servers);
589 	}
590 	hostapd_config_free_radius_attr(conf->radius_auth_req_attr);
591 	hostapd_config_free_radius_attr(conf->radius_acct_req_attr);
592 	os_free(conf->rsn_preauth_interfaces);
593 	os_free(conf->ctrl_interface);
594 	os_free(conf->ca_cert);
595 	os_free(conf->server_cert);
596 	os_free(conf->private_key);
597 	os_free(conf->private_key_passwd);
598 	os_free(conf->check_cert_subject);
599 	os_free(conf->ocsp_stapling_response);
600 	os_free(conf->ocsp_stapling_response_multi);
601 	os_free(conf->dh_file);
602 	os_free(conf->openssl_ciphers);
603 	os_free(conf->openssl_ecdh_curves);
604 	os_free(conf->pac_opaque_encr_key);
605 	os_free(conf->eap_fast_a_id);
606 	os_free(conf->eap_fast_a_id_info);
607 	os_free(conf->eap_sim_db);
608 	os_free(conf->radius_server_clients);
609 	os_free(conf->radius);
610 	os_free(conf->radius_das_shared_secret);
611 	hostapd_config_free_vlan(conf);
612 	os_free(conf->time_zone);
613 
614 #ifdef CONFIG_IEEE80211R_AP
615 	{
616 		struct ft_remote_r0kh *r0kh, *r0kh_prev;
617 		struct ft_remote_r1kh *r1kh, *r1kh_prev;
618 
619 		r0kh = conf->r0kh_list;
620 		conf->r0kh_list = NULL;
621 		while (r0kh) {
622 			r0kh_prev = r0kh;
623 			r0kh = r0kh->next;
624 			os_free(r0kh_prev);
625 		}
626 
627 		r1kh = conf->r1kh_list;
628 		conf->r1kh_list = NULL;
629 		while (r1kh) {
630 			r1kh_prev = r1kh;
631 			r1kh = r1kh->next;
632 			os_free(r1kh_prev);
633 		}
634 	}
635 #endif /* CONFIG_IEEE80211R_AP */
636 
637 #ifdef CONFIG_WPS
638 	os_free(conf->wps_pin_requests);
639 	os_free(conf->device_name);
640 	os_free(conf->manufacturer);
641 	os_free(conf->model_name);
642 	os_free(conf->model_number);
643 	os_free(conf->serial_number);
644 	os_free(conf->config_methods);
645 	os_free(conf->ap_pin);
646 	os_free(conf->extra_cred);
647 	os_free(conf->ap_settings);
648 	hostapd_config_clear_wpa_psk(&conf->multi_ap_backhaul_ssid.wpa_psk);
649 	str_clear_free(conf->multi_ap_backhaul_ssid.wpa_passphrase);
650 	os_free(conf->upnp_iface);
651 	os_free(conf->friendly_name);
652 	os_free(conf->manufacturer_url);
653 	os_free(conf->model_description);
654 	os_free(conf->model_url);
655 	os_free(conf->upc);
656 	{
657 		unsigned int i;
658 
659 		for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++)
660 			wpabuf_free(conf->wps_vendor_ext[i]);
661 	}
662 	wpabuf_free(conf->wps_nfc_dh_pubkey);
663 	wpabuf_free(conf->wps_nfc_dh_privkey);
664 	wpabuf_free(conf->wps_nfc_dev_pw);
665 #endif /* CONFIG_WPS */
666 
667 	os_free(conf->roaming_consortium);
668 	os_free(conf->venue_name);
669 	os_free(conf->venue_url);
670 	os_free(conf->nai_realm_data);
671 	os_free(conf->network_auth_type);
672 	os_free(conf->anqp_3gpp_cell_net);
673 	os_free(conf->domain_name);
674 	hostapd_config_free_anqp_elem(conf);
675 
676 #ifdef CONFIG_RADIUS_TEST
677 	os_free(conf->dump_msk_file);
678 #endif /* CONFIG_RADIUS_TEST */
679 
680 #ifdef CONFIG_HS20
681 	os_free(conf->hs20_oper_friendly_name);
682 	os_free(conf->hs20_wan_metrics);
683 	os_free(conf->hs20_connection_capability);
684 	os_free(conf->hs20_operating_class);
685 	os_free(conf->hs20_icons);
686 	if (conf->hs20_osu_providers) {
687 		size_t i;
688 		for (i = 0; i < conf->hs20_osu_providers_count; i++) {
689 			struct hs20_osu_provider *p;
690 			size_t j;
691 			p = &conf->hs20_osu_providers[i];
692 			os_free(p->friendly_name);
693 			os_free(p->server_uri);
694 			os_free(p->method_list);
695 			for (j = 0; j < p->icons_count; j++)
696 				os_free(p->icons[j]);
697 			os_free(p->icons);
698 			os_free(p->osu_nai);
699 			os_free(p->osu_nai2);
700 			os_free(p->service_desc);
701 		}
702 		os_free(conf->hs20_osu_providers);
703 	}
704 	if (conf->hs20_operator_icon) {
705 		size_t i;
706 
707 		for (i = 0; i < conf->hs20_operator_icon_count; i++)
708 			os_free(conf->hs20_operator_icon[i]);
709 		os_free(conf->hs20_operator_icon);
710 	}
711 	os_free(conf->subscr_remediation_url);
712 	os_free(conf->hs20_sim_provisioning_url);
713 	os_free(conf->t_c_filename);
714 	os_free(conf->t_c_server_url);
715 #endif /* CONFIG_HS20 */
716 
717 	wpabuf_free(conf->vendor_elements);
718 	wpabuf_free(conf->assocresp_elements);
719 
720 	os_free(conf->sae_groups);
721 #ifdef CONFIG_OWE
722 	os_free(conf->owe_groups);
723 #endif /* CONFIG_OWE */
724 
725 	os_free(conf->wowlan_triggers);
726 
727 	os_free(conf->server_id);
728 
729 #ifdef CONFIG_TESTING_OPTIONS
730 	wpabuf_free(conf->own_ie_override);
731 	wpabuf_free(conf->sae_commit_override);
732 #endif /* CONFIG_TESTING_OPTIONS */
733 
734 	os_free(conf->no_probe_resp_if_seen_on);
735 	os_free(conf->no_auth_if_seen_on);
736 
737 	hostapd_config_free_fils_realms(conf);
738 
739 #ifdef CONFIG_DPP
740 	os_free(conf->dpp_connector);
741 	wpabuf_free(conf->dpp_netaccesskey);
742 	wpabuf_free(conf->dpp_csign);
743 #endif /* CONFIG_DPP */
744 
745 	hostapd_config_free_sae_passwords(conf);
746 
747 	os_free(conf);
748 }
749 
750 
751 /**
752  * hostapd_config_free - Free hostapd configuration
753  * @conf: Configuration data from hostapd_config_read().
754  */
hostapd_config_free(struct hostapd_config * conf)755 void hostapd_config_free(struct hostapd_config *conf)
756 {
757 	size_t i;
758 
759 	if (conf == NULL)
760 		return;
761 
762 	for (i = 0; i < conf->num_bss; i++)
763 		hostapd_config_free_bss(conf->bss[i]);
764 	os_free(conf->bss);
765 	os_free(conf->supported_rates);
766 	os_free(conf->basic_rates);
767 	os_free(conf->acs_ch_list.range);
768 	os_free(conf->driver_params);
769 #ifdef CONFIG_ACS
770 	os_free(conf->acs_chan_bias);
771 #endif /* CONFIG_ACS */
772 	wpabuf_free(conf->lci);
773 	wpabuf_free(conf->civic);
774 
775 	os_free(conf);
776 }
777 
778 
779 /**
780  * hostapd_maclist_found - Find a MAC address from a list
781  * @list: MAC address list
782  * @num_entries: Number of addresses in the list
783  * @addr: Address to search for
784  * @vlan_id: Buffer for returning VLAN ID or %NULL if not needed
785  * Returns: 1 if address is in the list or 0 if not.
786  *
787  * Perform a binary search for given MAC address from a pre-sorted list.
788  */
hostapd_maclist_found(struct mac_acl_entry * list,int num_entries,const u8 * addr,struct vlan_description * vlan_id)789 int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
790 			  const u8 *addr, struct vlan_description *vlan_id)
791 {
792 	int start, end, middle, res;
793 
794 	start = 0;
795 	end = num_entries - 1;
796 
797 	while (start <= end) {
798 		middle = (start + end) / 2;
799 		res = os_memcmp(list[middle].addr, addr, ETH_ALEN);
800 		if (res == 0) {
801 			if (vlan_id)
802 				*vlan_id = list[middle].vlan_id;
803 			return 1;
804 		}
805 		if (res < 0)
806 			start = middle + 1;
807 		else
808 			end = middle - 1;
809 	}
810 
811 	return 0;
812 }
813 
814 
hostapd_rate_found(int * list,int rate)815 int hostapd_rate_found(int *list, int rate)
816 {
817 	int i;
818 
819 	if (list == NULL)
820 		return 0;
821 
822 	for (i = 0; list[i] >= 0; i++)
823 		if (list[i] == rate)
824 			return 1;
825 
826 	return 0;
827 }
828 
829 
hostapd_vlan_valid(struct hostapd_vlan * vlan,struct vlan_description * vlan_desc)830 int hostapd_vlan_valid(struct hostapd_vlan *vlan,
831 		       struct vlan_description *vlan_desc)
832 {
833 	struct hostapd_vlan *v = vlan;
834 	int i;
835 
836 	if (!vlan_desc->notempty || vlan_desc->untagged < 0 ||
837 	    vlan_desc->untagged > MAX_VLAN_ID)
838 		return 0;
839 	for (i = 0; i < MAX_NUM_TAGGED_VLAN; i++) {
840 		if (vlan_desc->tagged[i] < 0 ||
841 		    vlan_desc->tagged[i] > MAX_VLAN_ID)
842 			return 0;
843 	}
844 	if (!vlan_desc->untagged && !vlan_desc->tagged[0])
845 		return 0;
846 
847 	while (v) {
848 		if (!vlan_compare(&v->vlan_desc, vlan_desc) ||
849 		    v->vlan_id == VLAN_ID_WILDCARD)
850 			return 1;
851 		v = v->next;
852 	}
853 	return 0;
854 }
855 
856 
hostapd_get_vlan_id_ifname(struct hostapd_vlan * vlan,int vlan_id)857 const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
858 {
859 	struct hostapd_vlan *v = vlan;
860 	while (v) {
861 		if (v->vlan_id == vlan_id)
862 			return v->ifname;
863 		v = v->next;
864 	}
865 	return NULL;
866 }
867 
868 
hostapd_get_psk(const struct hostapd_bss_config * conf,const u8 * addr,const u8 * p2p_dev_addr,const u8 * prev_psk,int * vlan_id)869 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
870 			   const u8 *addr, const u8 *p2p_dev_addr,
871 			   const u8 *prev_psk, int *vlan_id)
872 {
873 	struct hostapd_wpa_psk *psk;
874 	int next_ok = prev_psk == NULL;
875 
876 	if (vlan_id)
877 		*vlan_id = 0;
878 
879 	if (p2p_dev_addr && !is_zero_ether_addr(p2p_dev_addr)) {
880 		wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
881 			   " p2p_dev_addr=" MACSTR " prev_psk=%p",
882 			   MAC2STR(addr), MAC2STR(p2p_dev_addr), prev_psk);
883 		addr = NULL; /* Use P2P Device Address for matching */
884 	} else {
885 		wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
886 			   " prev_psk=%p",
887 			   MAC2STR(addr), prev_psk);
888 	}
889 
890 	for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
891 		if (next_ok &&
892 		    (psk->group ||
893 		     (addr && os_memcmp(psk->addr, addr, ETH_ALEN) == 0) ||
894 		     (!addr && p2p_dev_addr &&
895 		      os_memcmp(psk->p2p_dev_addr, p2p_dev_addr, ETH_ALEN) ==
896 		      0))) {
897 			if (vlan_id)
898 				*vlan_id = psk->vlan_id;
899 			return psk->psk;
900 		}
901 
902 		if (psk->psk == prev_psk)
903 			next_ok = 1;
904 	}
905 
906 	return NULL;
907 }
908 
909 
hostapd_config_check_bss(struct hostapd_bss_config * bss,struct hostapd_config * conf,int full_config)910 static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
911 				    struct hostapd_config *conf,
912 				    int full_config)
913 {
914 	if (full_config && bss->ieee802_1x && !bss->eap_server &&
915 	    !bss->radius->auth_servers) {
916 		wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no "
917 			   "EAP authenticator configured).");
918 		return -1;
919 	}
920 
921 	if (bss->wpa) {
922 		int wep, i;
923 
924 		wep = bss->default_wep_key_len > 0 ||
925 		       bss->individual_wep_key_len > 0;
926 		for (i = 0; i < NUM_WEP_KEYS; i++) {
927 			if (bss->ssid.wep.keys_set) {
928 				wep = 1;
929 				break;
930 			}
931 		}
932 
933 		if (wep) {
934 			wpa_printf(MSG_ERROR, "WEP configuration in a WPA network is not supported");
935 			return -1;
936 		}
937 	}
938 
939 	if (full_config && bss->wpa &&
940 	    bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
941 	    bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
942 		wpa_printf(MSG_ERROR, "WPA-PSK using RADIUS enabled, but no "
943 			   "RADIUS checking (macaddr_acl=2) enabled.");
944 		return -1;
945 	}
946 
947 	if (full_config && bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
948 	    bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
949 	    bss->ssid.wpa_psk_file == NULL &&
950 	    (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED ||
951 	     bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) {
952 		wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase "
953 			   "is not configured.");
954 		return -1;
955 	}
956 
957 	if (full_config && !is_zero_ether_addr(bss->bssid)) {
958 		size_t i;
959 
960 		for (i = 0; i < conf->num_bss; i++) {
961 			if (conf->bss[i] != bss &&
962 			    (hostapd_mac_comp(conf->bss[i]->bssid,
963 					      bss->bssid) == 0)) {
964 				wpa_printf(MSG_ERROR, "Duplicate BSSID " MACSTR
965 					   " on interface '%s' and '%s'.",
966 					   MAC2STR(bss->bssid),
967 					   conf->bss[i]->iface, bss->iface);
968 				return -1;
969 			}
970 		}
971 	}
972 
973 #ifdef CONFIG_IEEE80211R_AP
974 	if (full_config && wpa_key_mgmt_ft(bss->wpa_key_mgmt) &&
975 	    (bss->nas_identifier == NULL ||
976 	     os_strlen(bss->nas_identifier) < 1 ||
977 	     os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) {
978 		wpa_printf(MSG_ERROR, "FT (IEEE 802.11r) requires "
979 			   "nas_identifier to be configured as a 1..48 octet "
980 			   "string");
981 		return -1;
982 	}
983 #endif /* CONFIG_IEEE80211R_AP */
984 
985 #ifdef CONFIG_IEEE80211N
986 	if (full_config && conf->ieee80211n &&
987 	    conf->hw_mode == HOSTAPD_MODE_IEEE80211B) {
988 		bss->disable_11n = 1;
989 		wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) in 11b mode is not "
990 			   "allowed, disabling HT capabilities");
991 	}
992 
993 	if (full_config && conf->ieee80211n &&
994 	    bss->ssid.security_policy == SECURITY_STATIC_WEP) {
995 		bss->disable_11n = 1;
996 		wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not "
997 			   "allowed, disabling HT capabilities");
998 	}
999 
1000 	if (full_config && conf->ieee80211n && bss->wpa &&
1001 	    !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1002 	    !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1003 				   WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1004 	{
1005 		bss->disable_11n = 1;
1006 		wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 "
1007 			   "requires CCMP/GCMP to be enabled, disabling HT "
1008 			   "capabilities");
1009 	}
1010 #endif /* CONFIG_IEEE80211N */
1011 
1012 #ifdef CONFIG_IEEE80211AC
1013 	if (full_config && conf->ieee80211ac &&
1014 	    bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1015 		bss->disable_11ac = 1;
1016 		wpa_printf(MSG_ERROR,
1017 			   "VHT (IEEE 802.11ac) with WEP is not allowed, disabling VHT capabilities");
1018 	}
1019 
1020 	if (full_config && conf->ieee80211ac && bss->wpa &&
1021 	    !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1022 	    !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1023 				   WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1024 	{
1025 		bss->disable_11ac = 1;
1026 		wpa_printf(MSG_ERROR,
1027 			   "VHT (IEEE 802.11ac) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling VHT capabilities");
1028 	}
1029 #endif /* CONFIG_IEEE80211AC */
1030 
1031 #ifdef CONFIG_WPS
1032 	if (full_config && bss->wps_state && bss->ignore_broadcast_ssid) {
1033 		wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid "
1034 			   "configuration forced WPS to be disabled");
1035 		bss->wps_state = 0;
1036 	}
1037 
1038 	if (full_config && bss->wps_state &&
1039 	    bss->ssid.wep.keys_set && bss->wpa == 0) {
1040 		wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be "
1041 			   "disabled");
1042 		bss->wps_state = 0;
1043 	}
1044 
1045 	if (full_config && bss->wps_state && bss->wpa &&
1046 	    (!(bss->wpa & 2) ||
1047 	     !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1048 				    WPA_CIPHER_CCMP_256 |
1049 				    WPA_CIPHER_GCMP_256)))) {
1050 		wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without "
1051 			   "WPA2/CCMP/GCMP forced WPS to be disabled");
1052 		bss->wps_state = 0;
1053 	}
1054 #endif /* CONFIG_WPS */
1055 
1056 #ifdef CONFIG_HS20
1057 	if (full_config && bss->hs20 &&
1058 	    (!(bss->wpa & 2) ||
1059 	     !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1060 				    WPA_CIPHER_CCMP_256 |
1061 				    WPA_CIPHER_GCMP_256)))) {
1062 		wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP "
1063 			   "configuration is required for Hotspot 2.0 "
1064 			   "functionality");
1065 		return -1;
1066 	}
1067 #endif /* CONFIG_HS20 */
1068 
1069 #ifdef CONFIG_MBO
1070 	if (full_config && bss->mbo_enabled && (bss->wpa & 2) &&
1071 	    bss->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
1072 		wpa_printf(MSG_ERROR,
1073 			   "MBO: PMF needs to be enabled whenever using WPA2 with MBO");
1074 		return -1;
1075 	}
1076 #endif /* CONFIG_MBO */
1077 
1078 #ifdef CONFIG_OCV
1079 	if (full_config && bss->ieee80211w == NO_MGMT_FRAME_PROTECTION &&
1080 	    bss->ocv) {
1081 		wpa_printf(MSG_ERROR,
1082 			   "OCV: PMF needs to be enabled whenever using OCV");
1083 		return -1;
1084 	}
1085 #endif /* CONFIG_OCV */
1086 
1087 	return 0;
1088 }
1089 
1090 
hostapd_config_check_cw(struct hostapd_config * conf,int queue)1091 static int hostapd_config_check_cw(struct hostapd_config *conf, int queue)
1092 {
1093 	int tx_cwmin = conf->tx_queue[queue].cwmin;
1094 	int tx_cwmax = conf->tx_queue[queue].cwmax;
1095 	int ac_cwmin = conf->wmm_ac_params[queue].cwmin;
1096 	int ac_cwmax = conf->wmm_ac_params[queue].cwmax;
1097 
1098 	if (tx_cwmin > tx_cwmax) {
1099 		wpa_printf(MSG_ERROR,
1100 			   "Invalid TX queue cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1101 			   tx_cwmin, tx_cwmax);
1102 		return -1;
1103 	}
1104 	if (ac_cwmin > ac_cwmax) {
1105 		wpa_printf(MSG_ERROR,
1106 			   "Invalid WMM AC cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1107 			   ac_cwmin, ac_cwmax);
1108 		return -1;
1109 	}
1110 	return 0;
1111 }
1112 
1113 
hostapd_config_check(struct hostapd_config * conf,int full_config)1114 int hostapd_config_check(struct hostapd_config *conf, int full_config)
1115 {
1116 	size_t i;
1117 
1118 	if (full_config && conf->ieee80211d &&
1119 	    (!conf->country[0] || !conf->country[1])) {
1120 		wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11d without "
1121 			   "setting the country_code");
1122 		return -1;
1123 	}
1124 
1125 	if (full_config && conf->ieee80211h && !conf->ieee80211d) {
1126 		wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11h without "
1127 			   "IEEE 802.11d enabled");
1128 		return -1;
1129 	}
1130 
1131 	if (full_config && conf->local_pwr_constraint != -1 &&
1132 	    !conf->ieee80211d) {
1133 		wpa_printf(MSG_ERROR, "Cannot add Power Constraint element without Country element");
1134 		return -1;
1135 	}
1136 
1137 	if (full_config && conf->spectrum_mgmt_required &&
1138 	    conf->local_pwr_constraint == -1) {
1139 		wpa_printf(MSG_ERROR, "Cannot set Spectrum Management bit without Country and Power Constraint elements");
1140 		return -1;
1141 	}
1142 
1143 	for (i = 0; i < NUM_TX_QUEUES; i++) {
1144 		if (hostapd_config_check_cw(conf, i))
1145 			return -1;
1146 	}
1147 
1148 	for (i = 0; i < conf->num_bss; i++) {
1149 		if (hostapd_config_check_bss(conf->bss[i], conf, full_config))
1150 			return -1;
1151 	}
1152 
1153 	return 0;
1154 }
1155 
1156 
hostapd_set_security_params(struct hostapd_bss_config * bss,int full_config)1157 void hostapd_set_security_params(struct hostapd_bss_config *bss,
1158 				 int full_config)
1159 {
1160 	if (bss->individual_wep_key_len == 0) {
1161 		/* individual keys are not use; can use key idx0 for
1162 		 * broadcast keys */
1163 		bss->broadcast_key_idx_min = 0;
1164 	}
1165 
1166 	if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
1167 		bss->rsn_pairwise = bss->wpa_pairwise;
1168 	if (bss->group_cipher)
1169 		bss->wpa_group = bss->group_cipher;
1170 	else
1171 		bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
1172 							    bss->wpa_pairwise,
1173 							    bss->rsn_pairwise);
1174 	if (!bss->wpa_group_rekey_set)
1175 		bss->wpa_group_rekey = bss->wpa_group == WPA_CIPHER_TKIP ?
1176 			600 : 86400;
1177 
1178 	if (full_config) {
1179 		bss->radius->auth_server = bss->radius->auth_servers;
1180 		bss->radius->acct_server = bss->radius->acct_servers;
1181 	}
1182 
1183 	if (bss->wpa && bss->ieee802_1x) {
1184 		bss->ssid.security_policy = SECURITY_WPA;
1185 	} else if (bss->wpa) {
1186 		bss->ssid.security_policy = SECURITY_WPA_PSK;
1187 	} else if (bss->ieee802_1x) {
1188 		int cipher = WPA_CIPHER_NONE;
1189 		bss->ssid.security_policy = SECURITY_IEEE_802_1X;
1190 		bss->ssid.wep.default_len = bss->default_wep_key_len;
1191 		if (full_config && bss->default_wep_key_len) {
1192 			cipher = bss->default_wep_key_len >= 13 ?
1193 				WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
1194 		} else if (full_config && bss->ssid.wep.keys_set) {
1195 			if (bss->ssid.wep.len[0] >= 13)
1196 				cipher = WPA_CIPHER_WEP104;
1197 			else
1198 				cipher = WPA_CIPHER_WEP40;
1199 		}
1200 		bss->wpa_group = cipher;
1201 		bss->wpa_pairwise = cipher;
1202 		bss->rsn_pairwise = cipher;
1203 		if (full_config)
1204 			bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
1205 	} else if (bss->ssid.wep.keys_set) {
1206 		int cipher = WPA_CIPHER_WEP40;
1207 		if (bss->ssid.wep.len[0] >= 13)
1208 			cipher = WPA_CIPHER_WEP104;
1209 		bss->ssid.security_policy = SECURITY_STATIC_WEP;
1210 		bss->wpa_group = cipher;
1211 		bss->wpa_pairwise = cipher;
1212 		bss->rsn_pairwise = cipher;
1213 		if (full_config)
1214 			bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1215 	} else if (bss->osen) {
1216 		bss->ssid.security_policy = SECURITY_OSEN;
1217 		bss->wpa_group = WPA_CIPHER_CCMP;
1218 		bss->wpa_pairwise = 0;
1219 		bss->rsn_pairwise = WPA_CIPHER_CCMP;
1220 	} else {
1221 		bss->ssid.security_policy = SECURITY_PLAINTEXT;
1222 		if (full_config) {
1223 			bss->wpa_group = WPA_CIPHER_NONE;
1224 			bss->wpa_pairwise = WPA_CIPHER_NONE;
1225 			bss->rsn_pairwise = WPA_CIPHER_NONE;
1226 			bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1227 		}
1228 	}
1229 }
1230 
1231 
hostapd_sae_pw_id_in_use(struct hostapd_bss_config * conf)1232 int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf)
1233 {
1234 	int with_id = 0, without_id = 0;
1235 	struct sae_password_entry *pw;
1236 
1237 	if (conf->ssid.wpa_passphrase)
1238 		without_id = 1;
1239 
1240 	for (pw = conf->sae_passwords; pw; pw = pw->next) {
1241 		if (pw->identifier)
1242 			with_id = 1;
1243 		else
1244 			without_id = 1;
1245 		if (with_id && without_id)
1246 			break;
1247 	}
1248 
1249 	if (with_id && !without_id)
1250 		return 2;
1251 	return with_id;
1252 }
1253