1 /* 2 * WPA Supplicant / Configuration file structures 3 * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef CONFIG_H 10 #define CONFIG_H 11 12 #define DEFAULT_EAPOL_VERSION 1 13 #ifdef CONFIG_NO_SCAN_PROCESSING 14 #define DEFAULT_AP_SCAN 2 15 #else /* CONFIG_NO_SCAN_PROCESSING */ 16 #define DEFAULT_AP_SCAN 1 17 #endif /* CONFIG_NO_SCAN_PROCESSING */ 18 #define DEFAULT_FAST_REAUTH 1 19 #define DEFAULT_P2P_GO_INTENT 7 20 #define DEFAULT_P2P_INTRA_BSS 1 21 #define DEFAULT_BSS_MAX_COUNT 200 22 #define DEFAULT_BSS_EXPIRATION_AGE 180 23 #define DEFAULT_BSS_EXPIRATION_SCAN_COUNT 2 24 #define DEFAULT_MAX_NUM_STA 128 25 #define DEFAULT_ACCESS_NETWORK_TYPE 15 26 27 #include "config_ssid.h" 28 #include "wps/wps.h" 29 30 31 #define CFG_CHANGED_DEVICE_NAME BIT(0) 32 #define CFG_CHANGED_CONFIG_METHODS BIT(1) 33 #define CFG_CHANGED_DEVICE_TYPE BIT(2) 34 #define CFG_CHANGED_OS_VERSION BIT(3) 35 #define CFG_CHANGED_UUID BIT(4) 36 #define CFG_CHANGED_COUNTRY BIT(5) 37 #define CFG_CHANGED_SEC_DEVICE_TYPE BIT(6) 38 #define CFG_CHANGED_P2P_SSID_POSTFIX BIT(7) 39 #define CFG_CHANGED_WPS_STRING BIT(8) 40 #define CFG_CHANGED_P2P_INTRA_BSS BIT(9) 41 #define CFG_CHANGED_VENDOR_EXTENSION BIT(10) 42 #define CFG_CHANGED_P2P_LISTEN_CHANNEL BIT(11) 43 #define CFG_CHANGED_P2P_OPER_CHANNEL BIT(12) 44 #ifdef ANDROID_P2P 45 #define CFG_CHANGED_IFACE_PRIORITY BIT(13) 46 #endif 47 48 /** 49 * struct wpa_config - wpa_supplicant configuration data 50 * 51 * This data structure is presents the per-interface (radio) configuration 52 * data. In many cases, there is only one struct wpa_config instance, but if 53 * more than one network interface is being controlled, one instance is used 54 * for each. 55 */ 56 struct wpa_config { 57 /** 58 * ssid - Head of the global network list 59 * 60 * This is the head for the list of all the configured networks. 61 */ 62 struct wpa_ssid *ssid; 63 64 /** 65 * pssid - Per-priority network lists (in priority order) 66 */ 67 struct wpa_ssid **pssid; 68 69 /** 70 * num_prio - Number of different priorities used in the pssid lists 71 * 72 * This indicates how many per-priority network lists are included in 73 * pssid. 74 */ 75 int num_prio; 76 77 /** 78 * eapol_version - IEEE 802.1X/EAPOL version number 79 * 80 * wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which 81 * defines EAPOL version 2. However, there are many APs that do not 82 * handle the new version number correctly (they seem to drop the 83 * frames completely). In order to make wpa_supplicant interoperate 84 * with these APs, the version number is set to 1 by default. This 85 * configuration value can be used to set it to the new version (2). 86 */ 87 int eapol_version; 88 89 /** 90 * ap_scan - AP scanning/selection 91 * 92 * By default, wpa_supplicant requests driver to perform AP 93 * scanning and then uses the scan results to select a 94 * suitable AP. Another alternative is to allow the driver to 95 * take care of AP scanning and selection and use 96 * wpa_supplicant just to process EAPOL frames based on IEEE 97 * 802.11 association information from the driver. 98 * 99 * 1: wpa_supplicant initiates scanning and AP selection (default). 100 * 101 * 0: Driver takes care of scanning, AP selection, and IEEE 802.11 102 * association parameters (e.g., WPA IE generation); this mode can 103 * also be used with non-WPA drivers when using IEEE 802.1X mode; 104 * do not try to associate with APs (i.e., external program needs 105 * to control association). This mode must also be used when using 106 * wired Ethernet drivers. 107 * 108 * 2: like 0, but associate with APs using security policy and SSID 109 * (but not BSSID); this can be used, e.g., with ndiswrapper and NDIS 110 * drivers to enable operation with hidden SSIDs and optimized roaming; 111 * in this mode, the network blocks in the configuration are tried 112 * one by one until the driver reports successful association; each 113 * network block should have explicit security policy (i.e., only one 114 * option in the lists) for key_mgmt, pairwise, group, proto variables. 115 */ 116 int ap_scan; 117 118 /** 119 * ctrl_interface - Parameters for the control interface 120 * 121 * If this is specified, %wpa_supplicant will open a control interface 122 * that is available for external programs to manage %wpa_supplicant. 123 * The meaning of this string depends on which control interface 124 * mechanism is used. For all cases, the existence of this parameter 125 * in configuration is used to determine whether the control interface 126 * is enabled. 127 * 128 * For UNIX domain sockets (default on Linux and BSD): This is a 129 * directory that will be created for UNIX domain sockets for listening 130 * to requests from external programs (CLI/GUI, etc.) for status 131 * information and configuration. The socket file will be named based 132 * on the interface name, so multiple %wpa_supplicant processes can be 133 * run at the same time if more than one interface is used. 134 * /var/run/wpa_supplicant is the recommended directory for sockets and 135 * by default, wpa_cli will use it when trying to connect with 136 * %wpa_supplicant. 137 * 138 * Access control for the control interface can be configured 139 * by setting the directory to allow only members of a group 140 * to use sockets. This way, it is possible to run 141 * %wpa_supplicant as root (since it needs to change network 142 * configuration and open raw sockets) and still allow GUI/CLI 143 * components to be run as non-root users. However, since the 144 * control interface can be used to change the network 145 * configuration, this access needs to be protected in many 146 * cases. By default, %wpa_supplicant is configured to use gid 147 * 0 (root). If you want to allow non-root users to use the 148 * control interface, add a new group and change this value to 149 * match with that group. Add users that should have control 150 * interface access to this group. 151 * 152 * When configuring both the directory and group, use following format: 153 * DIR=/var/run/wpa_supplicant GROUP=wheel 154 * DIR=/var/run/wpa_supplicant GROUP=0 155 * (group can be either group name or gid) 156 * 157 * For UDP connections (default on Windows): The value will be ignored. 158 * This variable is just used to select that the control interface is 159 * to be created. The value can be set to, e.g., udp 160 * (ctrl_interface=udp). 161 * 162 * For Windows Named Pipe: This value can be used to set the security 163 * descriptor for controlling access to the control interface. Security 164 * descriptor can be set using Security Descriptor String Format (see 165 * http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_descriptor_string_format.asp). 166 * The descriptor string needs to be prefixed with SDDL=. For example, 167 * ctrl_interface=SDDL=D: would set an empty DACL (which will reject 168 * all connections). 169 */ 170 char *ctrl_interface; 171 172 /** 173 * ctrl_interface_group - Control interface group (DEPRECATED) 174 * 175 * This variable is only used for backwards compatibility. Group for 176 * UNIX domain sockets should now be specified using GROUP=group in 177 * ctrl_interface variable. 178 */ 179 char *ctrl_interface_group; 180 181 /** 182 * fast_reauth - EAP fast re-authentication (session resumption) 183 * 184 * By default, fast re-authentication is enabled for all EAP methods 185 * that support it. This variable can be used to disable fast 186 * re-authentication (by setting fast_reauth=0). Normally, there is no 187 * need to disable fast re-authentication. 188 */ 189 int fast_reauth; 190 191 /** 192 * opensc_engine_path - Path to the OpenSSL engine for opensc 193 * 194 * This is an OpenSSL specific configuration option for loading OpenSC 195 * engine (engine_opensc.so); if %NULL, this engine is not loaded. 196 */ 197 char *opensc_engine_path; 198 199 /** 200 * pkcs11_engine_path - Path to the OpenSSL engine for PKCS#11 201 * 202 * This is an OpenSSL specific configuration option for loading PKCS#11 203 * engine (engine_pkcs11.so); if %NULL, this engine is not loaded. 204 */ 205 char *pkcs11_engine_path; 206 207 /** 208 * pkcs11_module_path - Path to the OpenSSL OpenSC/PKCS#11 module 209 * 210 * This is an OpenSSL specific configuration option for configuring 211 * path to OpenSC/PKCS#11 engine (opensc-pkcs11.so); if %NULL, this 212 * module is not loaded. 213 */ 214 char *pkcs11_module_path; 215 216 /** 217 * driver_param - Driver interface parameters 218 * 219 * This text string is passed to the selected driver interface with the 220 * optional struct wpa_driver_ops::set_param() handler. This can be 221 * used to configure driver specific options without having to add new 222 * driver interface functionality. 223 */ 224 char *driver_param; 225 226 /** 227 * dot11RSNAConfigPMKLifetime - Maximum lifetime of a PMK 228 * 229 * dot11 MIB variable for the maximum lifetime of a PMK in the PMK 230 * cache (unit: seconds). 231 */ 232 unsigned int dot11RSNAConfigPMKLifetime; 233 234 /** 235 * dot11RSNAConfigPMKReauthThreshold - PMK re-authentication threshold 236 * 237 * dot11 MIB variable for the percentage of the PMK lifetime 238 * that should expire before an IEEE 802.1X reauthentication occurs. 239 */ 240 unsigned int dot11RSNAConfigPMKReauthThreshold; 241 242 /** 243 * dot11RSNAConfigSATimeout - Security association timeout 244 * 245 * dot11 MIB variable for the maximum time a security association 246 * shall take to set up (unit: seconds). 247 */ 248 unsigned int dot11RSNAConfigSATimeout; 249 250 /** 251 * update_config - Is wpa_supplicant allowed to update configuration 252 * 253 * This variable control whether wpa_supplicant is allow to re-write 254 * its configuration with wpa_config_write(). If this is zero, 255 * configuration data is only changed in memory and the external data 256 * is not overriden. If this is non-zero, wpa_supplicant will update 257 * the configuration data (e.g., a file) whenever configuration is 258 * changed. This update may replace the old configuration which can 259 * remove comments from it in case of a text file configuration. 260 */ 261 int update_config; 262 263 /** 264 * blobs - Configuration blobs 265 */ 266 struct wpa_config_blob *blobs; 267 268 /** 269 * uuid - Universally Unique IDentifier (UUID; see RFC 4122) for WPS 270 */ 271 u8 uuid[16]; 272 273 /** 274 * device_name - Device Name (WPS) 275 * User-friendly description of device; up to 32 octets encoded in 276 * UTF-8 277 */ 278 char *device_name; 279 280 /** 281 * manufacturer - Manufacturer (WPS) 282 * The manufacturer of the device (up to 64 ASCII characters) 283 */ 284 char *manufacturer; 285 286 /** 287 * model_name - Model Name (WPS) 288 * Model of the device (up to 32 ASCII characters) 289 */ 290 char *model_name; 291 292 /** 293 * model_number - Model Number (WPS) 294 * Additional device description (up to 32 ASCII characters) 295 */ 296 char *model_number; 297 298 /** 299 * serial_number - Serial Number (WPS) 300 * Serial number of the device (up to 32 characters) 301 */ 302 char *serial_number; 303 304 /** 305 * device_type - Primary Device Type (WPS) 306 */ 307 u8 device_type[WPS_DEV_TYPE_LEN]; 308 309 /** 310 * config_methods - Config Methods 311 * 312 * This is a space-separated list of supported WPS configuration 313 * methods. For example, "label virtual_display virtual_push_button 314 * keypad". 315 * Available methods: usba ethernet label display ext_nfc_token 316 * int_nfc_token nfc_interface push_button keypad 317 * virtual_display physical_display 318 * virtual_push_button physical_push_button. 319 */ 320 char *config_methods; 321 322 /** 323 * os_version - OS Version (WPS) 324 * 4-octet operating system version number 325 */ 326 u8 os_version[4]; 327 328 /** 329 * country - Country code 330 * 331 * This is the ISO/IEC alpha2 country code for which we are operating 332 * in 333 */ 334 char country[2]; 335 336 /** 337 * wps_cred_processing - Credential processing 338 * 339 * 0 = process received credentials internally 340 * 1 = do not process received credentials; just pass them over 341 * ctrl_iface to external program(s) 342 * 2 = process received credentials internally and pass them over 343 * ctrl_iface to external program(s) 344 */ 345 int wps_cred_processing; 346 347 #define MAX_SEC_DEVICE_TYPES 5 348 /** 349 * sec_device_types - Secondary Device Types (P2P) 350 */ 351 u8 sec_device_type[MAX_SEC_DEVICE_TYPES][WPS_DEV_TYPE_LEN]; 352 int num_sec_device_types; 353 354 int p2p_listen_reg_class; 355 int p2p_listen_channel; 356 int p2p_oper_reg_class; 357 int p2p_oper_channel; 358 int p2p_go_intent; 359 char *p2p_ssid_postfix; 360 int persistent_reconnect; 361 int p2p_intra_bss; 362 363 #define MAX_WPS_VENDOR_EXT 10 364 /** 365 * wps_vendor_ext - Vendor extension attributes in WPS 366 */ 367 struct wpabuf *wps_vendor_ext[MAX_WPS_VENDOR_EXT]; 368 369 /** 370 * p2p_group_idle - Maximum idle time in seconds for P2P group 371 * 372 * This value controls how long a P2P group is maintained after there 373 * is no other members in the group. As a GO, this means no associated 374 * stations in the group. As a P2P client, this means no GO seen in 375 * scan results. The maximum idle time is specified in seconds with 0 376 * indicating no time limit, i.e., the P2P group remains in active 377 * state indefinitely until explicitly removed. As a P2P client, the 378 * maximum idle time of P2P_MAX_CLIENT_IDLE seconds is enforced, i.e., 379 * this parameter is mainly meant for GO use and for P2P client, it can 380 * only be used to reduce the default timeout to smaller value. 381 */ 382 unsigned int p2p_group_idle; 383 384 /** 385 * bss_max_count - Maximum number of BSS entries to keep in memory 386 */ 387 unsigned int bss_max_count; 388 389 /** 390 * bss_expiration_age - BSS entry age after which it can be expired 391 * 392 * This value controls the time in seconds after which a BSS entry 393 * gets removed if it has not been updated or is not in use. 394 */ 395 unsigned int bss_expiration_age; 396 397 /** 398 * bss_expiration_scan_count - Expire BSS after number of scans 399 * 400 * If the BSS entry has not been seen in this many scans, it will be 401 * removed. A value of 1 means that entry is removed after the first 402 * scan in which the BSSID is not seen. Larger values can be used 403 * to avoid BSS entries disappearing if they are not visible in 404 * every scan (e.g., low signal quality or interference). 405 */ 406 unsigned int bss_expiration_scan_count; 407 408 /** 409 * filter_ssids - SSID-based scan result filtering 410 * 411 * 0 = do not filter scan results 412 * 1 = only include configured SSIDs in scan results/BSS table 413 */ 414 int filter_ssids; 415 416 /** 417 * max_num_sta - Maximum number of STAs in an AP/P2P GO 418 */ 419 unsigned int max_num_sta; 420 421 /** 422 * changed_parameters - Bitmap of changed parameters since last update 423 */ 424 unsigned int changed_parameters; 425 426 /** 427 * disassoc_low_ack - Disassocicate stations with massive packet loss 428 */ 429 int disassoc_low_ack; 430 431 /** 432 * interworking - Whether Interworking (IEEE 802.11u) is enabled 433 */ 434 int interworking; 435 436 /** 437 * access_network_type - Access Network Type 438 * 439 * When Interworking is enabled, scans will be limited to APs that 440 * advertise the specified Access Network Type (0..15; with 15 441 * indicating wildcard match). 442 */ 443 int access_network_type; 444 445 /** 446 * hessid - Homogenous ESS identifier 447 * 448 * If this is set (any octet is non-zero), scans will be used to 449 * request response only from BSSes belonging to the specified 450 * Homogeneous ESS. This is used only if interworking is enabled. 451 */ 452 u8 hessid[ETH_ALEN]; 453 454 /** 455 * home_realm - Home Realm for Interworking 456 */ 457 char *home_realm; 458 459 /** 460 * home_username - Username for Interworking network selection 461 */ 462 char *home_username; 463 464 /** 465 * home_password - Password for Interworking network selection 466 */ 467 char *home_password; 468 469 /** 470 * home_ca_cert - CA certificate for Interworking network selection 471 */ 472 char *home_ca_cert; 473 474 /** 475 * home_imsi - IMSI in <MCC> | <MNC> | '-' | <MSIN> format 476 */ 477 char *home_imsi; 478 479 /** 480 * home_milenage - Milenage parameters for SIM/USIM simulator in 481 * <Ki>:<OPc>:<SQN> format 482 */ 483 char *home_milenage; 484 #ifdef ANDROID_P2P 485 /** 486 * prioritize - Prioritize an Interface 487 * Interface name of the interface that needs to be proritized; Useful 488 * for resolving conflicts in connection. up to 16 octets encoded in 489 * UTF-8 490 */ 491 char *prioritize; 492 #endif 493 }; 494 495 496 /* Prototypes for common functions from config.c */ 497 498 void wpa_config_free(struct wpa_config *ssid); 499 void wpa_config_free_ssid(struct wpa_ssid *ssid); 500 void wpa_config_foreach_network(struct wpa_config *config, 501 void (*func)(void *, struct wpa_ssid *), 502 void *arg); 503 struct wpa_ssid * wpa_config_get_network(struct wpa_config *config, int id); 504 struct wpa_ssid * wpa_config_add_network(struct wpa_config *config); 505 int wpa_config_remove_network(struct wpa_config *config, int id); 506 void wpa_config_set_network_defaults(struct wpa_ssid *ssid); 507 int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value, 508 int line); 509 int wpa_config_set_quoted(struct wpa_ssid *ssid, const char *var, 510 const char *value); 511 char ** wpa_config_get_all(struct wpa_ssid *ssid, int get_keys); 512 char * wpa_config_get(struct wpa_ssid *ssid, const char *var); 513 char * wpa_config_get_no_key(struct wpa_ssid *ssid, const char *var); 514 void wpa_config_update_psk(struct wpa_ssid *ssid); 515 int wpa_config_add_prio_network(struct wpa_config *config, 516 struct wpa_ssid *ssid); 517 int wpa_config_update_prio_list(struct wpa_config *config); 518 const struct wpa_config_blob * wpa_config_get_blob(struct wpa_config *config, 519 const char *name); 520 void wpa_config_set_blob(struct wpa_config *config, 521 struct wpa_config_blob *blob); 522 void wpa_config_free_blob(struct wpa_config_blob *blob); 523 int wpa_config_remove_blob(struct wpa_config *config, const char *name); 524 525 struct wpa_config * wpa_config_alloc_empty(const char *ctrl_interface, 526 const char *driver_param); 527 #ifndef CONFIG_NO_STDOUT_DEBUG 528 void wpa_config_debug_dump_networks(struct wpa_config *config); 529 #else /* CONFIG_NO_STDOUT_DEBUG */ 530 #define wpa_config_debug_dump_networks(c) do { } while (0) 531 #endif /* CONFIG_NO_STDOUT_DEBUG */ 532 533 534 /* Prototypes for common functions from config.c */ 535 int wpa_config_process_global(struct wpa_config *config, char *pos, int line); 536 537 538 /* Prototypes for backend specific functions from the selected config_*.c */ 539 540 /** 541 * wpa_config_read - Read and parse configuration database 542 * @name: Name of the configuration (e.g., path and file name for the 543 * configuration file) 544 * Returns: Pointer to allocated configuration data or %NULL on failure 545 * 546 * This function reads configuration data, parses its contents, and allocates 547 * data structures needed for storing configuration information. The allocated 548 * data can be freed with wpa_config_free(). 549 * 550 * Each configuration backend needs to implement this function. 551 */ 552 struct wpa_config * wpa_config_read(const char *name); 553 554 /** 555 * wpa_config_write - Write or update configuration data 556 * @name: Name of the configuration (e.g., path and file name for the 557 * configuration file) 558 * @config: Configuration data from wpa_config_read() 559 * Returns: 0 on success, -1 on failure 560 * 561 * This function write all configuration data into an external database (e.g., 562 * a text file) in a format that can be read with wpa_config_read(). This can 563 * be used to allow wpa_supplicant to update its configuration, e.g., when a 564 * new network is added or a password is changed. 565 * 566 * Each configuration backend needs to implement this function. 567 */ 568 int wpa_config_write(const char *name, struct wpa_config *config); 569 570 #endif /* CONFIG_H */ 571