jeltz
/
hostap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
vlan_per_psk_v2
vlan_per_psk
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '48e0ed037b'
${ noResults }
hostap/hostapd/config_file.c

4835 lines
137 KiB
C
Raw Normal View History Unescape Escape

Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
/*
* hostapd / Configuration file parser
FT: Add key management value FT-EAP-SHA384 for hostapd This allows hostapd to be configuted to use the SHA384-based FT AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
6 years ago
* Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi>
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
*
Remove the GPL notification from files contributed by Jouni Malinen Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
* This software may be distributed under the terms of the BSD license.
* See README for more details.
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
*/
Rename some src/ap files to avoid duplicate file names Doxygen and some build tools may get a bit confused about same file name being used in different directories. Clean this up a bit by renaming some of the duplicated file names in src/ap.
15 years ago
#include "utils/includes.h"
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#ifndef CONFIG_NATIVE_WINDOWS
#include <grp.h>
#endif /* CONFIG_NATIVE_WINDOWS */
Rename some src/ap files to avoid duplicate file names Doxygen and some build tools may get a bit confused about same file name being used in different directories. Clean this up a bit by renaming some of the duplicated file names in src/ap.
15 years ago
#include "utils/common.h"
#include "utils/uuid.h"
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#include "common/ieee802_11_defs.h"
SAE-PK: AP functionality This adds AP side functionality for SAE-PK. The new sae_password configuration parameters can now be used to enable SAE-PK mode whenever SAE is enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
#include "common/sae.h"
FT: New RRB message format Convert FT RRB into a new TLV based format. Use AES-SIV as AEAD cipher to protect the messages. This needs at least 32 byte long keys. These can be provided either by a config file change or letting a KDF derive the 32 byte key used from the 16 byte key given. This breaks backward compatibility, i.e., hostapd needs to be updated on all APs at the same time to allow FT to remain functional. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
7 years ago
#include "crypto/sha256.h"
Add hostapd tls_flags parameter This can be used to set the TLS flags for authentication server. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#include "crypto/tls.h"
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#include "drivers/driver.h"
#include "eap_server/eap.h"
#include "radius/radius_client.h"
Rename some src/ap files to avoid duplicate file names Doxygen and some build tools may get a bit confused about same file name being used in different directories. Clean this up a bit by renaming some of the duplicated file names in src/ap.
15 years ago
#include "ap/wpa_auth.h"
#include "ap/ap_config.h"
Move generic AP functionality implementation into src/ap This code can be shared by both hostapd and wpa_supplicant and this is an initial step in getting the generic code moved to be under the src directories. Couple of generic files still remain under the hostapd directory due to direct dependencies to files there. Once the dependencies have been removed, they will also be moved to the src/ap directory to allow wpa_supplicant to be built without requiring anything from the hostapd directory.
15 years ago
#include "config_file.h"
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#ifndef CONFIG_NO_VLAN
static int hostapd_config_read_vlan_file(struct hostapd_bss_config *bss,
const char *fname)
{
FILE *f;
hostapd: Support for overriding the bridge name per VLAN via vlan_file This makes it easier to integrate dynamic VLANs in custom network configurations. The bridge name is added after the interface name in the vlan_file line, also separated by whitespace. Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years ago
char buf[128], *pos, *pos2, *pos3;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
int line = 0, vlan_id;
struct hostapd_vlan *vlan;
f = fopen(fname, "r");
if (!f) {
wpa_printf(MSG_ERROR, "VLAN file '%s' not readable.", fname);
return -1;
}
while (fgets(buf, sizeof(buf), f)) {
line++;
if (buf[0] == '#')
continue;
pos = buf;
while (*pos != '\0') {
if (*pos == '\n') {
*pos = '\0';
break;
}
pos++;
}
if (buf[0] == '\0')
continue;
if (buf[0] == '*') {
vlan_id = VLAN_ID_WILDCARD;
pos = buf + 1;
} else {
vlan_id = strtol(buf, &pos, 10);
if (buf == pos || vlan_id < 1 ||
vlan_id > MAX_VLAN_ID) {
wpa_printf(MSG_ERROR, "Invalid VLAN ID at "
"line %d in '%s'", line, fname);
fclose(f);
return -1;
}
}
while (*pos == ' ' || *pos == '\t')
pos++;
pos2 = pos;
while (*pos2 != ' ' && *pos2 != '\t' && *pos2 != '\0')
pos2++;
hostapd: Support for overriding the bridge name per VLAN via vlan_file This makes it easier to integrate dynamic VLANs in custom network configurations. The bridge name is added after the interface name in the vlan_file line, also separated by whitespace. Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years ago
if (*pos2 != '\0')
*(pos2++) = '\0';
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
if (*pos == '\0' || os_strlen(pos) > IFNAMSIZ) {
wpa_printf(MSG_ERROR, "Invalid VLAN ifname at line %d "
"in '%s'", line, fname);
fclose(f);
return -1;
}
hostapd: Support for overriding the bridge name per VLAN via vlan_file This makes it easier to integrate dynamic VLANs in custom network configurations. The bridge name is added after the interface name in the vlan_file line, also separated by whitespace. Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years ago
while (*pos2 == ' ' || *pos2 == '\t')
pos2++;
pos3 = pos2;
while (*pos3 != ' ' && *pos3 != '\t' && *pos3 != '\0')
pos3++;
*pos3 = '\0';
Use os_zalloc() instead of os_malloc() + os_memset() Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
vlan = os_zalloc(sizeof(*vlan));
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
if (vlan == NULL) {
wpa_printf(MSG_ERROR, "Out of memory while reading "
"VLAN interfaces from '%s'", fname);
fclose(f);
return -1;
}
vlan->vlan_id = vlan_id;
VLAN: Separate station grouping and uplink configuration Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
8 years ago
vlan->vlan_desc.untagged = vlan_id;
vlan->vlan_desc.notempty = !!vlan_id;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
os_strlcpy(vlan->ifname, pos, sizeof(vlan->ifname));
hostapd: Support for overriding the bridge name per VLAN via vlan_file This makes it easier to integrate dynamic VLANs in custom network configurations. The bridge name is added after the interface name in the vlan_file line, also separated by whitespace. Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years ago
os_strlcpy(vlan->bridge, pos2, sizeof(vlan->bridge));
VLAN: Remove vlan_tail Everything in hostapd can be implemented efficiently without vlan_tail. Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
11 years ago
vlan->next = bss->vlan;
bss->vlan = vlan;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
}
fclose(f);
return 0;
}
#endif /* CONFIG_NO_VLAN */
hostapd: Dynamic MAC ACL management over control interface Previously, MAC ACL could be modified only through file operations (modify accept/deny_mac_file and reload it to hostapd). Extend this to allow MAC ACL to be modified and displayed through new control interface commands: ACCEPT_ACL <subcmd> [argument] DENY_ACL <subcmd> [argument] subcmd: ADD_MAC <addr>[ VLAN_ID=<id>]|DEL_MAC <addr>|SHOW|CLEAR Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
6 years ago
int hostapd_acl_comp(const void *a, const void *b)
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
{
const struct mac_acl_entry *aa = a;
const struct mac_acl_entry *bb = b;
return os_memcmp(aa->addr, bb->addr, sizeof(macaddr));
}
hostapd: Dynamic MAC ACL management over control interface Previously, MAC ACL could be modified only through file operations (modify accept/deny_mac_file and reload it to hostapd). Extend this to allow MAC ACL to be modified and displayed through new control interface commands: ACCEPT_ACL <subcmd> [argument] DENY_ACL <subcmd> [argument] subcmd: ADD_MAC <addr>[ VLAN_ID=<id>]|DEL_MAC <addr>|SHOW|CLEAR Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
6 years ago
int hostapd_add_acl_maclist(struct mac_acl_entry **acl, int *num,
int vlan_id, const u8 *addr)
{
struct mac_acl_entry *newacl;
newacl = os_realloc_array(*acl, *num + 1, sizeof(**acl));
if (!newacl) {
wpa_printf(MSG_ERROR, "MAC list reallocation failed");
return -1;
}
*acl = newacl;
os_memcpy((*acl)[*num].addr, addr, ETH_ALEN);
os_memset(&(*acl)[*num].vlan_id, 0, sizeof((*acl)[*num].vlan_id));
(*acl)[*num].vlan_id.untagged = vlan_id;
(*acl)[*num].vlan_id.notempty = !!vlan_id;
(*num)++;
return 0;
}
void hostapd_remove_acl_mac(struct mac_acl_entry **acl, int *num,
const u8 *addr)
{
int i = 0;
while (i < *num) {
if (os_memcmp((*acl)[i].addr, addr, ETH_ALEN) == 0) {
os_remove_in_array(*acl, *num, sizeof(**acl), i);
(*num)--;
} else {
i++;
}
}
}
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
static int hostapd_config_read_maclist(const char *fname,
struct mac_acl_entry **acl, int *num)
{
FILE *f;
char buf[128], *pos;
int line = 0;
u8 addr[ETH_ALEN];
int vlan_id;
f = fopen(fname, "r");
if (!f) {
wpa_printf(MSG_ERROR, "MAC list file '%s' not found.", fname);
return -1;
}
while (fgets(buf, sizeof(buf), f)) {
hostapd: Dynamic MAC ACL management over control interface Previously, MAC ACL could be modified only through file operations (modify accept/deny_mac_file and reload it to hostapd). Extend this to allow MAC ACL to be modified and displayed through new control interface commands: ACCEPT_ACL <subcmd> [argument] DENY_ACL <subcmd> [argument] subcmd: ADD_MAC <addr>[ VLAN_ID=<id>]|DEL_MAC <addr>|SHOW|CLEAR Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
6 years ago
int rem = 0;
hostapd: Make it possible to remove addresses from maclists It is already possible to add MAC addresses at runtime. This patch allows also to remove some of them by using the prefix "-" in the address file. Signed-off-by: Emanuel Taube <emanuel.taube@gmail.com>
10 years ago
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
line++;
if (buf[0] == '#')
continue;
pos = buf;
while (*pos != '\0') {
if (*pos == '\n') {
*pos = '\0';
break;
}
pos++;
}
if (buf[0] == '\0')
continue;
hostapd: Make it possible to remove addresses from maclists It is already possible to add MAC addresses at runtime. This patch allows also to remove some of them by using the prefix "-" in the address file. Signed-off-by: Emanuel Taube <emanuel.taube@gmail.com>
10 years ago
pos = buf;
if (buf[0] == '-') {
rem = 1;
pos++;
}
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
hostapd: Make it possible to remove addresses from maclists It is already possible to add MAC addresses at runtime. This patch allows also to remove some of them by using the prefix "-" in the address file. Signed-off-by: Emanuel Taube <emanuel.taube@gmail.com>
10 years ago
if (hwaddr_aton(pos, addr)) {
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
wpa_printf(MSG_ERROR, "Invalid MAC address '%s' at "
hostapd: Make it possible to remove addresses from maclists It is already possible to add MAC addresses at runtime. This patch allows also to remove some of them by using the prefix "-" in the address file. Signed-off-by: Emanuel Taube <emanuel.taube@gmail.com>
10 years ago
"line %d in '%s'", pos, line, fname);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
fclose(f);
return -1;
}
hostapd: Make it possible to remove addresses from maclists It is already possible to add MAC addresses at runtime. This patch allows also to remove some of them by using the prefix "-" in the address file. Signed-off-by: Emanuel Taube <emanuel.taube@gmail.com>
10 years ago
if (rem) {
hostapd: Dynamic MAC ACL management over control interface Previously, MAC ACL could be modified only through file operations (modify accept/deny_mac_file and reload it to hostapd). Extend this to allow MAC ACL to be modified and displayed through new control interface commands: ACCEPT_ACL <subcmd> [argument] DENY_ACL <subcmd> [argument] subcmd: ADD_MAC <addr>[ VLAN_ID=<id>]|DEL_MAC <addr>|SHOW|CLEAR Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
6 years ago
hostapd_remove_acl_mac(acl, num, addr);
hostapd: Make it possible to remove addresses from maclists It is already possible to add MAC addresses at runtime. This patch allows also to remove some of them by using the prefix "-" in the address file. Signed-off-by: Emanuel Taube <emanuel.taube@gmail.com>
10 years ago
continue;
}
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
vlan_id = 0;
pos = buf;
while (*pos != '\0' && *pos != ' ' && *pos != '\t')
pos++;
while (*pos == ' ' || *pos == '\t')
pos++;
if (*pos != '\0')
vlan_id = atoi(pos);
Fix a resource leak on hostapd maclist parsing error path The open file needs to be closed in error case. The conversion to using a new helper function (hostapd_add_acl_maclist) somehow managed to remove the neede fclose(f) call. Bring it back to fix this. Fixes: 3988046de538 ("hostapd: Dynamic MAC ACL management over control interface") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
if (hostapd_add_acl_maclist(acl, num, vlan_id, addr) < 0) {
fclose(f);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
return -1;
Fix a resource leak on hostapd maclist parsing error path The open file needs to be closed in error case. The conversion to using a new helper function (hostapd_add_acl_maclist) somehow managed to remove the neede fclose(f) call. Bring it back to fix this. Fixes: 3988046de538 ("hostapd: Dynamic MAC ACL management over control interface") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
}
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
}
fclose(f);
Check for NULL qsort() base pointers There are a couple of places in wpa_supplicant/hostapd where qsort() can be called with a NULL base pointer. This results in undefined behavior according to the C standard and with some standard C libraries (ARM RVCT 2.2) results in a data abort/memory exception. Fix this by skipping such calls since there is nothing needing to be sorted. Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
8 years ago
if (*acl)
qsort(*acl, *num, sizeof(**acl), hostapd_acl_comp);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
return 0;
}
#ifdef EAP_SERVER
EAP-pwd server: Add support for salted password databases These changes add support for salted password databases to EAP-pwd per RFC 8146. This commits introduces the framework for enabling this and the salting mechanisms based on SHA-1, SHA256, and SHA512 hash algorithms. Signed-off-by: Dan Harkins <dharkins@lounge.org>
6 years ago
static int hostapd_config_eap_user_salted(struct hostapd_eap_user *user,
const char *hash, size_t len,
char **pos, int line,
const char *fname)
{
char *pos2 = *pos;
while (*pos2 != '\0' && *pos2 != ' ' && *pos2 != '\t' && *pos2 != '#')
pos2++;
if (pos2 - *pos < (int) (2 * (len + 1))) { /* at least 1 byte of salt */
wpa_printf(MSG_ERROR,
"Invalid salted %s hash on line %d in '%s'",
hash, line, fname);
return -1;
}
user->password = os_malloc(len);
if (!user->password) {
wpa_printf(MSG_ERROR,
"Failed to allocate memory for salted %s hash",
hash);
return -1;
}
if (hexstr2bin(*pos, user->password, len) < 0) {
wpa_printf(MSG_ERROR,
"Invalid salted password on line %d in '%s'",
line, fname);
return -1;
}
user->password_len = len;
*pos += 2 * len;
user->salt_len = (pos2 - *pos) / 2;
user->salt = os_malloc(user->salt_len);
if (!user->salt) {
wpa_printf(MSG_ERROR,
"Failed to allocate memory for salted %s hash",
hash);
return -1;
}
if (hexstr2bin(*pos, user->salt, user->salt_len) < 0) {
wpa_printf(MSG_ERROR,
"Invalid salt for password on line %d in '%s'",
line, fname);
return -1;
}
*pos = pos2;
return 0;
}
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
static int hostapd_config_read_eap_user(const char *fname,
struct hostapd_bss_config *conf)
{
FILE *f;
char buf[512], *pos, *start, *pos2;
int line = 0, ret = 0, num_methods;
Free old eap_user_file data on configuration change This fixes a memory leak if hostapd eap_user_file parameter is modified. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
struct hostapd_eap_user *user = NULL, *tail = NULL, *new_user = NULL;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
Add preliminary support for using SQLite for eap_user database CONFIG_SQLITE=y option can now be used to allow the eap_user_file text file to be replaced with a SQLite database (eap_user_file=sqlite:/path/to/sqlite.db). hostapd.eap_user_sqlite shows an example of how the database tables can be created for this purpose. This commit does not yet include full functionality of the text file format, but at least basic EAP-TTLS/MSCHAPv2 style authentication mechanisms with plaintext passwords can be used for tests. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
if (os_strncmp(fname, "sqlite:", 7) == 0) {
Error out if user configures SQLite DB without CONFIG_SQLITE This should make it more obvious to users that they have a fatal configuration problem in hostapd authentication server. Signed-off-by: Ben Greear <greearb@candelatech.com>
9 years ago
#ifdef CONFIG_SQLITE
Add preliminary support for using SQLite for eap_user database CONFIG_SQLITE=y option can now be used to allow the eap_user_file text file to be replaced with a SQLite database (eap_user_file=sqlite:/path/to/sqlite.db). hostapd.eap_user_sqlite shows an example of how the database tables can be created for this purpose. This commit does not yet include full functionality of the text file format, but at least basic EAP-TTLS/MSCHAPv2 style authentication mechanisms with plaintext passwords can be used for tests. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
os_free(conf->eap_user_sqlite);
conf->eap_user_sqlite = os_strdup(fname + 7);
return 0;
Error out if user configures SQLite DB without CONFIG_SQLITE This should make it more obvious to users that they have a fatal configuration problem in hostapd authentication server. Signed-off-by: Ben Greear <greearb@candelatech.com>
9 years ago
#else /* CONFIG_SQLITE */
wpa_printf(MSG_ERROR,
"EAP user file in SQLite DB, but CONFIG_SQLITE was not enabled in the build.");
return -1;
#endif /* CONFIG_SQLITE */
Add preliminary support for using SQLite for eap_user database CONFIG_SQLITE=y option can now be used to allow the eap_user_file text file to be replaced with a SQLite database (eap_user_file=sqlite:/path/to/sqlite.db). hostapd.eap_user_sqlite shows an example of how the database tables can be created for this purpose. This commit does not yet include full functionality of the text file format, but at least basic EAP-TTLS/MSCHAPv2 style authentication mechanisms with plaintext passwords can be used for tests. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
}
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
f = fopen(fname, "r");
if (!f) {
wpa_printf(MSG_ERROR, "EAP user file '%s' not found.", fname);
return -1;
}
/* Lines: "user" METHOD,METHOD2 "password" (password optional) */
while (fgets(buf, sizeof(buf), f)) {
line++;
if (buf[0] == '#')
continue;
pos = buf;
while (*pos != '\0') {
if (*pos == '\n') {
*pos = '\0';
break;
}
pos++;
}
if (buf[0] == '\0')
continue;
Allow arbitrary RADIUS attributes to be added into Access-Accept This extends the design already available for Access-Request packets to the RADIUS server and Access-Accept messages. Each user entry can be configured to add arbitrary RADIUS attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
#ifndef CONFIG_NO_RADIUS
if (user && os_strncmp(buf, "radius_accept_attr=", 19) == 0) {
struct hostapd_radius_attr *attr, *a;
attr = hostapd_parse_radius_attr(buf + 19);
if (attr == NULL) {
hostapd: Fix error message for radius_accept_attr config option Error message contained wrong config option. Signed-off-by: Pali Rohár <pali@kernel.org>
4 years ago
wpa_printf(MSG_ERROR, "Invalid radius_accept_attr: %s",
Allow arbitrary RADIUS attributes to be added into Access-Accept This extends the design already available for Access-Request packets to the RADIUS server and Access-Accept messages. Each user entry can be configured to add arbitrary RADIUS attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
buf + 19);
Fix error path handling on radius_accept_attr This error path must not try to free the user entry since that entry was already added to the BSS list and will be freed when BSS is freed. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
user = NULL; /* already in the BSS list */
Allow arbitrary RADIUS attributes to be added into Access-Accept This extends the design already available for Access-Request packets to the RADIUS server and Access-Accept messages. Each user entry can be configured to add arbitrary RADIUS attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
goto failed;
}
if (user->accept_attr == NULL) {
user->accept_attr = attr;
} else {
a = user->accept_attr;
while (a->next)
a = a->next;
a->next = attr;
}
continue;
}
#endif /* CONFIG_NO_RADIUS */
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
user = NULL;
if (buf[0] != '"' && buf[0] != '*') {
wpa_printf(MSG_ERROR, "Invalid EAP identity (no \" in "
"start) on line %d in '%s'", line, fname);
goto failed;
}
user = os_zalloc(sizeof(*user));
if (user == NULL) {
wpa_printf(MSG_ERROR, "EAP user allocation failed");
goto failed;
}
user->force_version = -1;
if (buf[0] == '*') {
pos = buf;
} else {
pos = buf + 1;
start = pos;
while (*pos != '"' && *pos != '\0')
pos++;
if (*pos == '\0') {
wpa_printf(MSG_ERROR, "Invalid EAP identity "
"(no \" in end) on line %d in '%s'",
line, fname);
goto failed;
}
Use os_memdup() This leads to cleaner code overall, and also reduces the size of the hostapd and wpa_supplicant binaries (in hwsim test build on x86_64) by about 2.5 and 3.5KiB respectively. The mechanical conversions all over the code were done with the following spatch: @@ expression SIZE, SRC; expression a; @@ -a = os_malloc(SIZE); +a = os_memdup(SRC, SIZE); <... if (!a) {...} ...> -os_memcpy(a, SRC, SIZE); Signed-off-by: Johannes Berg <johannes.berg@intel.com>
7 years ago
user->identity = os_memdup(start, pos - start);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
if (user->identity == NULL) {
wpa_printf(MSG_ERROR, "Failed to allocate "
"memory for EAP identity");
goto failed;
}
user->identity_len = pos - start;
if (pos[0] == '"' && pos[1] == '*') {
user->wildcard_prefix = 1;
pos++;
}
}
pos++;
while (*pos == ' ' || *pos == '\t')
pos++;
if (*pos == '\0') {
wpa_printf(MSG_ERROR, "No EAP method on line %d in "
"'%s'", line, fname);
goto failed;
}
start = pos;
while (*pos != ' ' && *pos != '\t' && *pos != '\0')
pos++;
if (*pos == '\0') {
pos = NULL;
} else {
*pos = '\0';
pos++;
}
num_methods = 0;
while (*start) {
char *pos3 = os_strchr(start, ',');
if (pos3) {
*pos3++ = '\0';
}
user->methods[num_methods].method =
eap_server_get_type(
start,
&user->methods[num_methods].vendor);
if (user->methods[num_methods].vendor ==
EAP_VENDOR_IETF &&
user->methods[num_methods].method == EAP_TYPE_NONE)
{
if (os_strcmp(start, "TTLS-PAP") == 0) {
user->ttls_auth |= EAP_TTLS_AUTH_PAP;
goto skip_eap;
}
if (os_strcmp(start, "TTLS-CHAP") == 0) {
user->ttls_auth |= EAP_TTLS_AUTH_CHAP;
goto skip_eap;
}
if (os_strcmp(start, "TTLS-MSCHAP") == 0) {
user->ttls_auth |=
EAP_TTLS_AUTH_MSCHAP;
goto skip_eap;
}
if (os_strcmp(start, "TTLS-MSCHAPV2") == 0) {
user->ttls_auth |=
EAP_TTLS_AUTH_MSCHAPV2;
goto skip_eap;
}
RADIUS server: Add support for MAC ACL "user" MACACL "password" style lines in the eap_user file can now be used to configured user entries for RADIUS-based MAC ACL. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
if (os_strcmp(start, "MACACL") == 0) {
user->macacl = 1;
goto skip_eap;
}
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
wpa_printf(MSG_ERROR, "Unsupported EAP type "
"'%s' on line %d in '%s'",
start, line, fname);
goto failed;
}
num_methods++;
Use a single define for maximum number of EAP methods This cleans up the code a bit by not having to deal with theoretical possibility of maximum number of EAP methods to be different between various components in hostapd. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
if (num_methods >= EAP_MAX_METHODS)
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
break;
skip_eap:
if (pos3 == NULL)
break;
start = pos3;
}
RADIUS server: Add support for MAC ACL "user" MACACL "password" style lines in the eap_user file can now be used to configured user entries for RADIUS-based MAC ACL. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
if (num_methods == 0 && user->ttls_auth == 0 && !user->macacl) {
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
wpa_printf(MSG_ERROR, "No EAP types configured on "
"line %d in '%s'", line, fname);
goto failed;
}
if (pos == NULL)
goto done;
while (*pos == ' ' || *pos == '\t')
pos++;
if (*pos == '\0')
goto done;
if (os_strncmp(pos, "[ver=0]", 7) == 0) {
user->force_version = 0;
goto done;
}
if (os_strncmp(pos, "[ver=1]", 7) == 0) {
user->force_version = 1;
goto done;
}
if (os_strncmp(pos, "[2]", 3) == 0) {
user->phase2 = 1;
goto done;
}
if (*pos == '"') {
pos++;
start = pos;
while (*pos != '"' && *pos != '\0')
pos++;
if (*pos == '\0') {
wpa_printf(MSG_ERROR, "Invalid EAP password "
"(no \" in end) on line %d in '%s'",
line, fname);
goto failed;
}
Use os_memdup() This leads to cleaner code overall, and also reduces the size of the hostapd and wpa_supplicant binaries (in hwsim test build on x86_64) by about 2.5 and 3.5KiB respectively. The mechanical conversions all over the code were done with the following spatch: @@ expression SIZE, SRC; expression a; @@ -a = os_malloc(SIZE); +a = os_memdup(SRC, SIZE); <... if (!a) {...} ...> -os_memcpy(a, SRC, SIZE); Signed-off-by: Johannes Berg <johannes.berg@intel.com>
7 years ago
user->password = os_memdup(start, pos - start);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
if (user->password == NULL) {
wpa_printf(MSG_ERROR, "Failed to allocate "
"memory for EAP password");
goto failed;
}
user->password_len = pos - start;
pos++;
} else if (os_strncmp(pos, "hash:", 5) == 0) {
pos += 5;
pos2 = pos;
while (*pos2 != '\0' && *pos2 != ' ' &&
*pos2 != '\t' && *pos2 != '#')
pos2++;
if (pos2 - pos != 32) {
wpa_printf(MSG_ERROR, "Invalid password hash "
"on line %d in '%s'", line, fname);
goto failed;
}
user->password = os_malloc(16);
if (user->password == NULL) {
wpa_printf(MSG_ERROR, "Failed to allocate "
"memory for EAP password hash");
goto failed;
}
if (hexstr2bin(pos, user->password, 16) < 0) {
wpa_printf(MSG_ERROR, "Invalid hash password "
"on line %d in '%s'", line, fname);
goto failed;
}
user->password_len = 16;
user->password_hash = 1;
pos = pos2;
EAP-pwd server: Add support for salted password databases These changes add support for salted password databases to EAP-pwd per RFC 8146. This commits introduces the framework for enabling this and the salting mechanisms based on SHA-1, SHA256, and SHA512 hash algorithms. Signed-off-by: Dan Harkins <dharkins@lounge.org>
6 years ago
} else if (os_strncmp(pos, "ssha1:", 6) == 0) {
pos += 6;
if (hostapd_config_eap_user_salted(user, "sha1", 20,
&pos,
line, fname) < 0)
goto failed;
} else if (os_strncmp(pos, "ssha256:", 8) == 0) {
pos += 8;
if (hostapd_config_eap_user_salted(user, "sha256", 32,
&pos,
line, fname) < 0)
goto failed;
} else if (os_strncmp(pos, "ssha512:", 8) == 0) {
pos += 8;
if (hostapd_config_eap_user_salted(user, "sha512", 64,
&pos,
line, fname) < 0)
goto failed;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
} else {
pos2 = pos;
while (*pos2 != '\0' && *pos2 != ' ' &&
*pos2 != '\t' && *pos2 != '#')
pos2++;
if ((pos2 - pos) & 1) {
wpa_printf(MSG_ERROR, "Invalid hex password "
"on line %d in '%s'", line, fname);
goto failed;
}
user->password = os_malloc((pos2 - pos) / 2);
if (user->password == NULL) {
wpa_printf(MSG_ERROR, "Failed to allocate "
"memory for EAP password");
goto failed;
}
if (hexstr2bin(pos, user->password,
(pos2 - pos) / 2) < 0) {
wpa_printf(MSG_ERROR, "Invalid hex password "
"on line %d in '%s'", line, fname);
goto failed;
}
user->password_len = (pos2 - pos) / 2;
pos = pos2;
}
while (*pos == ' ' || *pos == '\t')
pos++;
if (os_strncmp(pos, "[2]", 3) == 0) {
user->phase2 = 1;
}
done:
if (tail == NULL) {
Free old eap_user_file data on configuration change This fixes a memory leak if hostapd eap_user_file parameter is modified. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
tail = new_user = user;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
} else {
tail->next = user;
tail = user;
}
continue;
failed:
Allow arbitrary RADIUS attributes to be added into Access-Accept This extends the design already available for Access-Request packets to the RADIUS server and Access-Accept messages. Each user entry can be configured to add arbitrary RADIUS attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (user)
hostapd_config_free_eap_user(user);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
ret = -1;
break;
}
fclose(f);
Free old eap_user_file data on configuration change This fixes a memory leak if hostapd eap_user_file parameter is modified. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (ret == 0) {
Fix memory leak on hostapd eap_user_file parsing error paths Need to free all the pending completed EAP users if a parsing error prevents the file from being used. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
hostapd_config_free_eap_users(conf->eap_user);
Free old eap_user_file data on configuration change This fixes a memory leak if hostapd eap_user_file parameter is modified. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
conf->eap_user = new_user;
Fix memory leak on hostapd eap_user_file parsing error paths Need to free all the pending completed EAP users if a parsing error prevents the file from being used. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
} else {
hostapd_config_free_eap_users(new_user);
Free old eap_user_file data on configuration change This fixes a memory leak if hostapd eap_user_file parameter is modified. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
}
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
return ret;
}
EAP-pwd server: Add support for salted password databases These changes add support for salted password databases to EAP-pwd per RFC 8146. This commits introduces the framework for enabling this and the salting mechanisms based on SHA-1, SHA256, and SHA512 hash algorithms. Signed-off-by: Dan Harkins <dharkins@lounge.org>
6 years ago
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#endif /* EAP_SERVER */
#ifndef CONFIG_NO_RADIUS
static int
hostapd_config_read_radius_addr(struct hostapd_radius_server **server,
int *num_server, const char *val, int def_port,
struct hostapd_radius_server **curr_serv)
{
struct hostapd_radius_server *nserv;
int ret;
static int server_index = 1;
Convert os_realloc() for an array to use os_realloc_array() Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
nserv = os_realloc_array(*server, *num_server + 1, sizeof(*nserv));
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
if (nserv == NULL)
return -1;
*server = nserv;
nserv = &nserv[*num_server];
(*num_server)++;
(*curr_serv) = nserv;
os_memset(nserv, 0, sizeof(*nserv));
nserv->port = def_port;
ret = hostapd_parse_ip_addr(val, &nserv->addr);
nserv->index = server_index++;
return ret;
}
hostapd: Allow addition of arbitrary RADIUS attributes New configuration parameters radius_auth_req_attr and radius_acct_req_attr can now be used to add (or override) RADIUS attributes in Access-Request and Accounting-Request packets. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
Add preliminary RADIUS dynamic authorization server (RFC 5176) This adds the basic DAS mechanism to enable hostapd to be configured to request dynamic authorization requests (Disconnect-Request and CoA-Request). This commit does not add actual processing of the requests, i.e., this will only receive and authenticate the requests and NAK them regardless of what operation is requested. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
hostapd: Fix parsing the das_client option The musl implementation of inet_aton() returns an error if there are any characters left after the IP address. When parsing the das_client, split the string at the whitespace separator to be able to parse the address successfully. Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years ago
static int hostapd_parse_das_client(struct hostapd_bss_config *bss, char *val)
Add preliminary RADIUS dynamic authorization server (RFC 5176) This adds the basic DAS mechanism to enable hostapd to be configured to request dynamic authorization requests (Disconnect-Request and CoA-Request). This commit does not add actual processing of the requests, i.e., this will only receive and authenticate the requests and NAK them regardless of what operation is requested. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
{
char *secret;
secret = os_strchr(val, ' ');
if (secret == NULL)
return -1;
hostapd: Fix parsing the das_client option The musl implementation of inet_aton() returns an error if there are any characters left after the IP address. When parsing the das_client, split the string at the whitespace separator to be able to parse the address successfully. Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years ago
*secret++ = '\0';
Add preliminary RADIUS dynamic authorization server (RFC 5176) This adds the basic DAS mechanism to enable hostapd to be configured to request dynamic authorization requests (Disconnect-Request and CoA-Request). This commit does not add actual processing of the requests, i.e., this will only receive and authenticate the requests and NAK them regardless of what operation is requested. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
if (hostapd_parse_ip_addr(val, &bss->radius_das_client_addr))
return -1;
os_free(bss->radius_das_shared_secret);
Use os_strdup() instead of os_malloc() + os_memcpy() It is simpler to use os_strdup() to copy strings even if the end results end up being used as binary data with a separate length field. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
bss->radius_das_shared_secret = (u8 *) os_strdup(secret);
Add preliminary RADIUS dynamic authorization server (RFC 5176) This adds the basic DAS mechanism to enable hostapd to be configured to request dynamic authorization requests (Disconnect-Request and CoA-Request). This commit does not add actual processing of the requests, i.e., this will only receive and authenticate the requests and NAK them regardless of what operation is requested. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
if (bss->radius_das_shared_secret == NULL)
return -1;
Use os_strdup() instead of os_malloc() + os_memcpy() It is simpler to use os_strdup() to copy strings even if the end results end up being used as binary data with a separate length field. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
bss->radius_das_shared_secret_len = os_strlen(secret);
Add preliminary RADIUS dynamic authorization server (RFC 5176) This adds the basic DAS mechanism to enable hostapd to be configured to request dynamic authorization requests (Disconnect-Request and CoA-Request). This commit does not add actual processing of the requests, i.e., this will only receive and authenticate the requests and NAK them regardless of what operation is requested. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
return 0;
}
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#endif /* CONFIG_NO_RADIUS */
static int hostapd_config_parse_key_mgmt(int line, const char *value)
{
int val = 0, last;
char *start, *end, *buf;
buf = os_strdup(value);
if (buf == NULL)
return -1;
start = buf;
while (*start != '\0') {
while (*start == ' ' || *start == '\t')
start++;
if (*start == '\0')
break;
end = start;
while (*end != ' ' && *end != '\t' && *end != '\0')
end++;
last = *end == '\0';
*end = '\0';
if (os_strcmp(start, "WPA-PSK") == 0)
val |= WPA_KEY_MGMT_PSK;
else if (os_strcmp(start, "WPA-EAP") == 0)
val |= WPA_KEY_MGMT_IEEE8021X;
FT: Complete CONFIG_IEEE80211R_AP renaming for hostapd Commit 4ec1fd8e42bad9390f14a58225b6e5f6fb691950 ('FT: Differentiate between FT for station and for AP in build') renamed all CONFIG_IEEE80211R instances within src/ap/* to CONFIG_IEEE80211R_AP, but it did not change hostapd/* files to match. While this does not cause much harm for normal use cases, this broke some test builds where wpa_supplicant build is used to build in hostapd/*.c files for analysis. Fix this by completing CONFIG_IEEE80211R_AP renaming. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
#ifdef CONFIG_IEEE80211R_AP
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
else if (os_strcmp(start, "FT-PSK") == 0)
val |= WPA_KEY_MGMT_FT_PSK;
else if (os_strcmp(start, "FT-EAP") == 0)
val |= WPA_KEY_MGMT_FT_IEEE8021X;
FT: Add key management value FT-EAP-SHA384 for hostapd This allows hostapd to be configuted to use the SHA384-based FT AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
6 years ago
#ifdef CONFIG_SHA384
else if (os_strcmp(start, "FT-EAP-SHA384") == 0)
val |= WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
#endif /* CONFIG_SHA384 */
FT: Complete CONFIG_IEEE80211R_AP renaming for hostapd Commit 4ec1fd8e42bad9390f14a58225b6e5f6fb691950 ('FT: Differentiate between FT for station and for AP in build') renamed all CONFIG_IEEE80211R instances within src/ap/* to CONFIG_IEEE80211R_AP, but it did not change hostapd/* files to match. While this does not cause much harm for normal use cases, this broke some test builds where wpa_supplicant build is used to build in hostapd/*.c files for analysis. Fix this by completing CONFIG_IEEE80211R_AP renaming. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
#endif /* CONFIG_IEEE80211R_AP */
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
else if (os_strcmp(start, "WPA-PSK-SHA256") == 0)
val |= WPA_KEY_MGMT_PSK_SHA256;
else if (os_strcmp(start, "WPA-EAP-SHA256") == 0)
val |= WPA_KEY_MGMT_IEEE8021X_SHA256;
Add initial parts for SAE This introduces new AKM for SAE and FT-SAE and adds the initial parts for going through the SAE Authentication frame exchange. The actual SAE algorithm and new fields in Authentication frames are not yet included in this commit and will be added separately. This version is able to complete a dummy authentication with the correct authentication algorithm and transaction values to allow cfg80211/mac80211 drivers to be tested (all the missing parts can be handled with hostapd/wpa_supplicant changes). Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#ifdef CONFIG_SAE
else if (os_strcmp(start, "SAE") == 0)
val |= WPA_KEY_MGMT_SAE;
else if (os_strcmp(start, "FT-SAE") == 0)
val |= WPA_KEY_MGMT_FT_SAE;
#endif /* CONFIG_SAE */
Add Suite B 192-bit AKM WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into use as the key management method. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
#ifdef CONFIG_SUITEB
Suite B: Add AKM 00-0F-AC:11 This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The functionality itself is not yet complete, i.e., this commit only includes parts to negotiate the new AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
else if (os_strcmp(start, "WPA-EAP-SUITE-B") == 0)
val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B;
Add Suite B 192-bit AKM WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into use as the key management method. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
#endif /* CONFIG_SUITEB */
#ifdef CONFIG_SUITEB192
else if (os_strcmp(start, "WPA-EAP-SUITE-B-192") == 0)
val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
#endif /* CONFIG_SUITEB192 */
FILS: Add hostapd configuration options This adds CONFIG_FILS=y build configuration option and new key management options for FILS authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
#ifdef CONFIG_FILS
else if (os_strcmp(start, "FILS-SHA256") == 0)
val |= WPA_KEY_MGMT_FILS_SHA256;
else if (os_strcmp(start, "FILS-SHA384") == 0)
val |= WPA_KEY_MGMT_FILS_SHA384;
FT: Complete CONFIG_IEEE80211R_AP renaming for hostapd Commit 4ec1fd8e42bad9390f14a58225b6e5f6fb691950 ('FT: Differentiate between FT for station and for AP in build') renamed all CONFIG_IEEE80211R instances within src/ap/* to CONFIG_IEEE80211R_AP, but it did not change hostapd/* files to match. While this does not cause much harm for normal use cases, this broke some test builds where wpa_supplicant build is used to build in hostapd/*.c files for analysis. Fix this by completing CONFIG_IEEE80211R_AP renaming. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
#ifdef CONFIG_IEEE80211R_AP
FILS: Add hostapd configuration options This adds CONFIG_FILS=y build configuration option and new key management options for FILS authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
else if (os_strcmp(start, "FT-FILS-SHA256") == 0)
val |= WPA_KEY_MGMT_FT_FILS_SHA256;
else if (os_strcmp(start, "FT-FILS-SHA384") == 0)
val |= WPA_KEY_MGMT_FT_FILS_SHA384;
FT: Complete CONFIG_IEEE80211R_AP renaming for hostapd Commit 4ec1fd8e42bad9390f14a58225b6e5f6fb691950 ('FT: Differentiate between FT for station and for AP in build') renamed all CONFIG_IEEE80211R instances within src/ap/* to CONFIG_IEEE80211R_AP, but it did not change hostapd/* files to match. While this does not cause much harm for normal use cases, this broke some test builds where wpa_supplicant build is used to build in hostapd/*.c files for analysis. Fix this by completing CONFIG_IEEE80211R_AP renaming. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
#endif /* CONFIG_IEEE80211R_AP */
FILS: Add hostapd configuration options This adds CONFIG_FILS=y build configuration option and new key management options for FILS authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
#endif /* CONFIG_FILS */
OWE: Define and parse OWE AKM selector This adds a new RSN AKM "OWE". Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
#ifdef CONFIG_OWE
else if (os_strcmp(start, "OWE") == 0)
val |= WPA_KEY_MGMT_OWE;
#endif /* CONFIG_OWE */
DPP: Add new AKM This new AKM is used with DPP when using the signed Connector to derive a PMK. Since the KCK, KEK, and MIC lengths are variable within a single AKM, this needs number of additional changes to get the PMK length delivered to places that need to figure out the lengths of the PTK components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#ifdef CONFIG_DPP
else if (os_strcmp(start, "DPP") == 0)
val |= WPA_KEY_MGMT_DPP;
#endif /* CONFIG_DPP */
HS 2.0: Allow OSEN connection to be enabled in an RSN BSS This allows a single BSS/SSID to be used for both data connection and OSU. Instead of hostapd configuration osen=1, wpa_key_mgmt=OSEN (or more likely, wpa_key_mgmt=WPA-EAP OSEN) is used to enable this new option. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
#ifdef CONFIG_HS20
else if (os_strcmp(start, "OSEN") == 0)
val |= WPA_KEY_MGMT_OSEN;
#endif /* CONFIG_HS20 */
AP: Add support for configuring PASN Signed-off-by: Ilan Peer <ilan.peer@intel.com>
3 years ago
#ifdef CONFIG_PASN
else if (os_strcmp(start, "PASN") == 0)
val |= WPA_KEY_MGMT_PASN;
#endif /* CONFIG_PASN */
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
else {
wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
line, start);
os_free(buf);
return -1;
}
if (last)
break;
start = end + 1;
}
os_free(buf);
if (val == 0) {
wpa_printf(MSG_ERROR, "Line %d: no key_mgmt values "
"configured.", line);
return -1;
}
return val;
}
static int hostapd_config_parse_cipher(int line, const char *value)
{
Use a common function for parsing cipher suites Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
int val = wpa_parse_cipher(value);
if (val < 0) {
wpa_printf(MSG_ERROR, "Line %d: invalid cipher '%s'.",
line, value);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
return -1;
}
if (val == 0) {
wpa_printf(MSG_ERROR, "Line %d: no cipher values configured.",
line);
return -1;
}
return val;
}
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#ifdef CONFIG_WEP
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx,
char *val)
{
size_t len = os_strlen(val);
Allow hostapd wep_key# parameters to be cleared Setting wep_key# to an empty string will now clear a previously configured key. This is needed to be able to change WEP configured AP to using WPA/WPA2 through the hostapd control interface SET commands. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
if (keyidx < 0 || keyidx > 3)
return -1;
if (len == 0) {
int i, set = 0;
bin_clear_free(wep->key[keyidx], wep->len[keyidx]);
wep->key[keyidx] = NULL;
wep->len[keyidx] = 0;
for (i = 0; i < NUM_WEP_KEYS; i++) {
if (wep->key[i])
set++;
}
if (!set)
wep->keys_set = 0;
return 0;
}
if (wep->key[keyidx] != NULL)
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
return -1;
if (val[0] == '"') {
if (len < 2 || val[len - 1] != '"')
return -1;
len -= 2;
Use os_memdup() This leads to cleaner code overall, and also reduces the size of the hostapd and wpa_supplicant binaries (in hwsim test build on x86_64) by about 2.5 and 3.5KiB respectively. The mechanical conversions all over the code were done with the following spatch: @@ expression SIZE, SRC; expression a; @@ -a = os_malloc(SIZE); +a = os_memdup(SRC, SIZE); <... if (!a) {...} ...> -os_memcpy(a, SRC, SIZE); Signed-off-by: Johannes Berg <johannes.berg@intel.com>
7 years ago
wep->key[keyidx] = os_memdup(val + 1, len);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
if (wep->key[keyidx] == NULL)
return -1;
wep->len[keyidx] = len;
} else {
if (len & 1)
return -1;
len /= 2;
wep->key[keyidx] = os_malloc(len);
if (wep->key[keyidx] == NULL)
return -1;
wep->len[keyidx] = len;
if (hexstr2bin(val, wep->key[keyidx], len) < 0)
return -1;
}
wep->keys_set++;
return 0;
}
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#endif /* CONFIG_WEP */
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
Extend offloaded ACS QCA vendor command to support VHT Update ACS driver offload feature for VHT configuration. In addition, this allows the chanlist parameter to be used to specify which channels are included as options for the offloaded ACS case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
static int hostapd_parse_chanlist(struct hostapd_config *conf, char *val)
{
char *pos;
/* for backwards compatibility, translate ' ' in conf str to ',' */
pos = val;
while (pos) {
pos = os_strchr(pos, ' ');
if (pos)
*pos++ = ',';
}
if (freq_range_list_parse(&conf->acs_ch_list, val))
return -1;
return 0;
}
Rename hostapd_parse_rates() to a more generic int list parser This can be used with other integer lists than just rates. Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
11 years ago
static int hostapd_parse_intlist(int **int_list, char *val)
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
{
int *list;
int count;
char *pos, *end;
Rename hostapd_parse_rates() to a more generic int list parser This can be used with other integer lists than just rates. Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
11 years ago
os_free(*int_list);
*int_list = NULL;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
pos = val;
count = 0;
while (*pos != '\0') {
if (*pos == ' ')
count++;
pos++;
}
list = os_malloc(sizeof(int) * (count + 2));
if (list == NULL)
return -1;
pos = val;
count = 0;
while (*pos != '\0') {
end = os_strchr(pos, ' ');
if (end)
*end = '\0';
list[count++] = atoi(pos);
if (!end)
break;
pos = end + 1;
}
list[count] = -1;
Rename hostapd_parse_rates() to a more generic int list parser This can be used with other integer lists than just rates. Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
11 years ago
*int_list = list;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
return 0;
}
static int hostapd_config_bss(struct hostapd_config *conf, const char *ifname)
{
hostapd: Make hostapd_config::bss array of pointers This makes it more convenient to move BSS configuration entries between struct hostapd_config instances to clean up per-BSS configuration file design. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
struct hostapd_bss_config **all, *bss;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
if (*ifname == '\0')
return -1;
hostapd: Make hostapd_config::bss array of pointers This makes it more convenient to move BSS configuration entries between struct hostapd_config instances to clean up per-BSS configuration file design. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
all = os_realloc_array(conf->bss, conf->num_bss + 1,
sizeof(struct hostapd_bss_config *));
if (all == NULL) {
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
wpa_printf(MSG_ERROR, "Failed to allocate memory for "
"multi-BSS entry");
return -1;
}
hostapd: Make hostapd_config::bss array of pointers This makes it more convenient to move BSS configuration entries between struct hostapd_config instances to clean up per-BSS configuration file design. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
conf->bss = all;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
hostapd: Fix multi-BSS configuration file parsing regression Commit ebd79f07c47b02b71c0ac7744a6a94a2bae92fcf broke parsing of configuration files that use the bss parameter to specify another BSS entry. This resulted in crashing the process with NULL pointer dereference since the new hostapd_config::bss design requires this function to allocate a new hostapd_bss_config structure. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
bss = os_zalloc(sizeof(*bss));
if (bss == NULL)
return -1;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
bss->radius = os_zalloc(sizeof(*bss->radius));
if (bss->radius == NULL) {
wpa_printf(MSG_ERROR, "Failed to allocate memory for "
"multi-BSS RADIUS data");
hostapd: Fix multi-BSS configuration file parsing regression Commit ebd79f07c47b02b71c0ac7744a6a94a2bae92fcf broke parsing of configuration files that use the bss parameter to specify another BSS entry. This resulted in crashing the process with NULL pointer dereference since the new hostapd_config::bss design requires this function to allocate a new hostapd_bss_config structure. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
os_free(bss);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
return -1;
}
hostapd: Fix multi-BSS configuration file parsing regression Commit ebd79f07c47b02b71c0ac7744a6a94a2bae92fcf broke parsing of configuration files that use the bss parameter to specify another BSS entry. This resulted in crashing the process with NULL pointer dereference since the new hostapd_config::bss design requires this function to allocate a new hostapd_bss_config structure. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
conf->bss[conf->num_bss++] = bss;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
conf->last_bss = bss;
hostapd_config_defaults_bss(bss);
os_strlcpy(bss->iface, ifname, sizeof(bss->iface));
os_memcpy(bss->ssid.vlan, bss->iface, IFNAMSIZ + 1);
return 0;
}
FT: Complete CONFIG_IEEE80211R_AP renaming for hostapd Commit 4ec1fd8e42bad9390f14a58225b6e5f6fb691950 ('FT: Differentiate between FT for station and for AP in build') renamed all CONFIG_IEEE80211R instances within src/ap/* to CONFIG_IEEE80211R_AP, but it did not change hostapd/* files to match. While this does not cause much harm for normal use cases, this broke some test builds where wpa_supplicant build is used to build in hostapd/*.c files for analysis. Fix this by completing CONFIG_IEEE80211R_AP renaming. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
#ifdef CONFIG_IEEE80211R_AP
FT: New RRB message format Convert FT RRB into a new TLV based format. Use AES-SIV as AEAD cipher to protect the messages. This needs at least 32 byte long keys. These can be provided either by a config file change or letting a KDF derive the 32 byte key used from the 16 byte key given. This breaks backward compatibility, i.e., hostapd needs to be updated on all APs at the same time to allow FT to remain functional. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
7 years ago
static int rkh_derive_key(const char *pos, u8 *key, size_t key_len)
{
u8 oldkey[16];
int ret;
if (!hexstr2bin(pos, key, key_len))
return 0;
/* Try to use old short key for backwards compatibility */
if (hexstr2bin(pos, oldkey, sizeof(oldkey)))
return -1;
ret = hmac_sha256_kdf(oldkey, sizeof(oldkey), "FT OLDKEY", NULL, 0,
key, key_len);
os_memset(oldkey, 0, sizeof(oldkey));
return ret;
}
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
static int add_r0kh(struct hostapd_bss_config *bss, char *value)
{
struct ft_remote_r0kh *r0kh;
char *pos, *next;
r0kh = os_zalloc(sizeof(*r0kh));
if (r0kh == NULL)
return -1;
/* 02:01:02:03:04:05 a.example.com 000102030405060708090a0b0c0d0e0f */
pos = value;
next = os_strchr(pos, ' ');
if (next)
*next++ = '\0';
if (next == NULL || hwaddr_aton(pos, r0kh->addr)) {
wpa_printf(MSG_ERROR, "Invalid R0KH MAC address: '%s'", pos);
os_free(r0kh);
return -1;
}
pos = next;
next = os_strchr(pos, ' ');
if (next)
*next++ = '\0';
if (next == NULL || next - pos > FT_R0KH_ID_MAX_LEN) {
wpa_printf(MSG_ERROR, "Invalid R0KH-ID: '%s'", pos);
os_free(r0kh);
return -1;
}
r0kh->id_len = next - pos - 1;
os_memcpy(r0kh->id, pos, r0kh->id_len);
pos = next;
FT: New RRB message format Convert FT RRB into a new TLV based format. Use AES-SIV as AEAD cipher to protect the messages. This needs at least 32 byte long keys. These can be provided either by a config file change or letting a KDF derive the 32 byte key used from the 16 byte key given. This breaks backward compatibility, i.e., hostapd needs to be updated on all APs at the same time to allow FT to remain functional. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
7 years ago
if (rkh_derive_key(pos, r0kh->key, sizeof(r0kh->key)) < 0) {
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
wpa_printf(MSG_ERROR, "Invalid R0KH key: '%s'", pos);
os_free(r0kh);
return -1;
}
r0kh->next = bss->r0kh_list;
bss->r0kh_list = r0kh;
return 0;
}
static int add_r1kh(struct hostapd_bss_config *bss, char *value)
{
struct ft_remote_r1kh *r1kh;
char *pos, *next;
r1kh = os_zalloc(sizeof(*r1kh));
if (r1kh == NULL)
return -1;
/* 02:01:02:03:04:05 02:01:02:03:04:05
* 000102030405060708090a0b0c0d0e0f */
pos = value;
next = os_strchr(pos, ' ');
if (next)
*next++ = '\0';
if (next == NULL || hwaddr_aton(pos, r1kh->addr)) {
wpa_printf(MSG_ERROR, "Invalid R1KH MAC address: '%s'", pos);
os_free(r1kh);
return -1;
}
pos = next;
next = os_strchr(pos, ' ');
if (next)
*next++ = '\0';
if (next == NULL || hwaddr_aton(pos, r1kh->id)) {
wpa_printf(MSG_ERROR, "Invalid R1KH-ID: '%s'", pos);
os_free(r1kh);
return -1;
}
pos = next;
FT: New RRB message format Convert FT RRB into a new TLV based format. Use AES-SIV as AEAD cipher to protect the messages. This needs at least 32 byte long keys. These can be provided either by a config file change or letting a KDF derive the 32 byte key used from the 16 byte key given. This breaks backward compatibility, i.e., hostapd needs to be updated on all APs at the same time to allow FT to remain functional. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
7 years ago
if (rkh_derive_key(pos, r1kh->key, sizeof(r1kh->key)) < 0) {
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
wpa_printf(MSG_ERROR, "Invalid R1KH key: '%s'", pos);
os_free(r1kh);
return -1;
}
r1kh->next = bss->r1kh_list;
bss->r1kh_list = r1kh;
return 0;
}
FT: Complete CONFIG_IEEE80211R_AP renaming for hostapd Commit 4ec1fd8e42bad9390f14a58225b6e5f6fb691950 ('FT: Differentiate between FT for station and for AP in build') renamed all CONFIG_IEEE80211R instances within src/ap/* to CONFIG_IEEE80211R_AP, but it did not change hostapd/* files to match. While this does not cause much harm for normal use cases, this broke some test builds where wpa_supplicant build is used to build in hostapd/*.c files for analysis. Fix this by completing CONFIG_IEEE80211R_AP renaming. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
#endif /* CONFIG_IEEE80211R_AP */
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
static int hostapd_config_ht_capab(struct hostapd_config *conf,
const char *capab)
{
if (os_strstr(capab, "[LDPC]"))
conf->ht_capab |= HT_CAP_INFO_LDPC_CODING_CAP;
if (os_strstr(capab, "[HT40-]")) {
conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
conf->secondary_channel = -1;
}
if (os_strstr(capab, "[HT40+]")) {
conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
conf->secondary_channel = 1;
}
hostapd: Select a valid secondary channel if both enabled When starting AP in HT40 mode and both HT40+ and HT40- options are specified in hostapd.conf, select a valid secondary channel for the AP automatically. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
if (os_strstr(capab, "[HT40+]") && os_strstr(capab, "[HT40-]")) {
conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
conf->ht40_plus_minus_allowed = 1;
}
hostapd: SET ht_capab support for disabling 40 MHz bandwidth 'hostapd_cli SET ht_capab' only checked for [HT40+] or [HT40-] or both to be present. Based on the offset + or -, secondary_channel is updated but HT20/VHT20 mode can be brought up only from config file and can't be done using the SET command when the current HT mode is HT40+ or HT40-. When managing AP+STA mode from userspace doing hostapd_cli: "disable -> set channel, ht_capab -> enable" sequence, channel switch from HT40/VHT40 to HT20/VHT20 was not possible with this SET ht_capab limitation. Cover this additional case by resetting secondary_channel to 0 for HT20/VHT20 when ht_capab has neither [HT40+] nor [HT40-] present. Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
6 years ago
if (!os_strstr(capab, "[HT40+]") && !os_strstr(capab, "[HT40-]"))
conf->secondary_channel = 0;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
if (os_strstr(capab, "[GF]"))
conf->ht_capab |= HT_CAP_INFO_GREEN_FIELD;
if (os_strstr(capab, "[SHORT-GI-20]"))
conf->ht_capab |= HT_CAP_INFO_SHORT_GI20MHZ;
if (os_strstr(capab, "[SHORT-GI-40]"))
conf->ht_capab |= HT_CAP_INFO_SHORT_GI40MHZ;
if (os_strstr(capab, "[TX-STBC]"))
conf->ht_capab |= HT_CAP_INFO_TX_STBC;
if (os_strstr(capab, "[RX-STBC1]")) {
conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
conf->ht_capab |= HT_CAP_INFO_RX_STBC_1;
}
if (os_strstr(capab, "[RX-STBC12]")) {
conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
conf->ht_capab |= HT_CAP_INFO_RX_STBC_12;
}
if (os_strstr(capab, "[RX-STBC123]")) {
conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
conf->ht_capab |= HT_CAP_INFO_RX_STBC_123;
}
if (os_strstr(capab, "[DELAYED-BA]"))
conf->ht_capab |= HT_CAP_INFO_DELAYED_BA;
if (os_strstr(capab, "[MAX-AMSDU-7935]"))
conf->ht_capab |= HT_CAP_INFO_MAX_AMSDU_SIZE;
if (os_strstr(capab, "[DSSS_CCK-40]"))
conf->ht_capab |= HT_CAP_INFO_DSSS_CCK40MHZ;
Allow hostapd to advertise 40 MHz intolerant HT capability ht_capab=[40-INTOLERANT] can now be used to advertise that the BSS is 40 MHz intolerant to prevent other 20/40 MHz co-ex compliant APs from using 40 MHz channel bandwidth. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (os_strstr(capab, "[40-INTOLERANT]"))
conf->ht_capab |= HT_CAP_INFO_40MHZ_INTOLERANT;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
if (os_strstr(capab, "[LSIG-TXOP-PROT]"))
conf->ht_capab |= HT_CAP_INFO_LSIG_TXOP_PROTECT_SUPPORT;
return 0;
}
hostapd: Initial IEEE 802.11ac (VHT) definitions Add IEEE 802.11ac definitions for config, IEEE structures, constants. Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
12 years ago
#ifdef CONFIG_IEEE80211AC
static int hostapd_config_vht_capab(struct hostapd_config *conf,
const char *capab)
{
if (os_strstr(capab, "[MAX-MPDU-7991]"))
conf->vht_capab |= VHT_CAP_MAX_MPDU_LENGTH_7991;
if (os_strstr(capab, "[MAX-MPDU-11454]"))
conf->vht_capab |= VHT_CAP_MAX_MPDU_LENGTH_11454;
if (os_strstr(capab, "[VHT160]"))
conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
if (os_strstr(capab, "[VHT160-80PLUS80]"))
conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
if (os_strstr(capab, "[RXLDPC]"))
conf->vht_capab |= VHT_CAP_RXLDPC;
if (os_strstr(capab, "[SHORT-GI-80]"))
conf->vht_capab |= VHT_CAP_SHORT_GI_80;
if (os_strstr(capab, "[SHORT-GI-160]"))
conf->vht_capab |= VHT_CAP_SHORT_GI_160;
if (os_strstr(capab, "[TX-STBC-2BY1]"))
conf->vht_capab |= VHT_CAP_TXSTBC;
if (os_strstr(capab, "[RX-STBC-1]"))
conf->vht_capab |= VHT_CAP_RXSTBC_1;
if (os_strstr(capab, "[RX-STBC-12]"))
conf->vht_capab |= VHT_CAP_RXSTBC_2;
if (os_strstr(capab, "[RX-STBC-123]"))
conf->vht_capab |= VHT_CAP_RXSTBC_3;
if (os_strstr(capab, "[RX-STBC-1234]"))
conf->vht_capab |= VHT_CAP_RXSTBC_4;
if (os_strstr(capab, "[SU-BEAMFORMER]"))
hostapd: Fix wrong VHT configuration capabilities flags Wrong capabilities flags were used when certain VHT capabilities were defined. Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
11 years ago
conf->vht_capab |= VHT_CAP_SU_BEAMFORMER_CAPABLE;
hostapd: Initial IEEE 802.11ac (VHT) definitions Add IEEE 802.11ac definitions for config, IEEE structures, constants. Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
12 years ago
if (os_strstr(capab, "[SU-BEAMFORMEE]"))
hostapd: Fix wrong VHT configuration capabilities flags Wrong capabilities flags were used when certain VHT capabilities were defined. Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
11 years ago
conf->vht_capab |= VHT_CAP_SU_BEAMFORMEE_CAPABLE;
hostapd: Initial IEEE 802.11ac (VHT) definitions Add IEEE 802.11ac definitions for config, IEEE structures, constants. Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
12 years ago
if (os_strstr(capab, "[BF-ANTENNA-2]") &&
Fix some VHT Capabilities definitions VHT_CAP_BEAMFORMEE_STS_MAX, VHT_CAP_SOUNDING_DIMENSION_OFFSET, and VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT were not defined properly (wrong name/size). Fix that and update the hostapd.conf parsing accordingly. Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
11 years ago
(conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE))
conf->vht_capab |= (1 << VHT_CAP_BEAMFORMEE_STS_OFFSET);
hostapd: Extend the sounding and BF steering capabilities Depending on the number of antennas, the txbf sounding and steering capabilites need to be extended. Signed-off-by: Vivek Natarajan <nataraja@qti.qualcomm.com>
9 years ago
if (os_strstr(capab, "[BF-ANTENNA-3]") &&
(conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE))
conf->vht_capab |= (2 << VHT_CAP_BEAMFORMEE_STS_OFFSET);
if (os_strstr(capab, "[BF-ANTENNA-4]") &&
(conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE))
conf->vht_capab |= (3 << VHT_CAP_BEAMFORMEE_STS_OFFSET);
hostapd: Initial IEEE 802.11ac (VHT) definitions Add IEEE 802.11ac definitions for config, IEEE structures, constants. Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
12 years ago
if (os_strstr(capab, "[SOUNDING-DIMENSION-2]") &&
Fix some VHT Capabilities definitions VHT_CAP_BEAMFORMEE_STS_MAX, VHT_CAP_SOUNDING_DIMENSION_OFFSET, and VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT were not defined properly (wrong name/size). Fix that and update the hostapd.conf parsing accordingly. Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
11 years ago
(conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE))
conf->vht_capab |= (1 << VHT_CAP_SOUNDING_DIMENSION_OFFSET);
hostapd: Extend the sounding and BF steering capabilities Depending on the number of antennas, the txbf sounding and steering capabilites need to be extended. Signed-off-by: Vivek Natarajan <nataraja@qti.qualcomm.com>
9 years ago
if (os_strstr(capab, "[SOUNDING-DIMENSION-3]") &&
(conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE))
conf->vht_capab |= (2 << VHT_CAP_SOUNDING_DIMENSION_OFFSET);
if (os_strstr(capab, "[SOUNDING-DIMENSION-4]") &&
(conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE))
conf->vht_capab |= (3 << VHT_CAP_SOUNDING_DIMENSION_OFFSET);
hostapd: Initial IEEE 802.11ac (VHT) definitions Add IEEE 802.11ac definitions for config, IEEE structures, constants. Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
12 years ago
if (os_strstr(capab, "[MU-BEAMFORMER]"))
conf->vht_capab |= VHT_CAP_MU_BEAMFORMER_CAPABLE;
if (os_strstr(capab, "[VHT-TXOP-PS]"))
conf->vht_capab |= VHT_CAP_VHT_TXOP_PS;
if (os_strstr(capab, "[HTC-VHT]"))
conf->vht_capab |= VHT_CAP_HTC_VHT;
hostapd: Fix vht_capab 'Maximum A-MPDU Length Exponent' handling As per IEEE Std 802.11ac-2013, 'Maximum A-MPDU Length Exponent' field value is in the range of 0 to 7. Previous implementation assumed EXP0 to be the maximum length (bits 23, 24 and 25 set) what is incorrect. This patch adds options to set it up within the 0 to 7 range. Signed-off-by: Bartosz Markowski <bartosz.markowski@tieto.com>
10 years ago
if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP7]"))
conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX;
else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP6]"))
conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_6;
else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP5]"))
conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_5;
else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP4]"))
conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_4;
else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP3]"))
conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_3;
else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP2]"))
conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_2;
else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP1]"))
conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_1;
hostapd: Initial IEEE 802.11ac (VHT) definitions Add IEEE 802.11ac definitions for config, IEEE structures, constants. Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
12 years ago
if (os_strstr(capab, "[VHT-LINK-ADAPT2]") &&
(conf->vht_capab & VHT_CAP_HTC_VHT))
conf->vht_capab |= VHT_CAP_VHT_LINK_ADAPTATION_VHT_UNSOL_MFB;
if (os_strstr(capab, "[VHT-LINK-ADAPT3]") &&
(conf->vht_capab & VHT_CAP_HTC_VHT))
conf->vht_capab |= VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB;
if (os_strstr(capab, "[RX-ANTENNA-PATTERN]"))
conf->vht_capab |= VHT_CAP_RX_ANTENNA_PATTERN;
if (os_strstr(capab, "[TX-ANTENNA-PATTERN]"))
conf->vht_capab |= VHT_CAP_TX_ANTENNA_PATTERN;
return 0;
}
#endif /* CONFIG_IEEE80211AC */
HE: Add MU EDCA Parameter Set element (AP) Add support for configuring parameters for the MU EDCA Parameter Set element per IEEE P802.11ax/D3.0. Signed-off-by: Siva Mullati <siva.mullati@intel.com>
5 years ago
#ifdef CONFIG_IEEE80211AX
HE: Fix set_he_cap() parsing of config options for MU EDCA Params When I replaced the POS() function with ffs() when applying relevant parts from the original patch, this ended up breaking the frame construction since the POS() function was supposed to count the bit offset for the mask with 0 being the LSB instead of 1 returned by ffs(). Furthermore, ffs() is not available in all C libraries (e.g., not directly exposed by strings.h on Android), so better not depend on that or compiler builtins for this since there is no need for this to be as fast as possible in configuration parsing. Fix this with a simple function to determine the number of bits the value needs to be shifted left to align with the mask. Fixes: 11ce7a1bc3e2 ("HE: Add MU EDCA Parameter Set element (AP)") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
static u8 find_bit_offset(u8 val)
{
u8 res = 0;
for (; val; val >>= 1) {
if (val & 1)
break;
res++;
}
return res;
}
HE: Add MU EDCA Parameter Set element (AP) Add support for configuring parameters for the MU EDCA Parameter Set element per IEEE P802.11ax/D3.0. Signed-off-by: Siva Mullati <siva.mullati@intel.com>
5 years ago
static u8 set_he_cap(int val, u8 mask)
{
HE: Fix set_he_cap() parsing of config options for MU EDCA Params When I replaced the POS() function with ffs() when applying relevant parts from the original patch, this ended up breaking the frame construction since the POS() function was supposed to count the bit offset for the mask with 0 being the LSB instead of 1 returned by ffs(). Furthermore, ffs() is not available in all C libraries (e.g., not directly exposed by strings.h on Android), so better not depend on that or compiler builtins for this since there is no need for this to be as fast as possible in configuration parsing. Fix this with a simple function to determine the number of bits the value needs to be shifted left to align with the mask. Fixes: 11ce7a1bc3e2 ("HE: Add MU EDCA Parameter Set element (AP)") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
return (u8) (mask & (val << find_bit_offset(mask)));
HE: Add MU EDCA Parameter Set element (AP) Add support for configuring parameters for the MU EDCA Parameter Set element per IEEE P802.11ax/D3.0. Signed-off-by: Siva Mullati <siva.mullati@intel.com>
5 years ago
}
HE: Fix set_he_cap() parsing of config options for MU EDCA Params When I replaced the POS() function with ffs() when applying relevant parts from the original patch, this ended up breaking the frame construction since the POS() function was supposed to count the bit offset for the mask with 0 being the LSB instead of 1 returned by ffs(). Furthermore, ffs() is not available in all C libraries (e.g., not directly exposed by strings.h on Android), so better not depend on that or compiler builtins for this since there is no need for this to be as fast as possible in configuration parsing. Fix this with a simple function to determine the number of bits the value needs to be shifted left to align with the mask. Fixes: 11ce7a1bc3e2 ("HE: Add MU EDCA Parameter Set element (AP)") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
AP: Extend Spatial Reuse Parameter Set Extend SPR element to support following fields and pass all information to kernel for driver use. * Non-SRG OBSS PD Max Offset * SRG BSS Color Bitmap * SRG Partial BSSID Bitmap Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
4 years ago
static int hostapd_parse_he_srg_bitmap(u8 *bitmap, char *val)
{
int bitpos;
char *pos, *end;
os_memset(bitmap, 0, 8);
pos = val;
while (*pos != '\0') {
end = os_strchr(pos, ' ');
if (end)
*end = '\0';
bitpos = atoi(pos);
if (bitpos < 0 || bitpos > 64)
return -1;
bitmap[bitpos / 8] |= BIT(bitpos % 8);
if (!end)
break;
pos = end + 1;
}
return 0;
}
HE: Add MU EDCA Parameter Set element (AP) Add support for configuring parameters for the MU EDCA Parameter Set element per IEEE P802.11ax/D3.0. Signed-off-by: Siva Mullati <siva.mullati@intel.com>
5 years ago
#endif /* CONFIG_IEEE80211AX */
Interworking: Add support for configuring Roaming Consortium List
13 years ago
#ifdef CONFIG_INTERWORKING
static int parse_roaming_consortium(struct hostapd_bss_config *bss, char *pos,
int line)
{
size_t len = os_strlen(pos);
u8 oi[MAX_ROAMING_CONSORTIUM_LEN];
struct hostapd_roaming_consortium *rc;
if ((len & 1) || len < 2 * 3 || len / 2 > MAX_ROAMING_CONSORTIUM_LEN ||
hexstr2bin(pos, oi, len / 2)) {
wpa_printf(MSG_ERROR, "Line %d: invalid roaming_consortium "
"'%s'", line, pos);
return -1;
}
len /= 2;
Convert os_realloc() for an array to use os_realloc_array() Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
rc = os_realloc_array(bss->roaming_consortium,
bss->roaming_consortium_count + 1,
sizeof(struct hostapd_roaming_consortium));
Interworking: Add support for configuring Roaming Consortium List
13 years ago
if (rc == NULL)
return -1;
os_memcpy(rc[bss->roaming_consortium_count].oi, oi, len);
rc[bss->roaming_consortium_count].len = len;
bss->roaming_consortium = rc;
bss->roaming_consortium_count++;
return 0;
}
GAS server: Add support for ANQP Venue Name element The new venue_name configuration parameter can now be used to configure the ANQP Venue Name values that stations can request through GAS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
Interworking: Use generic language,string parser Replace the Venue Name specific data structure and parser with a generic mechanism that can be used with other fields that use the same format. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
static int parse_lang_string(struct hostapd_lang_string **array,
unsigned int *count, char *pos)
GAS server: Add support for ANQP Venue Name element The new venue_name configuration parameter can now be used to configure the ANQP Venue Name values that stations can request through GAS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
{
HS 2.0: Allow printf format parsing with language:name strings This allows Hotspot 2.0 and Interworking strings that use language:name string (e.g., venue_name) to be encoded using printf format to enter special characters like newline. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
char *sep, *str = NULL;
size_t clen, nlen, slen;
Interworking: Use generic language,string parser Replace the Venue Name specific data structure and parser with a generic mechanism that can be used with other fields that use the same format. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
struct hostapd_lang_string *ls;
HS 2.0: Allow printf format parsing with language:name strings This allows Hotspot 2.0 and Interworking strings that use language:name string (e.g., venue_name) to be encoded using printf format to enter special characters like newline. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
int ret = -1;
if (*pos == '"' || (*pos == 'P' && pos[1] == '"')) {
str = wpa_config_parse_string(pos, &slen);
if (!str)
return -1;
pos = str;
}
GAS server: Add support for ANQP Venue Name element The new venue_name configuration parameter can now be used to configure the ANQP Venue Name values that stations can request through GAS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
sep = os_strchr(pos, ':');
if (sep == NULL)
HS 2.0: Allow printf format parsing with language:name strings This allows Hotspot 2.0 and Interworking strings that use language:name string (e.g., venue_name) to be encoded using printf format to enter special characters like newline. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
goto fail;
GAS server: Add support for ANQP Venue Name element The new venue_name configuration parameter can now be used to configure the ANQP Venue Name values that stations can request through GAS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
*sep++ = '\0';
clen = os_strlen(pos);
Fix language string length validation in parse_lang_string() The language string length needs to be validated to hit into the three-octet lang field in struct hostapd_lang_string before copying this. Invalid configuration entries in hostapd.conf could have resulted in buffer overflow. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (clen < 2 || clen > sizeof(ls->lang))
HS 2.0: Allow printf format parsing with language:name strings This allows Hotspot 2.0 and Interworking strings that use language:name string (e.g., venue_name) to be encoded using printf format to enter special characters like newline. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
goto fail;
GAS server: Add support for ANQP Venue Name element The new venue_name configuration parameter can now be used to configure the ANQP Venue Name values that stations can request through GAS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
nlen = os_strlen(sep);
if (nlen > 252)
HS 2.0: Allow printf format parsing with language:name strings This allows Hotspot 2.0 and Interworking strings that use language:name string (e.g., venue_name) to be encoded using printf format to enter special characters like newline. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
goto fail;
GAS server: Add support for ANQP Venue Name element The new venue_name configuration parameter can now be used to configure the ANQP Venue Name values that stations can request through GAS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
Interworking: Use generic language,string parser Replace the Venue Name specific data structure and parser with a generic mechanism that can be used with other fields that use the same format. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
ls = os_realloc_array(*array, *count + 1,
sizeof(struct hostapd_lang_string));
if (ls == NULL)
HS 2.0: Allow printf format parsing with language:name strings This allows Hotspot 2.0 and Interworking strings that use language:name string (e.g., venue_name) to be encoded using printf format to enter special characters like newline. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
goto fail;
GAS server: Add support for ANQP Venue Name element The new venue_name configuration parameter can now be used to configure the ANQP Venue Name values that stations can request through GAS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
Interworking: Use generic language,string parser Replace the Venue Name specific data structure and parser with a generic mechanism that can be used with other fields that use the same format. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
*array = ls;
ls = &(*array)[*count];
(*count)++;
GAS server: Add support for ANQP Venue Name element The new venue_name configuration parameter can now be used to configure the ANQP Venue Name values that stations can request through GAS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
Interworking: Use generic language,string parser Replace the Venue Name specific data structure and parser with a generic mechanism that can be used with other fields that use the same format. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
os_memset(ls->lang, 0, sizeof(ls->lang));
os_memcpy(ls->lang, pos, clen);
ls->name_len = nlen;
os_memcpy(ls->name, sep, nlen);
GAS server: Add support for ANQP Venue Name element The new venue_name configuration parameter can now be used to configure the ANQP Venue Name values that stations can request through GAS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
HS 2.0: Allow printf format parsing with language:name strings This allows Hotspot 2.0 and Interworking strings that use language:name string (e.g., venue_name) to be encoded using printf format to enter special characters like newline. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
ret = 0;
fail:
os_free(str);
return ret;
Interworking: Use generic language,string parser Replace the Venue Name specific data structure and parser with a generic mechanism that can be used with other fields that use the same format. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
}
GAS server: Add support for ANQP Venue Name element The new venue_name configuration parameter can now be used to configure the ANQP Venue Name values that stations can request through GAS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
Interworking: Use generic language,string parser Replace the Venue Name specific data structure and parser with a generic mechanism that can be used with other fields that use the same format. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
static int parse_venue_name(struct hostapd_bss_config *bss, char *pos,
int line)
{
if (parse_lang_string(&bss->venue_name, &bss->venue_name_count, pos)) {
wpa_printf(MSG_ERROR, "Line %d: Invalid venue_name '%s'",
line, pos);
return -1;
}
return 0;
GAS server: Add support for ANQP Venue Name element The new venue_name configuration parameter can now be used to configure the ANQP Venue Name values that stations can request through GAS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
}
Interworking: Add advertising of 3GPP Cellular Network info The anqp_3gpp_cell_net parameter can be used to configure hostapd to advertise 3GPP Cellular Network ANQP information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
Add hostapd.conf venue_url to set Venue URL ANQP-element The new venue_url parameter can now be used to set the Venue URL ANQP information instead of having to construct the data and use anqp_elem=277:<hexdump> to set the raw value. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
static int parse_venue_url(struct hostapd_bss_config *bss, char *pos,
int line)
{
char *sep;
size_t nlen;
struct hostapd_venue_url *url;
int ret = -1;
sep = os_strchr(pos, ':');
if (!sep)
goto fail;
*sep++ = '\0';
nlen = os_strlen(sep);
if (nlen > 254)
goto fail;
url = os_realloc_array(bss->venue_url, bss->venue_url_count + 1,
sizeof(struct hostapd_venue_url));
if (!url)
goto fail;
bss->venue_url = url;
url = &bss->venue_url[bss->venue_url_count++];
url->venue_number = atoi(pos);
url->url_len = nlen;
os_memcpy(url->url, sep, nlen);
ret = 0;
fail:
if (ret)
wpa_printf(MSG_ERROR, "Line %d: Invalid venue_url '%s'",
line, pos);
return ret;
}
Interworking: Add advertising of 3GPP Cellular Network info The anqp_3gpp_cell_net parameter can be used to configure hostapd to advertise 3GPP Cellular Network ANQP information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
static int parse_3gpp_cell_net(struct hostapd_bss_config *bss, char *buf,
int line)
{
size_t count;
char *pos;
u8 *info = NULL, *ipos;
/* format: <MCC1,MNC1>[;<MCC2,MNC2>][;...] */
count = 1;
for (pos = buf; *pos; pos++) {
Fix validation of anqp_3gpp_cell_net configuration parameter The "< '0' && > '9'" part would not match any character. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
if ((*pos < '0' || *pos > '9') && *pos != ';' && *pos != ',')
Interworking: Add advertising of 3GPP Cellular Network info The anqp_3gpp_cell_net parameter can be used to configure hostapd to advertise 3GPP Cellular Network ANQP information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
goto fail;
if (*pos == ';')
count++;
}
if (1 + count * 3 > 0x7f)
goto fail;
info = os_zalloc(2 + 3 + count * 3);
if (info == NULL)
return -1;
ipos = info;
*ipos++ = 0; /* GUD - Version 1 */
*ipos++ = 3 + count * 3; /* User Data Header Length (UDHL) */
*ipos++ = 0; /* PLMN List IEI */
/* ext(b8) | Length of PLMN List value contents(b7..1) */
*ipos++ = 1 + count * 3;
*ipos++ = count; /* Number of PLMNs */
pos = buf;
while (pos && *pos) {
char *mcc, *mnc;
size_t mnc_len;
mcc = pos;
mnc = os_strchr(pos, ',');
if (mnc == NULL)
goto fail;
*mnc++ = '\0';
pos = os_strchr(mnc, ';');
if (pos)
*pos++ = '\0';
mnc_len = os_strlen(mnc);
if (os_strlen(mcc) != 3 || (mnc_len != 2 && mnc_len != 3))
goto fail;
/* BC coded MCC,MNC */
/* MCC digit 2 | MCC digit 1 */
*ipos++ = ((mcc[1] - '0') << 4) | (mcc[0] - '0');
/* MNC digit 3 | MCC digit 3 */
*ipos++ = (((mnc_len == 2) ? 0xf0 : ((mnc[2] - '0') << 4))) |
(mcc[2] - '0');
/* MNC digit 2 | MNC digit 1 */
*ipos++ = ((mnc[1] - '0') << 4) | (mnc[0] - '0');
}
os_free(bss->anqp_3gpp_cell_net);
bss->anqp_3gpp_cell_net = info;
bss->anqp_3gpp_cell_net_len = 2 + 3 + 3 * count;
wpa_hexdump(MSG_MSGDUMP, "3GPP Cellular Network information",
bss->anqp_3gpp_cell_net, bss->anqp_3gpp_cell_net_len);
return 0;
fail:
wpa_printf(MSG_ERROR, "Line %d: Invalid anqp_3gpp_cell_net: %s",
line, buf);
os_free(info);
return -1;
}
Interworking: Add advertising of NAI Realm list Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
static int parse_nai_realm(struct hostapd_bss_config *bss, char *buf, int line)
{
struct hostapd_nai_realm_data *realm;
size_t i, j, len;
int *offsets;
char *pos, *end, *rpos;
offsets = os_calloc(bss->nai_realm_count * MAX_NAI_REALMS,
sizeof(int));
if (offsets == NULL)
return -1;
for (i = 0; i < bss->nai_realm_count; i++) {
realm = &bss->nai_realm_data[i];
for (j = 0; j < MAX_NAI_REALMS; j++) {
offsets[i * MAX_NAI_REALMS + j] =
realm->realm[j] ?
realm->realm[j] - realm->realm_buf : -1;
}
}
realm = os_realloc_array(bss->nai_realm_data, bss->nai_realm_count + 1,
sizeof(struct hostapd_nai_realm_data));
if (realm == NULL) {
os_free(offsets);
return -1;
}
bss->nai_realm_data = realm;
/* patch the pointers after realloc */
for (i = 0; i < bss->nai_realm_count; i++) {
realm = &bss->nai_realm_data[i];
for (j = 0; j < MAX_NAI_REALMS; j++) {
int offs = offsets[i * MAX_NAI_REALMS + j];
if (offs >= 0)
realm->realm[j] = realm->realm_buf + offs;
else
realm->realm[j] = NULL;
}
}
os_free(offsets);
realm = &bss->nai_realm_data[bss->nai_realm_count];
os_memset(realm, 0, sizeof(*realm));
pos = buf;
realm->encoding = atoi(pos);
pos = os_strchr(pos, ',');
if (pos == NULL)
goto fail;
pos++;
end = os_strchr(pos, ',');
if (end) {
len = end - pos;
*end = '\0';
} else {
len = os_strlen(pos);
}
if (len > MAX_NAI_REALMLEN) {
wpa_printf(MSG_ERROR, "Too long a realm string (%d > max %d "
"characters)", (int) len, MAX_NAI_REALMLEN);
goto fail;
}
os_memcpy(realm->realm_buf, pos, len);
if (end)
pos = end + 1;
else
pos = NULL;
while (pos && *pos) {
struct hostapd_nai_realm_eap *eap;
if (realm->eap_method_count >= MAX_NAI_EAP_METHODS) {
wpa_printf(MSG_ERROR, "Too many EAP methods");
goto fail;
}
eap = &realm->eap_method[realm->eap_method_count];
realm->eap_method_count++;
end = os_strchr(pos, ',');
if (end == NULL)
end = pos + os_strlen(pos);
eap->eap_method = atoi(pos);
for (;;) {
pos = os_strchr(pos, '[');
if (pos == NULL || pos > end)
break;
pos++;
if (eap->num_auths >= MAX_NAI_AUTH_TYPES) {
wpa_printf(MSG_ERROR, "Too many auth params");
goto fail;
}
eap->auth_id[eap->num_auths] = atoi(pos);
pos = os_strchr(pos, ':');
if (pos == NULL || pos > end)
goto fail;
pos++;
eap->auth_val[eap->num_auths] = atoi(pos);
pos = os_strchr(pos, ']');
if (pos == NULL || pos > end)
goto fail;
pos++;
eap->num_auths++;
}
if (*end != ',')
break;
pos = end + 1;
}
/* Split realm list into null terminated realms */
rpos = realm->realm_buf;
i = 0;
while (*rpos) {
if (i >= MAX_NAI_REALMS) {
wpa_printf(MSG_ERROR, "Too many realms");
goto fail;
}
realm->realm[i++] = rpos;
rpos = os_strchr(rpos, ';');
if (rpos == NULL)
break;
*rpos++ = '\0';
}
bss->nai_realm_count++;
return 0;
fail:
wpa_printf(MSG_ERROR, "Line %d: invalid nai_realm '%s'", line, buf);
return -1;
}
Interworking: Add support for QoS Mapping functionality for the AP This allows QoS Map Set element to be added to (Re)Association Response frames and in QoS Map Configure frame. The QoS Mapping parameters are also made available for the driver interface. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
Interworking: Add support for configuring arbitrary ANQP-elements The new hostapd configuration parameter anqp_elem can now be used to configure arbitrary ANQP-elements for the GAS/ANQP server. In addition to supporting new elements, this can be used to override previously supported elements if some special values are needed (mainly for testing purposes). The parameter uses following format: anqp_elem=<InfoID>:<hexdump of payload> For example, AP Geospatial Location ANQP-element with unknown location: anqp_elem=265:0000 and AP Civic Location ANQP-element with unknown location: anqp_elem=266:000000 Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
static int parse_anqp_elem(struct hostapd_bss_config *bss, char *buf, int line)
{
char *delim;
u16 infoid;
size_t len;
struct wpabuf *payload;
struct anqp_element *elem;
delim = os_strchr(buf, ':');
if (!delim)
return -1;
delim++;
infoid = atoi(buf);
len = os_strlen(delim);
if (len & 1)
return -1;
len /= 2;
payload = wpabuf_alloc(len);
if (!payload)
return -1;
if (hexstr2bin(delim, wpabuf_put(payload, len), len) < 0) {
wpabuf_free(payload);
return -1;
}
dl_list_for_each(elem, &bss->anqp_elem, struct anqp_element, list) {
if (elem->infoid == infoid) {
/* Update existing entry */
wpabuf_free(elem->payload);
elem->payload = payload;
return 0;
}
}
/* Add a new entry */
elem = os_zalloc(sizeof(*elem));
if (!elem) {
wpabuf_free(payload);
return -1;
}
elem->infoid = infoid;
elem->payload = payload;
dl_list_add(&bss->anqp_elem, &elem->list);
return 0;
}
Interworking: Add support for QoS Mapping functionality for the AP This allows QoS Map Set element to be added to (Re)Association Response frames and in QoS Map Configure frame. The QoS Mapping parameters are also made available for the driver interface. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
static int parse_qos_map_set(struct hostapd_bss_config *bss,
char *buf, int line)
{
u8 qos_map_set[16 + 2 * 21], count = 0;
char *pos = buf;
int val;
for (;;) {
if (count == sizeof(qos_map_set)) {
wpa_printf(MSG_ERROR, "Line %d: Too many qos_map_set "
"parameters '%s'", line, buf);
return -1;
}
val = atoi(pos);
if (val > 255 || val < 0) {
wpa_printf(MSG_ERROR, "Line %d: Invalid qos_map_set "
"'%s'", line, buf);
return -1;
}
qos_map_set[count++] = val;
pos = os_strchr(pos, ',');
if (!pos)
break;
pos++;
}
if (count < 16 || count & 1) {
wpa_printf(MSG_ERROR, "Line %d: Invalid qos_map_set '%s'",
line, buf);
return -1;
}
os_memcpy(bss->qos_map_set, qos_map_set, count);
bss->qos_map_set_len = count;
return 0;
}
Interworking: Add support for configuring Roaming Consortium List
13 years ago
#endif /* CONFIG_INTERWORKING */
HS 2.0: Add advertisement of Connection Capability Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
#ifdef CONFIG_HS20
static int hs20_parse_conn_capab(struct hostapd_bss_config *bss, char *buf,
int line)
{
u8 *conn_cap;
char *pos;
if (bss->hs20_connection_capability_len >= 0xfff0)
return -1;
conn_cap = os_realloc(bss->hs20_connection_capability,
bss->hs20_connection_capability_len + 4);
if (conn_cap == NULL)
return -1;
bss->hs20_connection_capability = conn_cap;
conn_cap += bss->hs20_connection_capability_len;
pos = buf;
conn_cap[0] = atoi(pos);
pos = os_strchr(pos, ':');
if (pos == NULL)
return -1;
pos++;
WPA_PUT_LE16(conn_cap + 1, atoi(pos));
pos = os_strchr(pos, ':');
if (pos == NULL)
return -1;
pos++;
conn_cap[3] = atoi(pos);
bss->hs20_connection_capability_len += 4;
return 0;
}
HS 2.0: Add advertisement of WAN Metrics Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
static int hs20_parse_wan_metrics(struct hostapd_bss_config *bss, char *buf,
int line)
{
u8 *wan_metrics;
char *pos;
/* <WAN Info>:<DL Speed>:<UL Speed>:<DL Load>:<UL Load>:<LMD> */
wan_metrics = os_zalloc(13);
if (wan_metrics == NULL)
return -1;
pos = buf;
/* WAN Info */
if (hexstr2bin(pos, wan_metrics, 1) < 0)
goto fail;
pos += 2;
if (*pos != ':')
goto fail;
pos++;
/* Downlink Speed */
WPA_PUT_LE32(wan_metrics + 1, atoi(pos));
pos = os_strchr(pos, ':');
if (pos == NULL)
goto fail;
pos++;
/* Uplink Speed */
WPA_PUT_LE32(wan_metrics + 5, atoi(pos));
pos = os_strchr(pos, ':');
if (pos == NULL)
goto fail;
pos++;
/* Downlink Load */
wan_metrics[9] = atoi(pos);
pos = os_strchr(pos, ':');
if (pos == NULL)
goto fail;
pos++;
/* Uplink Load */
wan_metrics[10] = atoi(pos);
pos = os_strchr(pos, ':');
if (pos == NULL)
goto fail;
pos++;
/* LMD */
WPA_PUT_LE16(wan_metrics + 11, atoi(pos));
os_free(bss->hs20_wan_metrics);
bss->hs20_wan_metrics = wan_metrics;
return 0;
fail:
wpa_printf(MSG_ERROR, "Line %d: Invalid hs20_wan_metrics '%s'",
Make hs20_wan_metrics parser error print more helpful pos == NULL in almost all of the error cases here, so print the full parameter value instead of the current position. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
line, buf);
HS 2.0: Add advertisement of WAN Metrics Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
os_free(wan_metrics);
return -1;
}
HS 2.0: Add advertisement of Operator Friendly Name Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
static int hs20_parse_oper_friendly_name(struct hostapd_bss_config *bss,
char *pos, int line)
{
if (parse_lang_string(&bss->hs20_oper_friendly_name,
&bss->hs20_oper_friendly_name_count, pos)) {
wpa_printf(MSG_ERROR, "Line %d: Invalid "
"hs20_oper_friendly_name '%s'", line, pos);
return -1;
}
return 0;
}
HS 2.0R2 AP: Add Icon Request and Icon binary File ANQP elements hostapd can now be configured to provide access for icon files (hs20_icon config file parameter) for OSU. The hs20_icon data contains additional meta data about the icon that is not yet used, but it will be needed for the OSU Providers list ANQP element. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
static int hs20_parse_icon(struct hostapd_bss_config *bss, char *pos)
{
struct hs20_icon *icon;
char *end;
icon = os_realloc_array(bss->hs20_icons, bss->hs20_icons_count + 1,
sizeof(struct hs20_icon));
if (icon == NULL)
return -1;
bss->hs20_icons = icon;
icon = &bss->hs20_icons[bss->hs20_icons_count];
os_memset(icon, 0, sizeof(*icon));
icon->width = atoi(pos);
pos = os_strchr(pos, ':');
if (pos == NULL)
return -1;
pos++;
icon->height = atoi(pos);
pos = os_strchr(pos, ':');
if (pos == NULL)
return -1;
pos++;
end = os_strchr(pos, ':');
if (end == NULL || end - pos > 3)
return -1;
os_memcpy(icon->language, pos, end - pos);
pos = end + 1;
end = os_strchr(pos, ':');
if (end == NULL || end - pos > 255)
return -1;
os_memcpy(icon->type, pos, end - pos);
pos = end + 1;
end = os_strchr(pos, ':');
if (end == NULL || end - pos > 255)
return -1;
os_memcpy(icon->name, pos, end - pos);
pos = end + 1;
if (os_strlen(pos) > 255)
return -1;
os_memcpy(icon->file, pos, os_strlen(pos));
bss->hs20_icons_count++;
return 0;
}
HS 2.0R2 AP: Add OSU Providers list ANQP element hostapd can now be configured to advertise OSU Providers with the new osu_* confgiuration parameters. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
static int hs20_parse_osu_ssid(struct hostapd_bss_config *bss,
char *pos, int line)
{
size_t slen;
char *str;
str = wpa_config_parse_string(pos, &slen);
Replace HOSTAPD_MAX_SSID_LEN with SSID_MAX_LEN This makes source code more consistent. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (str == NULL || slen < 1 || slen > SSID_MAX_LEN) {
HS 2.0R2 AP: Add OSU Providers list ANQP element hostapd can now be configured to advertise OSU Providers with the new osu_* confgiuration parameters. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wpa_printf(MSG_ERROR, "Line %d: Invalid SSID '%s'", line, pos);
Fix memory leaks on wpa_config_parse_string() error paths hostapd configuration parser did not free the temporary buffer on some error paths. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
os_free(str);
HS 2.0R2 AP: Add OSU Providers list ANQP element hostapd can now be configured to advertise OSU Providers with the new osu_* confgiuration parameters. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
return -1;
}
os_memcpy(bss->osu_ssid, str, slen);
bss->osu_ssid_len = slen;
os_free(str);
return 0;
}
static int hs20_parse_osu_server_uri(struct hostapd_bss_config *bss,
char *pos, int line)
{
struct hs20_osu_provider *p;
p = os_realloc_array(bss->hs20_osu_providers,
bss->hs20_osu_providers_count + 1, sizeof(*p));
if (p == NULL)
return -1;
bss->hs20_osu_providers = p;
bss->last_osu = &bss->hs20_osu_providers[bss->hs20_osu_providers_count];
bss->hs20_osu_providers_count++;
os_memset(bss->last_osu, 0, sizeof(*p));
bss->last_osu->server_uri = os_strdup(pos);
return 0;
}
static int hs20_parse_osu_friendly_name(struct hostapd_bss_config *bss,
char *pos, int line)
{
if (bss->last_osu == NULL) {
wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
return -1;
}
if (parse_lang_string(&bss->last_osu->friendly_name,
&bss->last_osu->friendly_name_count, pos)) {
wpa_printf(MSG_ERROR, "Line %d: Invalid osu_friendly_name '%s'",
line, pos);
return -1;
}
return 0;
}
static int hs20_parse_osu_nai(struct hostapd_bss_config *bss,
char *pos, int line)
{
if (bss->last_osu == NULL) {
wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
return -1;
}
os_free(bss->last_osu->osu_nai);
bss->last_osu->osu_nai = os_strdup(pos);
if (bss->last_osu->osu_nai == NULL)
return -1;
return 0;
}
HS 2.0: OSU Provider NAI List advertisement Extend hostapd to allow the new OSU Provider NAI List ANQP-element to be advertised in addition to the previously used OSU Providers list ANQP-element. The new osu_nai2 configurator parameter option is used to specify the OSU_NAI value for the shared BSS (Single SSID) case while osu_nai remains to be used for the separate OSU BSS. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
static int hs20_parse_osu_nai2(struct hostapd_bss_config *bss,
char *pos, int line)
{
if (bss->last_osu == NULL) {
wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
return -1;
}
os_free(bss->last_osu->osu_nai2);
bss->last_osu->osu_nai2 = os_strdup(pos);
if (bss->last_osu->osu_nai2 == NULL)
return -1;
bss->hs20_osu_providers_nai_count++;
return 0;
}
HS 2.0R2 AP: Add OSU Providers list ANQP element hostapd can now be configured to advertise OSU Providers with the new osu_* confgiuration parameters. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
static int hs20_parse_osu_method_list(struct hostapd_bss_config *bss, char *pos,
int line)
{
if (bss->last_osu == NULL) {
wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
return -1;
}
if (hostapd_parse_intlist(&bss->last_osu->method_list, pos)) {
wpa_printf(MSG_ERROR, "Line %d: Invalid osu_method_list", line);
return -1;
}
return 0;
}
static int hs20_parse_osu_icon(struct hostapd_bss_config *bss, char *pos,
int line)
{
char **n;
struct hs20_osu_provider *p = bss->last_osu;
if (p == NULL) {
wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
return -1;
}
n = os_realloc_array(p->icons, p->icons_count + 1, sizeof(char *));
if (n == NULL)
return -1;
p->icons = n;
p->icons[p->icons_count] = os_strdup(pos);
if (p->icons[p->icons_count] == NULL)
return -1;
p->icons_count++;
return 0;
}
static int hs20_parse_osu_service_desc(struct hostapd_bss_config *bss,
char *pos, int line)
{
if (bss->last_osu == NULL) {
wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
return -1;
}
if (parse_lang_string(&bss->last_osu->service_desc,
&bss->last_osu->service_desc_count, pos)) {
wpa_printf(MSG_ERROR, "Line %d: Invalid osu_service_desc '%s'",
line, pos);
return -1;
}
return 0;
}
HS 2.0: Allow configuration of operator icons This extends hostapd Hotspot 2.0 implementation to allow operator icons to be made available. The existing hs20_icon parameter is used to define the icons and the new operator_icon parameter (zero or more entries) is used to specify which of the available icons are operator icons. The operator icons are advertised in the Operator Icon Metadata ANQP-element while the icon data can be fetched using the same mechanism (icon request/binary file) that was added for the OSU Providers icons. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
static int hs20_parse_operator_icon(struct hostapd_bss_config *bss, char *pos,
int line)
{
char **n;
n = os_realloc_array(bss->hs20_operator_icon,
bss->hs20_operator_icon_count + 1, sizeof(char *));
if (!n)
return -1;
bss->hs20_operator_icon = n;
bss->hs20_operator_icon[bss->hs20_operator_icon_count] = os_strdup(pos);
if (!bss->hs20_operator_icon[bss->hs20_operator_icon_count])
return -1;
bss->hs20_operator_icon_count++;
return 0;
}
HS 2.0: Add advertisement of Connection Capability Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
#endif /* CONFIG_HS20 */
ACS: Allow specific channels to be preferred The new acs_chan_bias configuration parameter is a space-separated list of <channel>:<bias> pairs. It can be used to increase (or decrease) the likelihood of a specific channel to be selected by the ACS algorithm. The total interference factor for each channel gets multiplied by the specified bias value before finding the channel with the lowest value. In other words, values between 0.0 and 1.0 can be used to make a channel more likely to be picked while values larger than 1.0 make the specified channel less likely to be picked. This can be used, e.g., to prefer the commonly used 2.4 GHz band channels 1, 6, and 11 (which is the default behavior on 2.4 GHz band if no acs_chan_bias parameter is specified). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
#ifdef CONFIG_ACS
static int hostapd_config_parse_acs_chan_bias(struct hostapd_config *conf,
char *pos)
{
struct acs_bias *bias = NULL, *tmp;
unsigned int num = 0;
char *end;
while (*pos) {
tmp = os_realloc_array(bias, num + 1, sizeof(*bias));
if (!tmp)
goto fail;
bias = tmp;
bias[num].channel = atoi(pos);
if (bias[num].channel <= 0)
goto fail;
pos = os_strchr(pos, ':');
if (!pos)
goto fail;
pos++;
bias[num].bias = strtod(pos, &end);
if (end == pos || bias[num].bias < 0.0)
goto fail;
pos = end;
if (*pos != ' ' && *pos != '\0')
goto fail;
num++;
}
os_free(conf->acs_chan_bias);
conf->acs_chan_bias = bias;
conf->num_acs_chan_bias = num;
return 0;
fail:
os_free(bias);
return -1;
}
#endif /* CONFIG_ACS */
Use a shared helper function for parsing hostapd.conf IEs wpabuf_parse_bin() can be used to take care of parsing a hexstring to a wpabuf and a shared helper function can take care of clearing the previous value when empty string is used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
static int parse_wpabuf_hex(int line, const char *name, struct wpabuf **buf,
const char *val)
{
struct wpabuf *elems;
if (val[0] == '\0') {
wpabuf_free(*buf);
*buf = NULL;
return 0;
}
elems = wpabuf_parse_bin(val);
if (!elems) {
wpa_printf(MSG_ERROR, "Line %d: Invalid %s '%s'",
line, name, val);
return -1;
}
wpabuf_free(*buf);
*buf = elems;
return 0;
}
FILS: Separate FILS realm configuration from ERP domain The new hostapd configuration parameter fils_realm=<realm> can now be used to configure one or more FILS realms to advertise for ERP domains when using FILS. This replaces the use of erp_domain=<domain> parameter for the FILS use case. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
#ifdef CONFIG_FILS
static int parse_fils_realm(struct hostapd_bss_config *bss, const char *val)
{
struct fils_realm *realm;
size_t len;
len = os_strlen(val);
realm = os_zalloc(sizeof(*realm) + len + 1);
if (!realm)
return -1;
os_memcpy(realm->realm, val, len);
if (fils_domain_name_hash(val, realm->hash) < 0) {
os_free(realm);
return -1;
}
dl_list_add_tail(&bss->fils_realms, &realm->list);
return 0;
}
#endif /* CONFIG_FILS */
Add hostapd tls_flags parameter This can be used to set the TLS flags for authentication server. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#ifdef EAP_SERVER
static unsigned int parse_tls_flags(const char *val)
{
unsigned int flags = 0;
EAP-TLS server: Disable TLS v1.3 by default The current EAP peer implementation is not yet ready for the TLS v1.3 changes with EAP-TTLS, EAP-PEAP, and EAP-FAST, so disable TLS v1.3 for this EAP method for now. While the current EAP-TLS implementation is more or less complete for TLS v1.3, there has been no interoperability testing with other implementations, so disable for by default for now until there has been chance to confirm that no significant interoperability issues show up with TLS version update. tls_flags=[ENABLE-TLSv1.3] configuration parameter can be used to enable TLS v1.3 (assuming the TLS library supports it; e.g., when using OpenSSL 1.1.1). Signed-off-by: Jouni Malinen <j@w1.fi>
6 years ago
/* Disable TLS v1.3 by default for now to avoid interoperability issue.
* This can be enabled by default once the implementation has been fully
* completed and tested with other implementations. */
flags |= TLS_CONN_DISABLE_TLSv1_3;
Add hostapd tls_flags parameter This can be used to set the TLS flags for authentication server. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
if (os_strstr(val, "[ALLOW-SIGN-RSA-MD5]"))
flags |= TLS_CONN_ALLOW_SIGN_RSA_MD5;
if (os_strstr(val, "[DISABLE-TIME-CHECKS]"))
flags |= TLS_CONN_DISABLE_TIME_CHECKS;
if (os_strstr(val, "[DISABLE-TLSv1.0]"))
flags |= TLS_CONN_DISABLE_TLSv1_0;
OpenSSL: Allow systemwide policies to be overridden Some distributions (e.g., Debian) have started introducting systemwide OpenSSL policies to disable older protocol versions and ciphers throughout all programs using OpenSSL. This can result in significant number of interoperability issues with deployed EAP implementations. Allow explicit wpa_supplicant (EAP peer) and hostapd (EAP server) parameters to be used to request systemwide policies to be overridden if older versions are needed to be able to interoperate with devices that cannot be updated to support the newer protocol versions or keys. The default behavior is not changed here, i.e., the systemwide policies will be followed if no explicit override configuration is used. The overrides should be used only if really needed since they can result in reduced security. In wpa_supplicant, tls_disable_tlsv1_?=0 value in the phase1 network profile parameter can be used to explicitly enable TLS versions that are disabled in the systemwide configuration. For example, phase1="tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=0" would request TLS v1.0 and TLS v1.1 to be enabled even if the systemwide policy enforces TLS v1.2 as the minimum version. Similarly, openssl_ciphers parameter can be used to override systemwide policy, e.g., with openssl_ciphers="DEFAULT@SECLEVEL=1" to drop from security level 2 to 1 in Debian to allow shorter keys to be used. In hostapd, tls_flags parameter can be used to configure similar options. E.g., tls_flags=[ENABLE-TLSv1.0][ENABLE-TLSv1.1] Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
if (os_strstr(val, "[ENABLE-TLSv1.0]"))
flags |= TLS_CONN_ENABLE_TLSv1_0;
Add hostapd tls_flags parameter This can be used to set the TLS flags for authentication server. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
if (os_strstr(val, "[DISABLE-TLSv1.1]"))
flags |= TLS_CONN_DISABLE_TLSv1_1;
OpenSSL: Allow systemwide policies to be overridden Some distributions (e.g., Debian) have started introducting systemwide OpenSSL policies to disable older protocol versions and ciphers throughout all programs using OpenSSL. This can result in significant number of interoperability issues with deployed EAP implementations. Allow explicit wpa_supplicant (EAP peer) and hostapd (EAP server) parameters to be used to request systemwide policies to be overridden if older versions are needed to be able to interoperate with devices that cannot be updated to support the newer protocol versions or keys. The default behavior is not changed here, i.e., the systemwide policies will be followed if no explicit override configuration is used. The overrides should be used only if really needed since they can result in reduced security. In wpa_supplicant, tls_disable_tlsv1_?=0 value in the phase1 network profile parameter can be used to explicitly enable TLS versions that are disabled in the systemwide configuration. For example, phase1="tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=0" would request TLS v1.0 and TLS v1.1 to be enabled even if the systemwide policy enforces TLS v1.2 as the minimum version. Similarly, openssl_ciphers parameter can be used to override systemwide policy, e.g., with openssl_ciphers="DEFAULT@SECLEVEL=1" to drop from security level 2 to 1 in Debian to allow shorter keys to be used. In hostapd, tls_flags parameter can be used to configure similar options. E.g., tls_flags=[ENABLE-TLSv1.0][ENABLE-TLSv1.1] Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
if (os_strstr(val, "[ENABLE-TLSv1.1]"))
flags |= TLS_CONN_ENABLE_TLSv1_1;
Add hostapd tls_flags parameter This can be used to set the TLS flags for authentication server. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
if (os_strstr(val, "[DISABLE-TLSv1.2]"))
flags |= TLS_CONN_DISABLE_TLSv1_2;
OpenSSL: Allow systemwide policies to be overridden Some distributions (e.g., Debian) have started introducting systemwide OpenSSL policies to disable older protocol versions and ciphers throughout all programs using OpenSSL. This can result in significant number of interoperability issues with deployed EAP implementations. Allow explicit wpa_supplicant (EAP peer) and hostapd (EAP server) parameters to be used to request systemwide policies to be overridden if older versions are needed to be able to interoperate with devices that cannot be updated to support the newer protocol versions or keys. The default behavior is not changed here, i.e., the systemwide policies will be followed if no explicit override configuration is used. The overrides should be used only if really needed since they can result in reduced security. In wpa_supplicant, tls_disable_tlsv1_?=0 value in the phase1 network profile parameter can be used to explicitly enable TLS versions that are disabled in the systemwide configuration. For example, phase1="tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=0" would request TLS v1.0 and TLS v1.1 to be enabled even if the systemwide policy enforces TLS v1.2 as the minimum version. Similarly, openssl_ciphers parameter can be used to override systemwide policy, e.g., with openssl_ciphers="DEFAULT@SECLEVEL=1" to drop from security level 2 to 1 in Debian to allow shorter keys to be used. In hostapd, tls_flags parameter can be used to configure similar options. E.g., tls_flags=[ENABLE-TLSv1.0][ENABLE-TLSv1.1] Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
if (os_strstr(val, "[ENABLE-TLSv1.2]"))
flags |= TLS_CONN_ENABLE_TLSv1_2;
EAP-TLS: Extend TLS version config to allow TLS v1.3 to be disabled This may be needed to avoid interoperability issues with the new protocol version and significant changes for EAP use cases in both key derivation and handshake termination. Signed-off-by: Jouni Malinen <j@w1.fi>
6 years ago
if (os_strstr(val, "[DISABLE-TLSv1.3]"))
flags |= TLS_CONN_DISABLE_TLSv1_3;
EAP-TLS server: Disable TLS v1.3 by default The current EAP peer implementation is not yet ready for the TLS v1.3 changes with EAP-TTLS, EAP-PEAP, and EAP-FAST, so disable TLS v1.3 for this EAP method for now. While the current EAP-TLS implementation is more or less complete for TLS v1.3, there has been no interoperability testing with other implementations, so disable for by default for now until there has been chance to confirm that no significant interoperability issues show up with TLS version update. tls_flags=[ENABLE-TLSv1.3] configuration parameter can be used to enable TLS v1.3 (assuming the TLS library supports it; e.g., when using OpenSSL 1.1.1). Signed-off-by: Jouni Malinen <j@w1.fi>
6 years ago
if (os_strstr(val, "[ENABLE-TLSv1.3]"))
flags &= ~TLS_CONN_DISABLE_TLSv1_3;
Add hostapd tls_flags parameter This can be used to set the TLS flags for authentication server. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
if (os_strstr(val, "[SUITEB]"))
flags |= TLS_CONN_SUITEB;
OpenSSL: Add option to disable ECDHE with Suite B RSA The hostapd.conf tls_flags=[SUITEB-NO-ECDH] and wpa_supplicant network profile phase1="tls_suiteb_no_ecdh=1" can now be used to configure Suite B RSA constraints with ECDHE disabled. This is mainly to allow the DHE TLS cipher suite to be tested. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
if (os_strstr(val, "[SUITEB-NO-ECDH]"))
flags |= TLS_CONN_SUITEB_NO_ECDH | TLS_CONN_SUITEB;
Add hostapd tls_flags parameter This can be used to set the TLS flags for authentication server. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
return flags;
}
#endif /* EAP_SERVER */
hostapd: Add airtime policy configuration support This adds support to hostapd for configuring airtime policy settings for stations as they connect to the access point. This is the userspace component of the airtime policy enforcement system PoliFi described in this paper: https://arxiv.org/abs/1902.03439 The Linux kernel part has been merged into mac80211 for the 5.1 dev cycle. The configuration mechanism has three modes: Static, dynamic and limit. In static mode, weights can be set in the configuration file for individual MAC addresses, which will be applied when the configured stations connect. In dynamic mode, weights are instead set per BSS, which will be scaled by the number of active stations on that BSS, achieving the desired aggregate weighing between the configured BSSes. Limit mode works like dynamic mode, except that any BSS *not* marked as 'limited' is allowed to exceed its configured share if a per-station fairness share would assign more airtime to that BSS. See the paper for details on these modes. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
5 years ago
#ifdef CONFIG_AIRTIME_POLICY
static int add_airtime_weight(struct hostapd_bss_config *bss, char *value)
{
struct airtime_sta_weight *wt;
char *pos, *next;
wt = os_zalloc(sizeof(*wt));
if (!wt)
return -1;
/* 02:01:02:03:04:05 10 */
pos = value;
next = os_strchr(pos, ' ');
if (next)
*next++ = '\0';
if (!next || hwaddr_aton(pos, wt->addr)) {
wpa_printf(MSG_ERROR, "Invalid station address: '%s'", pos);
os_free(wt);
return -1;
}
pos = next;
wt->weight = atoi(pos);
if (!wt->weight) {
wpa_printf(MSG_ERROR, "Invalid weight: '%s'", pos);
os_free(wt);
return -1;
}
wt->next = bss->airtime_weight_list;
bss->airtime_weight_list = wt;
return 0;
}
#endif /* CONFIG_AIRTIME_POLICY */
SAE: Add support for using the optional Password Identifier This extends the SAE implementation in both infrastructure and mesh BSS cases to allow an optional Password Identifier to be used. This uses the mechanism added in P802.11REVmd/D1.0. The Password Identifier is configured in a wpa_supplicant network profile as a new string parameter sae_password_id. In hostapd configuration, the existing sae_password parameter has been extended to allow the password identifier (and also a peer MAC address) to be set. In addition, multiple sae_password entries can now be provided to hostapd to allow multiple per-peer and per-identifier passwords to be set. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
#ifdef CONFIG_SAE
static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
{
struct sae_password_entry *pw;
const char *pos = val, *pos2, *end = NULL;
pw = os_zalloc(sizeof(*pw));
if (!pw)
return -1;
os_memset(pw->peer_addr, 0xff, ETH_ALEN); /* default to wildcard */
pos2 = os_strstr(pos, "|mac=");
if (pos2) {
end = pos2;
pos2 += 5;
if (hwaddr_aton(pos2, pw->peer_addr) < 0)
goto fail;
pos = pos2 + ETH_ALEN * 3 - 1;
}
SAE: VLAN assignment based on SAE Password Identifier The new sae_password parameter [|vlanid=<VLAN ID>] can now be used to assign stations to a specific VLAN based on which SAE Password Identifier they use. This is similar to the WPA2-Enterprise case where the RADIUS server can assign stations to different VLANs and the WPA2-Personal case where vlanid parameter in wpa_psk_file is used. Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
pos2 = os_strstr(pos, "|vlanid=");
if (pos2) {
if (!end)
end = pos2;
pos2 += 8;
pw->vlan_id = atoi(pos2);
}
SAE-PK: AP functionality This adds AP side functionality for SAE-PK. The new sae_password configuration parameters can now be used to enable SAE-PK mode whenever SAE is enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
#ifdef CONFIG_SAE_PK
pos2 = os_strstr(pos, "|pk=");
if (pos2) {
const char *epos;
char *tmp;
if (!end)
end = pos2;
pos2 += 4;
epos = os_strchr(pos2, '|');
if (epos) {
tmp = os_malloc(epos - pos2 + 1);
if (!tmp)
goto fail;
os_memcpy(tmp, pos2, epos - pos2);
tmp[epos - pos2] = '\0';
} else {
tmp = os_strdup(pos2);
if (!tmp)
goto fail;
}
pw->pk = sae_parse_pk(tmp);
str_clear_free(tmp);
if (!pw->pk)
goto fail;
}
#endif /* CONFIG_SAE_PK */
SAE: Add support for using the optional Password Identifier This extends the SAE implementation in both infrastructure and mesh BSS cases to allow an optional Password Identifier to be used. This uses the mechanism added in P802.11REVmd/D1.0. The Password Identifier is configured in a wpa_supplicant network profile as a new string parameter sae_password_id. In hostapd configuration, the existing sae_password parameter has been extended to allow the password identifier (and also a peer MAC address) to be set. In addition, multiple sae_password entries can now be provided to hostapd to allow multiple per-peer and per-identifier passwords to be set. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
pos2 = os_strstr(pos, "|id=");
if (pos2) {
if (!end)
end = pos2;
pos2 += 4;
pw->identifier = os_strdup(pos2);
if (!pw->identifier)
goto fail;
}
if (!end) {
pw->password = os_strdup(val);
if (!pw->password)
goto fail;
} else {
pw->password = os_malloc(end - val + 1);
if (!pw->password)
goto fail;
os_memcpy(pw->password, val, end - val);
pw->password[end - val] = '\0';
}
SAE-PK: AP functionality This adds AP side functionality for SAE-PK. The new sae_password configuration parameters can now be used to enable SAE-PK mode whenever SAE is enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
#ifdef CONFIG_SAE_PK
SAE-PK: Add support to skip sae_pk password check for testing purposes Add support to skip sae_pk password check under compile flag CONFIG_TESTING_OPTIONS which allows AP to be configured with sae_pk enabled but a password that is invalid for sae_pk. Signed-off-by: Shaakir Mohamed <smohamed@codeaurora.org>
4 years ago
if (pw->pk &&
#ifdef CONFIG_TESTING_OPTIONS
!bss->sae_pk_password_check_skip &&
#endif /* CONFIG_TESTING_OPTIONS */
!sae_pk_valid_password(pw->password)) {
SAE-PK: AP functionality This adds AP side functionality for SAE-PK. The new sae_password configuration parameters can now be used to enable SAE-PK mode whenever SAE is enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
wpa_printf(MSG_INFO,
"Invalid SAE password for a SAE-PK sae_password entry");
goto fail;
}
#endif /* CONFIG_SAE_PK */
SAE: Add support for using the optional Password Identifier This extends the SAE implementation in both infrastructure and mesh BSS cases to allow an optional Password Identifier to be used. This uses the mechanism added in P802.11REVmd/D1.0. The Password Identifier is configured in a wpa_supplicant network profile as a new string parameter sae_password_id. In hostapd configuration, the existing sae_password parameter has been extended to allow the password identifier (and also a peer MAC address) to be set. In addition, multiple sae_password entries can now be provided to hostapd to allow multiple per-peer and per-identifier passwords to be set. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
pw->next = bss->sae_passwords;
bss->sae_passwords = pw;
return 0;
fail:
str_clear_free(pw->password);
os_free(pw->identifier);
SAE-PK: AP functionality This adds AP side functionality for SAE-PK. The new sae_password configuration parameters can now be used to enable SAE-PK mode whenever SAE is enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
#ifdef CONFIG_SAE_PK
sae_deinit_pk(pw->pk);
#endif /* CONFIG_SAE_PK */
SAE: Add support for using the optional Password Identifier This extends the SAE implementation in both infrastructure and mesh BSS cases to allow an optional Password Identifier to be used. This uses the mechanism added in P802.11REVmd/D1.0. The Password Identifier is configured in a wpa_supplicant network profile as a new string parameter sae_password_id. In hostapd configuration, the existing sae_password parameter has been extended to allow the password identifier (and also a peer MAC address) to be set. In addition, multiple sae_password entries can now be provided to hostapd to allow multiple per-peer and per-identifier passwords to be set. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
os_free(pw);
return -1;
}
#endif /* CONFIG_SAE */
DPP2: hostapd as TCP Relay The new hostapd configuration parameter dpp_controller can now be used with the following subparameter values: ipaddr=<IP address> pkhash=<hexdump>. This adds a new Controller into the configuration (i.e., more than one can be configured) and all incoming DPP exchanges that match the specified Controller public key hash are relayed to the particular Controller. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
#ifdef CONFIG_DPP2
static int hostapd_dpp_controller_parse(struct hostapd_bss_config *bss,
const char *pos)
{
struct dpp_controller_conf *conf;
char *val;
conf = os_zalloc(sizeof(*conf));
if (!conf)
return -1;
val = get_param(pos, "ipaddr=");
if (!val || hostapd_parse_ip_addr(val, &conf->ipaddr))
goto fail;
os_free(val);
val = get_param(pos, "pkhash=");
if (!val || os_strlen(val) != 2 * SHA256_MAC_LEN ||
hexstr2bin(val, conf->pkhash, SHA256_MAC_LEN) < 0)
goto fail;
os_free(val);
conf->next = bss->dpp_controller;
bss->dpp_controller = conf;
return 0;
fail:
os_free(val);
os_free(conf);
return -1;
}
#endif /* CONFIG_DPP2 */
Allow AP mode extended capabilities to be overridden The new hostapd configuration parameters ext_capa_mask and ext_capa can now be used to mask out or add extended capability bits. While this is not without CONFIG_TESTING_OPTIONS, the main use case for this is for testing purposes. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
static int get_hex_config(u8 *buf, size_t max_len, int line,
const char *field, const char *val)
{
size_t hlen = os_strlen(val), len = hlen / 2;
u8 tmp[EXT_CAPA_MAX_LEN];
os_memset(tmp, 0, EXT_CAPA_MAX_LEN);
if (hlen & 1 || len > EXT_CAPA_MAX_LEN || hexstr2bin(val, tmp, len)) {
wpa_printf(MSG_ERROR, "Line %d: Invalid %s", line, field);
return -1;
}
os_memcpy(buf, tmp, EXT_CAPA_MAX_LEN);
return 0;
}
hostapd: Split config item parser into a separate function This makes it easier to use the configuration file parser for updating the configuration at run time. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
static int hostapd_config_fill(struct hostapd_config *conf,
struct hostapd_bss_config *bss,
hostapd: Mark config parameter name const The functions parsing configuration parameters do not modify the name of the parameter, so mark that function argument constant. In theory, the value should also be const, but at least for now, number of the parser functions end up modifying this to simplify parsing. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
const char *buf, char *pos, int line)
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
{
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (os_strcmp(buf, "interface") == 0) {
os_strlcpy(conf->bss[0]->iface, pos,
sizeof(conf->bss[0]->iface));
} else if (os_strcmp(buf, "bridge") == 0) {
os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
} else if (os_strcmp(buf, "vlan_bridge") == 0) {
os_strlcpy(bss->vlan_bridge, pos, sizeof(bss->vlan_bridge));
} else if (os_strcmp(buf, "wds_bridge") == 0) {
os_strlcpy(bss->wds_bridge, pos, sizeof(bss->wds_bridge));
} else if (os_strcmp(buf, "driver") == 0) {
int j;
hostapd: Check driver parameter before replacing previous value This leaves the previously configured value in place if "SET driver ..." command fails. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
const struct wpa_driver_ops *driver = NULL;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
for (j = 0; wpa_drivers[j]; j++) {
if (os_strcmp(pos, wpa_drivers[j]->name) == 0) {
hostapd: Check driver parameter before replacing previous value This leaves the previously configured value in place if "SET driver ..." command fails. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
driver = wpa_drivers[j];
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
break;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
}
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
hostapd: Check driver parameter before replacing previous value This leaves the previously configured value in place if "SET driver ..." command fails. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
if (!driver) {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR,
"Line %d: invalid/unknown driver '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
hostapd: Check driver parameter before replacing previous value This leaves the previously configured value in place if "SET driver ..." command fails. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
conf->driver = driver;
Add hostapd driver_params config parameter This is mainly for development testing purposes to allow driver_nl80211 behavior to be modified. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
} else if (os_strcmp(buf, "driver_params") == 0) {
os_free(conf->driver_params);
conf->driver_params = os_strdup(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "debug") == 0) {
wpa_printf(MSG_DEBUG, "Line %d: DEPRECATED: 'debug' configuration variable is not used anymore",
line);
} else if (os_strcmp(buf, "logger_syslog_level") == 0) {
bss->logger_syslog_level = atoi(pos);
} else if (os_strcmp(buf, "logger_stdout_level") == 0) {
bss->logger_stdout_level = atoi(pos);
} else if (os_strcmp(buf, "logger_syslog") == 0) {
bss->logger_syslog = atoi(pos);
} else if (os_strcmp(buf, "logger_stdout") == 0) {
bss->logger_stdout = atoi(pos);
} else if (os_strcmp(buf, "dump_file") == 0) {
wpa_printf(MSG_INFO, "Line %d: DEPRECATED: 'dump_file' configuration variable is not used anymore",
line);
} else if (os_strcmp(buf, "ssid") == 0) {
bss->ssid.ssid_len = os_strlen(pos);
Replace HOSTAPD_MAX_SSID_LEN with SSID_MAX_LEN This makes source code more consistent. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (bss->ssid.ssid_len > SSID_MAX_LEN ||
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->ssid.ssid_len < 1) {
wpa_printf(MSG_ERROR, "Line %d: invalid SSID '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
os_memcpy(bss->ssid.ssid, pos, bss->ssid.ssid_len);
bss->ssid.ssid_set = 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "ssid2") == 0) {
size_t slen;
char *str = wpa_config_parse_string(pos, &slen);
Replace HOSTAPD_MAX_SSID_LEN with SSID_MAX_LEN This makes source code more consistent. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (str == NULL || slen < 1 || slen > SSID_MAX_LEN) {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR, "Line %d: invalid SSID '%s'",
line, pos);
Fix memory leaks on wpa_config_parse_string() error paths hostapd configuration parser did not free the temporary buffer on some error paths. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
os_free(str);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Fix memory leaks on wpa_config_parse_string() error paths hostapd configuration parser did not free the temporary buffer on some error paths. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
os_memcpy(bss->ssid.ssid, str, slen);
bss->ssid.ssid_len = slen;
bss->ssid.ssid_set = 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
os_free(str);
} else if (os_strcmp(buf, "utf8_ssid") == 0) {
bss->ssid.utf8_ssid = atoi(pos) > 0;
} else if (os_strcmp(buf, "macaddr_acl") == 0) {
hostapd: Reject invalid macaddr_acl value Previously, this was noted in error log, but the invalid value was stored in the configuration without rejecting it. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
enum macaddr_acl acl = atoi(pos);
if (acl != ACCEPT_UNLESS_DENIED &&
acl != DENY_UNLESS_ACCEPTED &&
acl != USE_EXTERNAL_RADIUS_AUTH) {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR, "Line %d: unknown macaddr_acl %d",
hostapd: Reject invalid macaddr_acl value Previously, this was noted in error log, but the invalid value was stored in the configuration without rejecting it. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
line, acl);
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
hostapd: Reject invalid macaddr_acl value Previously, this was noted in error log, but the invalid value was stored in the configuration without rejecting it. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
bss->macaddr_acl = acl;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "accept_mac_file") == 0) {
if (hostapd_config_read_maclist(pos, &bss->accept_mac,
&bss->num_accept_mac)) {
wpa_printf(MSG_ERROR, "Line %d: Failed to read accept_mac_file '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "deny_mac_file") == 0) {
if (hostapd_config_read_maclist(pos, &bss->deny_mac,
&bss->num_deny_mac)) {
wpa_printf(MSG_ERROR, "Line %d: Failed to read deny_mac_file '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "wds_sta") == 0) {
bss->wds_sta = atoi(pos);
} else if (os_strcmp(buf, "start_disabled") == 0) {
bss->start_disabled = atoi(pos);
} else if (os_strcmp(buf, "ap_isolate") == 0) {
bss->isolate = atoi(pos);
} else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
bss->ap_max_inactivity = atoi(pos);
} else if (os_strcmp(buf, "skip_inactivity_poll") == 0) {
bss->skip_inactivity_poll = atoi(pos);
} else if (os_strcmp(buf, "country_code") == 0) {
hostapd: Validate the country_code parameter value cfg80211/regulatory supports only ISO 3166-1 alpha2 country code and that's what this parameter is supposed to use, so validate the country code input before accepting the value. Only characters A..Z are accepted. Signed-off-by: Sriram R <srirrama@codeaurora.org>
4 years ago
if (pos[0] < 'A' || pos[0] > 'Z' ||
pos[1] < 'A' || pos[1] > 'Z') {
wpa_printf(MSG_ERROR,
"Line %d: Invalid country_code '%s'",
line, pos);
return 1;
}
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
os_memcpy(conf->country, pos, 2);
Make the third octet of Country String configurable The new hostapd.conf parameter country3 can now be used to configure the third octet of the Country String that was previously hardcoded to ' ' (= 0x20). For example: All environments of the current frequency band and country (default) country3=0x20 Outdoor environment only country3=0x4f Indoor environment only country3=0x49 Noncountry entity (country_code=XX) country3=0x58 IEEE 802.11 standard Annex E table indication: 0x01 .. 0x1f Annex E, Table E-4 (Global operating classes) country3=0x04 Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "country3") == 0) {
conf->country[2] = strtol(pos, NULL, 16);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "ieee80211d") == 0) {
conf->ieee80211d = atoi(pos);
} else if (os_strcmp(buf, "ieee80211h") == 0) {
conf->ieee80211h = atoi(pos);
} else if (os_strcmp(buf, "ieee8021x") == 0) {
bss->ieee802_1x = atoi(pos);
} else if (os_strcmp(buf, "eapol_version") == 0) {
hostapd: Do not update eapol_version with rejected value Previously, an invalid eapol_version update command was rejected, but the actual configuration value was updated. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
int eapol_version = atoi(pos);
macsec: Add configuration parameters for hostapd Signed-off-by: leiwei <leiwei@codeaurora.org>
5 years ago
#ifdef CONFIG_MACSEC
Make hostapd_config_fill() easier to auto indent The conditional compilation block with only the opening brace included in two variants was messing up auto indentation in emacs. Work around this by defining the maximum value conditionally while leave the if block outside any conditional building rules. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
int max_ver = 3;
macsec: Add configuration parameters for hostapd Signed-off-by: leiwei <leiwei@codeaurora.org>
5 years ago
#else /* CONFIG_MACSEC */
Make hostapd_config_fill() easier to auto indent The conditional compilation block with only the opening brace included in two variants was messing up auto indentation in emacs. Work around this by defining the maximum value conditionally while leave the if block outside any conditional building rules. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
int max_ver = 2;
macsec: Add configuration parameters for hostapd Signed-off-by: leiwei <leiwei@codeaurora.org>
5 years ago
#endif /* CONFIG_MACSEC */
Make hostapd_config_fill() easier to auto indent The conditional compilation block with only the opening brace included in two variants was messing up auto indentation in emacs. Work around this by defining the maximum value conditionally while leave the if block outside any conditional building rules. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
if (eapol_version < 1 || eapol_version > max_ver) {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR,
"Line %d: invalid EAPOL version (%d): '%s'.",
hostapd: Do not update eapol_version with rejected value Previously, an invalid eapol_version update command was rejected, but the actual configuration value was updated. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
line, eapol_version, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
hostapd: Do not update eapol_version with rejected value Previously, an invalid eapol_version update command was rejected, but the actual configuration value was updated. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
bss->eapol_version = eapol_version;
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_DEBUG, "eapol_version=%d", bss->eapol_version);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#ifdef EAP_SERVER
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "eap_authenticator") == 0) {
bss->eap_server = atoi(pos);
wpa_printf(MSG_ERROR, "Line %d: obsolete eap_authenticator used; this has been renamed to eap_server", line);
} else if (os_strcmp(buf, "eap_server") == 0) {
bss->eap_server = atoi(pos);
} else if (os_strcmp(buf, "eap_user_file") == 0) {
if (hostapd_config_read_eap_user(pos, bss))
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "ca_cert") == 0) {
os_free(bss->ca_cert);
bss->ca_cert = os_strdup(pos);
} else if (os_strcmp(buf, "server_cert") == 0) {
os_free(bss->server_cert);
bss->server_cert = os_strdup(pos);
OpenSSL: Allow two server certificates/keys to be configured on server hostapd EAP server can now be configured with two separate server certificates/keys to enable parallel operations using both RSA and ECC public keys. The server will pick which one to use based on the client preferences for the cipher suite (in the TLS ClientHello message). It should be noted that number of deployed EAP peer implementations do not filter out the cipher suite list based on their local configuration and as such, configuration of alternative types of certificates on the server may result in interoperability issues. Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
} else if (os_strcmp(buf, "server_cert2") == 0) {
os_free(bss->server_cert2);
bss->server_cert2 = os_strdup(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "private_key") == 0) {
os_free(bss->private_key);
bss->private_key = os_strdup(pos);
OpenSSL: Allow two server certificates/keys to be configured on server hostapd EAP server can now be configured with two separate server certificates/keys to enable parallel operations using both RSA and ECC public keys. The server will pick which one to use based on the client preferences for the cipher suite (in the TLS ClientHello message). It should be noted that number of deployed EAP peer implementations do not filter out the cipher suite list based on their local configuration and as such, configuration of alternative types of certificates on the server may result in interoperability issues. Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
} else if (os_strcmp(buf, "private_key2") == 0) {
os_free(bss->private_key2);
bss->private_key2 = os_strdup(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "private_key_passwd") == 0) {
os_free(bss->private_key_passwd);
bss->private_key_passwd = os_strdup(pos);
OpenSSL: Allow two server certificates/keys to be configured on server hostapd EAP server can now be configured with two separate server certificates/keys to enable parallel operations using both RSA and ECC public keys. The server will pick which one to use based on the client preferences for the cipher suite (in the TLS ClientHello message). It should be noted that number of deployed EAP peer implementations do not filter out the cipher suite list based on their local configuration and as such, configuration of alternative types of certificates on the server may result in interoperability issues. Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
} else if (os_strcmp(buf, "private_key_passwd2") == 0) {
os_free(bss->private_key_passwd2);
bss->private_key_passwd2 = os_strdup(pos);
OpenSSL: Add 'check_cert_subject' support for TLS server This patch added 'check_cert_subject' support to match the value of every field against the DN of the subject in the client certificate. If the values do not match, the certificate verification will fail and will reject the user. This option allows hostapd to match every individual field in the right order, also allow '*' character as a wildcard (e.g OU=Development*). Note: hostapd will match string up to 'wildcard' against the DN of the subject in the client certificate for every individual field. Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com> Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com> Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
} else if (os_strcmp(buf, "check_cert_subject") == 0) {
if (!pos[0]) {
wpa_printf(MSG_ERROR, "Line %d: unknown check_cert_subject '%s'",
line, pos);
return 1;
}
os_free(bss->check_cert_subject);
bss->check_cert_subject = os_strdup(pos);
if (!bss->check_cert_subject)
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "check_crl") == 0) {
bss->check_crl = atoi(pos);
hostapd: Add configuration option check_crl_strict Add the ability to ignore time-based CRL errors from OpenSSL by specifying a new configuration parameter, check_crl_strict=0. This causes the following: - This setting does nothing when CRL checking is not enabled. - When CRL is enabled, "strict mode" will cause CRL time errors to not be ignored and will continue behaving as it currently does. - When CRL is enabled, disabling strict mode will cause CRL time errors to be ignored and will allow connections. By default, check_crl_strict is set to 1, or strict mode, to keep current functionality. Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
7 years ago
} else if (os_strcmp(buf, "check_crl_strict") == 0) {
bss->check_crl_strict = atoi(pos);
crl_reload_interval: Add CRL reloading support This patch adds a new flag 'crl_reload_interval' to reload CRL periodically. This can be used to reload ca_cert file and the included CRL information on every new TLS session if difference between the last reload and the current time in seconds is greater than crl_reload_interval. This reloading is used for cases where check_crl is 1 or 2 and the CRL is included in the ca_file. Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com> Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
5 years ago
} else if (os_strcmp(buf, "crl_reload_interval") == 0) {
bss->crl_reload_interval = atoi(pos);
EAP server: Add tls_session_lifetime configuration This new hostapd configuration parameter can be used to enable TLS session resumption. This commit adds the configuration parameter through the configuration system and RADIUS/EAPOL/EAP server components. The actual changes to enable session caching will be addressed in followup commits. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
} else if (os_strcmp(buf, "tls_session_lifetime") == 0) {
bss->tls_session_lifetime = atoi(pos);
Add hostapd tls_flags parameter This can be used to set the TLS flags for authentication server. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "tls_flags") == 0) {
bss->tls_flags = parse_tls_flags(pos);
EAP server: Configurable maximum number of authentication message rounds Allow the previously hardcoded maximum numbers of EAP message rounds to be configured in hostapd EAP server. This can be used, e.g., to increase the default limits if very large X.509 certificates are used for EAP authentication. Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
} else if (os_strcmp(buf, "max_auth_rounds") == 0) {
bss->max_auth_rounds = atoi(pos);
} else if (os_strcmp(buf, "max_auth_rounds_short") == 0) {
bss->max_auth_rounds_short = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "ocsp_stapling_response") == 0) {
os_free(bss->ocsp_stapling_response);
bss->ocsp_stapling_response = os_strdup(pos);
Server configuration for OCSP stapling with ocsp_multi (RFC 6961) This adds a new hostapd configuration parameter ocsp_stapling_response_multi that can be used similarly to the existing ocsp_stapling_response, but for the purpose of providing multiple cached OCSP responses. This commit adds only the configuration parameter, but does not yet add support for this mechanism with any of the supported TLS implementations. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
} else if (os_strcmp(buf, "ocsp_stapling_response_multi") == 0) {
os_free(bss->ocsp_stapling_response_multi);
bss->ocsp_stapling_response_multi = os_strdup(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "dh_file") == 0) {
os_free(bss->dh_file);
bss->dh_file = os_strdup(pos);
hostapd: Allow OpenSSL cipherlist string to be configured The new openssl_cipher configuration parameter can be used to select which TLS cipher suites are enabled when hostapd is used as an EAP server with OpenSSL as the TLS library. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
} else if (os_strcmp(buf, "openssl_ciphers") == 0) {
os_free(bss->openssl_ciphers);
bss->openssl_ciphers = os_strdup(pos);
hostapd: Add openssl_ecdh_curves configuration parameter This makes it possible to use ECDSA certificates with EAP-TLS/TTLS/etc. It should be noted that when using Suite B, different mechanism is used to specify the allowed ECDH curves and this new parameter must not be used in such cases. Signed-off-by: Hristo Venev <hristo@venev.name>
7 years ago
} else if (os_strcmp(buf, "openssl_ecdh_curves") == 0) {
os_free(bss->openssl_ecdh_curves);
bss->openssl_ecdh_curves = os_strdup(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "fragment_size") == 0) {
bss->fragment_size = atoi(pos);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#ifdef EAP_SERVER_FAST
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "pac_opaque_encr_key") == 0) {
os_free(bss->pac_opaque_encr_key);
bss->pac_opaque_encr_key = os_malloc(16);
if (bss->pac_opaque_encr_key == NULL) {
wpa_printf(MSG_ERROR,
"Line %d: No memory for pac_opaque_encr_key",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (hexstr2bin(pos, bss->pac_opaque_encr_key, 16)) {
wpa_printf(MSG_ERROR, "Line %d: Invalid pac_opaque_encr_key",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "eap_fast_a_id") == 0) {
size_t idlen = os_strlen(pos);
if (idlen & 1) {
wpa_printf(MSG_ERROR, "Line %d: Invalid eap_fast_a_id",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
os_free(bss->eap_fast_a_id);
bss->eap_fast_a_id = os_malloc(idlen / 2);
if (bss->eap_fast_a_id == NULL ||
hexstr2bin(pos, bss->eap_fast_a_id, idlen / 2)) {
wpa_printf(MSG_ERROR, "Line %d: Failed to parse eap_fast_a_id",
line);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
os_free(bss->eap_fast_a_id);
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->eap_fast_a_id = NULL;
return 1;
} else {
bss->eap_fast_a_id_len = idlen / 2;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "eap_fast_a_id_info") == 0) {
os_free(bss->eap_fast_a_id_info);
bss->eap_fast_a_id_info = os_strdup(pos);
} else if (os_strcmp(buf, "eap_fast_prov") == 0) {
bss->eap_fast_prov = atoi(pos);
} else if (os_strcmp(buf, "pac_key_lifetime") == 0) {
bss->pac_key_lifetime = atoi(pos);
} else if (os_strcmp(buf, "pac_key_refresh_time") == 0) {
bss->pac_key_refresh_time = atoi(pos);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#endif /* EAP_SERVER_FAST */
EAP-TEAP server and peer implementation (RFC 7170) This adds support for a new EAP method: EAP-TEAP (Tunnel Extensible Authentication Protocol). This should be considered experimental since RFC 7170 has number of conflicting statements and missing details to allow unambiguous interpretation. As such, there may be interoperability issues with other implementations and this version should not be deployed for production purposes until those unclear areas are resolved. This does not yet support use of NewSessionTicket message to deliver a new PAC (either in the server or peer implementation). In other words, only the in-tunnel distribution of PAC-Opaque is supported for now. Use of the NewSessionTicket mechanism would require TLS library support to allow arbitrary data to be specified as the contents of the message. Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
#ifdef EAP_SERVER_TEAP
} else if (os_strcmp(buf, "eap_teap_auth") == 0) {
int val = atoi(pos);
EAP-TEAP (server): Allow Phase 2 skip based on client certificate eap_teap_auth=2 can now be used to configure hostapd to skip Phase 2 if the peer can be authenticated based on client certificate during Phase 1. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
if (val < 0 || val > 2) {
EAP-TEAP server and peer implementation (RFC 7170) This adds support for a new EAP method: EAP-TEAP (Tunnel Extensible Authentication Protocol). This should be considered experimental since RFC 7170 has number of conflicting statements and missing details to allow unambiguous interpretation. As such, there may be interoperability issues with other implementations and this version should not be deployed for production purposes until those unclear areas are resolved. This does not yet support use of NewSessionTicket message to deliver a new PAC (either in the server or peer implementation). In other words, only the in-tunnel distribution of PAC-Opaque is supported for now. Use of the NewSessionTicket mechanism would require TLS library support to allow arbitrary data to be specified as the contents of the message. Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
wpa_printf(MSG_ERROR,
"Line %d: Invalid eap_teap_auth value",
line);
return 1;
}
bss->eap_teap_auth = val;
} else if (os_strcmp(buf, "eap_teap_pac_no_inner") == 0) {
bss->eap_teap_pac_no_inner = atoi(pos);
EAP-TEAP server: Testing mechanism for Result TLV in a separate message The new eap_teap_separate_result=1 hostapd configuration parameter can be used to test TEAP exchange where the Intermediate-Result TLV and Crypto-Binding TLV are send in one message exchange while the Result TLV exchange in done after that in a separate message exchange. Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
} else if (os_strcmp(buf, "eap_teap_separate_result") == 0) {
bss->eap_teap_separate_result = atoi(pos);
EAP-TEAP server: Allow a specific Identity-Type to be requested/required The new hostapd configuration parameter eap_teap_id can be used to configure the expected behavior for used identity type. Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
} else if (os_strcmp(buf, "eap_teap_id") == 0) {
bss->eap_teap_id = atoi(pos);
EAP-TEAP server and peer implementation (RFC 7170) This adds support for a new EAP method: EAP-TEAP (Tunnel Extensible Authentication Protocol). This should be considered experimental since RFC 7170 has number of conflicting statements and missing details to allow unambiguous interpretation. As such, there may be interoperability issues with other implementations and this version should not be deployed for production purposes until those unclear areas are resolved. This does not yet support use of NewSessionTicket message to deliver a new PAC (either in the server or peer implementation). In other words, only the in-tunnel distribution of PAC-Opaque is supported for now. Use of the NewSessionTicket mechanism would require TLS library support to allow arbitrary data to be specified as the contents of the message. Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
#endif /* EAP_SERVER_TEAP */
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#ifdef EAP_SERVER_SIM
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "eap_sim_db") == 0) {
os_free(bss->eap_sim_db);
bss->eap_sim_db = os_strdup(pos);
eap_sim_db: Implement eap_sim_db_expire_pending() Expire pending DB request for EAP-SIM/AKA/AKA'. Timeout defaults to 1 second and is user configurable in hostapd.conf (eap_sim_db_timeout). Signed-off-by: Frederic Leroy <frederic.leroy@b-com.com>
9 years ago
} else if (os_strcmp(buf, "eap_sim_db_timeout") == 0) {
bss->eap_sim_db_timeout = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "eap_sim_aka_result_ind") == 0) {
bss->eap_sim_aka_result_ind = atoi(pos);
EAP-SIM/AKA server: Allow pseudonym/fast reauth to be disabled The new hostapd configuration option eap_sim_id can now be used to disable use of pseudonym and/or fast reauthentication with EAP-SIM, EAP-AKA, and EAP-AKA'. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
} else if (os_strcmp(buf, "eap_sim_id") == 0) {
bss->eap_sim_id = atoi(pos);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#endif /* EAP_SERVER_SIM */
#ifdef EAP_SERVER_TNC
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "tnc") == 0) {
bss->tnc = atoi(pos);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#endif /* EAP_SERVER_TNC */
EAP-pwd: Add support for EAP-pwd server and peer functionality This adds an initial EAP-pwd (RFC 5931) implementation. For now, this requires OpenSSL.
14 years ago
#ifdef EAP_SERVER_PWD
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "pwd_group") == 0) {
bss->pwd_group = atoi(pos);
EAP-pwd: Add support for EAP-pwd server and peer functionality This adds an initial EAP-pwd (RFC 5931) implementation. For now, this requires OpenSSL.
14 years ago
#endif /* EAP_SERVER_PWD */
Reject eap_server_erp hostapd.conf parameter without CONFIG_ERP=y This provides an explicit error report if runtime configuration is not valid and ERP server functionality cannot be used. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
#ifdef CONFIG_ERP
ERP: Add support for ERP on EAP server and authenticator Derive rRK and rIK on EAP server if ERP is enabled and use these keys to allow EAP re-authentication to be used and to derive rMSK. The new hostapd configuration parameter eap_server_erp=1 can now be used to configure the integrated EAP server to derive EMSK, rRK, and rIK at the successful completion of an EAP authentication method. This functionality is not included in the default build and can be enabled with CONFIG_ERP=y. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
} else if (os_strcmp(buf, "eap_server_erp") == 0) {
bss->eap_server_erp = atoi(pos);
Reject eap_server_erp hostapd.conf parameter without CONFIG_ERP=y This provides an explicit error report if runtime configuration is not valid and ERP server functionality cannot be used. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
#endif /* CONFIG_ERP */
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#endif /* EAP_SERVER */
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "eap_message") == 0) {
char *term;
Fix memory leaks in hostapd configuration updates Some of the allocated configuration parameter did not free the previous value if a configuration file or ctrl_iface SET command updated a previously set value. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
os_free(bss->eap_req_id_text);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->eap_req_id_text = os_strdup(pos);
if (bss->eap_req_id_text == NULL) {
wpa_printf(MSG_ERROR, "Line %d: Failed to allocate memory for eap_req_id_text",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
bss->eap_req_id_text_len = os_strlen(bss->eap_req_id_text);
term = os_strstr(bss->eap_req_id_text, "\\0");
if (term) {
*term++ = '\0';
os_memmove(term, term + 1,
bss->eap_req_id_text_len -
(term - bss->eap_req_id_text) - 1);
bss->eap_req_id_text_len--;
}
ERP: Add optional EAP-Initiate/Re-auth-Start transmission hostapd can now be configured to transmit EAP-Initiate/Re-auth-Start before EAP-Request/Identity to try to initiate ERP. This is disabled by default and can be enabled with erp_send_reauth_start=1 and optional erp_reauth_start_domain=<domain>. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
} else if (os_strcmp(buf, "erp_send_reauth_start") == 0) {
bss->erp_send_reauth_start = atoi(pos);
} else if (os_strcmp(buf, "erp_domain") == 0) {
os_free(bss->erp_domain);
bss->erp_domain = os_strdup(pos);
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#ifdef CONFIG_WEP
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "wep_key_len_broadcast") == 0) {
hostapd: Do not update rejected wep_key_len_broadcast Previously, update command with invalid value got rejected, but the actual configuration data was updated anyway. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
int val = atoi(pos);
if (val < 0 || val > 13) {
wpa_printf(MSG_ERROR,
"Line %d: invalid WEP key len %d (= %d bits)",
line, val, val * 8);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
hostapd: Do not update rejected wep_key_len_broadcast Previously, update command with invalid value got rejected, but the actual configuration data was updated anyway. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
bss->default_wep_key_len = val;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "wep_key_len_unicast") == 0) {
hostapd: Do not update invalid wep_key_len_unicast Previously, the update command was rejected, but the configuration parameter value was updated anyway. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
int val = atoi(pos);
if (val < 0 || val > 13) {
wpa_printf(MSG_ERROR,
"Line %d: invalid WEP key len %d (= %d bits)",
line, val, val * 8);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
hostapd: Do not update invalid wep_key_len_unicast Previously, the update command was rejected, but the configuration parameter value was updated anyway. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
bss->individual_wep_key_len = val;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "wep_rekey_period") == 0) {
bss->wep_rekeying_period = atoi(pos);
if (bss->wep_rekeying_period < 0) {
wpa_printf(MSG_ERROR, "Line %d: invalid period %d",
line, bss->wep_rekeying_period);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#endif /* CONFIG_WEP */
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "eap_reauth_period") == 0) {
bss->eap_reauth_period = atoi(pos);
if (bss->eap_reauth_period < 0) {
wpa_printf(MSG_ERROR, "Line %d: invalid period %d",
line, bss->eap_reauth_period);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "eapol_key_index_workaround") == 0) {
bss->eapol_key_index_workaround = atoi(pos);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#ifdef CONFIG_IAPP
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "iapp_interface") == 0) {
Remove IAPP functionality from hostapd IEEE Std 802.11F-2003 was withdrawn in 2006 and as such it has not been maintained nor is there any expectation of the withdrawn trial-use recommended practice to be maintained in the future. Furthermore, implementation of IAPP in hostapd was not complete, i.e., only parts of the recommended practice were included. The main item of some real use long time ago was the Layer 2 Update frame to update bridges when a STA roams within an ESS, but that functionality has, in practice, been moved to kernel drivers to provide better integration with the networking stack. Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
wpa_printf(MSG_INFO, "DEPRECATED: iapp_interface not used");
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#endif /* CONFIG_IAPP */
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "own_ip_addr") == 0) {
if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) {
wpa_printf(MSG_ERROR,
"Line %d: invalid IP address '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "nas_identifier") == 0) {
Fix memory leaks in hostapd configuration updates Some of the allocated configuration parameter did not free the previous value if a configuration file or ctrl_iface SET command updated a previously set value. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
os_free(bss->nas_identifier);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->nas_identifier = os_strdup(pos);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#ifndef CONFIG_NO_RADIUS
Add option to force a specific RADIUS client address to be used The new hostapd.conf parameter radius_client_addr can now be used to select a specific local IP address to be used as the RADIUS client address. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
} else if (os_strcmp(buf, "radius_client_addr") == 0) {
if (hostapd_parse_ip_addr(pos, &bss->radius->client_addr)) {
wpa_printf(MSG_ERROR,
"Line %d: invalid IP address '%s'",
line, pos);
return 1;
}
bss->radius->force_client_addr = 1;
RADIUS client: Support SO_BINDTODEVICE Allow the RADIUS client socket to be bound to a specific netdev. This helps hostapd work better in VRF and other fancy network environments. Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Andreas Tobler <andreas.tobler at onway.ch>
4 years ago
} else if (os_strcmp(buf, "radius_client_dev") == 0) {
os_free(bss->radius->force_client_dev);
bss->radius->force_client_dev = os_strdup(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "auth_server_addr") == 0) {
if (hostapd_config_read_radius_addr(
&bss->radius->auth_servers,
&bss->radius->num_auth_servers, pos, 1812,
&bss->radius->auth_server)) {
wpa_printf(MSG_ERROR,
"Line %d: invalid IP address '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Allow RADIUS server address to be replaced The new hostapd parameters auth_server_addr_replace and acct_server_addr_replace can now be used to replace the configured IP address instead of adding a new RADIUS server. This is mainly useful for testing purposes where the address can be changed over control interface during AP operation. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
} else if (bss->radius->auth_server &&
os_strcmp(buf, "auth_server_addr_replace") == 0) {
if (hostapd_parse_ip_addr(pos,
&bss->radius->auth_server->addr)) {
wpa_printf(MSG_ERROR,
"Line %d: invalid IP address '%s'",
line, pos);
return 1;
}
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (bss->radius->auth_server &&
os_strcmp(buf, "auth_server_port") == 0) {
bss->radius->auth_server->port = atoi(pos);
} else if (bss->radius->auth_server &&
os_strcmp(buf, "auth_server_shared_secret") == 0) {
int len = os_strlen(pos);
if (len == 0) {
/* RFC 2865, Ch. 3 */
wpa_printf(MSG_ERROR, "Line %d: empty shared secret is not allowed",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Fix memory leaks in hostapd configuration updates Some of the allocated configuration parameter did not free the previous value if a configuration file or ctrl_iface SET command updated a previously set value. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
os_free(bss->radius->auth_server->shared_secret);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->radius->auth_server->shared_secret = (u8 *) os_strdup(pos);
bss->radius->auth_server->shared_secret_len = len;
} else if (os_strcmp(buf, "acct_server_addr") == 0) {
if (hostapd_config_read_radius_addr(
&bss->radius->acct_servers,
&bss->radius->num_acct_servers, pos, 1813,
&bss->radius->acct_server)) {
wpa_printf(MSG_ERROR,
"Line %d: invalid IP address '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Allow RADIUS server address to be replaced The new hostapd parameters auth_server_addr_replace and acct_server_addr_replace can now be used to replace the configured IP address instead of adding a new RADIUS server. This is mainly useful for testing purposes where the address can be changed over control interface during AP operation. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
}
} else if (bss->radius->acct_server &&
os_strcmp(buf, "acct_server_addr_replace") == 0) {
if (hostapd_parse_ip_addr(pos,
&bss->radius->acct_server->addr)) {
wpa_printf(MSG_ERROR,
"Line %d: invalid IP address '%s'",
line, pos);
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (bss->radius->acct_server &&
os_strcmp(buf, "acct_server_port") == 0) {
bss->radius->acct_server->port = atoi(pos);
} else if (bss->radius->acct_server &&
os_strcmp(buf, "acct_server_shared_secret") == 0) {
int len = os_strlen(pos);
if (len == 0) {
/* RFC 2865, Ch. 3 */
wpa_printf(MSG_ERROR, "Line %d: empty shared secret is not allowed",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Fix memory leaks in hostapd configuration updates Some of the allocated configuration parameter did not free the previous value if a configuration file or ctrl_iface SET command updated a previously set value. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
os_free(bss->radius->acct_server->shared_secret);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->radius->acct_server->shared_secret = (u8 *) os_strdup(pos);
bss->radius->acct_server->shared_secret_len = len;
} else if (os_strcmp(buf, "radius_retry_primary_interval") == 0) {
bss->radius->retry_primary_interval = atoi(pos);
} else if (os_strcmp(buf, "radius_acct_interim_interval") == 0) {
bss->acct_interim_interval = atoi(pos);
} else if (os_strcmp(buf, "radius_request_cui") == 0) {
bss->radius_request_cui = atoi(pos);
} else if (os_strcmp(buf, "radius_auth_req_attr") == 0) {
struct hostapd_radius_attr *attr, *a;
attr = hostapd_parse_radius_attr(pos);
if (attr == NULL) {
wpa_printf(MSG_ERROR,
"Line %d: invalid radius_auth_req_attr",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (bss->radius_auth_req_attr == NULL) {
bss->radius_auth_req_attr = attr;
} else {
a = bss->radius_auth_req_attr;
while (a->next)
a = a->next;
a->next = attr;
}
} else if (os_strcmp(buf, "radius_acct_req_attr") == 0) {
struct hostapd_radius_attr *attr, *a;
attr = hostapd_parse_radius_attr(pos);
if (attr == NULL) {
wpa_printf(MSG_ERROR,
"Line %d: invalid radius_acct_req_attr",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (bss->radius_acct_req_attr == NULL) {
bss->radius_acct_req_attr = attr;
} else {
a = bss->radius_acct_req_attr;
while (a->next)
a = a->next;
a->next = attr;
}
Extra RADIUS request attributes from SQLite Add an SQLite table for defining per station MAC address version of radius_auth_req_attr/radius_acct_req_attr information. Create the necessary table and index where this doesn't exist. Select attributes from the table keyed by station MAC address and request type (auth or acct), parse and apply to a RADIUS message. Add radius_req_attr_sqlite hostapd config option for SQLite database file. Open/close RADIUS attribute database for a lifetime of a BSS and invoke functions to add extra attributes during RADIUS auth and accounting request generation. Signed-off-by: Terry Burton <tez@terryburton.co.uk>
5 years ago
} else if (os_strcmp(buf, "radius_req_attr_sqlite") == 0) {
os_free(bss->radius_req_attr_sqlite);
bss->radius_req_attr_sqlite = os_strdup(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "radius_das_port") == 0) {
bss->radius_das_port = atoi(pos);
} else if (os_strcmp(buf, "radius_das_client") == 0) {
if (hostapd_parse_das_client(bss, pos) < 0) {
wpa_printf(MSG_ERROR, "Line %d: invalid DAS client",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "radius_das_time_window") == 0) {
bss->radius_das_time_window = atoi(pos);
} else if (os_strcmp(buf, "radius_das_require_event_timestamp") == 0) {
bss->radius_das_require_event_timestamp = atoi(pos);
Add a require_message_authenticator configuration option This can be used to mandate the presence of the Message-Authenticator attribute on CoA/Disconnect-Request packets. Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
8 years ago
} else if (os_strcmp(buf, "radius_das_require_message_authenticator") ==
0) {
bss->radius_das_require_message_authenticator = atoi(pos);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#endif /* CONFIG_NO_RADIUS */
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "auth_algs") == 0) {
bss->auth_algs = atoi(pos);
if (bss->auth_algs == 0) {
wpa_printf(MSG_ERROR, "Line %d: no authentication algorithms allowed",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "max_num_sta") == 0) {
bss->max_num_sta = atoi(pos);
if (bss->max_num_sta < 0 ||
bss->max_num_sta > MAX_STA_COUNT) {
wpa_printf(MSG_ERROR, "Line %d: Invalid max_num_sta=%d; allowed range 0..%d",
line, bss->max_num_sta, MAX_STA_COUNT);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "wpa") == 0) {
bss->wpa = atoi(pos);
AP: Support Extended Key ID Support Extended Key ID in hostapd according to IEEE Std 802.11-2016. Extended Key ID allows to rekey pairwise keys without the otherwise unavoidable MPDU losses on a busy link. The standard is fully backward compatible, allowing an AP to serve STAs with and without Extended Key ID support in the same BSS. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
4 years ago
} else if (os_strcmp(buf, "extended_key_id") == 0) {
int val = atoi(pos);
AP: Fix Extended Key ID parameter check Check the new variable to be set instead the current setting. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
4 years ago
if (val < 0 || val > 2) {
AP: Support Extended Key ID Support Extended Key ID in hostapd according to IEEE Std 802.11-2016. Extended Key ID allows to rekey pairwise keys without the otherwise unavoidable MPDU losses on a busy link. The standard is fully backward compatible, allowing an AP to serve STAs with and without Extended Key ID support in the same BSS. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
4 years ago
wpa_printf(MSG_ERROR,
"Line %d: Invalid extended_key_id=%d; allowed range 0..2",
AP: Fix Extended Key ID parameter check Check the new variable to be set instead the current setting. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
4 years ago
line, val);
AP: Support Extended Key ID Support Extended Key ID in hostapd according to IEEE Std 802.11-2016. Extended Key ID allows to rekey pairwise keys without the otherwise unavoidable MPDU losses on a busy link. The standard is fully backward compatible, allowing an AP to serve STAs with and without Extended Key ID support in the same BSS. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
4 years ago
return 1;
}
bss->extended_key_id = val;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "wpa_group_rekey") == 0) {
bss->wpa_group_rekey = atoi(pos);
Update default wpa_group_rekey to once-per-day when using CCMP/GCMP The default value for GTK rekeying period was previously hardcoded to 600 seconds for all cases. Leave that short value only for TKIP as group cipher while moving to the IEEE 802.11 default value of 86400 seconds (once-per-day) for CCMP/GCMP. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
bss->wpa_group_rekey_set = 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "wpa_strict_rekey") == 0) {
bss->wpa_strict_rekey = atoi(pos);
} else if (os_strcmp(buf, "wpa_gmk_rekey") == 0) {
bss->wpa_gmk_rekey = atoi(pos);
} else if (os_strcmp(buf, "wpa_ptk_rekey") == 0) {
bss->wpa_ptk_rekey = atoi(pos);
AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaround Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken implementations and should be avoided when using or interacting with one. The effects can be triggered by either end of the connection and range from hardly noticeable disconnects over long connection freezes up to leaking clear text MPDUs. To allow affected users to mitigate the issues, add a new hostapd configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with disconnection. This requires the station to reassociate to get connected again and as such, can result in connectivity issues as well. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
4 years ago
} else if (os_strcmp(buf, "wpa_deny_ptk0_rekey") == 0) {
bss->wpa_deny_ptk0_rekey = atoi(pos);
if (bss->wpa_deny_ptk0_rekey < 0 ||
bss->wpa_deny_ptk0_rekey > 2) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid wpa_deny_ptk0_rekey=%d; allowed range 0..2",
line, bss->wpa_deny_ptk0_rekey);
return 1;
}
Add hostapd options wpa_group_update_count and wpa_pairwise_update_count wpa_group_update_count and wpa_pairwise_update_count can now be used to set the GTK and PTK rekey retry limits (dot11RSNAConfigGroupUpdateCount and dot11RSNAConfigPairwiseUpdateCount). Defaults set to current hardcoded value (4). Some stations may suffer from frequent deauthentications due to GTK rekey failures: EAPOL 1/2 frame is not answered during the total timeout period of currently ~3.5 seconds. For example, a Galaxy S6 with Android 6.0.1 appears to go into power save mode for up to 5 seconds. Increasing wpa_group_update_count to 6 fixed this issue. Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
7 years ago
} else if (os_strcmp(buf, "wpa_group_update_count") == 0) {
char *endp;
unsigned long val = strtoul(pos, &endp, 0);
if (*endp || val < 1 || val > (u32) -1) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid wpa_group_update_count=%lu; allowed range 1..4294967295",
line, val);
return 1;
}
bss->wpa_group_update_count = (u32) val;
} else if (os_strcmp(buf, "wpa_pairwise_update_count") == 0) {
char *endp;
unsigned long val = strtoul(pos, &endp, 0);
if (*endp || val < 1 || val > (u32) -1) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid wpa_pairwise_update_count=%lu; allowed range 1..4294967295",
line, val);
return 1;
}
bss->wpa_pairwise_update_count = (u32) val;
Optional AP side workaround for key reinstallation attacks This adds a new hostapd configuration parameter wpa_disable_eapol_key_retries=1 that can be used to disable retransmission of EAPOL-Key frames that are used to install keys (EAPOL-Key message 3/4 and group message 1/2). This is similar to setting wpa_group_update_count=1 and wpa_pairwise_update_count=1, but with no impact to message 1/4 retries and with extended timeout for messages 4/4 and group message 2/2 to avoid causing issues with stations that may use aggressive power saving have very long time in replying to the EAPOL-Key messages. This option can be used to work around key reinstallation attacks on the station (supplicant) side in cases those station devices cannot be updated for some reason. By removing the retransmissions the attacker cannot cause key reinstallation with a delayed frame transmission. This is related to the station side vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, and CVE-2017-13081. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load due to the number of attempts to perform the key exchange is reduced significantly. As such, this workaround is disabled by default (unless overridden in build configuration). To enable this, set the parameter to 1. It is also possible to enable this in the build by default by adding the following to the build configuration: CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
} else if (os_strcmp(buf, "wpa_disable_eapol_key_retries") == 0) {
bss->wpa_disable_eapol_key_retries = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "wpa_passphrase") == 0) {
int len = os_strlen(pos);
if (len < 8 || len > 63) {
wpa_printf(MSG_ERROR, "Line %d: invalid WPA passphrase length %d (expected 8..63)",
line, len);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
os_free(bss->ssid.wpa_passphrase);
bss->ssid.wpa_passphrase = os_strdup(pos);
if (bss->ssid.wpa_passphrase) {
Add helper function to clear and free wpa_psk list This change adds the function hostapd_config_clear_wpa_psk() that deletes an entire wpa_psk structure, making sure to follow the linked list and to free the allocated memory of each PSK node. This helps to prevent memory leaks when using PSKs from multiple sources and reconfiguring the AP during runtime. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
9 years ago
hostapd_config_clear_wpa_psk(&bss->ssid.wpa_psk);
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->ssid.wpa_passphrase_set = 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "wpa_psk") == 0) {
Add helper function to clear and free wpa_psk list This change adds the function hostapd_config_clear_wpa_psk() that deletes an entire wpa_psk structure, making sure to follow the linked list and to free the allocated memory of each PSK node. This helps to prevent memory leaks when using PSKs from multiple sources and reconfiguring the AP during runtime. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
9 years ago
hostapd_config_clear_wpa_psk(&bss->ssid.wpa_psk);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->ssid.wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
if (bss->ssid.wpa_psk == NULL)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (hexstr2bin(pos, bss->ssid.wpa_psk->psk, PMK_LEN) ||
pos[PMK_LEN * 2] != '\0') {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR, "Line %d: Invalid PSK '%s'.",
line, pos);
Add helper function to clear and free wpa_psk list This change adds the function hostapd_config_clear_wpa_psk() that deletes an entire wpa_psk structure, making sure to follow the linked list and to free the allocated memory of each PSK node. This helps to prevent memory leaks when using PSKs from multiple sources and reconfiguring the AP during runtime. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
9 years ago
hostapd_config_clear_wpa_psk(&bss->ssid.wpa_psk);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->ssid.wpa_psk->group = 1;
os_free(bss->ssid.wpa_passphrase);
bss->ssid.wpa_passphrase = NULL;
bss->ssid.wpa_psk_set = 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "wpa_psk_file") == 0) {
os_free(bss->ssid.wpa_psk_file);
bss->ssid.wpa_psk_file = os_strdup(pos);
if (!bss->ssid.wpa_psk_file) {
wpa_printf(MSG_ERROR, "Line %d: allocation failed",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "wpa_key_mgmt") == 0) {
bss->wpa_key_mgmt = hostapd_config_parse_key_mgmt(line, pos);
if (bss->wpa_key_mgmt == -1)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "wpa_psk_radius") == 0) {
bss->wpa_psk_radius = atoi(pos);
if (bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
bss->wpa_psk_radius != PSK_RADIUS_ACCEPTED &&
bss->wpa_psk_radius != PSK_RADIUS_REQUIRED) {
wpa_printf(MSG_ERROR,
"Line %d: unknown wpa_psk_radius %d",
line, bss->wpa_psk_radius);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "wpa_pairwise") == 0) {
bss->wpa_pairwise = hostapd_config_parse_cipher(line, pos);
if (bss->wpa_pairwise == -1 || bss->wpa_pairwise == 0)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (bss->wpa_pairwise &
(WPA_CIPHER_NONE | WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)) {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR, "Line %d: unsupported pairwise cipher suite '%s'",
Fix hostapd debug messages on wpa_pairwise and rsn_pairwise parsing Incorrect value was printed out as the line number for this messages. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "rsn_pairwise") == 0) {
bss->rsn_pairwise = hostapd_config_parse_cipher(line, pos);
if (bss->rsn_pairwise == -1 || bss->rsn_pairwise == 0)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (bss->rsn_pairwise &
(WPA_CIPHER_NONE | WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)) {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR, "Line %d: unsupported pairwise cipher suite '%s'",
Fix hostapd debug messages on wpa_pairwise and rsn_pairwise parsing Incorrect value was printed out as the line number for this messages. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Allow group cipher selection to be overridden The new hostapd configuration parameter group_cipher can now be used to override the automatic cipher selection based on enabled pairwise ciphers. It should be noted that selecting an unexpected group cipher can result in interoperability issues and this new capability is mainly for testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "group_cipher") == 0) {
bss->group_cipher = hostapd_config_parse_cipher(line, pos);
if (bss->group_cipher == -1 || bss->group_cipher == 0)
return 1;
if (bss->group_cipher != WPA_CIPHER_TKIP &&
bss->group_cipher != WPA_CIPHER_CCMP &&
bss->group_cipher != WPA_CIPHER_GCMP &&
bss->group_cipher != WPA_CIPHER_GCMP_256 &&
bss->group_cipher != WPA_CIPHER_CCMP_256) {
wpa_printf(MSG_ERROR,
"Line %d: unsupported group cipher suite '%s'",
line, pos);
return 1;
}
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#ifdef CONFIG_RSN_PREAUTH
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "rsn_preauth") == 0) {
bss->rsn_preauth = atoi(pos);
} else if (os_strcmp(buf, "rsn_preauth_interfaces") == 0) {
Fix memory leaks in hostapd configuration updates Some of the allocated configuration parameter did not free the previous value if a configuration file or ctrl_iface SET command updated a previously set value. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
os_free(bss->rsn_preauth_interfaces);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->rsn_preauth_interfaces = os_strdup(pos);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#endif /* CONFIG_RSN_PREAUTH */
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "peerkey") == 0) {
Remove all PeerKey functionality This was originally added to allow the IEEE 802.11 protocol to be tested, but there are no known fully functional implementations based on this nor any known deployments of PeerKey functionality. Furthermore, PeerKey design in the IEEE Std 802.11-2016 standard has already been marked as obsolete for DLS and it is being considered for complete removal in REVmd. This implementation did not really work, so it could not have been used in practice. For example, key configuration was using incorrect algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in mapping to an invalid WPA_ALG_* value for the actual driver operation. As such, the derived key could not have been successfully set for the link. Since there are bugs in this implementation and there does not seem to be any future for the PeerKey design with DLS (TDLS being the future for DLS), the best approach is to simply delete all this code to simplify the EAPOL-Key handling design and to get rid of any potential issues if these code paths were accidentially reachable. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
wpa_printf(MSG_INFO,
"Line %d: Obsolete peerkey parameter ignored", line);
FT: Complete CONFIG_IEEE80211R_AP renaming for hostapd Commit 4ec1fd8e42bad9390f14a58225b6e5f6fb691950 ('FT: Differentiate between FT for station and for AP in build') renamed all CONFIG_IEEE80211R instances within src/ap/* to CONFIG_IEEE80211R_AP, but it did not change hostapd/* files to match. While this does not cause much harm for normal use cases, this broke some test builds where wpa_supplicant build is used to build in hostapd/*.c files for analysis. Fix this by completing CONFIG_IEEE80211R_AP renaming. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
#ifdef CONFIG_IEEE80211R_AP
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "mobility_domain") == 0) {
if (os_strlen(pos) != 2 * MOBILITY_DOMAIN_ID_LEN ||
hexstr2bin(pos, bss->mobility_domain,
MOBILITY_DOMAIN_ID_LEN) != 0) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid mobility_domain '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "r1_key_holder") == 0) {
if (os_strlen(pos) != 2 * FT_R1KH_ID_LEN ||
hexstr2bin(pos, bss->r1_key_holder, FT_R1KH_ID_LEN) != 0) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid r1_key_holder '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "r0_key_lifetime") == 0) {
FT: Convert r0_key_lifetime to seconds Add a new configuration option ft_r0_key_lifetime that deprecates r0_key_lifetime. Though, the old configuration is still accepted for backwards compatibility. This simplifies testing. All other items are in seconds as well. In addition, this makes dot11FTR0KeyLifetime comment match with what got standardized in the end in IEEE Std 802.11r-2008. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
7 years ago
/* DEPRECATED: Use ft_r0_key_lifetime instead. */
bss->r0_key_lifetime = atoi(pos) * 60;
} else if (os_strcmp(buf, "ft_r0_key_lifetime") == 0) {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->r0_key_lifetime = atoi(pos);
FT: Add expiration to PMK-R0 and PMK-R1 cache IEEE Std 802.11-2016, 12.7.1.7.1 indicates that the lifetime of the PMK-R0 (and PMK-R1) is bound to the lifetime of PSK or MSK from which the key was derived. This is currently stored in r0_key_lifetime, but cache entries are not actually removed. This commit uses the r0_key_lifetime configuration parameter when wpa_auth_derive_ptk_ft() is called. This may need to be extended to use the MSK lifetime, if provided by an external authentication server, with some future changes. For PSK, there is no such lifetime, but it also matters less as FT-PSK can be achieved without inter-AP communication. The expiration timeout is then passed from R0KH to R1KH. The R1KH verifies that the given timeout for sanity, it may not exceed the locally configured r1_max_key_lifetime. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
7 years ago
} else if (os_strcmp(buf, "r1_max_key_lifetime") == 0) {
bss->r1_max_key_lifetime = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "reassociation_deadline") == 0) {
bss->reassociation_deadline = atoi(pos);
FT: Add support for wildcard R0KH/R1KH Enable use of FT RRB without configuring each other AP locally. Instead, broadcast messages are exchanged to discover APs within the local network. When an R0KH or R1KH is discovered, it is cached for one day. When a station uses an invalid or offline r0kh_id, requests are always broadcast. In order to avoid this, if r0kh does not reply, a temporary blacklist entry is added to r0kh_list. To avoid blocking a valid r0kh when a non-existing pmk_r0_name is requested, r0kh is required to always reply using a NAK. Resend requests a few times to ensure blacklisting does not happen due to small packet loss. To free newly created stations later, the r*kh_list start pointer in conf needs to be updateable from wpa_auth_ft.c, where only wconf is accessed. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
7 years ago
} else if (os_strcmp(buf, "rkh_pos_timeout") == 0) {
bss->rkh_pos_timeout = atoi(pos);
} else if (os_strcmp(buf, "rkh_neg_timeout") == 0) {
bss->rkh_neg_timeout = atoi(pos);
} else if (os_strcmp(buf, "rkh_pull_timeout") == 0) {
bss->rkh_pull_timeout = atoi(pos);
} else if (os_strcmp(buf, "rkh_pull_retries") == 0) {
bss->rkh_pull_retries = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "r0kh") == 0) {
if (add_r0kh(bss, pos) < 0) {
wpa_printf(MSG_DEBUG, "Line %d: Invalid r0kh '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "r1kh") == 0) {
if (add_r1kh(bss, pos) < 0) {
wpa_printf(MSG_DEBUG, "Line %d: Invalid r1kh '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "pmk_r1_push") == 0) {
bss->pmk_r1_push = atoi(pos);
} else if (os_strcmp(buf, "ft_over_ds") == 0) {
bss->ft_over_ds = atoi(pos);
FT: Allow PMK-R0 and PMK-R1 for FT-PSK to be generated locally Station should be able to connect initially without ft_pmk_cache filled, so the target AP has the PSK available and thus the same information as the origin AP. Therefore neither caching nor communication between the APs with respect to PMK-R0 or PMK-R1 or VLANs is required if the target AP derives the required PMKs locally. This patch introduces the generation of the required PMKs locally for FT-PSK. Additionally, PMK-R0 is not stored (and thus pushed) for FT-PSK. So for FT-PSK networks, no configuration of inter-AP communication is needed anymore when using ft_psk_generate_local=1 configuration. The default behavior (ft_psk_generate_local=0) remains to use the pull/push protocol. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
8 years ago
} else if (os_strcmp(buf, "ft_psk_generate_local") == 0) {
bss->ft_psk_generate_local = atoi(pos);
FT: Complete CONFIG_IEEE80211R_AP renaming for hostapd Commit 4ec1fd8e42bad9390f14a58225b6e5f6fb691950 ('FT: Differentiate between FT for station and for AP in build') renamed all CONFIG_IEEE80211R instances within src/ap/* to CONFIG_IEEE80211R_AP, but it did not change hostapd/* files to match. While this does not cause much harm for normal use cases, this broke some test builds where wpa_supplicant build is used to build in hostapd/*.c files for analysis. Fix this by completing CONFIG_IEEE80211R_AP renaming. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
#endif /* CONFIG_IEEE80211R_AP */
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#ifndef CONFIG_NO_CTRL_IFACE
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "ctrl_interface") == 0) {
os_free(bss->ctrl_interface);
bss->ctrl_interface = os_strdup(pos);
} else if (os_strcmp(buf, "ctrl_interface_group") == 0) {
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#ifndef CONFIG_NATIVE_WINDOWS
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
struct group *grp;
char *endp;
const char *group = pos;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
grp = getgrnam(group);
if (grp) {
bss->ctrl_interface_gid = grp->gr_gid;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
bss->ctrl_interface_gid_set = 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d (from group name '%s')",
bss->ctrl_interface_gid, group);
return 0;
}
/* Group name not found - try to parse this as gid */
bss->ctrl_interface_gid = strtol(group, &endp, 10);
if (*group == '\0' || *endp != '\0') {
wpa_printf(MSG_DEBUG, "Line %d: Invalid group '%s'",
line, group);
return 1;
}
bss->ctrl_interface_gid_set = 1;
wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
bss->ctrl_interface_gid);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#endif /* CONFIG_NATIVE_WINDOWS */
#endif /* CONFIG_NO_CTRL_IFACE */
#ifdef RADIUS_SERVER
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "radius_server_clients") == 0) {
os_free(bss->radius_server_clients);
bss->radius_server_clients = os_strdup(pos);
} else if (os_strcmp(buf, "radius_server_auth_port") == 0) {
bss->radius_server_auth_port = atoi(pos);
} else if (os_strcmp(buf, "radius_server_acct_port") == 0) {
bss->radius_server_acct_port = atoi(pos);
} else if (os_strcmp(buf, "radius_server_ipv6") == 0) {
bss->radius_server_ipv6 = atoi(pos);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#endif /* RADIUS_SERVER */
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "use_pae_group_addr") == 0) {
bss->use_pae_group_addr = atoi(pos);
} else if (os_strcmp(buf, "hw_mode") == 0) {
if (os_strcmp(pos, "a") == 0)
conf->hw_mode = HOSTAPD_MODE_IEEE80211A;
else if (os_strcmp(pos, "b") == 0)
conf->hw_mode = HOSTAPD_MODE_IEEE80211B;
else if (os_strcmp(pos, "g") == 0)
conf->hw_mode = HOSTAPD_MODE_IEEE80211G;
else if (os_strcmp(pos, "ad") == 0)
conf->hw_mode = HOSTAPD_MODE_IEEE80211AD;
Extend hw_mode to support any band for offloaded ACS case When device supports dual band operations with offloaded ACS, hw_mode can now be set to any band (hw_mode=any) in order to allow ACS to select the best channel from any band. After a channel is selected, the hw_mode is updated for hostapd. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
else if (os_strcmp(pos, "any") == 0)
conf->hw_mode = HOSTAPD_MODE_IEEE80211ANY;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
else {
wpa_printf(MSG_ERROR, "Line %d: unknown hw_mode '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "wps_rf_bands") == 0) {
WPS: Add support for 60 GHz band Handling of WPS RF band for 60 GHz was missing. Add it in all relevant places and also map "AES" as the cipher to GCMP instead of CCMP when operating on the 60 GHz band. Signed-off-by: Hamad Kadmany <qca_hkadmany@qca.qualcomm.com>
9 years ago
if (os_strcmp(pos, "ad") == 0)
bss->wps_rf_bands = WPS_RF_60GHZ;
else if (os_strcmp(pos, "a") == 0)
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->wps_rf_bands = WPS_RF_50GHZ;
else if (os_strcmp(pos, "g") == 0 ||
os_strcmp(pos, "b") == 0)
bss->wps_rf_bands = WPS_RF_24GHZ;
else if (os_strcmp(pos, "ag") == 0 ||
os_strcmp(pos, "ga") == 0)
bss->wps_rf_bands = WPS_RF_24GHZ | WPS_RF_50GHZ;
else {
wpa_printf(MSG_ERROR,
"Line %d: unknown wps_rf_band '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Add a config parameter to exclude DFS channels from ACS The new acs_exclude_dfs=1 parameter can be used to request hostapd to exclude all DFS channels from ACS consideration. This is mainly of use for cases where the driver supports DFS channels, but for some reason a non-DFS channel is desired when using automatic channel selection. Previously, the chanlist parameter could have been used for this, but that required listing all the acceptable channels. The new parameter allows this to be done without such a list. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "acs_exclude_dfs") == 0) {
conf->acs_exclude_dfs = atoi(pos);
AP: Add op_class config item to specify 6 GHz channels uniquely Add hostapd config option "op_class" for fixed channel selection along with existing "channel" option. "op_class" and "channel" config options together can specify channels across 2.4 GHz, 5 GHz, and 6 GHz bands uniquely. Signed-off-by: Liangwei Dong <liangwei@codeaurora.org> Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
5 years ago
} else if (os_strcmp(buf, "op_class") == 0) {
conf->op_class = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "channel") == 0) {
if (os_strcmp(pos, "acs_survey") == 0) {
hostapd: Add Automatic Channel Selection (ACS) support This adds ACS support to hostapd. Currently only survey-based algorithm is available. To use ACS you need to enable CONFIG_ACS=y in .config and use channel=0 (or channel=acs_survey) in hostapd.conf. For more details see wiki page [1] or comments in src/ap/acs.c. [1]: http://wireless.kernel.org/en/users/Documentation/acs Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
11 years ago
#ifndef CONFIG_ACS
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR, "Line %d: tries to enable ACS but CONFIG_ACS disabled",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
ACS: Clean up ifdef CONFIG_ACS to avoid unreachable code The conf->channel assignment was unreachable if CONFIG_ACS was not defined, so move that to be under #else. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
#else /* CONFIG_ACS */
Extend offloaded ACS QCA vendor command to support VHT Update ACS driver offload feature for VHT configuration. In addition, this allows the chanlist parameter to be used to specify which channels are included as options for the offloaded ACS case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
conf->acs = 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
conf->channel = 0;
ACS: Clean up ifdef CONFIG_ACS to avoid unreachable code The conf->channel assignment was unreachable if CONFIG_ACS was not defined, so move that to be under #else. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
#endif /* CONFIG_ACS */
Extend offloaded ACS QCA vendor command to support VHT Update ACS driver offload feature for VHT configuration. In addition, this allows the chanlist parameter to be used to specify which channels are included as options for the offloaded ACS case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
} else {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
conf->channel = atoi(pos);
Extend offloaded ACS QCA vendor command to support VHT Update ACS driver offload feature for VHT configuration. In addition, this allows the chanlist parameter to be used to specify which channels are included as options for the offloaded ACS case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
conf->acs = conf->channel == 0;
}
hostapd: Add EDMG channel configuration parameters Add two new configuration parameters for hostapd: enable_edmg: Enable EDMG capability for AP mode in the 60 GHz band edmg_channel: Configure channel bonding for AP mode in the 60 GHz band Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
5 years ago
} else if (os_strcmp(buf, "edmg_channel") == 0) {
conf->edmg_channel = atoi(pos);
} else if (os_strcmp(buf, "enable_edmg") == 0) {
conf->enable_edmg = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "chanlist") == 0) {
Extend offloaded ACS QCA vendor command to support VHT Update ACS driver offload feature for VHT configuration. In addition, this allows the chanlist parameter to be used to specify which channels are included as options for the offloaded ACS case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (hostapd_parse_chanlist(conf, pos)) {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR, "Line %d: invalid channel list",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Allow ACS channel list to be configured as frequencies (in MHz) The channel numbers are duplicated between 2.4 GHz / 5 GHz bands and 6 GHz band. Hence, add support to configure a list of frequencies to ACS (freqlist) instead of a list of channel numbers (chanlist). Also, both 5 GHz and 6 GHz channels are referred by HOSTAPD_MODE_IEEE80211A. The 6 GHz channels alone can be configured by using both mode and frequency list. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
} else if (os_strcmp(buf, "freqlist") == 0) {
if (freq_range_list_parse(&conf->acs_freq_list, pos)) {
wpa_printf(MSG_ERROR, "Line %d: invalid frequency list",
line);
return 1;
}
conf->acs_freq_list_present = 1;
Allow non-PCS 6 GHz channels to be excluded from ACS Add support to exclude non-PSC 6 GHz channels from the input frequency list to ACS. The new acs_exclude_6ghz_non_psc=1 parameter can be used by 6 GHz only APs. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
} else if (os_strcmp(buf, "acs_exclude_6ghz_non_psc") == 0) {
conf->acs_exclude_6ghz_non_psc = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "beacon_int") == 0) {
int val = atoi(pos);
/* MIB defines range as 1..65535, but very small values
* cause problems with the current implementation.
* Since it is unlikely that this small numbers are
* useful in real life scenarios, do not allow beacon
hostapd: Reduce minimum beacon interval from 15 to 10 TUs Very short beacon intervals can be useful for certain scenarios such as minimising association time on PBSSs. Linux supports a minimum of 10[1] so let's reduce the minimum to match that. [1] https://elixir.bootlin.com/linux/latest/ident/cfg80211_validate_beacon_int Signed-off-by: Brendan Jackman <brendan.jackman@bluwireless.co.uk>
5 years ago
* period to be set below 10 TU. */
if (val < 10 || val > 65535) {
wpa_printf(MSG_ERROR,
"Line %d: invalid beacon_int %d (expected 10..65535)",
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
line, val);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
conf->beacon_int = val;
hostapd: Add Automatic Channel Selection (ACS) support This adds ACS support to hostapd. Currently only survey-based algorithm is available. To use ACS you need to enable CONFIG_ACS=y in .config and use channel=0 (or channel=acs_survey) in hostapd.conf. For more details see wiki page [1] or comments in src/ap/acs.c. [1]: http://wireless.kernel.org/en/users/Documentation/acs Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
11 years ago
#ifdef CONFIG_ACS
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "acs_num_scans") == 0) {
int val = atoi(pos);
if (val <= 0 || val > 100) {
wpa_printf(MSG_ERROR, "Line %d: invalid acs_num_scans %d (expected 1..100)",
line, val);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
conf->acs_num_scans = val;
ACS: Allow specific channels to be preferred The new acs_chan_bias configuration parameter is a space-separated list of <channel>:<bias> pairs. It can be used to increase (or decrease) the likelihood of a specific channel to be selected by the ACS algorithm. The total interference factor for each channel gets multiplied by the specified bias value before finding the channel with the lowest value. In other words, values between 0.0 and 1.0 can be used to make a channel more likely to be picked while values larger than 1.0 make the specified channel less likely to be picked. This can be used, e.g., to prefer the commonly used 2.4 GHz band channels 1, 6, and 11 (which is the default behavior on 2.4 GHz band if no acs_chan_bias parameter is specified). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
} else if (os_strcmp(buf, "acs_chan_bias") == 0) {
if (hostapd_config_parse_acs_chan_bias(conf, pos)) {
wpa_printf(MSG_ERROR, "Line %d: invalid acs_chan_bias",
line);
return -1;
}
hostapd: Add Automatic Channel Selection (ACS) support This adds ACS support to hostapd. Currently only survey-based algorithm is available. To use ACS you need to enable CONFIG_ACS=y in .config and use channel=0 (or channel=acs_survey) in hostapd.conf. For more details see wiki page [1] or comments in src/ap/acs.c. [1]: http://wireless.kernel.org/en/users/Documentation/acs Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
11 years ago
#endif /* CONFIG_ACS */
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "dtim_period") == 0) {
hostapd: Do not update dtim_period with invalid value Previously, the update command was rejected, but the actual value was updated. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
int val = atoi(pos);
if (val < 1 || val > 255) {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR, "Line %d: invalid dtim_period %d",
hostapd: Do not update dtim_period with invalid value Previously, the update command was rejected, but the actual value was updated. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
line, val);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
hostapd: Do not update dtim_period with invalid value Previously, the update command was rejected, but the actual value was updated. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
bss->dtim_period = val;
AP: Add support for BSS load element (STA Count, Channel Utilization) The new "bss_load_update_period" parameter can be used to configure hostapd to advertise its BSS Load element in Beacon and Probe Response frames. This parameter is in the units of BUs (Beacon Units). When enabled, the STA Count and the Channel Utilization value will be updated periodically in the BSS Load element. The AAC is set to 0 sinze explicit admission control is not supported. Channel Utilization is calculated based on the channel survey information from the driver and as such, requires a driver that supports providing that information for the current operating channel. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "bss_load_update_period") == 0) {
Fix error handling in bss_load_update_period parser Do not update the configuration parameter before having verified the value to be in the valid range. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
int val = atoi(pos);
if (val < 0 || val > 100) {
AP: Add support for BSS load element (STA Count, Channel Utilization) The new "bss_load_update_period" parameter can be used to configure hostapd to advertise its BSS Load element in Beacon and Probe Response frames. This parameter is in the units of BUs (Beacon Units). When enabled, the STA Count and the Channel Utilization value will be updated periodically in the BSS Load element. The AAC is set to 0 sinze explicit admission control is not supported. Channel Utilization is calculated based on the channel survey information from the driver and as such, requires a driver that supports providing that information for the current operating channel. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR,
"Line %d: invalid bss_load_update_period %d",
Fix error handling in bss_load_update_period parser Do not update the configuration parameter before having verified the value to be in the valid range. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
line, val);
AP: Add support for BSS load element (STA Count, Channel Utilization) The new "bss_load_update_period" parameter can be used to configure hostapd to advertise its BSS Load element in Beacon and Probe Response frames. This parameter is in the units of BUs (Beacon Units). When enabled, the STA Count and the Channel Utilization value will be updated periodically in the BSS Load element. The AAC is set to 0 sinze explicit admission control is not supported. Channel Utilization is calculated based on the channel survey information from the driver and as such, requires a driver that supports providing that information for the current operating channel. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
10 years ago
return 1;
}
Fix error handling in bss_load_update_period parser Do not update the configuration parameter before having verified the value to be in the valid range. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
bss->bss_load_update_period = val;
hostapd: Add average channel utilization in STATUS This allows external programs to get the average channel utilization. The average channel utilization is calculated and reported through STATUS command. Users need to configure chan_util_avg_period and bss_load_update_period in hostapd config to get the average channel utilization. Signed-off-by: Bhagavathi Perumal S <bperumal@qti.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "chan_util_avg_period") == 0) {
int val = atoi(pos);
if (val < 0) {
wpa_printf(MSG_ERROR,
"Line %d: invalid chan_util_avg_period",
line);
return 1;
}
bss->chan_util_avg_period = val;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "rts_threshold") == 0) {
conf->rts_threshold = atoi(pos);
Extend the range of values for the RTS threshold Since we have HT rates the maximum framesize is no longer 2346. The usual maximum size of an A-MPDU is 65535. To disable RTS, the value -1 is already internally used. Allow it in the configuration parameter. Signed-off-by: Matthias May <matthias.may@neratec.com>
9 years ago
if (conf->rts_threshold < -1 || conf->rts_threshold > 65535) {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR,
"Line %d: invalid rts_threshold %d",
line, conf->rts_threshold);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "fragm_threshold") == 0) {
conf->fragm_threshold = atoi(pos);
Allow -1 as value to disable frag_threshold To be consistent with the internal representation of how to disable framentation, allow -1 as a value to disable it in configuration. Signed-off-by: Matthias May <matthias.may@neratec.com>
9 years ago
if (conf->fragm_threshold == -1) {
/* allow a value of -1 */
} else if (conf->fragm_threshold < 256 ||
conf->fragm_threshold > 2346) {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR,
"Line %d: invalid fragm_threshold %d",
line, conf->fragm_threshold);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "send_probe_response") == 0) {
int val = atoi(pos);
if (val != 0 && val != 1) {
wpa_printf(MSG_ERROR, "Line %d: invalid send_probe_response %d (expected 0 or 1)",
line, val);
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
}
Move send_probe_response parameter to BSS specific items This can be more convenient for testing Multiple BSSID functionality. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
bss->send_probe_response = val;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "supported_rates") == 0) {
if (hostapd_parse_intlist(&conf->supported_rates, pos)) {
wpa_printf(MSG_ERROR, "Line %d: invalid rate list",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "basic_rates") == 0) {
if (hostapd_parse_intlist(&conf->basic_rates, pos)) {
wpa_printf(MSG_ERROR, "Line %d: invalid rate list",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Add support for user configurable Beacon frame data rate for AP mode Allow configuration of Beacon frame TX rate from hostapd.conf with "beacon_rate=xx" option. The following format is used to set legacy/HT/VHT beacon rates: Legacy (CCK/OFDM rates): beacon_rate=<legacy rate in 100 kbps> HT: beacon_rate=ht:<HT MCS> VHT: beacon_rate=vht:<VHT MCS> Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
} else if (os_strcmp(buf, "beacon_rate") == 0) {
int val;
if (os_strncmp(pos, "ht:", 3) == 0) {
val = atoi(pos + 3);
if (val < 0 || val > 31) {
wpa_printf(MSG_ERROR,
"Line %d: invalid beacon_rate HT-MCS %d",
line, val);
return 1;
}
conf->rate_type = BEACON_RATE_HT;
conf->beacon_rate = val;
} else if (os_strncmp(pos, "vht:", 4) == 0) {
val = atoi(pos + 4);
if (val < 0 || val > 9) {
wpa_printf(MSG_ERROR,
"Line %d: invalid beacon_rate VHT-MCS %d",
line, val);
return 1;
}
conf->rate_type = BEACON_RATE_VHT;
conf->beacon_rate = val;
Allow HE MCS rate selection for Beacon frames Allow HE MCS rate to be used for beacon transmission when the driver advertises the support. The rate is specified with a new beacon_rate option "he:<HE MCS>" in hostapd configuration. Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
4 years ago
} else if (os_strncmp(pos, "he:", 3) == 0) {
val = atoi(pos + 3);
if (val < 0 || val > 11) {
wpa_printf(MSG_ERROR,
"Line %d: invalid beacon_rate HE-MCS %d",
line, val);
return 1;
}
conf->rate_type = BEACON_RATE_HE;
conf->beacon_rate = val;
Add support for user configurable Beacon frame data rate for AP mode Allow configuration of Beacon frame TX rate from hostapd.conf with "beacon_rate=xx" option. The following format is used to set legacy/HT/VHT beacon rates: Legacy (CCK/OFDM rates): beacon_rate=<legacy rate in 100 kbps> HT: beacon_rate=ht:<HT MCS> VHT: beacon_rate=vht:<VHT MCS> Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
} else {
val = atoi(pos);
if (val < 10 || val > 10000) {
wpa_printf(MSG_ERROR,
"Line %d: invalid legacy beacon_rate %d",
line, val);
return 1;
}
conf->rate_type = BEACON_RATE_LEGACY;
conf->beacon_rate = val;
}
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "preamble") == 0) {
if (atoi(pos))
conf->preamble = SHORT_PREAMBLE;
else
conf->preamble = LONG_PREAMBLE;
} else if (os_strcmp(buf, "ignore_broadcast_ssid") == 0) {
bss->ignore_broadcast_ssid = atoi(pos);
Option to reduce Probe Response frame responses during max STA The new hostapd configuration parameter no_probe_resp_if_max_sta=1 can be used to request hostapd not to reply to broadcast Probe Request frames from unassociated STA if there is no room for additional stations (max_num_sta). This can be used to discourage a STA from trying to associate with this AP if the association would be rejected due to maximum STA limit. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
} else if (os_strcmp(buf, "no_probe_resp_if_max_sta") == 0) {
bss->no_probe_resp_if_max_sta = atoi(pos);
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#ifdef CONFIG_WEP
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "wep_default_key") == 0) {
bss->ssid.wep.idx = atoi(pos);
if (bss->ssid.wep.idx > 3) {
wpa_printf(MSG_ERROR,
"Invalid wep_default_key index %d",
bss->ssid.wep.idx);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "wep_key0") == 0 ||
os_strcmp(buf, "wep_key1") == 0 ||
os_strcmp(buf, "wep_key2") == 0 ||
os_strcmp(buf, "wep_key3") == 0) {
if (hostapd_config_read_wep(&bss->ssid.wep,
buf[7] - '0', pos)) {
wpa_printf(MSG_ERROR, "Line %d: invalid WEP key '%s'",
line, buf);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#endif /* CONFIG_WEP */
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#ifndef CONFIG_NO_VLAN
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "dynamic_vlan") == 0) {
bss->ssid.dynamic_vlan = atoi(pos);
VLAN: Add per-STA vif option This allows the stations to be assigned to their own vif. It does not need dynamic_vlan to be set. Make hostapd call ap_sta_set_vlan even if !vlan_desc.notempty, so vlan_id can be assigned regardless. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
8 years ago
} else if (os_strcmp(buf, "per_sta_vif") == 0) {
bss->ssid.per_sta_vif = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "vlan_file") == 0) {
if (hostapd_config_read_vlan_file(bss, pos)) {
wpa_printf(MSG_ERROR, "Line %d: failed to read VLAN file '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "vlan_naming") == 0) {
bss->ssid.vlan_naming = atoi(pos);
if (bss->ssid.vlan_naming >= DYNAMIC_VLAN_NAMING_END ||
bss->ssid.vlan_naming < 0) {
wpa_printf(MSG_ERROR,
"Line %d: invalid naming scheme %d",
line, bss->ssid.vlan_naming);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#ifdef CONFIG_FULL_DYNAMIC_VLAN
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "vlan_tagged_interface") == 0) {
Fix memory leaks in hostapd configuration updates Some of the allocated configuration parameter did not free the previous value if a configuration file or ctrl_iface SET command updated a previously set value. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
os_free(bss->ssid.vlan_tagged_interface);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->ssid.vlan_tagged_interface = os_strdup(pos);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#endif /* CONFIG_FULL_DYNAMIC_VLAN */
#endif /* CONFIG_NO_VLAN */
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "ap_table_max_size") == 0) {
conf->ap_table_max_size = atoi(pos);
} else if (os_strcmp(buf, "ap_table_expiration_time") == 0) {
conf->ap_table_expiration_time = atoi(pos);
} else if (os_strncmp(buf, "tx_queue_", 9) == 0) {
Move local TX queue parameter parser into a common file This allows the same implementation to be used for wpa_supplicant as well. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
if (hostapd_config_tx_queue(conf->tx_queue, buf, pos)) {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR, "Line %d: invalid TX queue item",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "wme_enabled") == 0 ||
os_strcmp(buf, "wmm_enabled") == 0) {
bss->wmm_enabled = atoi(pos);
} else if (os_strcmp(buf, "uapsd_advertisement_enabled") == 0) {
bss->wmm_uapsd = atoi(pos);
} else if (os_strncmp(buf, "wme_ac_", 7) == 0 ||
os_strncmp(buf, "wmm_ac_", 7) == 0) {
if (hostapd_config_wmm_ac(conf->wmm_ac_params, buf, pos)) {
wpa_printf(MSG_ERROR, "Line %d: invalid WMM ac item",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "bss") == 0) {
if (hostapd_config_bss(conf, pos)) {
wpa_printf(MSG_ERROR, "Line %d: invalid bss item",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "bssid") == 0) {
if (hwaddr_aton(pos, bss->bssid)) {
wpa_printf(MSG_ERROR, "Line %d: invalid bssid item",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
hostapd: Allow use of driver-generated interface addresses Add a new 'use_driver_iface_addr' configuration parameter to allow use of the default interface address generated by the driver on interface creation. This can be useful when specific MAC addresses were allocated to the device and we want to use them for multi-BSS operation. Signed-off-by: Eliad Peller <eliad@wizery.com>
8 years ago
} else if (os_strcmp(buf, "use_driver_iface_addr") == 0) {
conf->use_driver_iface_addr = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "ieee80211w") == 0) {
bss->ieee80211w = atoi(pos);
Allow management group cipher to be configured This allows hostapd to set a different management group cipher than the previously hardcoded default BIP (AES-128-CMAC). The new configuration file parameter group_mgmt_cipher can be set to BIP-GMAC-128, BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in IEEE Std 802.11ac-2013. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "group_mgmt_cipher") == 0) {
if (os_strcmp(pos, "AES-128-CMAC") == 0) {
bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
} else if (os_strcmp(pos, "BIP-GMAC-128") == 0) {
bss->group_mgmt_cipher = WPA_CIPHER_BIP_GMAC_128;
} else if (os_strcmp(pos, "BIP-GMAC-256") == 0) {
bss->group_mgmt_cipher = WPA_CIPHER_BIP_GMAC_256;
} else if (os_strcmp(pos, "BIP-CMAC-256") == 0) {
bss->group_mgmt_cipher = WPA_CIPHER_BIP_CMAC_256;
} else {
wpa_printf(MSG_ERROR, "Line %d: invalid group_mgmt_cipher: %s",
line, pos);
return 1;
}
hostapd configuration for Beacon protection Add a new hostapd configuration parameter beacon_prot=<0/1> to allow Beacon protection to be enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
} else if (os_strcmp(buf, "beacon_prot") == 0) {
bss->beacon_prot = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "assoc_sa_query_max_timeout") == 0) {
bss->assoc_sa_query_max_timeout = atoi(pos);
if (bss->assoc_sa_query_max_timeout == 0) {
wpa_printf(MSG_ERROR, "Line %d: invalid assoc_sa_query_max_timeout",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "assoc_sa_query_retry_timeout") == 0) {
bss->assoc_sa_query_retry_timeout = atoi(pos);
if (bss->assoc_sa_query_retry_timeout == 0) {
wpa_printf(MSG_ERROR, "Line %d: invalid assoc_sa_query_retry_timeout",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
OCV: Add hostapd config parameter Add hostapd.conf parameter ocv to disable or enable Operating Channel Verification (OCV) support. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
6 years ago
#ifdef CONFIG_OCV
} else if (os_strcmp(buf, "ocv") == 0) {
bss->ocv = atoi(pos);
if (bss->ocv && !bss->ieee80211w)
bss->ieee80211w = 1;
#endif /* CONFIG_OCV */
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "ieee80211n") == 0) {
conf->ieee80211n = atoi(pos);
} else if (os_strcmp(buf, "ht_capab") == 0) {
if (hostapd_config_ht_capab(conf, pos) < 0) {
wpa_printf(MSG_ERROR, "Line %d: invalid ht_capab",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "require_ht") == 0) {
conf->require_ht = atoi(pos);
} else if (os_strcmp(buf, "obss_interval") == 0) {
conf->obss_interval = atoi(pos);
hostapd: Initial IEEE 802.11ac (VHT) definitions Add IEEE 802.11ac definitions for config, IEEE structures, constants. Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
12 years ago
#ifdef CONFIG_IEEE80211AC
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "ieee80211ac") == 0) {
conf->ieee80211ac = atoi(pos);
} else if (os_strcmp(buf, "vht_capab") == 0) {
if (hostapd_config_vht_capab(conf, pos) < 0) {
wpa_printf(MSG_ERROR, "Line %d: invalid vht_capab",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "require_vht") == 0) {
conf->require_vht = atoi(pos);
} else if (os_strcmp(buf, "vht_oper_chwidth") == 0) {
conf->vht_oper_chwidth = atoi(pos);
} else if (os_strcmp(buf, "vht_oper_centr_freq_seg0_idx") == 0) {
conf->vht_oper_centr_freq_seg0_idx = atoi(pos);
} else if (os_strcmp(buf, "vht_oper_centr_freq_seg1_idx") == 0) {
conf->vht_oper_centr_freq_seg1_idx = atoi(pos);
hostapd: Add vendor specific VHT extension for the 2.4 GHz band This allows vendor specific information element to be used to advertise support for VHT on 2.4 GHz band. In practice, this is used to enable use of 256 QAM rates (VHT-MCS 8 and 9) on 2.4 GHz band. This functionality is disabled by default, but can be enabled with vendor_vht=1 parameter in hostapd.conf if the driver advertises support for VHT on either 2.4 or 5 GHz bands. Signed-off-by: Yanbo Li <yanbol@qti.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "vendor_vht") == 0) {
bss->vendor_vht = atoi(pos);
hostapd: Use stations nsts capability in (Re)Association Response frame Some deployed stations incorrectly consider nsts capability in (Re)Association Response frame as required capability instead of maximum capability and if it is greater than station's capability then beamform will not happen in uplink traffic. This commit adds support for an optional workaround to use station's nsts capability in (Re)Association Response frame if the station's nsts is less than AP by using the use_sta_nsts=1 configuration parameter. This configuration is introduced in this commit and it is disabled by default. Signed-off-by: Tamizh chelvam <c_traja@qti.qualcomm.com>
8 years ago
} else if (os_strcmp(buf, "use_sta_nsts") == 0) {
bss->use_sta_nsts = atoi(pos);
hostapd: Initial IEEE 802.11ac (VHT) definitions Add IEEE 802.11ac definitions for config, IEEE structures, constants. Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
12 years ago
#endif /* CONFIG_IEEE80211AC */
hostapd: Initial IEEE 802.11ax (HE) definitions Add IEEE 802.11ax definitions for config, IEEE structures, and constants. These are still subject to change in the IEEE process. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#ifdef CONFIG_IEEE80211AX
} else if (os_strcmp(buf, "ieee80211ax") == 0) {
conf->ieee80211ax = atoi(pos);
} else if (os_strcmp(buf, "he_su_beamformer") == 0) {
conf->he_phy_capab.he_su_beamformer = atoi(pos);
} else if (os_strcmp(buf, "he_su_beamformee") == 0) {
conf->he_phy_capab.he_su_beamformee = atoi(pos);
} else if (os_strcmp(buf, "he_mu_beamformer") == 0) {
conf->he_phy_capab.he_mu_beamformer = atoi(pos);
} else if (os_strcmp(buf, "he_bss_color") == 0) {
HE: Extend BSS color support The HE Operation field for BSS color consists of a disabled, a partial, and 6 color bits. The original commit adding support for BSS color considered this to be a u8. This commit changes this to the actual bits/values. This adds an explicit config parameter for the partial bit. The disabled is set to 0 implicitly if a bss_color is defined. Interoperability testing showed that stations will require a BSS color to be set even if the feature is disabled. Hence the default color is 1 when none is defined inside the config file. Signed-off-by: John Crispin <john@phrozen.org>
4 years ago
conf->he_op.he_bss_color = atoi(pos) & 0x3f;
conf->he_op.he_bss_color_disabled = 0;
} else if (os_strcmp(buf, "he_bss_color_partial") == 0) {
conf->he_op.he_bss_color_partial = atoi(pos);
hostapd: Initial IEEE 802.11ax (HE) definitions Add IEEE 802.11ax definitions for config, IEEE structures, and constants. These are still subject to change in the IEEE process. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "he_default_pe_duration") == 0) {
conf->he_op.he_default_pe_duration = atoi(pos);
} else if (os_strcmp(buf, "he_twt_required") == 0) {
conf->he_op.he_twt_required = atoi(pos);
AP: Add user configuration for TWT responder role Add user configuration he_twt_responder for enabling/disabling TWT responder role, in addition to checking the driver's capability. The default configuration is to enable TWT responder role when the driver supports this. Signed-off-by: Mohammad Asaad Akram <asadkrm@codeaurora.org>
3 years ago
} else if (os_strcmp(buf, "he_twt_responder") == 0) {
conf->he_op.he_twt_responder = atoi(pos);
hostapd: Initial IEEE 802.11ax (HE) definitions Add IEEE 802.11ax definitions for config, IEEE structures, and constants. These are still subject to change in the IEEE process. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "he_rts_threshold") == 0) {
conf->he_op.he_rts_threshold = atoi(pos);
HE: Option to disable HE ER SU in HE operation in AP mode Add option to disable 242-tone HE ER SU PPDU reception by the AP in HE operation IE. Signed-off-by: Shay Bar <shay.bar@celeno.com>
3 years ago
} else if (os_strcmp(buf, "he_er_su_disable") == 0) {
conf->he_op.he_er_su_disable = atoi(pos);
HE: Make the basic NSS/MCS configurable Add a config option to allow setting a custom Basic NSS/MCS set. As a default we use single stream HE-MCS 0-7. Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com> Signed-off-by: John Crispin <john@phrozen.org>
5 years ago
} else if (os_strcmp(buf, "he_basic_mcs_nss_set") == 0) {
conf->he_op.he_basic_mcs_nss_set = atoi(pos);
HE: Add MU EDCA Parameter Set element (AP) Add support for configuring parameters for the MU EDCA Parameter Set element per IEEE P802.11ax/D3.0. Signed-off-by: Siva Mullati <siva.mullati@intel.com>
5 years ago
} else if (os_strcmp(buf, "he_mu_edca_qos_info_param_count") == 0) {
conf->he_mu_edca.he_qos_info |=
set_he_cap(atoi(pos), HE_QOS_INFO_EDCA_PARAM_SET_COUNT);
} else if (os_strcmp(buf, "he_mu_edca_qos_info_q_ack") == 0) {
conf->he_mu_edca.he_qos_info |=
set_he_cap(atoi(pos), HE_QOS_INFO_Q_ACK);
} else if (os_strcmp(buf, "he_mu_edca_qos_info_queue_request") == 0) {
conf->he_mu_edca.he_qos_info |=
set_he_cap(atoi(pos), HE_QOS_INFO_QUEUE_REQUEST);
} else if (os_strcmp(buf, "he_mu_edca_qos_info_txop_request") == 0) {
conf->he_mu_edca.he_qos_info |=
set_he_cap(atoi(pos), HE_QOS_INFO_TXOP_REQUEST);
} else if (os_strcmp(buf, "he_mu_edca_ac_be_aifsn") == 0) {
conf->he_mu_edca.he_mu_ac_be_param[HE_MU_AC_PARAM_ACI_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_AIFSN);
} else if (os_strcmp(buf, "he_mu_edca_ac_be_acm") == 0) {
conf->he_mu_edca.he_mu_ac_be_param[HE_MU_AC_PARAM_ACI_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ACM);
} else if (os_strcmp(buf, "he_mu_edca_ac_be_aci") == 0) {
conf->he_mu_edca.he_mu_ac_be_param[HE_MU_AC_PARAM_ACI_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ACI);
} else if (os_strcmp(buf, "he_mu_edca_ac_be_ecwmin") == 0) {
conf->he_mu_edca.he_mu_ac_be_param[HE_MU_AC_PARAM_ECW_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ECWMIN);
} else if (os_strcmp(buf, "he_mu_edca_ac_be_ecwmax") == 0) {
conf->he_mu_edca.he_mu_ac_be_param[HE_MU_AC_PARAM_ECW_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ECWMAX);
} else if (os_strcmp(buf, "he_mu_edca_ac_be_timer") == 0) {
conf->he_mu_edca.he_mu_ac_be_param[HE_MU_AC_PARAM_TIMER_IDX] =
atoi(pos) & 0xff;
} else if (os_strcmp(buf, "he_mu_edca_ac_bk_aifsn") == 0) {
conf->he_mu_edca.he_mu_ac_bk_param[HE_MU_AC_PARAM_ACI_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_AIFSN);
} else if (os_strcmp(buf, "he_mu_edca_ac_bk_acm") == 0) {
conf->he_mu_edca.he_mu_ac_bk_param[HE_MU_AC_PARAM_ACI_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ACM);
} else if (os_strcmp(buf, "he_mu_edca_ac_bk_aci") == 0) {
conf->he_mu_edca.he_mu_ac_bk_param[HE_MU_AC_PARAM_ACI_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ACI);
} else if (os_strcmp(buf, "he_mu_edca_ac_bk_ecwmin") == 0) {
conf->he_mu_edca.he_mu_ac_bk_param[HE_MU_AC_PARAM_ECW_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ECWMIN);
} else if (os_strcmp(buf, "he_mu_edca_ac_bk_ecwmax") == 0) {
conf->he_mu_edca.he_mu_ac_bk_param[HE_MU_AC_PARAM_ECW_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ECWMAX);
} else if (os_strcmp(buf, "he_mu_edca_ac_bk_timer") == 0) {
conf->he_mu_edca.he_mu_ac_bk_param[HE_MU_AC_PARAM_TIMER_IDX] =
atoi(pos) & 0xff;
} else if (os_strcmp(buf, "he_mu_edca_ac_vi_aifsn") == 0) {
conf->he_mu_edca.he_mu_ac_vi_param[HE_MU_AC_PARAM_ACI_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_AIFSN);
} else if (os_strcmp(buf, "he_mu_edca_ac_vi_acm") == 0) {
conf->he_mu_edca.he_mu_ac_vi_param[HE_MU_AC_PARAM_ACI_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ACM);
} else if (os_strcmp(buf, "he_mu_edca_ac_vi_aci") == 0) {
conf->he_mu_edca.he_mu_ac_vi_param[HE_MU_AC_PARAM_ACI_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ACI);
} else if (os_strcmp(buf, "he_mu_edca_ac_vi_ecwmin") == 0) {
conf->he_mu_edca.he_mu_ac_vi_param[HE_MU_AC_PARAM_ECW_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ECWMIN);
} else if (os_strcmp(buf, "he_mu_edca_ac_vi_ecwmax") == 0) {
conf->he_mu_edca.he_mu_ac_vi_param[HE_MU_AC_PARAM_ECW_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ECWMAX);
} else if (os_strcmp(buf, "he_mu_edca_ac_vi_timer") == 0) {
conf->he_mu_edca.he_mu_ac_vi_param[HE_MU_AC_PARAM_TIMER_IDX] =
atoi(pos) & 0xff;
} else if (os_strcmp(buf, "he_mu_edca_ac_vo_aifsn") == 0) {
conf->he_mu_edca.he_mu_ac_vo_param[HE_MU_AC_PARAM_ACI_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_AIFSN);
} else if (os_strcmp(buf, "he_mu_edca_ac_vo_acm") == 0) {
conf->he_mu_edca.he_mu_ac_vo_param[HE_MU_AC_PARAM_ACI_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ACM);
} else if (os_strcmp(buf, "he_mu_edca_ac_vo_aci") == 0) {
conf->he_mu_edca.he_mu_ac_vo_param[HE_MU_AC_PARAM_ACI_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ACI);
} else if (os_strcmp(buf, "he_mu_edca_ac_vo_ecwmin") == 0) {
conf->he_mu_edca.he_mu_ac_vo_param[HE_MU_AC_PARAM_ECW_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ECWMIN);
} else if (os_strcmp(buf, "he_mu_edca_ac_vo_ecwmax") == 0) {
conf->he_mu_edca.he_mu_ac_vo_param[HE_MU_AC_PARAM_ECW_IDX] |=
set_he_cap(atoi(pos), HE_MU_AC_PARAM_ECWMAX);
} else if (os_strcmp(buf, "he_mu_edca_ac_vo_timer") == 0) {
conf->he_mu_edca.he_mu_ac_vo_param[HE_MU_AC_PARAM_TIMER_IDX] =
atoi(pos) & 0xff;
HE: Fix typo srp -> spr in hostapd configuration parameters The initial commit used srp instead of spr for the spatial reuse configuration prefix. Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com> Signed-off-by: John Crispin <john@phrozen.org>
5 years ago
} else if (os_strcmp(buf, "he_spr_sr_control") == 0) {
AP: Extend Spatial Reuse Parameter Set Extend SPR element to support following fields and pass all information to kernel for driver use. * Non-SRG OBSS PD Max Offset * SRG BSS Color Bitmap * SRG Partial BSSID Bitmap Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
4 years ago
conf->spr.sr_control = atoi(pos) & 0x1f;
HE: Fix typo srp -> spr in hostapd configuration parameters The initial commit used srp instead of spr for the spatial reuse configuration prefix. Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com> Signed-off-by: John Crispin <john@phrozen.org>
5 years ago
} else if (os_strcmp(buf, "he_spr_non_srg_obss_pd_max_offset") == 0) {
HE: Add Spatial Reuse Parameter Set element to the Beacon frames SPR allows us to detect OBSS overlaps and allows us to do adaptive CCA thresholds. For this to work the AP needs to broadcast the element first. Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com> Signed-off-by: John Crispin <john@phrozen.org>
5 years ago
conf->spr.non_srg_obss_pd_max_offset = atoi(pos);
HE: Fix typo srp -> spr in hostapd configuration parameters The initial commit used srp instead of spr for the spatial reuse configuration prefix. Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com> Signed-off-by: John Crispin <john@phrozen.org>
5 years ago
} else if (os_strcmp(buf, "he_spr_srg_obss_pd_min_offset") == 0) {
HE: Add Spatial Reuse Parameter Set element to the Beacon frames SPR allows us to detect OBSS overlaps and allows us to do adaptive CCA thresholds. For this to work the AP needs to broadcast the element first. Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com> Signed-off-by: John Crispin <john@phrozen.org>
5 years ago
conf->spr.srg_obss_pd_min_offset = atoi(pos);
HE: Fix typo srp -> spr in hostapd configuration parameters The initial commit used srp instead of spr for the spatial reuse configuration prefix. Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com> Signed-off-by: John Crispin <john@phrozen.org>
5 years ago
} else if (os_strcmp(buf, "he_spr_srg_obss_pd_max_offset") == 0) {
HE: Add Spatial Reuse Parameter Set element to the Beacon frames SPR allows us to detect OBSS overlaps and allows us to do adaptive CCA thresholds. For this to work the AP needs to broadcast the element first. Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com> Signed-off-by: John Crispin <john@phrozen.org>
5 years ago
conf->spr.srg_obss_pd_max_offset = atoi(pos);
AP: Extend Spatial Reuse Parameter Set Extend SPR element to support following fields and pass all information to kernel for driver use. * Non-SRG OBSS PD Max Offset * SRG BSS Color Bitmap * SRG Partial BSSID Bitmap Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
4 years ago
} else if (os_strcmp(buf, "he_spr_srg_bss_colors") == 0) {
if (hostapd_parse_he_srg_bitmap(
conf->spr.srg_bss_color_bitmap, pos)) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid srg bss colors list '%s'",
line, pos);
return 1;
}
} else if (os_strcmp(buf, "he_spr_srg_partial_bssid") == 0) {
if (hostapd_parse_he_srg_bitmap(
conf->spr.srg_partial_bssid_bitmap, pos)) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid srg partial bssid list '%s'",
line, pos);
return 1;
}
HE: Add HE channel management configuration options These are symmetric with the VHT ones. Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com> Signed-off-by: John Crispin <john@phrozen.org>
5 years ago
} else if (os_strcmp(buf, "he_oper_chwidth") == 0) {
conf->he_oper_chwidth = atoi(pos);
} else if (os_strcmp(buf, "he_oper_centr_freq_seg0_idx") == 0) {
conf->he_oper_centr_freq_seg0_idx = atoi(pos);
} else if (os_strcmp(buf, "he_oper_centr_freq_seg1_idx") == 0) {
conf->he_oper_centr_freq_seg1_idx = atoi(pos);
hostapd: Add HE 6 GHz band capability configuration Enable user to configure Maximum MPDU Length, Maximum A-MPDU Length Exponent, Rx Antenna Pattern Consistency, and Tx Antenna Pattern Consistency of 6 GHz capability through config file. Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
4 years ago
} else if (os_strcmp(buf, "he_6ghz_max_mpdu") == 0) {
conf->he_6ghz_max_mpdu = atoi(pos);
} else if (os_strcmp(buf, "he_6ghz_max_ampdu_len_exp") == 0) {
conf->he_6ghz_max_ampdu_len_exp = atoi(pos);
} else if (os_strcmp(buf, "he_6ghz_rx_ant_pat") == 0) {
conf->he_6ghz_rx_ant_pat = atoi(pos);
} else if (os_strcmp(buf, "he_6ghz_tx_ant_pat") == 0) {
conf->he_6ghz_tx_ant_pat = atoi(pos);
AP: Unsolicited broadcast Probe Response configuration Add hostapd configuration options for unsolicited broadcast Probe Response transmission for in-band discovery in 6 GHz. Maximum allowed packet interval is 20 TUs (IEEE P802.11ax/D8.0 26.17.2.3.2, AP behavior for fast passive scanning). Setting value to 0 disables the transmission. Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
4 years ago
} else if (os_strcmp(buf, "unsol_bcast_probe_resp_interval") == 0) {
int val = atoi(pos);
if (val < 0 || val > 20) {
wpa_printf(MSG_ERROR,
"Line %d: invalid unsol_bcast_probe_resp_interval value",
line);
return 1;
}
bss->unsol_bcast_probe_resp_interval = val;
hostapd: Initial IEEE 802.11ax (HE) definitions Add IEEE 802.11ax definitions for config, IEEE structures, and constants. These are still subject to change in the IEEE process. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#endif /* CONFIG_IEEE80211AX */
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "max_listen_interval") == 0) {
bss->max_listen_interval = atoi(pos);
} else if (os_strcmp(buf, "disable_pmksa_caching") == 0) {
bss->disable_pmksa_caching = atoi(pos);
} else if (os_strcmp(buf, "okc") == 0) {
bss->okc = atoi(pos);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#ifdef CONFIG_WPS
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "wps_state") == 0) {
bss->wps_state = atoi(pos);
if (bss->wps_state < 0 || bss->wps_state > 2) {
wpa_printf(MSG_ERROR, "Line %d: invalid wps_state",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "wps_independent") == 0) {
bss->wps_independent = atoi(pos);
} else if (os_strcmp(buf, "ap_setup_locked") == 0) {
bss->ap_setup_locked = atoi(pos);
} else if (os_strcmp(buf, "uuid") == 0) {
if (uuid_str2bin(pos, bss->uuid)) {
wpa_printf(MSG_ERROR, "Line %d: invalid UUID", line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "wps_pin_requests") == 0) {
os_free(bss->wps_pin_requests);
bss->wps_pin_requests = os_strdup(pos);
} else if (os_strcmp(buf, "device_name") == 0) {
Add WPS_DEV_NAME_MAX_LEN define and use it when comparing length This make code easier to understand. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (os_strlen(pos) > WPS_DEV_NAME_MAX_LEN) {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR, "Line %d: Too long "
"device_name", line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
os_free(bss->device_name);
bss->device_name = os_strdup(pos);
} else if (os_strcmp(buf, "manufacturer") == 0) {
if (os_strlen(pos) > 64) {
wpa_printf(MSG_ERROR, "Line %d: Too long manufacturer",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
os_free(bss->manufacturer);
bss->manufacturer = os_strdup(pos);
} else if (os_strcmp(buf, "model_name") == 0) {
if (os_strlen(pos) > 32) {
wpa_printf(MSG_ERROR, "Line %d: Too long model_name",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
os_free(bss->model_name);
bss->model_name = os_strdup(pos);
} else if (os_strcmp(buf, "model_number") == 0) {
if (os_strlen(pos) > 32) {
wpa_printf(MSG_ERROR, "Line %d: Too long model_number",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
os_free(bss->model_number);
bss->model_number = os_strdup(pos);
} else if (os_strcmp(buf, "serial_number") == 0) {
if (os_strlen(pos) > 32) {
wpa_printf(MSG_ERROR, "Line %d: Too long serial_number",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
os_free(bss->serial_number);
bss->serial_number = os_strdup(pos);
} else if (os_strcmp(buf, "device_type") == 0) {
if (wps_dev_type_str2bin(pos, bss->device_type))
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "config_methods") == 0) {
os_free(bss->config_methods);
bss->config_methods = os_strdup(pos);
} else if (os_strcmp(buf, "os_version") == 0) {
if (hexstr2bin(pos, bss->os_version, 4)) {
wpa_printf(MSG_ERROR, "Line %d: invalid os_version",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "ap_pin") == 0) {
os_free(bss->ap_pin);
WPS: Interpret zero length ap_pin hostapd.conf parameter as "unset" hostapd allows arbitrary AP PIN to be used in WPS. This means that setting ap_pin to a zero length string ends up enabling AP PIN so that external registrars can use this specific zero lenth ap_pin value. There are apparently some APs that have used this invalid configuration with unintended results. While the proper fix for that is to fix the component that generates the invalid configuration, hostapd can also reject such values since the likelihood of a real world use case for zero length AP PIN (Device Password) is minimal. Start interpreting zero length ap_pin parameter value as a request to "unset" the previously set value in hostapd.conf (or if not previously set, leave it unset). With this, a hostapd.conf file including the "ap_pin=" line will end up getting interpretted just like that same file with the ap_pin parameter completely removed, i.e., with AP PIN being disabled. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
if (*pos == '\0')
bss->ap_pin = NULL;
else
bss->ap_pin = os_strdup(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "skip_cred_build") == 0) {
bss->skip_cred_build = atoi(pos);
} else if (os_strcmp(buf, "extra_cred") == 0) {
os_free(bss->extra_cred);
bss->extra_cred = (u8 *) os_readfile(pos, &bss->extra_cred_len);
if (bss->extra_cred == NULL) {
wpa_printf(MSG_ERROR, "Line %d: could not read Credentials from '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "wps_cred_processing") == 0) {
bss->wps_cred_processing = atoi(pos);
WPS: Allow AP SAE configuration to be added automatically for PSK The new hostapd configuration parameter wps_cred_add_sae=1 can be used to request hostapd to add SAE configuration whenever WPS is used to configure the AP to use WPA2-PSK and the credential includes a passphrase (instead of PSK). This can be used to enable WPA3-Personal transition mode with both SAE and PSK enabled and PMF enabled for PSK and required for SAE associations. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
} else if (os_strcmp(buf, "wps_cred_add_sae") == 0) {
bss->wps_cred_add_sae = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "ap_settings") == 0) {
os_free(bss->ap_settings);
bss->ap_settings =
(u8 *) os_readfile(pos, &bss->ap_settings_len);
if (bss->ap_settings == NULL) {
wpa_printf(MSG_ERROR, "Line %d: could not read AP Settings from '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
hostapd: Support Multi-AP backhaul STA onboarding with WPS The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the WPS Registrar offers a different set of credentials (backhaul credentials instead of fronthaul credentials) when the Multi-AP subelement is present in the WFA vendor extension element of the WSC M1 message. Add new configuration options to specify the backhaul credentials for the hostapd internal registrar: multi_ap_backhaul_ssid, multi_ap_backhaul_wpa_psk, multi_ap_backhaul_wpa_passphrase. These are only relevant for a fronthaul SSID, i.e., where multi_ap is set to 2 or 3. When these options are set, pass the backhaul credentials instead of the normal credentials when the Multi-AP subelement is present. Ignore the Multi-AP subelement if the backhaul config options are not set. Note that for an SSID which is fronthaul and backhaul at the same time (i.e., multi_ap == 3), this results in the correct credentials being sent anyway. The security to be used for the backaul BSS is fixed to WPA2PSK. The Multi-AP Specification only allows Open and WPA2PSK networks to be configured. Although not stated explicitly, the backhaul link is intended to be always encrypted, hence WPA2PSK. To build the credentials, the credential-building code is essentially copied and simplified. Indeed, the backhaul credentials are always WPA2PSK and never use per-device PSK. All the options set for the fronthaul BSS WPS are simply ignored. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
5 years ago
} else if (os_strcmp(buf, "multi_ap_backhaul_ssid") == 0) {
size_t slen;
char *str = wpa_config_parse_string(pos, &slen);
if (!str || slen < 1 || slen > SSID_MAX_LEN) {
wpa_printf(MSG_ERROR, "Line %d: invalid SSID '%s'",
line, pos);
os_free(str);
return 1;
}
os_memcpy(bss->multi_ap_backhaul_ssid.ssid, str, slen);
bss->multi_ap_backhaul_ssid.ssid_len = slen;
bss->multi_ap_backhaul_ssid.ssid_set = 1;
os_free(str);
} else if (os_strcmp(buf, "multi_ap_backhaul_wpa_passphrase") == 0) {
int len = os_strlen(pos);
if (len < 8 || len > 63) {
wpa_printf(MSG_ERROR,
"Line %d: invalid WPA passphrase length %d (expected 8..63)",
line, len);
return 1;
}
os_free(bss->multi_ap_backhaul_ssid.wpa_passphrase);
bss->multi_ap_backhaul_ssid.wpa_passphrase = os_strdup(pos);
if (bss->multi_ap_backhaul_ssid.wpa_passphrase) {
hostapd_config_clear_wpa_psk(
&bss->multi_ap_backhaul_ssid.wpa_psk);
bss->multi_ap_backhaul_ssid.wpa_passphrase_set = 1;
}
} else if (os_strcmp(buf, "multi_ap_backhaul_wpa_psk") == 0) {
hostapd_config_clear_wpa_psk(
&bss->multi_ap_backhaul_ssid.wpa_psk);
bss->multi_ap_backhaul_ssid.wpa_psk =
os_zalloc(sizeof(struct hostapd_wpa_psk));
if (!bss->multi_ap_backhaul_ssid.wpa_psk)
return 1;
if (hexstr2bin(pos, bss->multi_ap_backhaul_ssid.wpa_psk->psk,
PMK_LEN) ||
pos[PMK_LEN * 2] != '\0') {
wpa_printf(MSG_ERROR, "Line %d: Invalid PSK '%s'.",
line, pos);
hostapd_config_clear_wpa_psk(
&bss->multi_ap_backhaul_ssid.wpa_psk);
return 1;
}
bss->multi_ap_backhaul_ssid.wpa_psk->group = 1;
os_free(bss->multi_ap_backhaul_ssid.wpa_passphrase);
bss->multi_ap_backhaul_ssid.wpa_passphrase = NULL;
bss->multi_ap_backhaul_ssid.wpa_psk_set = 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "upnp_iface") == 0) {
Fix memory leaks in hostapd configuration updates Some of the allocated configuration parameter did not free the previous value if a configuration file or ctrl_iface SET command updated a previously set value. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
os_free(bss->upnp_iface);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->upnp_iface = os_strdup(pos);
} else if (os_strcmp(buf, "friendly_name") == 0) {
os_free(bss->friendly_name);
bss->friendly_name = os_strdup(pos);
} else if (os_strcmp(buf, "manufacturer_url") == 0) {
os_free(bss->manufacturer_url);
bss->manufacturer_url = os_strdup(pos);
} else if (os_strcmp(buf, "model_description") == 0) {
os_free(bss->model_description);
bss->model_description = os_strdup(pos);
} else if (os_strcmp(buf, "model_url") == 0) {
os_free(bss->model_url);
bss->model_url = os_strdup(pos);
} else if (os_strcmp(buf, "upc") == 0) {
os_free(bss->upc);
bss->upc = os_strdup(pos);
} else if (os_strcmp(buf, "pbc_in_m1") == 0) {
bss->pbc_in_m1 = atoi(pos);
} else if (os_strcmp(buf, "server_id") == 0) {
os_free(bss->server_id);
bss->server_id = os_strdup(pos);
WPS: Add application extension data to WPS IE Application Extension attribute is defined in WSC tech spec v2.07 page 104. Allow hostapd to be configured to add this extension into WPS IE in Beacon and Probe Response frames. The implementation is very similar to vendor extension. A new optional entry called "wps_application_ext" is added to hostapd config file to configure this. It enodes the payload of the Application Extension attribute in hexdump format. Signed-off-by: Veli Demirel <veli.demirel@airties.com> Signed-off-by: Bilal Hatipoglu <bilal.hatipoglu@airties.com>
4 years ago
} else if (os_strcmp(buf, "wps_application_ext") == 0) {
wpabuf_free(bss->wps_application_ext);
bss->wps_application_ext = wpabuf_parse_bin(pos);
WPS: Add support for NCF password token from AP The new hostapd ctrl_iface command WPS_NFC_TOKEN can now be used to manage AP-as-Enrollee operations with NFC password token. WPS/NDEF parameters to this command can be used to generate a new NFC password token. enable/disable parameters can be used to enable/disable use of NFC password token (instead of AP PIN) for external Registrars. A preconfigured NFS password token can be used by providing its parameters with new hostapd.conf fields wps_nfc_dev_pw_id, wps_nfc_dh_pubkey, wps_nfc_dh_privkey, and wps_nfc_dev_pw. This use will also depend on WPS_NFC_TOKEN enable/disable commands, i.e., the configured NFS password token is disabled by default. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#ifdef CONFIG_WPS_NFC
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "wps_nfc_dev_pw_id") == 0) {
bss->wps_nfc_dev_pw_id = atoi(pos);
if (bss->wps_nfc_dev_pw_id < 0x10 ||
bss->wps_nfc_dev_pw_id > 0xffff) {
wpa_printf(MSG_ERROR, "Line %d: Invalid wps_nfc_dev_pw_id value",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
bss->wps_nfc_pw_from_config = 1;
} else if (os_strcmp(buf, "wps_nfc_dh_pubkey") == 0) {
wpabuf_free(bss->wps_nfc_dh_pubkey);
utils: Rename hostapd_parse_bin to wpabuf_parse_bin and move it Make the function available as part of the wpabuf API. Use this renamed function where possible. Signed-off-by: David Spinadel <david.spinadel@intel.com>
8 years ago
bss->wps_nfc_dh_pubkey = wpabuf_parse_bin(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->wps_nfc_pw_from_config = 1;
} else if (os_strcmp(buf, "wps_nfc_dh_privkey") == 0) {
wpabuf_free(bss->wps_nfc_dh_privkey);
utils: Rename hostapd_parse_bin to wpabuf_parse_bin and move it Make the function available as part of the wpabuf API. Use this renamed function where possible. Signed-off-by: David Spinadel <david.spinadel@intel.com>
8 years ago
bss->wps_nfc_dh_privkey = wpabuf_parse_bin(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->wps_nfc_pw_from_config = 1;
} else if (os_strcmp(buf, "wps_nfc_dev_pw") == 0) {
wpabuf_free(bss->wps_nfc_dev_pw);
utils: Rename hostapd_parse_bin to wpabuf_parse_bin and move it Make the function available as part of the wpabuf API. Use this renamed function where possible. Signed-off-by: David Spinadel <david.spinadel@intel.com>
8 years ago
bss->wps_nfc_dev_pw = wpabuf_parse_bin(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->wps_nfc_pw_from_config = 1;
WPS: Add support for NCF password token from AP The new hostapd ctrl_iface command WPS_NFC_TOKEN can now be used to manage AP-as-Enrollee operations with NFC password token. WPS/NDEF parameters to this command can be used to generate a new NFC password token. enable/disable parameters can be used to enable/disable use of NFC password token (instead of AP PIN) for external Registrars. A preconfigured NFS password token can be used by providing its parameters with new hostapd.conf fields wps_nfc_dev_pw_id, wps_nfc_dh_pubkey, wps_nfc_dh_privkey, and wps_nfc_dev_pw. This use will also depend on WPS_NFC_TOKEN enable/disable commands, i.e., the configured NFS password token is disabled by default. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#endif /* CONFIG_WPS_NFC */
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
#endif /* CONFIG_WPS */
P2P: Add preliminary P2P Manager AP support for hostapd
14 years ago
#ifdef CONFIG_P2P_MANAGER
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "manage_p2p") == 0) {
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (atoi(pos))
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->p2p |= P2P_MANAGE;
else
bss->p2p &= ~P2P_MANAGE;
} else if (os_strcmp(buf, "allow_cross_connection") == 0) {
if (atoi(pos))
bss->p2p |= P2P_ALLOW_CROSS_CONNECTION;
else
bss->p2p &= ~P2P_ALLOW_CROSS_CONNECTION;
P2P: Add preliminary P2P Manager AP support for hostapd
14 years ago
#endif /* CONFIG_P2P_MANAGER */
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "disassoc_low_ack") == 0) {
bss->disassoc_low_ack = atoi(pos);
} else if (os_strcmp(buf, "tdls_prohibit") == 0) {
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (atoi(pos))
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->tdls |= TDLS_PROHIBIT;
else
bss->tdls &= ~TDLS_PROHIBIT;
} else if (os_strcmp(buf, "tdls_prohibit_chan_switch") == 0) {
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (atoi(pos))
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
bss->tdls |= TDLS_PROHIBIT_CHAN_SWITCH;
else
bss->tdls &= ~TDLS_PROHIBIT_CHAN_SWITCH;
hostapd: Add testing mode for RSN element extensions CFLAGS += -DCONFIG_RSN_TESTING in .config and rsn_testing=1 in hostapd.conf can now be used to enable a testing mode that adds extensions to RSN element. This can be used to check whether station implementations are incompatible with future extensions to the RSN element.
13 years ago
#ifdef CONFIG_RSN_TESTING
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "rsn_testing") == 0) {
extern int rsn_testing;
rsn_testing = atoi(pos);
hostapd: Add testing mode for RSN element extensions CFLAGS += -DCONFIG_RSN_TESTING in .config and rsn_testing=1 in hostapd.conf can now be used to enable a testing mode that adds extensions to RSN element. This can be used to check whether station implementations are incompatible with future extensions to the RSN element.
13 years ago
#endif /* CONFIG_RSN_TESTING */
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "time_advertisement") == 0) {
bss->time_advertisement = atoi(pos);
} else if (os_strcmp(buf, "time_zone") == 0) {
size_t tz_len = os_strlen(pos);
if (tz_len < 4 || tz_len > 255) {
wpa_printf(MSG_DEBUG, "Line %d: invalid time_zone",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
os_free(bss->time_zone);
bss->time_zone = os_strdup(pos);
if (bss->time_zone == NULL)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
WNM: Differentiate between WNM for station and for AP in build Previously, CONFIG_WNM enabled build that supports WNM for both station mode and AP mode. However, in most wpa_supplicant cases only station mode WNM is required and there is no need for AP mode WNM. Add support to differentiate between station mode WNM and AP mode WNM in wpa_supplicant builds by adding CONFIG_WNM_AP that should be used when AP mode WNM support is required in addition to station mode WNM. This allows binary size to be reduced for builds that require only the station side WNM functionality. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
7 years ago
#ifdef CONFIG_WNM_AP
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "wnm_sleep_mode") == 0) {
bss->wnm_sleep_mode = atoi(pos);
AP-side workaround for WNM-Sleep Mode GTK/IGTK reinstallation issues Normally, WNM-Sleep Mode exit with management frame protection negotiated would result in the current GTK/IGTK getting added into the WNM-Sleep Mode Response frame. Some station implementations may have a vulnerability that results in GTK/IGTK reinstallation based on this frame being replayed. Add a new hostapd configuration parameter that can be used to disable that behavior and use EAPOL-Key frames for GTK/IGTK update instead. This would likely be only used with wpa_disable_eapol_key_retries=1 that enables a workaround for similar issues with EAPOL-Key. This is related to station side vulnerabilities CVE-2017-13087 and CVE-2017-13088. To enable this AP-side workaround, set wnm_sleep_mode_no_keys=1. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
} else if (os_strcmp(buf, "wnm_sleep_mode_no_keys") == 0) {
bss->wnm_sleep_mode_no_keys = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "bss_transition") == 0) {
bss->bss_transition = atoi(pos);
WNM: Differentiate between WNM for station and for AP in build Previously, CONFIG_WNM enabled build that supports WNM for both station mode and AP mode. However, in most wpa_supplicant cases only station mode WNM is required and there is no need for AP mode WNM. Add support to differentiate between station mode WNM and AP mode WNM in wpa_supplicant builds by adding CONFIG_WNM_AP that should be used when AP mode WNM support is required in addition to station mode WNM. This allows binary size to be reduced for builds that require only the station side WNM functionality. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
7 years ago
#endif /* CONFIG_WNM_AP */
IEEE 802.11u: Add configuration and advertisement for Interworking
13 years ago
#ifdef CONFIG_INTERWORKING
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "interworking") == 0) {
bss->interworking = atoi(pos);
} else if (os_strcmp(buf, "access_network_type") == 0) {
bss->access_network_type = atoi(pos);
if (bss->access_network_type < 0 ||
bss->access_network_type > 15) {
wpa_printf(MSG_ERROR,
"Line %d: invalid access_network_type",
line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "internet") == 0) {
bss->internet = atoi(pos);
} else if (os_strcmp(buf, "asra") == 0) {
bss->asra = atoi(pos);
} else if (os_strcmp(buf, "esr") == 0) {
bss->esr = atoi(pos);
} else if (os_strcmp(buf, "uesa") == 0) {
bss->uesa = atoi(pos);
} else if (os_strcmp(buf, "venue_group") == 0) {
bss->venue_group = atoi(pos);
bss->venue_info_set = 1;
} else if (os_strcmp(buf, "venue_type") == 0) {
bss->venue_type = atoi(pos);
bss->venue_info_set = 1;
} else if (os_strcmp(buf, "hessid") == 0) {
if (hwaddr_aton(pos, bss->hessid)) {
wpa_printf(MSG_ERROR, "Line %d: invalid hessid", line);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "roaming_consortium") == 0) {
if (parse_roaming_consortium(bss, pos, line) < 0)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "venue_name") == 0) {
if (parse_venue_name(bss, pos, line) < 0)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Add hostapd.conf venue_url to set Venue URL ANQP-element The new venue_url parameter can now be used to set the Venue URL ANQP information instead of having to construct the data and use anqp_elem=277:<hexdump> to set the raw value. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
} else if (os_strcmp(buf, "venue_url") == 0) {
if (parse_venue_url(bss, pos, line) < 0)
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "network_auth_type") == 0) {
u8 auth_type;
u16 redirect_url_len;
if (hexstr2bin(pos, &auth_type, 1)) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid network_auth_type '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
if (auth_type == 0 || auth_type == 2)
redirect_url_len = os_strlen(pos + 2);
else
redirect_url_len = 0;
os_free(bss->network_auth_type);
bss->network_auth_type = os_malloc(redirect_url_len + 3 + 1);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (bss->network_auth_type == NULL)
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
*bss->network_auth_type = auth_type;
WPA_PUT_LE16(bss->network_auth_type + 1, redirect_url_len);
if (redirect_url_len)
os_memcpy(bss->network_auth_type + 3, pos + 2,
redirect_url_len);
bss->network_auth_type_len = 3 + redirect_url_len;
} else if (os_strcmp(buf, "ipaddr_type_availability") == 0) {
if (hexstr2bin(pos, &bss->ipaddr_type_availability, 1)) {
wpa_printf(MSG_ERROR, "Line %d: Invalid ipaddr_type_availability '%s'",
line, pos);
bss->ipaddr_type_configured = 0;
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
bss->ipaddr_type_configured = 1;
Clean up hostapd_config_fill() parsers Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "domain_name") == 0) {
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
int j, num_domains, domain_len, domain_list_len = 0;
char *tok_start, *tok_prev;
u8 *domain_list, *domain_ptr;
Interworking: Add Domain Name element (AP) Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
domain_list_len = os_strlen(pos) + 1;
domain_list = os_malloc(domain_list_len);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (domain_list == NULL)
return 1;
Interworking: Add Domain Name element (AP) Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
domain_ptr = domain_list;
tok_prev = pos;
num_domains = 1;
while ((tok_prev = os_strchr(tok_prev, ','))) {
num_domains++;
tok_prev++;
}
tok_prev = pos;
for (j = 0; j < num_domains; j++) {
tok_start = os_strchr(tok_prev, ',');
if (tok_start) {
domain_len = tok_start - tok_prev;
*domain_ptr = domain_len;
os_memcpy(domain_ptr + 1, tok_prev, domain_len);
domain_ptr += domain_len + 1;
tok_prev = ++tok_start;
} else {
domain_len = os_strlen(tok_prev);
*domain_ptr = domain_len;
os_memcpy(domain_ptr + 1, tok_prev, domain_len);
domain_ptr += domain_len + 1;
Interworking: Add Domain Name element (AP) Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
}
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Interworking: Add Domain Name element (AP) Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
os_free(bss->domain_name);
bss->domain_name = domain_list;
bss->domain_name_len = domain_list_len;
} else if (os_strcmp(buf, "anqp_3gpp_cell_net") == 0) {
if (parse_3gpp_cell_net(bss, pos, line) < 0)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "nai_realm") == 0) {
if (parse_nai_realm(bss, pos, line) < 0)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Interworking: Add support for configuring arbitrary ANQP-elements The new hostapd configuration parameter anqp_elem can now be used to configure arbitrary ANQP-elements for the GAS/ANQP server. In addition to supporting new elements, this can be used to override previously supported elements if some special values are needed (mainly for testing purposes). The parameter uses following format: anqp_elem=<InfoID>:<hexdump of payload> For example, AP Geospatial Location ANQP-element with unknown location: anqp_elem=265:0000 and AP Civic Location ANQP-element with unknown location: anqp_elem=266:000000 Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
} else if (os_strcmp(buf, "anqp_elem") == 0) {
if (parse_anqp_elem(bss, pos, line) < 0)
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "gas_frag_limit") == 0) {
GAS: Remove unnecessarily duplicate gas_frag_limit configuration The actual BSS configuration parameter can be updated with the SET control interface command, so there is no need to maintain a separate per-BSS parameter and a separate control interface handling for this. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
int val = atoi(pos);
if (val <= 0) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid gas_frag_limit '%s'",
line, pos);
return 1;
}
bss->gas_frag_limit = val;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "gas_comeback_delay") == 0) {
bss->gas_comeback_delay = atoi(pos);
} else if (os_strcmp(buf, "qos_map_set") == 0) {
if (parse_qos_map_set(bss, pos, line) < 0)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
IEEE 802.11u: Add configuration and advertisement for Interworking
13 years ago
#endif /* CONFIG_INTERWORKING */
Add MSK dump mechanism into hostapd RADIUS server for testing Testing code can now be enabled in the hostapd RADIUS server to dump each derived MSK into a text file (e.g., to be used as an input to wlantest). This functionality is not included in the default build and can be enabled by adding the following line to hostapd/.config: CFLAGS += -DCONFIG_RADIUS_TEST The MSK dump file is specified with dump_msk_file parameter in hostapd.conf (path to the dump file). If this variable is not set, MSK dump mechanism is not enabled at run time. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
#ifdef CONFIG_RADIUS_TEST
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "dump_msk_file") == 0) {
os_free(bss->dump_msk_file);
bss->dump_msk_file = os_strdup(pos);
Add MSK dump mechanism into hostapd RADIUS server for testing Testing code can now be enabled in the hostapd RADIUS server to dump each derived MSK into a text file (e.g., to be used as an input to wlantest). This functionality is not included in the default build and can be enabled by adding the following line to hostapd/.config: CFLAGS += -DCONFIG_RADIUS_TEST The MSK dump file is specified with dump_msk_file parameter in hostapd.conf (path to the dump file). If this variable is not set, MSK dump mechanism is not enabled at run time. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
#endif /* CONFIG_RADIUS_TEST */
Use proper build config for parsing proxy_arp In the definition of struct hostapd_bss_config, proxy_arp isn't affected by the macro CONFIG_HS20. In addition, proxy_arp is not described in the section of Hotspot 2.0 in the file hostapd.conf. The item proxy_arp should be decided its action area by the macro CONFIG_PROXYARP which is used to select whether the needed function gets included in the build. Signed-off-by: Matt Woods <matt.woods@aliyun.com>
9 years ago
#ifdef CONFIG_PROXYARP
} else if (os_strcmp(buf, "proxy_arp") == 0) {
bss->proxy_arp = atoi(pos);
#endif /* CONFIG_PROXYARP */
HS 2.0: Add configuration for Hotspot 2.0 AP support Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
#ifdef CONFIG_HS20
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "hs20") == 0) {
bss->hs20 = atoi(pos);
HS 2.0: Allow Hotspot 2.0 release number to be configured The new hostapd configuration parameter hs20_release can be used to configure the AP to advertise a specific Hotspot 2.0 release number instead of the latest supported release. This is mainly for testing purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
} else if (os_strcmp(buf, "hs20_release") == 0) {
int val = atoi(pos);
if (val < 1 || val > (HS20_VERSION >> 4) + 1) {
wpa_printf(MSG_ERROR,
"Line %d: Unsupported hs20_release: %s",
line, pos);
return 1;
}
bss->hs20_release = val;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "disable_dgaf") == 0) {
bss->disable_dgaf = atoi(pos);
Make IPv6 NA multicast-to-unicast conversion configurable This can be used with Proxy ARP to allow multicast NAs to be forwarded to associated STAs using link layer unicast delivery. This used to be hardcoded to be enabled, but it is now disabled by default and can be enabled with na_mcast_to_ucast=1. This functionality may not be desired in all networks and most cases work without it, so the new default-to-disabled is more appropriate. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
} else if (os_strcmp(buf, "na_mcast_to_ucast") == 0) {
bss->na_mcast_to_ucast = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "osen") == 0) {
bss->osen = atoi(pos);
} else if (os_strcmp(buf, "anqp_domain_id") == 0) {
bss->anqp_domain_id = atoi(pos);
} else if (os_strcmp(buf, "hs20_deauth_req_timeout") == 0) {
bss->hs20_deauth_req_timeout = atoi(pos);
} else if (os_strcmp(buf, "hs20_oper_friendly_name") == 0) {
if (hs20_parse_oper_friendly_name(bss, pos, line) < 0)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "hs20_wan_metrics") == 0) {
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (hs20_parse_wan_metrics(bss, pos, line) < 0)
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "hs20_conn_capab") == 0) {
if (hs20_parse_conn_capab(bss, pos, line) < 0) {
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "hs20_operating_class") == 0) {
u8 *oper_class;
size_t oper_class_len;
oper_class_len = os_strlen(pos);
if (oper_class_len < 2 || (oper_class_len & 0x01)) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid hs20_operating_class '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
oper_class_len /= 2;
oper_class = os_malloc(oper_class_len);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (oper_class == NULL)
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (hexstr2bin(pos, oper_class, oper_class_len)) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid hs20_operating_class '%s'",
line, pos);
os_free(oper_class);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
os_free(bss->hs20_operating_class);
bss->hs20_operating_class = oper_class;
bss->hs20_operating_class_len = oper_class_len;
} else if (os_strcmp(buf, "hs20_icon") == 0) {
if (hs20_parse_icon(bss, pos) < 0) {
wpa_printf(MSG_ERROR, "Line %d: Invalid hs20_icon '%s'",
line, pos);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
} else if (os_strcmp(buf, "osu_ssid") == 0) {
if (hs20_parse_osu_ssid(bss, pos, line) < 0)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "osu_server_uri") == 0) {
if (hs20_parse_osu_server_uri(bss, pos, line) < 0)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "osu_friendly_name") == 0) {
if (hs20_parse_osu_friendly_name(bss, pos, line) < 0)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "osu_nai") == 0) {
if (hs20_parse_osu_nai(bss, pos, line) < 0)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
HS 2.0: OSU Provider NAI List advertisement Extend hostapd to allow the new OSU Provider NAI List ANQP-element to be advertised in addition to the previously used OSU Providers list ANQP-element. The new osu_nai2 configurator parameter option is used to specify the OSU_NAI value for the shared BSS (Single SSID) case while osu_nai remains to be used for the separate OSU BSS. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
} else if (os_strcmp(buf, "osu_nai2") == 0) {
if (hs20_parse_osu_nai2(bss, pos, line) < 0)
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "osu_method_list") == 0) {
if (hs20_parse_osu_method_list(bss, pos, line) < 0)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "osu_icon") == 0) {
if (hs20_parse_osu_icon(bss, pos, line) < 0)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "osu_service_desc") == 0) {
if (hs20_parse_osu_service_desc(bss, pos, line) < 0)
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
HS 2.0: Allow configuration of operator icons This extends hostapd Hotspot 2.0 implementation to allow operator icons to be made available. The existing hs20_icon parameter is used to define the icons and the new operator_icon parameter (zero or more entries) is used to specify which of the available icons are operator icons. The operator icons are advertised in the Operator Icon Metadata ANQP-element while the icon data can be fetched using the same mechanism (icon request/binary file) that was added for the OSU Providers icons. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
} else if (os_strcmp(buf, "operator_icon") == 0) {
if (hs20_parse_operator_icon(bss, pos, line) < 0)
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "subscr_remediation_url") == 0) {
os_free(bss->subscr_remediation_url);
bss->subscr_remediation_url = os_strdup(pos);
} else if (os_strcmp(buf, "subscr_remediation_method") == 0) {
bss->subscr_remediation_method = atoi(pos);
HS 2.0: Terms and Conditions attributes in Access-Request messages This extends hostapd with two new configuration parameters (hs20_t_c_filename and hs20_t_c_timestamp) that can be used to specify that the Terms and Conditions attributes are to be added into all Access-Request messages for Hotspot 2.0 STAs. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
} else if (os_strcmp(buf, "hs20_t_c_filename") == 0) {
os_free(bss->t_c_filename);
bss->t_c_filename = os_strdup(pos);
} else if (os_strcmp(buf, "hs20_t_c_timestamp") == 0) {
bss->t_c_timestamp = strtol(pos, NULL, 0);
HS 2.0: Send Terms and Conditions Acceptance notification This extends hostapd Access-Accept processing to check if the RADIUS server indicated that Terms and Conditions Acceptance is required. The new hs20_t_c_server_url parameter is used to specify the server URL template that the STA is requested to visit. This commit does not enable any kind of filtering, i.e., only the part of forwarding a request from Access-Accept to the STA using WNM-Notification is covered. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
} else if (os_strcmp(buf, "hs20_t_c_server_url") == 0) {
os_free(bss->t_c_server_url);
bss->t_c_server_url = os_strdup(pos);
HS 2.0 server: RADIUS server support for SIM provisioning This adds support for hostapd-as-RADIUS-authentication-server to request subscription remediation for SIM-based credentials. The new hostapd.conf parameter hs20_sim_provisioning_url is used to set the URL prefix for the remediation server for SIM provisioning. The random hotspot2dot0-mobile-identifier-hash value will be added to the end of this URL prefix and the same value is stored in a new SQLite database table sim_provisioning for the subscription server implementation to use. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
} else if (os_strcmp(buf, "hs20_sim_provisioning_url") == 0) {
os_free(bss->hs20_sim_provisioning_url);
bss->hs20_sim_provisioning_url = os_strdup(pos);
HS 2.0: Add configuration for Hotspot 2.0 AP support Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
#endif /* CONFIG_HS20 */
hostapd: Add MBO IE to Beacon, Probe Response, Association Response Add MBO IE with AP capability attribute to Beacon, Probe Response, and (Re)Association Response frames to indicate the AP supports MBO. Add option to add Association Disallowed attribute to Beacon, Probe Response, and (Re)Association Response frames. Usage: SET mbo_assoc_disallow <reason code> Valid reason code values are between 1-5. Setting the reason code to 0 will remove the Association Disallowed attribute from the MBO IE and will allow new associations. MBO functionality is enabled by setting "mbo=1" in the config file. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
8 years ago
#ifdef CONFIG_MBO
} else if (os_strcmp(buf, "mbo") == 0) {
bss->mbo_enabled = atoi(pos);
MBO: Add MBO ANQP-element processing on AP This extends the GAS server to process MBO ANQP-elements and reply to a query for the Cellular Data Connection Preference (if configured). The new configuration parameter mbo_cell_data_conn_pref can be used to set the value (0, 1, or 255) for the preference to indicate. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "mbo_cell_data_conn_pref") == 0) {
bss->mbo_cell_data_conn_pref = atoi(pos);
OCE: Add hostapd mode OCE capability indication if enabled Add OCE IE in Beacon, Probe Response, and (Re)Association Response frames if OCE is enabled in the configuration. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "oce") == 0) {
bss->oce = atoi(pos);
hostapd: Add MBO IE to Beacon, Probe Response, Association Response Add MBO IE with AP capability attribute to Beacon, Probe Response, and (Re)Association Response frames to indicate the AP supports MBO. Add option to add Association Disallowed attribute to Beacon, Probe Response, and (Re)Association Response frames. Usage: SET mbo_assoc_disallow <reason code> Valid reason code values are between 1-5. Setting the reason code to 0 will remove the Association Disallowed attribute from the MBO IE and will allow new associations. MBO functionality is enabled by setting "mbo=1" in the config file. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
8 years ago
#endif /* CONFIG_MBO */
hostapd: Add some testing options In order to test clients in scenarios where APs may (randomly) drop certain management frames, introduce some testing options into the hostapd configuration that can make it ignore certain frames. For now, these are probe requests, authentication and (re)association frames. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
#ifdef CONFIG_TESTING_OPTIONS
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
#define PARSE_TEST_PROBABILITY(_val) \
} else if (os_strcmp(buf, #_val) == 0) { \
char *end; \
\
conf->_val = strtod(pos, &end); \
Remove floating constant suffix 'd' from test coee clang scan-build does not seem to like the 'd' suffix on floating constants and ends up reporting analyzer failures. Since this suffix does not seem to be needed, get rid of it to clear such warnings. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
if (*end || conf->_val < 0.0 || \
conf->_val > 1.0) { \
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_printf(MSG_ERROR, \
"Line %d: Invalid value '%s'", \
line, pos); \
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1; \
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
PARSE_TEST_PROBABILITY(ignore_probe_probability)
PARSE_TEST_PROBABILITY(ignore_auth_probability)
PARSE_TEST_PROBABILITY(ignore_assoc_probability)
PARSE_TEST_PROBABILITY(ignore_reassoc_probability)
PARSE_TEST_PROBABILITY(corrupt_gtk_rekey_mic_probability)
hostapd: Add testing option to use only ECSA Some APs don't include a CSA IE when an ECSA IE is generated, and mac80211 used to fail following their channel switch. Add a testing option to hostapd to allow reproducing the behavior. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
9 years ago
} else if (os_strcmp(buf, "ecsa_ie_only") == 0) {
conf->ecsa_ie_only = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "bss_load_test") == 0) {
WPA_PUT_LE16(bss->bss_load_test, atoi(pos));
pos = os_strchr(pos, ':');
if (pos == NULL) {
wpa_printf(MSG_ERROR, "Line %d: Invalid bss_load_test",
line);
return 1;
}
pos++;
bss->bss_load_test[2] = atoi(pos);
pos = os_strchr(pos, ':');
if (pos == NULL) {
wpa_printf(MSG_ERROR, "Line %d: Invalid bss_load_test",
line);
return 1;
}
pos++;
WPA_PUT_LE16(&bss->bss_load_test[3], atoi(pos));
bss->bss_load_test_set = 1;
RRM: Add AP mode minimal advertisement support for testing The new hostapd.conf radio_measurements parameter can now be used to configure a test build to advertise support for radio measurements with neighbor report enabled. There is no real functionality that would actually process the request, i.e., this only for the purpose of minimal STA side testing for now. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
} else if (os_strcmp(buf, "radio_measurements") == 0) {
hostapd: Extend the configuration of RRM capabilities Extend the radio_measurements parameter to save all the supported RRM capabilities as it's used in RM enabled capabilities element. Make this parameter not directly configurable via config file (though, keep the radio_measurements parameter for some time for backwards compatibility). Instead, add a configuration option to enable neighbor report via radio measurements. Other features can be added later as well. Signed-off-by: David Spinadel <david.spinadel@intel.com>
8 years ago
/*
* DEPRECATED: This parameter will be removed in the future.
* Use rrm_neighbor_report instead.
*/
int val = atoi(pos);
if (val & BIT(0))
bss->radio_measurements[0] |=
WLAN_RRM_CAPS_NEIGHBOR_REPORT;
hostapd: Add testing option to override own WPA/RSN IE(s) This allows the new own_ie_override=<hexdump> configuration parameter to be used to replace the normally generated WPA/RSN IE(s) for testing purposes in CONFIG_TESTING_OPTIONS=y builds. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
} else if (os_strcmp(buf, "own_ie_override") == 0) {
struct wpabuf *tmp;
size_t len = os_strlen(pos) / 2;
tmp = wpabuf_alloc(len);
if (!tmp)
return 1;
if (hexstr2bin(pos, wpabuf_put(tmp, len), len)) {
wpabuf_free(tmp);
wpa_printf(MSG_ERROR,
"Line %d: Invalid own_ie_override '%s'",
line, pos);
return 1;
}
wpabuf_free(bss->own_ie_override);
bss->own_ie_override = tmp;
SAE: Add testing code for reflection attack Allow hostapd to be configured to perform SAE reflection attack for SAE testing purposes with sae_reflection_attack=1 configuration parameter. This is included only in CONFIG_TESTING_OPTIONS=y builds. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "sae_reflection_attack") == 0) {
bss->sae_reflection_attack = atoi(pos);
SAE-PK: Testing functionality to allow behavior overrides The new sae_commit_status and sae_pk_omit configuration parameters and an extra key at the end of sae_password pk argument can be used to override SAE-PK behavior for testing purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
} else if (os_strcmp(buf, "sae_commit_status") == 0) {
bss->sae_commit_status = atoi(pos);
} else if (os_strcmp(buf, "sae_pk_omit") == 0) {
bss->sae_pk_omit = atoi(pos);
SAE-PK: Add support to skip sae_pk password check for testing purposes Add support to skip sae_pk password check under compile flag CONFIG_TESTING_OPTIONS which allows AP to be configured with sae_pk enabled but a password that is invalid for sae_pk. Signed-off-by: Shaakir Mohamed <smohamed@codeaurora.org>
4 years ago
} else if (os_strcmp(buf, "sae_pk_password_check_skip") == 0) {
bss->sae_pk_password_check_skip = atoi(pos);
SAE: Allow commit fields to be overridden for testing purposes The new sae_commit_override=<hexdump> parameter can be used to force hostapd to override SAE commit message fields for testing purposes. This is included only in CONFIG_TESTING_OPTIONS=y builds. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "sae_commit_override") == 0) {
wpabuf_free(bss->sae_commit_override);
bss->sae_commit_override = wpabuf_parse_bin(pos);
Allow RSNE in EAPOL-Key msg 3/4 to be replaced for testing purposes The new hostapd configuration parameter rsne_override_eapol can now be used similarly to the previously added rsnxe_override_eapol to override (replace contents or remove) RSNE in EAPOL-Key msg 3/4. This can be used for station protocol testing to verify sufficient checks for RSNE modification between the Beacon/Probe Response frames and EAPOL-Key msg 3/4. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
} else if (os_strcmp(buf, "rsne_override_eapol") == 0) {
wpabuf_free(bss->rsne_override_eapol);
bss->rsne_override_eapol = wpabuf_parse_bin(pos);
SAE H2E: RSNXE override in EAPOL-Key msg 3/4 This new hostapd configuration parameter rsnxe_override_eapol=<hexdump> can be used to override RSNXE value in EAPOL-Key msg 3/4 for testing purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
} else if (os_strcmp(buf, "rsnxe_override_eapol") == 0) {
wpabuf_free(bss->rsnxe_override_eapol);
bss->rsnxe_override_eapol = wpabuf_parse_bin(pos);
Allow RSNE/RSNXE to be replaced in FT protocol Reassocation Response frame This can be used to test station side behavior for FT protocol validation steps. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
} else if (os_strcmp(buf, "rsne_override_ft") == 0) {
wpabuf_free(bss->rsne_override_ft);
bss->rsne_override_ft = wpabuf_parse_bin(pos);
} else if (os_strcmp(buf, "rsnxe_override_ft") == 0) {
wpabuf_free(bss->rsnxe_override_ft);
bss->rsnxe_override_ft = wpabuf_parse_bin(pos);
Allow testing override for GTK/IGTK RSC from AP to STA The new hostapd gtk_rsc_override and igtk_rsc_override configuration parameters can be used to set an override value for the RSC that the AP advertises for STAs for GTK/IGTK. The contents of those parameters is a hexdump of the RSC in little endian byte order. This functionality is available only in CONFIG_TESTING_OPTIONS=y builds. This can be used to verify that stations implement initial RSC configuration correctly for GTK/ and IGTK. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
} else if (os_strcmp(buf, "gtk_rsc_override") == 0) {
wpabuf_free(bss->gtk_rsc_override);
bss->gtk_rsc_override = wpabuf_parse_bin(pos);
} else if (os_strcmp(buf, "igtk_rsc_override") == 0) {
wpabuf_free(bss->igtk_rsc_override);
bss->igtk_rsc_override = wpabuf_parse_bin(pos);
Allow RSNXE to be removed from Beacon frames for testing purposes The new hostapd configuration parameter no_beacon_rsnxe=1 can be used to remove RSNXE from Beacon frames. This can be used to test protection mechanisms for downgrade attacks. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
} else if (os_strcmp(buf, "no_beacon_rsnxe") == 0) {
bss->no_beacon_rsnxe = atoi(pos);
Add a hostapd testing option for skipping association pruning The new skip_prune_assoc=1 parameter can be used to configure hostapd not to prune associations from other BSSs operated by the same process when a station associates with another BSS. This can be helpful in testing roaming cases where association and authorization state is maintained in an AP when the stations returns. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
} else if (os_strcmp(buf, "skip_prune_assoc") == 0) {
bss->skip_prune_assoc = atoi(pos);
FT: Testing override for RSNXE Used subfield in FTE (AP) Allow hostapd to be requested to override the RSNXE Used subfield in FT reassociation case for testing purposes with "ft_rsnxe_used=<0/1/2>" where 0 = no override, 1 = override to 1, and 2 = override to 0. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
} else if (os_strcmp(buf, "ft_rsnxe_used") == 0) {
bss->ft_rsnxe_used = atoi(pos);
OCV: Allow OCI channel to be overridden for testing (AP) Add hostapd configuration parameters oci_freq_override_* to allow the OCI channel information to be overridden for various frames for testing purposes. This can be set in the configuration and also updated during the runtime of a BSS. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
} else if (os_strcmp(buf, "oci_freq_override_eapol_m3") == 0) {
bss->oci_freq_override_eapol_m3 = atoi(pos);
} else if (os_strcmp(buf, "oci_freq_override_eapol_g1") == 0) {
bss->oci_freq_override_eapol_g1 = atoi(pos);
} else if (os_strcmp(buf, "oci_freq_override_saquery_req") == 0) {
bss->oci_freq_override_saquery_req = atoi(pos);
} else if (os_strcmp(buf, "oci_freq_override_saquery_resp") == 0) {
bss->oci_freq_override_saquery_resp = atoi(pos);
} else if (os_strcmp(buf, "oci_freq_override_ft_assoc") == 0) {
bss->oci_freq_override_ft_assoc = atoi(pos);
} else if (os_strcmp(buf, "oci_freq_override_fils_assoc") == 0) {
bss->oci_freq_override_fils_assoc = atoi(pos);
} else if (os_strcmp(buf, "oci_freq_override_wnm_sleep") == 0) {
bss->oci_freq_override_wnm_sleep = atoi(pos);
Parse sae_password option when CONFIG_SAE is enabled Call to parse_sae_password was incorrectly depending on CONFIG_TESTING_OPTIONS and CONFIG_SAE. Should depend only on the latter. Fixes: 2377c1caef77 ("SAE: Allow SAE password to be configured separately (AP)") Signed-off-by: Hai Shalom <haishalom@google.com>
6 years ago
#endif /* CONFIG_TESTING_OPTIONS */
SAE: Add support for using the optional Password Identifier This extends the SAE implementation in both infrastructure and mesh BSS cases to allow an optional Password Identifier to be used. This uses the mechanism added in P802.11REVmd/D1.0. The Password Identifier is configured in a wpa_supplicant network profile as a new string parameter sae_password_id. In hostapd configuration, the existing sae_password parameter has been extended to allow the password identifier (and also a peer MAC address) to be set. In addition, multiple sae_password entries can now be provided to hostapd to allow multiple per-peer and per-identifier passwords to be set. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
#ifdef CONFIG_SAE
SAE: Allow SAE password to be configured separately (AP) The new sae_password hostapd configuration parameter can now be used to set the SAE password instead of the previously used wpa_passphrase parameter. This allows shorter than 8 characters and longer than 63 characters long passwords to be used. In addition, this makes it possible to configure a BSS with both WPA-PSK and SAE enabled to use different passphrase/password based on which AKM is selected. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "sae_password") == 0) {
SAE: Add support for using the optional Password Identifier This extends the SAE implementation in both infrastructure and mesh BSS cases to allow an optional Password Identifier to be used. This uses the mechanism added in P802.11REVmd/D1.0. The Password Identifier is configured in a wpa_supplicant network profile as a new string parameter sae_password_id. In hostapd configuration, the existing sae_password parameter has been extended to allow the password identifier (and also a peer MAC address) to be set. In addition, multiple sae_password entries can now be provided to hostapd to allow multiple per-peer and per-identifier passwords to be set. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
if (parse_sae_password(bss, pos) < 0) {
wpa_printf(MSG_ERROR, "Line %d: Invalid sae_password",
line);
return 1;
}
#endif /* CONFIG_SAE */
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "vendor_elements") == 0) {
Use a shared helper function for parsing hostapd.conf IEs wpabuf_parse_bin() can be used to take care of parsing a hexstring to a wpabuf and a shared helper function can take care of clearing the previous value when empty string is used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
if (parse_wpabuf_hex(line, buf, &bss->vendor_elements, pos))
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Add assocresp_elements parameter for hostapd This new parameter allows hostapd to add Vendor Specific elements into (Re)Association Response frames similarly to the way vendor_elements parameter can be used for Beacon and Probe Response frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
} else if (os_strcmp(buf, "assocresp_elements") == 0) {
Use a shared helper function for parsing hostapd.conf IEs wpabuf_parse_bin() can be used to take care of parsing a hexstring to a wpabuf and a shared helper function can take care of clearing the previous value when empty string is used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
if (parse_wpabuf_hex(line, buf, &bss->assocresp_elements, pos))
Add assocresp_elements parameter for hostapd This new parameter allows hostapd to add Vendor Specific elements into (Re)Association Response frames similarly to the way vendor_elements parameter can be used for Beacon and Probe Response frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
return 1;
AP: Rename SAE anti clogging variables and functions PASN authentication mandates support for comeback flow, which among others can be used for anti-clogging purposes. As the SAE support for anti clogging can also be used for PASN, start modifying the source code so the anti clogging support can be used for both SAE and PASN. As a start, rename some variables/functions etc. so that they would not be SAE specific. The configuration variable is also renamed, but the old version remains available for backwards compatibility. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
3 years ago
} else if (os_strcmp(buf, "sae_anti_clogging_threshold") == 0 ||
os_strcmp(buf, "anti_clogging_threshold") == 0) {
bss->anti_clogging_threshold = atoi(pos);
SAE: Make dot11RSNASAESync configurable The new hostapd.conf parameter sae_sync (default: 5) can now be used to configure the dot11RSNASAESync value to specify the maximum number of synchronization errors that are allowed to happen prior to disassociation of the offending SAE peer. Signed-off-by: Jouni Malinen <j@w1.fi>
6 years ago
} else if (os_strcmp(buf, "sae_sync") == 0) {
bss->sae_sync = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "sae_groups") == 0) {
if (hostapd_parse_intlist(&bss->sae_groups, pos)) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid sae_groups value '%s'",
line, pos);
return 1;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
}
SAE: Add option to require MFP for SAE associations The new hostapd.conf parameter sae_require_pmf=<0/1> can now be used to enforce negotiation of MFP for all associations that negotiate use of SAE. This is used in cases where SAE-capable devices are known to be MFP-capable and the BSS is configured with optional MFP (ieee80211w=1) for legacy support. The non-SAE stations can connect without MFP while SAE stations are required to negotiate MFP if sae_require_mfp=1. Signed-off-by: Jouni Malinen <j@w1.fi>
6 years ago
} else if (os_strcmp(buf, "sae_require_mfp") == 0) {
bss->sae_require_mfp = atoi(pos);
SAE: Allow AP behavior for SAE Confirm to be configured hostapd is by default waiting STA to send SAE Confirm before sending the SAE Confirm. This can now be configured with sae_confirm_immediate=1 resulting in hostapd sending out SAE Confirm immediately after sending SAE Commit. These are the two different message sequences: sae_confirm_immediate=0 STA->AP: SAE Commit AP->STA: SAE Commit STA->AP: SAE Confirm AP->STA: SAE Confirm STA->AP: Association Request AP->STA: Association Response sae_confirm_immediate=1 STA->AP: SAE Commit AP->STA: SAE Commit AP->STA: SAE Confirm STA->AP: SAE Confirm STA->AP: Association Request AP->STA: Association Response Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
} else if (os_strcmp(buf, "sae_confirm_immediate") == 0) {
bss->sae_confirm_immediate = atoi(pos);
SAE: Add sae_pwe configuration parameter for hostapd This parameter can be used to specify which PWE derivation mechanism(s) is enabled. This commit is only introducing the new parameter; actual use of it will be address in separate commits. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
} else if (os_strcmp(buf, "sae_pwe") == 0) {
bss->sae_pwe = atoi(pos);
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (os_strcmp(buf, "local_pwr_constraint") == 0) {
int val = atoi(pos);
if (val < 0 || val > 255) {
wpa_printf(MSG_ERROR, "Line %d: Invalid local_pwr_constraint %d (expected 0..255)",
line, val);
return 1;
}
conf->local_pwr_constraint = val;
} else if (os_strcmp(buf, "spectrum_mgmt_required") == 0) {
conf->spectrum_mgmt_required = atoi(pos);
hostapd: Add wowlan_triggers config param New kernels in wiphy_suspend() will call cfg80211_leave_all() that will eventually end up in cfg80211_stop_ap() unless wowlan_triggers were set. For now, use the parameters from the station mode as-is. It may be desirable to extend (or constraint) this in the future for specific AP mode needs. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
10 years ago
} else if (os_strcmp(buf, "wowlan_triggers") == 0) {
os_free(bss->wowlan_triggers);
bss->wowlan_triggers = os_strdup(pos);
FST: hostapd configuration parameters Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
#ifdef CONFIG_FST
} else if (os_strcmp(buf, "fst_group_id") == 0) {
size_t len = os_strlen(pos);
if (!len || len >= sizeof(conf->fst_cfg.group_id)) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid fst_group_id value '%s'",
line, pos);
return 1;
}
if (conf->fst_cfg.group_id[0]) {
wpa_printf(MSG_ERROR,
"Line %d: Duplicate fst_group value '%s'",
line, pos);
return 1;
}
os_strlcpy(conf->fst_cfg.group_id, pos,
sizeof(conf->fst_cfg.group_id));
} else if (os_strcmp(buf, "fst_priority") == 0) {
char *endp;
long int val;
if (!*pos) {
wpa_printf(MSG_ERROR,
"Line %d: fst_priority value not supplied (expected 1..%u)",
line, FST_MAX_PRIO_VALUE);
return -1;
}
val = strtol(pos, &endp, 0);
if (*endp || val < 1 || val > FST_MAX_PRIO_VALUE) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid fst_priority %ld (%s) (expected 1..%u)",
line, val, pos, FST_MAX_PRIO_VALUE);
return 1;
}
conf->fst_cfg.priority = (u8) val;
} else if (os_strcmp(buf, "fst_llt") == 0) {
char *endp;
long int val;
if (!*pos) {
wpa_printf(MSG_ERROR,
"Line %d: fst_llt value not supplied (expected 1..%u)",
line, FST_MAX_LLT_MS);
return -1;
}
val = strtol(pos, &endp, 0);
FST: Fix a compiler warning FST_MAX_PRIO_VALUE is unsigned (u32) and some gcc versions warning about comparisong to long int val at least on 32-bit builds. Get rid of this warning by type casesing val to unsigned long int after having verified that it is positive. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (*endp || val < 1 ||
(unsigned long int) val > FST_MAX_LLT_MS) {
FST: hostapd configuration parameters Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
wpa_printf(MSG_ERROR,
"Line %d: Invalid fst_llt %ld (%s) (expected 1..%u)",
line, val, pos, FST_MAX_LLT_MS);
return 1;
}
conf->fst_cfg.llt = (u32) val;
#endif /* CONFIG_FST */
hostapd: Add mechanism to track unconnected stations hostapd can now be configured to track unconnected stations based on Probe Request frames seen from them. This can be used, e.g., to detect dualband capable station before they have associated. Such information could then be used to provide guidance on which colocated BSS to use in case of a dualband AP that operates concurrently on multiple bands under the control of a single hostapd process. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
} else if (os_strcmp(buf, "track_sta_max_num") == 0) {
conf->track_sta_max_num = atoi(pos);
} else if (os_strcmp(buf, "track_sta_max_age") == 0) {
conf->track_sta_max_age = atoi(pos);
Add option to ignore Probe Request frames on 2.4 GHz from dualband STA The new no_probe_resp_if_seen_on=<ifname> parameter can now be used to configure hostapd to not reply to group-addressed Probe Request from a station that was seen on another radio. This can be used with enabled track_sta_max_num configuration on another interface controlled by the same hostapd process to restrict Probe Request frame handling from replying to group-addressed Probe Request frames from a station that has been detected to be capable of operating on another band, e.g., to try to reduce likelihood of the station selecting a 2.4 GHz BSS when the AP operates both a 2.4 GHz and 5 GHz BSS concurrently. Note: Enabling this can cause connectivity issues and increase latency for discovering the AP. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
} else if (os_strcmp(buf, "no_probe_resp_if_seen_on") == 0) {
os_free(bss->no_probe_resp_if_seen_on);
bss->no_probe_resp_if_seen_on = os_strdup(pos);
Add option to reject authentication on 2.4 GHz from dualband STA The new no_auth_if_seen_on=<ifname> parameter can now be used to configure hostapd to reject authentication from a station that was seen on another radio. This can be used with enabled track_sta_max_num configuration on another interface controlled by the same hostapd process to reject authentication attempts from a station that has been detected to be capable of operating on another band, e.g., to try to reduce likelihood of the station selecting a 2.4 GHz BSS when the AP operates both a 2.4 GHz and 5 GHz BSS concurrently. Note: Enabling this can cause connectivity issues and increase latency for connecting with the AP. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
} else if (os_strcmp(buf, "no_auth_if_seen_on") == 0) {
os_free(bss->no_auth_if_seen_on);
bss->no_auth_if_seen_on = os_strdup(pos);
hostapd: Set LCI and Location Civic information in configuration Enable configuration of LCI and location civic information in hostapd.conf. Signed-off-by: David Spinadel <david.spinadel@intel.com>
8 years ago
} else if (os_strcmp(buf, "lci") == 0) {
wpabuf_free(conf->lci);
utils: Rename hostapd_parse_bin to wpabuf_parse_bin and move it Make the function available as part of the wpabuf API. Use this renamed function where possible. Signed-off-by: David Spinadel <david.spinadel@intel.com>
8 years ago
conf->lci = wpabuf_parse_bin(pos);
hostapd: Clear location configuration when it is reset In case that LCI or location civic configuration is cleared, free the buffer holding the corresponding information to avoid cases that the information is considered as valid/useful. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
8 years ago
if (conf->lci && wpabuf_len(conf->lci) == 0) {
wpabuf_free(conf->lci);
conf->lci = NULL;
}
hostapd: Set LCI and Location Civic information in configuration Enable configuration of LCI and location civic information in hostapd.conf. Signed-off-by: David Spinadel <david.spinadel@intel.com>
8 years ago
} else if (os_strcmp(buf, "civic") == 0) {
wpabuf_free(conf->civic);
utils: Rename hostapd_parse_bin to wpabuf_parse_bin and move it Make the function available as part of the wpabuf API. Use this renamed function where possible. Signed-off-by: David Spinadel <david.spinadel@intel.com>
8 years ago
conf->civic = wpabuf_parse_bin(pos);
hostapd: Clear location configuration when it is reset In case that LCI or location civic configuration is cleared, free the buffer holding the corresponding information to avoid cases that the information is considered as valid/useful. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
8 years ago
if (conf->civic && wpabuf_len(conf->civic) == 0) {
wpabuf_free(conf->civic);
conf->civic = NULL;
}
hostapd: Extend the configuration of RRM capabilities Extend the radio_measurements parameter to save all the supported RRM capabilities as it's used in RM enabled capabilities element. Make this parameter not directly configurable via config file (though, keep the radio_measurements parameter for some time for backwards compatibility). Instead, add a configuration option to enable neighbor report via radio measurements. Other features can be added later as well. Signed-off-by: David Spinadel <david.spinadel@intel.com>
8 years ago
} else if (os_strcmp(buf, "rrm_neighbor_report") == 0) {
if (atoi(pos))
bss->radio_measurements[0] |=
WLAN_RRM_CAPS_NEIGHBOR_REPORT;
Add hostapd configuration parameter rrm_beacon_report rrm_beacon_report=1 can now be used to make hostapd advertise capability for beacon reports (passive, active, table). Actual mechanism for sending out beacon requests will be added in separate commits. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
} else if (os_strcmp(buf, "rrm_beacon_report") == 0) {
if (atoi(pos))
bss->radio_measurements[0] |=
WLAN_RRM_CAPS_BEACON_REPORT_PASSIVE |
WLAN_RRM_CAPS_BEACON_REPORT_ACTIVE |
WLAN_RRM_CAPS_BEACON_REPORT_TABLE;
hostapd Make GAS Address3 field selection behavior configurable gas_address3=1 can now be used to force hostapd to use the IEEE 802.11 standards compliant Address 3 field value (Wildcard BSSID when not associated) even if the GAS request uses non-compliant address (AP BSSID). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
} else if (os_strcmp(buf, "gas_address3") == 0) {
bss->gas_address3 = atoi(pos);
hostapd: Add a configuration to set an AP as stationary Add a configuration option in hostapd.conf and in neighbor report that sets an AP as stationary. To enable this option on the current AP set the config option stationary_ap to 1. To set a neighbor entry to be marked as stationary add the word stat to the SET_NEIGHBOR command. This option tells hostapd to send LCI data even if it is older than requested by max age subelement in RRM request. Signed-off-by: David Spinadel <david.spinadel@intel.com>
8 years ago
} else if (os_strcmp(buf, "stationary_ap") == 0) {
conf->stationary_ap = atoi(pos);
hostapd: Allow FTM functionality to be published Add configuration options that control publishing of fine timing measurement (FTM) responder and initiator functionality via bits 70, 71 of Extended Capabilities element. Typically, FTM functionality is controlled by a location framework outside hostapd. When framework is activated, it will use hostapd to configure the AP to publish the FTM functionality. See IEEE P802.11-REVmc/D7.0, 9.4.2.27. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
8 years ago
} else if (os_strcmp(buf, "ftm_responder") == 0) {
bss->ftm_responder = atoi(pos);
} else if (os_strcmp(buf, "ftm_initiator") == 0) {
bss->ftm_initiator = atoi(pos);
FILS: Add hostapd configuration options This adds CONFIG_FILS=y build configuration option and new key management options for FILS authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
#ifdef CONFIG_FILS
} else if (os_strcmp(buf, "fils_cache_id") == 0) {
if (hexstr2bin(pos, bss->fils_cache_id, FILS_CACHE_ID_LEN)) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid fils_cache_id '%s'",
line, pos);
return 1;
}
bss->fils_cache_id_set = 1;
FILS: Separate FILS realm configuration from ERP domain The new hostapd configuration parameter fils_realm=<realm> can now be used to configure one or more FILS realms to advertise for ERP domains when using FILS. This replaces the use of erp_domain=<domain> parameter for the FILS use case. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
} else if (os_strcmp(buf, "fils_realm") == 0) {
if (parse_fils_realm(bss, pos) < 0)
return 1;
FILS: Add FILS SK auth PFS support in AP mode This adds an option to configure hostapd to enable use of perfect forward secrecy option in FILS shared key authentication. A new build option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A new runtime configuration parameter fils_dh_group is used to enable this by specifying which DH group to use. For example, fils_dh_group=19 would allow FILS SK PFS to be used with a 256-bit random ECP group. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
} else if (os_strcmp(buf, "fils_dh_group") == 0) {
bss->fils_dh_group = atoi(pos);
FILS: DHCP relay for HLP requests The new dhcp_server configuration parameter can now be used to configure hostapd to act as a DHCP relay for DHCPDISCOVER messages received as FILS HLP requests. The dhcp_rapid_commit_proxy=1 parameter can be used to configure hostapd to convert 4 message DHCP exchange into a 2 message exchange in case the DHCP server does not support DHCP rapid commit option. The fils_hlp_wait_time parameter can be used to set the time hostapd waits for an HLP response. This matches the dot11HLPWaitTime in IEEE Std 802.11ai-2016. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "dhcp_server") == 0) {
if (hostapd_parse_ip_addr(pos, &bss->dhcp_server)) {
wpa_printf(MSG_ERROR,
"Line %d: invalid IP address '%s'",
line, pos);
return 1;
}
} else if (os_strcmp(buf, "dhcp_rapid_commit_proxy") == 0) {
bss->dhcp_rapid_commit_proxy = atoi(pos);
} else if (os_strcmp(buf, "fils_hlp_wait_time") == 0) {
bss->fils_hlp_wait_time = atoi(pos);
} else if (os_strcmp(buf, "dhcp_server_port") == 0) {
bss->dhcp_server_port = atoi(pos);
} else if (os_strcmp(buf, "dhcp_relay_port") == 0) {
bss->dhcp_relay_port = atoi(pos);
FILS: Add generation of FILS Discovery frame template Add hostapd configuration parameters for FILS Discovery frame transmission interval and prepare a template for FILS Discovery frame for the driver interface. The actual driver interface changes are not included in this commit. Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
3 years ago
} else if (os_strcmp(buf, "fils_discovery_min_interval") == 0) {
bss->fils_discovery_min_int = atoi(pos);
} else if (os_strcmp(buf, "fils_discovery_max_interval") == 0) {
bss->fils_discovery_max_int = atoi(pos);
FILS: Add hostapd configuration options This adds CONFIG_FILS=y build configuration option and new key management options for FILS authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
#endif /* CONFIG_FILS */
Add multicast to unicast support This adds support for nl80211 NL80211_CMD_SET_MULTICAST_TO_UNICAST command. By setting the new hostapd configuration option multicast_to_unicast=1, hostapd configures this AP to perform multicast to unicast conversion. When enabled, all multicast packets with ethertype ARP, IPv4, or IPv6 (possibly within an 802.1Q header) will be sent out to each station once with the destination (multicast) MAC address replaced by the station's MAC address. Note that this may break certain expectations of the receiver, e.g., the ability to drop unicast IP packets encapsulated in multicast L2 frames, or the ability to not send destination unreachable messages in such cases. This also does not implement Directed Multicast Service (DMS). Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
8 years ago
} else if (os_strcmp(buf, "multicast_to_unicast") == 0) {
bss->multicast_to_unicast = atoi(pos);
Add option to disable broadcast deauth in hostapd on AP start/stop The new broadcast_deauth parameter can be used to disable sending of the Deauthentication frame whenever AP is started or stopped. The default behavior remains identical to the past behavior (broadcast_deauth=1). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "broadcast_deauth") == 0) {
bss->broadcast_deauth = atoi(pos);
hostapd: Add an option to notify management frames on ctrl_iface In some contexts (e.g., Multi-AP) it can be useful to have access to some of the management frames in upper layers (e.g., to be able to process the content of association requests externally). Add 'notify_mgmt_frames'. When enabled, it will notify the ctrl_iface when a management frame arrives using the AP-MGMT-FRAME-RECEIVED event message. Note that to avoid completely flooding the ctrl_iface, not all management frames are included (e.g., Beacon and Probe Request frames are excluded). Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
4 years ago
} else if (os_strcmp(buf, "notify_mgmt_frames") == 0) {
bss->notify_mgmt_frames = atoi(pos);
DPP: AP parameters for DPP AKM Extend hostapd configuration to include parameters needed for the DPP AKM: dpp_connector, dpp_netaccesskey, dpp_netaccesskey_expiry, dpp_csign, dpp_csign_expiry. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#ifdef CONFIG_DPP
DPP: Allow name and mudurl to be configured for Config Request The new hostapd and wpa_supplicant configuration parameters dpp_name and dpp_mud_url can now be used to set a specific name and MUD URL for the Enrollee to use in the Configuration Request. dpp_name replaces the previously hardcoded "Test" string (which is still the default if an explicit configuration entry is not included). dpp_mud_url can optionally be used to add a MUD URL to describe the Enrollee device. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
} else if (os_strcmp(buf, "dpp_name") == 0) {
os_free(bss->dpp_name);
bss->dpp_name = os_strdup(pos);
} else if (os_strcmp(buf, "dpp_mud_url") == 0) {
os_free(bss->dpp_mud_url);
bss->dpp_mud_url = os_strdup(pos);
DPP: AP parameters for DPP AKM Extend hostapd configuration to include parameters needed for the DPP AKM: dpp_connector, dpp_netaccesskey, dpp_netaccesskey_expiry, dpp_csign, dpp_csign_expiry. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "dpp_connector") == 0) {
os_free(bss->dpp_connector);
bss->dpp_connector = os_strdup(pos);
} else if (os_strcmp(buf, "dpp_netaccesskey") == 0) {
if (parse_wpabuf_hex(line, buf, &bss->dpp_netaccesskey, pos))
return 1;
} else if (os_strcmp(buf, "dpp_netaccesskey_expiry") == 0) {
bss->dpp_netaccesskey_expiry = strtol(pos, NULL, 0);
} else if (os_strcmp(buf, "dpp_csign") == 0) {
if (parse_wpabuf_hex(line, buf, &bss->dpp_csign, pos))
return 1;
DPP2: hostapd as TCP Relay The new hostapd configuration parameter dpp_controller can now be used with the following subparameter values: ipaddr=<IP address> pkhash=<hexdump>. This adds a new Controller into the configuration (i.e., more than one can be configured) and all incoming DPP exchanges that match the specified Controller public key hash are relayed to the particular Controller. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
#ifdef CONFIG_DPP2
} else if (os_strcmp(buf, "dpp_controller") == 0) {
if (hostapd_dpp_controller_parse(bss, pos))
return 1;
DPP2: Configurator Connectivity indication Add a new hostapd configuration parameter dpp_configurator_connectivity=1 to request Configurator connectivity to be advertised for chirping Enrollees. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
} else if (os_strcmp(buf, "dpp_configurator_connectivity") == 0) {
bss->dpp_configurator_connectivity = atoi(pos);
DPP2: Allow AP to require or reject PFS The new hostapd configuration parameter dpp_pfs can be used to specify how PFS is applied to associations. The default behavior (dpp_pfs=0) remains same as it was previously, i.e., allow the station to decide whether to use PFS. PFS use can now be required (dpp_pfs=1) or rejected (dpp_pfs=2). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
} else if (os_strcmp(buf, "dpp_pfs") == 0) {
int val = atoi(pos);
if (val < 0 || val > 2) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid dpp_pfs value '%s'",
line, pos);
return -1;
}
bss->dpp_pfs = val;
DPP2: hostapd as TCP Relay The new hostapd configuration parameter dpp_controller can now be used with the following subparameter values: ipaddr=<IP address> pkhash=<hexdump>. This adds a new Controller into the configuration (i.e., more than one can be configured) and all incoming DPP exchanges that match the specified Controller public key hash are relayed to the particular Controller. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
#endif /* CONFIG_DPP2 */
DPP: AP parameters for DPP AKM Extend hostapd configuration to include parameters needed for the DPP AKM: dpp_connector, dpp_netaccesskey, dpp_netaccesskey_expiry, dpp_csign, dpp_csign_expiry. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#endif /* CONFIG_DPP */
OWE: Add AP support for transition mode The new owe_transition_bssid and owe_transition_ssid parameters can be used to configure hostapd to advertise the OWE Transition Mode element. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#ifdef CONFIG_OWE
} else if (os_strcmp(buf, "owe_transition_bssid") == 0) {
if (hwaddr_aton(pos, bss->owe_transition_bssid)) {
wpa_printf(MSG_ERROR,
"Line %d: invalid owe_transition_bssid",
line);
return 1;
}
} else if (os_strcmp(buf, "owe_transition_ssid") == 0) {
size_t slen;
char *str = wpa_config_parse_string(pos, &slen);
if (!str || slen < 1 || slen > SSID_MAX_LEN) {
wpa_printf(MSG_ERROR, "Line %d: invalid SSID '%s'",
line, pos);
os_free(str);
return 1;
}
os_memcpy(bss->owe_transition_ssid, str, slen);
bss->owe_transition_ssid_len = slen;
os_free(str);
OWE: Transition mode information based on BSS ifname The owe_transition_bssid and owe_transition_ssid parameters can now be replace with owe_transition_ifname to clone the BSSID/SSID information automatically in case the same hostapd process manages both the OWE and open BSS for transition mode. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "owe_transition_ifname") == 0) {
os_strlcpy(bss->owe_transition_ifname, pos,
sizeof(bss->owe_transition_ifname));
OWE: Allow set of enabled DH groups to be limited on AP The new hostapd configuration parameter owe_groups can be used to specify a subset of the allowed DH groups as a space separated list of group identifiers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
} else if (os_strcmp(buf, "owe_groups") == 0) {
if (hostapd_parse_intlist(&bss->owe_groups, pos)) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid owe_groups value '%s'",
line, pos);
return 1;
}
OWE: PTK derivation workaround in AP mode Initial OWE implementation used SHA256 when deriving the PTK for all OWE groups. This was supposed to change to SHA384 for group 20 and SHA512 for group 21. The new owe_ptk_workaround parameter can be used to enable workaround for interoperability with stations that use SHA256 with groups 20 and 21. By default, only the appropriate hash function is accepted. When workaround is enabled (owe_ptk_workaround=1), the appropriate hash function is tried first and if that fails, SHA256-based PTK derivation is attempted. This workaround can result in reduced security for groups 20 and 21, but is required for interoperability with older implementations. There is no impact to group 19 behavior. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
} else if (os_strcmp(buf, "owe_ptk_workaround") == 0) {
bss->owe_ptk_workaround = atoi(pos);
Fix coloc_intf_reporting config param in hostapd in non-OWE builds This has nothing to do with OWE and parsing of this value was not supposed to be within an ifdef CONFIG_OWE block. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
#endif /* CONFIG_OWE */
WNM: Collocated Interference Reporting Add support for negotiating WNM Collocated Interference Reporting. This allows hostapd to request associated STAs to report their collocated interference information and wpa_supplicant to process such request and reporting. The actual values (Collocated Interference Report Elements) are out of scope of hostapd and wpa_supplicant, i.e., external components are expected to generated and process these. For hostapd/AP, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration. STAs are requested to perform reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report Timeout>" control interface command. The received reports are indicated as control interface events "COLOC-INTF-REPORT <addr> <dialog token> <hexdump of report elements>". For wpa_supplicant/STA, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration and setting Collocated Interference Report Elements as a hexdump with "SET coloc_intf_elems <hexdump>" control interface command. The hexdump can contain one or more Collocated Interference Report Elements (each including the information element header). For additional testing purposes, received requests are reported with "COLOC-INTF-REQ <dialog token> <automatic report enabled> <report timeout>" control interface events and unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>". This commit adds support for reporting changes in the collocated interference (Automatic Report Enabled == 1 and partial 3), but not for periodic reports (2 and other part of 3). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
} else if (os_strcmp(buf, "coloc_intf_reporting") == 0) {
bss->coloc_intf_reporting = atoi(pos);
hostapd: Add Multi-AP protocol support The purpose of Multi-AP specification is to enable inter-operability across Wi-Fi access points (APs) from different vendors. This patch introduces one new configuration parameter 'multi_ap' to enable Multi-AP functionality and to configure the BSS as a backhaul and/or fronthaul BSS. Advertise vendor specific Multi-AP capabilities in (Re)Association Response frame, if Multi-AP functionality is enabled through the configuration parameter. A backhaul AP must support receiving both 3addr and 4addr frames from a backhaul STA, so create a VLAN for it just like is done for WDS, i.e., by calling hostapd_set_wds_sta(). Since Multi-AP requires WPA2 (never WEP), we can safely call hostapd_set_wds_encryption() as well and we can reuse the entire WDS condition. To parse the Multi-AP Extension subelement, we use get_ie(): even though that function is meant for parsing IEs, it works for subelements. Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years ago
} else if (os_strcmp(buf, "multi_ap") == 0) {
int val = atoi(pos);
if (val < 0 || val > 3) {
wpa_printf(MSG_ERROR, "Line %d: Invalid multi_ap '%s'",
line, buf);
return -1;
}
bss->multi_ap = val;
OCE: Add RSSI based association rejection support (AP) An AP might reject a STA association request due to low RSSI. In such case, the AP informs the STA the desired RSSI improvement and a retry timeout. The STA might retry to associate even if the RSSI hasn't improved if the retry timeout expired. Signed-off-by: Beni Lev <beni.lev@intel.com>
7 years ago
} else if (os_strcmp(buf, "rssi_reject_assoc_rssi") == 0) {
conf->rssi_reject_assoc_rssi = atoi(pos);
} else if (os_strcmp(buf, "rssi_reject_assoc_timeout") == 0) {
conf->rssi_reject_assoc_timeout = atoi(pos);
Add option to ignore Probe Request frames when RSSI is too low Add a new hostapd configuration parameters rssi_ignore_probe_request to ignore Probe Request frames received with too low RSSI. Signed-off-by: John Crispin <john@phrozen.org>
4 years ago
} else if (os_strcmp(buf, "rssi_ignore_probe_request") == 0) {
conf->rssi_ignore_probe_request = atoi(pos);
hostapd: Add support for setting pbss option from config file There is currently no support for setting hostapd_bss_config.pbss from a config file, i.e., it was used only based on automatic logic in wpa_supplicant. This patch adds a key naturally called "pbss" which can be used to set it. Cc: Antony King <antony.king@bluwirelesstechnology.com> Signed-off-by: Brendan Jackman <brendan.jackman@bluwirelesstechnology.com>
5 years ago
} else if (os_strcmp(buf, "pbss") == 0) {
bss->pbss = atoi(pos);
Allow hostapd AP to advertise Transition Disable KDE The new hostapd configuration parameter transition_disable can now be used to configure the AP to advertise that use of a transition mode is disabled. This allows stations to automatically disable transition mode by disabling less secure network profile parameters. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
} else if (os_strcmp(buf, "transition_disable") == 0) {
bss->transition_disable = strtol(pos, NULL, 16);
hostapd: Add airtime policy configuration support This adds support to hostapd for configuring airtime policy settings for stations as they connect to the access point. This is the userspace component of the airtime policy enforcement system PoliFi described in this paper: https://arxiv.org/abs/1902.03439 The Linux kernel part has been merged into mac80211 for the 5.1 dev cycle. The configuration mechanism has three modes: Static, dynamic and limit. In static mode, weights can be set in the configuration file for individual MAC addresses, which will be applied when the configured stations connect. In dynamic mode, weights are instead set per BSS, which will be scaled by the number of active stations on that BSS, achieving the desired aggregate weighing between the configured BSSes. Limit mode works like dynamic mode, except that any BSS *not* marked as 'limited' is allowed to exceed its configured share if a per-station fairness share would assign more airtime to that BSS. See the paper for details on these modes. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
5 years ago
#ifdef CONFIG_AIRTIME_POLICY
} else if (os_strcmp(buf, "airtime_mode") == 0) {
int val = atoi(pos);
if (val < 0 || val > AIRTIME_MODE_MAX) {
wpa_printf(MSG_ERROR, "Line %d: Unknown airtime_mode",
line);
return 1;
}
conf->airtime_mode = val;
} else if (os_strcmp(buf, "airtime_update_interval") == 0) {
conf->airtime_update_interval = atoi(pos);
} else if (os_strcmp(buf, "airtime_bss_weight") == 0) {
bss->airtime_weight = atoi(pos);
} else if (os_strcmp(buf, "airtime_bss_limit") == 0) {
int val = atoi(pos);
if (val < 0 || val > 1) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid airtime_bss_limit (must be 0 or 1)",
line);
return 1;
}
bss->airtime_limit = val;
} else if (os_strcmp(buf, "airtime_sta_weight") == 0) {
if (add_airtime_weight(bss, pos) < 0) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid airtime weight '%s'",
line, pos);
return 1;
}
#endif /* CONFIG_AIRTIME_POLICY */
macsec: Add configuration parameters for hostapd Signed-off-by: leiwei <leiwei@codeaurora.org>
5 years ago
#ifdef CONFIG_MACSEC
} else if (os_strcmp(buf, "macsec_policy") == 0) {
int macsec_policy = atoi(pos);
if (macsec_policy < 0 || macsec_policy > 1) {
wpa_printf(MSG_ERROR,
"Line %d: invalid macsec_policy (%d): '%s'.",
line, macsec_policy, pos);
return 1;
}
bss->macsec_policy = macsec_policy;
} else if (os_strcmp(buf, "macsec_integ_only") == 0) {
int macsec_integ_only = atoi(pos);
if (macsec_integ_only < 0 || macsec_integ_only > 1) {
wpa_printf(MSG_ERROR,
"Line %d: invalid macsec_integ_only (%d): '%s'.",
line, macsec_integ_only, pos);
return 1;
}
bss->macsec_integ_only = macsec_integ_only;
} else if (os_strcmp(buf, "macsec_replay_protect") == 0) {
int macsec_replay_protect = atoi(pos);
if (macsec_replay_protect < 0 || macsec_replay_protect > 1) {
wpa_printf(MSG_ERROR,
"Line %d: invalid macsec_replay_protect (%d): '%s'.",
line, macsec_replay_protect, pos);
return 1;
}
bss->macsec_replay_protect = macsec_replay_protect;
} else if (os_strcmp(buf, "macsec_replay_window") == 0) {
bss->macsec_replay_window = atoi(pos);
} else if (os_strcmp(buf, "macsec_port") == 0) {
int macsec_port = atoi(pos);
if (macsec_port < 1 || macsec_port > 65534) {
wpa_printf(MSG_ERROR,
"Line %d: invalid macsec_port (%d): '%s'.",
line, macsec_port, pos);
return 1;
}
bss->macsec_port = macsec_port;
} else if (os_strcmp(buf, "mka_priority") == 0) {
int mka_priority = atoi(pos);
if (mka_priority < 0 || mka_priority > 255) {
wpa_printf(MSG_ERROR,
"Line %d: invalid mka_priority (%d): '%s'.",
line, mka_priority, pos);
return 1;
}
bss->mka_priority = mka_priority;
} else if (os_strcmp(buf, "mka_cak") == 0) {
size_t len = os_strlen(pos);
if (len > 2 * MACSEC_CAK_MAX_LEN ||
(len != 2 * 16 && len != 2 * 32) ||
hexstr2bin(pos, bss->mka_cak, len / 2)) {
wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CAK '%s'.",
line, pos);
return 1;
}
bss->mka_cak_len = len / 2;
bss->mka_psk_set |= MKA_PSK_SET_CAK;
} else if (os_strcmp(buf, "mka_ckn") == 0) {
size_t len = os_strlen(pos);
if (len > 2 * MACSEC_CKN_MAX_LEN || /* too long */
len < 2 || /* too short */
len % 2 != 0 /* not an integral number of bytes */) {
wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CKN '%s'.",
line, pos);
return 1;
}
bss->mka_ckn_len = len / 2;
if (hexstr2bin(pos, bss->mka_ckn, bss->mka_ckn_len)) {
wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CKN '%s'.",
line, pos);
return -1;
}
bss->mka_psk_set |= MKA_PSK_SET_CKN;
#endif /* CONFIG_MACSEC */
hostapd: Add ability to disable HT/VHT/HE per BSS Add the ability to disable HT/VHT/HE for specific BSS from hostapd.conf. - Add disable_11ax boolean to hostapd_bss_config. - Change disable_11n and disable_11ac to bool in hostapd_bss_config. - Add configuration option to set these disable_11* parameters (which were previously used only automatically based on incompatible security parameters to disable HT/VHT). Signed-off-by: Shay Bar <shay.bar@celeno.com>
4 years ago
} else if (os_strcmp(buf, "disable_11n") == 0) {
bss->disable_11n = !!atoi(pos);
} else if (os_strcmp(buf, "disable_11ac") == 0) {
bss->disable_11ac = !!atoi(pos);
} else if (os_strcmp(buf, "disable_11ax") == 0) {
bss->disable_11ax = !!atoi(pos);
WPA: Extend the wpa_pmk_to_ptk() function to also derive KDK Extend the wpa_pmk_to_ptk() to also derive Key Derivation Key (KDK), which can later be used for secure LTF measurements. Update the wpa_supplicant and hostapd configuration and the corresponding WPA and WPA Auth state machine, to allow enabling of KDK derivation. For now, use a testing parameter to control whether KDK is derived. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
3 years ago
#ifdef CONFIG_PASN
#ifdef CONFIG_TESTING_OPTIONS
} else if (os_strcmp(buf, "force_kdk_derivation") == 0) {
bss->force_kdk_derivation = atoi(pos);
PASN: For testing purposes allow to corrupt MIC For testing purposes, add support for corrupting the MIC in PASN Authentication frames for both wpa_supplicant and hostapd. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
3 years ago
} else if (os_strcmp(buf, "pasn_corrupt_mic") == 0) {
bss->pasn_corrupt_mic = atoi(pos);
WPA: Extend the wpa_pmk_to_ptk() function to also derive KDK Extend the wpa_pmk_to_ptk() to also derive Key Derivation Key (KDK), which can later be used for secure LTF measurements. Update the wpa_supplicant and hostapd configuration and the corresponding WPA and WPA Auth state machine, to allow enabling of KDK derivation. For now, use a testing parameter to control whether KDK is derived. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
3 years ago
#endif /* CONFIG_TESTING_OPTIONS */
AP: Add support for configuring PASN Signed-off-by: Ilan Peer <ilan.peer@intel.com>
3 years ago
} else if (os_strcmp(buf, "pasn_groups") == 0) {
if (hostapd_parse_intlist(&bss->pasn_groups, pos)) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid pasn_groups value '%s'",
line, pos);
return 1;
}
PASN: Add support for comeback flow in AP mode Reuse the SAE anti-clogging token implementation to support similar design with the PASN comeback cookie. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
3 years ago
} else if (os_strcmp(buf, "pasn_comeback_after") == 0) {
bss->pasn_comeback_after = atoi(pos);
WPA: Extend the wpa_pmk_to_ptk() function to also derive KDK Extend the wpa_pmk_to_ptk() to also derive Key Derivation Key (KDK), which can later be used for secure LTF measurements. Update the wpa_supplicant and hostapd configuration and the corresponding WPA and WPA Auth state machine, to allow enabling of KDK derivation. For now, use a testing parameter to control whether KDK is derived. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
3 years ago
#endif /* CONFIG_PASN */
Allow AP mode extended capabilities to be overridden The new hostapd configuration parameters ext_capa_mask and ext_capa can now be used to mask out or add extended capability bits. While this is not without CONFIG_TESTING_OPTIONS, the main use case for this is for testing purposes. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
} else if (os_strcmp(buf, "ext_capa_mask") == 0) {
if (get_hex_config(bss->ext_capa_mask, EXT_CAPA_MAX_LEN,
line, "ext_capa_mask", pos))
return 1;
} else if (os_strcmp(buf, "ext_capa") == 0) {
if (get_hex_config(bss->ext_capa, EXT_CAPA_MAX_LEN,
line, "ext_capa", pos))
return 1;
Remove extra indentation level from hostapd_config_fill() The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else {
wpa_printf(MSG_ERROR,
"Line %d: unknown configuration item '%s'",
line, buf);
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 1;
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
}
Simplify hostapd_config_fill() error reporting There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
return 0;
hostapd: Split config item parser into a separate function This makes it easier to use the configuration file parser for updating the configuration at run time. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
}
/**
* hostapd_config_read - Read and parse a configuration file
* @fname: Configuration file name (including path, if needed)
* Returns: Allocated configuration data structure
*/
struct hostapd_config * hostapd_config_read(const char *fname)
{
struct hostapd_config *conf;
FILE *f;
Increase the maximum hostapd.conf line length to 4096 bytes It was already possible to use longer values through the control interface SET command, but the configuration file parser was still limited to 512 byte lines. Increase this to 4096 bytes since some of the configuration parameters (e.g., anqp_elem) can be longer. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
char buf[4096], *pos;
hostapd: Split config item parser into a separate function This makes it easier to use the configuration file parser for updating the configuration at run time. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
int line = 0;
int errors = 0;
size_t i;
f = fopen(fname, "r");
if (f == NULL) {
wpa_printf(MSG_ERROR, "Could not open configuration file '%s' "
"for reading.", fname);
return NULL;
}
conf = hostapd_config_defaults();
if (conf == NULL) {
fclose(f);
return NULL;
}
/* set default driver based on configuration */
conf->driver = wpa_drivers[0];
if (conf->driver == NULL) {
wpa_printf(MSG_ERROR, "No driver wrappers registered!");
hostapd_config_free(conf);
fclose(f);
return NULL;
}
hostapd: Remove unused variable assignment The local bss variable is used only within the while loop, so no need to assign or even make it visible outside the loop. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
conf->last_bss = conf->bss[0];
hostapd: Split config item parser into a separate function This makes it easier to use the configuration file parser for updating the configuration at run time. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
while (fgets(buf, sizeof(buf), f)) {
hostapd: Remove unused variable assignment The local bss variable is used only within the while loop, so no need to assign or even make it visible outside the loop. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
struct hostapd_bss_config *bss;
hostapd: Split config item parser into a separate function This makes it easier to use the configuration file parser for updating the configuration at run time. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
bss = conf->last_bss;
line++;
if (buf[0] == '#')
continue;
pos = buf;
while (*pos != '\0') {
if (*pos == '\n') {
*pos = '\0';
break;
}
pos++;
}
if (buf[0] == '\0')
continue;
pos = os_strchr(buf, '=');
if (pos == NULL) {
wpa_printf(MSG_ERROR, "Line %d: invalid line '%s'",
line, buf);
errors++;
continue;
}
*pos = '\0';
pos++;
errors += hostapd_config_fill(conf, bss, buf, pos, line);
}
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
fclose(f);
Split hostapd security parameter updating into a separate function Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
for (i = 0; i < conf->num_bss; i++)
hostapd: Fix configuration of multiple RADIUS servers with SET The current RADIUS server pointer was updated after each SET command which broke parsing of multiple RADIUS servers over the control interface. Fix this by doing the final RADIUS server pointer updates only once the full configuration is available. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
hostapd_set_security_params(conf->bss[i], 1);
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
hostapd: Skip full AP configuration validation on SET command It is possible for the configuration to be temporarily invalid when adding a new AP through SET commands followed by ENABLE. Avoid this issue by using less strict validation on SET commands and perform full configuration validation only on ENABLE. Use cases with configuration file maintain their previous behavior, i.e., full validation after the file has been read. Signed-hostap: Jouni Malinen <j@w1.fi>
10 years ago
if (hostapd_config_check(conf, 1))
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
errors++;
Add WPA_IGNORE_CONFIG_ERRORS option to continue in case of bad config This is an option to continue with wpa_supplicant and hostapd even if config file has errors. The problem is that these daemons are the best "candidates" for the config change, so if they can not start because config file was let's say corrupted, you can not fix it easily. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
14 years ago
#ifndef WPA_IGNORE_CONFIG_ERRORS
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
if (errors) {
wpa_printf(MSG_ERROR, "%d errors found in configuration file "
"'%s'", errors, fname);
hostapd_config_free(conf);
conf = NULL;
}
Add WPA_IGNORE_CONFIG_ERRORS option to continue in case of bad config This is an option to continue with wpa_supplicant and hostapd even if config file has errors. The problem is that these daemons are the best "candidates" for the config change, so if they can not start because config file was let's say corrupted, you can not fix it easily. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
14 years ago
#endif /* WPA_IGNORE_CONFIG_ERRORS */
Move hostapd configuration parser into separate file config.c includes now only the generic helper functions that are needed both for hostapd and the AP mode operations in wpa_supplicant. hostapd/config_file.c is only needed for hostapd.
15 years ago
return conf;
}
hostapd: Allow config parameters to be set through ctrl_iface Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
int hostapd_set_iface(struct hostapd_config *conf,
hostapd: Mark config parameter name const The functions parsing configuration parameters do not modify the name of the parameter, so mark that function argument constant. In theory, the value should also be const, but at least for now, number of the parser functions end up modifying this to simplify parsing. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
struct hostapd_bss_config *bss, const char *field,
char *value)
hostapd: Allow config parameters to be set through ctrl_iface Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
{
hostapd: Remove redundant variable initialization The 'errors' variable is initialized later anyway. Signed-hostap: Baruch Siach <baruch@tkos.co.il>
12 years ago
int errors;
hostapd: Allow config parameters to be set through ctrl_iface Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
size_t i;
errors = hostapd_config_fill(conf, bss, field, value, 0);
if (errors) {
wpa_printf(MSG_INFO, "Failed to set configuration field '%s' "
"to value '%s'", field, value);
return -1;
}
for (i = 0; i < conf->num_bss; i++)
hostapd: Fix configuration of multiple RADIUS servers with SET The current RADIUS server pointer was updated after each SET command which broke parsing of multiple RADIUS servers over the control interface. Fix this by doing the final RADIUS server pointer updates only once the full configuration is available. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
hostapd_set_security_params(conf->bss[i], 0);
hostapd: Allow config parameters to be set through ctrl_iface Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
hostapd: Skip full AP configuration validation on SET command It is possible for the configuration to be temporarily invalid when adding a new AP through SET commands followed by ENABLE. Avoid this issue by using less strict validation on SET commands and perform full configuration validation only on ENABLE. Use cases with configuration file maintain their previous behavior, i.e., full validation after the file has been read. Signed-hostap: Jouni Malinen <j@w1.fi>
10 years ago
if (hostapd_config_check(conf, 0)) {
hostapd: Allow config parameters to be set through ctrl_iface Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
wpa_printf(MSG_ERROR, "Configuration check failed");
hostapd: Return error value on configuration check failure Don't count errors since the number isn't used anyway. Signed-hostap: Baruch Siach <baruch@tkos.co.il>
12 years ago
return -1;
hostapd: Allow config parameters to be set through ctrl_iface Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
}
return 0;
}