#include "includes.h"
+#include "common.h"
#include "eloop.h"
+#include "crypto/tls.h"
+#include "common/ieee802_11_defs.h"
+#include "eapol_auth/eapol_auth_sm.h"
+#include "eapol_auth/eapol_auth_sm_i.h"
+#include "radius/radius_client.h"
+#include "radius/radius_server.h"
+#include "eap_server/eap_sim_db.h"
+#include "eap_server/eap.h"
+#include "eap_server/tncs.h"
+#include "l2_packet/l2_packet.h"
#include "hostapd.h"
#include "ieee802_1x.h"
#include "beacon.h"
#include "hw_features.h"
#include "accounting.h"
-#include "eapol_sm.h"
#include "iapp.h"
-#include "ieee802_11_defs.h"
#include "ieee802_11_auth.h"
#include "sta_info.h"
#include "ap_list.h"
#include "driver_i.h"
-#include "radius/radius_client.h"
-#include "radius/radius_server.h"
#include "wpa.h"
#include "preauth.h"
#include "vlan_init.h"
#include "ctrl_iface.h"
-#include "tls.h"
-#include "eap_server/eap_sim_db.h"
-#include "eap_server/eap.h"
-#include "eap_server/tncs.h"
-#include "version.h"
-#include "l2_packet/l2_packet.h"
#include "wps_hostapd.h"
#include "tkip_countermeasures.h"
-static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
- size_t identity_len, int phase2,
- struct eap_user *user);
static int hostapd_flush_old_stations(struct hostapd_data *hapd);
static int hostapd_setup_wpa(struct hostapd_data *hapd);
static int hostapd_setup_encryption(char *iface, struct hostapd_data *hapd);
extern int wpa_debug_level;
+#if defined(EAP_SERVER_SIM) || defined(EAP_SERVER_AKA)
+#define EAP_SIM_DB
+#endif /* EAP_SERVER_SIM || EAP_SERVER_AKA */
-#ifdef EAP_SERVER
+
+#ifdef EAP_SIM_DB
static int hostapd_sim_db_cb_sta(struct hostapd_data *hapd,
struct sta_info *sta, void *ctx)
{
static void hostapd_sim_db_cb(void *ctx, void *session_ctx)
{
struct hostapd_data *hapd = ctx;
- if (ap_for_each_sta(hapd, hostapd_sim_db_cb_sta, session_ctx) == 0)
+ if (ap_for_each_sta(hapd, hostapd_sim_db_cb_sta, session_ctx) == 0) {
+#ifdef RADIUS_SERVER
radius_server_eap_pending_cb(hapd->radius_srv, session_ctx);
+#endif /* RADIUS_SERVER */
+ }
}
-#endif /* EAP_SERVER */
+#endif /* EAP_SIM_DB */
static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
for (j = 0; j < iface->num_bss; j++)
hostapd_flush_old_stations(iface->bss[j]);
+#ifndef CONFIG_NO_RADIUS
/* TODO: update dynamic data based on changed configuration
* items (e.g., open/close sockets, etc.) */
radius_client_flush(hapd->radius, 0);
+#endif /* CONFIG_NO_RADIUS */
oldconf = hapd->iconf;
hapd->iconf = newconf;
}
if (hapd->conf->ieee802_1x || hapd->conf->wpa)
- hostapd_set_ieee8021x(hapd->conf->iface, hapd, 1);
+ hostapd_set_drv_ieee8021x(hapd, hapd->conf->iface, 1);
+ else
+ hostapd_set_drv_ieee8021x(hapd, hapd->conf->iface, 0);
hostapd_config_free(oldconf);
}
-#ifdef HOSTAPD_DUMP_STATE
-/**
- * hostapd_dump_state - SIGUSR1 handler to dump hostapd state to a text file
- */
-static void hostapd_dump_state(struct hostapd_data *hapd)
-{
- FILE *f;
- time_t now;
- struct sta_info *sta;
- int i;
- char *buf;
-
- if (!hapd->conf->dump_log_name) {
- wpa_printf(MSG_DEBUG, "Dump file not defined - ignoring dump "
- "request");
- return;
- }
-
- wpa_printf(MSG_DEBUG, "Dumping hostapd state to '%s'",
- hapd->conf->dump_log_name);
- f = fopen(hapd->conf->dump_log_name, "w");
- if (f == NULL) {
- wpa_printf(MSG_WARNING, "Could not open dump file '%s' for "
- "writing.", hapd->conf->dump_log_name);
- return;
- }
-
- time(&now);
- fprintf(f, "hostapd state dump - %s", ctime(&now));
- fprintf(f, "num_sta=%d num_sta_non_erp=%d "
- "num_sta_no_short_slot_time=%d\n"
- "num_sta_no_short_preamble=%d\n",
- hapd->num_sta, hapd->iface->num_sta_non_erp,
- hapd->iface->num_sta_no_short_slot_time,
- hapd->iface->num_sta_no_short_preamble);
-
- for (sta = hapd->sta_list; sta != NULL; sta = sta->next) {
- fprintf(f, "\nSTA=" MACSTR "\n", MAC2STR(sta->addr));
-
- fprintf(f,
- " AID=%d flags=0x%x %s%s%s%s%s%s%s%s%s%s%s%s%s%s\n"
- " capability=0x%x listen_interval=%d\n",
- sta->aid,
- sta->flags,
- (sta->flags & WLAN_STA_AUTH ? "[AUTH]" : ""),
- (sta->flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""),
- (sta->flags & WLAN_STA_PS ? "[PS]" : ""),
- (sta->flags & WLAN_STA_TIM ? "[TIM]" : ""),
- (sta->flags & WLAN_STA_PERM ? "[PERM]" : ""),
- (sta->flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" :
- ""),
- (sta->flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" :
- ""),
- (sta->flags & WLAN_STA_SHORT_PREAMBLE ?
- "[SHORT_PREAMBLE]" : ""),
- (sta->flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""),
- (sta->flags & WLAN_STA_WMM ? "[WMM]" : ""),
- (sta->flags & WLAN_STA_MFP ? "[MFP]" : ""),
- (sta->flags & WLAN_STA_WPS ? "[WPS]" : ""),
- (sta->flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""),
- (sta->flags & WLAN_STA_NONERP ? "[NonERP]" : ""),
- sta->capability,
- sta->listen_interval);
-
- fprintf(f, " supported_rates=");
- for (i = 0; i < sta->supported_rates_len; i++)
- fprintf(f, "%02x ", sta->supported_rates[i]);
- fprintf(f, "\n");
-
- fprintf(f,
- " timeout_next=%s\n",
- (sta->timeout_next == STA_NULLFUNC ? "NULLFUNC POLL" :
- (sta->timeout_next == STA_DISASSOC ? "DISASSOC" :
- "DEAUTH")));
-
- ieee802_1x_dump_state(f, " ", sta);
- }
-
- buf = os_malloc(4096);
- if (buf) {
- int count = radius_client_get_mib(hapd->radius, buf, 4096);
- if (count < 0)
- count = 0;
- else if (count > 4095)
- count = 4095;
- buf[count] = '\0';
- fprintf(f, "%s", buf);
-
- count = radius_server_get_mib(hapd->radius_srv, buf, 4096);
- if (count < 0)
- count = 0;
- else if (count > 4095)
- count = 4095;
- buf[count] = '\0';
- fprintf(f, "%s", buf);
- os_free(buf);
- }
- fclose(f);
-}
-
-
-int handle_dump_state_iface(struct hostapd_iface *iface, void *ctx)
-{
- size_t i;
-
- for (i = 0; i < iface->num_bss; i++)
- hostapd_dump_state(iface->bss[i]);
-
- return 0;
-}
-#endif /* HOSTAPD_DUMP_STATE */
-
-
static void hostapd_broadcast_key_clear_iface(struct hostapd_data *hapd,
char *ifname)
{
ieee802_1x_deinit(hapd);
vlan_deinit(hapd);
hostapd_acl_deinit(hapd);
+#ifndef CONFIG_NO_RADIUS
radius_client_deinit(hapd->radius);
hapd->radius = NULL;
+#endif /* CONFIG_NO_RADIUS */
+#ifdef RADIUS_SERVER
radius_server_deinit(hapd->radius_srv);
hapd->radius_srv = NULL;
+#endif /* RADIUS_SERVER */
#ifdef CONFIG_IEEE80211R
l2_packet_deinit(hapd->l2);
}
#endif /* EAP_TLS_FUNCS */
-#ifdef EAP_SERVER
+#if defined(EAP_SERVER_SIM) || defined(EAP_SERVER_AKA)
if (hapd->eap_sim_db_priv) {
eap_sim_db_deinit(hapd->eap_sim_db_priv);
hapd->eap_sim_db_priv = NULL;
}
-#endif /* EAP_SERVER */
+#endif /* EAP_SERVER_SIM || EAP_SERVER_AKA */
if (hapd->interface_added &&
- hostapd_bss_remove(hapd, hapd->conf->iface)) {
+ hostapd_if_remove(hapd, WPA_IF_AP_BSS, hapd->conf->iface)) {
wpa_printf(MSG_WARNING, "Failed to remove BSS interface %s",
hapd->conf->iface);
}
}
-static int hostapd_wpa_auth_get_seqnum_igtk(void *ctx, const u8 *addr, int idx,
- u8 *seq)
-{
- struct hostapd_data *hapd = ctx;
- return hostapd_get_seqnum_igtk(hapd->conf->iface, hapd, addr, idx,
- seq);
-}
-
-
static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
const u8 *data, size_t data_len,
int encrypt)
void *ctx, int (*cb)(struct wpa_authenticator *sm, void *ctx),
void *cb_ctx)
{
+ struct hostapd_data *hapd = ctx;
struct wpa_auth_iface_iter_data data;
data.cb = cb;
data.cb_ctx = cb_ctx;
- return hostapd_for_each_interface(wpa_auth_iface_iter, &data);
+ return hostapd_for_each_interface(hapd->iface->interfaces,
+ wpa_auth_iface_iter, &data);
}
cb.get_msk = hostapd_wpa_auth_get_msk;
cb.set_key = hostapd_wpa_auth_set_key;
cb.get_seqnum = hostapd_wpa_auth_get_seqnum;
- cb.get_seqnum_igtk = hostapd_wpa_auth_get_seqnum_igtk;
cb.send_eapol = hostapd_wpa_auth_send_eapol;
cb.for_each_sta = hostapd_wpa_auth_for_each_sta;
cb.for_each_auth = hostapd_wpa_auth_for_each_auth;
}
+#ifdef RADIUS_SERVER
+
+static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
+ size_t identity_len, int phase2,
+ struct eap_user *user)
+{
+ const struct hostapd_eap_user *eap_user;
+ int i, count;
+
+ eap_user = hostapd_get_eap_user(ctx, identity, identity_len, phase2);
+ if (eap_user == NULL)
+ return -1;
+
+ if (user == NULL)
+ return 0;
+
+ os_memset(user, 0, sizeof(*user));
+ count = EAP_USER_MAX_METHODS;
+ if (count > EAP_MAX_METHODS)
+ count = EAP_MAX_METHODS;
+ for (i = 0; i < count; i++) {
+ user->methods[i].vendor = eap_user->methods[i].vendor;
+ user->methods[i].method = eap_user->methods[i].method;
+ }
+
+ if (eap_user->password) {
+ user->password = os_malloc(eap_user->password_len);
+ if (user->password == NULL)
+ return -1;
+ os_memcpy(user->password, eap_user->password,
+ eap_user->password_len);
+ user->password_len = eap_user->password_len;
+ user->password_hash = eap_user->password_hash;
+ }
+ user->force_version = eap_user->force_version;
+ user->ttls_auth = eap_user->ttls_auth;
+
+ return 0;
+}
+
+
static int hostapd_setup_radius_srv(struct hostapd_data *hapd,
struct hostapd_bss_config *conf)
{
return 0;
}
+#endif /* RADIUS_SERVER */
+
/**
* hostapd_setup_bss - Per-BSS setup (initialization)
}
hapd->interface_added = 1;
- if (hostapd_bss_add(hapd->iface->bss[0], hapd->conf->iface,
- hapd->own_addr)) {
+ if (hostapd_if_add(hapd->iface->bss[0], WPA_IF_AP_BSS,
+ hapd->conf->iface, hapd->own_addr, hapd)) {
wpa_printf(MSG_ERROR, "Failed to add BSS (BSSID="
MACSTR ")", MAC2STR(hapd->own_addr));
return -1;
if (wpa_debug_level == MSG_MSGDUMP)
conf->radius->msg_dumps = 1;
+#ifndef CONFIG_NO_RADIUS
hapd->radius = radius_client_init(hapd, conf->radius);
if (hapd->radius == NULL) {
wpa_printf(MSG_ERROR, "RADIUS client initialization failed.");
return -1;
}
+#endif /* CONFIG_NO_RADIUS */
if (hostapd_acl_init(hapd)) {
wpa_printf(MSG_ERROR, "ACL initialization failed.");
ieee802_11_set_beacon(hapd);
+#ifdef RADIUS_SERVER
if (conf->radius_server_clients &&
hostapd_setup_radius_srv(hapd, conf))
return -1;
+#endif /* RADIUS_SERVER */
return 0;
}
}
-static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
- size_t identity_len, int phase2,
- struct eap_user *user)
-{
- const struct hostapd_eap_user *eap_user;
- int i, count;
-
- eap_user = hostapd_get_eap_user(ctx, identity, identity_len, phase2);
- if (eap_user == NULL)
- return -1;
-
- if (user == NULL)
- return 0;
-
- os_memset(user, 0, sizeof(*user));
- count = EAP_USER_MAX_METHODS;
- if (count > EAP_MAX_METHODS)
- count = EAP_MAX_METHODS;
- for (i = 0; i < count; i++) {
- user->methods[i].vendor = eap_user->methods[i].vendor;
- user->methods[i].method = eap_user->methods[i].method;
- }
-
- if (eap_user->password) {
- user->password = os_malloc(eap_user->password_len);
- if (user->password == NULL)
- return -1;
- os_memcpy(user->password, eap_user->password,
- eap_user->password_len);
- user->password_len = eap_user->password_len;
- user->password_hash = eap_user->password_hash;
- }
- user->force_version = eap_user->force_version;
- user->ttls_auth = eap_user->ttls_auth;
-
- return 0;
-}
-
-
static int setup_interface(struct hostapd_iface *iface)
{
struct hostapd_data *hapd = iface->bss[0];
iface->bss[i]->drv_priv = hapd->drv_priv;
}
- if (hostapd_driver_set_mode(hapd, IEEE80211_MODE_AP)) {
- wpa_printf(MSG_ERROR, "Failed to set driver in AP mode");
- return -1;
- }
-
if (hostapd_validate_bssid_configuration(iface))
return -1;
-#ifdef CONFIG_IEEE80211N
- SET_2BIT_LE16(&iface->ht_op_mode,
- HT_INFO_OPERATION_MODE_OP_MODE_OFFSET,
- OP_MODE_PURE);
-#endif /* CONFIG_IEEE80211N */
-
if (hapd->iconf->country[0] && hapd->iconf->country[1]) {
os_memcpy(country, hapd->iconf->country, 3);
country[3] = '\0';
}
}
- if (hapd->iconf->bridge_packets != INTERNAL_BRIDGE_DO_NOT_CONTROL &&
- hostapd_set_internal_bridge(hapd, hapd->iconf->bridge_packets)) {
- wpa_printf(MSG_ERROR, "Failed to set bridge_packets for "
- "kernel driver");
- return -1;
- }
-
if (hostapd_get_hw_features(iface)) {
/* Not all drivers support this yet, so continue without hw
* feature data. */
if (hapd == NULL)
return NULL;
+ hostapd_set_driver_ops(&hapd->drv);
hapd->iconf = conf;
hapd->conf = bss;
hapd->iface = hapd_iface;
}
#endif /* EAP_TLS_FUNCS */
-#ifdef EAP_SERVER
+#ifdef EAP_SIM_DB
if (hapd->conf->eap_sim_db) {
hapd->eap_sim_db_priv =
eap_sim_db_init(hapd->conf->eap_sim_db,
goto fail;
}
}
-#endif /* EAP_SERVER */
+#endif /* EAP_SIM_DB */
hapd->driver = hapd->iconf->driver;
return hapd;
-#if defined(EAP_TLS_FUNCS) || defined(EAP_SERVER)
+#if defined(EAP_TLS_FUNCS) || defined(EAP_SIM_DB)
fail:
#endif
/* TODO: cleanup allocated resources(?) */
return 0;
}
+
+
+int hostapd_set_drv_ieee8021x(struct hostapd_data *hapd, const char *ifname,
+ int enabled)
+{
+ struct wpa_bss_params params;
+ os_memset(¶ms, 0, sizeof(params));
+ params.ifname = ifname;
+ params.enabled = enabled;
+ if (enabled) {
+ params.wpa = hapd->conf->wpa;
+ params.ieee802_1x = hapd->conf->ieee802_1x;
+ params.wpa_group = hapd->conf->wpa_group;
+ params.wpa_pairwise = hapd->conf->wpa_pairwise;
+ params.wpa_key_mgmt = hapd->conf->wpa_key_mgmt;
+ params.rsn_preauth = hapd->conf->rsn_preauth;
+ }
+ return hostapd_set_ieee8021x(hapd, ¶ms);
+}
+
+
+int hostapd_sta_flags_to_drv(int flags)
+{
+ int res = 0;
+ if (flags & WLAN_STA_AUTHORIZED)
+ res |= WPA_STA_AUTHORIZED;
+ if (flags & WLAN_STA_WMM)
+ res |= WPA_STA_WMM;
+ if (flags & WLAN_STA_SHORT_PREAMBLE)
+ res |= WPA_STA_SHORT_PREAMBLE;
+ if (flags & WLAN_STA_MFP)
+ res |= WPA_STA_MFP;
+ return res;
+}