#include "crypto/tls.h"
#include "common/ieee802_11_defs.h"
#include "eapol_auth/eapol_auth_sm.h"
+#include "eapol_auth/eapol_auth_sm_i.h"
#include "radius/radius_client.h"
#include "radius/radius_server.h"
#include "eap_server/eap_sim_db.h"
#include "accounting.h"
#include "iapp.h"
#include "ieee802_11_auth.h"
-#include "sta_flags.h"
#include "sta_info.h"
#include "ap_list.h"
#include "driver_i.h"
#include "tkip_countermeasures.h"
-static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
- size_t identity_len, int phase2,
- struct eap_user *user);
static int hostapd_flush_old_stations(struct hostapd_data *hapd);
static int hostapd_setup_wpa(struct hostapd_data *hapd);
static int hostapd_setup_encryption(char *iface, struct hostapd_data *hapd);
extern int wpa_debug_level;
+#if defined(EAP_SERVER_SIM) || defined(EAP_SERVER_AKA)
+#define EAP_SIM_DB
+#endif /* EAP_SERVER_SIM || EAP_SERVER_AKA */
-#ifdef EAP_SERVER
+
+#ifdef EAP_SIM_DB
static int hostapd_sim_db_cb_sta(struct hostapd_data *hapd,
struct sta_info *sta, void *ctx)
{
static void hostapd_sim_db_cb(void *ctx, void *session_ctx)
{
struct hostapd_data *hapd = ctx;
- if (ap_for_each_sta(hapd, hostapd_sim_db_cb_sta, session_ctx) == 0)
+ if (ap_for_each_sta(hapd, hostapd_sim_db_cb_sta, session_ctx) == 0) {
+#ifdef RADIUS_SERVER
radius_server_eap_pending_cb(hapd->radius_srv, session_ctx);
+#endif /* RADIUS_SERVER */
+ }
}
-#endif /* EAP_SERVER */
+#endif /* EAP_SIM_DB */
static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
struct wpa_auth_config wpa_auth_conf;
size_t j;
- newconf = hostapd_config_read(iface->config_fname);
+ if (iface->config_read_cb == NULL)
+ return -1;
+ newconf = iface->config_read_cb(iface->config_fname);
if (newconf == NULL)
return -1;
for (j = 0; j < iface->num_bss; j++)
hostapd_flush_old_stations(iface->bss[j]);
+#ifndef CONFIG_NO_RADIUS
/* TODO: update dynamic data based on changed configuration
* items (e.g., open/close sockets, etc.) */
radius_client_flush(hapd->radius, 0);
+#endif /* CONFIG_NO_RADIUS */
oldconf = hapd->iconf;
hapd->iconf = newconf;
}
if (hapd->conf->ieee802_1x || hapd->conf->wpa)
- hostapd_set_ieee8021x(hapd->conf->iface, hapd, 1);
+ hostapd_set_drv_ieee8021x(hapd, hapd->conf->iface, 1);
+ else
+ hostapd_set_drv_ieee8021x(hapd, hapd->conf->iface, 0);
hostapd_config_free(oldconf);
int i;
for (i = 0; i < NUM_WEP_KEYS; i++) {
- if (hostapd_set_key(ifname, hapd, WPA_ALG_NONE, NULL, i,
- i == 0 ? 1 : 0, NULL, 0, NULL, 0)) {
+ if (hapd->drv.set_key(ifname, hapd, WPA_ALG_NONE, NULL, i,
+ i == 0 ? 1 : 0, NULL, 0, NULL, 0)) {
wpa_printf(MSG_DEBUG, "Failed to clear default "
"encryption keys (ifname=%s keyidx=%d)",
ifname, i);
#ifdef CONFIG_IEEE80211W
if (hapd->conf->ieee80211w) {
for (i = NUM_WEP_KEYS; i < NUM_WEP_KEYS + 2; i++) {
- if (hostapd_set_key(ifname, hapd, WPA_ALG_NONE, NULL,
- i, i == 0 ? 1 : 0, NULL, 0,
- NULL, 0)) {
+ if (hapd->drv.set_key(ifname, hapd, WPA_ALG_NONE, NULL,
+ i, i == 0 ? 1 : 0, NULL, 0,
+ NULL, 0)) {
wpa_printf(MSG_DEBUG, "Failed to clear "
"default mgmt encryption keys "
"(ifname=%s keyidx=%d)", ifname, i);
idx = ssid->wep.idx;
if (ssid->wep.default_len &&
- hostapd_set_key(hapd->conf->iface,
- hapd, WPA_ALG_WEP, NULL, idx, idx == ssid->wep.idx,
- NULL, 0, ssid->wep.key[idx], ssid->wep.len[idx])) {
+ hapd->drv.set_key(hapd->conf->iface,
+ hapd, WPA_ALG_WEP, NULL, idx,
+ idx == ssid->wep.idx,
+ NULL, 0, ssid->wep.key[idx],
+ ssid->wep.len[idx])) {
wpa_printf(MSG_WARNING, "Could not set WEP encryption.");
errors++;
}
continue;
idx = key->idx;
- if (hostapd_set_key(ifname, hapd, WPA_ALG_WEP, NULL,
- idx, idx == key->idx, NULL, 0,
- key->key[idx], key->len[idx])) {
+ if (hapd->drv.set_key(ifname, hapd, WPA_ALG_WEP, NULL,
+ idx, idx == key->idx, NULL, 0,
+ key->key[idx], key->len[idx])) {
wpa_printf(MSG_WARNING, "Could not set "
"dynamic VLAN WEP encryption.");
errors++;
ieee802_1x_deinit(hapd);
vlan_deinit(hapd);
hostapd_acl_deinit(hapd);
+#ifndef CONFIG_NO_RADIUS
radius_client_deinit(hapd->radius);
hapd->radius = NULL;
+#endif /* CONFIG_NO_RADIUS */
+#ifdef RADIUS_SERVER
radius_server_deinit(hapd->radius_srv);
hapd->radius_srv = NULL;
+#endif /* RADIUS_SERVER */
#ifdef CONFIG_IEEE80211R
l2_packet_deinit(hapd->l2);
}
#endif /* EAP_TLS_FUNCS */
-#ifdef EAP_SERVER
+#if defined(EAP_SERVER_SIM) || defined(EAP_SERVER_AKA)
if (hapd->eap_sim_db_priv) {
eap_sim_db_deinit(hapd->eap_sim_db_priv);
hapd->eap_sim_db_priv = NULL;
}
-#endif /* EAP_SERVER */
+#endif /* EAP_SERVER_SIM || EAP_SERVER_AKA */
if (hapd->interface_added &&
- hostapd_bss_remove(hapd, hapd->conf->iface)) {
+ hostapd_if_remove(hapd, WPA_IF_AP_BSS, hapd->conf->iface)) {
wpa_printf(MSG_WARNING, "Failed to remove BSS interface %s",
hapd->conf->iface);
}
hostapd_broadcast_wep_set(hapd);
- if (hapd->conf->ssid.wep.default_len)
+ if (hapd->conf->ssid.wep.default_len) {
+ hostapd_set_privacy(hapd, 1);
return 0;
+ }
for (i = 0; i < 4; i++) {
if (hapd->conf->ssid.wep.key[i] &&
- hostapd_set_key(iface, hapd, WPA_ALG_WEP, NULL, i,
- i == hapd->conf->ssid.wep.idx, NULL, 0,
- hapd->conf->ssid.wep.key[i],
- hapd->conf->ssid.wep.len[i])) {
+ hapd->drv.set_key(iface, hapd, WPA_ALG_WEP, NULL, i,
+ i == hapd->conf->ssid.wep.idx, NULL, 0,
+ hapd->conf->ssid.wep.key[i],
+ hapd->conf->ssid.wep.len[i])) {
wpa_printf(MSG_WARNING, "Could not set WEP "
"encryption.");
return -1;
u16 reason)
{
struct hostapd_data *hapd = ctx;
- struct sta_info *sta;
-
wpa_printf(MSG_DEBUG, "%s: WPA authenticator requests disconnect: "
"STA " MACSTR " reason %d",
__func__, MAC2STR(addr), reason);
-
- sta = ap_get_sta(hapd, addr);
- hostapd_sta_deauth(hapd, addr, reason);
- if (sta == NULL)
- return;
- sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_AUTHORIZED);
- eloop_cancel_timeout(ap_handle_timer, hapd, sta);
- eloop_register_timeout(0, 0, ap_handle_timer, hapd, sta);
- sta->timeout_next = STA_REMOVE;
+ ap_sta_disconnect(hapd, NULL, addr, reason);
}
return -1;
}
- return hostapd_set_key(ifname, hapd, alg, addr, idx, 1, NULL, 0,
- key, key_len);
+ return hapd->drv.set_key(ifname, hapd, alg, addr, idx, 1, NULL, 0,
+ key, key_len);
}
}
-static int hostapd_wpa_auth_get_seqnum_igtk(void *ctx, const u8 *addr, int idx,
- u8 *seq)
-{
- struct hostapd_data *hapd = ctx;
- return hostapd_get_seqnum_igtk(hapd->conf->iface, hapd, addr, idx,
- seq);
-}
-
-
static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
const u8 *data, size_t data_len,
int encrypt)
{
struct hostapd_data *hapd = ctx;
- return hostapd_send_eapol(hapd, addr, data, data_len, encrypt);
+ return hapd->drv.send_eapol(hapd, addr, data, data_len, encrypt);
}
void *ctx, int (*cb)(struct wpa_authenticator *sm, void *ctx),
void *cb_ctx)
{
+ struct hostapd_data *hapd = ctx;
struct wpa_auth_iface_iter_data data;
data.cb = cb;
data.cb_ctx = cb_ctx;
- return hostapd_for_each_interface(wpa_auth_iface_iter, &data);
+ return hostapd_for_each_interface(hapd->iface->interfaces,
+ wpa_auth_iface_iter, &data);
}
os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
os_memcpy(&m->u, data, data_len);
- res = hostapd_send_mgmt_frame(hapd, (u8 *) m, mlen);
+ res = hapd->drv.send_mgmt_frame(hapd, (u8 *) m, mlen);
os_free(m);
return res;
}
cb.get_msk = hostapd_wpa_auth_get_msk;
cb.set_key = hostapd_wpa_auth_set_key;
cb.get_seqnum = hostapd_wpa_auth_get_seqnum;
- cb.get_seqnum_igtk = hostapd_wpa_auth_get_seqnum_igtk;
cb.send_eapol = hostapd_wpa_auth_send_eapol;
cb.for_each_sta = hostapd_wpa_auth_for_each_sta;
cb.for_each_auth = hostapd_wpa_auth_for_each_auth;
}
+#ifdef RADIUS_SERVER
+
+static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
+ size_t identity_len, int phase2,
+ struct eap_user *user)
+{
+ const struct hostapd_eap_user *eap_user;
+ int i, count;
+
+ eap_user = hostapd_get_eap_user(ctx, identity, identity_len, phase2);
+ if (eap_user == NULL)
+ return -1;
+
+ if (user == NULL)
+ return 0;
+
+ os_memset(user, 0, sizeof(*user));
+ count = EAP_USER_MAX_METHODS;
+ if (count > EAP_MAX_METHODS)
+ count = EAP_MAX_METHODS;
+ for (i = 0; i < count; i++) {
+ user->methods[i].vendor = eap_user->methods[i].vendor;
+ user->methods[i].method = eap_user->methods[i].method;
+ }
+
+ if (eap_user->password) {
+ user->password = os_malloc(eap_user->password_len);
+ if (user->password == NULL)
+ return -1;
+ os_memcpy(user->password, eap_user->password,
+ eap_user->password_len);
+ user->password_len = eap_user->password_len;
+ user->password_hash = eap_user->password_hash;
+ }
+ user->force_version = eap_user->force_version;
+ user->ttls_auth = eap_user->ttls_auth;
+
+ return 0;
+}
+
+
static int hostapd_setup_radius_srv(struct hostapd_data *hapd,
struct hostapd_bss_config *conf)
{
return 0;
}
+#endif /* RADIUS_SERVER */
+
/**
* hostapd_setup_bss - Per-BSS setup (initialization)
}
hapd->interface_added = 1;
- if (hostapd_bss_add(hapd->iface->bss[0], hapd->conf->iface,
- hapd->own_addr)) {
+ if (hostapd_if_add(hapd->iface->bss[0], WPA_IF_AP_BSS,
+ hapd->conf->iface, hapd->own_addr, hapd)) {
wpa_printf(MSG_ERROR, "Failed to add BSS (BSSID="
MACSTR ")", MAC2STR(hapd->own_addr));
return -1;
if (wpa_debug_level == MSG_MSGDUMP)
conf->radius->msg_dumps = 1;
+#ifndef CONFIG_NO_RADIUS
hapd->radius = radius_client_init(hapd, conf->radius);
if (hapd->radius == NULL) {
wpa_printf(MSG_ERROR, "RADIUS client initialization failed.");
return -1;
}
+#endif /* CONFIG_NO_RADIUS */
if (hostapd_acl_init(hapd)) {
wpa_printf(MSG_ERROR, "ACL initialization failed.");
ieee802_11_set_beacon(hapd);
+#ifdef RADIUS_SERVER
if (conf->radius_server_clients &&
hostapd_setup_radius_srv(hapd, conf))
return -1;
+#endif /* RADIUS_SERVER */
return 0;
}
}
-static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
- size_t identity_len, int phase2,
- struct eap_user *user)
-{
- const struct hostapd_eap_user *eap_user;
- int i, count;
-
- eap_user = hostapd_get_eap_user(ctx, identity, identity_len, phase2);
- if (eap_user == NULL)
- return -1;
-
- if (user == NULL)
- return 0;
-
- os_memset(user, 0, sizeof(*user));
- count = EAP_USER_MAX_METHODS;
- if (count > EAP_MAX_METHODS)
- count = EAP_MAX_METHODS;
- for (i = 0; i < count; i++) {
- user->methods[i].vendor = eap_user->methods[i].vendor;
- user->methods[i].method = eap_user->methods[i].method;
- }
-
- if (eap_user->password) {
- user->password = os_malloc(eap_user->password_len);
- if (user->password == NULL)
- return -1;
- os_memcpy(user->password, eap_user->password,
- eap_user->password_len);
- user->password_len = eap_user->password_len;
- user->password_hash = eap_user->password_hash;
- }
- user->force_version = eap_user->force_version;
- user->ttls_auth = eap_user->ttls_auth;
-
- return 0;
-}
-
-
static int setup_interface(struct hostapd_iface *iface)
{
struct hostapd_data *hapd = iface->bss[0];
}
}
- if (hapd->iconf->bridge_packets != INTERNAL_BRIDGE_DO_NOT_CONTROL &&
- hostapd_set_internal_bridge(hapd, hapd->iconf->bridge_packets)) {
- wpa_printf(MSG_ERROR, "Failed to set bridge_packets for "
- "kernel driver");
- return -1;
- }
-
if (hostapd_get_hw_features(iface)) {
/* Not all drivers support this yet, so continue without hw
* feature data. */
if (hapd == NULL)
return NULL;
+ hostapd_set_driver_ops(&hapd->drv);
hapd->iconf = conf;
hapd->conf = bss;
hapd->iface = hapd_iface;
}
#endif /* EAP_TLS_FUNCS */
-#ifdef EAP_SERVER
+#ifdef EAP_SIM_DB
if (hapd->conf->eap_sim_db) {
hapd->eap_sim_db_priv =
eap_sim_db_init(hapd->conf->eap_sim_db,
goto fail;
}
}
-#endif /* EAP_SERVER */
+#endif /* EAP_SIM_DB */
hapd->driver = hapd->iconf->driver;
return hapd;
-#if defined(EAP_TLS_FUNCS) || defined(EAP_SERVER)
+#if defined(EAP_TLS_FUNCS) || defined(EAP_SIM_DB)
fail:
#endif
/* TODO: cleanup allocated resources(?) */
return 0;
}
+
+
+int hostapd_set_drv_ieee8021x(struct hostapd_data *hapd, const char *ifname,
+ int enabled)
+{
+ struct wpa_bss_params params;
+ os_memset(¶ms, 0, sizeof(params));
+ params.ifname = ifname;
+ params.enabled = enabled;
+ if (enabled) {
+ params.wpa = hapd->conf->wpa;
+ params.ieee802_1x = hapd->conf->ieee802_1x;
+ params.wpa_group = hapd->conf->wpa_group;
+ params.wpa_pairwise = hapd->conf->wpa_pairwise;
+ params.wpa_key_mgmt = hapd->conf->wpa_key_mgmt;
+ params.rsn_preauth = hapd->conf->rsn_preauth;
+ }
+ return hostapd_set_ieee8021x(hapd, ¶ms);
+}
+
+
+int hostapd_sta_flags_to_drv(int flags)
+{
+ int res = 0;
+ if (flags & WLAN_STA_AUTHORIZED)
+ res |= WPA_STA_AUTHORIZED;
+ if (flags & WLAN_STA_WMM)
+ res |= WPA_STA_WMM;
+ if (flags & WLAN_STA_SHORT_PREAMBLE)
+ res |= WPA_STA_SHORT_PREAMBLE;
+ if (flags & WLAN_STA_MFP)
+ res |= WPA_STA_MFP;
+ return res;
+}