28 static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)  in hostapd_config_free_vlan()  argument
32 	vlan = bss->vlan;  in hostapd_config_free_vlan()
40 	bss->vlan = NULL;  in hostapd_config_free_vlan()
48 void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)  in hostapd_config_defaults_bss()  argument
50 	dl_list_init(&bss->anqp_elem);  in hostapd_config_defaults_bss()
52 	bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;  in hostapd_config_defaults_bss()
53 	bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;  in hostapd_config_defaults_bss()
54 	bss->logger_syslog = (unsigned int) -1;  in hostapd_config_defaults_bss()
55 	bss->logger_stdout = (unsigned int) -1;  in hostapd_config_defaults_bss()
58 	bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;  in hostapd_config_defaults_bss()
60 	bss->wep_rekeying_period = 300;  in hostapd_config_defaults_bss()
62 	bss->broadcast_key_idx_min = 1;  in hostapd_config_defaults_bss()
63 	bss->broadcast_key_idx_max = 2;  in hostapd_config_defaults_bss()
65 	bss->auth_algs = WPA_AUTH_ALG_OPEN;  in hostapd_config_defaults_bss()
67 	bss->eap_reauth_period = 3600;  in hostapd_config_defaults_bss()
69 	bss->wpa_group_rekey = 600;  in hostapd_config_defaults_bss()
70 	bss->wpa_gmk_rekey = 86400;  in hostapd_config_defaults_bss()
71 	bss->wpa_deny_ptk0_rekey = PTK0_REKEY_ALLOW_ALWAYS;  in hostapd_config_defaults_bss()
72 	bss->wpa_group_update_count = 4;  in hostapd_config_defaults_bss()
73 	bss->wpa_pairwise_update_count = 4;  in hostapd_config_defaults_bss()
74 	bss->wpa_disable_eapol_key_retries =  in hostapd_config_defaults_bss()
76 	bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;  in hostapd_config_defaults_bss()
78 	bss->wpa_pairwise = WPA_CIPHER_CCMP;  in hostapd_config_defaults_bss()
79 	bss->wpa_group = WPA_CIPHER_CCMP;  in hostapd_config_defaults_bss()
81 	bss->wpa_pairwise = WPA_CIPHER_TKIP;  in hostapd_config_defaults_bss()
82 	bss->wpa_group = WPA_CIPHER_TKIP;  in hostapd_config_defaults_bss()
84 	bss->rsn_pairwise = 0;  in hostapd_config_defaults_bss()
86 	bss->max_num_sta = MAX_STA_COUNT;  in hostapd_config_defaults_bss()
88 	bss->dtim_period = 2;  in hostapd_config_defaults_bss()
90 	bss->radius_server_auth_port = 1812;  in hostapd_config_defaults_bss()
91 	bss->eap_sim_db_timeout = 1;  in hostapd_config_defaults_bss()
92 	bss->eap_sim_id = 3;  in hostapd_config_defaults_bss()
93 	bss->eap_sim_aka_fast_reauth_limit = 1000;  in hostapd_config_defaults_bss()
94 	bss->ap_max_inactivity = AP_MAX_INACTIVITY;  in hostapd_config_defaults_bss()
95 	bss->bss_max_idle = 1;  in hostapd_config_defaults_bss()
96 	bss->eapol_version = EAPOL_VERSION;  in hostapd_config_defaults_bss()
98 	bss->max_listen_interval = 65535;  in hostapd_config_defaults_bss()
100 	bss->pwd_group = 19; /* ECC: GF(p=256) */  in hostapd_config_defaults_bss()
102 	bss->assoc_sa_query_max_timeout = 1000;  in hostapd_config_defaults_bss()
103 	bss->assoc_sa_query_retry_timeout = 201;  in hostapd_config_defaults_bss()
104 	bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;  in hostapd_config_defaults_bss()
107 	bss->eap_fast_prov = 3;  in hostapd_config_defaults_bss()
108 	bss->pac_key_lifetime = 7 * 24 * 60 * 60;  in hostapd_config_defaults_bss()
109 	bss->pac_key_refresh_time = 1 * 24 * 60 * 60;  in hostapd_config_defaults_bss()
113 	bss->wmm_enabled = -1;  in hostapd_config_defaults_bss()
116 	bss->ft_over_ds = 1;  in hostapd_config_defaults_bss()
117 	bss->rkh_pos_timeout = 86400;  in hostapd_config_defaults_bss()
118 	bss->rkh_neg_timeout = 60;  in hostapd_config_defaults_bss()
119 	bss->rkh_pull_timeout = 1000;  in hostapd_config_defaults_bss()
120 	bss->rkh_pull_retries = 4;  in hostapd_config_defaults_bss()
121 	bss->r0_key_lifetime = 1209600;  in hostapd_config_defaults_bss()
124 	bss->radius_das_time_window = 300;  in hostapd_config_defaults_bss()
125 	bss->radius_require_message_authenticator = 1;  in hostapd_config_defaults_bss()
127 	bss->anti_clogging_threshold = 5;  in hostapd_config_defaults_bss()
128 	bss->sae_sync = 3;  in hostapd_config_defaults_bss()
130 	bss->gas_frag_limit = 1400;  in hostapd_config_defaults_bss()
133 	dl_list_init(&bss->fils_realms);  in hostapd_config_defaults_bss()
134 	bss->fils_hlp_wait_time = 30;  in hostapd_config_defaults_bss()
135 	bss->dhcp_server_port = DHCP_SERVER_PORT;  in hostapd_config_defaults_bss()
136 	bss->dhcp_relay_port = DHCP_SERVER_PORT;  in hostapd_config_defaults_bss()
137 	bss->fils_discovery_min_int = 20;  in hostapd_config_defaults_bss()
140 	bss->broadcast_deauth = 1;  in hostapd_config_defaults_bss()
143 	bss->mbo_cell_data_conn_pref = -1;  in hostapd_config_defaults_bss()
149 	bss->tls_flags = TLS_CONN_DISABLE_TLSv1_3;  in hostapd_config_defaults_bss()
151 	bss->max_auth_rounds = 100;  in hostapd_config_defaults_bss()
152 	bss->max_auth_rounds_short = 50;  in hostapd_config_defaults_bss()
154 	bss->send_probe_response = 1;  in hostapd_config_defaults_bss()
157 	bss->hs20_release = (HS20_VERSION >> 4) + 1;  in hostapd_config_defaults_bss()
161 	bss->mka_priority = DEFAULT_PRIO_NOT_KEY_SERVER;  in hostapd_config_defaults_bss()
162 	bss->macsec_port = 1;  in hostapd_config_defaults_bss()
166 	bss->check_crl_strict = 1;  in hostapd_config_defaults_bss()
168 	bss->multi_ap_profile = MULTI_AP_PROFILE_2;  in hostapd_config_defaults_bss()
171 	bss->sae_commit_status = -1;  in hostapd_config_defaults_bss()
172 	bss->test_assoc_comeback_type = -1;  in hostapd_config_defaults_bss()
177 	bss->pasn_comeback_after = 10;  in hostapd_config_defaults_bss()
178 	bss->pasn_noauth = 1;  in hostapd_config_defaults_bss()
188 	struct hostapd_bss_config *bss;  in hostapd_config_defaults()  local
211 	bss = os_zalloc(sizeof(*bss));  in hostapd_config_defaults()
212 	if (conf == NULL || bss == NULL) {  in hostapd_config_defaults()
216 		os_free(bss);  in hostapd_config_defaults()
219 	conf->bss = os_calloc(1, sizeof(struct hostapd_bss_config *));  in hostapd_config_defaults()
220 	if (conf->bss == NULL) {  in hostapd_config_defaults()
222 		os_free(bss);  in hostapd_config_defaults()
225 	conf->bss[0] = bss;  in hostapd_config_defaults()
227 	bss->radius = os_zalloc(sizeof(*bss->radius));  in hostapd_config_defaults()
228 	if (bss->radius == NULL) {  in hostapd_config_defaults()
229 		os_free(conf->bss);  in hostapd_config_defaults()
231 		os_free(bss);  in hostapd_config_defaults()
235 	hostapd_config_defaults_bss(bss);  in hostapd_config_defaults()
1029 		hostapd_config_free_bss(conf->bss[i]);  in hostapd_config_free()
1030 	os_free(conf->bss);  in hostapd_config_free()
1177 static bool hostapd_sae_pk_password_without_pk(struct hostapd_bss_config *bss)  in hostapd_sae_pk_password_without_pk()  argument
1182 	if (bss->ssid.wpa_passphrase &&  in hostapd_sae_pk_password_without_pk()
1184 	    !bss->sae_pk_password_check_skip &&  in hostapd_sae_pk_password_without_pk()
1186 	    sae_pk_valid_password(bss->ssid.wpa_passphrase))  in hostapd_sae_pk_password_without_pk()
1189 	for (pw = bss->sae_passwords; pw; pw = pw->next) {  in hostapd_sae_pk_password_without_pk()
1192 		    !bss->sae_pk_password_check_skip &&  in hostapd_sae_pk_password_without_pk()
1197 		if (bss->ssid.wpa_passphrase && res && pw->pk &&  in hostapd_sae_pk_password_without_pk()
1198 		    os_strcmp(bss->ssid.wpa_passphrase, pw->password) == 0)  in hostapd_sae_pk_password_without_pk()
1207 static bool hostapd_config_check_bss_6g(struct hostapd_bss_config *bss)  in hostapd_config_check_bss_6g()  argument
1209 	if (bss->wpa != WPA_PROTO_RSN) {  in hostapd_config_check_bss_6g()
1215 	if (bss->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED) {  in hostapd_config_check_bss_6g()
1221 	if (bss->wpa_key_mgmt & (WPA_KEY_MGMT_PSK |  in hostapd_config_check_bss_6g()
1228 	if (bss->rsn_pairwise & (WPA_CIPHER_WEP40 |  in hostapd_config_check_bss_6g()
1236 	if (bss->wpa_group & (WPA_CIPHER_WEP40 |  in hostapd_config_check_bss_6g()
1244 	if (wpa_key_mgmt_sae(bss->wpa_key_mgmt) &&  in hostapd_config_check_bss_6g()
1245 	    bss->sae_pwe == SAE_PWE_HUNT_AND_PECK) {  in hostapd_config_check_bss_6g()
1247 		bss->sae_pwe = SAE_PWE_BOTH;  in hostapd_config_check_bss_6g()
1255 static int hostapd_config_check_bss(struct hostapd_bss_config *bss,  in hostapd_config_check_bss()  argument
1260 	    !hostapd_config_check_bss_6g(bss))  in hostapd_config_check_bss()
1263 	if (full_config && bss->ieee802_1x && !bss->eap_server &&  in hostapd_config_check_bss()
1264 	    !bss->radius->auth_servers) {  in hostapd_config_check_bss()
1271 	if (bss->wpa) {  in hostapd_config_check_bss()
1274 		wep = bss->default_wep_key_len > 0 ||  in hostapd_config_check_bss()
1275 		       bss->individual_wep_key_len > 0;  in hostapd_config_check_bss()
1277 			if (bss->ssid.wep.keys_set) {  in hostapd_config_check_bss()
1290 	if (full_config && bss->wpa &&  in hostapd_config_check_bss()
1291 	    bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&  in hostapd_config_check_bss()
1292 	    bss->wpa_psk_radius != PSK_RADIUS_DURING_4WAY_HS &&  in hostapd_config_check_bss()
1293 	    bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {  in hostapd_config_check_bss()
1299 	if (full_config && bss->wpa &&  in hostapd_config_check_bss()
1300 	    wpa_key_mgmt_wpa_psk_no_sae(bss->wpa_key_mgmt) &&  in hostapd_config_check_bss()
1301 	    bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&  in hostapd_config_check_bss()
1302 	    bss->ssid.wpa_psk_file == NULL &&  in hostapd_config_check_bss()
1303 	    bss->wpa_psk_radius != PSK_RADIUS_DURING_4WAY_HS &&  in hostapd_config_check_bss()
1304 	    (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED ||  in hostapd_config_check_bss()
1305 	     bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) {  in hostapd_config_check_bss()
1311 	if (full_config && !is_zero_ether_addr(bss->bssid)) {  in hostapd_config_check_bss()
1315 			if (conf->bss[i] != bss &&  in hostapd_config_check_bss()
1316 			    (hostapd_mac_comp(conf->bss[i]->bssid,  in hostapd_config_check_bss()
1317 					      bss->bssid) == 0)) {  in hostapd_config_check_bss()
1320 					   MAC2STR(bss->bssid),  in hostapd_config_check_bss()
1321 					   conf->bss[i]->iface, bss->iface);  in hostapd_config_check_bss()
1328 	if (full_config && wpa_key_mgmt_ft(bss->wpa_key_mgmt) &&  in hostapd_config_check_bss()
1329 	    (bss->nas_identifier == NULL ||  in hostapd_config_check_bss()
1330 	     os_strlen(bss->nas_identifier) < 1 ||  in hostapd_config_check_bss()
1331 	     os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) {  in hostapd_config_check_bss()
1341 		bss->disable_11n = true;  in hostapd_config_check_bss()
1348 	    bss->ssid.security_policy == SECURITY_STATIC_WEP) {  in hostapd_config_check_bss()
1349 		bss->disable_11n = true;  in hostapd_config_check_bss()
1355 	if (full_config && conf->ieee80211n && bss->wpa &&  in hostapd_config_check_bss()
1356 	    !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&  in hostapd_config_check_bss()
1357 	    !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |  in hostapd_config_check_bss()
1360 		bss->disable_11n = true;  in hostapd_config_check_bss()
1369 	    bss->ssid.security_policy == SECURITY_STATIC_WEP) {  in hostapd_config_check_bss()
1370 		bss->disable_11ac = true;  in hostapd_config_check_bss()
1376 	if (full_config && conf->ieee80211ac && bss->wpa &&  in hostapd_config_check_bss()
1377 	    !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&  in hostapd_config_check_bss()
1378 	    !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |  in hostapd_config_check_bss()
1381 		bss->disable_11ac = true;  in hostapd_config_check_bss()
1390 	    bss->ssid.security_policy == SECURITY_STATIC_WEP) {  in hostapd_config_check_bss()
1391 		bss->disable_11ax = true;  in hostapd_config_check_bss()
1397 	if (full_config && conf->ieee80211ax && bss->wpa &&  in hostapd_config_check_bss()
1398 	    !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&  in hostapd_config_check_bss()
1399 	    !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |  in hostapd_config_check_bss()
1402 		bss->disable_11ax = true;  in hostapd_config_check_bss()
1409 	if (full_config && bss->wps_state && bss->ignore_broadcast_ssid) {  in hostapd_config_check_bss()
1412 		bss->wps_state = 0;  in hostapd_config_check_bss()
1416 	if (full_config && bss->wps_state &&  in hostapd_config_check_bss()
1417 	    bss->ssid.wep.keys_set && bss->wpa == 0) {  in hostapd_config_check_bss()
1420 		bss->wps_state = 0;  in hostapd_config_check_bss()
1424 	if (full_config && bss->wps_state && bss->wpa &&  in hostapd_config_check_bss()
1425 	    (!(bss->wpa & 2) ||  in hostapd_config_check_bss()
1426 	     !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |  in hostapd_config_check_bss()
1431 		bss->wps_state = 0;  in hostapd_config_check_bss()
1436 	if (full_config && bss->hs20 &&  in hostapd_config_check_bss()
1437 	    (!(bss->wpa & 2) ||  in hostapd_config_check_bss()
1438 	     !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |  in hostapd_config_check_bss()
1449 	if (full_config && bss->mbo_enabled && (bss->wpa & 2) &&  in hostapd_config_check_bss()
1450 	    bss->ieee80211w == NO_MGMT_FRAME_PROTECTION) {  in hostapd_config_check_bss()
1458 	if (full_config && bss->ieee80211w == NO_MGMT_FRAME_PROTECTION &&  in hostapd_config_check_bss()
1459 	    bss->ocv) {  in hostapd_config_check_bss()
1467 	if (full_config && hostapd_sae_pk_in_use(bss) &&  in hostapd_config_check_bss()
1468 	    hostapd_sae_pk_password_without_pk(bss)) {  in hostapd_config_check_bss()
1476 	if (full_config && bss->fils_discovery_max_int &&  in hostapd_config_check_bss()
1477 	    (!conf->ieee80211ax || bss->disable_11ax)) {  in hostapd_config_check_bss()
1483 	if (full_config && bss->fils_discovery_max_int &&  in hostapd_config_check_bss()
1484 	    bss->unsol_bcast_probe_resp_interval) {  in hostapd_config_check_bss()
1492 	if (full_config && !bss->disable_11be && bss->disable_11ax) {  in hostapd_config_check_bss()
1493 		bss->disable_11be = true;  in hostapd_config_check_bss()
1499 	if (full_config && bss->ignore_broadcast_ssid && conf->mbssid) {  in hostapd_config_check_bss()
1599 		if (hostapd_config_check_bss(conf->bss[i], conf, full_config))  in hostapd_config_check()
1607 void hostapd_set_security_params(struct hostapd_bss_config *bss,  in hostapd_set_security_params()  argument
1611 	if (bss->individual_wep_key_len == 0) {  in hostapd_set_security_params()
1614 		bss->broadcast_key_idx_min = 0;  in hostapd_set_security_params()
1618 	if ((bss->wpa & 2) && bss->rsn_pairwise == 0)  in hostapd_set_security_params()
1619 		bss->rsn_pairwise = bss->wpa_pairwise;  in hostapd_set_security_params()
1620 	if (bss->group_cipher)  in hostapd_set_security_params()
1621 		bss->wpa_group = bss->group_cipher;  in hostapd_set_security_params()
1623 		bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,  in hostapd_set_security_params()
1624 							    bss->wpa_pairwise,  in hostapd_set_security_params()
1625 							    bss->rsn_pairwise);  in hostapd_set_security_params()
1626 	if (!bss->wpa_group_rekey_set)  in hostapd_set_security_params()
1627 		bss->wpa_group_rekey = bss->wpa_group == WPA_CIPHER_TKIP ?  in hostapd_set_security_params()
1631 		bss->radius->auth_server = bss->radius->auth_servers;  in hostapd_set_security_params()
1632 		bss->radius->acct_server = bss->radius->acct_servers;  in hostapd_set_security_params()
1635 	if (bss->wpa && bss->ieee802_1x) {  in hostapd_set_security_params()
1636 		bss->ssid.security_policy = SECURITY_WPA;  in hostapd_set_security_params()
1637 	} else if (bss->wpa) {  in hostapd_set_security_params()
1638 		bss->ssid.security_policy = SECURITY_WPA_PSK;  in hostapd_set_security_params()
1639 	} else if (bss->ieee802_1x) {  in hostapd_set_security_params()
1641 		bss->ssid.security_policy = SECURITY_IEEE_802_1X;  in hostapd_set_security_params()
1643 		bss->ssid.wep.default_len = bss->default_wep_key_len;  in hostapd_set_security_params()
1644 		if (full_config && bss->default_wep_key_len) {  in hostapd_set_security_params()
1645 			cipher = bss->default_wep_key_len >= 13 ?  in hostapd_set_security_params()
1647 		} else if (full_config && bss->ssid.wep.keys_set) {  in hostapd_set_security_params()
1648 			if (bss->ssid.wep.len[0] >= 13)  in hostapd_set_security_params()
1654 		bss->wpa_group = cipher;  in hostapd_set_security_params()
1655 		bss->wpa_pairwise = cipher;  in hostapd_set_security_params()
1656 		bss->rsn_pairwise = cipher;  in hostapd_set_security_params()
1658 			bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;  in hostapd_set_security_params()
1660 	} else if (bss->ssid.wep.keys_set) {  in hostapd_set_security_params()
1662 		if (bss->ssid.wep.len[0] >= 13)  in hostapd_set_security_params()
1664 		bss->ssid.security_policy = SECURITY_STATIC_WEP;  in hostapd_set_security_params()
1665 		bss->wpa_group = cipher;  in hostapd_set_security_params()
1666 		bss->wpa_pairwise = cipher;  in hostapd_set_security_params()
1667 		bss->rsn_pairwise = cipher;  in hostapd_set_security_params()
1669 			bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;  in hostapd_set_security_params()
1671 	} else if (bss->osen) {  in hostapd_set_security_params()
1672 		bss->ssid.security_policy = SECURITY_OSEN;  in hostapd_set_security_params()
1673 		bss->wpa_group = WPA_CIPHER_CCMP;  in hostapd_set_security_params()
1674 		bss->wpa_pairwise = 0;  in hostapd_set_security_params()
1675 		bss->rsn_pairwise = WPA_CIPHER_CCMP;  in hostapd_set_security_params()
1677 		bss->ssid.security_policy = SECURITY_PLAINTEXT;  in hostapd_set_security_params()
1679 			bss->wpa_group = WPA_CIPHER_NONE;  in hostapd_set_security_params()
1680 			bss->wpa_pairwise = WPA_CIPHER_NONE;  in hostapd_set_security_params()
1681 			bss->rsn_pairwise = WPA_CIPHER_NONE;  in hostapd_set_security_params()
1682 			bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;  in hostapd_set_security_params()