xref: /freebsd/contrib/wpa/src/ap/ap_config.c (revision 036d2e814bf0f5d88ffb4b24c159320894541757)
1 /*
2  * hostapd / Configuration helper functions
3  * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 
11 #include "utils/common.h"
12 #include "crypto/sha1.h"
13 #include "crypto/tls.h"
14 #include "radius/radius_client.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/ieee802_1x_defs.h"
17 #include "common/eapol_common.h"
18 #include "common/dhcp.h"
19 #include "eap_common/eap_wsc_common.h"
20 #include "eap_server/eap.h"
21 #include "wpa_auth.h"
22 #include "sta_info.h"
23 #include "airtime_policy.h"
24 #include "ap_config.h"
25 
26 
27 static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)
28 {
29 	struct hostapd_vlan *vlan, *prev;
30 
31 	vlan = bss->vlan;
32 	prev = NULL;
33 	while (vlan) {
34 		prev = vlan;
35 		vlan = vlan->next;
36 		os_free(prev);
37 	}
38 
39 	bss->vlan = NULL;
40 }
41 
42 
43 #ifndef DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES
44 #define DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES 0
45 #endif /* DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES */
46 
47 void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
48 {
49 	dl_list_init(&bss->anqp_elem);
50 
51 	bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;
52 	bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;
53 	bss->logger_syslog = (unsigned int) -1;
54 	bss->logger_stdout = (unsigned int) -1;
55 
56 	bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;
57 
58 	bss->wep_rekeying_period = 300;
59 	/* use key0 in individual key and key1 in broadcast key */
60 	bss->broadcast_key_idx_min = 1;
61 	bss->broadcast_key_idx_max = 2;
62 	bss->eap_reauth_period = 3600;
63 
64 	bss->wpa_group_rekey = 600;
65 	bss->wpa_gmk_rekey = 86400;
66 	bss->wpa_group_update_count = 4;
67 	bss->wpa_pairwise_update_count = 4;
68 	bss->wpa_disable_eapol_key_retries =
69 		DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
70 	bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
71 	bss->wpa_pairwise = WPA_CIPHER_TKIP;
72 	bss->wpa_group = WPA_CIPHER_TKIP;
73 	bss->rsn_pairwise = 0;
74 
75 	bss->max_num_sta = MAX_STA_COUNT;
76 
77 	bss->dtim_period = 2;
78 
79 	bss->radius_server_auth_port = 1812;
80 	bss->eap_sim_db_timeout = 1;
81 	bss->eap_sim_id = 3;
82 	bss->ap_max_inactivity = AP_MAX_INACTIVITY;
83 	bss->eapol_version = EAPOL_VERSION;
84 
85 	bss->max_listen_interval = 65535;
86 
87 	bss->pwd_group = 19; /* ECC: GF(p=256) */
88 
89 #ifdef CONFIG_IEEE80211W
90 	bss->assoc_sa_query_max_timeout = 1000;
91 	bss->assoc_sa_query_retry_timeout = 201;
92 	bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
93 #endif /* CONFIG_IEEE80211W */
94 #ifdef EAP_SERVER_FAST
95 	 /* both anonymous and authenticated provisioning */
96 	bss->eap_fast_prov = 3;
97 	bss->pac_key_lifetime = 7 * 24 * 60 * 60;
98 	bss->pac_key_refresh_time = 1 * 24 * 60 * 60;
99 #endif /* EAP_SERVER_FAST */
100 
101 	/* Set to -1 as defaults depends on HT in setup */
102 	bss->wmm_enabled = -1;
103 
104 #ifdef CONFIG_IEEE80211R_AP
105 	bss->ft_over_ds = 1;
106 	bss->rkh_pos_timeout = 86400;
107 	bss->rkh_neg_timeout = 60;
108 	bss->rkh_pull_timeout = 1000;
109 	bss->rkh_pull_retries = 4;
110 	bss->r0_key_lifetime = 1209600;
111 #endif /* CONFIG_IEEE80211R_AP */
112 
113 	bss->radius_das_time_window = 300;
114 
115 	bss->sae_anti_clogging_threshold = 5;
116 	bss->sae_sync = 5;
117 
118 	bss->gas_frag_limit = 1400;
119 
120 #ifdef CONFIG_FILS
121 	dl_list_init(&bss->fils_realms);
122 	bss->fils_hlp_wait_time = 30;
123 	bss->dhcp_server_port = DHCP_SERVER_PORT;
124 	bss->dhcp_relay_port = DHCP_SERVER_PORT;
125 #endif /* CONFIG_FILS */
126 
127 	bss->broadcast_deauth = 1;
128 
129 #ifdef CONFIG_MBO
130 	bss->mbo_cell_data_conn_pref = -1;
131 #endif /* CONFIG_MBO */
132 
133 	/* Disable TLS v1.3 by default for now to avoid interoperability issue.
134 	 * This can be enabled by default once the implementation has been fully
135 	 * completed and tested with other implementations. */
136 	bss->tls_flags = TLS_CONN_DISABLE_TLSv1_3;
137 
138 	bss->send_probe_response = 1;
139 
140 #ifdef CONFIG_HS20
141 	bss->hs20_release = (HS20_VERSION >> 4) + 1;
142 #endif /* CONFIG_HS20 */
143 
144 #ifdef CONFIG_MACSEC
145 	bss->mka_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
146 	bss->macsec_port = 1;
147 #endif /* CONFIG_MACSEC */
148 
149 	/* Default to strict CRL checking. */
150 	bss->check_crl_strict = 1;
151 }
152 
153 
154 struct hostapd_config * hostapd_config_defaults(void)
155 {
156 #define ecw2cw(ecw) ((1 << (ecw)) - 1)
157 
158 	struct hostapd_config *conf;
159 	struct hostapd_bss_config *bss;
160 	const int aCWmin = 4, aCWmax = 10;
161 	const struct hostapd_wmm_ac_params ac_bk =
162 		{ aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
163 	const struct hostapd_wmm_ac_params ac_be =
164 		{ aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
165 	const struct hostapd_wmm_ac_params ac_vi = /* video traffic */
166 		{ aCWmin - 1, aCWmin, 2, 3008 / 32, 0 };
167 	const struct hostapd_wmm_ac_params ac_vo = /* voice traffic */
168 		{ aCWmin - 2, aCWmin - 1, 2, 1504 / 32, 0 };
169 	const struct hostapd_tx_queue_params txq_bk =
170 		{ 7, ecw2cw(aCWmin), ecw2cw(aCWmax), 0 };
171 	const struct hostapd_tx_queue_params txq_be =
172 		{ 3, ecw2cw(aCWmin), 4 * (ecw2cw(aCWmin) + 1) - 1, 0};
173 	const struct hostapd_tx_queue_params txq_vi =
174 		{ 1, (ecw2cw(aCWmin) + 1) / 2 - 1, ecw2cw(aCWmin), 30};
175 	const struct hostapd_tx_queue_params txq_vo =
176 		{ 1, (ecw2cw(aCWmin) + 1) / 4 - 1,
177 		  (ecw2cw(aCWmin) + 1) / 2 - 1, 15};
178 
179 #undef ecw2cw
180 
181 	conf = os_zalloc(sizeof(*conf));
182 	bss = os_zalloc(sizeof(*bss));
183 	if (conf == NULL || bss == NULL) {
184 		wpa_printf(MSG_ERROR, "Failed to allocate memory for "
185 			   "configuration data.");
186 		os_free(conf);
187 		os_free(bss);
188 		return NULL;
189 	}
190 	conf->bss = os_calloc(1, sizeof(struct hostapd_bss_config *));
191 	if (conf->bss == NULL) {
192 		os_free(conf);
193 		os_free(bss);
194 		return NULL;
195 	}
196 	conf->bss[0] = bss;
197 
198 	bss->radius = os_zalloc(sizeof(*bss->radius));
199 	if (bss->radius == NULL) {
200 		os_free(conf->bss);
201 		os_free(conf);
202 		os_free(bss);
203 		return NULL;
204 	}
205 
206 	hostapd_config_defaults_bss(bss);
207 
208 	conf->num_bss = 1;
209 
210 	conf->beacon_int = 100;
211 	conf->rts_threshold = -2; /* use driver default: 2347 */
212 	conf->fragm_threshold = -2; /* user driver default: 2346 */
213 	/* Set to invalid value means do not add Power Constraint IE */
214 	conf->local_pwr_constraint = -1;
215 
216 	conf->wmm_ac_params[0] = ac_be;
217 	conf->wmm_ac_params[1] = ac_bk;
218 	conf->wmm_ac_params[2] = ac_vi;
219 	conf->wmm_ac_params[3] = ac_vo;
220 
221 	conf->tx_queue[0] = txq_vo;
222 	conf->tx_queue[1] = txq_vi;
223 	conf->tx_queue[2] = txq_be;
224 	conf->tx_queue[3] = txq_bk;
225 
226 	conf->ht_capab = HT_CAP_INFO_SMPS_DISABLED;
227 
228 	conf->ap_table_max_size = 255;
229 	conf->ap_table_expiration_time = 60;
230 	conf->track_sta_max_age = 180;
231 
232 #ifdef CONFIG_TESTING_OPTIONS
233 	conf->ignore_probe_probability = 0.0;
234 	conf->ignore_auth_probability = 0.0;
235 	conf->ignore_assoc_probability = 0.0;
236 	conf->ignore_reassoc_probability = 0.0;
237 	conf->corrupt_gtk_rekey_mic_probability = 0.0;
238 	conf->ecsa_ie_only = 0;
239 #endif /* CONFIG_TESTING_OPTIONS */
240 
241 	conf->acs = 0;
242 	conf->acs_ch_list.num = 0;
243 #ifdef CONFIG_ACS
244 	conf->acs_num_scans = 5;
245 #endif /* CONFIG_ACS */
246 
247 #ifdef CONFIG_IEEE80211AX
248 	conf->he_op.he_rts_threshold = HE_OPERATION_RTS_THRESHOLD_MASK >>
249 		HE_OPERATION_RTS_THRESHOLD_OFFSET;
250 	/* Set default basic MCS/NSS set to single stream MCS 0-7 */
251 	conf->he_op.he_basic_mcs_nss_set = 0xfffc;
252 #endif /* CONFIG_IEEE80211AX */
253 
254 	/* The third octet of the country string uses an ASCII space character
255 	 * by default to indicate that the regulations encompass all
256 	 * environments for the current frequency band in the country. */
257 	conf->country[2] = ' ';
258 
259 	conf->rssi_reject_assoc_rssi = 0;
260 	conf->rssi_reject_assoc_timeout = 30;
261 
262 #ifdef CONFIG_AIRTIME_POLICY
263 	conf->airtime_update_interval = AIRTIME_DEFAULT_UPDATE_INTERVAL;
264 #endif /* CONFIG_AIRTIME_POLICY */
265 
266 	return conf;
267 }
268 
269 
270 int hostapd_mac_comp(const void *a, const void *b)
271 {
272 	return os_memcmp(a, b, sizeof(macaddr));
273 }
274 
275 
276 static int hostapd_config_read_wpa_psk(const char *fname,
277 				       struct hostapd_ssid *ssid)
278 {
279 	FILE *f;
280 	char buf[128], *pos;
281 	const char *keyid;
282 	char *context;
283 	char *context2;
284 	char *token;
285 	char *name;
286 	char *value;
287 	int line = 0, ret = 0, len, ok;
288 	u8 addr[ETH_ALEN];
289 	struct hostapd_wpa_psk *psk;
290 
291 	if (!fname)
292 		return 0;
293 
294 	f = fopen(fname, "r");
295 	if (!f) {
296 		wpa_printf(MSG_ERROR, "WPA PSK file '%s' not found.", fname);
297 		return -1;
298 	}
299 
300 	while (fgets(buf, sizeof(buf), f)) {
301 		int vlan_id = 0;
302 
303 		line++;
304 
305 		if (buf[0] == '#')
306 			continue;
307 		pos = buf;
308 		while (*pos != '\0') {
309 			if (*pos == '\n') {
310 				*pos = '\0';
311 				break;
312 			}
313 			pos++;
314 		}
315 		if (buf[0] == '\0')
316 			continue;
317 
318 		context = NULL;
319 		keyid = NULL;
320 		while ((token = str_token(buf, " ", &context))) {
321 			if (!os_strchr(token, '='))
322 				break;
323 			context2 = NULL;
324 			name = str_token(token, "=", &context2);
325 			if (!name)
326 				break;
327 			value = str_token(token, "", &context2);
328 			if (!value)
329 				value = "";
330 			if (!os_strcmp(name, "keyid")) {
331 				keyid = value;
332 			} else if (!os_strcmp(name, "vlanid")) {
333 				vlan_id = atoi(value);
334 			} else {
335 				wpa_printf(MSG_ERROR,
336 					   "Unrecognized '%s=%s' on line %d in '%s'",
337 					   name, value, line, fname);
338 				ret = -1;
339 				break;
340 			}
341 		}
342 
343 		if (ret == -1)
344 			break;
345 
346 		if (!token)
347 			token = "";
348 		if (hwaddr_aton(token, addr)) {
349 			wpa_printf(MSG_ERROR, "Invalid MAC address '%s' on "
350 				   "line %d in '%s'", token, line, fname);
351 			ret = -1;
352 			break;
353 		}
354 
355 		psk = os_zalloc(sizeof(*psk));
356 		if (psk == NULL) {
357 			wpa_printf(MSG_ERROR, "WPA PSK allocation failed");
358 			ret = -1;
359 			break;
360 		}
361 		psk->vlan_id = vlan_id;
362 		if (is_zero_ether_addr(addr))
363 			psk->group = 1;
364 		else
365 			os_memcpy(psk->addr, addr, ETH_ALEN);
366 
367 		pos = str_token(buf, "", &context);
368 		if (!pos) {
369 			wpa_printf(MSG_ERROR, "No PSK on line %d in '%s'",
370 				   line, fname);
371 			os_free(psk);
372 			ret = -1;
373 			break;
374 		}
375 
376 		ok = 0;
377 		len = os_strlen(pos);
378 		if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
379 			ok = 1;
380 		else if (len >= 8 && len < 64) {
381 			pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
382 				    4096, psk->psk, PMK_LEN);
383 			ok = 1;
384 		}
385 		if (!ok) {
386 			wpa_printf(MSG_ERROR, "Invalid PSK '%s' on line %d in "
387 				   "'%s'", pos, line, fname);
388 			os_free(psk);
389 			ret = -1;
390 			break;
391 		}
392 
393 		if (keyid) {
394 			len = os_strlcpy(psk->keyid, keyid, sizeof(psk->keyid));
395 			if ((size_t) len >= sizeof(psk->keyid)) {
396 				wpa_printf(MSG_ERROR,
397 					   "PSK keyid too long on line %d in '%s'",
398 					   line, fname);
399 				os_free(psk);
400 				ret = -1;
401 				break;
402 			}
403 		}
404 
405 		psk->next = ssid->wpa_psk;
406 		ssid->wpa_psk = psk;
407 	}
408 
409 	fclose(f);
410 
411 	return ret;
412 }
413 
414 
415 static int hostapd_derive_psk(struct hostapd_ssid *ssid)
416 {
417 	ssid->wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
418 	if (ssid->wpa_psk == NULL) {
419 		wpa_printf(MSG_ERROR, "Unable to alloc space for PSK");
420 		return -1;
421 	}
422 	wpa_hexdump_ascii(MSG_DEBUG, "SSID",
423 			  (u8 *) ssid->ssid, ssid->ssid_len);
424 	wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)",
425 			      (u8 *) ssid->wpa_passphrase,
426 			      os_strlen(ssid->wpa_passphrase));
427 	pbkdf2_sha1(ssid->wpa_passphrase,
428 		    ssid->ssid, ssid->ssid_len,
429 		    4096, ssid->wpa_psk->psk, PMK_LEN);
430 	wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)",
431 			ssid->wpa_psk->psk, PMK_LEN);
432 	return 0;
433 }
434 
435 
436 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
437 {
438 	struct hostapd_ssid *ssid = &conf->ssid;
439 
440 	if (ssid->wpa_passphrase != NULL) {
441 		if (ssid->wpa_psk != NULL) {
442 			wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK "
443 				   "instead of passphrase");
444 		} else {
445 			wpa_printf(MSG_DEBUG, "Deriving WPA PSK based on "
446 				   "passphrase");
447 			if (hostapd_derive_psk(ssid) < 0)
448 				return -1;
449 		}
450 		ssid->wpa_psk->group = 1;
451 	}
452 
453 	return hostapd_config_read_wpa_psk(ssid->wpa_psk_file, &conf->ssid);
454 }
455 
456 
457 static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
458 				       int num_servers)
459 {
460 	int i;
461 
462 	for (i = 0; i < num_servers; i++) {
463 		os_free(servers[i].shared_secret);
464 	}
465 	os_free(servers);
466 }
467 
468 
469 struct hostapd_radius_attr *
470 hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type)
471 {
472 	for (; attr; attr = attr->next) {
473 		if (attr->type == type)
474 			return attr;
475 	}
476 	return NULL;
477 }
478 
479 
480 struct hostapd_radius_attr * hostapd_parse_radius_attr(const char *value)
481 {
482 	const char *pos;
483 	char syntax;
484 	struct hostapd_radius_attr *attr;
485 	size_t len;
486 
487 	attr = os_zalloc(sizeof(*attr));
488 	if (!attr)
489 		return NULL;
490 
491 	attr->type = atoi(value);
492 
493 	pos = os_strchr(value, ':');
494 	if (!pos) {
495 		attr->val = wpabuf_alloc(1);
496 		if (!attr->val) {
497 			os_free(attr);
498 			return NULL;
499 		}
500 		wpabuf_put_u8(attr->val, 0);
501 		return attr;
502 	}
503 
504 	pos++;
505 	if (pos[0] == '\0' || pos[1] != ':') {
506 		os_free(attr);
507 		return NULL;
508 	}
509 	syntax = *pos++;
510 	pos++;
511 
512 	switch (syntax) {
513 	case 's':
514 		attr->val = wpabuf_alloc_copy(pos, os_strlen(pos));
515 		break;
516 	case 'x':
517 		len = os_strlen(pos);
518 		if (len & 1)
519 			break;
520 		len /= 2;
521 		attr->val = wpabuf_alloc(len);
522 		if (!attr->val)
523 			break;
524 		if (hexstr2bin(pos, wpabuf_put(attr->val, len), len) < 0) {
525 			wpabuf_free(attr->val);
526 			os_free(attr);
527 			return NULL;
528 		}
529 		break;
530 	case 'd':
531 		attr->val = wpabuf_alloc(4);
532 		if (attr->val)
533 			wpabuf_put_be32(attr->val, atoi(pos));
534 		break;
535 	default:
536 		os_free(attr);
537 		return NULL;
538 	}
539 
540 	if (!attr->val) {
541 		os_free(attr);
542 		return NULL;
543 	}
544 
545 	return attr;
546 }
547 
548 
549 void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr)
550 {
551 	struct hostapd_radius_attr *prev;
552 
553 	while (attr) {
554 		prev = attr;
555 		attr = attr->next;
556 		wpabuf_free(prev->val);
557 		os_free(prev);
558 	}
559 }
560 
561 
562 void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
563 {
564 	hostapd_config_free_radius_attr(user->accept_attr);
565 	os_free(user->identity);
566 	bin_clear_free(user->password, user->password_len);
567 	bin_clear_free(user->salt, user->salt_len);
568 	os_free(user);
569 }
570 
571 
572 void hostapd_config_free_eap_users(struct hostapd_eap_user *user)
573 {
574 	struct hostapd_eap_user *prev_user;
575 
576 	while (user) {
577 		prev_user = user;
578 		user = user->next;
579 		hostapd_config_free_eap_user(prev_user);
580 	}
581 }
582 
583 
584 static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
585 {
586 	int i;
587 	for (i = 0; i < NUM_WEP_KEYS; i++) {
588 		bin_clear_free(keys->key[i], keys->len[i]);
589 		keys->key[i] = NULL;
590 	}
591 }
592 
593 
594 void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **l)
595 {
596 	struct hostapd_wpa_psk *psk, *tmp;
597 
598 	for (psk = *l; psk;) {
599 		tmp = psk;
600 		psk = psk->next;
601 		bin_clear_free(tmp, sizeof(*tmp));
602 	}
603 	*l = NULL;
604 }
605 
606 
607 static void hostapd_config_free_anqp_elem(struct hostapd_bss_config *conf)
608 {
609 	struct anqp_element *elem;
610 
611 	while ((elem = dl_list_first(&conf->anqp_elem, struct anqp_element,
612 				     list))) {
613 		dl_list_del(&elem->list);
614 		wpabuf_free(elem->payload);
615 		os_free(elem);
616 	}
617 }
618 
619 
620 static void hostapd_config_free_fils_realms(struct hostapd_bss_config *conf)
621 {
622 #ifdef CONFIG_FILS
623 	struct fils_realm *realm;
624 
625 	while ((realm = dl_list_first(&conf->fils_realms, struct fils_realm,
626 				      list))) {
627 		dl_list_del(&realm->list);
628 		os_free(realm);
629 	}
630 #endif /* CONFIG_FILS */
631 }
632 
633 
634 static void hostapd_config_free_sae_passwords(struct hostapd_bss_config *conf)
635 {
636 	struct sae_password_entry *pw, *tmp;
637 
638 	pw = conf->sae_passwords;
639 	conf->sae_passwords = NULL;
640 	while (pw) {
641 		tmp = pw;
642 		pw = pw->next;
643 		str_clear_free(tmp->password);
644 		os_free(tmp->identifier);
645 		os_free(tmp);
646 	}
647 }
648 
649 
650 #ifdef CONFIG_DPP2
651 static void hostapd_dpp_controller_conf_free(struct dpp_controller_conf *conf)
652 {
653 	struct dpp_controller_conf *prev;
654 
655 	while (conf) {
656 		prev = conf;
657 		conf = conf->next;
658 		os_free(prev);
659 	}
660 }
661 #endif /* CONFIG_DPP2 */
662 
663 
664 void hostapd_config_free_bss(struct hostapd_bss_config *conf)
665 {
666 #if defined(CONFIG_WPS) || defined(CONFIG_HS20)
667 	size_t i;
668 #endif
669 
670 	if (conf == NULL)
671 		return;
672 
673 	hostapd_config_clear_wpa_psk(&conf->ssid.wpa_psk);
674 
675 	str_clear_free(conf->ssid.wpa_passphrase);
676 	os_free(conf->ssid.wpa_psk_file);
677 	hostapd_config_free_wep(&conf->ssid.wep);
678 #ifdef CONFIG_FULL_DYNAMIC_VLAN
679 	os_free(conf->ssid.vlan_tagged_interface);
680 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
681 
682 	hostapd_config_free_eap_users(conf->eap_user);
683 	os_free(conf->eap_user_sqlite);
684 
685 	os_free(conf->eap_req_id_text);
686 	os_free(conf->erp_domain);
687 	os_free(conf->accept_mac);
688 	os_free(conf->deny_mac);
689 	os_free(conf->nas_identifier);
690 	if (conf->radius) {
691 		hostapd_config_free_radius(conf->radius->auth_servers,
692 					   conf->radius->num_auth_servers);
693 		hostapd_config_free_radius(conf->radius->acct_servers,
694 					   conf->radius->num_acct_servers);
695 	}
696 	hostapd_config_free_radius_attr(conf->radius_auth_req_attr);
697 	hostapd_config_free_radius_attr(conf->radius_acct_req_attr);
698 	os_free(conf->radius_req_attr_sqlite);
699 	os_free(conf->rsn_preauth_interfaces);
700 	os_free(conf->ctrl_interface);
701 	os_free(conf->ca_cert);
702 	os_free(conf->server_cert);
703 	os_free(conf->server_cert2);
704 	os_free(conf->private_key);
705 	os_free(conf->private_key2);
706 	os_free(conf->private_key_passwd);
707 	os_free(conf->private_key_passwd2);
708 	os_free(conf->check_cert_subject);
709 	os_free(conf->ocsp_stapling_response);
710 	os_free(conf->ocsp_stapling_response_multi);
711 	os_free(conf->dh_file);
712 	os_free(conf->openssl_ciphers);
713 	os_free(conf->openssl_ecdh_curves);
714 	os_free(conf->pac_opaque_encr_key);
715 	os_free(conf->eap_fast_a_id);
716 	os_free(conf->eap_fast_a_id_info);
717 	os_free(conf->eap_sim_db);
718 	os_free(conf->radius_server_clients);
719 	os_free(conf->radius);
720 	os_free(conf->radius_das_shared_secret);
721 	hostapd_config_free_vlan(conf);
722 	os_free(conf->time_zone);
723 
724 #ifdef CONFIG_IEEE80211R_AP
725 	{
726 		struct ft_remote_r0kh *r0kh, *r0kh_prev;
727 		struct ft_remote_r1kh *r1kh, *r1kh_prev;
728 
729 		r0kh = conf->r0kh_list;
730 		conf->r0kh_list = NULL;
731 		while (r0kh) {
732 			r0kh_prev = r0kh;
733 			r0kh = r0kh->next;
734 			os_free(r0kh_prev);
735 		}
736 
737 		r1kh = conf->r1kh_list;
738 		conf->r1kh_list = NULL;
739 		while (r1kh) {
740 			r1kh_prev = r1kh;
741 			r1kh = r1kh->next;
742 			os_free(r1kh_prev);
743 		}
744 	}
745 #endif /* CONFIG_IEEE80211R_AP */
746 
747 #ifdef CONFIG_WPS
748 	os_free(conf->wps_pin_requests);
749 	os_free(conf->device_name);
750 	os_free(conf->manufacturer);
751 	os_free(conf->model_name);
752 	os_free(conf->model_number);
753 	os_free(conf->serial_number);
754 	os_free(conf->config_methods);
755 	os_free(conf->ap_pin);
756 	os_free(conf->extra_cred);
757 	os_free(conf->ap_settings);
758 	hostapd_config_clear_wpa_psk(&conf->multi_ap_backhaul_ssid.wpa_psk);
759 	str_clear_free(conf->multi_ap_backhaul_ssid.wpa_passphrase);
760 	os_free(conf->upnp_iface);
761 	os_free(conf->friendly_name);
762 	os_free(conf->manufacturer_url);
763 	os_free(conf->model_description);
764 	os_free(conf->model_url);
765 	os_free(conf->upc);
766 	for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++)
767 		wpabuf_free(conf->wps_vendor_ext[i]);
768 	wpabuf_free(conf->wps_nfc_dh_pubkey);
769 	wpabuf_free(conf->wps_nfc_dh_privkey);
770 	wpabuf_free(conf->wps_nfc_dev_pw);
771 #endif /* CONFIG_WPS */
772 
773 	os_free(conf->roaming_consortium);
774 	os_free(conf->venue_name);
775 	os_free(conf->venue_url);
776 	os_free(conf->nai_realm_data);
777 	os_free(conf->network_auth_type);
778 	os_free(conf->anqp_3gpp_cell_net);
779 	os_free(conf->domain_name);
780 	hostapd_config_free_anqp_elem(conf);
781 
782 #ifdef CONFIG_RADIUS_TEST
783 	os_free(conf->dump_msk_file);
784 #endif /* CONFIG_RADIUS_TEST */
785 
786 #ifdef CONFIG_HS20
787 	os_free(conf->hs20_oper_friendly_name);
788 	os_free(conf->hs20_wan_metrics);
789 	os_free(conf->hs20_connection_capability);
790 	os_free(conf->hs20_operating_class);
791 	os_free(conf->hs20_icons);
792 	if (conf->hs20_osu_providers) {
793 		for (i = 0; i < conf->hs20_osu_providers_count; i++) {
794 			struct hs20_osu_provider *p;
795 			size_t j;
796 			p = &conf->hs20_osu_providers[i];
797 			os_free(p->friendly_name);
798 			os_free(p->server_uri);
799 			os_free(p->method_list);
800 			for (j = 0; j < p->icons_count; j++)
801 				os_free(p->icons[j]);
802 			os_free(p->icons);
803 			os_free(p->osu_nai);
804 			os_free(p->osu_nai2);
805 			os_free(p->service_desc);
806 		}
807 		os_free(conf->hs20_osu_providers);
808 	}
809 	if (conf->hs20_operator_icon) {
810 		for (i = 0; i < conf->hs20_operator_icon_count; i++)
811 			os_free(conf->hs20_operator_icon[i]);
812 		os_free(conf->hs20_operator_icon);
813 	}
814 	os_free(conf->subscr_remediation_url);
815 	os_free(conf->hs20_sim_provisioning_url);
816 	os_free(conf->t_c_filename);
817 	os_free(conf->t_c_server_url);
818 #endif /* CONFIG_HS20 */
819 
820 	wpabuf_free(conf->vendor_elements);
821 	wpabuf_free(conf->assocresp_elements);
822 
823 	os_free(conf->sae_groups);
824 #ifdef CONFIG_OWE
825 	os_free(conf->owe_groups);
826 #endif /* CONFIG_OWE */
827 
828 	os_free(conf->wowlan_triggers);
829 
830 	os_free(conf->server_id);
831 
832 #ifdef CONFIG_TESTING_OPTIONS
833 	wpabuf_free(conf->own_ie_override);
834 	wpabuf_free(conf->sae_commit_override);
835 #endif /* CONFIG_TESTING_OPTIONS */
836 
837 	os_free(conf->no_probe_resp_if_seen_on);
838 	os_free(conf->no_auth_if_seen_on);
839 
840 	hostapd_config_free_fils_realms(conf);
841 
842 #ifdef CONFIG_DPP
843 	os_free(conf->dpp_connector);
844 	wpabuf_free(conf->dpp_netaccesskey);
845 	wpabuf_free(conf->dpp_csign);
846 #ifdef CONFIG_DPP2
847 	hostapd_dpp_controller_conf_free(conf->dpp_controller);
848 #endif /* CONFIG_DPP2 */
849 #endif /* CONFIG_DPP */
850 
851 	hostapd_config_free_sae_passwords(conf);
852 
853 #ifdef CONFIG_AIRTIME_POLICY
854 	{
855 		struct airtime_sta_weight *wt, *wt_prev;
856 
857 		wt = conf->airtime_weight_list;
858 		conf->airtime_weight_list = NULL;
859 		while (wt) {
860 			wt_prev = wt;
861 			wt = wt->next;
862 			os_free(wt_prev);
863 		}
864 	}
865 #endif /* CONFIG_AIRTIME_POLICY */
866 
867 	os_free(conf);
868 }
869 
870 
871 /**
872  * hostapd_config_free - Free hostapd configuration
873  * @conf: Configuration data from hostapd_config_read().
874  */
875 void hostapd_config_free(struct hostapd_config *conf)
876 {
877 	size_t i;
878 
879 	if (conf == NULL)
880 		return;
881 
882 	for (i = 0; i < conf->num_bss; i++)
883 		hostapd_config_free_bss(conf->bss[i]);
884 	os_free(conf->bss);
885 	os_free(conf->supported_rates);
886 	os_free(conf->basic_rates);
887 	os_free(conf->acs_ch_list.range);
888 	os_free(conf->driver_params);
889 #ifdef CONFIG_ACS
890 	os_free(conf->acs_chan_bias);
891 #endif /* CONFIG_ACS */
892 	wpabuf_free(conf->lci);
893 	wpabuf_free(conf->civic);
894 
895 	os_free(conf);
896 }
897 
898 
899 /**
900  * hostapd_maclist_found - Find a MAC address from a list
901  * @list: MAC address list
902  * @num_entries: Number of addresses in the list
903  * @addr: Address to search for
904  * @vlan_id: Buffer for returning VLAN ID or %NULL if not needed
905  * Returns: 1 if address is in the list or 0 if not.
906  *
907  * Perform a binary search for given MAC address from a pre-sorted list.
908  */
909 int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
910 			  const u8 *addr, struct vlan_description *vlan_id)
911 {
912 	int start, end, middle, res;
913 
914 	start = 0;
915 	end = num_entries - 1;
916 
917 	while (start <= end) {
918 		middle = (start + end) / 2;
919 		res = os_memcmp(list[middle].addr, addr, ETH_ALEN);
920 		if (res == 0) {
921 			if (vlan_id)
922 				*vlan_id = list[middle].vlan_id;
923 			return 1;
924 		}
925 		if (res < 0)
926 			start = middle + 1;
927 		else
928 			end = middle - 1;
929 	}
930 
931 	return 0;
932 }
933 
934 
935 int hostapd_rate_found(int *list, int rate)
936 {
937 	int i;
938 
939 	if (list == NULL)
940 		return 0;
941 
942 	for (i = 0; list[i] >= 0; i++)
943 		if (list[i] == rate)
944 			return 1;
945 
946 	return 0;
947 }
948 
949 
950 int hostapd_vlan_valid(struct hostapd_vlan *vlan,
951 		       struct vlan_description *vlan_desc)
952 {
953 	struct hostapd_vlan *v = vlan;
954 	int i;
955 
956 	if (!vlan_desc->notempty || vlan_desc->untagged < 0 ||
957 	    vlan_desc->untagged > MAX_VLAN_ID)
958 		return 0;
959 	for (i = 0; i < MAX_NUM_TAGGED_VLAN; i++) {
960 		if (vlan_desc->tagged[i] < 0 ||
961 		    vlan_desc->tagged[i] > MAX_VLAN_ID)
962 			return 0;
963 	}
964 	if (!vlan_desc->untagged && !vlan_desc->tagged[0])
965 		return 0;
966 
967 	while (v) {
968 		if (!vlan_compare(&v->vlan_desc, vlan_desc) ||
969 		    v->vlan_id == VLAN_ID_WILDCARD)
970 			return 1;
971 		v = v->next;
972 	}
973 	return 0;
974 }
975 
976 
977 const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
978 {
979 	struct hostapd_vlan *v = vlan;
980 	while (v) {
981 		if (v->vlan_id == vlan_id)
982 			return v->ifname;
983 		v = v->next;
984 	}
985 	return NULL;
986 }
987 
988 
989 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
990 			   const u8 *addr, const u8 *p2p_dev_addr,
991 			   const u8 *prev_psk, int *vlan_id)
992 {
993 	struct hostapd_wpa_psk *psk;
994 	int next_ok = prev_psk == NULL;
995 
996 	if (vlan_id)
997 		*vlan_id = 0;
998 
999 	if (p2p_dev_addr && !is_zero_ether_addr(p2p_dev_addr)) {
1000 		wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
1001 			   " p2p_dev_addr=" MACSTR " prev_psk=%p",
1002 			   MAC2STR(addr), MAC2STR(p2p_dev_addr), prev_psk);
1003 		addr = NULL; /* Use P2P Device Address for matching */
1004 	} else {
1005 		wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
1006 			   " prev_psk=%p",
1007 			   MAC2STR(addr), prev_psk);
1008 	}
1009 
1010 	for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
1011 		if (next_ok &&
1012 		    (psk->group ||
1013 		     (addr && os_memcmp(psk->addr, addr, ETH_ALEN) == 0) ||
1014 		     (!addr && p2p_dev_addr &&
1015 		      os_memcmp(psk->p2p_dev_addr, p2p_dev_addr, ETH_ALEN) ==
1016 		      0))) {
1017 			if (vlan_id)
1018 				*vlan_id = psk->vlan_id;
1019 			return psk->psk;
1020 		}
1021 
1022 		if (psk->psk == prev_psk)
1023 			next_ok = 1;
1024 	}
1025 
1026 	return NULL;
1027 }
1028 
1029 
1030 static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
1031 				    struct hostapd_config *conf,
1032 				    int full_config)
1033 {
1034 	if (full_config && bss->ieee802_1x && !bss->eap_server &&
1035 	    !bss->radius->auth_servers) {
1036 		wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no "
1037 			   "EAP authenticator configured).");
1038 		return -1;
1039 	}
1040 
1041 	if (bss->wpa) {
1042 		int wep, i;
1043 
1044 		wep = bss->default_wep_key_len > 0 ||
1045 		       bss->individual_wep_key_len > 0;
1046 		for (i = 0; i < NUM_WEP_KEYS; i++) {
1047 			if (bss->ssid.wep.keys_set) {
1048 				wep = 1;
1049 				break;
1050 			}
1051 		}
1052 
1053 		if (wep) {
1054 			wpa_printf(MSG_ERROR, "WEP configuration in a WPA network is not supported");
1055 			return -1;
1056 		}
1057 	}
1058 
1059 	if (full_config && bss->wpa &&
1060 	    bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
1061 	    bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
1062 		wpa_printf(MSG_ERROR, "WPA-PSK using RADIUS enabled, but no "
1063 			   "RADIUS checking (macaddr_acl=2) enabled.");
1064 		return -1;
1065 	}
1066 
1067 	if (full_config && bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
1068 	    bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
1069 	    bss->ssid.wpa_psk_file == NULL &&
1070 	    (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED ||
1071 	     bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) {
1072 		wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase "
1073 			   "is not configured.");
1074 		return -1;
1075 	}
1076 
1077 	if (full_config && !is_zero_ether_addr(bss->bssid)) {
1078 		size_t i;
1079 
1080 		for (i = 0; i < conf->num_bss; i++) {
1081 			if (conf->bss[i] != bss &&
1082 			    (hostapd_mac_comp(conf->bss[i]->bssid,
1083 					      bss->bssid) == 0)) {
1084 				wpa_printf(MSG_ERROR, "Duplicate BSSID " MACSTR
1085 					   " on interface '%s' and '%s'.",
1086 					   MAC2STR(bss->bssid),
1087 					   conf->bss[i]->iface, bss->iface);
1088 				return -1;
1089 			}
1090 		}
1091 	}
1092 
1093 #ifdef CONFIG_IEEE80211R_AP
1094 	if (full_config && wpa_key_mgmt_ft(bss->wpa_key_mgmt) &&
1095 	    (bss->nas_identifier == NULL ||
1096 	     os_strlen(bss->nas_identifier) < 1 ||
1097 	     os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) {
1098 		wpa_printf(MSG_ERROR, "FT (IEEE 802.11r) requires "
1099 			   "nas_identifier to be configured as a 1..48 octet "
1100 			   "string");
1101 		return -1;
1102 	}
1103 #endif /* CONFIG_IEEE80211R_AP */
1104 
1105 #ifdef CONFIG_IEEE80211N
1106 	if (full_config && conf->ieee80211n &&
1107 	    conf->hw_mode == HOSTAPD_MODE_IEEE80211B) {
1108 		bss->disable_11n = 1;
1109 		wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) in 11b mode is not "
1110 			   "allowed, disabling HT capabilities");
1111 	}
1112 
1113 	if (full_config && conf->ieee80211n &&
1114 	    bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1115 		bss->disable_11n = 1;
1116 		wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not "
1117 			   "allowed, disabling HT capabilities");
1118 	}
1119 
1120 	if (full_config && conf->ieee80211n && bss->wpa &&
1121 	    !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1122 	    !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1123 				   WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1124 	{
1125 		bss->disable_11n = 1;
1126 		wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 "
1127 			   "requires CCMP/GCMP to be enabled, disabling HT "
1128 			   "capabilities");
1129 	}
1130 #endif /* CONFIG_IEEE80211N */
1131 
1132 #ifdef CONFIG_IEEE80211AC
1133 	if (full_config && conf->ieee80211ac &&
1134 	    bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1135 		bss->disable_11ac = 1;
1136 		wpa_printf(MSG_ERROR,
1137 			   "VHT (IEEE 802.11ac) with WEP is not allowed, disabling VHT capabilities");
1138 	}
1139 
1140 	if (full_config && conf->ieee80211ac && bss->wpa &&
1141 	    !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1142 	    !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1143 				   WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1144 	{
1145 		bss->disable_11ac = 1;
1146 		wpa_printf(MSG_ERROR,
1147 			   "VHT (IEEE 802.11ac) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling VHT capabilities");
1148 	}
1149 #endif /* CONFIG_IEEE80211AC */
1150 
1151 #ifdef CONFIG_WPS
1152 	if (full_config && bss->wps_state && bss->ignore_broadcast_ssid) {
1153 		wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid "
1154 			   "configuration forced WPS to be disabled");
1155 		bss->wps_state = 0;
1156 	}
1157 
1158 	if (full_config && bss->wps_state &&
1159 	    bss->ssid.wep.keys_set && bss->wpa == 0) {
1160 		wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be "
1161 			   "disabled");
1162 		bss->wps_state = 0;
1163 	}
1164 
1165 	if (full_config && bss->wps_state && bss->wpa &&
1166 	    (!(bss->wpa & 2) ||
1167 	     !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1168 				    WPA_CIPHER_CCMP_256 |
1169 				    WPA_CIPHER_GCMP_256)))) {
1170 		wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without "
1171 			   "WPA2/CCMP/GCMP forced WPS to be disabled");
1172 		bss->wps_state = 0;
1173 	}
1174 #endif /* CONFIG_WPS */
1175 
1176 #ifdef CONFIG_HS20
1177 	if (full_config && bss->hs20 &&
1178 	    (!(bss->wpa & 2) ||
1179 	     !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1180 				    WPA_CIPHER_CCMP_256 |
1181 				    WPA_CIPHER_GCMP_256)))) {
1182 		wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP "
1183 			   "configuration is required for Hotspot 2.0 "
1184 			   "functionality");
1185 		return -1;
1186 	}
1187 #endif /* CONFIG_HS20 */
1188 
1189 #ifdef CONFIG_MBO
1190 	if (full_config && bss->mbo_enabled && (bss->wpa & 2) &&
1191 	    bss->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
1192 		wpa_printf(MSG_ERROR,
1193 			   "MBO: PMF needs to be enabled whenever using WPA2 with MBO");
1194 		return -1;
1195 	}
1196 #endif /* CONFIG_MBO */
1197 
1198 #ifdef CONFIG_OCV
1199 	if (full_config && bss->ieee80211w == NO_MGMT_FRAME_PROTECTION &&
1200 	    bss->ocv) {
1201 		wpa_printf(MSG_ERROR,
1202 			   "OCV: PMF needs to be enabled whenever using OCV");
1203 		return -1;
1204 	}
1205 #endif /* CONFIG_OCV */
1206 
1207 	return 0;
1208 }
1209 
1210 
1211 static int hostapd_config_check_cw(struct hostapd_config *conf, int queue)
1212 {
1213 	int tx_cwmin = conf->tx_queue[queue].cwmin;
1214 	int tx_cwmax = conf->tx_queue[queue].cwmax;
1215 	int ac_cwmin = conf->wmm_ac_params[queue].cwmin;
1216 	int ac_cwmax = conf->wmm_ac_params[queue].cwmax;
1217 
1218 	if (tx_cwmin > tx_cwmax) {
1219 		wpa_printf(MSG_ERROR,
1220 			   "Invalid TX queue cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1221 			   tx_cwmin, tx_cwmax);
1222 		return -1;
1223 	}
1224 	if (ac_cwmin > ac_cwmax) {
1225 		wpa_printf(MSG_ERROR,
1226 			   "Invalid WMM AC cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1227 			   ac_cwmin, ac_cwmax);
1228 		return -1;
1229 	}
1230 	return 0;
1231 }
1232 
1233 
1234 int hostapd_config_check(struct hostapd_config *conf, int full_config)
1235 {
1236 	size_t i;
1237 
1238 	if (full_config && conf->ieee80211d &&
1239 	    (!conf->country[0] || !conf->country[1])) {
1240 		wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11d without "
1241 			   "setting the country_code");
1242 		return -1;
1243 	}
1244 
1245 	if (full_config && conf->ieee80211h && !conf->ieee80211d) {
1246 		wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11h without "
1247 			   "IEEE 802.11d enabled");
1248 		return -1;
1249 	}
1250 
1251 	if (full_config && conf->local_pwr_constraint != -1 &&
1252 	    !conf->ieee80211d) {
1253 		wpa_printf(MSG_ERROR, "Cannot add Power Constraint element without Country element");
1254 		return -1;
1255 	}
1256 
1257 	if (full_config && conf->spectrum_mgmt_required &&
1258 	    conf->local_pwr_constraint == -1) {
1259 		wpa_printf(MSG_ERROR, "Cannot set Spectrum Management bit without Country and Power Constraint elements");
1260 		return -1;
1261 	}
1262 
1263 #ifdef CONFIG_AIRTIME_POLICY
1264 	if (full_config && conf->airtime_mode > AIRTIME_MODE_STATIC &&
1265 	    !conf->airtime_update_interval) {
1266 		wpa_printf(MSG_ERROR, "Airtime update interval cannot be zero");
1267 		return -1;
1268 	}
1269 #endif /* CONFIG_AIRTIME_POLICY */
1270 	for (i = 0; i < NUM_TX_QUEUES; i++) {
1271 		if (hostapd_config_check_cw(conf, i))
1272 			return -1;
1273 	}
1274 
1275 	for (i = 0; i < conf->num_bss; i++) {
1276 		if (hostapd_config_check_bss(conf->bss[i], conf, full_config))
1277 			return -1;
1278 	}
1279 
1280 	return 0;
1281 }
1282 
1283 
1284 void hostapd_set_security_params(struct hostapd_bss_config *bss,
1285 				 int full_config)
1286 {
1287 	if (bss->individual_wep_key_len == 0) {
1288 		/* individual keys are not use; can use key idx0 for
1289 		 * broadcast keys */
1290 		bss->broadcast_key_idx_min = 0;
1291 	}
1292 
1293 	if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
1294 		bss->rsn_pairwise = bss->wpa_pairwise;
1295 	if (bss->group_cipher)
1296 		bss->wpa_group = bss->group_cipher;
1297 	else
1298 		bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
1299 							    bss->wpa_pairwise,
1300 							    bss->rsn_pairwise);
1301 	if (!bss->wpa_group_rekey_set)
1302 		bss->wpa_group_rekey = bss->wpa_group == WPA_CIPHER_TKIP ?
1303 			600 : 86400;
1304 
1305 	if (full_config) {
1306 		bss->radius->auth_server = bss->radius->auth_servers;
1307 		bss->radius->acct_server = bss->radius->acct_servers;
1308 	}
1309 
1310 	if (bss->wpa && bss->ieee802_1x) {
1311 		bss->ssid.security_policy = SECURITY_WPA;
1312 	} else if (bss->wpa) {
1313 		bss->ssid.security_policy = SECURITY_WPA_PSK;
1314 	} else if (bss->ieee802_1x) {
1315 		int cipher = WPA_CIPHER_NONE;
1316 		bss->ssid.security_policy = SECURITY_IEEE_802_1X;
1317 		bss->ssid.wep.default_len = bss->default_wep_key_len;
1318 		if (full_config && bss->default_wep_key_len) {
1319 			cipher = bss->default_wep_key_len >= 13 ?
1320 				WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
1321 		} else if (full_config && bss->ssid.wep.keys_set) {
1322 			if (bss->ssid.wep.len[0] >= 13)
1323 				cipher = WPA_CIPHER_WEP104;
1324 			else
1325 				cipher = WPA_CIPHER_WEP40;
1326 		}
1327 		bss->wpa_group = cipher;
1328 		bss->wpa_pairwise = cipher;
1329 		bss->rsn_pairwise = cipher;
1330 		if (full_config)
1331 			bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
1332 	} else if (bss->ssid.wep.keys_set) {
1333 		int cipher = WPA_CIPHER_WEP40;
1334 		if (bss->ssid.wep.len[0] >= 13)
1335 			cipher = WPA_CIPHER_WEP104;
1336 		bss->ssid.security_policy = SECURITY_STATIC_WEP;
1337 		bss->wpa_group = cipher;
1338 		bss->wpa_pairwise = cipher;
1339 		bss->rsn_pairwise = cipher;
1340 		if (full_config)
1341 			bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1342 	} else if (bss->osen) {
1343 		bss->ssid.security_policy = SECURITY_OSEN;
1344 		bss->wpa_group = WPA_CIPHER_CCMP;
1345 		bss->wpa_pairwise = 0;
1346 		bss->rsn_pairwise = WPA_CIPHER_CCMP;
1347 	} else {
1348 		bss->ssid.security_policy = SECURITY_PLAINTEXT;
1349 		if (full_config) {
1350 			bss->wpa_group = WPA_CIPHER_NONE;
1351 			bss->wpa_pairwise = WPA_CIPHER_NONE;
1352 			bss->rsn_pairwise = WPA_CIPHER_NONE;
1353 			bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1354 		}
1355 	}
1356 }
1357 
1358 
1359 int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf)
1360 {
1361 	int with_id = 0, without_id = 0;
1362 	struct sae_password_entry *pw;
1363 
1364 	if (conf->ssid.wpa_passphrase)
1365 		without_id = 1;
1366 
1367 	for (pw = conf->sae_passwords; pw; pw = pw->next) {
1368 		if (pw->identifier)
1369 			with_id = 1;
1370 		else
1371 			without_id = 1;
1372 		if (with_id && without_id)
1373 			break;
1374 	}
1375 
1376 	if (with_id && !without_id)
1377 		return 2;
1378 	return with_id;
1379 }
1380