1 /* 2 * WPA Supplicant - Basic AP mode support routines 3 * Copyright (c) 2003-2009, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2009, Atheros Communications 5 * 6 * This software may be distributed under the terms of the BSD license. 7 * See README for more details. 8 */ 9 10 #include "utils/includes.h" 11 12 #include "utils/common.h" 13 #include "utils/eloop.h" 14 #include "utils/uuid.h" 15 #include "common/ieee802_11_defs.h" 16 #include "common/wpa_ctrl.h" 17 #include "eapol_supp/eapol_supp_sm.h" 18 #include "crypto/dh_group5.h" 19 #include "ap/hostapd.h" 20 #include "ap/ap_config.h" 21 #include "ap/ap_drv_ops.h" 22 #ifdef NEED_AP_MLME 23 #include "ap/ieee802_11.h" 24 #endif /* NEED_AP_MLME */ 25 #include "ap/beacon.h" 26 #include "ap/ieee802_1x.h" 27 #include "ap/wps_hostapd.h" 28 #include "ap/ctrl_iface_ap.h" 29 #include "ap/dfs.h" 30 #include "wps/wps.h" 31 #include "common/ieee802_11_defs.h" 32 #include "config_ssid.h" 33 #include "config.h" 34 #include "wpa_supplicant_i.h" 35 #include "driver_i.h" 36 #include "p2p_supplicant.h" 37 #include "ap.h" 38 #include "ap/sta_info.h" 39 #include "notify.h" 40 41 42 #ifdef CONFIG_WPS 43 static void wpas_wps_ap_pin_timeout(void *eloop_data, void *user_ctx); 44 #endif /* CONFIG_WPS */ 45 46 47 #ifdef CONFIG_IEEE80211N 48 static void wpas_conf_ap_vht(struct wpa_supplicant *wpa_s, 49 struct wpa_ssid *ssid, 50 struct hostapd_config *conf, 51 struct hostapd_hw_modes *mode) 52 { 53 #ifdef CONFIG_P2P 54 u8 center_chan = 0; 55 u8 channel = conf->channel; 56 #endif /* CONFIG_P2P */ 57 58 if (!conf->secondary_channel) 59 goto no_vht; 60 61 /* Use the maximum oper channel width if it's given. */ 62 if (ssid->max_oper_chwidth) 63 conf->vht_oper_chwidth = ssid->max_oper_chwidth; 64 65 ieee80211_freq_to_chan(ssid->vht_center_freq2, 66 &conf->vht_oper_centr_freq_seg1_idx); 67 68 if (!ssid->p2p_group) { 69 if (!ssid->vht_center_freq1 || 70 conf->vht_oper_chwidth == VHT_CHANWIDTH_USE_HT) 71 goto no_vht; 72 ieee80211_freq_to_chan(ssid->vht_center_freq1, 73 &conf->vht_oper_centr_freq_seg0_idx); 74 wpa_printf(MSG_DEBUG, "VHT seg0 index %d for AP", 75 conf->vht_oper_centr_freq_seg0_idx); 76 return; 77 } 78 79 #ifdef CONFIG_P2P 80 switch (conf->vht_oper_chwidth) { 81 case VHT_CHANWIDTH_80MHZ: 82 case VHT_CHANWIDTH_80P80MHZ: 83 center_chan = wpas_p2p_get_vht80_center(wpa_s, mode, channel); 84 wpa_printf(MSG_DEBUG, 85 "VHT center channel %u for 80 or 80+80 MHz bandwidth", 86 center_chan); 87 break; 88 case VHT_CHANWIDTH_160MHZ: 89 center_chan = wpas_p2p_get_vht160_center(wpa_s, mode, channel); 90 wpa_printf(MSG_DEBUG, 91 "VHT center channel %u for 160 MHz bandwidth", 92 center_chan); 93 break; 94 default: 95 /* 96 * conf->vht_oper_chwidth might not be set for non-P2P GO cases, 97 * try oper_cwidth 160 MHz first then VHT 80 MHz, if 160 MHz is 98 * not supported. 99 */ 100 conf->vht_oper_chwidth = VHT_CHANWIDTH_160MHZ; 101 center_chan = wpas_p2p_get_vht160_center(wpa_s, mode, channel); 102 if (center_chan) { 103 wpa_printf(MSG_DEBUG, 104 "VHT center channel %u for auto-selected 160 MHz bandwidth", 105 center_chan); 106 } else { 107 conf->vht_oper_chwidth = VHT_CHANWIDTH_80MHZ; 108 center_chan = wpas_p2p_get_vht80_center(wpa_s, mode, 109 channel); 110 wpa_printf(MSG_DEBUG, 111 "VHT center channel %u for auto-selected 80 MHz bandwidth", 112 center_chan); 113 } 114 break; 115 } 116 if (!center_chan) 117 goto no_vht; 118 119 conf->vht_oper_centr_freq_seg0_idx = center_chan; 120 wpa_printf(MSG_DEBUG, "VHT seg0 index %d for P2P GO", 121 conf->vht_oper_centr_freq_seg0_idx); 122 return; 123 #endif /* CONFIG_P2P */ 124 125 no_vht: 126 wpa_printf(MSG_DEBUG, 127 "No VHT higher bandwidth support for the selected channel %d", 128 conf->channel); 129 conf->vht_oper_centr_freq_seg0_idx = 130 conf->channel + conf->secondary_channel * 2; 131 conf->vht_oper_chwidth = VHT_CHANWIDTH_USE_HT; 132 } 133 #endif /* CONFIG_IEEE80211N */ 134 135 136 int wpa_supplicant_conf_ap_ht(struct wpa_supplicant *wpa_s, 137 struct wpa_ssid *ssid, 138 struct hostapd_config *conf) 139 { 140 conf->hw_mode = ieee80211_freq_to_chan(ssid->frequency, 141 &conf->channel); 142 143 if (conf->hw_mode == NUM_HOSTAPD_MODES) { 144 wpa_printf(MSG_ERROR, "Unsupported AP mode frequency: %d MHz", 145 ssid->frequency); 146 return -1; 147 } 148 149 /* TODO: enable HT40 if driver supports it; 150 * drop to 11b if driver does not support 11g */ 151 152 #ifdef CONFIG_IEEE80211N 153 /* 154 * Enable HT20 if the driver supports it, by setting conf->ieee80211n 155 * and a mask of allowed capabilities within conf->ht_capab. 156 * Using default config settings for: conf->ht_op_mode_fixed, 157 * conf->secondary_channel, conf->require_ht 158 */ 159 if (wpa_s->hw.modes) { 160 struct hostapd_hw_modes *mode = NULL; 161 int i, no_ht = 0; 162 163 wpa_printf(MSG_DEBUG, 164 "Determining HT/VHT options based on driver capabilities (freq=%u chan=%u)", 165 ssid->frequency, conf->channel); 166 167 for (i = 0; i < wpa_s->hw.num_modes; i++) { 168 if (wpa_s->hw.modes[i].mode == conf->hw_mode) { 169 mode = &wpa_s->hw.modes[i]; 170 break; 171 } 172 } 173 174 #ifdef CONFIG_HT_OVERRIDES 175 if (ssid->disable_ht) 176 ssid->ht = 0; 177 #endif /* CONFIG_HT_OVERRIDES */ 178 179 if (!ssid->ht) { 180 wpa_printf(MSG_DEBUG, 181 "HT not enabled in network profile"); 182 conf->ieee80211n = 0; 183 conf->ht_capab = 0; 184 no_ht = 1; 185 } 186 187 if (!no_ht && mode && mode->ht_capab) { 188 wpa_printf(MSG_DEBUG, 189 "Enable HT support (p2p_group=%d 11a=%d ht40_hw_capab=%d ssid->ht40=%d)", 190 ssid->p2p_group, 191 conf->hw_mode == HOSTAPD_MODE_IEEE80211A, 192 !!(mode->ht_capab & 193 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET), 194 ssid->ht40); 195 conf->ieee80211n = 1; 196 #ifdef CONFIG_P2P 197 if (ssid->p2p_group && 198 conf->hw_mode == HOSTAPD_MODE_IEEE80211A && 199 (mode->ht_capab & 200 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET) && 201 ssid->ht40) { 202 conf->secondary_channel = 203 wpas_p2p_get_ht40_mode(wpa_s, mode, 204 conf->channel); 205 wpa_printf(MSG_DEBUG, 206 "HT secondary channel offset %d for P2P group", 207 conf->secondary_channel); 208 } 209 #endif /* CONFIG_P2P */ 210 211 if (!ssid->p2p_group && 212 (mode->ht_capab & 213 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) { 214 conf->secondary_channel = ssid->ht40; 215 wpa_printf(MSG_DEBUG, 216 "HT secondary channel offset %d for AP", 217 conf->secondary_channel); 218 } 219 220 if (conf->secondary_channel) 221 conf->ht_capab |= 222 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET; 223 224 /* 225 * white-list capabilities that won't cause issues 226 * to connecting stations, while leaving the current 227 * capabilities intact (currently disabled SMPS). 228 */ 229 conf->ht_capab |= mode->ht_capab & 230 (HT_CAP_INFO_GREEN_FIELD | 231 HT_CAP_INFO_SHORT_GI20MHZ | 232 HT_CAP_INFO_SHORT_GI40MHZ | 233 HT_CAP_INFO_RX_STBC_MASK | 234 HT_CAP_INFO_TX_STBC | 235 HT_CAP_INFO_MAX_AMSDU_SIZE); 236 237 if (mode->vht_capab && ssid->vht) { 238 conf->ieee80211ac = 1; 239 conf->vht_capab |= mode->vht_capab; 240 wpas_conf_ap_vht(wpa_s, ssid, conf, mode); 241 } 242 } 243 } 244 245 if (conf->secondary_channel) { 246 struct wpa_supplicant *iface; 247 248 for (iface = wpa_s->global->ifaces; iface; iface = iface->next) 249 { 250 if (iface == wpa_s || 251 iface->wpa_state < WPA_AUTHENTICATING || 252 (int) iface->assoc_freq != ssid->frequency) 253 continue; 254 255 /* 256 * Do not allow 40 MHz co-ex PRI/SEC switch to force us 257 * to change our PRI channel since we have an existing, 258 * concurrent connection on that channel and doing 259 * multi-channel concurrency is likely to cause more 260 * harm than using different PRI/SEC selection in 261 * environment with multiple BSSes on these two channels 262 * with mixed 20 MHz or PRI channel selection. 263 */ 264 conf->no_pri_sec_switch = 1; 265 } 266 } 267 #endif /* CONFIG_IEEE80211N */ 268 269 return 0; 270 } 271 272 273 static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s, 274 struct wpa_ssid *ssid, 275 struct hostapd_config *conf) 276 { 277 struct hostapd_bss_config *bss = conf->bss[0]; 278 279 conf->driver = wpa_s->driver; 280 281 os_strlcpy(bss->iface, wpa_s->ifname, sizeof(bss->iface)); 282 283 if (wpa_supplicant_conf_ap_ht(wpa_s, ssid, conf)) 284 return -1; 285 286 if (ssid->pbss > 1) { 287 wpa_printf(MSG_ERROR, "Invalid pbss value(%d) for AP mode", 288 ssid->pbss); 289 return -1; 290 } 291 bss->pbss = ssid->pbss; 292 293 #ifdef CONFIG_ACS 294 if (ssid->acs) { 295 /* Setting channel to 0 in order to enable ACS */ 296 conf->channel = 0; 297 wpa_printf(MSG_DEBUG, "Use automatic channel selection"); 298 } 299 #endif /* CONFIG_ACS */ 300 301 if (ieee80211_is_dfs(ssid->frequency, wpa_s->hw.modes, 302 wpa_s->hw.num_modes) && wpa_s->conf->country[0]) { 303 conf->ieee80211h = 1; 304 conf->ieee80211d = 1; 305 conf->country[0] = wpa_s->conf->country[0]; 306 conf->country[1] = wpa_s->conf->country[1]; 307 conf->country[2] = ' '; 308 } 309 310 #ifdef CONFIG_P2P 311 if (conf->hw_mode == HOSTAPD_MODE_IEEE80211G && 312 (ssid->mode == WPAS_MODE_P2P_GO || 313 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)) { 314 /* Remove 802.11b rates from supported and basic rate sets */ 315 int *list = os_malloc(4 * sizeof(int)); 316 if (list) { 317 list[0] = 60; 318 list[1] = 120; 319 list[2] = 240; 320 list[3] = -1; 321 } 322 conf->basic_rates = list; 323 324 list = os_malloc(9 * sizeof(int)); 325 if (list) { 326 list[0] = 60; 327 list[1] = 90; 328 list[2] = 120; 329 list[3] = 180; 330 list[4] = 240; 331 list[5] = 360; 332 list[6] = 480; 333 list[7] = 540; 334 list[8] = -1; 335 } 336 conf->supported_rates = list; 337 } 338 339 bss->isolate = !wpa_s->conf->p2p_intra_bss; 340 bss->force_per_enrollee_psk = wpa_s->global->p2p_per_sta_psk; 341 342 if (ssid->p2p_group) { 343 os_memcpy(bss->ip_addr_go, wpa_s->p2pdev->conf->ip_addr_go, 4); 344 os_memcpy(bss->ip_addr_mask, wpa_s->p2pdev->conf->ip_addr_mask, 345 4); 346 os_memcpy(bss->ip_addr_start, 347 wpa_s->p2pdev->conf->ip_addr_start, 4); 348 os_memcpy(bss->ip_addr_end, wpa_s->p2pdev->conf->ip_addr_end, 349 4); 350 } 351 #endif /* CONFIG_P2P */ 352 353 if (ssid->ssid_len == 0) { 354 wpa_printf(MSG_ERROR, "No SSID configured for AP mode"); 355 return -1; 356 } 357 os_memcpy(bss->ssid.ssid, ssid->ssid, ssid->ssid_len); 358 bss->ssid.ssid_len = ssid->ssid_len; 359 bss->ssid.ssid_set = 1; 360 361 bss->ignore_broadcast_ssid = ssid->ignore_broadcast_ssid; 362 363 if (ssid->auth_alg) 364 bss->auth_algs = ssid->auth_alg; 365 366 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) 367 bss->wpa = ssid->proto; 368 if (ssid->key_mgmt == DEFAULT_KEY_MGMT) 369 bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK; 370 else 371 bss->wpa_key_mgmt = ssid->key_mgmt; 372 bss->wpa_pairwise = ssid->pairwise_cipher; 373 if (ssid->psk_set) { 374 bin_clear_free(bss->ssid.wpa_psk, sizeof(*bss->ssid.wpa_psk)); 375 bss->ssid.wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk)); 376 if (bss->ssid.wpa_psk == NULL) 377 return -1; 378 os_memcpy(bss->ssid.wpa_psk->psk, ssid->psk, PMK_LEN); 379 bss->ssid.wpa_psk->group = 1; 380 bss->ssid.wpa_psk_set = 1; 381 } else if (ssid->passphrase) { 382 bss->ssid.wpa_passphrase = os_strdup(ssid->passphrase); 383 } else if (ssid->wep_key_len[0] || ssid->wep_key_len[1] || 384 ssid->wep_key_len[2] || ssid->wep_key_len[3]) { 385 struct hostapd_wep_keys *wep = &bss->ssid.wep; 386 int i; 387 for (i = 0; i < NUM_WEP_KEYS; i++) { 388 if (ssid->wep_key_len[i] == 0) 389 continue; 390 wep->key[i] = os_memdup(ssid->wep_key[i], 391 ssid->wep_key_len[i]); 392 if (wep->key[i] == NULL) 393 return -1; 394 wep->len[i] = ssid->wep_key_len[i]; 395 } 396 wep->idx = ssid->wep_tx_keyidx; 397 wep->keys_set = 1; 398 } 399 400 if (wpa_s->conf->go_interworking) { 401 wpa_printf(MSG_DEBUG, 402 "P2P: Enable Interworking with access_network_type: %d", 403 wpa_s->conf->go_access_network_type); 404 bss->interworking = wpa_s->conf->go_interworking; 405 bss->access_network_type = wpa_s->conf->go_access_network_type; 406 bss->internet = wpa_s->conf->go_internet; 407 if (wpa_s->conf->go_venue_group) { 408 wpa_printf(MSG_DEBUG, 409 "P2P: Venue group: %d Venue type: %d", 410 wpa_s->conf->go_venue_group, 411 wpa_s->conf->go_venue_type); 412 bss->venue_group = wpa_s->conf->go_venue_group; 413 bss->venue_type = wpa_s->conf->go_venue_type; 414 bss->venue_info_set = 1; 415 } 416 } 417 418 if (ssid->ap_max_inactivity) 419 bss->ap_max_inactivity = ssid->ap_max_inactivity; 420 421 if (ssid->dtim_period) 422 bss->dtim_period = ssid->dtim_period; 423 else if (wpa_s->conf->dtim_period) 424 bss->dtim_period = wpa_s->conf->dtim_period; 425 426 if (ssid->beacon_int) 427 conf->beacon_int = ssid->beacon_int; 428 else if (wpa_s->conf->beacon_int) 429 conf->beacon_int = wpa_s->conf->beacon_int; 430 431 #ifdef CONFIG_P2P 432 if (ssid->mode == WPAS_MODE_P2P_GO || 433 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) { 434 if (wpa_s->conf->p2p_go_ctwindow > conf->beacon_int) { 435 wpa_printf(MSG_INFO, 436 "CTWindow (%d) is bigger than beacon interval (%d) - avoid configuring it", 437 wpa_s->conf->p2p_go_ctwindow, 438 conf->beacon_int); 439 conf->p2p_go_ctwindow = 0; 440 } else { 441 conf->p2p_go_ctwindow = wpa_s->conf->p2p_go_ctwindow; 442 } 443 } 444 #endif /* CONFIG_P2P */ 445 446 if ((bss->wpa & 2) && bss->rsn_pairwise == 0) 447 bss->rsn_pairwise = bss->wpa_pairwise; 448 bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise, 449 bss->rsn_pairwise); 450 451 if (bss->wpa && bss->ieee802_1x) 452 bss->ssid.security_policy = SECURITY_WPA; 453 else if (bss->wpa) 454 bss->ssid.security_policy = SECURITY_WPA_PSK; 455 else if (bss->ieee802_1x) { 456 int cipher = WPA_CIPHER_NONE; 457 bss->ssid.security_policy = SECURITY_IEEE_802_1X; 458 bss->ssid.wep.default_len = bss->default_wep_key_len; 459 if (bss->default_wep_key_len) 460 cipher = bss->default_wep_key_len >= 13 ? 461 WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40; 462 bss->wpa_group = cipher; 463 bss->wpa_pairwise = cipher; 464 bss->rsn_pairwise = cipher; 465 } else if (bss->ssid.wep.keys_set) { 466 int cipher = WPA_CIPHER_WEP40; 467 if (bss->ssid.wep.len[0] >= 13) 468 cipher = WPA_CIPHER_WEP104; 469 bss->ssid.security_policy = SECURITY_STATIC_WEP; 470 bss->wpa_group = cipher; 471 bss->wpa_pairwise = cipher; 472 bss->rsn_pairwise = cipher; 473 } else { 474 bss->ssid.security_policy = SECURITY_PLAINTEXT; 475 bss->wpa_group = WPA_CIPHER_NONE; 476 bss->wpa_pairwise = WPA_CIPHER_NONE; 477 bss->rsn_pairwise = WPA_CIPHER_NONE; 478 } 479 480 if (bss->wpa_group_rekey < 86400 && (bss->wpa & 2) && 481 (bss->wpa_group == WPA_CIPHER_CCMP || 482 bss->wpa_group == WPA_CIPHER_GCMP || 483 bss->wpa_group == WPA_CIPHER_CCMP_256 || 484 bss->wpa_group == WPA_CIPHER_GCMP_256)) { 485 /* 486 * Strong ciphers do not need frequent rekeying, so increase 487 * the default GTK rekeying period to 24 hours. 488 */ 489 bss->wpa_group_rekey = 86400; 490 } 491 492 #ifdef CONFIG_IEEE80211W 493 if (ssid->ieee80211w != MGMT_FRAME_PROTECTION_DEFAULT) 494 bss->ieee80211w = ssid->ieee80211w; 495 #endif /* CONFIG_IEEE80211W */ 496 497 #ifdef CONFIG_WPS 498 /* 499 * Enable WPS by default for open and WPA/WPA2-Personal network, but 500 * require user interaction to actually use it. Only the internal 501 * Registrar is supported. 502 */ 503 if (bss->ssid.security_policy != SECURITY_WPA_PSK && 504 bss->ssid.security_policy != SECURITY_PLAINTEXT) 505 goto no_wps; 506 if (bss->ssid.security_policy == SECURITY_WPA_PSK && 507 (!(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) || 508 !(bss->wpa & 2))) 509 goto no_wps; /* WPS2 does not allow WPA/TKIP-only 510 * configuration */ 511 if (ssid->wps_disabled) 512 goto no_wps; 513 bss->eap_server = 1; 514 515 if (!ssid->ignore_broadcast_ssid) 516 bss->wps_state = 2; 517 518 bss->ap_setup_locked = 2; 519 if (wpa_s->conf->config_methods) 520 bss->config_methods = os_strdup(wpa_s->conf->config_methods); 521 os_memcpy(bss->device_type, wpa_s->conf->device_type, 522 WPS_DEV_TYPE_LEN); 523 if (wpa_s->conf->device_name) { 524 bss->device_name = os_strdup(wpa_s->conf->device_name); 525 bss->friendly_name = os_strdup(wpa_s->conf->device_name); 526 } 527 if (wpa_s->conf->manufacturer) 528 bss->manufacturer = os_strdup(wpa_s->conf->manufacturer); 529 if (wpa_s->conf->model_name) 530 bss->model_name = os_strdup(wpa_s->conf->model_name); 531 if (wpa_s->conf->model_number) 532 bss->model_number = os_strdup(wpa_s->conf->model_number); 533 if (wpa_s->conf->serial_number) 534 bss->serial_number = os_strdup(wpa_s->conf->serial_number); 535 if (is_nil_uuid(wpa_s->conf->uuid)) 536 os_memcpy(bss->uuid, wpa_s->wps->uuid, WPS_UUID_LEN); 537 else 538 os_memcpy(bss->uuid, wpa_s->conf->uuid, WPS_UUID_LEN); 539 os_memcpy(bss->os_version, wpa_s->conf->os_version, 4); 540 bss->pbc_in_m1 = wpa_s->conf->pbc_in_m1; 541 if (ssid->eap.fragment_size != DEFAULT_FRAGMENT_SIZE) 542 bss->fragment_size = ssid->eap.fragment_size; 543 no_wps: 544 #endif /* CONFIG_WPS */ 545 546 if (wpa_s->max_stations && 547 wpa_s->max_stations < wpa_s->conf->max_num_sta) 548 bss->max_num_sta = wpa_s->max_stations; 549 else 550 bss->max_num_sta = wpa_s->conf->max_num_sta; 551 552 if (!bss->isolate) 553 bss->isolate = wpa_s->conf->ap_isolate; 554 555 bss->disassoc_low_ack = wpa_s->conf->disassoc_low_ack; 556 557 if (wpa_s->conf->ap_vendor_elements) { 558 bss->vendor_elements = 559 wpabuf_dup(wpa_s->conf->ap_vendor_elements); 560 } 561 562 bss->ftm_responder = wpa_s->conf->ftm_responder; 563 bss->ftm_initiator = wpa_s->conf->ftm_initiator; 564 565 return 0; 566 } 567 568 569 static void ap_public_action_rx(void *ctx, const u8 *buf, size_t len, int freq) 570 { 571 #ifdef CONFIG_P2P 572 struct wpa_supplicant *wpa_s = ctx; 573 const struct ieee80211_mgmt *mgmt; 574 575 mgmt = (const struct ieee80211_mgmt *) buf; 576 if (len < IEEE80211_HDRLEN + 1) 577 return; 578 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC) 579 return; 580 wpas_p2p_rx_action(wpa_s, mgmt->da, mgmt->sa, mgmt->bssid, 581 mgmt->u.action.category, 582 buf + IEEE80211_HDRLEN + 1, 583 len - IEEE80211_HDRLEN - 1, freq); 584 #endif /* CONFIG_P2P */ 585 } 586 587 588 static void ap_wps_event_cb(void *ctx, enum wps_event event, 589 union wps_event_data *data) 590 { 591 #ifdef CONFIG_P2P 592 struct wpa_supplicant *wpa_s = ctx; 593 594 if (event == WPS_EV_FAIL) { 595 struct wps_event_fail *fail = &data->fail; 596 597 if (wpa_s->p2pdev && wpa_s->p2pdev != wpa_s && 598 wpa_s == wpa_s->global->p2p_group_formation) { 599 /* 600 * src/ap/wps_hostapd.c has already sent this on the 601 * main interface, so only send on the parent interface 602 * here if needed. 603 */ 604 wpa_msg(wpa_s->p2pdev, MSG_INFO, WPS_EVENT_FAIL 605 "msg=%d config_error=%d", 606 fail->msg, fail->config_error); 607 } 608 wpas_p2p_wps_failed(wpa_s, fail); 609 } 610 #endif /* CONFIG_P2P */ 611 } 612 613 614 static void ap_sta_authorized_cb(void *ctx, const u8 *mac_addr, 615 int authorized, const u8 *p2p_dev_addr) 616 { 617 wpas_notify_sta_authorized(ctx, mac_addr, authorized, p2p_dev_addr); 618 } 619 620 621 #ifdef CONFIG_P2P 622 static void ap_new_psk_cb(void *ctx, const u8 *mac_addr, const u8 *p2p_dev_addr, 623 const u8 *psk, size_t psk_len) 624 { 625 626 struct wpa_supplicant *wpa_s = ctx; 627 if (wpa_s->ap_iface == NULL || wpa_s->current_ssid == NULL) 628 return; 629 wpas_p2p_new_psk_cb(wpa_s, mac_addr, p2p_dev_addr, psk, psk_len); 630 } 631 #endif /* CONFIG_P2P */ 632 633 634 static int ap_vendor_action_rx(void *ctx, const u8 *buf, size_t len, int freq) 635 { 636 #ifdef CONFIG_P2P 637 struct wpa_supplicant *wpa_s = ctx; 638 const struct ieee80211_mgmt *mgmt; 639 640 mgmt = (const struct ieee80211_mgmt *) buf; 641 if (len < IEEE80211_HDRLEN + 1) 642 return -1; 643 wpas_p2p_rx_action(wpa_s, mgmt->da, mgmt->sa, mgmt->bssid, 644 mgmt->u.action.category, 645 buf + IEEE80211_HDRLEN + 1, 646 len - IEEE80211_HDRLEN - 1, freq); 647 #endif /* CONFIG_P2P */ 648 return 0; 649 } 650 651 652 static int ap_probe_req_rx(void *ctx, const u8 *sa, const u8 *da, 653 const u8 *bssid, const u8 *ie, size_t ie_len, 654 int ssi_signal) 655 { 656 struct wpa_supplicant *wpa_s = ctx; 657 unsigned int freq = 0; 658 659 if (wpa_s->ap_iface) 660 freq = wpa_s->ap_iface->freq; 661 662 return wpas_p2p_probe_req_rx(wpa_s, sa, da, bssid, ie, ie_len, 663 freq, ssi_signal); 664 } 665 666 667 static void ap_wps_reg_success_cb(void *ctx, const u8 *mac_addr, 668 const u8 *uuid_e) 669 { 670 struct wpa_supplicant *wpa_s = ctx; 671 wpas_p2p_wps_success(wpa_s, mac_addr, 1); 672 } 673 674 675 static void wpas_ap_configured_cb(void *ctx) 676 { 677 struct wpa_supplicant *wpa_s = ctx; 678 679 wpa_printf(MSG_DEBUG, "AP interface setup completed - state %s", 680 hostapd_state_text(wpa_s->ap_iface->state)); 681 if (wpa_s->ap_iface->state == HAPD_IFACE_DISABLED) { 682 wpa_supplicant_ap_deinit(wpa_s); 683 return; 684 } 685 686 #ifdef CONFIG_ACS 687 if (wpa_s->current_ssid && wpa_s->current_ssid->acs) { 688 wpa_s->assoc_freq = wpa_s->ap_iface->freq; 689 wpa_s->current_ssid->frequency = wpa_s->ap_iface->freq; 690 } 691 #endif /* CONFIG_ACS */ 692 693 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 694 695 if (wpa_s->ap_configured_cb) 696 wpa_s->ap_configured_cb(wpa_s->ap_configured_cb_ctx, 697 wpa_s->ap_configured_cb_data); 698 } 699 700 701 int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s, 702 struct wpa_ssid *ssid) 703 { 704 struct wpa_driver_associate_params params; 705 struct hostapd_iface *hapd_iface; 706 struct hostapd_config *conf; 707 size_t i; 708 709 if (ssid->ssid == NULL || ssid->ssid_len == 0) { 710 wpa_printf(MSG_ERROR, "No SSID configured for AP mode"); 711 return -1; 712 } 713 714 wpa_supplicant_ap_deinit(wpa_s); 715 716 wpa_printf(MSG_DEBUG, "Setting up AP (SSID='%s')", 717 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 718 719 os_memset(¶ms, 0, sizeof(params)); 720 params.ssid = ssid->ssid; 721 params.ssid_len = ssid->ssid_len; 722 switch (ssid->mode) { 723 case WPAS_MODE_AP: 724 case WPAS_MODE_P2P_GO: 725 case WPAS_MODE_P2P_GROUP_FORMATION: 726 params.mode = IEEE80211_MODE_AP; 727 break; 728 default: 729 return -1; 730 } 731 if (ssid->frequency == 0) 732 ssid->frequency = 2462; /* default channel 11 */ 733 params.freq.freq = ssid->frequency; 734 735 params.wpa_proto = ssid->proto; 736 if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) 737 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK; 738 else 739 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE; 740 params.key_mgmt_suite = wpa_s->key_mgmt; 741 742 wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(ssid->pairwise_cipher, 743 1); 744 if (wpa_s->pairwise_cipher < 0) { 745 wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise " 746 "cipher."); 747 return -1; 748 } 749 params.pairwise_suite = wpa_s->pairwise_cipher; 750 params.group_suite = params.pairwise_suite; 751 752 #ifdef CONFIG_P2P 753 if (ssid->mode == WPAS_MODE_P2P_GO || 754 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) 755 params.p2p = 1; 756 #endif /* CONFIG_P2P */ 757 758 if (wpa_s->p2pdev->set_ap_uapsd) 759 params.uapsd = wpa_s->p2pdev->ap_uapsd; 760 else if (params.p2p && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP_UAPSD)) 761 params.uapsd = 1; /* mandatory for P2P GO */ 762 else 763 params.uapsd = -1; 764 765 if (ieee80211_is_dfs(params.freq.freq, wpa_s->hw.modes, 766 wpa_s->hw.num_modes)) 767 params.freq.freq = 0; /* set channel after CAC */ 768 769 if (params.p2p) 770 wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_GO); 771 else 772 wpa_drv_get_ext_capa(wpa_s, WPA_IF_AP_BSS); 773 774 if (wpa_drv_associate(wpa_s, ¶ms) < 0) { 775 wpa_msg(wpa_s, MSG_INFO, "Failed to start AP functionality"); 776 return -1; 777 } 778 779 wpa_s->ap_iface = hapd_iface = hostapd_alloc_iface(); 780 if (hapd_iface == NULL) 781 return -1; 782 hapd_iface->owner = wpa_s; 783 hapd_iface->drv_flags = wpa_s->drv_flags; 784 hapd_iface->smps_modes = wpa_s->drv_smps_modes; 785 hapd_iface->probe_resp_offloads = wpa_s->probe_resp_offloads; 786 hapd_iface->extended_capa = wpa_s->extended_capa; 787 hapd_iface->extended_capa_mask = wpa_s->extended_capa_mask; 788 hapd_iface->extended_capa_len = wpa_s->extended_capa_len; 789 790 wpa_s->ap_iface->conf = conf = hostapd_config_defaults(); 791 if (conf == NULL) { 792 wpa_supplicant_ap_deinit(wpa_s); 793 return -1; 794 } 795 796 os_memcpy(wpa_s->ap_iface->conf->wmm_ac_params, 797 wpa_s->conf->wmm_ac_params, 798 sizeof(wpa_s->conf->wmm_ac_params)); 799 800 if (params.uapsd > 0) { 801 conf->bss[0]->wmm_enabled = 1; 802 conf->bss[0]->wmm_uapsd = 1; 803 } 804 805 if (wpa_supplicant_conf_ap(wpa_s, ssid, conf)) { 806 wpa_printf(MSG_ERROR, "Failed to create AP configuration"); 807 wpa_supplicant_ap_deinit(wpa_s); 808 return -1; 809 } 810 811 #ifdef CONFIG_P2P 812 if (ssid->mode == WPAS_MODE_P2P_GO) 813 conf->bss[0]->p2p = P2P_ENABLED | P2P_GROUP_OWNER; 814 else if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) 815 conf->bss[0]->p2p = P2P_ENABLED | P2P_GROUP_OWNER | 816 P2P_GROUP_FORMATION; 817 #endif /* CONFIG_P2P */ 818 819 hapd_iface->num_bss = conf->num_bss; 820 hapd_iface->bss = os_calloc(conf->num_bss, 821 sizeof(struct hostapd_data *)); 822 if (hapd_iface->bss == NULL) { 823 wpa_supplicant_ap_deinit(wpa_s); 824 return -1; 825 } 826 827 for (i = 0; i < conf->num_bss; i++) { 828 hapd_iface->bss[i] = 829 hostapd_alloc_bss_data(hapd_iface, conf, 830 conf->bss[i]); 831 if (hapd_iface->bss[i] == NULL) { 832 wpa_supplicant_ap_deinit(wpa_s); 833 return -1; 834 } 835 836 hapd_iface->bss[i]->msg_ctx = wpa_s; 837 hapd_iface->bss[i]->msg_ctx_parent = wpa_s->p2pdev; 838 hapd_iface->bss[i]->public_action_cb = ap_public_action_rx; 839 hapd_iface->bss[i]->public_action_cb_ctx = wpa_s; 840 hapd_iface->bss[i]->vendor_action_cb = ap_vendor_action_rx; 841 hapd_iface->bss[i]->vendor_action_cb_ctx = wpa_s; 842 hostapd_register_probereq_cb(hapd_iface->bss[i], 843 ap_probe_req_rx, wpa_s); 844 hapd_iface->bss[i]->wps_reg_success_cb = ap_wps_reg_success_cb; 845 hapd_iface->bss[i]->wps_reg_success_cb_ctx = wpa_s; 846 hapd_iface->bss[i]->wps_event_cb = ap_wps_event_cb; 847 hapd_iface->bss[i]->wps_event_cb_ctx = wpa_s; 848 hapd_iface->bss[i]->sta_authorized_cb = ap_sta_authorized_cb; 849 hapd_iface->bss[i]->sta_authorized_cb_ctx = wpa_s; 850 #ifdef CONFIG_P2P 851 hapd_iface->bss[i]->new_psk_cb = ap_new_psk_cb; 852 hapd_iface->bss[i]->new_psk_cb_ctx = wpa_s; 853 hapd_iface->bss[i]->p2p = wpa_s->global->p2p; 854 hapd_iface->bss[i]->p2p_group = wpas_p2p_group_init(wpa_s, 855 ssid); 856 #endif /* CONFIG_P2P */ 857 hapd_iface->bss[i]->setup_complete_cb = wpas_ap_configured_cb; 858 hapd_iface->bss[i]->setup_complete_cb_ctx = wpa_s; 859 #ifdef CONFIG_TESTING_OPTIONS 860 hapd_iface->bss[i]->ext_eapol_frame_io = 861 wpa_s->ext_eapol_frame_io; 862 #endif /* CONFIG_TESTING_OPTIONS */ 863 } 864 865 os_memcpy(hapd_iface->bss[0]->own_addr, wpa_s->own_addr, ETH_ALEN); 866 hapd_iface->bss[0]->driver = wpa_s->driver; 867 hapd_iface->bss[0]->drv_priv = wpa_s->drv_priv; 868 869 wpa_s->current_ssid = ssid; 870 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL); 871 os_memcpy(wpa_s->bssid, wpa_s->own_addr, ETH_ALEN); 872 wpa_s->assoc_freq = ssid->frequency; 873 874 #if defined(CONFIG_P2P) && defined(CONFIG_ACS) 875 if (wpa_s->p2p_go_do_acs) { 876 wpa_s->ap_iface->conf->channel = 0; 877 wpa_s->ap_iface->conf->hw_mode = wpa_s->p2p_go_acs_band; 878 ssid->acs = 1; 879 } 880 #endif /* CONFIG_P2P && CONFIG_ACS */ 881 882 if (hostapd_setup_interface(wpa_s->ap_iface)) { 883 wpa_printf(MSG_ERROR, "Failed to initialize AP interface"); 884 wpa_supplicant_ap_deinit(wpa_s); 885 return -1; 886 } 887 888 return 0; 889 } 890 891 892 void wpa_supplicant_ap_deinit(struct wpa_supplicant *wpa_s) 893 { 894 #ifdef CONFIG_WPS 895 eloop_cancel_timeout(wpas_wps_ap_pin_timeout, wpa_s, NULL); 896 #endif /* CONFIG_WPS */ 897 898 if (wpa_s->ap_iface == NULL) 899 return; 900 901 wpa_s->current_ssid = NULL; 902 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL); 903 wpa_s->assoc_freq = 0; 904 wpas_p2p_ap_deinit(wpa_s); 905 wpa_s->ap_iface->driver_ap_teardown = 906 !!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP_TEARDOWN_SUPPORT); 907 908 hostapd_interface_deinit(wpa_s->ap_iface); 909 hostapd_interface_free(wpa_s->ap_iface); 910 wpa_s->ap_iface = NULL; 911 wpa_drv_deinit_ap(wpa_s); 912 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid=" MACSTR 913 " reason=%d locally_generated=1", 914 MAC2STR(wpa_s->own_addr), WLAN_REASON_DEAUTH_LEAVING); 915 } 916 917 918 void ap_tx_status(void *ctx, const u8 *addr, 919 const u8 *buf, size_t len, int ack) 920 { 921 #ifdef NEED_AP_MLME 922 struct wpa_supplicant *wpa_s = ctx; 923 hostapd_tx_status(wpa_s->ap_iface->bss[0], addr, buf, len, ack); 924 #endif /* NEED_AP_MLME */ 925 } 926 927 928 void ap_eapol_tx_status(void *ctx, const u8 *dst, 929 const u8 *data, size_t len, int ack) 930 { 931 #ifdef NEED_AP_MLME 932 struct wpa_supplicant *wpa_s = ctx; 933 if (!wpa_s->ap_iface) 934 return; 935 hostapd_tx_status(wpa_s->ap_iface->bss[0], dst, data, len, ack); 936 #endif /* NEED_AP_MLME */ 937 } 938 939 940 void ap_client_poll_ok(void *ctx, const u8 *addr) 941 { 942 #ifdef NEED_AP_MLME 943 struct wpa_supplicant *wpa_s = ctx; 944 if (wpa_s->ap_iface) 945 hostapd_client_poll_ok(wpa_s->ap_iface->bss[0], addr); 946 #endif /* NEED_AP_MLME */ 947 } 948 949 950 void ap_rx_from_unknown_sta(void *ctx, const u8 *addr, int wds) 951 { 952 #ifdef NEED_AP_MLME 953 struct wpa_supplicant *wpa_s = ctx; 954 ieee802_11_rx_from_unknown(wpa_s->ap_iface->bss[0], addr, wds); 955 #endif /* NEED_AP_MLME */ 956 } 957 958 959 void ap_mgmt_rx(void *ctx, struct rx_mgmt *rx_mgmt) 960 { 961 #ifdef NEED_AP_MLME 962 struct wpa_supplicant *wpa_s = ctx; 963 struct hostapd_frame_info fi; 964 os_memset(&fi, 0, sizeof(fi)); 965 fi.datarate = rx_mgmt->datarate; 966 fi.ssi_signal = rx_mgmt->ssi_signal; 967 ieee802_11_mgmt(wpa_s->ap_iface->bss[0], rx_mgmt->frame, 968 rx_mgmt->frame_len, &fi); 969 #endif /* NEED_AP_MLME */ 970 } 971 972 973 void ap_mgmt_tx_cb(void *ctx, const u8 *buf, size_t len, u16 stype, int ok) 974 { 975 #ifdef NEED_AP_MLME 976 struct wpa_supplicant *wpa_s = ctx; 977 ieee802_11_mgmt_cb(wpa_s->ap_iface->bss[0], buf, len, stype, ok); 978 #endif /* NEED_AP_MLME */ 979 } 980 981 982 void wpa_supplicant_ap_rx_eapol(struct wpa_supplicant *wpa_s, 983 const u8 *src_addr, const u8 *buf, size_t len) 984 { 985 ieee802_1x_receive(wpa_s->ap_iface->bss[0], src_addr, buf, len); 986 } 987 988 989 #ifdef CONFIG_WPS 990 991 int wpa_supplicant_ap_wps_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid, 992 const u8 *p2p_dev_addr) 993 { 994 if (!wpa_s->ap_iface) 995 return -1; 996 return hostapd_wps_button_pushed(wpa_s->ap_iface->bss[0], 997 p2p_dev_addr); 998 } 999 1000 1001 int wpa_supplicant_ap_wps_cancel(struct wpa_supplicant *wpa_s) 1002 { 1003 struct wps_registrar *reg; 1004 int reg_sel = 0, wps_sta = 0; 1005 1006 if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0]->wps) 1007 return -1; 1008 1009 reg = wpa_s->ap_iface->bss[0]->wps->registrar; 1010 reg_sel = wps_registrar_wps_cancel(reg); 1011 wps_sta = ap_for_each_sta(wpa_s->ap_iface->bss[0], 1012 ap_sta_wps_cancel, NULL); 1013 1014 if (!reg_sel && !wps_sta) { 1015 wpa_printf(MSG_DEBUG, "No WPS operation in progress at this " 1016 "time"); 1017 return -1; 1018 } 1019 1020 /* 1021 * There are 2 cases to return wps cancel as success: 1022 * 1. When wps cancel was initiated but no connection has been 1023 * established with client yet. 1024 * 2. Client is in the middle of exchanging WPS messages. 1025 */ 1026 1027 return 0; 1028 } 1029 1030 1031 int wpa_supplicant_ap_wps_pin(struct wpa_supplicant *wpa_s, const u8 *bssid, 1032 const char *pin, char *buf, size_t buflen, 1033 int timeout) 1034 { 1035 int ret, ret_len = 0; 1036 1037 if (!wpa_s->ap_iface) 1038 return -1; 1039 1040 if (pin == NULL) { 1041 unsigned int rpin; 1042 1043 if (wps_generate_pin(&rpin) < 0) 1044 return -1; 1045 ret_len = os_snprintf(buf, buflen, "%08d", rpin); 1046 if (os_snprintf_error(buflen, ret_len)) 1047 return -1; 1048 pin = buf; 1049 } else if (buf) { 1050 ret_len = os_snprintf(buf, buflen, "%s", pin); 1051 if (os_snprintf_error(buflen, ret_len)) 1052 return -1; 1053 } 1054 1055 ret = hostapd_wps_add_pin(wpa_s->ap_iface->bss[0], bssid, "any", pin, 1056 timeout); 1057 if (ret) 1058 return -1; 1059 return ret_len; 1060 } 1061 1062 1063 static void wpas_wps_ap_pin_timeout(void *eloop_data, void *user_ctx) 1064 { 1065 struct wpa_supplicant *wpa_s = eloop_data; 1066 wpa_printf(MSG_DEBUG, "WPS: AP PIN timed out"); 1067 wpas_wps_ap_pin_disable(wpa_s); 1068 } 1069 1070 1071 static void wpas_wps_ap_pin_enable(struct wpa_supplicant *wpa_s, int timeout) 1072 { 1073 struct hostapd_data *hapd; 1074 1075 if (wpa_s->ap_iface == NULL) 1076 return; 1077 hapd = wpa_s->ap_iface->bss[0]; 1078 wpa_printf(MSG_DEBUG, "WPS: Enabling AP PIN (timeout=%d)", timeout); 1079 hapd->ap_pin_failures = 0; 1080 eloop_cancel_timeout(wpas_wps_ap_pin_timeout, wpa_s, NULL); 1081 if (timeout > 0) 1082 eloop_register_timeout(timeout, 0, 1083 wpas_wps_ap_pin_timeout, wpa_s, NULL); 1084 } 1085 1086 1087 void wpas_wps_ap_pin_disable(struct wpa_supplicant *wpa_s) 1088 { 1089 struct hostapd_data *hapd; 1090 1091 if (wpa_s->ap_iface == NULL) 1092 return; 1093 wpa_printf(MSG_DEBUG, "WPS: Disabling AP PIN"); 1094 hapd = wpa_s->ap_iface->bss[0]; 1095 os_free(hapd->conf->ap_pin); 1096 hapd->conf->ap_pin = NULL; 1097 eloop_cancel_timeout(wpas_wps_ap_pin_timeout, wpa_s, NULL); 1098 } 1099 1100 1101 const char * wpas_wps_ap_pin_random(struct wpa_supplicant *wpa_s, int timeout) 1102 { 1103 struct hostapd_data *hapd; 1104 unsigned int pin; 1105 char pin_txt[9]; 1106 1107 if (wpa_s->ap_iface == NULL) 1108 return NULL; 1109 hapd = wpa_s->ap_iface->bss[0]; 1110 if (wps_generate_pin(&pin) < 0) 1111 return NULL; 1112 os_snprintf(pin_txt, sizeof(pin_txt), "%08u", pin); 1113 os_free(hapd->conf->ap_pin); 1114 hapd->conf->ap_pin = os_strdup(pin_txt); 1115 if (hapd->conf->ap_pin == NULL) 1116 return NULL; 1117 wpas_wps_ap_pin_enable(wpa_s, timeout); 1118 1119 return hapd->conf->ap_pin; 1120 } 1121 1122 1123 const char * wpas_wps_ap_pin_get(struct wpa_supplicant *wpa_s) 1124 { 1125 struct hostapd_data *hapd; 1126 if (wpa_s->ap_iface == NULL) 1127 return NULL; 1128 hapd = wpa_s->ap_iface->bss[0]; 1129 return hapd->conf->ap_pin; 1130 } 1131 1132 1133 int wpas_wps_ap_pin_set(struct wpa_supplicant *wpa_s, const char *pin, 1134 int timeout) 1135 { 1136 struct hostapd_data *hapd; 1137 char pin_txt[9]; 1138 int ret; 1139 1140 if (wpa_s->ap_iface == NULL) 1141 return -1; 1142 hapd = wpa_s->ap_iface->bss[0]; 1143 ret = os_snprintf(pin_txt, sizeof(pin_txt), "%s", pin); 1144 if (os_snprintf_error(sizeof(pin_txt), ret)) 1145 return -1; 1146 os_free(hapd->conf->ap_pin); 1147 hapd->conf->ap_pin = os_strdup(pin_txt); 1148 if (hapd->conf->ap_pin == NULL) 1149 return -1; 1150 wpas_wps_ap_pin_enable(wpa_s, timeout); 1151 1152 return 0; 1153 } 1154 1155 1156 void wpa_supplicant_ap_pwd_auth_fail(struct wpa_supplicant *wpa_s) 1157 { 1158 struct hostapd_data *hapd; 1159 1160 if (wpa_s->ap_iface == NULL) 1161 return; 1162 hapd = wpa_s->ap_iface->bss[0]; 1163 1164 /* 1165 * Registrar failed to prove its knowledge of the AP PIN. Disable AP 1166 * PIN if this happens multiple times to slow down brute force attacks. 1167 */ 1168 hapd->ap_pin_failures++; 1169 wpa_printf(MSG_DEBUG, "WPS: AP PIN authentication failure number %u", 1170 hapd->ap_pin_failures); 1171 if (hapd->ap_pin_failures < 3) 1172 return; 1173 1174 wpa_printf(MSG_DEBUG, "WPS: Disable AP PIN"); 1175 hapd->ap_pin_failures = 0; 1176 os_free(hapd->conf->ap_pin); 1177 hapd->conf->ap_pin = NULL; 1178 } 1179 1180 1181 #ifdef CONFIG_WPS_NFC 1182 1183 struct wpabuf * wpas_ap_wps_nfc_config_token(struct wpa_supplicant *wpa_s, 1184 int ndef) 1185 { 1186 struct hostapd_data *hapd; 1187 1188 if (wpa_s->ap_iface == NULL) 1189 return NULL; 1190 hapd = wpa_s->ap_iface->bss[0]; 1191 return hostapd_wps_nfc_config_token(hapd, ndef); 1192 } 1193 1194 1195 struct wpabuf * wpas_ap_wps_nfc_handover_sel(struct wpa_supplicant *wpa_s, 1196 int ndef) 1197 { 1198 struct hostapd_data *hapd; 1199 1200 if (wpa_s->ap_iface == NULL) 1201 return NULL; 1202 hapd = wpa_s->ap_iface->bss[0]; 1203 return hostapd_wps_nfc_hs_cr(hapd, ndef); 1204 } 1205 1206 1207 int wpas_ap_wps_nfc_report_handover(struct wpa_supplicant *wpa_s, 1208 const struct wpabuf *req, 1209 const struct wpabuf *sel) 1210 { 1211 struct hostapd_data *hapd; 1212 1213 if (wpa_s->ap_iface == NULL) 1214 return -1; 1215 hapd = wpa_s->ap_iface->bss[0]; 1216 return hostapd_wps_nfc_report_handover(hapd, req, sel); 1217 } 1218 1219 #endif /* CONFIG_WPS_NFC */ 1220 1221 #endif /* CONFIG_WPS */ 1222 1223 1224 #ifdef CONFIG_CTRL_IFACE 1225 1226 int ap_ctrl_iface_sta_first(struct wpa_supplicant *wpa_s, 1227 char *buf, size_t buflen) 1228 { 1229 struct hostapd_data *hapd; 1230 1231 if (wpa_s->ap_iface) 1232 hapd = wpa_s->ap_iface->bss[0]; 1233 else if (wpa_s->ifmsh) 1234 hapd = wpa_s->ifmsh->bss[0]; 1235 else 1236 return -1; 1237 return hostapd_ctrl_iface_sta_first(hapd, buf, buflen); 1238 } 1239 1240 1241 int ap_ctrl_iface_sta(struct wpa_supplicant *wpa_s, const char *txtaddr, 1242 char *buf, size_t buflen) 1243 { 1244 struct hostapd_data *hapd; 1245 1246 if (wpa_s->ap_iface) 1247 hapd = wpa_s->ap_iface->bss[0]; 1248 else if (wpa_s->ifmsh) 1249 hapd = wpa_s->ifmsh->bss[0]; 1250 else 1251 return -1; 1252 return hostapd_ctrl_iface_sta(hapd, txtaddr, buf, buflen); 1253 } 1254 1255 1256 int ap_ctrl_iface_sta_next(struct wpa_supplicant *wpa_s, const char *txtaddr, 1257 char *buf, size_t buflen) 1258 { 1259 struct hostapd_data *hapd; 1260 1261 if (wpa_s->ap_iface) 1262 hapd = wpa_s->ap_iface->bss[0]; 1263 else if (wpa_s->ifmsh) 1264 hapd = wpa_s->ifmsh->bss[0]; 1265 else 1266 return -1; 1267 return hostapd_ctrl_iface_sta_next(hapd, txtaddr, buf, buflen); 1268 } 1269 1270 1271 int ap_ctrl_iface_sta_disassociate(struct wpa_supplicant *wpa_s, 1272 const char *txtaddr) 1273 { 1274 if (wpa_s->ap_iface == NULL) 1275 return -1; 1276 return hostapd_ctrl_iface_disassociate(wpa_s->ap_iface->bss[0], 1277 txtaddr); 1278 } 1279 1280 1281 int ap_ctrl_iface_sta_deauthenticate(struct wpa_supplicant *wpa_s, 1282 const char *txtaddr) 1283 { 1284 if (wpa_s->ap_iface == NULL) 1285 return -1; 1286 return hostapd_ctrl_iface_deauthenticate(wpa_s->ap_iface->bss[0], 1287 txtaddr); 1288 } 1289 1290 1291 int ap_ctrl_iface_wpa_get_status(struct wpa_supplicant *wpa_s, char *buf, 1292 size_t buflen, int verbose) 1293 { 1294 char *pos = buf, *end = buf + buflen; 1295 int ret; 1296 struct hostapd_bss_config *conf; 1297 1298 if (wpa_s->ap_iface == NULL) 1299 return -1; 1300 1301 conf = wpa_s->ap_iface->bss[0]->conf; 1302 if (conf->wpa == 0) 1303 return 0; 1304 1305 ret = os_snprintf(pos, end - pos, 1306 "pairwise_cipher=%s\n" 1307 "group_cipher=%s\n" 1308 "key_mgmt=%s\n", 1309 wpa_cipher_txt(conf->rsn_pairwise), 1310 wpa_cipher_txt(conf->wpa_group), 1311 wpa_key_mgmt_txt(conf->wpa_key_mgmt, 1312 conf->wpa)); 1313 if (os_snprintf_error(end - pos, ret)) 1314 return pos - buf; 1315 pos += ret; 1316 return pos - buf; 1317 } 1318 1319 #endif /* CONFIG_CTRL_IFACE */ 1320 1321 1322 int wpa_supplicant_ap_update_beacon(struct wpa_supplicant *wpa_s) 1323 { 1324 struct hostapd_iface *iface = wpa_s->ap_iface; 1325 struct wpa_ssid *ssid = wpa_s->current_ssid; 1326 struct hostapd_data *hapd; 1327 1328 if (ssid == NULL || wpa_s->ap_iface == NULL || 1329 ssid->mode == WPAS_MODE_INFRA || 1330 ssid->mode == WPAS_MODE_IBSS) 1331 return -1; 1332 1333 #ifdef CONFIG_P2P 1334 if (ssid->mode == WPAS_MODE_P2P_GO) 1335 iface->conf->bss[0]->p2p = P2P_ENABLED | P2P_GROUP_OWNER; 1336 else if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) 1337 iface->conf->bss[0]->p2p = P2P_ENABLED | P2P_GROUP_OWNER | 1338 P2P_GROUP_FORMATION; 1339 #endif /* CONFIG_P2P */ 1340 1341 hapd = iface->bss[0]; 1342 if (hapd->drv_priv == NULL) 1343 return -1; 1344 ieee802_11_set_beacons(iface); 1345 hostapd_set_ap_wps_ie(hapd); 1346 1347 return 0; 1348 } 1349 1350 1351 int ap_switch_channel(struct wpa_supplicant *wpa_s, 1352 struct csa_settings *settings) 1353 { 1354 #ifdef NEED_AP_MLME 1355 if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0]) 1356 return -1; 1357 1358 return hostapd_switch_channel(wpa_s->ap_iface->bss[0], settings); 1359 #else /* NEED_AP_MLME */ 1360 return -1; 1361 #endif /* NEED_AP_MLME */ 1362 } 1363 1364 1365 #ifdef CONFIG_CTRL_IFACE 1366 int ap_ctrl_iface_chanswitch(struct wpa_supplicant *wpa_s, const char *pos) 1367 { 1368 struct csa_settings settings; 1369 int ret = hostapd_parse_csa_settings(pos, &settings); 1370 1371 if (ret) 1372 return ret; 1373 1374 return ap_switch_channel(wpa_s, &settings); 1375 } 1376 #endif /* CONFIG_CTRL_IFACE */ 1377 1378 1379 void wpas_ap_ch_switch(struct wpa_supplicant *wpa_s, int freq, int ht, 1380 int offset, int width, int cf1, int cf2) 1381 { 1382 if (!wpa_s->ap_iface) 1383 return; 1384 1385 wpa_s->assoc_freq = freq; 1386 if (wpa_s->current_ssid) 1387 wpa_s->current_ssid->frequency = freq; 1388 hostapd_event_ch_switch(wpa_s->ap_iface->bss[0], freq, ht, 1389 offset, width, cf1, cf2); 1390 } 1391 1392 1393 int wpa_supplicant_ap_mac_addr_filter(struct wpa_supplicant *wpa_s, 1394 const u8 *addr) 1395 { 1396 struct hostapd_data *hapd; 1397 struct hostapd_bss_config *conf; 1398 1399 if (!wpa_s->ap_iface) 1400 return -1; 1401 1402 if (addr) 1403 wpa_printf(MSG_DEBUG, "AP: Set MAC address filter: " MACSTR, 1404 MAC2STR(addr)); 1405 else 1406 wpa_printf(MSG_DEBUG, "AP: Clear MAC address filter"); 1407 1408 hapd = wpa_s->ap_iface->bss[0]; 1409 conf = hapd->conf; 1410 1411 os_free(conf->accept_mac); 1412 conf->accept_mac = NULL; 1413 conf->num_accept_mac = 0; 1414 os_free(conf->deny_mac); 1415 conf->deny_mac = NULL; 1416 conf->num_deny_mac = 0; 1417 1418 if (addr == NULL) { 1419 conf->macaddr_acl = ACCEPT_UNLESS_DENIED; 1420 return 0; 1421 } 1422 1423 conf->macaddr_acl = DENY_UNLESS_ACCEPTED; 1424 conf->accept_mac = os_zalloc(sizeof(struct mac_acl_entry)); 1425 if (conf->accept_mac == NULL) 1426 return -1; 1427 os_memcpy(conf->accept_mac[0].addr, addr, ETH_ALEN); 1428 conf->num_accept_mac = 1; 1429 1430 return 0; 1431 } 1432 1433 1434 #ifdef CONFIG_WPS_NFC 1435 int wpas_ap_wps_add_nfc_pw(struct wpa_supplicant *wpa_s, u16 pw_id, 1436 const struct wpabuf *pw, const u8 *pubkey_hash) 1437 { 1438 struct hostapd_data *hapd; 1439 struct wps_context *wps; 1440 1441 if (!wpa_s->ap_iface) 1442 return -1; 1443 hapd = wpa_s->ap_iface->bss[0]; 1444 wps = hapd->wps; 1445 1446 if (wpa_s->p2pdev->conf->wps_nfc_dh_pubkey == NULL || 1447 wpa_s->p2pdev->conf->wps_nfc_dh_privkey == NULL) { 1448 wpa_printf(MSG_DEBUG, "P2P: No NFC DH key known"); 1449 return -1; 1450 } 1451 1452 dh5_free(wps->dh_ctx); 1453 wpabuf_free(wps->dh_pubkey); 1454 wpabuf_free(wps->dh_privkey); 1455 wps->dh_privkey = wpabuf_dup( 1456 wpa_s->p2pdev->conf->wps_nfc_dh_privkey); 1457 wps->dh_pubkey = wpabuf_dup( 1458 wpa_s->p2pdev->conf->wps_nfc_dh_pubkey); 1459 if (wps->dh_privkey == NULL || wps->dh_pubkey == NULL) { 1460 wps->dh_ctx = NULL; 1461 wpabuf_free(wps->dh_pubkey); 1462 wps->dh_pubkey = NULL; 1463 wpabuf_free(wps->dh_privkey); 1464 wps->dh_privkey = NULL; 1465 return -1; 1466 } 1467 wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, wps->dh_pubkey); 1468 if (wps->dh_ctx == NULL) 1469 return -1; 1470 1471 return wps_registrar_add_nfc_pw_token(hapd->wps->registrar, pubkey_hash, 1472 pw_id, 1473 pw ? wpabuf_head(pw) : NULL, 1474 pw ? wpabuf_len(pw) : 0, 1); 1475 } 1476 #endif /* CONFIG_WPS_NFC */ 1477 1478 1479 #ifdef CONFIG_CTRL_IFACE 1480 int wpas_ap_stop_ap(struct wpa_supplicant *wpa_s) 1481 { 1482 struct hostapd_data *hapd; 1483 1484 if (!wpa_s->ap_iface) 1485 return -1; 1486 hapd = wpa_s->ap_iface->bss[0]; 1487 return hostapd_ctrl_iface_stop_ap(hapd); 1488 } 1489 1490 1491 int wpas_ap_pmksa_cache_list(struct wpa_supplicant *wpa_s, char *buf, 1492 size_t len) 1493 { 1494 size_t reply_len = 0, i; 1495 char ap_delimiter[] = "---- AP ----\n"; 1496 char mesh_delimiter[] = "---- mesh ----\n"; 1497 size_t dlen; 1498 1499 if (wpa_s->ap_iface) { 1500 dlen = os_strlen(ap_delimiter); 1501 if (dlen > len - reply_len) 1502 return reply_len; 1503 os_memcpy(&buf[reply_len], ap_delimiter, dlen); 1504 reply_len += dlen; 1505 1506 for (i = 0; i < wpa_s->ap_iface->num_bss; i++) { 1507 reply_len += hostapd_ctrl_iface_pmksa_list( 1508 wpa_s->ap_iface->bss[i], 1509 &buf[reply_len], len - reply_len); 1510 } 1511 } 1512 1513 if (wpa_s->ifmsh) { 1514 dlen = os_strlen(mesh_delimiter); 1515 if (dlen > len - reply_len) 1516 return reply_len; 1517 os_memcpy(&buf[reply_len], mesh_delimiter, dlen); 1518 reply_len += dlen; 1519 1520 reply_len += hostapd_ctrl_iface_pmksa_list( 1521 wpa_s->ifmsh->bss[0], &buf[reply_len], 1522 len - reply_len); 1523 } 1524 1525 return reply_len; 1526 } 1527 1528 1529 void wpas_ap_pmksa_cache_flush(struct wpa_supplicant *wpa_s) 1530 { 1531 size_t i; 1532 1533 if (wpa_s->ap_iface) { 1534 for (i = 0; i < wpa_s->ap_iface->num_bss; i++) 1535 hostapd_ctrl_iface_pmksa_flush(wpa_s->ap_iface->bss[i]); 1536 } 1537 1538 if (wpa_s->ifmsh) 1539 hostapd_ctrl_iface_pmksa_flush(wpa_s->ifmsh->bss[0]); 1540 } 1541 1542 1543 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL 1544 #ifdef CONFIG_MESH 1545 1546 int wpas_ap_pmksa_cache_list_mesh(struct wpa_supplicant *wpa_s, const u8 *addr, 1547 char *buf, size_t len) 1548 { 1549 return hostapd_ctrl_iface_pmksa_list_mesh(wpa_s->ifmsh->bss[0], addr, 1550 &buf[0], len); 1551 } 1552 1553 1554 int wpas_ap_pmksa_cache_add_external(struct wpa_supplicant *wpa_s, char *cmd) 1555 { 1556 struct external_pmksa_cache *entry; 1557 void *pmksa_cache; 1558 1559 pmksa_cache = hostapd_ctrl_iface_pmksa_create_entry(wpa_s->own_addr, 1560 cmd); 1561 if (!pmksa_cache) 1562 return -1; 1563 1564 entry = os_zalloc(sizeof(struct external_pmksa_cache)); 1565 if (!entry) 1566 return -1; 1567 1568 entry->pmksa_cache = pmksa_cache; 1569 1570 dl_list_add(&wpa_s->mesh_external_pmksa_cache, &entry->list); 1571 1572 return 0; 1573 } 1574 1575 #endif /* CONFIG_MESH */ 1576 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */ 1577 1578 #endif /* CONFIG_CTRL_IFACE */ 1579 1580 1581 #ifdef NEED_AP_MLME 1582 void wpas_ap_event_dfs_radar_detected(struct wpa_supplicant *wpa_s, 1583 struct dfs_event *radar) 1584 { 1585 if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0]) 1586 return; 1587 wpa_printf(MSG_DEBUG, "DFS radar detected on %d MHz", radar->freq); 1588 hostapd_dfs_radar_detected(wpa_s->ap_iface, radar->freq, 1589 radar->ht_enabled, radar->chan_offset, 1590 radar->chan_width, 1591 radar->cf1, radar->cf2); 1592 } 1593 1594 1595 void wpas_ap_event_dfs_cac_started(struct wpa_supplicant *wpa_s, 1596 struct dfs_event *radar) 1597 { 1598 if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0]) 1599 return; 1600 wpa_printf(MSG_DEBUG, "DFS CAC started on %d MHz", radar->freq); 1601 hostapd_dfs_start_cac(wpa_s->ap_iface, radar->freq, 1602 radar->ht_enabled, radar->chan_offset, 1603 radar->chan_width, radar->cf1, radar->cf2); 1604 } 1605 1606 1607 void wpas_ap_event_dfs_cac_finished(struct wpa_supplicant *wpa_s, 1608 struct dfs_event *radar) 1609 { 1610 if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0]) 1611 return; 1612 wpa_printf(MSG_DEBUG, "DFS CAC finished on %d MHz", radar->freq); 1613 hostapd_dfs_complete_cac(wpa_s->ap_iface, 1, radar->freq, 1614 radar->ht_enabled, radar->chan_offset, 1615 radar->chan_width, radar->cf1, radar->cf2); 1616 } 1617 1618 1619 void wpas_ap_event_dfs_cac_aborted(struct wpa_supplicant *wpa_s, 1620 struct dfs_event *radar) 1621 { 1622 if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0]) 1623 return; 1624 wpa_printf(MSG_DEBUG, "DFS CAC aborted on %d MHz", radar->freq); 1625 hostapd_dfs_complete_cac(wpa_s->ap_iface, 0, radar->freq, 1626 radar->ht_enabled, radar->chan_offset, 1627 radar->chan_width, radar->cf1, radar->cf2); 1628 } 1629 1630 1631 void wpas_ap_event_dfs_cac_nop_finished(struct wpa_supplicant *wpa_s, 1632 struct dfs_event *radar) 1633 { 1634 if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0]) 1635 return; 1636 wpa_printf(MSG_DEBUG, "DFS NOP finished on %d MHz", radar->freq); 1637 hostapd_dfs_nop_finished(wpa_s->ap_iface, radar->freq, 1638 radar->ht_enabled, radar->chan_offset, 1639 radar->chan_width, radar->cf1, radar->cf2); 1640 } 1641 #endif /* NEED_AP_MLME */ 1642 1643 1644 void ap_periodic(struct wpa_supplicant *wpa_s) 1645 { 1646 if (wpa_s->ap_iface) 1647 hostapd_periodic_iface(wpa_s->ap_iface); 1648 } 1649