1 /* 2 * WPA Supplicant / Configuration file structures 3 * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #ifndef CONFIG_H 16 #define CONFIG_H 17 18 #define DEFAULT_EAPOL_VERSION 1 19 #ifdef CONFIG_NO_SCAN_PROCESSING 20 #define DEFAULT_AP_SCAN 2 21 #else /* CONFIG_NO_SCAN_PROCESSING */ 22 #define DEFAULT_AP_SCAN 1 23 #endif /* CONFIG_NO_SCAN_PROCESSING */ 24 #define DEFAULT_FAST_REAUTH 1 25 26 #include "config_ssid.h" 27 28 29 /** 30 * struct wpa_config - wpa_supplicant configuration data 31 * 32 * This data structure is presents the per-interface (radio) configuration 33 * data. In many cases, there is only one struct wpa_config instance, but if 34 * more than one network interface is being controlled, one instance is used 35 * for each. 36 */ 37 struct wpa_config { 38 /** 39 * ssid - Head of the global network list 40 * 41 * This is the head for the list of all the configured networks. 42 */ 43 struct wpa_ssid *ssid; 44 45 /** 46 * pssid - Per-priority network lists (in priority order) 47 */ 48 struct wpa_ssid **pssid; 49 50 /** 51 * num_prio - Number of different priorities used in the pssid lists 52 * 53 * This indicates how many per-priority network lists are included in 54 * pssid. 55 */ 56 int num_prio; 57 58 /** 59 * eapol_version - IEEE 802.1X/EAPOL version number 60 * 61 * wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which 62 * defines EAPOL version 2. However, there are many APs that do not 63 * handle the new version number correctly (they seem to drop the 64 * frames completely). In order to make wpa_supplicant interoperate 65 * with these APs, the version number is set to 1 by default. This 66 * configuration value can be used to set it to the new version (2). 67 */ 68 int eapol_version; 69 70 /** 71 * ap_scan - AP scanning/selection 72 * 73 * By default, wpa_supplicant requests driver to perform AP 74 * scanning and then uses the scan results to select a 75 * suitable AP. Another alternative is to allow the driver to 76 * take care of AP scanning and selection and use 77 * wpa_supplicant just to process EAPOL frames based on IEEE 78 * 802.11 association information from the driver. 79 * 80 * 1: wpa_supplicant initiates scanning and AP selection (default). 81 * 82 * 0: Driver takes care of scanning, AP selection, and IEEE 802.11 83 * association parameters (e.g., WPA IE generation); this mode can 84 * also be used with non-WPA drivers when using IEEE 802.1X mode; 85 * do not try to associate with APs (i.e., external program needs 86 * to control association). This mode must also be used when using 87 * wired Ethernet drivers. 88 * 89 * 2: like 0, but associate with APs using security policy and SSID 90 * (but not BSSID); this can be used, e.g., with ndiswrapper and NDIS 91 * drivers to enable operation with hidden SSIDs and optimized roaming; 92 * in this mode, the network blocks in the configuration are tried 93 * one by one until the driver reports successful association; each 94 * network block should have explicit security policy (i.e., only one 95 * option in the lists) for key_mgmt, pairwise, group, proto variables. 96 */ 97 int ap_scan; 98 99 /** 100 * ctrl_interface - Parameters for the control interface 101 * 102 * If this is specified, %wpa_supplicant will open a control interface 103 * that is available for external programs to manage %wpa_supplicant. 104 * The meaning of this string depends on which control interface 105 * mechanism is used. For all cases, the existance of this parameter 106 * in configuration is used to determine whether the control interface 107 * is enabled. 108 * 109 * For UNIX domain sockets (default on Linux and BSD): This is a 110 * directory that will be created for UNIX domain sockets for listening 111 * to requests from external programs (CLI/GUI, etc.) for status 112 * information and configuration. The socket file will be named based 113 * on the interface name, so multiple %wpa_supplicant processes can be 114 * run at the same time if more than one interface is used. 115 * /var/run/wpa_supplicant is the recommended directory for sockets and 116 * by default, wpa_cli will use it when trying to connect with 117 * %wpa_supplicant. 118 * 119 * Access control for the control interface can be configured 120 * by setting the directory to allow only members of a group 121 * to use sockets. This way, it is possible to run 122 * %wpa_supplicant as root (since it needs to change network 123 * configuration and open raw sockets) and still allow GUI/CLI 124 * components to be run as non-root users. However, since the 125 * control interface can be used to change the network 126 * configuration, this access needs to be protected in many 127 * cases. By default, %wpa_supplicant is configured to use gid 128 * 0 (root). If you want to allow non-root users to use the 129 * control interface, add a new group and change this value to 130 * match with that group. Add users that should have control 131 * interface access to this group. 132 * 133 * When configuring both the directory and group, use following format: 134 * DIR=/var/run/wpa_supplicant GROUP=wheel 135 * DIR=/var/run/wpa_supplicant GROUP=0 136 * (group can be either group name or gid) 137 * 138 * For UDP connections (default on Windows): The value will be ignored. 139 * This variable is just used to select that the control interface is 140 * to be created. The value can be set to, e.g., udp 141 * (ctrl_interface=udp). 142 * 143 * For Windows Named Pipe: This value can be used to set the security 144 * descriptor for controlling access to the control interface. Security 145 * descriptor can be set using Security Descriptor String Format (see 146 * http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_descriptor_string_format.asp). 147 * The descriptor string needs to be prefixed with SDDL=. For example, 148 * ctrl_interface=SDDL=D: would set an empty DACL (which will reject 149 * all connections). 150 */ 151 char *ctrl_interface; 152 153 /** 154 * ctrl_interface_group - Control interface group (DEPRECATED) 155 * 156 * This variable is only used for backwards compatibility. Group for 157 * UNIX domain sockets should now be specified using GROUP=group in 158 * ctrl_interface variable. 159 */ 160 char *ctrl_interface_group; 161 162 /** 163 * fast_reauth - EAP fast re-authentication (session resumption) 164 * 165 * By default, fast re-authentication is enabled for all EAP methods 166 * that support it. This variable can be used to disable fast 167 * re-authentication (by setting fast_reauth=0). Normally, there is no 168 * need to disable fast re-authentication. 169 */ 170 int fast_reauth; 171 172 #ifdef EAP_TLS_OPENSSL 173 /** 174 * opensc_engine_path - Path to the OpenSSL engine for opensc 175 * 176 * This is an OpenSSL specific configuration option for loading OpenSC 177 * engine (engine_opensc.so); if %NULL, this engine is not loaded. 178 */ 179 char *opensc_engine_path; 180 181 /** 182 * pkcs11_engine_path - Path to the OpenSSL engine for PKCS#11 183 * 184 * This is an OpenSSL specific configuration option for loading PKCS#11 185 * engine (engine_pkcs11.so); if %NULL, this engine is not loaded. 186 */ 187 char *pkcs11_engine_path; 188 189 /** 190 * pkcs11_module_path - Path to the OpenSSL OpenSC/PKCS#11 module 191 * 192 * This is an OpenSSL specific configuration option for configuring 193 * path to OpenSC/PKCS#11 engine (opensc-pkcs11.so); if %NULL, this 194 * module is not loaded. 195 */ 196 char *pkcs11_module_path; 197 #endif /* EAP_TLS_OPENSSL */ 198 199 /** 200 * driver_param - Driver interface parameters 201 * 202 * This text string is passed to the selected driver interface with the 203 * optional struct wpa_driver_ops::set_param() handler. This can be 204 * used to configure driver specific options without having to add new 205 * driver interface functionality. 206 */ 207 char *driver_param; 208 209 /** 210 * dot11RSNAConfigPMKLifetime - Maximum lifetime of a PMK 211 * 212 * dot11 MIB variable for the maximum lifetime of a PMK in the PMK 213 * cache (unit: seconds). 214 */ 215 unsigned int dot11RSNAConfigPMKLifetime; 216 217 /** 218 * dot11RSNAConfigPMKReauthThreshold - PMK re-authentication threshold 219 * 220 * dot11 MIB variable for the percentage of the PMK lifetime 221 * that should expire before an IEEE 802.1X reauthentication occurs. 222 */ 223 unsigned int dot11RSNAConfigPMKReauthThreshold; 224 225 /** 226 * dot11RSNAConfigSATimeout - Security association timeout 227 * 228 * dot11 MIB variable for the maximum time a security association 229 * shall take to set up (unit: seconds). 230 */ 231 unsigned int dot11RSNAConfigSATimeout; 232 233 /** 234 * update_config - Is wpa_supplicant allowed to update configuration 235 * 236 * This variable control whether wpa_supplicant is allow to re-write 237 * its configuration with wpa_config_write(). If this is zero, 238 * configuration data is only changed in memory and the external data 239 * is not overriden. If this is non-zero, wpa_supplicant will update 240 * the configuration data (e.g., a file) whenever configuration is 241 * changed. This update may replace the old configuration which can 242 * remove comments from it in case of a text file configuration. 243 */ 244 int update_config; 245 246 /** 247 * blobs - Configuration blobs 248 */ 249 struct wpa_config_blob *blobs; 250 251 /** 252 * uuid - Universally Unique IDentifier (UUID; see RFC 4122) for WPS 253 */ 254 u8 uuid[16]; 255 256 /** 257 * device_name - Device Name (WPS) 258 * User-friendly description of device; up to 32 octets encoded in 259 * UTF-8 260 */ 261 char *device_name; 262 263 /** 264 * manufacturer - Manufacturer (WPS) 265 * The manufacturer of the device (up to 64 ASCII characters) 266 */ 267 char *manufacturer; 268 269 /** 270 * model_name - Model Name (WPS) 271 * Model of the device (up to 32 ASCII characters) 272 */ 273 char *model_name; 274 275 /** 276 * model_number - Model Number (WPS) 277 * Additional device description (up to 32 ASCII characters) 278 */ 279 char *model_number; 280 281 /** 282 * serial_number - Serial Number (WPS) 283 * Serial number of the device (up to 32 characters) 284 */ 285 char *serial_number; 286 287 /** 288 * device_type - Primary Device Type (WPS) 289 * Used format: categ-OUI-subcateg 290 * categ = Category as an integer value 291 * OUI = OUI and type octet as a 4-octet hex-encoded value; 292 * 0050F204 for default WPS OUI 293 * subcateg = OUI-specific Sub Category as an integer value 294 * Examples: 295 * 1-0050F204-1 (Computer / PC) 296 * 1-0050F204-2 (Computer / Server) 297 * 5-0050F204-1 (Storage / NAS) 298 * 6-0050F204-1 (Network Infrastructure / AP) 299 */ 300 char *device_type; 301 302 /** 303 * os_version - OS Version (WPS) 304 * 4-octet operating system version number 305 */ 306 u8 os_version[4]; 307 308 /** 309 * country - Country code 310 * 311 * This is the ISO/IEC alpha2 country code for which we are operating 312 * in 313 */ 314 char country[2]; 315 316 /** 317 * wps_cred_processing - Credential processing 318 * 319 * 0 = process received credentials internally 320 * 1 = do not process received credentials; just pass them over 321 * ctrl_iface to external program(s) 322 * 2 = process received credentials internally and pass them over 323 * ctrl_iface to external program(s) 324 */ 325 int wps_cred_processing; 326 }; 327 328 329 /* Prototypes for common functions from config.c */ 330 331 void wpa_config_free(struct wpa_config *ssid); 332 void wpa_config_free_ssid(struct wpa_ssid *ssid); 333 struct wpa_ssid * wpa_config_get_network(struct wpa_config *config, int id); 334 struct wpa_ssid * wpa_config_add_network(struct wpa_config *config); 335 int wpa_config_remove_network(struct wpa_config *config, int id); 336 void wpa_config_set_network_defaults(struct wpa_ssid *ssid); 337 int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value, 338 int line); 339 char * wpa_config_get(struct wpa_ssid *ssid, const char *var); 340 char * wpa_config_get_no_key(struct wpa_ssid *ssid, const char *var); 341 void wpa_config_update_psk(struct wpa_ssid *ssid); 342 int wpa_config_add_prio_network(struct wpa_config *config, 343 struct wpa_ssid *ssid); 344 const struct wpa_config_blob * wpa_config_get_blob(struct wpa_config *config, 345 const char *name); 346 void wpa_config_set_blob(struct wpa_config *config, 347 struct wpa_config_blob *blob); 348 void wpa_config_free_blob(struct wpa_config_blob *blob); 349 int wpa_config_remove_blob(struct wpa_config *config, const char *name); 350 351 struct wpa_config * wpa_config_alloc_empty(const char *ctrl_interface, 352 const char *driver_param); 353 #ifndef CONFIG_NO_STDOUT_DEBUG 354 void wpa_config_debug_dump_networks(struct wpa_config *config); 355 #else /* CONFIG_NO_STDOUT_DEBUG */ 356 #define wpa_config_debug_dump_networks(c) do { } while (0) 357 #endif /* CONFIG_NO_STDOUT_DEBUG */ 358 359 360 /* Prototypes for backend specific functions from the selected config_*.c */ 361 362 /** 363 * wpa_config_read - Read and parse configuration database 364 * @name: Name of the configuration (e.g., path and file name for the 365 * configuration file) 366 * Returns: Pointer to allocated configuration data or %NULL on failure 367 * 368 * This function reads configuration data, parses its contents, and allocates 369 * data structures needed for storing configuration information. The allocated 370 * data can be freed with wpa_config_free(). 371 * 372 * Each configuration backend needs to implement this function. 373 */ 374 struct wpa_config * wpa_config_read(const char *name); 375 376 /** 377 * wpa_config_write - Write or update configuration data 378 * @name: Name of the configuration (e.g., path and file name for the 379 * configuration file) 380 * @config: Configuration data from wpa_config_read() 381 * Returns: 0 on success, -1 on failure 382 * 383 * This function write all configuration data into an external database (e.g., 384 * a text file) in a format that can be read with wpa_config_read(). This can 385 * be used to allow wpa_supplicant to update its configuration, e.g., when a 386 * new network is added or a password is changed. 387 * 388 * Each configuration backend needs to implement this function. 389 */ 390 int wpa_config_write(const char *name, struct wpa_config *config); 391 392 #endif /* CONFIG_H */ 393