xref: /freebsd/contrib/wpa/wpa_supplicant/config_file.c (revision 4fd0d10e0fe684211328bc148edf89a792425b39)
1 /*
2  * WPA Supplicant / Configuration backend: text file
3  * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file implements a configuration backend for text files. All the
9  * configuration information is stored in a text file that uses a format
10  * described in the sample configuration file, wpa_supplicant.conf.
11  */
12 
13 #include "includes.h"
14 
15 #include "common.h"
16 #include "config.h"
17 #include "base64.h"
18 #include "uuid.h"
19 #include "p2p/p2p.h"
20 #include "eap_peer/eap_methods.h"
21 #include "eap_peer/eap.h"
22 
23 
24 static int newline_terminated(const char *buf, size_t buflen)
25 {
26 	size_t len = os_strlen(buf);
27 	if (len == 0)
28 		return 0;
29 	if (len == buflen - 1 && buf[buflen - 1] != '\r' &&
30 	    buf[len - 1] != '\n')
31 		return 0;
32 	return 1;
33 }
34 
35 
36 static void skip_line_end(FILE *stream)
37 {
38 	char buf[100];
39 	while (fgets(buf, sizeof(buf), stream)) {
40 		buf[sizeof(buf) - 1] = '\0';
41 		if (newline_terminated(buf, sizeof(buf)))
42 			return;
43 	}
44 }
45 
46 
47 /**
48  * wpa_config_get_line - Read the next configuration file line
49  * @s: Buffer for the line
50  * @size: The buffer length
51  * @stream: File stream to read from
52  * @line: Pointer to a variable storing the file line number
53  * @_pos: Buffer for the pointer to the beginning of data on the text line or
54  * %NULL if not needed (returned value used instead)
55  * Returns: Pointer to the beginning of data on the text line or %NULL if no
56  * more text lines are available.
57  *
58  * This function reads the next non-empty line from the configuration file and
59  * removes comments. The returned string is guaranteed to be null-terminated.
60  */
61 static char * wpa_config_get_line(char *s, int size, FILE *stream, int *line,
62 				  char **_pos)
63 {
64 	char *pos, *end, *sstart;
65 
66 	while (fgets(s, size, stream)) {
67 		(*line)++;
68 		s[size - 1] = '\0';
69 		if (!newline_terminated(s, size)) {
70 			/*
71 			 * The line was truncated - skip rest of it to avoid
72 			 * confusing error messages.
73 			 */
74 			wpa_printf(MSG_INFO, "Long line in configuration file "
75 				   "truncated");
76 			skip_line_end(stream);
77 		}
78 		pos = s;
79 
80 		/* Skip white space from the beginning of line. */
81 		while (*pos == ' ' || *pos == '\t' || *pos == '\r')
82 			pos++;
83 
84 		/* Skip comment lines and empty lines */
85 		if (*pos == '#' || *pos == '\n' || *pos == '\0')
86 			continue;
87 
88 		/*
89 		 * Remove # comments unless they are within a double quoted
90 		 * string.
91 		 */
92 		sstart = os_strchr(pos, '"');
93 		if (sstart)
94 			sstart = os_strrchr(sstart + 1, '"');
95 		if (!sstart)
96 			sstart = pos;
97 		end = os_strchr(sstart, '#');
98 		if (end)
99 			*end-- = '\0';
100 		else
101 			end = pos + os_strlen(pos) - 1;
102 
103 		/* Remove trailing white space. */
104 		while (end > pos &&
105 		       (*end == '\n' || *end == ' ' || *end == '\t' ||
106 			*end == '\r'))
107 			*end-- = '\0';
108 
109 		if (*pos == '\0')
110 			continue;
111 
112 		if (_pos)
113 			*_pos = pos;
114 		return pos;
115 	}
116 
117 	if (_pos)
118 		*_pos = NULL;
119 	return NULL;
120 }
121 
122 
123 static int wpa_config_validate_network(struct wpa_ssid *ssid, int line)
124 {
125 	int errors = 0;
126 
127 	if (ssid->passphrase) {
128 		if (ssid->psk_set) {
129 			wpa_printf(MSG_ERROR, "Line %d: both PSK and "
130 				   "passphrase configured.", line);
131 			errors++;
132 		}
133 		wpa_config_update_psk(ssid);
134 	}
135 
136 	if ((ssid->group_cipher & WPA_CIPHER_CCMP) &&
137 	    !(ssid->pairwise_cipher & WPA_CIPHER_CCMP) &&
138 	    !(ssid->pairwise_cipher & WPA_CIPHER_NONE)) {
139 		/* Group cipher cannot be stronger than the pairwise cipher. */
140 		wpa_printf(MSG_DEBUG, "Line %d: removed CCMP from group cipher"
141 			   " list since it was not allowed for pairwise "
142 			   "cipher", line);
143 		ssid->group_cipher &= ~WPA_CIPHER_CCMP;
144 	}
145 
146 	return errors;
147 }
148 
149 
150 static struct wpa_ssid * wpa_config_read_network(FILE *f, int *line, int id)
151 {
152 	struct wpa_ssid *ssid;
153 	int errors = 0, end = 0;
154 	char buf[2000], *pos, *pos2;
155 
156 	wpa_printf(MSG_MSGDUMP, "Line: %d - start of a new network block",
157 		   *line);
158 	ssid = os_zalloc(sizeof(*ssid));
159 	if (ssid == NULL)
160 		return NULL;
161 	ssid->id = id;
162 
163 	wpa_config_set_network_defaults(ssid);
164 
165 	while (wpa_config_get_line(buf, sizeof(buf), f, line, &pos)) {
166 		if (os_strcmp(pos, "}") == 0) {
167 			end = 1;
168 			break;
169 		}
170 
171 		pos2 = os_strchr(pos, '=');
172 		if (pos2 == NULL) {
173 			wpa_printf(MSG_ERROR, "Line %d: Invalid SSID line "
174 				   "'%s'.", *line, pos);
175 			errors++;
176 			continue;
177 		}
178 
179 		*pos2++ = '\0';
180 		if (*pos2 == '"') {
181 			if (os_strchr(pos2 + 1, '"') == NULL) {
182 				wpa_printf(MSG_ERROR, "Line %d: invalid "
183 					   "quotation '%s'.", *line, pos2);
184 				errors++;
185 				continue;
186 			}
187 		}
188 
189 		if (wpa_config_set(ssid, pos, pos2, *line) < 0)
190 			errors++;
191 	}
192 
193 	if (!end) {
194 		wpa_printf(MSG_ERROR, "Line %d: network block was not "
195 			   "terminated properly.", *line);
196 		errors++;
197 	}
198 
199 	errors += wpa_config_validate_network(ssid, *line);
200 
201 	if (errors) {
202 		wpa_config_free_ssid(ssid);
203 		ssid = NULL;
204 	}
205 
206 	return ssid;
207 }
208 
209 
210 static struct wpa_cred * wpa_config_read_cred(FILE *f, int *line, int id)
211 {
212 	struct wpa_cred *cred;
213 	int errors = 0, end = 0;
214 	char buf[256], *pos, *pos2;
215 
216 	wpa_printf(MSG_MSGDUMP, "Line: %d - start of a new cred block", *line);
217 	cred = os_zalloc(sizeof(*cred));
218 	if (cred == NULL)
219 		return NULL;
220 	cred->id = id;
221 
222 	while (wpa_config_get_line(buf, sizeof(buf), f, line, &pos)) {
223 		if (os_strcmp(pos, "}") == 0) {
224 			end = 1;
225 			break;
226 		}
227 
228 		pos2 = os_strchr(pos, '=');
229 		if (pos2 == NULL) {
230 			wpa_printf(MSG_ERROR, "Line %d: Invalid cred line "
231 				   "'%s'.", *line, pos);
232 			errors++;
233 			continue;
234 		}
235 
236 		*pos2++ = '\0';
237 		if (*pos2 == '"') {
238 			if (os_strchr(pos2 + 1, '"') == NULL) {
239 				wpa_printf(MSG_ERROR, "Line %d: invalid "
240 					   "quotation '%s'.", *line, pos2);
241 				errors++;
242 				continue;
243 			}
244 		}
245 
246 		if (wpa_config_set_cred(cred, pos, pos2, *line) < 0)
247 			errors++;
248 	}
249 
250 	if (!end) {
251 		wpa_printf(MSG_ERROR, "Line %d: cred block was not "
252 			   "terminated properly.", *line);
253 		errors++;
254 	}
255 
256 	if (errors) {
257 		wpa_config_free_cred(cred);
258 		cred = NULL;
259 	}
260 
261 	return cred;
262 }
263 
264 
265 #ifndef CONFIG_NO_CONFIG_BLOBS
266 static struct wpa_config_blob * wpa_config_read_blob(FILE *f, int *line,
267 						     const char *name)
268 {
269 	struct wpa_config_blob *blob;
270 	char buf[256], *pos;
271 	unsigned char *encoded = NULL, *nencoded;
272 	int end = 0;
273 	size_t encoded_len = 0, len;
274 
275 	wpa_printf(MSG_MSGDUMP, "Line: %d - start of a new named blob '%s'",
276 		   *line, name);
277 
278 	while (wpa_config_get_line(buf, sizeof(buf), f, line, &pos)) {
279 		if (os_strcmp(pos, "}") == 0) {
280 			end = 1;
281 			break;
282 		}
283 
284 		len = os_strlen(pos);
285 		nencoded = os_realloc(encoded, encoded_len + len);
286 		if (nencoded == NULL) {
287 			wpa_printf(MSG_ERROR, "Line %d: not enough memory for "
288 				   "blob", *line);
289 			os_free(encoded);
290 			return NULL;
291 		}
292 		encoded = nencoded;
293 		os_memcpy(encoded + encoded_len, pos, len);
294 		encoded_len += len;
295 	}
296 
297 	if (!end) {
298 		wpa_printf(MSG_ERROR, "Line %d: blob was not terminated "
299 			   "properly", *line);
300 		os_free(encoded);
301 		return NULL;
302 	}
303 
304 	blob = os_zalloc(sizeof(*blob));
305 	if (blob == NULL) {
306 		os_free(encoded);
307 		return NULL;
308 	}
309 	blob->name = os_strdup(name);
310 	blob->data = base64_decode(encoded, encoded_len, &blob->len);
311 	os_free(encoded);
312 
313 	if (blob->name == NULL || blob->data == NULL) {
314 		wpa_config_free_blob(blob);
315 		return NULL;
316 	}
317 
318 	return blob;
319 }
320 
321 
322 static int wpa_config_process_blob(struct wpa_config *config, FILE *f,
323 				   int *line, char *bname)
324 {
325 	char *name_end;
326 	struct wpa_config_blob *blob;
327 
328 	name_end = os_strchr(bname, '=');
329 	if (name_end == NULL) {
330 		wpa_printf(MSG_ERROR, "Line %d: no blob name terminator",
331 			   *line);
332 		return -1;
333 	}
334 	*name_end = '\0';
335 
336 	blob = wpa_config_read_blob(f, line, bname);
337 	if (blob == NULL) {
338 		wpa_printf(MSG_ERROR, "Line %d: failed to read blob %s",
339 			   *line, bname);
340 		return -1;
341 	}
342 	wpa_config_set_blob(config, blob);
343 	return 0;
344 }
345 #endif /* CONFIG_NO_CONFIG_BLOBS */
346 
347 
348 struct wpa_config * wpa_config_read(const char *name)
349 {
350 	FILE *f;
351 	char buf[512], *pos;
352 	int errors = 0, line = 0;
353 	struct wpa_ssid *ssid, *tail = NULL, *head = NULL;
354 	struct wpa_cred *cred, *cred_tail = NULL, *cred_head = NULL;
355 	struct wpa_config *config;
356 	int id = 0;
357 	int cred_id = 0;
358 
359 	config = wpa_config_alloc_empty(NULL, NULL);
360 	if (config == NULL) {
361 		wpa_printf(MSG_ERROR, "Failed to allocate config file "
362 			   "structure");
363 		return NULL;
364 	}
365 
366 	wpa_printf(MSG_DEBUG, "Reading configuration file '%s'", name);
367 	f = fopen(name, "r");
368 	if (f == NULL) {
369 		wpa_printf(MSG_ERROR, "Failed to open config file '%s', "
370 			   "error: %s", name, strerror(errno));
371 		os_free(config);
372 		return NULL;
373 	}
374 
375 	while (wpa_config_get_line(buf, sizeof(buf), f, &line, &pos)) {
376 		if (os_strcmp(pos, "network={") == 0) {
377 			ssid = wpa_config_read_network(f, &line, id++);
378 			if (ssid == NULL) {
379 				wpa_printf(MSG_ERROR, "Line %d: failed to "
380 					   "parse network block.", line);
381 				errors++;
382 				continue;
383 			}
384 			if (head == NULL) {
385 				head = tail = ssid;
386 			} else {
387 				tail->next = ssid;
388 				tail = ssid;
389 			}
390 			if (wpa_config_add_prio_network(config, ssid)) {
391 				wpa_printf(MSG_ERROR, "Line %d: failed to add "
392 					   "network block to priority list.",
393 					   line);
394 				errors++;
395 				continue;
396 			}
397 		} else if (os_strcmp(pos, "cred={") == 0) {
398 			cred = wpa_config_read_cred(f, &line, cred_id++);
399 			if (cred == NULL) {
400 				wpa_printf(MSG_ERROR, "Line %d: failed to "
401 					   "parse cred block.", line);
402 				errors++;
403 				continue;
404 			}
405 			if (cred_head == NULL) {
406 				cred_head = cred_tail = cred;
407 			} else {
408 				cred_tail->next = cred;
409 				cred_tail = cred;
410 			}
411 #ifndef CONFIG_NO_CONFIG_BLOBS
412 		} else if (os_strncmp(pos, "blob-base64-", 12) == 0) {
413 			if (wpa_config_process_blob(config, f, &line, pos + 12)
414 			    < 0) {
415 				wpa_printf(MSG_ERROR, "Line %d: failed to "
416 					   "process blob.", line);
417 				errors++;
418 				continue;
419 			}
420 #endif /* CONFIG_NO_CONFIG_BLOBS */
421 		} else if (wpa_config_process_global(config, pos, line) < 0) {
422 			wpa_printf(MSG_ERROR, "Line %d: Invalid configuration "
423 				   "line '%s'.", line, pos);
424 			errors++;
425 			continue;
426 		}
427 	}
428 
429 	fclose(f);
430 
431 	config->ssid = head;
432 	wpa_config_debug_dump_networks(config);
433 	config->cred = cred_head;
434 
435 #ifndef WPA_IGNORE_CONFIG_ERRORS
436 	if (errors) {
437 		wpa_config_free(config);
438 		config = NULL;
439 		head = NULL;
440 	}
441 #endif /* WPA_IGNORE_CONFIG_ERRORS */
442 
443 	return config;
444 }
445 
446 
447 #ifndef CONFIG_NO_CONFIG_WRITE
448 
449 static void write_str(FILE *f, const char *field, struct wpa_ssid *ssid)
450 {
451 	char *value = wpa_config_get(ssid, field);
452 	if (value == NULL)
453 		return;
454 	fprintf(f, "\t%s=%s\n", field, value);
455 	os_free(value);
456 }
457 
458 
459 static void write_int(FILE *f, const char *field, int value, int def)
460 {
461 	if (value == def)
462 		return;
463 	fprintf(f, "\t%s=%d\n", field, value);
464 }
465 
466 
467 static void write_bssid(FILE *f, struct wpa_ssid *ssid)
468 {
469 	char *value = wpa_config_get(ssid, "bssid");
470 	if (value == NULL)
471 		return;
472 	fprintf(f, "\tbssid=%s\n", value);
473 	os_free(value);
474 }
475 
476 
477 static void write_psk(FILE *f, struct wpa_ssid *ssid)
478 {
479 	char *value = wpa_config_get(ssid, "psk");
480 	if (value == NULL)
481 		return;
482 	fprintf(f, "\tpsk=%s\n", value);
483 	os_free(value);
484 }
485 
486 
487 static void write_proto(FILE *f, struct wpa_ssid *ssid)
488 {
489 	char *value;
490 
491 	if (ssid->proto == DEFAULT_PROTO)
492 		return;
493 
494 	value = wpa_config_get(ssid, "proto");
495 	if (value == NULL)
496 		return;
497 	if (value[0])
498 		fprintf(f, "\tproto=%s\n", value);
499 	os_free(value);
500 }
501 
502 
503 static void write_key_mgmt(FILE *f, struct wpa_ssid *ssid)
504 {
505 	char *value;
506 
507 	if (ssid->key_mgmt == DEFAULT_KEY_MGMT)
508 		return;
509 
510 	value = wpa_config_get(ssid, "key_mgmt");
511 	if (value == NULL)
512 		return;
513 	if (value[0])
514 		fprintf(f, "\tkey_mgmt=%s\n", value);
515 	os_free(value);
516 }
517 
518 
519 static void write_pairwise(FILE *f, struct wpa_ssid *ssid)
520 {
521 	char *value;
522 
523 	if (ssid->pairwise_cipher == DEFAULT_PAIRWISE)
524 		return;
525 
526 	value = wpa_config_get(ssid, "pairwise");
527 	if (value == NULL)
528 		return;
529 	if (value[0])
530 		fprintf(f, "\tpairwise=%s\n", value);
531 	os_free(value);
532 }
533 
534 
535 static void write_group(FILE *f, struct wpa_ssid *ssid)
536 {
537 	char *value;
538 
539 	if (ssid->group_cipher == DEFAULT_GROUP)
540 		return;
541 
542 	value = wpa_config_get(ssid, "group");
543 	if (value == NULL)
544 		return;
545 	if (value[0])
546 		fprintf(f, "\tgroup=%s\n", value);
547 	os_free(value);
548 }
549 
550 
551 static void write_auth_alg(FILE *f, struct wpa_ssid *ssid)
552 {
553 	char *value;
554 
555 	if (ssid->auth_alg == 0)
556 		return;
557 
558 	value = wpa_config_get(ssid, "auth_alg");
559 	if (value == NULL)
560 		return;
561 	if (value[0])
562 		fprintf(f, "\tauth_alg=%s\n", value);
563 	os_free(value);
564 }
565 
566 
567 #ifdef IEEE8021X_EAPOL
568 static void write_eap(FILE *f, struct wpa_ssid *ssid)
569 {
570 	char *value;
571 
572 	value = wpa_config_get(ssid, "eap");
573 	if (value == NULL)
574 		return;
575 
576 	if (value[0])
577 		fprintf(f, "\teap=%s\n", value);
578 	os_free(value);
579 }
580 #endif /* IEEE8021X_EAPOL */
581 
582 
583 static void write_wep_key(FILE *f, int idx, struct wpa_ssid *ssid)
584 {
585 	char field[20], *value;
586 	int res;
587 
588 	res = os_snprintf(field, sizeof(field), "wep_key%d", idx);
589 	if (res < 0 || (size_t) res >= sizeof(field))
590 		return;
591 	value = wpa_config_get(ssid, field);
592 	if (value) {
593 		fprintf(f, "\t%s=%s\n", field, value);
594 		os_free(value);
595 	}
596 }
597 
598 
599 #ifdef CONFIG_P2P
600 static void write_p2p_client_list(FILE *f, struct wpa_ssid *ssid)
601 {
602 	char *value = wpa_config_get(ssid, "p2p_client_list");
603 	if (value == NULL)
604 		return;
605 	fprintf(f, "\tp2p_client_list=%s\n", value);
606 	os_free(value);
607 }
608 #endif /* CONFIG_P2P */
609 
610 
611 static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
612 {
613 	int i;
614 
615 #define STR(t) write_str(f, #t, ssid)
616 #define INT(t) write_int(f, #t, ssid->t, 0)
617 #define INTe(t) write_int(f, #t, ssid->eap.t, 0)
618 #define INT_DEF(t, def) write_int(f, #t, ssid->t, def)
619 #define INT_DEFe(t, def) write_int(f, #t, ssid->eap.t, def)
620 
621 	STR(ssid);
622 	INT(scan_ssid);
623 	write_bssid(f, ssid);
624 	write_psk(f, ssid);
625 	write_proto(f, ssid);
626 	write_key_mgmt(f, ssid);
627 	INT_DEF(bg_scan_period, DEFAULT_BG_SCAN_PERIOD);
628 	write_pairwise(f, ssid);
629 	write_group(f, ssid);
630 	write_auth_alg(f, ssid);
631 	STR(bgscan);
632 	STR(autoscan);
633 #ifdef IEEE8021X_EAPOL
634 	write_eap(f, ssid);
635 	STR(identity);
636 	STR(anonymous_identity);
637 	STR(password);
638 	STR(ca_cert);
639 	STR(ca_path);
640 	STR(client_cert);
641 	STR(private_key);
642 	STR(private_key_passwd);
643 	STR(dh_file);
644 	STR(subject_match);
645 	STR(altsubject_match);
646 	STR(ca_cert2);
647 	STR(ca_path2);
648 	STR(client_cert2);
649 	STR(private_key2);
650 	STR(private_key2_passwd);
651 	STR(dh_file2);
652 	STR(subject_match2);
653 	STR(altsubject_match2);
654 	STR(phase1);
655 	STR(phase2);
656 	STR(pcsc);
657 	STR(pin);
658 	STR(engine_id);
659 	STR(key_id);
660 	STR(cert_id);
661 	STR(ca_cert_id);
662 	STR(key2_id);
663 	STR(pin2);
664 	STR(engine2_id);
665 	STR(cert2_id);
666 	STR(ca_cert2_id);
667 	INTe(engine);
668 	INTe(engine2);
669 	INT_DEF(eapol_flags, DEFAULT_EAPOL_FLAGS);
670 #endif /* IEEE8021X_EAPOL */
671 	for (i = 0; i < 4; i++)
672 		write_wep_key(f, i, ssid);
673 	INT(wep_tx_keyidx);
674 	INT(priority);
675 #ifdef IEEE8021X_EAPOL
676 	INT_DEF(eap_workaround, DEFAULT_EAP_WORKAROUND);
677 	STR(pac_file);
678 	INT_DEFe(fragment_size, DEFAULT_FRAGMENT_SIZE);
679 #endif /* IEEE8021X_EAPOL */
680 	INT(mode);
681 	INT(frequency);
682 	write_int(f, "proactive_key_caching", ssid->proactive_key_caching, -1);
683 	INT(disabled);
684 	INT(peerkey);
685 #ifdef CONFIG_IEEE80211W
686 	write_int(f, "ieee80211w", ssid->ieee80211w,
687 		  MGMT_FRAME_PROTECTION_DEFAULT);
688 #endif /* CONFIG_IEEE80211W */
689 	STR(id_str);
690 #ifdef CONFIG_P2P
691 	write_p2p_client_list(f, ssid);
692 #endif /* CONFIG_P2P */
693 
694 #undef STR
695 #undef INT
696 #undef INT_DEF
697 }
698 
699 
700 static void wpa_config_write_cred(FILE *f, struct wpa_cred *cred)
701 {
702 	if (cred->priority)
703 		fprintf(f, "\tpriority=%d\n", cred->priority);
704 	if (cred->pcsc)
705 		fprintf(f, "\tpcsc=%d\n", cred->pcsc);
706 	if (cred->realm)
707 		fprintf(f, "\trealm=\"%s\"\n", cred->realm);
708 	if (cred->username)
709 		fprintf(f, "\tusername=\"%s\"\n", cred->username);
710 	if (cred->password && cred->ext_password)
711 		fprintf(f, "\tpassword=ext:%s\n", cred->password);
712 	else if (cred->password)
713 		fprintf(f, "\tpassword=\"%s\"\n", cred->password);
714 	if (cred->ca_cert)
715 		fprintf(f, "\tca_cert=\"%s\"\n", cred->ca_cert);
716 	if (cred->client_cert)
717 		fprintf(f, "\tclient_cert=\"%s\"\n", cred->client_cert);
718 	if (cred->private_key)
719 		fprintf(f, "\tprivate_key=\"%s\"\n", cred->private_key);
720 	if (cred->private_key_passwd)
721 		fprintf(f, "\tprivate_key_passwd=\"%s\"\n",
722 			cred->private_key_passwd);
723 	if (cred->imsi)
724 		fprintf(f, "\timsi=\"%s\"\n", cred->imsi);
725 	if (cred->milenage)
726 		fprintf(f, "\tmilenage=\"%s\"\n", cred->milenage);
727 	if (cred->domain)
728 		fprintf(f, "\tdomain=\"%s\"\n", cred->domain);
729 	if (cred->roaming_consortium_len) {
730 		size_t i;
731 		fprintf(f, "\troaming_consortium=");
732 		for (i = 0; i < cred->roaming_consortium_len; i++)
733 			fprintf(f, "%02x", cred->roaming_consortium[i]);
734 		fprintf(f, "\n");
735 	}
736 	if (cred->eap_method) {
737 		const char *name;
738 		name = eap_get_name(cred->eap_method[0].vendor,
739 				    cred->eap_method[0].method);
740 		fprintf(f, "\teap=%s\n", name);
741 	}
742 	if (cred->phase1)
743 		fprintf(f, "\tphase1=\"%s\"\n", cred->phase1);
744 	if (cred->phase2)
745 		fprintf(f, "\tphase2=\"%s\"\n", cred->phase2);
746 	if (cred->excluded_ssid) {
747 		size_t i, j;
748 		for (i = 0; i < cred->num_excluded_ssid; i++) {
749 			struct excluded_ssid *e = &cred->excluded_ssid[i];
750 			fprintf(f, "\texcluded_ssid=");
751 			for (j = 0; j < e->ssid_len; j++)
752 				fprintf(f, "%02x", e->ssid[j]);
753 			fprintf(f, "\n");
754 		}
755 	}
756 }
757 
758 
759 #ifndef CONFIG_NO_CONFIG_BLOBS
760 static int wpa_config_write_blob(FILE *f, struct wpa_config_blob *blob)
761 {
762 	unsigned char *encoded;
763 
764 	encoded = base64_encode(blob->data, blob->len, NULL);
765 	if (encoded == NULL)
766 		return -1;
767 
768 	fprintf(f, "\nblob-base64-%s={\n%s}\n", blob->name, encoded);
769 	os_free(encoded);
770 	return 0;
771 }
772 #endif /* CONFIG_NO_CONFIG_BLOBS */
773 
774 
775 static void write_global_bin(FILE *f, const char *field,
776 			     const struct wpabuf *val)
777 {
778 	size_t i;
779 	const u8 *pos;
780 
781 	if (val == NULL)
782 		return;
783 
784 	fprintf(f, "%s=", field);
785 	pos = wpabuf_head(val);
786 	for (i = 0; i < wpabuf_len(val); i++)
787 		fprintf(f, "%02X", *pos++);
788 	fprintf(f, "\n");
789 }
790 
791 
792 static void wpa_config_write_global(FILE *f, struct wpa_config *config)
793 {
794 #ifdef CONFIG_CTRL_IFACE
795 	if (config->ctrl_interface)
796 		fprintf(f, "ctrl_interface=%s\n", config->ctrl_interface);
797 	if (config->ctrl_interface_group)
798 		fprintf(f, "ctrl_interface_group=%s\n",
799 			config->ctrl_interface_group);
800 #endif /* CONFIG_CTRL_IFACE */
801 	if (config->eapol_version != DEFAULT_EAPOL_VERSION)
802 		fprintf(f, "eapol_version=%d\n", config->eapol_version);
803 	if (config->ap_scan != DEFAULT_AP_SCAN)
804 		fprintf(f, "ap_scan=%d\n", config->ap_scan);
805 	if (config->disable_scan_offload)
806 		fprintf(f, "disable_scan_offload=%d\n",
807 			config->disable_scan_offload);
808 	if (config->fast_reauth != DEFAULT_FAST_REAUTH)
809 		fprintf(f, "fast_reauth=%d\n", config->fast_reauth);
810 	if (config->opensc_engine_path)
811 		fprintf(f, "opensc_engine_path=%s\n",
812 			config->opensc_engine_path);
813 	if (config->pkcs11_engine_path)
814 		fprintf(f, "pkcs11_engine_path=%s\n",
815 			config->pkcs11_engine_path);
816 	if (config->pkcs11_module_path)
817 		fprintf(f, "pkcs11_module_path=%s\n",
818 			config->pkcs11_module_path);
819 	if (config->pcsc_reader)
820 		fprintf(f, "pcsc_reader=%s\n", config->pcsc_reader);
821 	if (config->pcsc_pin)
822 		fprintf(f, "pcsc_pin=%s\n", config->pcsc_pin);
823 	if (config->driver_param)
824 		fprintf(f, "driver_param=%s\n", config->driver_param);
825 	if (config->dot11RSNAConfigPMKLifetime)
826 		fprintf(f, "dot11RSNAConfigPMKLifetime=%d\n",
827 			config->dot11RSNAConfigPMKLifetime);
828 	if (config->dot11RSNAConfigPMKReauthThreshold)
829 		fprintf(f, "dot11RSNAConfigPMKReauthThreshold=%d\n",
830 			config->dot11RSNAConfigPMKReauthThreshold);
831 	if (config->dot11RSNAConfigSATimeout)
832 		fprintf(f, "dot11RSNAConfigSATimeout=%d\n",
833 			config->dot11RSNAConfigSATimeout);
834 	if (config->update_config)
835 		fprintf(f, "update_config=%d\n", config->update_config);
836 #ifdef CONFIG_WPS
837 	if (!is_nil_uuid(config->uuid)) {
838 		char buf[40];
839 		uuid_bin2str(config->uuid, buf, sizeof(buf));
840 		fprintf(f, "uuid=%s\n", buf);
841 	}
842 	if (config->device_name)
843 		fprintf(f, "device_name=%s\n", config->device_name);
844 	if (config->manufacturer)
845 		fprintf(f, "manufacturer=%s\n", config->manufacturer);
846 	if (config->model_name)
847 		fprintf(f, "model_name=%s\n", config->model_name);
848 	if (config->model_number)
849 		fprintf(f, "model_number=%s\n", config->model_number);
850 	if (config->serial_number)
851 		fprintf(f, "serial_number=%s\n", config->serial_number);
852 	{
853 		char _buf[WPS_DEV_TYPE_BUFSIZE], *buf;
854 		buf = wps_dev_type_bin2str(config->device_type,
855 					   _buf, sizeof(_buf));
856 		if (os_strcmp(buf, "0-00000000-0") != 0)
857 			fprintf(f, "device_type=%s\n", buf);
858 	}
859 	if (WPA_GET_BE32(config->os_version))
860 		fprintf(f, "os_version=%08x\n",
861 			WPA_GET_BE32(config->os_version));
862 	if (config->config_methods)
863 		fprintf(f, "config_methods=%s\n", config->config_methods);
864 	if (config->wps_cred_processing)
865 		fprintf(f, "wps_cred_processing=%d\n",
866 			config->wps_cred_processing);
867 	if (config->wps_vendor_ext_m1) {
868 		int i, len = wpabuf_len(config->wps_vendor_ext_m1);
869 		const u8 *p = wpabuf_head_u8(config->wps_vendor_ext_m1);
870 		if (len > 0) {
871 			fprintf(f, "wps_vendor_ext_m1=");
872 			for (i = 0; i < len; i++)
873 				fprintf(f, "%02x", *p++);
874 			fprintf(f, "\n");
875 		}
876 	}
877 #endif /* CONFIG_WPS */
878 #ifdef CONFIG_P2P
879 	if (config->p2p_listen_reg_class)
880 		fprintf(f, "p2p_listen_reg_class=%u\n",
881 			config->p2p_listen_reg_class);
882 	if (config->p2p_listen_channel)
883 		fprintf(f, "p2p_listen_channel=%u\n",
884 			config->p2p_listen_channel);
885 	if (config->p2p_oper_reg_class)
886 		fprintf(f, "p2p_oper_reg_class=%u\n",
887 			config->p2p_oper_reg_class);
888 	if (config->p2p_oper_channel)
889 		fprintf(f, "p2p_oper_channel=%u\n", config->p2p_oper_channel);
890 	if (config->p2p_go_intent != DEFAULT_P2P_GO_INTENT)
891 		fprintf(f, "p2p_go_intent=%u\n", config->p2p_go_intent);
892 	if (config->p2p_ssid_postfix)
893 		fprintf(f, "p2p_ssid_postfix=%s\n", config->p2p_ssid_postfix);
894 	if (config->persistent_reconnect)
895 		fprintf(f, "persistent_reconnect=%u\n",
896 			config->persistent_reconnect);
897 	if (config->p2p_intra_bss != DEFAULT_P2P_INTRA_BSS)
898 		fprintf(f, "p2p_intra_bss=%u\n", config->p2p_intra_bss);
899 	if (config->p2p_group_idle)
900 		fprintf(f, "p2p_group_idle=%u\n", config->p2p_group_idle);
901 	if (config->p2p_pref_chan) {
902 		unsigned int i;
903 		fprintf(f, "p2p_pref_chan=");
904 		for (i = 0; i < config->num_p2p_pref_chan; i++) {
905 			fprintf(f, "%s%u:%u", i > 0 ? "," : "",
906 				config->p2p_pref_chan[i].op_class,
907 				config->p2p_pref_chan[i].chan);
908 		}
909 		fprintf(f, "\n");
910 	}
911 	if (config->p2p_go_ht40)
912 		fprintf(f, "p2p_go_ht40=%u\n", config->p2p_go_ht40);
913 	if (config->p2p_disabled)
914 		fprintf(f, "p2p_disabled=%u\n", config->p2p_disabled);
915 	if (config->p2p_no_group_iface)
916 		fprintf(f, "p2p_no_group_iface=%u\n",
917 			config->p2p_no_group_iface);
918 #endif /* CONFIG_P2P */
919 	if (config->country[0] && config->country[1]) {
920 		fprintf(f, "country=%c%c\n",
921 			config->country[0], config->country[1]);
922 	}
923 	if (config->bss_max_count != DEFAULT_BSS_MAX_COUNT)
924 		fprintf(f, "bss_max_count=%u\n", config->bss_max_count);
925 	if (config->bss_expiration_age != DEFAULT_BSS_EXPIRATION_AGE)
926 		fprintf(f, "bss_expiration_age=%u\n",
927 			config->bss_expiration_age);
928 	if (config->bss_expiration_scan_count !=
929 	    DEFAULT_BSS_EXPIRATION_SCAN_COUNT)
930 		fprintf(f, "bss_expiration_scan_count=%u\n",
931 			config->bss_expiration_scan_count);
932 	if (config->filter_ssids)
933 		fprintf(f, "filter_ssids=%d\n", config->filter_ssids);
934 	if (config->max_num_sta != DEFAULT_MAX_NUM_STA)
935 		fprintf(f, "max_num_sta=%u\n", config->max_num_sta);
936 	if (config->disassoc_low_ack)
937 		fprintf(f, "disassoc_low_ack=%u\n", config->disassoc_low_ack);
938 #ifdef CONFIG_HS20
939 	if (config->hs20)
940 		fprintf(f, "hs20=1\n");
941 #endif /* CONFIG_HS20 */
942 #ifdef CONFIG_INTERWORKING
943 	if (config->interworking)
944 		fprintf(f, "interworking=%u\n", config->interworking);
945 	if (!is_zero_ether_addr(config->hessid))
946 		fprintf(f, "hessid=" MACSTR "\n", MAC2STR(config->hessid));
947 	if (config->access_network_type != DEFAULT_ACCESS_NETWORK_TYPE)
948 		fprintf(f, "access_network_type=%d\n",
949 			config->access_network_type);
950 #endif /* CONFIG_INTERWORKING */
951 	if (config->pbc_in_m1)
952 		fprintf(f, "pbc_in_m1=%u\n", config->pbc_in_m1);
953 	if (config->wps_nfc_dev_pw_id)
954 		fprintf(f, "wps_nfc_dev_pw_id=%d\n",
955 			config->wps_nfc_dev_pw_id);
956 	write_global_bin(f, "wps_nfc_dh_pubkey", config->wps_nfc_dh_pubkey);
957 	write_global_bin(f, "wps_nfc_dh_privkey", config->wps_nfc_dh_privkey);
958 	write_global_bin(f, "wps_nfc_dev_pw", config->wps_nfc_dev_pw);
959 
960 	if (config->ext_password_backend)
961 		fprintf(f, "ext_password_backend=%s\n",
962 			config->ext_password_backend);
963 	if (config->p2p_go_max_inactivity != DEFAULT_P2P_GO_MAX_INACTIVITY)
964 		fprintf(f, "p2p_go_max_inactivity=%d\n",
965 			config->p2p_go_max_inactivity);
966 	if (config->auto_interworking)
967 		fprintf(f, "auto_interworking=%d\n",
968 			config->auto_interworking);
969 	if (config->okc)
970 		fprintf(f, "okc=%d\n", config->okc);
971 	if (config->pmf)
972 		fprintf(f, "pmf=%d\n", config->pmf);
973 }
974 
975 #endif /* CONFIG_NO_CONFIG_WRITE */
976 
977 
978 int wpa_config_write(const char *name, struct wpa_config *config)
979 {
980 #ifndef CONFIG_NO_CONFIG_WRITE
981 	FILE *f;
982 	struct wpa_ssid *ssid;
983 	struct wpa_cred *cred;
984 #ifndef CONFIG_NO_CONFIG_BLOBS
985 	struct wpa_config_blob *blob;
986 #endif /* CONFIG_NO_CONFIG_BLOBS */
987 	int ret = 0;
988 
989 	wpa_printf(MSG_DEBUG, "Writing configuration file '%s'", name);
990 
991 	f = fopen(name, "w");
992 	if (f == NULL) {
993 		wpa_printf(MSG_DEBUG, "Failed to open '%s' for writing", name);
994 		return -1;
995 	}
996 
997 	wpa_config_write_global(f, config);
998 
999 	for (cred = config->cred; cred; cred = cred->next) {
1000 		fprintf(f, "\ncred={\n");
1001 		wpa_config_write_cred(f, cred);
1002 		fprintf(f, "}\n");
1003 	}
1004 
1005 	for (ssid = config->ssid; ssid; ssid = ssid->next) {
1006 		if (ssid->key_mgmt == WPA_KEY_MGMT_WPS || ssid->temporary)
1007 			continue; /* do not save temporary networks */
1008 		if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
1009 		    !ssid->passphrase)
1010 			continue; /* do not save invalid network */
1011 		fprintf(f, "\nnetwork={\n");
1012 		wpa_config_write_network(f, ssid);
1013 		fprintf(f, "}\n");
1014 	}
1015 
1016 #ifndef CONFIG_NO_CONFIG_BLOBS
1017 	for (blob = config->blobs; blob; blob = blob->next) {
1018 		ret = wpa_config_write_blob(f, blob);
1019 		if (ret)
1020 			break;
1021 	}
1022 #endif /* CONFIG_NO_CONFIG_BLOBS */
1023 
1024 	fclose(f);
1025 
1026 	wpa_printf(MSG_DEBUG, "Configuration file '%s' written %ssuccessfully",
1027 		   name, ret ? "un" : "");
1028 	return ret;
1029 #else /* CONFIG_NO_CONFIG_WRITE */
1030 	return -1;
1031 #endif /* CONFIG_NO_CONFIG_WRITE */
1032 }
1033