aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRui Paulo <rpaulo@FreeBSD.org>2015-04-18 05:04:12 +0000
committerRui Paulo <rpaulo@FreeBSD.org>2015-04-18 05:04:12 +0000
commitfbffd80fb2ba16c68f799da68a119d5e69643604 (patch)
tree139aabdc99568ca0bd6e4cbdcabdc8098f06fb22
parent5e2639d568f6bb660501a77cc83413c3412562e3 (diff)
downloadsrc-fbffd80fb2ba16c68f799da68a119d5e69643604.tar.gz
src-fbffd80fb2ba16c68f799da68a119d5e69643604.zip
Vendor import of wpa_supplicant/hostapd 2.4.vendor/wpa/2.4
Major changes are: SAE, Suite B, RFC 7268, EAP-PKE, ACS, and tons of bug fixes.
Notes
Notes: svn path=/vendor/wpa/dist/; revision=281681 svn path=/vendor/wpa/2.4/; revision=281682; tag=vendor/wpa/2.4
-rw-r--r--CONTRIBUTIONS143
-rw-r--r--COPYING2
-rw-r--r--README2
-rw-r--r--hostapd/ChangeLog186
-rw-r--r--hostapd/Makefile178
-rw-r--r--hostapd/README8
-rw-r--r--hostapd/README-WPS24
-rw-r--r--hostapd/config_file.c3202
-rw-r--r--hostapd/ctrl_iface.c1518
-rw-r--r--hostapd/defconfig79
-rw-r--r--hostapd/dump_state.c180
-rw-r--r--hostapd/dump_state.h14
-rw-r--r--hostapd/eap_register.c12
-rw-r--r--hostapd/hapd_module_tests.c17
-rw-r--r--hostapd/hlr_auc_gw.c250
-rw-r--r--hostapd/hostapd.82
-rw-r--r--hostapd/hostapd.conf289
-rw-r--r--hostapd/hostapd.eap_user6
-rw-r--r--hostapd/hostapd.eap_user_sqlite9
-rw-r--r--hostapd/hostapd_cli.c332
-rw-r--r--hostapd/main.c311
-rwxr-xr-xhostapd/wps-ap-nfc.py342
-rw-r--r--hs20/client/Android.mk81
-rw-r--r--hs20/client/Makefile94
-rw-r--r--hs20/client/devdetail.xml47
-rw-r--r--hs20/client/devinfo.xml7
-rw-r--r--hs20/client/est.c715
-rw-r--r--hs20/client/oma_dm_client.c1392
-rw-r--r--hs20/client/osu_client.c3227
-rw-r--r--hs20/client/osu_client.h118
-rw-r--r--hs20/client/spp_client.c995
-rw-r--r--patches/openssl-0.9.8-tls-extensions.patch429
-rw-r--r--patches/openssl-0.9.8d-tls-extensions.patch429
-rw-r--r--patches/openssl-0.9.8e-tls-extensions.patch353
-rw-r--r--patches/openssl-0.9.8g-tls-extensions.patch330
-rw-r--r--patches/openssl-0.9.8h-tls-extensions.patch344
-rw-r--r--patches/openssl-0.9.8i-tls-extensions.patch404
-rw-r--r--patches/openssl-0.9.8za-tls-extensions.patch (renamed from patches/openssl-0.9.8x-tls-extensions.patch)75
-rw-r--r--patches/openssl-0.9.9-session-ticket.patch374
-rw-r--r--src/Makefile2
-rw-r--r--src/ap/Makefile2
-rw-r--r--src/ap/accounting.c68
-rw-r--r--src/ap/acs.c949
-rw-r--r--src/ap/acs.h27
-rw-r--r--src/ap/ap_config.c427
-rw-r--r--src/ap/ap_config.h164
-rw-r--r--src/ap/ap_drv_ops.c137
-rw-r--r--src/ap/ap_drv_ops.h137
-rw-r--r--src/ap/ap_list.c108
-rw-r--r--src/ap/ap_list.h22
-rw-r--r--src/ap/ap_mlme.c6
-rw-r--r--src/ap/authsrv.c17
-rw-r--r--src/ap/beacon.c487
-rw-r--r--src/ap/beacon.h19
-rw-r--r--src/ap/bss_load.c65
-rw-r--r--src/ap/bss_load.h17
-rw-r--r--src/ap/ctrl_iface_ap.c334
-rw-r--r--src/ap/ctrl_iface_ap.h7
-rw-r--r--src/ap/dfs.c1064
-rw-r--r--src/ap/dfs.h30
-rw-r--r--src/ap/dhcp_snoop.c178
-rw-r--r--src/ap/dhcp_snoop.h30
-rw-r--r--src/ap/drv_callbacks.c603
-rw-r--r--src/ap/eap_user_db.c16
-rw-r--r--src/ap/gas_serv.c494
-rw-r--r--src/ap/gas_serv.h19
-rw-r--r--src/ap/hostapd.c1804
-rw-r--r--src/ap/hostapd.h172
-rw-r--r--src/ap/hs20.c154
-rw-r--r--src/ap/hs20.h8
-rw-r--r--src/ap/hw_features.c801
-rw-r--r--src/ap/hw_features.h16
-rw-r--r--src/ap/iapp.c84
-rw-r--r--src/ap/ieee802_11.c1156
-rw-r--r--src/ap/ieee802_11.h32
-rw-r--r--src/ap/ieee802_11_auth.c38
-rw-r--r--src/ap/ieee802_11_ht.c278
-rw-r--r--src/ap/ieee802_11_shared.c136
-rw-r--r--src/ap/ieee802_11_vht.c207
-rw-r--r--src/ap/ieee802_1x.c692
-rw-r--r--src/ap/ieee802_1x.h1
-rw-r--r--src/ap/ndisc_snoop.c171
-rw-r--r--src/ap/ndisc_snoop.h36
-rw-r--r--src/ap/p2p_hostapd.c5
-rw-r--r--src/ap/peerkey_auth.c22
-rw-r--r--src/ap/pmksa_cache_auth.c180
-rw-r--r--src/ap/pmksa_cache_auth.h8
-rw-r--r--src/ap/sta_info.c329
-rw-r--r--src/ap/sta_info.h73
-rw-r--r--src/ap/tkip_countermeasures.c8
-rw-r--r--src/ap/vlan_init.c114
-rw-r--r--src/ap/vlan_init.h10
-rw-r--r--src/ap/wmm.c12
-rw-r--r--src/ap/wmm.h10
-rw-r--r--src/ap/wnm_ap.c357
-rw-r--r--src/ap/wnm_ap.h15
-rw-r--r--src/ap/wpa_auth.c590
-rw-r--r--src/ap/wpa_auth.h41
-rw-r--r--src/ap/wpa_auth_ft.c351
-rw-r--r--src/ap/wpa_auth_glue.c88
-rw-r--r--src/ap/wpa_auth_i.h39
-rw-r--r--src/ap/wpa_auth_ie.c161
-rw-r--r--src/ap/wpa_auth_ie.h7
-rw-r--r--src/ap/wps_hostapd.c508
-rw-r--r--src/ap/wps_hostapd.h9
-rw-r--r--src/ap/x_snoop.c123
-rw-r--r--src/ap/x_snoop.h56
-rw-r--r--src/common/Makefile2
-rw-r--r--src/common/common_module_tests.c172
-rw-r--r--src/common/defs.h92
-rw-r--r--src/common/eapol_common.h13
-rw-r--r--src/common/hw_features_common.c438
-rw-r--r--src/common/hw_features_common.h40
-rw-r--r--src/common/ieee802_11_common.c469
-rw-r--r--src/common/ieee802_11_common.h33
-rw-r--r--src/common/ieee802_11_defs.h410
-rw-r--r--src/common/ieee802_1x_defs.h78
-rw-r--r--src/common/privsep_commands.h2
-rw-r--r--src/common/qca-vendor-attr.h28
-rw-r--r--src/common/qca-vendor.h246
-rw-r--r--src/common/sae.c1069
-rw-r--r--src/common/sae.h67
-rw-r--r--src/common/tnc.h121
-rw-r--r--src/common/version.h2
-rw-r--r--src/common/wpa_common.c586
-rw-r--r--src/common/wpa_common.h121
-rw-r--r--src/common/wpa_ctrl.c134
-rw-r--r--src/common/wpa_ctrl.h142
-rw-r--r--src/common/wpa_helpers.c292
-rw-r--r--src/common/wpa_helpers.h37
-rw-r--r--src/crypto/Makefile4
-rw-r--r--src/crypto/aes-ccm.c2
-rw-r--r--src/crypto/aes-eax.c2
-rw-r--r--src/crypto/aes-gcm.c2
-rw-r--r--src/crypto/aes-omac1.c64
-rw-r--r--src/crypto/aes-siv.c188
-rw-r--r--src/crypto/aes-unwrap.c19
-rw-r--r--src/crypto/aes-wrap.c20
-rw-r--r--src/crypto/aes_siv.h19
-rw-r--r--src/crypto/aes_wrap.h15
-rw-r--r--src/crypto/crypto.h323
-rw-r--r--src/crypto/crypto_internal-rsa.c9
-rw-r--r--src/crypto/crypto_module_tests.c1679
-rw-r--r--src/crypto/crypto_nss.c207
-rw-r--r--src/crypto/crypto_openssl.c635
-rw-r--r--src/crypto/dh_groups.c674
-rw-r--r--src/crypto/dh_groups.h3
-rw-r--r--src/crypto/fips_prf_cryptoapi.c19
-rw-r--r--src/crypto/fips_prf_gnutls.c20
-rw-r--r--src/crypto/fips_prf_nss.c19
-rw-r--r--src/crypto/md5.c6
-rw-r--r--src/crypto/milenage.c4
-rw-r--r--src/crypto/ms_funcs.c1
-rw-r--r--src/crypto/random.c12
-rw-r--r--src/crypto/sha1-internal.c2
-rw-r--r--src/crypto/sha1-prf.c1
-rw-r--r--src/crypto/sha1.c5
-rw-r--r--src/crypto/sha256-kdf.c76
-rw-r--r--src/crypto/sha256-prf.c40
-rw-r--r--src/crypto/sha256.h8
-rw-r--r--src/crypto/sha384.h19
-rw-r--r--src/crypto/tls.h47
-rw-r--r--src/crypto/tls_gnutls.c939
-rw-r--r--src/crypto/tls_internal.c55
-rw-r--r--src/crypto/tls_none.c6
-rw-r--r--src/crypto/tls_nss.c645
-rw-r--r--src/crypto/tls_openssl.c1053
-rw-r--r--src/crypto/tls_schannel.c31
-rw-r--r--src/drivers/Makefile2
-rw-r--r--src/drivers/android_drv.h8
-rw-r--r--src/drivers/driver.h1970
-rw-r--r--src/drivers/driver_atheros.c362
-rw-r--r--src/drivers/driver_bsd.c241
-rw-r--r--src/drivers/driver_common.c154
-rw-r--r--src/drivers/driver_hostap.c50
-rw-r--r--src/drivers/driver_macsec_qca.c891
-rw-r--r--src/drivers/driver_madwifi.c1313
-rw-r--r--src/drivers/driver_ndis.c42
-rw-r--r--src/drivers/driver_nl80211.c9593
-rw-r--r--src/drivers/driver_nl80211.h274
-rw-r--r--src/drivers/driver_nl80211_android.c220
-rw-r--r--src/drivers/driver_nl80211_capa.c1532
-rw-r--r--src/drivers/driver_nl80211_event.c2029
-rw-r--r--src/drivers/driver_nl80211_monitor.c491
-rw-r--r--src/drivers/driver_nl80211_scan.c775
-rw-r--r--src/drivers/driver_none.c8
-rw-r--r--src/drivers/driver_openbsd.c136
-rw-r--r--src/drivers/driver_privsep.c31
-rw-r--r--src/drivers/driver_roboswitch.c29
-rw-r--r--src/drivers/driver_test.c3315
-rw-r--r--src/drivers/driver_wext.c285
-rw-r--r--src/drivers/driver_wext.h6
-rw-r--r--src/drivers/driver_wired.c119
-rw-r--r--src/drivers/drivers.c36
-rw-r--r--src/drivers/drivers.mak43
-rw-r--r--src/drivers/drivers.mk28
-rw-r--r--src/drivers/linux_defines.h46
-rw-r--r--src/drivers/linux_ioctl.c7
-rw-r--r--src/drivers/linux_wext.h12
-rw-r--r--src/drivers/netlink.c42
-rw-r--r--src/drivers/nl80211_copy.h1454
-rw-r--r--src/drivers/priv_netlink.h2
-rw-r--r--src/eap_common/Makefile2
-rw-r--r--src/eap_common/eap_common.c85
-rw-r--r--src/eap_common/eap_common.h12
-rw-r--r--src/eap_common/eap_defs.h42
-rw-r--r--src/eap_common/eap_eke_common.c768
-rw-r--r--src/eap_common/eap_eke_common.h114
-rw-r--r--src/eap_common/eap_fast_common.c2
-rw-r--r--src/eap_common/eap_fast_common.h2
-rw-r--r--src/eap_common/eap_gpsk_common.c144
-rw-r--r--src/eap_common/eap_gpsk_common.h6
-rw-r--r--src/eap_common/eap_ikev2_common.c12
-rw-r--r--src/eap_common/eap_ikev2_common.h7
-rw-r--r--src/eap_common/eap_pax_common.c8
-rw-r--r--src/eap_common/eap_pax_common.h3
-rw-r--r--src/eap_common/eap_pwd_common.c17
-rw-r--r--src/eap_common/eap_pwd_common.h2
-rw-r--r--src/eap_common/eap_sim_common.c13
-rw-r--r--src/eap_common/eap_sim_common.h3
-rw-r--r--src/eap_common/ikev2_common.c89
-rw-r--r--src/eap_common/ikev2_common.h4
-rw-r--r--src/eap_peer/Makefile2
-rw-r--r--src/eap_peer/eap.c639
-rw-r--r--src/eap_peer/eap.h33
-rw-r--r--src/eap_peer/eap_aka.c170
-rw-r--r--src/eap_peer/eap_config.h113
-rw-r--r--src/eap_peer/eap_eke.c765
-rw-r--r--src/eap_peer/eap_fast.c74
-rw-r--r--src/eap_peer/eap_fast_pac.c36
-rw-r--r--src/eap_peer/eap_gpsk.c86
-rw-r--r--src/eap_peer/eap_i.h37
-rw-r--r--src/eap_peer/eap_ikev2.c72
-rw-r--r--src/eap_peer/eap_leap.c5
-rw-r--r--src/eap_peer/eap_methods.c4
-rw-r--r--src/eap_peer/eap_methods.h2
-rw-r--r--src/eap_peer/eap_mschapv2.c52
-rw-r--r--src/eap_peer/eap_pax.c32
-rw-r--r--src/eap_peer/eap_peap.c139
-rw-r--r--src/eap_peer/eap_proxy.h49
-rw-r--r--src/eap_peer/eap_proxy_dummy.c77
-rw-r--r--src/eap_peer/eap_psk.c29
-rw-r--r--src/eap_peer/eap_pwd.c128
-rw-r--r--src/eap_peer/eap_sake.c27
-rw-r--r--src/eap_peer/eap_sim.c162
-rw-r--r--src/eap_peer/eap_tls.c111
-rw-r--r--src/eap_peer/eap_tls_common.c78
-rw-r--r--src/eap_peer/eap_tls_common.h4
-rw-r--r--src/eap_peer/eap_tnc.c3
-rw-r--r--src/eap_peer/eap_ttls.c93
-rw-r--r--src/eap_peer/eap_vendor_test.c21
-rw-r--r--src/eap_peer/eap_wsc.c75
-rw-r--r--src/eap_peer/ikev2.c65
-rw-r--r--src/eap_peer/mschapv2.c4
-rw-r--r--src/eap_peer/tncc.c61
-rw-r--r--src/eap_server/Makefile2
-rw-r--r--src/eap_server/eap.h33
-rw-r--r--src/eap_server/eap_i.h32
-rw-r--r--src/eap_server/eap_methods.h2
-rw-r--r--src/eap_server/eap_server.c608
-rw-r--r--src/eap_server/eap_server_aka.c39
-rw-r--r--src/eap_server/eap_server_eke.c793
-rw-r--r--src/eap_server/eap_server_fast.c46
-rw-r--r--src/eap_server/eap_server_gpsk.c68
-rw-r--r--src/eap_server/eap_server_gtc.c2
-rw-r--r--src/eap_server/eap_server_identity.c7
-rw-r--r--src/eap_server/eap_server_ikev2.c55
-rw-r--r--src/eap_server/eap_server_md5.c2
-rw-r--r--src/eap_server/eap_server_methods.c4
-rw-r--r--src/eap_server/eap_server_mschapv2.c34
-rw-r--r--src/eap_server/eap_server_pax.c42
-rw-r--r--src/eap_server/eap_server_peap.c156
-rw-r--r--src/eap_server/eap_server_psk.c49
-rw-r--r--src/eap_server/eap_server_pwd.c114
-rw-r--r--src/eap_server/eap_server_sake.c66
-rw-r--r--src/eap_server/eap_server_sim.c36
-rw-r--r--src/eap_server/eap_server_tls.c72
-rw-r--r--src/eap_server/eap_server_tls_common.c70
-rw-r--r--src/eap_server/eap_server_tnc.c3
-rw-r--r--src/eap_server/eap_server_ttls.c80
-rw-r--r--src/eap_server/eap_server_wsc.c2
-rw-r--r--src/eap_server/eap_sim_db.c56
-rw-r--r--src/eap_server/eap_tls_common.h4
-rw-r--r--src/eap_server/ikev2.c4
-rw-r--r--src/eap_server/tncs.c79
-rw-r--r--src/eapol_auth/Makefile2
-rw-r--r--src/eapol_auth/eapol_auth_dump.c268
-rw-r--r--src/eapol_auth/eapol_auth_sm.c107
-rw-r--r--src/eapol_auth/eapol_auth_sm.h16
-rw-r--r--src/eapol_auth/eapol_auth_sm_i.h8
-rw-r--r--src/eapol_supp/Makefile2
-rw-r--r--src/eapol_supp/eapol_supp_sm.c275
-rw-r--r--src/eapol_supp/eapol_supp_sm.h60
-rw-r--r--src/l2_packet/Makefile2
-rw-r--r--src/l2_packet/l2_packet.h30
-rw-r--r--src/l2_packet/l2_packet_freebsd.c19
-rw-r--r--src/l2_packet/l2_packet_linux.c247
-rw-r--r--src/l2_packet/l2_packet_ndis.c19
-rw-r--r--src/l2_packet/l2_packet_none.c22
-rw-r--r--src/l2_packet/l2_packet_pcap.c18
-rw-r--r--src/l2_packet/l2_packet_privsep.c36
-rw-r--r--src/l2_packet/l2_packet_winpcap.c12
-rw-r--r--src/lib.rules4
-rw-r--r--src/p2p/Makefile3
-rw-r--r--src/p2p/p2p.c2296
-rw-r--r--src/p2p/p2p.h514
-rw-r--r--src/p2p/p2p_build.c348
-rw-r--r--src/p2p/p2p_dev_disc.c88
-rw-r--r--src/p2p/p2p_go_neg.c655
-rw-r--r--src/p2p/p2p_group.c214
-rw-r--r--src/p2p/p2p_i.h192
-rw-r--r--src/p2p/p2p_invitation.c382
-rw-r--r--src/p2p/p2p_parse.c186
-rw-r--r--src/p2p/p2p_pd.c858
-rw-r--r--src/p2p/p2p_sd.c328
-rw-r--r--src/p2p/p2p_utils.c422
-rw-r--r--src/pae/Makefile8
-rw-r--r--src/pae/ieee802_1x_cp.c744
-rw-r--r--src/pae/ieee802_1x_cp.h50
-rw-r--r--src/pae/ieee802_1x_kay.c3541
-rw-r--r--src/pae/ieee802_1x_kay.h194
-rw-r--r--src/pae/ieee802_1x_kay_i.h419
-rw-r--r--src/pae/ieee802_1x_key.c189
-rw-r--r--src/pae/ieee802_1x_key.h26
-rw-r--r--src/pae/ieee802_1x_secy_ops.c492
-rw-r--r--src/pae/ieee802_1x_secy_ops.h62
-rw-r--r--src/radius/Makefile2
-rw-r--r--src/radius/radius.c225
-rw-r--r--src/radius/radius.h39
-rw-r--r--src/radius/radius_client.c371
-rw-r--r--src/radius/radius_das.c60
-rw-r--r--src/radius/radius_das.h12
-rw-r--r--src/radius/radius_server.c717
-rw-r--r--src/radius/radius_server.h31
-rw-r--r--src/rsn_supp/Makefile2
-rw-r--r--src/rsn_supp/peerkey.c189
-rw-r--r--src/rsn_supp/peerkey.h13
-rw-r--r--src/rsn_supp/pmksa_cache.c79
-rw-r--r--src/rsn_supp/pmksa_cache.h16
-rw-r--r--src/rsn_supp/preauth.c54
-rw-r--r--src/rsn_supp/preauth.h6
-rw-r--r--src/rsn_supp/tdls.c1155
-rw-r--r--src/rsn_supp/wpa.c842
-rw-r--r--src/rsn_supp/wpa.h83
-rw-r--r--src/rsn_supp/wpa_ft.c99
-rw-r--r--src/rsn_supp/wpa_i.h84
-rw-r--r--src/rsn_supp/wpa_ie.c168
-rw-r--r--src/rsn_supp/wpa_ie.h16
-rw-r--r--src/tls/asn1.c33
-rw-r--r--src/tls/asn1.h6
-rw-r--r--src/tls/libtommath.c12
-rw-r--r--src/tls/pkcs1.c165
-rw-r--r--src/tls/pkcs1.h7
-rw-r--r--src/tls/rsa.c25
-rw-r--r--src/tls/rsa.h3
-rw-r--r--src/tls/tlsv1_client.c52
-rw-r--r--src/tls/tlsv1_client_read.c124
-rw-r--r--src/tls/tlsv1_client_write.c38
-rw-r--r--src/tls/tlsv1_common.c178
-rw-r--r--src/tls/tlsv1_common.h13
-rw-r--r--src/tls/tlsv1_record.c2
-rw-r--r--src/tls/tlsv1_server.c226
-rw-r--r--src/tls/tlsv1_server.h5
-rw-r--r--src/tls/tlsv1_server_i.h13
-rw-r--r--src/tls/tlsv1_server_read.c438
-rw-r--r--src/tls/tlsv1_server_write.c193
-rw-r--r--src/tls/x509v3.c26
-rw-r--r--src/utils/Makefile4
-rw-r--r--src/utils/base64.c18
-rw-r--r--src/utils/bitfield.c89
-rw-r--r--src/utils/bitfield.h21
-rw-r--r--src/utils/browser-android.c128
-rw-r--r--src/utils/browser-system.c119
-rw-r--r--src/utils/browser-wpadebug.c136
-rw-r--r--src/utils/browser.c219
-rw-r--r--src/utils/browser.h21
-rw-r--r--src/utils/build_config.h27
-rw-r--r--src/utils/common.c496
-rw-r--r--src/utils/common.h213
-rw-r--r--src/utils/edit.c4
-rw-r--r--src/utils/edit_readline.c4
-rw-r--r--src/utils/edit_simple.c2
-rw-r--r--src/utils/eloop.c333
-rw-r--r--src/utils/eloop.h49
-rw-r--r--src/utils/eloop_none.c395
-rw-r--r--src/utils/eloop_win.c224
-rw-r--r--src/utils/ext_password_test.c2
-rw-r--r--src/utils/http-utils.h63
-rw-r--r--src/utils/http_curl.c1641
-rw-r--r--src/utils/ip_addr.c24
-rw-r--r--src/utils/ip_addr.h1
-rw-r--r--src/utils/list.h2
-rw-r--r--src/utils/os.h158
-rw-r--r--src/utils/os_internal.c89
-rw-r--r--src/utils/os_none.c17
-rw-r--r--src/utils/os_unix.c232
-rw-r--r--src/utils/os_win32.c32
-rw-r--r--src/utils/pcsc_funcs.c117
-rw-r--r--src/utils/pcsc_funcs.h11
-rw-r--r--src/utils/platform.h21
-rw-r--r--src/utils/radiotap.c379
-rw-r--r--src/utils/radiotap.h56
-rw-r--r--src/utils/radiotap_iter.h108
-rw-r--r--src/utils/trace.c62
-rw-r--r--src/utils/trace.h1
-rw-r--r--src/utils/utils_module_tests.c423
-rw-r--r--src/utils/uuid.c2
-rw-r--r--src/utils/wpa_debug.c132
-rw-r--r--src/utils/wpa_debug.h68
-rw-r--r--src/utils/wpabuf.c9
-rw-r--r--src/utils/wpabuf.h1
-rw-r--r--src/utils/xml-utils.c471
-rw-r--r--src/utils/xml-utils.h97
-rw-r--r--src/utils/xml_libxml2.c457
-rw-r--r--src/wps/Makefile2
-rw-r--r--src/wps/http_client.c2
-rw-r--r--src/wps/http_server.c10
-rw-r--r--src/wps/httpread.c54
-rw-r--r--src/wps/ndef.c89
-rw-r--r--src/wps/wps.c78
-rw-r--r--src/wps/wps.h102
-rw-r--r--src/wps/wps_attr_build.c104
-rw-r--r--src/wps/wps_attr_parse.c43
-rw-r--r--src/wps/wps_attr_parse.h7
-rw-r--r--src/wps/wps_attr_process.c77
-rw-r--r--src/wps/wps_common.c360
-rw-r--r--src/wps/wps_defs.h69
-rw-r--r--src/wps/wps_dev_attr.c51
-rw-r--r--src/wps/wps_dev_attr.h6
-rw-r--r--src/wps/wps_enrollee.c234
-rw-r--r--src/wps/wps_er.c211
-rw-r--r--src/wps/wps_er.h1
-rw-r--r--src/wps/wps_er_ssdp.c4
-rw-r--r--src/wps/wps_i.h23
-rw-r--r--src/wps/wps_module_tests.c337
-rw-r--r--src/wps/wps_registrar.c346
-rw-r--r--src/wps/wps_upnp.c56
-rw-r--r--src/wps/wps_upnp_ap.c8
-rw-r--r--src/wps/wps_upnp_i.h3
-rw-r--r--src/wps/wps_upnp_ssdp.c32
-rw-r--r--src/wps/wps_upnp_web.c49
-rw-r--r--src/wps/wps_validate.c4
-rw-r--r--wpa_supplicant/ChangeLog372
-rw-r--r--wpa_supplicant/Makefile264
-rw-r--r--wpa_supplicant/README132
-rw-r--r--wpa_supplicant/README-HS2095
-rw-r--r--wpa_supplicant/README-P2P308
-rw-r--r--wpa_supplicant/README-WPS80
-rw-r--r--wpa_supplicant/ap.c522
-rw-r--r--wpa_supplicant/ap.h42
-rw-r--r--wpa_supplicant/bgscan.c6
-rw-r--r--wpa_supplicant/bgscan.h5
-rw-r--r--wpa_supplicant/bgscan_learn.c42
-rw-r--r--wpa_supplicant/bgscan_simple.c12
-rw-r--r--wpa_supplicant/bss.c278
-rw-r--r--wpa_supplicant/bss.h31
-rw-r--r--wpa_supplicant/config.c1694
-rw-r--r--wpa_supplicant/config.h382
-rw-r--r--wpa_supplicant/config_file.c368
-rw-r--r--wpa_supplicant/config_none.c9
-rw-r--r--wpa_supplicant/config_ssid.h162
-rw-r--r--wpa_supplicant/config_winreg.c16
-rw-r--r--wpa_supplicant/ctrl_iface.c4708
-rw-r--r--wpa_supplicant/ctrl_iface.h8
-rw-r--r--wpa_supplicant/ctrl_iface_named_pipe.c2
-rw-r--r--wpa_supplicant/ctrl_iface_udp.c131
-rw-r--r--wpa_supplicant/ctrl_iface_unix.c710
-rw-r--r--wpa_supplicant/dbus/Makefile2
-rw-r--r--wpa_supplicant/dbus/dbus_common.c59
-rw-r--r--wpa_supplicant/dbus/dbus_dict_helpers.c301
-rw-r--r--wpa_supplicant/dbus/dbus_dict_helpers.h30
-rw-r--r--wpa_supplicant/dbus/dbus_new.c1087
-rw-r--r--wpa_supplicant/dbus/dbus_new.h44
-rw-r--r--wpa_supplicant/dbus/dbus_new_handlers.c1408
-rw-r--r--wpa_supplicant/dbus/dbus_new_handlers.h48
-rw-r--r--wpa_supplicant/dbus/dbus_new_handlers_p2p.c939
-rw-r--r--wpa_supplicant/dbus/dbus_new_handlers_p2p.h48
-rw-r--r--wpa_supplicant/dbus/dbus_new_handlers_wps.c205
-rw-r--r--wpa_supplicant/dbus/dbus_new_helpers.c328
-rw-r--r--wpa_supplicant/dbus/dbus_new_helpers.h18
-rw-r--r--wpa_supplicant/dbus/dbus_new_introspect.c17
-rw-r--r--wpa_supplicant/dbus/dbus_old.c118
-rw-r--r--wpa_supplicant/dbus/dbus_old.h9
-rw-r--r--wpa_supplicant/dbus/dbus_old_handlers.c472
-rw-r--r--wpa_supplicant/dbus/dbus_old_handlers.h6
-rw-r--r--wpa_supplicant/dbus/dbus_old_handlers_wps.c29
-rw-r--r--wpa_supplicant/defconfig122
-rw-r--r--wpa_supplicant/doc/docbook/Makefile3
-rw-r--r--wpa_supplicant/doc/docbook/eapol_test.8124
-rw-r--r--wpa_supplicant/doc/docbook/eapol_test.sgml205
-rw-r--r--wpa_supplicant/doc/docbook/wpa_background.84
-rw-r--r--wpa_supplicant/doc/docbook/wpa_background.sgml2
-rw-r--r--wpa_supplicant/doc/docbook/wpa_cli.815
-rw-r--r--wpa_supplicant/doc/docbook/wpa_cli.sgml19
-rw-r--r--wpa_supplicant/doc/docbook/wpa_gui.84
-rw-r--r--wpa_supplicant/doc/docbook/wpa_gui.sgml2
-rw-r--r--wpa_supplicant/doc/docbook/wpa_passphrase.84
-rw-r--r--wpa_supplicant/doc/docbook/wpa_passphrase.sgml2
-rw-r--r--wpa_supplicant/doc/docbook/wpa_priv.84
-rw-r--r--wpa_supplicant/doc/docbook/wpa_priv.sgml2
-rw-r--r--wpa_supplicant/doc/docbook/wpa_supplicant.845
-rw-r--r--wpa_supplicant/doc/docbook/wpa_supplicant.conf.52
-rw-r--r--wpa_supplicant/doc/docbook/wpa_supplicant.sgml67
-rw-r--r--wpa_supplicant/driver_i.h465
-rw-r--r--wpa_supplicant/eap_proxy_dummy.mak0
-rw-r--r--wpa_supplicant/eap_proxy_dummy.mk0
-rw-r--r--wpa_supplicant/eap_register.c12
-rw-r--r--wpa_supplicant/eapol_test.c169
-rw-r--r--wpa_supplicant/events.c1699
-rwxr-xr-xwpa_supplicant/examples/p2p-action.sh15
-rwxr-xr-xwpa_supplicant/examples/p2p-nfc.py654
-rwxr-xr-xwpa_supplicant/examples/wps-ap-cli9
-rwxr-xr-xwpa_supplicant/examples/wps-nfc.py485
-rw-r--r--wpa_supplicant/gas_query.c262
-rw-r--r--wpa_supplicant/gas_query.h3
-rw-r--r--wpa_supplicant/hs20_supplicant.c846
-rw-r--r--wpa_supplicant/hs20_supplicant.h27
-rw-r--r--wpa_supplicant/ibss_rsn.c318
-rw-r--r--wpa_supplicant/ibss_rsn.h20
-rw-r--r--wpa_supplicant/interworking.c1566
-rw-r--r--wpa_supplicant/interworking.h10
-rw-r--r--wpa_supplicant/main.c56
-rw-r--r--wpa_supplicant/main_none.c2
-rw-r--r--wpa_supplicant/main_winmain.c2
-rw-r--r--wpa_supplicant/main_winsvc.c2
-rw-r--r--wpa_supplicant/mesh.c540
-rw-r--r--wpa_supplicant/mesh.h44
-rw-r--r--wpa_supplicant/mesh_mpm.c1059
-rw-r--r--wpa_supplicant/mesh_mpm.h43
-rw-r--r--wpa_supplicant/mesh_rsn.c574
-rw-r--r--wpa_supplicant/mesh_rsn.h36
-rw-r--r--wpa_supplicant/notify.c217
-rw-r--r--wpa_supplicant/notify.h8
-rw-r--r--wpa_supplicant/offchannel.c80
-rw-r--r--wpa_supplicant/p2p_supplicant.c5402
-rw-r--r--wpa_supplicant/p2p_supplicant.h273
-rw-r--r--wpa_supplicant/preauth_test.c5
-rw-r--r--wpa_supplicant/scan.c1307
-rw-r--r--wpa_supplicant/scan.h24
-rw-r--r--wpa_supplicant/sme.c629
-rw-r--r--wpa_supplicant/sme.h9
-rw-r--r--wpa_supplicant/tests/test_wpa.c8
-rw-r--r--wpa_supplicant/todo.txt13
-rw-r--r--wpa_supplicant/wifi_display.c173
-rw-r--r--wpa_supplicant/wifi_display.h4
-rw-r--r--wpa_supplicant/wmm_ac.c995
-rw-r--r--wpa_supplicant/wmm_ac.h176
-rw-r--r--wpa_supplicant/wnm_sta.c809
-rw-r--r--wpa_supplicant/wnm_sta.h62
-rw-r--r--wpa_supplicant/wpa_cli.c944
-rw-r--r--wpa_supplicant/wpa_priv.c37
-rw-r--r--wpa_supplicant/wpa_supplicant.c2503
-rw-r--r--wpa_supplicant/wpa_supplicant.conf369
-rw-r--r--wpa_supplicant/wpa_supplicant_i.h415
-rw-r--r--wpa_supplicant/wpa_supplicant_template.conf2
-rw-r--r--wpa_supplicant/wpas_glue.c273
-rw-r--r--wpa_supplicant/wpas_kay.c378
-rw-r--r--wpa_supplicant/wpas_kay.h41
-rw-r--r--wpa_supplicant/wpas_module_tests.c108
-rw-r--r--wpa_supplicant/wps_supplicant.c1130
-rw-r--r--wpa_supplicant/wps_supplicant.h29
561 files changed, 112314 insertions, 32927 deletions
diff --git a/CONTRIBUTIONS b/CONTRIBUTIONS
new file mode 100644
index 000000000000..ca09bae6e15d
--- /dev/null
+++ b/CONTRIBUTIONS
@@ -0,0 +1,143 @@
+Contributions to hostap.git
+---------------------------
+
+This software is distributed under a permissive open source license to
+allow it to be used in any projects, whether open source or proprietary.
+Contributions to the project are welcome and it is important to maintain
+clear record of contributions and terms under which they are licensed.
+To help with this, following procedure is used to allow acceptance and
+recording of the terms.
+
+All contributions are expected to be licensed under the modified BSD
+license (see below). Acknowledgment of the terms is tracked through
+inclusion of Signed-off-by tag in the contributions at the end of the
+commit log message. This tag indicates that the contributor agrees with
+the Developer Certificate of Origin (DCO) version 1.1 terms (see below;
+also available from http://developercertificate.org/).
+
+
+The current requirements for contributions to hostap.git
+--------------------------------------------------------
+
+To indicate your acceptance of Developer's Certificate of Origin 1.1
+terms, please add the following line to the end of the commit message
+for each contribution you make to the project:
+
+Signed-off-by: Your Name <your@email.example.org>
+
+using your real name. Pseudonyms or anonymous contributions cannot
+unfortunately be accepted.
+
+
+History of license and contributions terms
+------------------------------------------
+
+Until February 11, 2012, in case of most files in hostap.git, "under the
+open source license indicated in the file" means that the contribution
+is licensed both under GPL v2 and modified BSD license (see below) and
+the choice between these licenses is given to anyone who redistributes
+or uses the software. As such, the contribution has to be licensed under
+both options to allow this choice.
+
+As of February 11, 2012, the project has chosen to use only the BSD
+license option for future distribution. As such, the GPL v2 license
+option is no longer used and the contributions are not required to be
+licensed until GPL v2. In case of most files in hostap.git, "under the
+open source license indicated in the file" means that the contribution
+is licensed under the modified BSD license (see below).
+
+Until February 13, 2014, the project used an extended version of the DCO
+that included the identical items (a) through (d) from DCO 1.1 and an
+additional item (e):
+
+(e) The contribution can be licensed under the modified BSD license
+ as shown below even in case of files that are currently licensed
+ under other terms.
+
+This was used during the period when some of the files included the old
+license terms. Acceptance of this extended DCO version was indicated
+with a Signed-hostap tag in the commit message. This additional item (e)
+was used to collect explicit approval to license the contribution with
+only the modified BSD license (see below), i.e., without the GPL v2
+option. This was done to allow simpler licensing terms to be used in the
+future. It should be noted that the modified BSD license is compatible
+with GNU GPL and as such, this possible move to simpler licensing option
+does not prevent use of this software in GPL projects.
+
+
+===[ start quote from http://developercertificate.org/ ]=======================
+
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+ have the right to submit it under the open source license
+ indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+ of my knowledge, is covered under an appropriate open source
+ license and I have the right under that license to submit that
+ work with modifications, whether created in whole or in part
+ by me, under the same open source license (unless I am
+ permitted to submit under a different license), as indicated
+ in the file; or
+
+(c) The contribution was provided directly to me by some other
+ person who certified (a), (b) or (c) and I have not modified
+ it.
+
+(d) I understand and agree that this project and the contribution
+ are public and that a record of the contribution (including all
+ personal information I submit with it, including my sign-off) is
+ maintained indefinitely and may be redistributed consistent with
+ this project or the open source license(s) involved.
+
+===[ end quote from http://developercertificate.org/ ]=========================
+
+
+The license terms used for hostap.git files
+-------------------------------------------
+
+Modified BSD license (no advertisement clause):
+
+Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi> and contributors
+All Rights Reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name(s) of the above-listed copyright holder(s) nor the
+ names of its contributors may be used to endorse or promote products
+ derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/COPYING b/COPYING
index 8a98582c898c..5962e2fca0bc 100644
--- a/COPYING
+++ b/COPYING
@@ -1,7 +1,7 @@
wpa_supplicant and hostapd
--------------------------
-Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
diff --git a/README b/README
index 1721a3b22212..07d1d25db777 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
wpa_supplicant and hostapd
--------------------------
-Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
These programs are licensed under the BSD license (the one with
diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index 6824e5a6e65d..e6f8c6a03e07 100644
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -1,5 +1,191 @@
ChangeLog for hostapd
+2015-03-15 - v2.4
+ * allow OpenSSL cipher configuration to be set for internal EAP server
+ (openssl_ciphers parameter)
+ * fixed number of small issues based on hwsim test case failures and
+ static analyzer reports
+ * fixed Accounting-Request to not include duplicated Acct-Session-Id
+ * add support for Acct-Multi-Session-Id in RADIUS Accounting messages
+ * add support for PMKSA caching with SAE
+ * add support for generating BSS Load element (bss_load_update_period)
+ * fixed channel switch from VHT to HT
+ * add INTERFACE-ENABLED and INTERFACE-DISABLED ctrl_iface events
+ * add support for learning STA IPv4/IPv6 addresses and configuring
+ ProxyARP support
+ * dropped support for the madwifi driver interface
+ * add support for Suite B (128-bit and 192-bit level) key management and
+ cipher suites
+ * fixed a regression with driver=wired
+ * extend EAPOL-Key msg 1/4 retry workaround for changing SNonce
+ * add BSS_TM_REQ ctrl_iface command to send BSS Transition Management
+ Request frames and BSS-TM-RESP event to indicate response to such
+ frame
+ * add support for EAP Re-Authentication Protocol (ERP)
+ * fixed AP IE in EAPOL-Key 3/4 when both WPA and FT was enabled
+ * fixed a regression in HT 20/40 coex Action frame parsing
+ * set stdout to be line-buffered
+ * add support for vendor specific VHT extension to enable 256 QAM rates
+ (VHT-MCS 8 and 9) on 2.4 GHz band
+ * RADIUS DAS:
+ - extend Disconnect-Request processing to allow matching of multiple
+ sessions
+ - support Acct-Multi-Session-Id as an identifier
+ - allow PMKSA cache entry to be removed without association
+ * expire hostapd STA entry if kernel does not have a matching entry
+ * allow chanlist to be used to specify a subset of channels for ACS
+ * improve ACS behavior on 2.4 GHz band and allow channel bias to be
+ configured with acs_chan_bias parameter
+ * do not reply to a Probe Request frame that includes DSS Parameter Set
+ element in which the channel does not match the current operating
+ channel
+ * add UPDATE_BEACON ctrl_iface command; this can be used to force Beacon
+ frame contents to be updated and to start beaconing on an interface
+ that used start_disabled=1
+ * fixed some RADIUS server failover cases
+
+2014-10-09 - v2.3
+ * fixed number of minor issues identified in static analyzer warnings
+ * fixed DFS and channel switch operation for multi-BSS cases
+ * started to use constant time comparison for various password and hash
+ values to reduce possibility of any externally measurable timing
+ differences
+ * extended explicit clearing of freed memory and expired keys to avoid
+ keeping private data in memory longer than necessary
+ * added support for number of new RADIUS attributes from RFC 7268
+ (Mobility-Domain-Id, WLAN-HESSID, WLAN-Pairwise-Cipher,
+ WLAN-Group-Cipher, WLAN-AKM-Suite, WLAN-Group-Mgmt-Pairwise-Cipher)
+ * fixed GET_CONFIG wpa_pairwise_cipher value
+ * added code to clear bridge FDB entry on station disconnection
+ * fixed PMKSA cache timeout from Session-Timeout for WPA/WPA2 cases
+ * fixed OKC PMKSA cache entry fetch to avoid a possible infinite loop
+ in case the first entry does not match
+ * fixed hostapd_cli action script execution to use more robust mechanism
+ (CVE-2014-3686)
+
+2014-06-04 - v2.2
+ * fixed SAE confirm-before-commit validation to avoid a potential
+ segmentation fault in an unexpected message sequence that could be
+ triggered remotely
+ * extended VHT support
+ - Operating Mode Notification
+ - Power Constraint element (local_pwr_constraint)
+ - Spectrum management capability (spectrum_mgmt_required=1)
+ - fix VHT80 segment picking in ACS
+ - fix vht_capab 'Maximum A-MPDU Length Exponent' handling
+ - fix VHT20
+ * fixed HT40 co-ex scan for some pri/sec channel switches
+ * extended HT40 co-ex support to allow dynamic channel width changes
+ during the lifetime of the BSS
+ * fixed HT40 co-ex support to check for overlapping 20 MHz BSS
+ * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding;
+ this fixes password with include UTF-8 characters that use
+ three-byte encoding EAP methods that use NtPasswordHash
+ * reverted TLS certificate validation step change in v2.1 that rejected
+ any AAA server certificate with id-kp-clientAuth even if
+ id-kp-serverAuth EKU was included
+ * fixed STA validation step for WPS ER commands to prevent a potential
+ crash if an ER sends an unexpected PutWLANResponse to a station that
+ is disassociated, but not fully removed
+ * enforce full EAP authentication after RADIUS Disconnect-Request by
+ removing the PMKSA cache entry
+ * added support for NAS-IP-Address, NAS-identifier, and NAS-IPv6-Address
+ in RADIUS Disconnect-Request
+ * added mechanism for removing addresses for MAC ACLs by prefixing an
+ entry with "-"
+ * Interworking/Hotspot 2.0 enhancements
+ - support Hotspot 2.0 Release 2
+ * OSEN network for online signup connection
+ * subscription remediation (based on RADIUS server request or
+ control interface HS20_WNM_NOTIF for testing purposes)
+ * Hotspot 2.0 release number indication in WFA RADIUS VSA
+ * deauthentication request (based on RADIUS server request or
+ control interface WNM_DEAUTH_REQ for testing purposes)
+ * Session Info URL RADIUS AVP to trigger ESS Disassociation Imminent
+ * hs20_icon config parameter to configure icon files for OSU
+ * osu_* config parameters for OSU Providers list
+ - do not use Interworking filtering rules on Probe Request if
+ Interworking is disabled to avoid interop issues
+ * added/fixed nl80211 functionality
+ - AP interface teardown optimization
+ - support vendor specific driver command
+ (VENDOR <vendor id> <sub command id> [<hex formatted data>])
+ * fixed PMF protection of Deauthentication frame when this is triggered
+ by session timeout
+ * internal TLS implementation enhancements/fixes
+ - add SHA256-based cipher suites
+ - add DHE-RSA cipher suites
+ - fix X.509 validation of PKCS#1 signature to check for extra data
+ * RADIUS server functionality
+ - add minimal RADIUS accounting server support (hostapd-as-server);
+ this is mainly to enable testing coverage with hwsim scripts
+ - allow authentication log to be written into SQLite databse
+ - added option for TLS protocol testing of an EAP peer by simulating
+ various misbehaviors/known attacks
+ - MAC ACL support for testing purposes
+ * fixed PTK derivation for CCMP-256 and GCMP-256
+ * extended WPS per-station PSK to support ER case
+ * added option to configure the management group cipher
+ (group_mgmt_cipher=AES-128-CMAC (default), BIP-GMAC-128, BIP-GMAC-256,
+ BIP-CMAC-256)
+ * fixed AP mode default TXOP Limit values for AC_VI and AC_VO (these
+ were rounded incorrectly)
+ * added support for postponing FT response in case PMK-R1 needs to be
+ pulled from R0KH
+ * added option to advertise 40 MHz intolerant HT capability with
+ ht_capab=[40-INTOLERANT]
+ * remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled
+ whenever CONFIG_WPS=y is set
+ * EAP-pwd fixes
+ - fix possible segmentation fault on EAP method deinit if an invalid
+ group is negotiated
+ * fixed RADIUS client retransmit/failover behavior
+ - there was a potential ctash due to freed memory being accessed
+ - failover to a backup server mechanism did not work properly
+ * fixed a possible crash on double DISABLE command when multiple BSSes
+ are enabled
+ * fixed a memory leak in SAE random number generation
+ * fixed GTK rekeying when the station uses FT protocol
+ * fixed off-by-one bounds checking in printf_encode()
+ - this could result in deinial of service in some EAP server cases
+ * various bug fixes
+
+2014-02-04 - v2.1
+ * added support for simultaneous authentication of equals (SAE) for
+ stronger password-based authentication with WPA2-Personal
+ * added nl80211 functionality
+ - VHT configuration for nl80211
+ - support split wiphy dump
+ - driver-based MAC ACL
+ - QoS Mapping configuration
+ * added fully automated regression testing with mac80211_hwsim
+ * allow ctrl_iface group to be specified on command line (-G<group>)
+ * allow single hostapd process to control independent WPS interfaces
+ (wps_independent=1) instead of synchronized operations through all
+ configured interfaces within a process
+ * avoid processing received management frames multiple times when using
+ nl80211 with multiple BSSes
+ * added support for DFS (processing radar detection events, CAC, channel
+ re-selection)
+ * added EAP-EKE server
+ * added automatic channel selection (ACS)
+ * added option for using per-BSS (vif) configuration files with
+ -b<phyname>:<config file name>
+ * extended global control interface ADD/REMOVE commands to allow BSSes
+ of a radio to be removed individually without having to add/remove all
+ other BSSes of the radio at the same time
+ * added support for sending debug info to Linux tracing (-T on command
+ line)
+ * replace dump_file functionality with same information being available
+ through the hostapd control interface
+ * added support for using Protected Dual of Public Action frames for
+ GAS/ANQP exchanges when PMF is enabled
+ * added support for WPS+NFC updates
+ - improved protocol
+ - option to fetch and report alternative carrier records for external
+ NFC operations
+ * various bug fixes
+
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
diff --git a/hostapd/Makefile b/hostapd/Makefile
index d8c01e52e0c8..eace68cd051b 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -6,8 +6,11 @@ ifndef CFLAGS
CFLAGS = -MMD -O2 -Wall -g
endif
-CFLAGS += -I../src
-CFLAGS += -I../src/utils
+CFLAGS += $(EXTRA_CFLAGS)
+CFLAGS += -I$(abspath ../src)
+CFLAGS += -I$(abspath ../src/utils)
+
+export BINDIR ?= /usr/local/bin/
# Uncomment following line and set the path to your kernel tree include
# directory if your C library does not include all header files.
@@ -15,6 +18,11 @@ CFLAGS += -I../src/utils
-include .config
+ifdef CONFIG_TESTING_OPTIONS
+CFLAGS += -DCONFIG_TESTING_OPTIONS
+CONFIG_WPS_TESTING=y
+endif
+
ifndef CONFIG_OS
ifdef CONFIG_NATIVE_WINDOWS
CONFIG_OS=win32
@@ -54,6 +62,7 @@ OBJS += ../src/ap/preauth_auth.o
OBJS += ../src/ap/pmksa_cache_auth.o
OBJS += ../src/ap/ieee802_11_shared.o
OBJS += ../src/ap/beacon.o
+OBJS += ../src/ap/bss_load.o
OBJS_c = hostapd_cli.o ../src/common/wpa_ctrl.o ../src/utils/os_$(CONFIG_OS).o
@@ -65,6 +74,11 @@ NEED_SHA1=y
OBJS += ../src/drivers/drivers.o
CFLAGS += -DHOSTAPD
+ifdef CONFIG_MODULE_TESTS
+CFLAGS += -DCONFIG_MODULE_TESTS
+OBJS += hapd_module_tests.o
+endif
+
ifdef CONFIG_WPA_TRACE
CFLAGS += -DWPA_TRACE
OBJS += ../src/utils/trace.o
@@ -72,10 +86,10 @@ HOBJS += ../src/utils/trace.o
LDFLAGS += -rdynamic
CFLAGS += -funwind-tables
ifdef CONFIG_WPA_TRACE_BFD
-CFLAGS += -DWPA_TRACE_BFD
-LIBS += -lbfd
-LIBS_c += -lbfd
-LIBS_h += -lbfd
+CFLAGS += -DPACKAGE="hostapd" -DWPA_TRACE_BFD
+LIBS += -lbfd -ldl -liberty -lz
+LIBS_c += -lbfd -ldl -liberty -lz
+LIBS_h += -lbfd -ldl -liberty -lz
endif
endif
@@ -84,6 +98,15 @@ CONFIG_ELOOP=eloop
endif
OBJS += ../src/utils/$(CONFIG_ELOOP).o
OBJS_c += ../src/utils/$(CONFIG_ELOOP).o
+
+ifeq ($(CONFIG_ELOOP), eloop)
+# Using glibc < 2.17 requires -lrt for clock_gettime()
+LIBS += -lrt
+LIBS_c += -lrt
+LIBS_h += -lrt
+LIBS_n += -lrt
+endif
+
OBJS += ../src/utils/common.o
OBJS += ../src/utils/wpa_debug.o
OBJS_c += ../src/utils/wpa_debug.o
@@ -93,15 +116,24 @@ OBJS += ../src/utils/ip_addr.o
OBJS += ../src/common/ieee802_11_common.o
OBJS += ../src/common/wpa_common.o
+OBJS += ../src/common/hw_features_common.o
OBJS += ../src/eapol_auth/eapol_auth_sm.o
+ifdef CONFIG_CODE_COVERAGE
+CFLAGS += -O0 -fprofile-arcs -ftest-coverage
+LIBS += -lgcov
+LIBS_c += -lgcov
+LIBS_h += -lgcov
+LIBS_n += -lgcov
+endif
+
ifndef CONFIG_NO_DUMP_STATE
-# define HOSTAPD_DUMP_STATE to include SIGUSR1 handler for dumping state to
-# a file (undefine it, if you want to save in binary size)
+# define HOSTAPD_DUMP_STATE to include support for dumping internal state
+# through control interface commands (undefine it, if you want to save in
+# binary size)
CFLAGS += -DHOSTAPD_DUMP_STATE
-OBJS += dump_state.o
OBJS += ../src/eapol_auth/eapol_auth_dump.o
endif
@@ -139,8 +171,6 @@ OBJS += ctrl_iface.o
OBJS += ../src/ap/ctrl_iface_ap.o
endif
-OBJS += ../src/crypto/md5.o
-
CFLAGS += -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX
ifdef CONFIG_IAPP
@@ -158,6 +188,26 @@ CFLAGS += -DCONFIG_PEERKEY
OBJS += ../src/ap/peerkey_auth.o
endif
+ifdef CONFIG_HS20
+NEED_AES_OMAC1=y
+CONFIG_PROXYARP=y
+endif
+
+ifdef CONFIG_PROXYARP
+CONFIG_L2_PACKET=y
+endif
+
+ifdef CONFIG_SUITEB
+CFLAGS += -DCONFIG_SUITEB
+NEED_SHA256=y
+NEED_AES_OMAC1=y
+endif
+
+ifdef CONFIG_SUITEB192
+CFLAGS += -DCONFIG_SUITEB192
+NEED_SHA384=y
+endif
+
ifdef CONFIG_IEEE80211W
CFLAGS += -DCONFIG_IEEE80211W
NEED_SHA256=y
@@ -174,6 +224,9 @@ endif
ifdef CONFIG_SAE
CFLAGS += -DCONFIG_SAE
+OBJS += ../src/common/sae.o
+NEED_ECC=y
+NEED_DH_GROUPS=y
endif
ifdef CONFIG_WNM
@@ -212,6 +265,12 @@ OBJS += ../src/l2_packet/l2_packet_none.o
endif
+ifdef CONFIG_ERP
+CFLAGS += -DCONFIG_ERP
+NEED_SHA256=y
+NEED_HMAC_SHA256_KDF=y
+endif
+
ifdef CONFIG_EAP_MD5
CFLAGS += -DEAP_SERVER_MD5
OBJS += ../src/eap_server/eap_server_md5.o
@@ -308,7 +367,7 @@ ifdef CONFIG_EAP_GPSK
CFLAGS += -DEAP_SERVER_GPSK
OBJS += ../src/eap_server/eap_server_gpsk.o ../src/eap_common/eap_gpsk_common.o
ifdef CONFIG_EAP_GPSK_SHA256
-CFLAGS += -DEAP_SERVER_GPSK_SHA256
+CFLAGS += -DEAP_GPSK_SHA256
endif
NEED_SHA256=y
NEED_AES_OMAC1=y
@@ -320,6 +379,13 @@ OBJS += ../src/eap_server/eap_server_pwd.o ../src/eap_common/eap_pwd_common.o
NEED_SHA256=y
endif
+ifdef CONFIG_EAP_EKE
+CFLAGS += -DEAP_SERVER_EKE
+OBJS += ../src/eap_server/eap_server_eke.o ../src/eap_common/eap_eke_common.o
+NEED_DH_GROUPS=y
+NEED_DH_GROUPS_ALL=y
+endif
+
ifdef CONFIG_EAP_VENDOR_TEST
CFLAGS += -DEAP_SERVER_VENDOR_TEST
OBJS += ../src/eap_server/eap_server_vendor_test.o
@@ -335,10 +401,6 @@ NEED_AES_UNWRAP=y
endif
ifdef CONFIG_WPS
-ifdef CONFIG_WPS2
-CFLAGS += -DCONFIG_WPS2
-endif
-
CFLAGS += -DCONFIG_WPS -DEAP_SERVER_WSC
OBJS += ../src/utils/uuid.o
OBJS += ../src/ap/wps_hostapd.o
@@ -481,7 +543,8 @@ endif
OBJS += ../src/crypto/crypto_gnutls.o
HOBJS += ../src/crypto/crypto_gnutls.o
ifdef NEED_FIPS186_2_PRF
-OBJS += ../src/crypto/fips_prf_gnutls.o
+OBJS += ../src/crypto/fips_prf_internal.o
+SHA1OBJS += ../src/crypto/sha1-internal.o
endif
LIBS += -lgcrypt
LIBS_h += -lgcrypt
@@ -501,21 +564,6 @@ CONFIG_INTERNAL_RC4=y
CONFIG_INTERNAL_DH_GROUP5=y
endif
-ifeq ($(CONFIG_TLS), nss)
-ifdef TLS_FUNCS
-OBJS += ../src/crypto/tls_nss.o
-LIBS += -lssl3
-endif
-OBJS += ../src/crypto/crypto_nss.o
-ifdef NEED_FIPS186_2_PRF
-OBJS += ../src/crypto/fips_prf_nss.o
-endif
-LIBS += -lnss3
-LIBS_h += -lnss3
-CONFIG_INTERNAL_MD4=y
-CONFIG_INTERNAL_DH_GROUP5=y
-endif
-
ifeq ($(CONFIG_TLS), internal)
ifndef CONFIG_CRYPTO
CONFIG_CRYPTO=internal
@@ -622,7 +670,9 @@ ifdef CONFIG_INTERNAL_AES
AESOBJS += ../src/crypto/aes-internal.o ../src/crypto/aes-internal-enc.o
endif
+ifneq ($(CONFIG_TLS), openssl)
AESOBJS += ../src/crypto/aes-wrap.o
+endif
ifdef NEED_AES_EAX
AESOBJS += ../src/crypto/aes-eax.o
NEED_AES_CTR=y
@@ -637,9 +687,11 @@ ifdef NEED_AES_OMAC1
AESOBJS += ../src/crypto/aes-omac1.o
endif
ifdef NEED_AES_UNWRAP
+ifneq ($(CONFIG_TLS), openssl)
NEED_AES_DEC=y
AESOBJS += ../src/crypto/aes-unwrap.o
endif
+endif
ifdef NEED_AES_CBC
NEED_AES_DEC=y
AESOBJS += ../src/crypto/aes-cbc.o
@@ -679,6 +731,10 @@ ifdef NEED_SHA1
OBJS += $(SHA1OBJS)
endif
+ifneq ($(CONFIG_TLS), openssl)
+OBJS += ../src/crypto/md5.o
+endif
+
ifdef NEED_MD5
ifdef CONFIG_INTERNAL_MD5
OBJS += ../src/crypto/md5-internal.o
@@ -716,6 +772,12 @@ endif
ifdef NEED_TLS_PRF_SHA256
OBJS += ../src/crypto/sha256-tlsprf.o
endif
+ifdef NEED_HMAC_SHA256_KDF
+OBJS += ../src/crypto/sha256-kdf.o
+endif
+endif
+ifdef NEED_SHA384
+CFLAGS += -DCONFIG_SHA384
endif
ifdef NEED_DH_GROUPS
@@ -730,6 +792,10 @@ OBJS += ../src/crypto/dh_group5.o
endif
endif
+ifdef NEED_ECC
+CFLAGS += -DCONFIG_ECC
+endif
+
ifdef CONFIG_NO_RANDOM_POOL
CFLAGS += -DCONFIG_NO_RANDOM_POOL
else
@@ -768,6 +834,7 @@ OBJS += ../src/ap/wmm.o
OBJS += ../src/ap/ap_list.o
OBJS += ../src/ap/ieee802_11.o
OBJS += ../src/ap/hw_features.o
+OBJS += ../src/ap/dfs.o
CFLAGS += -DNEED_AP_MLME
endif
ifdef CONFIG_IEEE80211N
@@ -795,6 +862,15 @@ OBJS += ../src/common/gas.o
OBJS += ../src/ap/gas_serv.o
endif
+ifdef CONFIG_PROXYARP
+CFLAGS += -DCONFIG_PROXYARP
+OBJS += ../src/ap/x_snoop.o
+OBJS += ../src/ap/dhcp_snoop.o
+ifdef CONFIG_IPV6
+OBJS += ../src/ap/ndisc_snoop.o
+endif
+endif
+
OBJS += ../src/drivers/driver_common.o
ifdef CONFIG_WPA_CLI_EDIT
@@ -803,10 +879,20 @@ else
OBJS_c += ../src/utils/edit_simple.o
endif
+ifdef CONFIG_ACS
+CFLAGS += -DCONFIG_ACS
+OBJS += ../src/ap/acs.o
+LIBS += -lm
+endif
+
ifdef CONFIG_NO_STDOUT_DEBUG
CFLAGS += -DCONFIG_NO_STDOUT_DEBUG
endif
+ifdef CONFIG_DEBUG_LINUX_TRACING
+CFLAGS += -DCONFIG_DEBUG_LINUX_TRACING
+endif
+
ifdef CONFIG_DEBUG_FILE
CFLAGS += -DCONFIG_DEBUG_FILE
endif
@@ -827,10 +913,20 @@ ifeq ($(V), 1)
Q=
E=true
endif
+ifeq ($(QUIET), 1)
+Q=@
+E=true
+endif
+ifdef CONFIG_CODE_COVERAGE
+%.o: %.c
+ @$(E) " CC " $<
+ $(Q)cd $(dir $@); $(CC) -c -o $(notdir $@) $(CFLAGS) $(notdir $<)
+else
%.o: %.c
$(Q)$(CC) -c -o $@ $(CFLAGS) $<
@$(E) " CC " $<
+endif
verify_config:
@if [ ! -r .config ]; then \
@@ -841,9 +937,10 @@ verify_config:
exit 1; \
fi
-install: all
- mkdir -p $(DESTDIR)/usr/local/bin
- for i in $(ALL); do cp -f $$i $(DESTDIR)/usr/local/bin/$$i; done
+$(DESTDIR)$(BINDIR)/%: %
+ install -D $(<) $(@)
+
+install: $(addprefix $(DESTDIR)$(BINDIR)/,$(ALL))
../src/drivers/build.hostapd:
@if [ -f ../src/drivers/build.wpa_supplicant ]; then \
@@ -864,7 +961,8 @@ hostapd_cli: $(OBJS_c)
$(Q)$(CC) $(LDFLAGS) -o hostapd_cli $(OBJS_c) $(LIBS_c)
@$(E) " LD " $@
-NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS) ../src/crypto/md5.o
+NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS)
+NOBJS += ../src/utils/common.o
ifdef NEED_RC4
ifdef CONFIG_INTERNAL_RC4
NOBJS += ../src/crypto/rc4.o
@@ -899,9 +997,15 @@ hlr_auc_gw: $(HOBJS)
$(Q)$(CC) $(LDFLAGS) -o hlr_auc_gw $(HOBJS) $(LIBS_h)
@$(E) " LD " $@
+lcov-html:
+ lcov -c -d .. > lcov.info
+ genhtml lcov.info --output-directory lcov-html
+
clean:
$(MAKE) -C ../src clean
rm -f core *~ *.o hostapd hostapd_cli nt_password_hash hlr_auc_gw
- rm -f *.d
+ rm -f *.d *.gcno *.gcda *.gcov
+ rm -f lcov.info
+ rm -rf lcov-html
-include $(OBJS:%.o=%.d)
diff --git a/hostapd/README b/hostapd/README
index 34dad3034268..366b1998f484 100644
--- a/hostapd/README
+++ b/hostapd/README
@@ -2,7 +2,7 @@ hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
Authenticator and RADIUS authentication server
================================================================
-Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
This program is licensed under the BSD license (the one with
@@ -74,12 +74,6 @@ Current hardware/software requirements:
Please note that station firmware version needs to be 1.7.0 or newer
to work in WPA mode.
- madwifi driver for cards based on Atheros chip set (ar521x)
- (http://sourceforge.net/projects/madwifi/)
- Please note that you will need to add the correct path for
- madwifi driver root directory in .config (see defconfig file for
- an example: CFLAGS += -I<path>)
-
mac80211-based drivers that support AP mode (with driver=nl80211).
This includes drivers for Atheros (ath9k) and Broadcom (b43)
chipsets.
diff --git a/hostapd/README-WPS b/hostapd/README-WPS
index 87a6f91f413b..d5f713a8cb28 100644
--- a/hostapd/README-WPS
+++ b/hostapd/README-WPS
@@ -58,12 +58,10 @@ hostapd configuration
WPS is an optional component that needs to be enabled in hostapd build
configuration (.config). Here is an example configuration that
-includes WPS support and uses madwifi driver interface:
+includes WPS support and uses nl80211 driver interface:
-CONFIG_DRIVER_MADWIFI=y
-CFLAGS += -I/usr/src/madwifi-0.9.3
+CONFIG_DRIVER_NL80211=y
CONFIG_WPS=y
-CONFIG_WPS2=y
CONFIG_WPS_UPNP=y
Following parameter can be used to enable support for NFC config method:
@@ -75,8 +73,8 @@ Following section shows an example runtime configuration
(hostapd.conf) that enables WPS:
# Configure the driver and network interface
-driver=madwifi
-interface=ath0
+driver=nl80211
+interface=wlan0
# WPA2-Personal configuration for the AP
ssid=wps-test
@@ -338,3 +336,17 @@ If the NFC tag contains a password token, the token is added to the
internal Registrar. This allows station Enrollee from which the password
token was received to run through WPS protocol to provision the
credential.
+
+"nfc_get_handover_sel <NDEF> <WPS>" command can be used to build the
+contents of a Handover Select Message for connection handover when this
+does not depend on the contents of the Handover Request Message. The
+first argument selects the format of the output data and the second
+argument selects which type of connection handover is requested (WPS =
+Wi-Fi handover as specified in WSC 2.0).
+
+"nfc_report_handover <INIT/RESP> WPS <carrier from handover request>
+<carrier from handover select>" is used to report completed NFC
+connection handover. The first parameter indicates whether the local
+device initiated or responded to the connection handover and the carrier
+records are the selected carrier from the handover request and select
+messages as a hexdump.
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 2ba7cc127259..53143f76cfe8 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -1,6 +1,6 @@
/*
* hostapd / Configuration file parser
- * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -22,7 +22,12 @@
#include "config_file.h"
-extern struct wpa_driver_ops *wpa_drivers[];
+#ifndef CONFIG_NO_RADIUS
+#ifdef EAP_SERVER
+static struct hostapd_radius_attr *
+hostapd_parse_radius_attr(const char *value);
+#endif /* EAP_SERVER */
+#endif /* CONFIG_NO_RADIUS */
#ifndef CONFIG_NO_VLAN
@@ -83,7 +88,7 @@ static int hostapd_config_read_vlan_file(struct hostapd_bss_config *bss,
return -1;
}
- vlan = os_malloc(sizeof(*vlan));
+ vlan = os_zalloc(sizeof(*vlan));
if (vlan == NULL) {
wpa_printf(MSG_ERROR, "Out of memory while reading "
"VLAN interfaces from '%s'", fname);
@@ -91,14 +96,10 @@ static int hostapd_config_read_vlan_file(struct hostapd_bss_config *bss,
return -1;
}
- os_memset(vlan, 0, sizeof(*vlan));
vlan->vlan_id = vlan_id;
os_strlcpy(vlan->ifname, pos, sizeof(vlan->ifname));
- if (bss->vlan_tail)
- bss->vlan_tail->next = vlan;
- else
- bss->vlan = vlan;
- bss->vlan_tail = vlan;
+ vlan->next = bss->vlan;
+ bss->vlan = vlan;
}
fclose(f);
@@ -136,6 +137,8 @@ static int hostapd_config_read_maclist(const char *fname,
}
while (fgets(buf, sizeof(buf), f)) {
+ int i, rem = 0;
+
line++;
if (buf[0] == '#')
@@ -150,14 +153,32 @@ static int hostapd_config_read_maclist(const char *fname,
}
if (buf[0] == '\0')
continue;
+ pos = buf;
+ if (buf[0] == '-') {
+ rem = 1;
+ pos++;
+ }
- if (hwaddr_aton(buf, addr)) {
+ if (hwaddr_aton(pos, addr)) {
wpa_printf(MSG_ERROR, "Invalid MAC address '%s' at "
- "line %d in '%s'", buf, line, fname);
+ "line %d in '%s'", pos, line, fname);
fclose(f);
return -1;
}
+ if (rem) {
+ i = 0;
+ while (i < *num) {
+ if (os_memcmp((*acl)[i].addr, addr, ETH_ALEN) ==
+ 0) {
+ os_remove_in_array(*acl, *num,
+ sizeof(**acl), i);
+ (*num)--;
+ } else
+ i++;
+ }
+ continue;
+ }
vlan_id = 0;
pos = buf;
while (*pos != '\0' && *pos != ' ' && *pos != '\t')
@@ -195,7 +216,7 @@ static int hostapd_config_read_eap_user(const char *fname,
FILE *f;
char buf[512], *pos, *start, *pos2;
int line = 0, ret = 0, num_methods;
- struct hostapd_eap_user *user, *tail = NULL;
+ struct hostapd_eap_user *user = NULL, *tail = NULL, *new_user = NULL;
if (!fname)
return 0;
@@ -229,6 +250,28 @@ static int hostapd_config_read_eap_user(const char *fname,
if (buf[0] == '\0')
continue;
+#ifndef CONFIG_NO_RADIUS
+ if (user && os_strncmp(buf, "radius_accept_attr=", 19) == 0) {
+ struct hostapd_radius_attr *attr, *a;
+ attr = hostapd_parse_radius_attr(buf + 19);
+ if (attr == NULL) {
+ wpa_printf(MSG_ERROR, "Invalid radius_auth_req_attr: %s",
+ buf + 19);
+ user = NULL; /* already in the BSS list */
+ goto failed;
+ }
+ if (user->accept_attr == NULL) {
+ user->accept_attr = attr;
+ } else {
+ a = user->accept_attr;
+ while (a->next)
+ a = a->next;
+ a->next = attr;
+ }
+ continue;
+ }
+#endif /* CONFIG_NO_RADIUS */
+
user = NULL;
if (buf[0] != '"' && buf[0] != '*') {
@@ -323,6 +366,10 @@ static int hostapd_config_read_eap_user(const char *fname,
EAP_TTLS_AUTH_MSCHAPV2;
goto skip_eap;
}
+ if (os_strcmp(start, "MACACL") == 0) {
+ user->macacl = 1;
+ goto skip_eap;
+ }
wpa_printf(MSG_ERROR, "Unsupported EAP type "
"'%s' on line %d in '%s'",
start, line, fname);
@@ -337,7 +384,7 @@ static int hostapd_config_read_eap_user(const char *fname,
break;
start = pos3;
}
- if (num_methods == 0 && user->ttls_auth == 0) {
+ if (num_methods == 0 && user->ttls_auth == 0 && !user->macacl) {
wpa_printf(MSG_ERROR, "No EAP types configured on "
"line %d in '%s'", line, fname);
goto failed;
@@ -447,7 +494,7 @@ static int hostapd_config_read_eap_user(const char *fname,
done:
if (tail == NULL) {
- tail = conf->eap_user = user;
+ tail = new_user = user;
} else {
tail->next = user;
tail = user;
@@ -455,17 +502,26 @@ static int hostapd_config_read_eap_user(const char *fname,
continue;
failed:
- if (user) {
- os_free(user->password);
- os_free(user->identity);
- os_free(user);
- }
+ if (user)
+ hostapd_config_free_eap_user(user);
ret = -1;
break;
}
fclose(f);
+ if (ret == 0) {
+ user = conf->eap_user;
+ while (user) {
+ struct hostapd_eap_user *prev;
+
+ prev = user;
+ user = user->next;
+ hostapd_config_free_eap_user(prev);
+ }
+ conf->eap_user = new_user;
+ }
+
return ret;
}
#endif /* EAP_SERVER */
@@ -636,6 +692,14 @@ static int hostapd_config_parse_key_mgmt(int line, const char *value)
else if (os_strcmp(start, "FT-SAE") == 0)
val |= WPA_KEY_MGMT_FT_SAE;
#endif /* CONFIG_SAE */
+#ifdef CONFIG_SUITEB
+ else if (os_strcmp(start, "WPA-EAP-SUITE-B") == 0)
+ val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B;
+#endif /* CONFIG_SUITEB */
+#ifdef CONFIG_SUITEB192
+ else if (os_strcmp(start, "WPA-EAP-SUITE-B-192") == 0)
+ val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
+#endif /* CONFIG_SUITEB192 */
else {
wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
line, start);
@@ -661,49 +725,12 @@ static int hostapd_config_parse_key_mgmt(int line, const char *value)
static int hostapd_config_parse_cipher(int line, const char *value)
{
- int val = 0, last;
- char *start, *end, *buf;
-
- buf = os_strdup(value);
- if (buf == NULL)
+ int val = wpa_parse_cipher(value);
+ if (val < 0) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid cipher '%s'.",
+ line, value);
return -1;
- start = buf;
-
- while (*start != '\0') {
- while (*start == ' ' || *start == '\t')
- start++;
- if (*start == '\0')
- break;
- end = start;
- while (*end != ' ' && *end != '\t' && *end != '\0')
- end++;
- last = *end == '\0';
- *end = '\0';
- if (os_strcmp(start, "CCMP") == 0)
- val |= WPA_CIPHER_CCMP;
- else if (os_strcmp(start, "GCMP") == 0)
- val |= WPA_CIPHER_GCMP;
- else if (os_strcmp(start, "TKIP") == 0)
- val |= WPA_CIPHER_TKIP;
- else if (os_strcmp(start, "WEP104") == 0)
- val |= WPA_CIPHER_WEP104;
- else if (os_strcmp(start, "WEP40") == 0)
- val |= WPA_CIPHER_WEP40;
- else if (os_strcmp(start, "NONE") == 0)
- val |= WPA_CIPHER_NONE;
- else {
- wpa_printf(MSG_ERROR, "Line %d: invalid cipher '%s'.",
- line, start);
- os_free(buf);
- return -1;
- }
-
- if (last)
- break;
- start = end + 1;
}
- os_free(buf);
-
if (val == 0) {
wpa_printf(MSG_ERROR, "Line %d: no cipher values configured.",
line);
@@ -748,14 +775,14 @@ static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx,
}
-static int hostapd_parse_rates(int **rate_list, char *val)
+static int hostapd_parse_intlist(int **int_list, char *val)
{
int *list;
int count;
char *pos, *end;
- os_free(*rate_list);
- *rate_list = NULL;
+ os_free(*int_list);
+ *int_list = NULL;
pos = val;
count = 0;
@@ -782,37 +809,39 @@ static int hostapd_parse_rates(int **rate_list, char *val)
}
list[count] = -1;
- *rate_list = list;
+ *int_list = list;
return 0;
}
static int hostapd_config_bss(struct hostapd_config *conf, const char *ifname)
{
- struct hostapd_bss_config *bss;
+ struct hostapd_bss_config **all, *bss;
if (*ifname == '\0')
return -1;
- bss = os_realloc_array(conf->bss, conf->num_bss + 1,
- sizeof(struct hostapd_bss_config));
- if (bss == NULL) {
+ all = os_realloc_array(conf->bss, conf->num_bss + 1,
+ sizeof(struct hostapd_bss_config *));
+ if (all == NULL) {
wpa_printf(MSG_ERROR, "Failed to allocate memory for "
"multi-BSS entry");
return -1;
}
- conf->bss = bss;
+ conf->bss = all;
- bss = &(conf->bss[conf->num_bss]);
- os_memset(bss, 0, sizeof(*bss));
+ bss = os_zalloc(sizeof(*bss));
+ if (bss == NULL)
+ return -1;
bss->radius = os_zalloc(sizeof(*bss->radius));
if (bss->radius == NULL) {
wpa_printf(MSG_ERROR, "Failed to allocate memory for "
"multi-BSS RADIUS data");
+ os_free(bss);
return -1;
}
- conf->num_bss++;
+ conf->bss[conf->num_bss++] = bss;
conf->last_bss = bss;
hostapd_config_defaults_bss(bss);
@@ -1060,8 +1089,8 @@ static int hostapd_config_ht_capab(struct hostapd_config *conf,
conf->ht_capab |= HT_CAP_INFO_MAX_AMSDU_SIZE;
if (os_strstr(capab, "[DSSS_CCK-40]"))
conf->ht_capab |= HT_CAP_INFO_DSSS_CCK40MHZ;
- if (os_strstr(capab, "[PSMP]"))
- conf->ht_capab |= HT_CAP_INFO_PSMP_SUPP;
+ if (os_strstr(capab, "[40-INTOLERANT]"))
+ conf->ht_capab |= HT_CAP_INFO_40MHZ_INTOLERANT;
if (os_strstr(capab, "[LSIG-TXOP-PROT]"))
conf->ht_capab |= HT_CAP_INFO_LSIG_TXOP_PROTECT_SUPPORT;
@@ -1082,8 +1111,6 @@ static int hostapd_config_vht_capab(struct hostapd_config *conf,
conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
if (os_strstr(capab, "[VHT160-80PLUS80]"))
conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
- if (os_strstr(capab, "[VHT160-80PLUS80]"))
- conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
if (os_strstr(capab, "[RXLDPC]"))
conf->vht_capab |= VHT_CAP_RXLDPC;
if (os_strstr(capab, "[SHORT-GI-80]"))
@@ -1101,15 +1128,15 @@ static int hostapd_config_vht_capab(struct hostapd_config *conf,
if (os_strstr(capab, "[RX-STBC-1234]"))
conf->vht_capab |= VHT_CAP_RXSTBC_4;
if (os_strstr(capab, "[SU-BEAMFORMER]"))
- conf->vht_capab |= VHT_CAP_MU_BEAMFORMER_CAPABLE;
+ conf->vht_capab |= VHT_CAP_SU_BEAMFORMER_CAPABLE;
if (os_strstr(capab, "[SU-BEAMFORMEE]"))
- conf->vht_capab |= VHT_CAP_MU_BEAMFORMEE_CAPABLE;
+ conf->vht_capab |= VHT_CAP_SU_BEAMFORMEE_CAPABLE;
if (os_strstr(capab, "[BF-ANTENNA-2]") &&
- (conf->vht_capab & VHT_CAP_MU_BEAMFORMER_CAPABLE))
- conf->vht_capab |= VHT_CAP_BEAMFORMER_ANTENNAS_MAX;
+ (conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE))
+ conf->vht_capab |= (1 << VHT_CAP_BEAMFORMEE_STS_OFFSET);
if (os_strstr(capab, "[SOUNDING-DIMENSION-2]") &&
- (conf->vht_capab & VHT_CAP_MU_BEAMFORMER_CAPABLE))
- conf->vht_capab |= VHT_CAP_SOUNDING_DIMENTION_MAX;
+ (conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE))
+ conf->vht_capab |= (1 << VHT_CAP_SOUNDING_DIMENSION_OFFSET);
if (os_strstr(capab, "[MU-BEAMFORMER]"))
conf->vht_capab |= VHT_CAP_MU_BEAMFORMER_CAPABLE;
if (os_strstr(capab, "[MU-BEAMFORMEE]"))
@@ -1118,8 +1145,20 @@ static int hostapd_config_vht_capab(struct hostapd_config *conf,
conf->vht_capab |= VHT_CAP_VHT_TXOP_PS;
if (os_strstr(capab, "[HTC-VHT]"))
conf->vht_capab |= VHT_CAP_HTC_VHT;
- if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP0]"))
- conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT;
+ if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP7]"))
+ conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX;
+ else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP6]"))
+ conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_6;
+ else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP5]"))
+ conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_5;
+ else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP4]"))
+ conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_4;
+ else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP3]"))
+ conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_3;
+ else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP2]"))
+ conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_2;
+ else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP1]"))
+ conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_1;
if (os_strstr(capab, "[VHT-LINK-ADAPT2]") &&
(conf->vht_capab & VHT_CAP_HTC_VHT))
conf->vht_capab |= VHT_CAP_VHT_LINK_ADAPTATION_VHT_UNSOL_MFB;
@@ -1135,141 +1174,6 @@ static int hostapd_config_vht_capab(struct hostapd_config *conf,
#endif /* CONFIG_IEEE80211AC */
-static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
- struct hostapd_config *conf)
-{
- if (bss->ieee802_1x && !bss->eap_server &&
- !bss->radius->auth_servers) {
- wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no "
- "EAP authenticator configured).");
- return -1;
- }
-
- if (bss->wpa && bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
- bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
- wpa_printf(MSG_ERROR, "WPA-PSK using RADIUS enabled, but no "
- "RADIUS checking (macaddr_acl=2) enabled.");
- return -1;
- }
-
- if (bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
- bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
- bss->ssid.wpa_psk_file == NULL &&
- (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED ||
- bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) {
- wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase "
- "is not configured.");
- return -1;
- }
-
- if (hostapd_mac_comp_empty(bss->bssid) != 0) {
- size_t i;
-
- for (i = 0; i < conf->num_bss; i++) {
- if ((&conf->bss[i] != bss) &&
- (hostapd_mac_comp(conf->bss[i].bssid,
- bss->bssid) == 0)) {
- wpa_printf(MSG_ERROR, "Duplicate BSSID " MACSTR
- " on interface '%s' and '%s'.",
- MAC2STR(bss->bssid),
- conf->bss[i].iface, bss->iface);
- return -1;
- }
- }
- }
-
-#ifdef CONFIG_IEEE80211R
- if (wpa_key_mgmt_ft(bss->wpa_key_mgmt) &&
- (bss->nas_identifier == NULL ||
- os_strlen(bss->nas_identifier) < 1 ||
- os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) {
- wpa_printf(MSG_ERROR, "FT (IEEE 802.11r) requires "
- "nas_identifier to be configured as a 1..48 octet "
- "string");
- return -1;
- }
-#endif /* CONFIG_IEEE80211R */
-
-#ifdef CONFIG_IEEE80211N
- if (conf->ieee80211n && conf->hw_mode == HOSTAPD_MODE_IEEE80211B) {
- bss->disable_11n = 1;
- wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) in 11b mode is not "
- "allowed, disabling HT capabilites");
- }
-
- if (conf->ieee80211n &&
- bss->ssid.security_policy == SECURITY_STATIC_WEP) {
- bss->disable_11n = 1;
- wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not "
- "allowed, disabling HT capabilities");
- }
-
- if (conf->ieee80211n && bss->wpa &&
- !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
- !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP))) {
- bss->disable_11n = 1;
- wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 "
- "requires CCMP/GCMP to be enabled, disabling HT "
- "capabilities");
- }
-#endif /* CONFIG_IEEE80211N */
-
-#ifdef CONFIG_WPS2
- if (bss->wps_state && bss->ignore_broadcast_ssid) {
- wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid "
- "configuration forced WPS to be disabled");
- bss->wps_state = 0;
- }
-
- if (bss->wps_state && bss->ssid.wep.keys_set && bss->wpa == 0) {
- wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be "
- "disabled");
- bss->wps_state = 0;
- }
-
- if (bss->wps_state && bss->wpa &&
- (!(bss->wpa & 2) ||
- !(bss->rsn_pairwise & WPA_CIPHER_CCMP))) {
- wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without "
- "WPA2/CCMP forced WPS to be disabled");
- bss->wps_state = 0;
- }
-#endif /* CONFIG_WPS2 */
-
-#ifdef CONFIG_HS20
- if (bss->hs20 &&
- (!(bss->wpa & 2) ||
- !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)))) {
- wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP "
- "configuration is required for Hotspot 2.0 "
- "functionality");
- return -1;
- }
-#endif /* CONFIG_HS20 */
-
- return 0;
-}
-
-
-static int hostapd_config_check(struct hostapd_config *conf)
-{
- size_t i;
-
- if (conf->ieee80211d && (!conf->country[0] || !conf->country[1])) {
- wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11d without "
- "setting the country_code");
- return -1;
- }
-
- for (i = 0; i < conf->num_bss; i++) {
- if (hostapd_config_check_bss(&conf->bss[i], conf))
- return -1;
- }
-
- return 0;
-}
-
-
#ifdef CONFIG_INTERWORKING
static int parse_roaming_consortium(struct hostapd_bss_config *bss, char *pos,
int line)
@@ -1306,26 +1210,34 @@ static int parse_roaming_consortium(struct hostapd_bss_config *bss, char *pos,
static int parse_lang_string(struct hostapd_lang_string **array,
unsigned int *count, char *pos)
{
- char *sep;
- size_t clen, nlen;
+ char *sep, *str = NULL;
+ size_t clen, nlen, slen;
struct hostapd_lang_string *ls;
+ int ret = -1;
+
+ if (*pos == '"' || (*pos == 'P' && pos[1] == '"')) {
+ str = wpa_config_parse_string(pos, &slen);
+ if (!str)
+ return -1;
+ pos = str;
+ }
sep = os_strchr(pos, ':');
if (sep == NULL)
- return -1;
+ goto fail;
*sep++ = '\0';
clen = os_strlen(pos);
- if (clen < 2)
- return -1;
+ if (clen < 2 || clen > sizeof(ls->lang))
+ goto fail;
nlen = os_strlen(sep);
if (nlen > 252)
- return -1;
+ goto fail;
ls = os_realloc_array(*array, *count + 1,
sizeof(struct hostapd_lang_string));
if (ls == NULL)
- return -1;
+ goto fail;
*array = ls;
ls = &(*array)[*count];
@@ -1336,7 +1248,10 @@ static int parse_lang_string(struct hostapd_lang_string **array,
ls->name_len = nlen;
os_memcpy(ls->name, sep, nlen);
- return 0;
+ ret = 0;
+fail:
+ os_free(str);
+ return ret;
}
@@ -1363,7 +1278,7 @@ static int parse_3gpp_cell_net(struct hostapd_bss_config *bss, char *buf,
count = 1;
for (pos = buf; *pos; pos++) {
- if ((*pos < '0' && *pos > '9') && *pos != ';' && *pos != ',')
+ if ((*pos < '0' || *pos > '9') && *pos != ';' && *pos != ',')
goto fail;
if (*pos == ';')
count++;
@@ -1567,6 +1482,47 @@ fail:
return -1;
}
+
+static int parse_qos_map_set(struct hostapd_bss_config *bss,
+ char *buf, int line)
+{
+ u8 qos_map_set[16 + 2 * 21], count = 0;
+ char *pos = buf;
+ int val;
+
+ for (;;) {
+ if (count == sizeof(qos_map_set)) {
+ wpa_printf(MSG_ERROR, "Line %d: Too many qos_map_set "
+ "parameters '%s'", line, buf);
+ return -1;
+ }
+
+ val = atoi(pos);
+ if (val > 255 || val < 0) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid qos_map_set "
+ "'%s'", line, buf);
+ return -1;
+ }
+
+ qos_map_set[count++] = val;
+ pos = os_strchr(pos, ',');
+ if (!pos)
+ break;
+ pos++;
+ }
+
+ if (count < 16 || count & 1) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid qos_map_set '%s'",
+ line, buf);
+ return -1;
+ }
+
+ os_memcpy(bss->qos_map_set, qos_map_set, count);
+ bss->qos_map_set_len = count;
+
+ return 0;
+}
+
#endif /* CONFIG_INTERWORKING */
@@ -1664,7 +1620,7 @@ static int hs20_parse_wan_metrics(struct hostapd_bss_config *bss, char *buf,
fail:
wpa_printf(MSG_ERROR, "Line %d: Invalid hs20_wan_metrics '%s'",
- line, pos);
+ line, buf);
os_free(wan_metrics);
return -1;
}
@@ -1681,6 +1637,197 @@ static int hs20_parse_oper_friendly_name(struct hostapd_bss_config *bss,
}
return 0;
}
+
+
+static int hs20_parse_icon(struct hostapd_bss_config *bss, char *pos)
+{
+ struct hs20_icon *icon;
+ char *end;
+
+ icon = os_realloc_array(bss->hs20_icons, bss->hs20_icons_count + 1,
+ sizeof(struct hs20_icon));
+ if (icon == NULL)
+ return -1;
+ bss->hs20_icons = icon;
+ icon = &bss->hs20_icons[bss->hs20_icons_count];
+ os_memset(icon, 0, sizeof(*icon));
+
+ icon->width = atoi(pos);
+ pos = os_strchr(pos, ':');
+ if (pos == NULL)
+ return -1;
+ pos++;
+
+ icon->height = atoi(pos);
+ pos = os_strchr(pos, ':');
+ if (pos == NULL)
+ return -1;
+ pos++;
+
+ end = os_strchr(pos, ':');
+ if (end == NULL || end - pos > 3)
+ return -1;
+ os_memcpy(icon->language, pos, end - pos);
+ pos = end + 1;
+
+ end = os_strchr(pos, ':');
+ if (end == NULL || end - pos > 255)
+ return -1;
+ os_memcpy(icon->type, pos, end - pos);
+ pos = end + 1;
+
+ end = os_strchr(pos, ':');
+ if (end == NULL || end - pos > 255)
+ return -1;
+ os_memcpy(icon->name, pos, end - pos);
+ pos = end + 1;
+
+ if (os_strlen(pos) > 255)
+ return -1;
+ os_memcpy(icon->file, pos, os_strlen(pos));
+
+ bss->hs20_icons_count++;
+
+ return 0;
+}
+
+
+static int hs20_parse_osu_ssid(struct hostapd_bss_config *bss,
+ char *pos, int line)
+{
+ size_t slen;
+ char *str;
+
+ str = wpa_config_parse_string(pos, &slen);
+ if (str == NULL || slen < 1 || slen > HOSTAPD_MAX_SSID_LEN) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid SSID '%s'", line, pos);
+ os_free(str);
+ return -1;
+ }
+
+ os_memcpy(bss->osu_ssid, str, slen);
+ bss->osu_ssid_len = slen;
+ os_free(str);
+
+ return 0;
+}
+
+
+static int hs20_parse_osu_server_uri(struct hostapd_bss_config *bss,
+ char *pos, int line)
+{
+ struct hs20_osu_provider *p;
+
+ p = os_realloc_array(bss->hs20_osu_providers,
+ bss->hs20_osu_providers_count + 1, sizeof(*p));
+ if (p == NULL)
+ return -1;
+
+ bss->hs20_osu_providers = p;
+ bss->last_osu = &bss->hs20_osu_providers[bss->hs20_osu_providers_count];
+ bss->hs20_osu_providers_count++;
+ os_memset(bss->last_osu, 0, sizeof(*p));
+ bss->last_osu->server_uri = os_strdup(pos);
+
+ return 0;
+}
+
+
+static int hs20_parse_osu_friendly_name(struct hostapd_bss_config *bss,
+ char *pos, int line)
+{
+ if (bss->last_osu == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
+ return -1;
+ }
+
+ if (parse_lang_string(&bss->last_osu->friendly_name,
+ &bss->last_osu->friendly_name_count, pos)) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid osu_friendly_name '%s'",
+ line, pos);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int hs20_parse_osu_nai(struct hostapd_bss_config *bss,
+ char *pos, int line)
+{
+ if (bss->last_osu == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
+ return -1;
+ }
+
+ os_free(bss->last_osu->osu_nai);
+ bss->last_osu->osu_nai = os_strdup(pos);
+ if (bss->last_osu->osu_nai == NULL)
+ return -1;
+
+ return 0;
+}
+
+
+static int hs20_parse_osu_method_list(struct hostapd_bss_config *bss, char *pos,
+ int line)
+{
+ if (bss->last_osu == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
+ return -1;
+ }
+
+ if (hostapd_parse_intlist(&bss->last_osu->method_list, pos)) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid osu_method_list", line);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int hs20_parse_osu_icon(struct hostapd_bss_config *bss, char *pos,
+ int line)
+{
+ char **n;
+ struct hs20_osu_provider *p = bss->last_osu;
+
+ if (p == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
+ return -1;
+ }
+
+ n = os_realloc_array(p->icons, p->icons_count + 1, sizeof(char *));
+ if (n == NULL)
+ return -1;
+ p->icons = n;
+ p->icons[p->icons_count] = os_strdup(pos);
+ if (p->icons[p->icons_count] == NULL)
+ return -1;
+ p->icons_count++;
+
+ return 0;
+}
+
+
+static int hs20_parse_osu_service_desc(struct hostapd_bss_config *bss,
+ char *pos, int line)
+{
+ if (bss->last_osu == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
+ return -1;
+ }
+
+ if (parse_lang_string(&bss->last_osu->service_desc,
+ &bss->last_osu->service_desc_count, pos)) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid osu_service_desc '%s'",
+ line, pos);
+ return -1;
+ }
+
+ return 0;
+}
+
#endif /* CONFIG_HS20 */
@@ -1709,1302 +1856,1434 @@ static struct wpabuf * hostapd_parse_bin(const char *buf)
#endif /* CONFIG_WPS_NFC */
+#ifdef CONFIG_ACS
+static int hostapd_config_parse_acs_chan_bias(struct hostapd_config *conf,
+ char *pos)
+{
+ struct acs_bias *bias = NULL, *tmp;
+ unsigned int num = 0;
+ char *end;
+
+ while (*pos) {
+ tmp = os_realloc_array(bias, num + 1, sizeof(*bias));
+ if (!tmp)
+ goto fail;
+ bias = tmp;
+
+ bias[num].channel = atoi(pos);
+ if (bias[num].channel <= 0)
+ goto fail;
+ pos = os_strchr(pos, ':');
+ if (!pos)
+ goto fail;
+ pos++;
+ bias[num].bias = strtod(pos, &end);
+ if (end == pos || bias[num].bias < 0.0)
+ goto fail;
+ pos = end;
+ if (*pos != ' ' && *pos != '\0')
+ goto fail;
+ num++;
+ }
+
+ os_free(conf->acs_chan_bias);
+ conf->acs_chan_bias = bias;
+ conf->num_acs_chan_bias = num;
+
+ return 0;
+fail:
+ os_free(bias);
+ return -1;
+}
+#endif /* CONFIG_ACS */
+
+
static int hostapd_config_fill(struct hostapd_config *conf,
struct hostapd_bss_config *bss,
char *buf, char *pos, int line)
{
- int errors = 0;
-
- {
- if (os_strcmp(buf, "interface") == 0) {
- os_strlcpy(conf->bss[0].iface, pos,
- sizeof(conf->bss[0].iface));
- } else if (os_strcmp(buf, "bridge") == 0) {
- os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
- } else if (os_strcmp(buf, "wds_bridge") == 0) {
- os_strlcpy(bss->wds_bridge, pos,
- sizeof(bss->wds_bridge));
- } else if (os_strcmp(buf, "driver") == 0) {
- int j;
- /* clear to get error below if setting is invalid */
- conf->driver = NULL;
- for (j = 0; wpa_drivers[j]; j++) {
- if (os_strcmp(pos, wpa_drivers[j]->name) == 0)
- {
- conf->driver = wpa_drivers[j];
- break;
- }
- }
- if (conf->driver == NULL) {
- wpa_printf(MSG_ERROR, "Line %d: invalid/"
- "unknown driver '%s'", line, pos);
- errors++;
- }
- } else if (os_strcmp(buf, "debug") == 0) {
- wpa_printf(MSG_DEBUG, "Line %d: DEPRECATED: 'debug' "
- "configuration variable is not used "
- "anymore", line);
- } else if (os_strcmp(buf, "logger_syslog_level") == 0) {
- bss->logger_syslog_level = atoi(pos);
- } else if (os_strcmp(buf, "logger_stdout_level") == 0) {
- bss->logger_stdout_level = atoi(pos);
- } else if (os_strcmp(buf, "logger_syslog") == 0) {
- bss->logger_syslog = atoi(pos);
- } else if (os_strcmp(buf, "logger_stdout") == 0) {
- bss->logger_stdout = atoi(pos);
- } else if (os_strcmp(buf, "dump_file") == 0) {
- bss->dump_log_name = os_strdup(pos);
- } else if (os_strcmp(buf, "ssid") == 0) {
- bss->ssid.ssid_len = os_strlen(pos);
- if (bss->ssid.ssid_len > HOSTAPD_MAX_SSID_LEN ||
- bss->ssid.ssid_len < 1) {
- wpa_printf(MSG_ERROR, "Line %d: invalid SSID "
- "'%s'", line, pos);
- errors++;
- } else {
- os_memcpy(bss->ssid.ssid, pos,
- bss->ssid.ssid_len);
- bss->ssid.ssid_set = 1;
- }
- } else if (os_strcmp(buf, "ssid2") == 0) {
- size_t slen;
- char *str = wpa_config_parse_string(pos, &slen);
- if (str == NULL || slen < 1 ||
- slen > HOSTAPD_MAX_SSID_LEN) {
- wpa_printf(MSG_ERROR, "Line %d: invalid SSID "
- "'%s'", line, pos);
- errors++;
- } else {
- os_memcpy(bss->ssid.ssid, str, slen);
- bss->ssid.ssid_len = slen;
- bss->ssid.ssid_set = 1;
+ if (os_strcmp(buf, "interface") == 0) {
+ os_strlcpy(conf->bss[0]->iface, pos,
+ sizeof(conf->bss[0]->iface));
+ } else if (os_strcmp(buf, "bridge") == 0) {
+ os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
+ } else if (os_strcmp(buf, "vlan_bridge") == 0) {
+ os_strlcpy(bss->vlan_bridge, pos, sizeof(bss->vlan_bridge));
+ } else if (os_strcmp(buf, "wds_bridge") == 0) {
+ os_strlcpy(bss->wds_bridge, pos, sizeof(bss->wds_bridge));
+ } else if (os_strcmp(buf, "driver") == 0) {
+ int j;
+ /* clear to get error below if setting is invalid */
+ conf->driver = NULL;
+ for (j = 0; wpa_drivers[j]; j++) {
+ if (os_strcmp(pos, wpa_drivers[j]->name) == 0) {
+ conf->driver = wpa_drivers[j];
+ break;
}
+ }
+ if (conf->driver == NULL) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid/unknown driver '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "driver_params") == 0) {
+ os_free(conf->driver_params);
+ conf->driver_params = os_strdup(pos);
+ } else if (os_strcmp(buf, "debug") == 0) {
+ wpa_printf(MSG_DEBUG, "Line %d: DEPRECATED: 'debug' configuration variable is not used anymore",
+ line);
+ } else if (os_strcmp(buf, "logger_syslog_level") == 0) {
+ bss->logger_syslog_level = atoi(pos);
+ } else if (os_strcmp(buf, "logger_stdout_level") == 0) {
+ bss->logger_stdout_level = atoi(pos);
+ } else if (os_strcmp(buf, "logger_syslog") == 0) {
+ bss->logger_syslog = atoi(pos);
+ } else if (os_strcmp(buf, "logger_stdout") == 0) {
+ bss->logger_stdout = atoi(pos);
+ } else if (os_strcmp(buf, "dump_file") == 0) {
+ wpa_printf(MSG_INFO, "Line %d: DEPRECATED: 'dump_file' configuration variable is not used anymore",
+ line);
+ } else if (os_strcmp(buf, "ssid") == 0) {
+ bss->ssid.ssid_len = os_strlen(pos);
+ if (bss->ssid.ssid_len > HOSTAPD_MAX_SSID_LEN ||
+ bss->ssid.ssid_len < 1) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid SSID '%s'",
+ line, pos);
+ return 1;
+ }
+ os_memcpy(bss->ssid.ssid, pos, bss->ssid.ssid_len);
+ bss->ssid.ssid_set = 1;
+ } else if (os_strcmp(buf, "ssid2") == 0) {
+ size_t slen;
+ char *str = wpa_config_parse_string(pos, &slen);
+ if (str == NULL || slen < 1 || slen > HOSTAPD_MAX_SSID_LEN) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid SSID '%s'",
+ line, pos);
os_free(str);
- } else if (os_strcmp(buf, "utf8_ssid") == 0) {
- bss->ssid.utf8_ssid = atoi(pos) > 0;
- } else if (os_strcmp(buf, "macaddr_acl") == 0) {
- bss->macaddr_acl = atoi(pos);
- if (bss->macaddr_acl != ACCEPT_UNLESS_DENIED &&
- bss->macaddr_acl != DENY_UNLESS_ACCEPTED &&
- bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
- wpa_printf(MSG_ERROR, "Line %d: unknown "
- "macaddr_acl %d",
- line, bss->macaddr_acl);
- }
- } else if (os_strcmp(buf, "accept_mac_file") == 0) {
- if (hostapd_config_read_maclist(pos, &bss->accept_mac,
- &bss->num_accept_mac))
- {
- wpa_printf(MSG_ERROR, "Line %d: Failed to "
- "read accept_mac_file '%s'",
- line, pos);
- errors++;
- }
- } else if (os_strcmp(buf, "deny_mac_file") == 0) {
- if (hostapd_config_read_maclist(pos, &bss->deny_mac,
- &bss->num_deny_mac)) {
- wpa_printf(MSG_ERROR, "Line %d: Failed to "
- "read deny_mac_file '%s'",
- line, pos);
- errors++;
- }
- } else if (os_strcmp(buf, "wds_sta") == 0) {
- bss->wds_sta = atoi(pos);
- } else if (os_strcmp(buf, "ap_isolate") == 0) {
- bss->isolate = atoi(pos);
- } else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
- bss->ap_max_inactivity = atoi(pos);
- } else if (os_strcmp(buf, "skip_inactivity_poll") == 0) {
- bss->skip_inactivity_poll = atoi(pos);
- } else if (os_strcmp(buf, "country_code") == 0) {
- os_memcpy(conf->country, pos, 2);
- /* FIX: make this configurable */
- conf->country[2] = ' ';
- } else if (os_strcmp(buf, "ieee80211d") == 0) {
- conf->ieee80211d = atoi(pos);
- } else if (os_strcmp(buf, "ieee8021x") == 0) {
- bss->ieee802_1x = atoi(pos);
- } else if (os_strcmp(buf, "eapol_version") == 0) {
- bss->eapol_version = atoi(pos);
- if (bss->eapol_version < 1 ||
- bss->eapol_version > 2) {
- wpa_printf(MSG_ERROR, "Line %d: invalid EAPOL "
- "version (%d): '%s'.",
- line, bss->eapol_version, pos);
- errors++;
- } else
- wpa_printf(MSG_DEBUG, "eapol_version=%d",
- bss->eapol_version);
+ return 1;
+ }
+ os_memcpy(bss->ssid.ssid, str, slen);
+ bss->ssid.ssid_len = slen;
+ bss->ssid.ssid_set = 1;
+ os_free(str);
+ } else if (os_strcmp(buf, "utf8_ssid") == 0) {
+ bss->ssid.utf8_ssid = atoi(pos) > 0;
+ } else if (os_strcmp(buf, "macaddr_acl") == 0) {
+ bss->macaddr_acl = atoi(pos);
+ if (bss->macaddr_acl != ACCEPT_UNLESS_DENIED &&
+ bss->macaddr_acl != DENY_UNLESS_ACCEPTED &&
+ bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
+ wpa_printf(MSG_ERROR, "Line %d: unknown macaddr_acl %d",
+ line, bss->macaddr_acl);
+ }
+ } else if (os_strcmp(buf, "accept_mac_file") == 0) {
+ if (hostapd_config_read_maclist(pos, &bss->accept_mac,
+ &bss->num_accept_mac)) {
+ wpa_printf(MSG_ERROR, "Line %d: Failed to read accept_mac_file '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "deny_mac_file") == 0) {
+ if (hostapd_config_read_maclist(pos, &bss->deny_mac,
+ &bss->num_deny_mac)) {
+ wpa_printf(MSG_ERROR, "Line %d: Failed to read deny_mac_file '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "wds_sta") == 0) {
+ bss->wds_sta = atoi(pos);
+ } else if (os_strcmp(buf, "start_disabled") == 0) {
+ bss->start_disabled = atoi(pos);
+ } else if (os_strcmp(buf, "ap_isolate") == 0) {
+ bss->isolate = atoi(pos);
+ } else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
+ bss->ap_max_inactivity = atoi(pos);
+ } else if (os_strcmp(buf, "skip_inactivity_poll") == 0) {
+ bss->skip_inactivity_poll = atoi(pos);
+ } else if (os_strcmp(buf, "country_code") == 0) {
+ os_memcpy(conf->country, pos, 2);
+ /* FIX: make this configurable */
+ conf->country[2] = ' ';
+ } else if (os_strcmp(buf, "ieee80211d") == 0) {
+ conf->ieee80211d = atoi(pos);
+ } else if (os_strcmp(buf, "ieee80211h") == 0) {
+ conf->ieee80211h = atoi(pos);
+ } else if (os_strcmp(buf, "ieee8021x") == 0) {
+ bss->ieee802_1x = atoi(pos);
+ } else if (os_strcmp(buf, "eapol_version") == 0) {
+ bss->eapol_version = atoi(pos);
+ if (bss->eapol_version < 1 || bss->eapol_version > 2) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid EAPOL version (%d): '%s'.",
+ line, bss->eapol_version, pos);
+ return 1;
+ }
+ wpa_printf(MSG_DEBUG, "eapol_version=%d", bss->eapol_version);
#ifdef EAP_SERVER
- } else if (os_strcmp(buf, "eap_authenticator") == 0) {
- bss->eap_server = atoi(pos);
- wpa_printf(MSG_ERROR, "Line %d: obsolete "
- "eap_authenticator used; this has been "
- "renamed to eap_server", line);
- } else if (os_strcmp(buf, "eap_server") == 0) {
- bss->eap_server = atoi(pos);
- } else if (os_strcmp(buf, "eap_user_file") == 0) {
- if (hostapd_config_read_eap_user(pos, bss))
- errors++;
- } else if (os_strcmp(buf, "ca_cert") == 0) {
- os_free(bss->ca_cert);
- bss->ca_cert = os_strdup(pos);
- } else if (os_strcmp(buf, "server_cert") == 0) {
- os_free(bss->server_cert);
- bss->server_cert = os_strdup(pos);
- } else if (os_strcmp(buf, "private_key") == 0) {
- os_free(bss->private_key);
- bss->private_key = os_strdup(pos);
- } else if (os_strcmp(buf, "private_key_passwd") == 0) {
- os_free(bss->private_key_passwd);
- bss->private_key_passwd = os_strdup(pos);
- } else if (os_strcmp(buf, "check_crl") == 0) {
- bss->check_crl = atoi(pos);
- } else if (os_strcmp(buf, "dh_file") == 0) {
- os_free(bss->dh_file);
- bss->dh_file = os_strdup(pos);
- } else if (os_strcmp(buf, "fragment_size") == 0) {
- bss->fragment_size = atoi(pos);
+ } else if (os_strcmp(buf, "eap_authenticator") == 0) {
+ bss->eap_server = atoi(pos);
+ wpa_printf(MSG_ERROR, "Line %d: obsolete eap_authenticator used; this has been renamed to eap_server", line);
+ } else if (os_strcmp(buf, "eap_server") == 0) {
+ bss->eap_server = atoi(pos);
+ } else if (os_strcmp(buf, "eap_user_file") == 0) {
+ if (hostapd_config_read_eap_user(pos, bss))
+ return 1;
+ } else if (os_strcmp(buf, "ca_cert") == 0) {
+ os_free(bss->ca_cert);
+ bss->ca_cert = os_strdup(pos);
+ } else if (os_strcmp(buf, "server_cert") == 0) {
+ os_free(bss->server_cert);
+ bss->server_cert = os_strdup(pos);
+ } else if (os_strcmp(buf, "private_key") == 0) {
+ os_free(bss->private_key);
+ bss->private_key = os_strdup(pos);
+ } else if (os_strcmp(buf, "private_key_passwd") == 0) {
+ os_free(bss->private_key_passwd);
+ bss->private_key_passwd = os_strdup(pos);
+ } else if (os_strcmp(buf, "check_crl") == 0) {
+ bss->check_crl = atoi(pos);
+ } else if (os_strcmp(buf, "ocsp_stapling_response") == 0) {
+ os_free(bss->ocsp_stapling_response);
+ bss->ocsp_stapling_response = os_strdup(pos);
+ } else if (os_strcmp(buf, "dh_file") == 0) {
+ os_free(bss->dh_file);
+ bss->dh_file = os_strdup(pos);
+ } else if (os_strcmp(buf, "openssl_ciphers") == 0) {
+ os_free(bss->openssl_ciphers);
+ bss->openssl_ciphers = os_strdup(pos);
+ } else if (os_strcmp(buf, "fragment_size") == 0) {
+ bss->fragment_size = atoi(pos);
#ifdef EAP_SERVER_FAST
- } else if (os_strcmp(buf, "pac_opaque_encr_key") == 0) {
- os_free(bss->pac_opaque_encr_key);
- bss->pac_opaque_encr_key = os_malloc(16);
- if (bss->pac_opaque_encr_key == NULL) {
- wpa_printf(MSG_ERROR, "Line %d: No memory for "
- "pac_opaque_encr_key", line);
- errors++;
- } else if (hexstr2bin(pos, bss->pac_opaque_encr_key,
- 16)) {
- wpa_printf(MSG_ERROR, "Line %d: Invalid "
- "pac_opaque_encr_key", line);
- errors++;
- }
- } else if (os_strcmp(buf, "eap_fast_a_id") == 0) {
- size_t idlen = os_strlen(pos);
- if (idlen & 1) {
- wpa_printf(MSG_ERROR, "Line %d: Invalid "
- "eap_fast_a_id", line);
- errors++;
- } else {
- os_free(bss->eap_fast_a_id);
- bss->eap_fast_a_id = os_malloc(idlen / 2);
- if (bss->eap_fast_a_id == NULL ||
- hexstr2bin(pos, bss->eap_fast_a_id,
- idlen / 2)) {
- wpa_printf(MSG_ERROR, "Line %d: "
- "Failed to parse "
- "eap_fast_a_id", line);
- errors++;
- } else
- bss->eap_fast_a_id_len = idlen / 2;
- }
- } else if (os_strcmp(buf, "eap_fast_a_id_info") == 0) {
- os_free(bss->eap_fast_a_id_info);
- bss->eap_fast_a_id_info = os_strdup(pos);
- } else if (os_strcmp(buf, "eap_fast_prov") == 0) {
- bss->eap_fast_prov = atoi(pos);
- } else if (os_strcmp(buf, "pac_key_lifetime") == 0) {
- bss->pac_key_lifetime = atoi(pos);
- } else if (os_strcmp(buf, "pac_key_refresh_time") == 0) {
- bss->pac_key_refresh_time = atoi(pos);
+ } else if (os_strcmp(buf, "pac_opaque_encr_key") == 0) {
+ os_free(bss->pac_opaque_encr_key);
+ bss->pac_opaque_encr_key = os_malloc(16);
+ if (bss->pac_opaque_encr_key == NULL) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: No memory for pac_opaque_encr_key",
+ line);
+ return 1;
+ } else if (hexstr2bin(pos, bss->pac_opaque_encr_key, 16)) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid pac_opaque_encr_key",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "eap_fast_a_id") == 0) {
+ size_t idlen = os_strlen(pos);
+ if (idlen & 1) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid eap_fast_a_id",
+ line);
+ return 1;
+ }
+ os_free(bss->eap_fast_a_id);
+ bss->eap_fast_a_id = os_malloc(idlen / 2);
+ if (bss->eap_fast_a_id == NULL ||
+ hexstr2bin(pos, bss->eap_fast_a_id, idlen / 2)) {
+ wpa_printf(MSG_ERROR, "Line %d: Failed to parse eap_fast_a_id",
+ line);
+ os_free(bss->eap_fast_a_id);
+ bss->eap_fast_a_id = NULL;
+ return 1;
+ } else {
+ bss->eap_fast_a_id_len = idlen / 2;
+ }
+ } else if (os_strcmp(buf, "eap_fast_a_id_info") == 0) {
+ os_free(bss->eap_fast_a_id_info);
+ bss->eap_fast_a_id_info = os_strdup(pos);
+ } else if (os_strcmp(buf, "eap_fast_prov") == 0) {
+ bss->eap_fast_prov = atoi(pos);
+ } else if (os_strcmp(buf, "pac_key_lifetime") == 0) {
+ bss->pac_key_lifetime = atoi(pos);
+ } else if (os_strcmp(buf, "pac_key_refresh_time") == 0) {
+ bss->pac_key_refresh_time = atoi(pos);
#endif /* EAP_SERVER_FAST */
#ifdef EAP_SERVER_SIM
- } else if (os_strcmp(buf, "eap_sim_db") == 0) {
- os_free(bss->eap_sim_db);
- bss->eap_sim_db = os_strdup(pos);
- } else if (os_strcmp(buf, "eap_sim_aka_result_ind") == 0) {
- bss->eap_sim_aka_result_ind = atoi(pos);
+ } else if (os_strcmp(buf, "eap_sim_db") == 0) {
+ os_free(bss->eap_sim_db);
+ bss->eap_sim_db = os_strdup(pos);
+ } else if (os_strcmp(buf, "eap_sim_aka_result_ind") == 0) {
+ bss->eap_sim_aka_result_ind = atoi(pos);
#endif /* EAP_SERVER_SIM */
#ifdef EAP_SERVER_TNC
- } else if (os_strcmp(buf, "tnc") == 0) {
- bss->tnc = atoi(pos);
+ } else if (os_strcmp(buf, "tnc") == 0) {
+ bss->tnc = atoi(pos);
#endif /* EAP_SERVER_TNC */
#ifdef EAP_SERVER_PWD
- } else if (os_strcmp(buf, "pwd_group") == 0) {
- bss->pwd_group = atoi(pos);
+ } else if (os_strcmp(buf, "pwd_group") == 0) {
+ bss->pwd_group = atoi(pos);
#endif /* EAP_SERVER_PWD */
+ } else if (os_strcmp(buf, "eap_server_erp") == 0) {
+ bss->eap_server_erp = atoi(pos);
#endif /* EAP_SERVER */
- } else if (os_strcmp(buf, "eap_message") == 0) {
- char *term;
- bss->eap_req_id_text = os_strdup(pos);
- if (bss->eap_req_id_text == NULL) {
- wpa_printf(MSG_ERROR, "Line %d: Failed to "
- "allocate memory for "
- "eap_req_id_text", line);
- errors++;
- return errors;
- }
- bss->eap_req_id_text_len =
- os_strlen(bss->eap_req_id_text);
- term = os_strstr(bss->eap_req_id_text, "\\0");
- if (term) {
- *term++ = '\0';
- os_memmove(term, term + 1,
- bss->eap_req_id_text_len -
- (term - bss->eap_req_id_text) - 1);
- bss->eap_req_id_text_len--;
- }
- } else if (os_strcmp(buf, "wep_key_len_broadcast") == 0) {
- bss->default_wep_key_len = atoi(pos);
- if (bss->default_wep_key_len > 13) {
- wpa_printf(MSG_ERROR, "Line %d: invalid WEP "
- "key len %lu (= %lu bits)", line,
- (unsigned long)
- bss->default_wep_key_len,
- (unsigned long)
- bss->default_wep_key_len * 8);
- errors++;
- }
- } else if (os_strcmp(buf, "wep_key_len_unicast") == 0) {
- bss->individual_wep_key_len = atoi(pos);
- if (bss->individual_wep_key_len < 0 ||
- bss->individual_wep_key_len > 13) {
- wpa_printf(MSG_ERROR, "Line %d: invalid WEP "
- "key len %d (= %d bits)", line,
- bss->individual_wep_key_len,
- bss->individual_wep_key_len * 8);
- errors++;
- }
- } else if (os_strcmp(buf, "wep_rekey_period") == 0) {
- bss->wep_rekeying_period = atoi(pos);
- if (bss->wep_rekeying_period < 0) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "period %d",
- line, bss->wep_rekeying_period);
- errors++;
- }
- } else if (os_strcmp(buf, "eap_reauth_period") == 0) {
- bss->eap_reauth_period = atoi(pos);
- if (bss->eap_reauth_period < 0) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "period %d",
- line, bss->eap_reauth_period);
- errors++;
- }
- } else if (os_strcmp(buf, "eapol_key_index_workaround") == 0) {
- bss->eapol_key_index_workaround = atoi(pos);
+ } else if (os_strcmp(buf, "eap_message") == 0) {
+ char *term;
+ os_free(bss->eap_req_id_text);
+ bss->eap_req_id_text = os_strdup(pos);
+ if (bss->eap_req_id_text == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: Failed to allocate memory for eap_req_id_text",
+ line);
+ return 1;
+ }
+ bss->eap_req_id_text_len = os_strlen(bss->eap_req_id_text);
+ term = os_strstr(bss->eap_req_id_text, "\\0");
+ if (term) {
+ *term++ = '\0';
+ os_memmove(term, term + 1,
+ bss->eap_req_id_text_len -
+ (term - bss->eap_req_id_text) - 1);
+ bss->eap_req_id_text_len--;
+ }
+ } else if (os_strcmp(buf, "erp_send_reauth_start") == 0) {
+ bss->erp_send_reauth_start = atoi(pos);
+ } else if (os_strcmp(buf, "erp_domain") == 0) {
+ os_free(bss->erp_domain);
+ bss->erp_domain = os_strdup(pos);
+ } else if (os_strcmp(buf, "wep_key_len_broadcast") == 0) {
+ bss->default_wep_key_len = atoi(pos);
+ if (bss->default_wep_key_len > 13) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid WEP key len %lu (= %lu bits)",
+ line,
+ (unsigned long) bss->default_wep_key_len,
+ (unsigned long)
+ bss->default_wep_key_len * 8);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "wep_key_len_unicast") == 0) {
+ bss->individual_wep_key_len = atoi(pos);
+ if (bss->individual_wep_key_len < 0 ||
+ bss->individual_wep_key_len > 13) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid WEP key len %d (= %d bits)",
+ line, bss->individual_wep_key_len,
+ bss->individual_wep_key_len * 8);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "wep_rekey_period") == 0) {
+ bss->wep_rekeying_period = atoi(pos);
+ if (bss->wep_rekeying_period < 0) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid period %d",
+ line, bss->wep_rekeying_period);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "eap_reauth_period") == 0) {
+ bss->eap_reauth_period = atoi(pos);
+ if (bss->eap_reauth_period < 0) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid period %d",
+ line, bss->eap_reauth_period);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "eapol_key_index_workaround") == 0) {
+ bss->eapol_key_index_workaround = atoi(pos);
#ifdef CONFIG_IAPP
- } else if (os_strcmp(buf, "iapp_interface") == 0) {
- bss->ieee802_11f = 1;
- os_strlcpy(bss->iapp_iface, pos,
- sizeof(bss->iapp_iface));
+ } else if (os_strcmp(buf, "iapp_interface") == 0) {
+ bss->ieee802_11f = 1;
+ os_strlcpy(bss->iapp_iface, pos, sizeof(bss->iapp_iface));
#endif /* CONFIG_IAPP */
- } else if (os_strcmp(buf, "own_ip_addr") == 0) {
- if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) {
- wpa_printf(MSG_ERROR, "Line %d: invalid IP "
- "address '%s'", line, pos);
- errors++;
- }
- } else if (os_strcmp(buf, "nas_identifier") == 0) {
- bss->nas_identifier = os_strdup(pos);
+ } else if (os_strcmp(buf, "own_ip_addr") == 0) {
+ if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid IP address '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "nas_identifier") == 0) {
+ os_free(bss->nas_identifier);
+ bss->nas_identifier = os_strdup(pos);
#ifndef CONFIG_NO_RADIUS
- } else if (os_strcmp(buf, "auth_server_addr") == 0) {
- if (hostapd_config_read_radius_addr(
- &bss->radius->auth_servers,
- &bss->radius->num_auth_servers, pos, 1812,
- &bss->radius->auth_server)) {
- wpa_printf(MSG_ERROR, "Line %d: invalid IP "
- "address '%s'", line, pos);
- errors++;
- }
- } else if (bss->radius->auth_server &&
- os_strcmp(buf, "auth_server_port") == 0) {
- bss->radius->auth_server->port = atoi(pos);
- } else if (bss->radius->auth_server &&
- os_strcmp(buf, "auth_server_shared_secret") == 0) {
- int len = os_strlen(pos);
- if (len == 0) {
- /* RFC 2865, Ch. 3 */
- wpa_printf(MSG_ERROR, "Line %d: empty shared "
- "secret is not allowed.", line);
- errors++;
- }
- bss->radius->auth_server->shared_secret =
- (u8 *) os_strdup(pos);
- bss->radius->auth_server->shared_secret_len = len;
- } else if (os_strcmp(buf, "acct_server_addr") == 0) {
- if (hostapd_config_read_radius_addr(
- &bss->radius->acct_servers,
- &bss->radius->num_acct_servers, pos, 1813,
- &bss->radius->acct_server)) {
- wpa_printf(MSG_ERROR, "Line %d: invalid IP "
- "address '%s'", line, pos);
- errors++;
- }
- } else if (bss->radius->acct_server &&
- os_strcmp(buf, "acct_server_port") == 0) {
- bss->radius->acct_server->port = atoi(pos);
- } else if (bss->radius->acct_server &&
- os_strcmp(buf, "acct_server_shared_secret") == 0) {
- int len = os_strlen(pos);
- if (len == 0) {
- /* RFC 2865, Ch. 3 */
- wpa_printf(MSG_ERROR, "Line %d: empty shared "
- "secret is not allowed.", line);
- errors++;
- }
- bss->radius->acct_server->shared_secret =
- (u8 *) os_strdup(pos);
- bss->radius->acct_server->shared_secret_len = len;
- } else if (os_strcmp(buf, "radius_retry_primary_interval") ==
- 0) {
- bss->radius->retry_primary_interval = atoi(pos);
- } else if (os_strcmp(buf, "radius_acct_interim_interval") == 0)
- {
- bss->acct_interim_interval = atoi(pos);
- } else if (os_strcmp(buf, "radius_request_cui") == 0) {
- bss->radius_request_cui = atoi(pos);
- } else if (os_strcmp(buf, "radius_auth_req_attr") == 0) {
- struct hostapd_radius_attr *attr, *a;
- attr = hostapd_parse_radius_attr(pos);
- if (attr == NULL) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "radius_auth_req_attr", line);
- errors++;
- } else if (bss->radius_auth_req_attr == NULL) {
- bss->radius_auth_req_attr = attr;
- } else {
- a = bss->radius_auth_req_attr;
- while (a->next)
- a = a->next;
- a->next = attr;
- }
- } else if (os_strcmp(buf, "radius_acct_req_attr") == 0) {
- struct hostapd_radius_attr *attr, *a;
- attr = hostapd_parse_radius_attr(pos);
- if (attr == NULL) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "radius_acct_req_attr", line);
- errors++;
- } else if (bss->radius_acct_req_attr == NULL) {
- bss->radius_acct_req_attr = attr;
- } else {
- a = bss->radius_acct_req_attr;
- while (a->next)
- a = a->next;
- a->next = attr;
- }
- } else if (os_strcmp(buf, "radius_das_port") == 0) {
- bss->radius_das_port = atoi(pos);
- } else if (os_strcmp(buf, "radius_das_client") == 0) {
- if (hostapd_parse_das_client(bss, pos) < 0) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "DAS client", line);
- errors++;
- }
- } else if (os_strcmp(buf, "radius_das_time_window") == 0) {
- bss->radius_das_time_window = atoi(pos);
- } else if (os_strcmp(buf, "radius_das_require_event_timestamp")
- == 0) {
- bss->radius_das_require_event_timestamp = atoi(pos);
+ } else if (os_strcmp(buf, "radius_client_addr") == 0) {
+ if (hostapd_parse_ip_addr(pos, &bss->radius->client_addr)) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid IP address '%s'",
+ line, pos);
+ return 1;
+ }
+ bss->radius->force_client_addr = 1;
+ } else if (os_strcmp(buf, "auth_server_addr") == 0) {
+ if (hostapd_config_read_radius_addr(
+ &bss->radius->auth_servers,
+ &bss->radius->num_auth_servers, pos, 1812,
+ &bss->radius->auth_server)) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid IP address '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (bss->radius->auth_server &&
+ os_strcmp(buf, "auth_server_addr_replace") == 0) {
+ if (hostapd_parse_ip_addr(pos,
+ &bss->radius->auth_server->addr)) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid IP address '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (bss->radius->auth_server &&
+ os_strcmp(buf, "auth_server_port") == 0) {
+ bss->radius->auth_server->port = atoi(pos);
+ } else if (bss->radius->auth_server &&
+ os_strcmp(buf, "auth_server_shared_secret") == 0) {
+ int len = os_strlen(pos);
+ if (len == 0) {
+ /* RFC 2865, Ch. 3 */
+ wpa_printf(MSG_ERROR, "Line %d: empty shared secret is not allowed",
+ line);
+ return 1;
+ }
+ os_free(bss->radius->auth_server->shared_secret);
+ bss->radius->auth_server->shared_secret = (u8 *) os_strdup(pos);
+ bss->radius->auth_server->shared_secret_len = len;
+ } else if (os_strcmp(buf, "acct_server_addr") == 0) {
+ if (hostapd_config_read_radius_addr(
+ &bss->radius->acct_servers,
+ &bss->radius->num_acct_servers, pos, 1813,
+ &bss->radius->acct_server)) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid IP address '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (bss->radius->acct_server &&
+ os_strcmp(buf, "acct_server_addr_replace") == 0) {
+ if (hostapd_parse_ip_addr(pos,
+ &bss->radius->acct_server->addr)) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid IP address '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (bss->radius->acct_server &&
+ os_strcmp(buf, "acct_server_port") == 0) {
+ bss->radius->acct_server->port = atoi(pos);
+ } else if (bss->radius->acct_server &&
+ os_strcmp(buf, "acct_server_shared_secret") == 0) {
+ int len = os_strlen(pos);
+ if (len == 0) {
+ /* RFC 2865, Ch. 3 */
+ wpa_printf(MSG_ERROR, "Line %d: empty shared secret is not allowed",
+ line);
+ return 1;
+ }
+ os_free(bss->radius->acct_server->shared_secret);
+ bss->radius->acct_server->shared_secret = (u8 *) os_strdup(pos);
+ bss->radius->acct_server->shared_secret_len = len;
+ } else if (os_strcmp(buf, "radius_retry_primary_interval") == 0) {
+ bss->radius->retry_primary_interval = atoi(pos);
+ } else if (os_strcmp(buf, "radius_acct_interim_interval") == 0) {
+ bss->acct_interim_interval = atoi(pos);
+ } else if (os_strcmp(buf, "radius_request_cui") == 0) {
+ bss->radius_request_cui = atoi(pos);
+ } else if (os_strcmp(buf, "radius_auth_req_attr") == 0) {
+ struct hostapd_radius_attr *attr, *a;
+ attr = hostapd_parse_radius_attr(pos);
+ if (attr == NULL) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid radius_auth_req_attr",
+ line);
+ return 1;
+ } else if (bss->radius_auth_req_attr == NULL) {
+ bss->radius_auth_req_attr = attr;
+ } else {
+ a = bss->radius_auth_req_attr;
+ while (a->next)
+ a = a->next;
+ a->next = attr;
+ }
+ } else if (os_strcmp(buf, "radius_acct_req_attr") == 0) {
+ struct hostapd_radius_attr *attr, *a;
+ attr = hostapd_parse_radius_attr(pos);
+ if (attr == NULL) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid radius_acct_req_attr",
+ line);
+ return 1;
+ } else if (bss->radius_acct_req_attr == NULL) {
+ bss->radius_acct_req_attr = attr;
+ } else {
+ a = bss->radius_acct_req_attr;
+ while (a->next)
+ a = a->next;
+ a->next = attr;
+ }
+ } else if (os_strcmp(buf, "radius_das_port") == 0) {
+ bss->radius_das_port = atoi(pos);
+ } else if (os_strcmp(buf, "radius_das_client") == 0) {
+ if (hostapd_parse_das_client(bss, pos) < 0) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid DAS client",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "radius_das_time_window") == 0) {
+ bss->radius_das_time_window = atoi(pos);
+ } else if (os_strcmp(buf, "radius_das_require_event_timestamp") == 0) {
+ bss->radius_das_require_event_timestamp = atoi(pos);
#endif /* CONFIG_NO_RADIUS */
- } else if (os_strcmp(buf, "auth_algs") == 0) {
- bss->auth_algs = atoi(pos);
- if (bss->auth_algs == 0) {
- wpa_printf(MSG_ERROR, "Line %d: no "
- "authentication algorithms allowed",
- line);
- errors++;
- }
- } else if (os_strcmp(buf, "max_num_sta") == 0) {
- bss->max_num_sta = atoi(pos);
- if (bss->max_num_sta < 0 ||
- bss->max_num_sta > MAX_STA_COUNT) {
- wpa_printf(MSG_ERROR, "Line %d: Invalid "
- "max_num_sta=%d; allowed range "
- "0..%d", line, bss->max_num_sta,
- MAX_STA_COUNT);
- errors++;
- }
- } else if (os_strcmp(buf, "wpa") == 0) {
- bss->wpa = atoi(pos);
- } else if (os_strcmp(buf, "wpa_group_rekey") == 0) {
- bss->wpa_group_rekey = atoi(pos);
- } else if (os_strcmp(buf, "wpa_strict_rekey") == 0) {
- bss->wpa_strict_rekey = atoi(pos);
- } else if (os_strcmp(buf, "wpa_gmk_rekey") == 0) {
- bss->wpa_gmk_rekey = atoi(pos);
- } else if (os_strcmp(buf, "wpa_ptk_rekey") == 0) {
- bss->wpa_ptk_rekey = atoi(pos);
- } else if (os_strcmp(buf, "wpa_passphrase") == 0) {
- int len = os_strlen(pos);
- if (len < 8 || len > 63) {
- wpa_printf(MSG_ERROR, "Line %d: invalid WPA "
- "passphrase length %d (expected "
- "8..63)", line, len);
- errors++;
- } else {
- os_free(bss->ssid.wpa_passphrase);
- bss->ssid.wpa_passphrase = os_strdup(pos);
- os_free(bss->ssid.wpa_psk);
- bss->ssid.wpa_psk = NULL;
- }
- } else if (os_strcmp(buf, "wpa_psk") == 0) {
- os_free(bss->ssid.wpa_psk);
- bss->ssid.wpa_psk =
- os_zalloc(sizeof(struct hostapd_wpa_psk));
- if (bss->ssid.wpa_psk == NULL)
- errors++;
- else if (hexstr2bin(pos, bss->ssid.wpa_psk->psk,
- PMK_LEN) ||
- pos[PMK_LEN * 2] != '\0') {
- wpa_printf(MSG_ERROR, "Line %d: Invalid PSK "
- "'%s'.", line, pos);
- errors++;
- } else {
- bss->ssid.wpa_psk->group = 1;
- os_free(bss->ssid.wpa_passphrase);
- bss->ssid.wpa_passphrase = NULL;
- }
- } else if (os_strcmp(buf, "wpa_psk_file") == 0) {
- os_free(bss->ssid.wpa_psk_file);
- bss->ssid.wpa_psk_file = os_strdup(pos);
- if (!bss->ssid.wpa_psk_file) {
- wpa_printf(MSG_ERROR, "Line %d: allocation "
- "failed", line);
- errors++;
- }
- } else if (os_strcmp(buf, "wpa_key_mgmt") == 0) {
- bss->wpa_key_mgmt =
- hostapd_config_parse_key_mgmt(line, pos);
- if (bss->wpa_key_mgmt == -1)
- errors++;
- } else if (os_strcmp(buf, "wpa_psk_radius") == 0) {
- bss->wpa_psk_radius = atoi(pos);
- if (bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
- bss->wpa_psk_radius != PSK_RADIUS_ACCEPTED &&
- bss->wpa_psk_radius != PSK_RADIUS_REQUIRED) {
- wpa_printf(MSG_ERROR, "Line %d: unknown "
- "wpa_psk_radius %d",
- line, bss->wpa_psk_radius);
- errors++;
- }
- } else if (os_strcmp(buf, "wpa_pairwise") == 0) {
- bss->wpa_pairwise =
- hostapd_config_parse_cipher(line, pos);
- if (bss->wpa_pairwise == -1 ||
- bss->wpa_pairwise == 0)
- errors++;
- else if (bss->wpa_pairwise &
- (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
- WPA_CIPHER_WEP104)) {
- wpa_printf(MSG_ERROR, "Line %d: unsupported "
- "pairwise cipher suite '%s'",
- bss->wpa_pairwise, pos);
- errors++;
- }
- } else if (os_strcmp(buf, "rsn_pairwise") == 0) {
- bss->rsn_pairwise =
- hostapd_config_parse_cipher(line, pos);
- if (bss->rsn_pairwise == -1 ||
- bss->rsn_pairwise == 0)
- errors++;
- else if (bss->rsn_pairwise &
- (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
- WPA_CIPHER_WEP104)) {
- wpa_printf(MSG_ERROR, "Line %d: unsupported "
- "pairwise cipher suite '%s'",
- bss->rsn_pairwise, pos);
- errors++;
- }
+ } else if (os_strcmp(buf, "auth_algs") == 0) {
+ bss->auth_algs = atoi(pos);
+ if (bss->auth_algs == 0) {
+ wpa_printf(MSG_ERROR, "Line %d: no authentication algorithms allowed",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "max_num_sta") == 0) {
+ bss->max_num_sta = atoi(pos);
+ if (bss->max_num_sta < 0 ||
+ bss->max_num_sta > MAX_STA_COUNT) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid max_num_sta=%d; allowed range 0..%d",
+ line, bss->max_num_sta, MAX_STA_COUNT);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "wpa") == 0) {
+ bss->wpa = atoi(pos);
+ } else if (os_strcmp(buf, "wpa_group_rekey") == 0) {
+ bss->wpa_group_rekey = atoi(pos);
+ } else if (os_strcmp(buf, "wpa_strict_rekey") == 0) {
+ bss->wpa_strict_rekey = atoi(pos);
+ } else if (os_strcmp(buf, "wpa_gmk_rekey") == 0) {
+ bss->wpa_gmk_rekey = atoi(pos);
+ } else if (os_strcmp(buf, "wpa_ptk_rekey") == 0) {
+ bss->wpa_ptk_rekey = atoi(pos);
+ } else if (os_strcmp(buf, "wpa_passphrase") == 0) {
+ int len = os_strlen(pos);
+ if (len < 8 || len > 63) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid WPA passphrase length %d (expected 8..63)",
+ line, len);
+ return 1;
+ }
+ os_free(bss->ssid.wpa_passphrase);
+ bss->ssid.wpa_passphrase = os_strdup(pos);
+ if (bss->ssid.wpa_passphrase) {
+ hostapd_config_clear_wpa_psk(&bss->ssid.wpa_psk);
+ bss->ssid.wpa_passphrase_set = 1;
+ }
+ } else if (os_strcmp(buf, "wpa_psk") == 0) {
+ hostapd_config_clear_wpa_psk(&bss->ssid.wpa_psk);
+ bss->ssid.wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
+ if (bss->ssid.wpa_psk == NULL)
+ return 1;
+ if (hexstr2bin(pos, bss->ssid.wpa_psk->psk, PMK_LEN) ||
+ pos[PMK_LEN * 2] != '\0') {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid PSK '%s'.",
+ line, pos);
+ hostapd_config_clear_wpa_psk(&bss->ssid.wpa_psk);
+ return 1;
+ }
+ bss->ssid.wpa_psk->group = 1;
+ os_free(bss->ssid.wpa_passphrase);
+ bss->ssid.wpa_passphrase = NULL;
+ bss->ssid.wpa_psk_set = 1;
+ } else if (os_strcmp(buf, "wpa_psk_file") == 0) {
+ os_free(bss->ssid.wpa_psk_file);
+ bss->ssid.wpa_psk_file = os_strdup(pos);
+ if (!bss->ssid.wpa_psk_file) {
+ wpa_printf(MSG_ERROR, "Line %d: allocation failed",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "wpa_key_mgmt") == 0) {
+ bss->wpa_key_mgmt = hostapd_config_parse_key_mgmt(line, pos);
+ if (bss->wpa_key_mgmt == -1)
+ return 1;
+ } else if (os_strcmp(buf, "wpa_psk_radius") == 0) {
+ bss->wpa_psk_radius = atoi(pos);
+ if (bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
+ bss->wpa_psk_radius != PSK_RADIUS_ACCEPTED &&
+ bss->wpa_psk_radius != PSK_RADIUS_REQUIRED) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: unknown wpa_psk_radius %d",
+ line, bss->wpa_psk_radius);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "wpa_pairwise") == 0) {
+ bss->wpa_pairwise = hostapd_config_parse_cipher(line, pos);
+ if (bss->wpa_pairwise == -1 || bss->wpa_pairwise == 0)
+ return 1;
+ if (bss->wpa_pairwise &
+ (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)) {
+ wpa_printf(MSG_ERROR, "Line %d: unsupported pairwise cipher suite '%s'",
+ bss->wpa_pairwise, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "rsn_pairwise") == 0) {
+ bss->rsn_pairwise = hostapd_config_parse_cipher(line, pos);
+ if (bss->rsn_pairwise == -1 || bss->rsn_pairwise == 0)
+ return 1;
+ if (bss->rsn_pairwise &
+ (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)) {
+ wpa_printf(MSG_ERROR, "Line %d: unsupported pairwise cipher suite '%s'",
+ bss->rsn_pairwise, pos);
+ return 1;
+ }
#ifdef CONFIG_RSN_PREAUTH
- } else if (os_strcmp(buf, "rsn_preauth") == 0) {
- bss->rsn_preauth = atoi(pos);
- } else if (os_strcmp(buf, "rsn_preauth_interfaces") == 0) {
- bss->rsn_preauth_interfaces = os_strdup(pos);
+ } else if (os_strcmp(buf, "rsn_preauth") == 0) {
+ bss->rsn_preauth = atoi(pos);
+ } else if (os_strcmp(buf, "rsn_preauth_interfaces") == 0) {
+ os_free(bss->rsn_preauth_interfaces);
+ bss->rsn_preauth_interfaces = os_strdup(pos);
#endif /* CONFIG_RSN_PREAUTH */
#ifdef CONFIG_PEERKEY
- } else if (os_strcmp(buf, "peerkey") == 0) {
- bss->peerkey = atoi(pos);
+ } else if (os_strcmp(buf, "peerkey") == 0) {
+ bss->peerkey = atoi(pos);
#endif /* CONFIG_PEERKEY */
#ifdef CONFIG_IEEE80211R
- } else if (os_strcmp(buf, "mobility_domain") == 0) {
- if (os_strlen(pos) != 2 * MOBILITY_DOMAIN_ID_LEN ||
- hexstr2bin(pos, bss->mobility_domain,
- MOBILITY_DOMAIN_ID_LEN) != 0) {
- wpa_printf(MSG_DEBUG, "Line %d: Invalid "
- "mobility_domain '%s'", line, pos);
- errors++;
- return errors;
- }
- } else if (os_strcmp(buf, "r1_key_holder") == 0) {
- if (os_strlen(pos) != 2 * FT_R1KH_ID_LEN ||
- hexstr2bin(pos, bss->r1_key_holder,
- FT_R1KH_ID_LEN) != 0) {
- wpa_printf(MSG_DEBUG, "Line %d: Invalid "
- "r1_key_holder '%s'", line, pos);
- errors++;
- return errors;
- }
- } else if (os_strcmp(buf, "r0_key_lifetime") == 0) {
- bss->r0_key_lifetime = atoi(pos);
- } else if (os_strcmp(buf, "reassociation_deadline") == 0) {
- bss->reassociation_deadline = atoi(pos);
- } else if (os_strcmp(buf, "r0kh") == 0) {
- if (add_r0kh(bss, pos) < 0) {
- wpa_printf(MSG_DEBUG, "Line %d: Invalid "
- "r0kh '%s'", line, pos);
- errors++;
- return errors;
- }
- } else if (os_strcmp(buf, "r1kh") == 0) {
- if (add_r1kh(bss, pos) < 0) {
- wpa_printf(MSG_DEBUG, "Line %d: Invalid "
- "r1kh '%s'", line, pos);
- errors++;
- return errors;
- }
- } else if (os_strcmp(buf, "pmk_r1_push") == 0) {
- bss->pmk_r1_push = atoi(pos);
- } else if (os_strcmp(buf, "ft_over_ds") == 0) {
- bss->ft_over_ds = atoi(pos);
+ } else if (os_strcmp(buf, "mobility_domain") == 0) {
+ if (os_strlen(pos) != 2 * MOBILITY_DOMAIN_ID_LEN ||
+ hexstr2bin(pos, bss->mobility_domain,
+ MOBILITY_DOMAIN_ID_LEN) != 0) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid mobility_domain '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "r1_key_holder") == 0) {
+ if (os_strlen(pos) != 2 * FT_R1KH_ID_LEN ||
+ hexstr2bin(pos, bss->r1_key_holder, FT_R1KH_ID_LEN) != 0) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid r1_key_holder '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "r0_key_lifetime") == 0) {
+ bss->r0_key_lifetime = atoi(pos);
+ } else if (os_strcmp(buf, "reassociation_deadline") == 0) {
+ bss->reassociation_deadline = atoi(pos);
+ } else if (os_strcmp(buf, "r0kh") == 0) {
+ if (add_r0kh(bss, pos) < 0) {
+ wpa_printf(MSG_DEBUG, "Line %d: Invalid r0kh '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "r1kh") == 0) {
+ if (add_r1kh(bss, pos) < 0) {
+ wpa_printf(MSG_DEBUG, "Line %d: Invalid r1kh '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "pmk_r1_push") == 0) {
+ bss->pmk_r1_push = atoi(pos);
+ } else if (os_strcmp(buf, "ft_over_ds") == 0) {
+ bss->ft_over_ds = atoi(pos);
#endif /* CONFIG_IEEE80211R */
#ifndef CONFIG_NO_CTRL_IFACE
- } else if (os_strcmp(buf, "ctrl_interface") == 0) {
- os_free(bss->ctrl_interface);
- bss->ctrl_interface = os_strdup(pos);
- } else if (os_strcmp(buf, "ctrl_interface_group") == 0) {
+ } else if (os_strcmp(buf, "ctrl_interface") == 0) {
+ os_free(bss->ctrl_interface);
+ bss->ctrl_interface = os_strdup(pos);
+ } else if (os_strcmp(buf, "ctrl_interface_group") == 0) {
#ifndef CONFIG_NATIVE_WINDOWS
- struct group *grp;
- char *endp;
- const char *group = pos;
-
- grp = getgrnam(group);
- if (grp) {
- bss->ctrl_interface_gid = grp->gr_gid;
- bss->ctrl_interface_gid_set = 1;
- wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
- " (from group name '%s')",
- bss->ctrl_interface_gid, group);
- return errors;
- }
+ struct group *grp;
+ char *endp;
+ const char *group = pos;
- /* Group name not found - try to parse this as gid */
- bss->ctrl_interface_gid = strtol(group, &endp, 10);
- if (*group == '\0' || *endp != '\0') {
- wpa_printf(MSG_DEBUG, "Line %d: Invalid group "
- "'%s'", line, group);
- errors++;
- return errors;
- }
+ grp = getgrnam(group);
+ if (grp) {
+ bss->ctrl_interface_gid = grp->gr_gid;
bss->ctrl_interface_gid_set = 1;
- wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
- bss->ctrl_interface_gid);
+ wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d (from group name '%s')",
+ bss->ctrl_interface_gid, group);
+ return 0;
+ }
+
+ /* Group name not found - try to parse this as gid */
+ bss->ctrl_interface_gid = strtol(group, &endp, 10);
+ if (*group == '\0' || *endp != '\0') {
+ wpa_printf(MSG_DEBUG, "Line %d: Invalid group '%s'",
+ line, group);
+ return 1;
+ }
+ bss->ctrl_interface_gid_set = 1;
+ wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
+ bss->ctrl_interface_gid);
#endif /* CONFIG_NATIVE_WINDOWS */
#endif /* CONFIG_NO_CTRL_IFACE */
#ifdef RADIUS_SERVER
- } else if (os_strcmp(buf, "radius_server_clients") == 0) {
- os_free(bss->radius_server_clients);
- bss->radius_server_clients = os_strdup(pos);
- } else if (os_strcmp(buf, "radius_server_auth_port") == 0) {
- bss->radius_server_auth_port = atoi(pos);
- } else if (os_strcmp(buf, "radius_server_ipv6") == 0) {
- bss->radius_server_ipv6 = atoi(pos);
+ } else if (os_strcmp(buf, "radius_server_clients") == 0) {
+ os_free(bss->radius_server_clients);
+ bss->radius_server_clients = os_strdup(pos);
+ } else if (os_strcmp(buf, "radius_server_auth_port") == 0) {
+ bss->radius_server_auth_port = atoi(pos);
+ } else if (os_strcmp(buf, "radius_server_acct_port") == 0) {
+ bss->radius_server_acct_port = atoi(pos);
+ } else if (os_strcmp(buf, "radius_server_ipv6") == 0) {
+ bss->radius_server_ipv6 = atoi(pos);
#endif /* RADIUS_SERVER */
- } else if (os_strcmp(buf, "test_socket") == 0) {
- os_free(bss->test_socket);
- bss->test_socket = os_strdup(pos);
- } else if (os_strcmp(buf, "use_pae_group_addr") == 0) {
- bss->use_pae_group_addr = atoi(pos);
- } else if (os_strcmp(buf, "hw_mode") == 0) {
- if (os_strcmp(pos, "a") == 0)
- conf->hw_mode = HOSTAPD_MODE_IEEE80211A;
- else if (os_strcmp(pos, "b") == 0)
- conf->hw_mode = HOSTAPD_MODE_IEEE80211B;
- else if (os_strcmp(pos, "g") == 0)
- conf->hw_mode = HOSTAPD_MODE_IEEE80211G;
- else if (os_strcmp(pos, "ad") == 0)
- conf->hw_mode = HOSTAPD_MODE_IEEE80211AD;
- else {
- wpa_printf(MSG_ERROR, "Line %d: unknown "
- "hw_mode '%s'", line, pos);
- errors++;
- }
- } else if (os_strcmp(buf, "wps_rf_bands") == 0) {
- if (os_strcmp(pos, "a") == 0)
- bss->wps_rf_bands = WPS_RF_50GHZ;
- else if (os_strcmp(pos, "g") == 0 ||
- os_strcmp(pos, "b") == 0)
- bss->wps_rf_bands = WPS_RF_24GHZ;
- else if (os_strcmp(pos, "ag") == 0 ||
- os_strcmp(pos, "ga") == 0)
- bss->wps_rf_bands =
- WPS_RF_24GHZ | WPS_RF_50GHZ;
- else {
- wpa_printf(MSG_ERROR, "Line %d: unknown "
- "wps_rf_band '%s'", line, pos);
- errors++;
- }
- } else if (os_strcmp(buf, "channel") == 0) {
+ } else if (os_strcmp(buf, "use_pae_group_addr") == 0) {
+ bss->use_pae_group_addr = atoi(pos);
+ } else if (os_strcmp(buf, "hw_mode") == 0) {
+ if (os_strcmp(pos, "a") == 0)
+ conf->hw_mode = HOSTAPD_MODE_IEEE80211A;
+ else if (os_strcmp(pos, "b") == 0)
+ conf->hw_mode = HOSTAPD_MODE_IEEE80211B;
+ else if (os_strcmp(pos, "g") == 0)
+ conf->hw_mode = HOSTAPD_MODE_IEEE80211G;
+ else if (os_strcmp(pos, "ad") == 0)
+ conf->hw_mode = HOSTAPD_MODE_IEEE80211AD;
+ else {
+ wpa_printf(MSG_ERROR, "Line %d: unknown hw_mode '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "wps_rf_bands") == 0) {
+ if (os_strcmp(pos, "a") == 0)
+ bss->wps_rf_bands = WPS_RF_50GHZ;
+ else if (os_strcmp(pos, "g") == 0 ||
+ os_strcmp(pos, "b") == 0)
+ bss->wps_rf_bands = WPS_RF_24GHZ;
+ else if (os_strcmp(pos, "ag") == 0 ||
+ os_strcmp(pos, "ga") == 0)
+ bss->wps_rf_bands = WPS_RF_24GHZ | WPS_RF_50GHZ;
+ else {
+ wpa_printf(MSG_ERROR,
+ "Line %d: unknown wps_rf_band '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "channel") == 0) {
+ if (os_strcmp(pos, "acs_survey") == 0) {
+#ifndef CONFIG_ACS
+ wpa_printf(MSG_ERROR, "Line %d: tries to enable ACS but CONFIG_ACS disabled",
+ line);
+ return 1;
+#else /* CONFIG_ACS */
+ conf->channel = 0;
+#endif /* CONFIG_ACS */
+ } else
conf->channel = atoi(pos);
- } else if (os_strcmp(buf, "beacon_int") == 0) {
- int val = atoi(pos);
- /* MIB defines range as 1..65535, but very small values
- * cause problems with the current implementation.
- * Since it is unlikely that this small numbers are
- * useful in real life scenarios, do not allow beacon
- * period to be set below 15 TU. */
- if (val < 15 || val > 65535) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "beacon_int %d (expected "
- "15..65535)", line, val);
- errors++;
- } else
- conf->beacon_int = val;
- } else if (os_strcmp(buf, "dtim_period") == 0) {
- bss->dtim_period = atoi(pos);
- if (bss->dtim_period < 1 || bss->dtim_period > 255) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "dtim_period %d",
- line, bss->dtim_period);
- errors++;
- }
- } else if (os_strcmp(buf, "rts_threshold") == 0) {
- conf->rts_threshold = atoi(pos);
- if (conf->rts_threshold < 0 ||
- conf->rts_threshold > 2347) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "rts_threshold %d",
- line, conf->rts_threshold);
- errors++;
- }
- } else if (os_strcmp(buf, "fragm_threshold") == 0) {
- conf->fragm_threshold = atoi(pos);
- if (conf->fragm_threshold < 256 ||
- conf->fragm_threshold > 2346) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "fragm_threshold %d",
- line, conf->fragm_threshold);
- errors++;
- }
- } else if (os_strcmp(buf, "send_probe_response") == 0) {
- int val = atoi(pos);
- if (val != 0 && val != 1) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "send_probe_response %d (expected "
- "0 or 1)", line, val);
- } else
- conf->send_probe_response = val;
- } else if (os_strcmp(buf, "supported_rates") == 0) {
- if (hostapd_parse_rates(&conf->supported_rates, pos)) {
- wpa_printf(MSG_ERROR, "Line %d: invalid rate "
- "list", line);
- errors++;
- }
- } else if (os_strcmp(buf, "basic_rates") == 0) {
- if (hostapd_parse_rates(&conf->basic_rates, pos)) {
- wpa_printf(MSG_ERROR, "Line %d: invalid rate "
- "list", line);
- errors++;
- }
- } else if (os_strcmp(buf, "preamble") == 0) {
- if (atoi(pos))
- conf->preamble = SHORT_PREAMBLE;
- else
- conf->preamble = LONG_PREAMBLE;
- } else if (os_strcmp(buf, "ignore_broadcast_ssid") == 0) {
- bss->ignore_broadcast_ssid = atoi(pos);
- } else if (os_strcmp(buf, "wep_default_key") == 0) {
- bss->ssid.wep.idx = atoi(pos);
- if (bss->ssid.wep.idx > 3) {
- wpa_printf(MSG_ERROR, "Invalid "
- "wep_default_key index %d",
- bss->ssid.wep.idx);
- errors++;
- }
- } else if (os_strcmp(buf, "wep_key0") == 0 ||
- os_strcmp(buf, "wep_key1") == 0 ||
- os_strcmp(buf, "wep_key2") == 0 ||
- os_strcmp(buf, "wep_key3") == 0) {
- if (hostapd_config_read_wep(&bss->ssid.wep,
- buf[7] - '0', pos)) {
- wpa_printf(MSG_ERROR, "Line %d: invalid WEP "
- "key '%s'", line, buf);
- errors++;
- }
+ } else if (os_strcmp(buf, "chanlist") == 0) {
+ if (hostapd_parse_intlist(&conf->chanlist, pos)) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid channel list",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "beacon_int") == 0) {
+ int val = atoi(pos);
+ /* MIB defines range as 1..65535, but very small values
+ * cause problems with the current implementation.
+ * Since it is unlikely that this small numbers are
+ * useful in real life scenarios, do not allow beacon
+ * period to be set below 15 TU. */
+ if (val < 15 || val > 65535) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid beacon_int %d (expected 15..65535)",
+ line, val);
+ return 1;
+ }
+ conf->beacon_int = val;
+#ifdef CONFIG_ACS
+ } else if (os_strcmp(buf, "acs_num_scans") == 0) {
+ int val = atoi(pos);
+ if (val <= 0 || val > 100) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid acs_num_scans %d (expected 1..100)",
+ line, val);
+ return 1;
+ }
+ conf->acs_num_scans = val;
+ } else if (os_strcmp(buf, "acs_chan_bias") == 0) {
+ if (hostapd_config_parse_acs_chan_bias(conf, pos)) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid acs_chan_bias",
+ line);
+ return -1;
+ }
+#endif /* CONFIG_ACS */
+ } else if (os_strcmp(buf, "dtim_period") == 0) {
+ bss->dtim_period = atoi(pos);
+ if (bss->dtim_period < 1 || bss->dtim_period > 255) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid dtim_period %d",
+ line, bss->dtim_period);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "bss_load_update_period") == 0) {
+ bss->bss_load_update_period = atoi(pos);
+ if (bss->bss_load_update_period < 0 ||
+ bss->bss_load_update_period > 100) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid bss_load_update_period %d",
+ line, bss->bss_load_update_period);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "rts_threshold") == 0) {
+ conf->rts_threshold = atoi(pos);
+ if (conf->rts_threshold < 0 || conf->rts_threshold > 2347) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid rts_threshold %d",
+ line, conf->rts_threshold);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "fragm_threshold") == 0) {
+ conf->fragm_threshold = atoi(pos);
+ if (conf->fragm_threshold < 256 ||
+ conf->fragm_threshold > 2346) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid fragm_threshold %d",
+ line, conf->fragm_threshold);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "send_probe_response") == 0) {
+ int val = atoi(pos);
+ if (val != 0 && val != 1) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid send_probe_response %d (expected 0 or 1)",
+ line, val);
+ return 1;
+ }
+ conf->send_probe_response = val;
+ } else if (os_strcmp(buf, "supported_rates") == 0) {
+ if (hostapd_parse_intlist(&conf->supported_rates, pos)) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid rate list",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "basic_rates") == 0) {
+ if (hostapd_parse_intlist(&conf->basic_rates, pos)) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid rate list",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "preamble") == 0) {
+ if (atoi(pos))
+ conf->preamble = SHORT_PREAMBLE;
+ else
+ conf->preamble = LONG_PREAMBLE;
+ } else if (os_strcmp(buf, "ignore_broadcast_ssid") == 0) {
+ bss->ignore_broadcast_ssid = atoi(pos);
+ } else if (os_strcmp(buf, "wep_default_key") == 0) {
+ bss->ssid.wep.idx = atoi(pos);
+ if (bss->ssid.wep.idx > 3) {
+ wpa_printf(MSG_ERROR,
+ "Invalid wep_default_key index %d",
+ bss->ssid.wep.idx);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "wep_key0") == 0 ||
+ os_strcmp(buf, "wep_key1") == 0 ||
+ os_strcmp(buf, "wep_key2") == 0 ||
+ os_strcmp(buf, "wep_key3") == 0) {
+ if (hostapd_config_read_wep(&bss->ssid.wep,
+ buf[7] - '0', pos)) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid WEP key '%s'",
+ line, buf);
+ return 1;
+ }
#ifndef CONFIG_NO_VLAN
- } else if (os_strcmp(buf, "dynamic_vlan") == 0) {
- bss->ssid.dynamic_vlan = atoi(pos);
- } else if (os_strcmp(buf, "vlan_file") == 0) {
- if (hostapd_config_read_vlan_file(bss, pos)) {
- wpa_printf(MSG_ERROR, "Line %d: failed to "
- "read VLAN file '%s'", line, pos);
- errors++;
- }
- } else if (os_strcmp(buf, "vlan_naming") == 0) {
- bss->ssid.vlan_naming = atoi(pos);
- if (bss->ssid.vlan_naming >= DYNAMIC_VLAN_NAMING_END ||
- bss->ssid.vlan_naming < 0) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "naming scheme %d", line,
- bss->ssid.vlan_naming);
- errors++;
- }
+ } else if (os_strcmp(buf, "dynamic_vlan") == 0) {
+ bss->ssid.dynamic_vlan = atoi(pos);
+ } else if (os_strcmp(buf, "vlan_file") == 0) {
+ if (hostapd_config_read_vlan_file(bss, pos)) {
+ wpa_printf(MSG_ERROR, "Line %d: failed to read VLAN file '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "vlan_naming") == 0) {
+ bss->ssid.vlan_naming = atoi(pos);
+ if (bss->ssid.vlan_naming >= DYNAMIC_VLAN_NAMING_END ||
+ bss->ssid.vlan_naming < 0) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid naming scheme %d",
+ line, bss->ssid.vlan_naming);
+ return 1;
+ }
#ifdef CONFIG_FULL_DYNAMIC_VLAN
- } else if (os_strcmp(buf, "vlan_tagged_interface") == 0) {
- bss->ssid.vlan_tagged_interface = os_strdup(pos);
+ } else if (os_strcmp(buf, "vlan_tagged_interface") == 0) {
+ os_free(bss->ssid.vlan_tagged_interface);
+ bss->ssid.vlan_tagged_interface = os_strdup(pos);
#endif /* CONFIG_FULL_DYNAMIC_VLAN */
#endif /* CONFIG_NO_VLAN */
- } else if (os_strcmp(buf, "ap_table_max_size") == 0) {
- conf->ap_table_max_size = atoi(pos);
- } else if (os_strcmp(buf, "ap_table_expiration_time") == 0) {
- conf->ap_table_expiration_time = atoi(pos);
- } else if (os_strncmp(buf, "tx_queue_", 9) == 0) {
- if (hostapd_config_tx_queue(conf, buf, pos)) {
- wpa_printf(MSG_ERROR, "Line %d: invalid TX "
- "queue item", line);
- errors++;
- }
- } else if (os_strcmp(buf, "wme_enabled") == 0 ||
- os_strcmp(buf, "wmm_enabled") == 0) {
- bss->wmm_enabled = atoi(pos);
- } else if (os_strcmp(buf, "uapsd_advertisement_enabled") == 0) {
- bss->wmm_uapsd = atoi(pos);
- } else if (os_strncmp(buf, "wme_ac_", 7) == 0 ||
- os_strncmp(buf, "wmm_ac_", 7) == 0) {
- if (hostapd_config_wmm_ac(conf->wmm_ac_params, buf,
- pos)) {
- wpa_printf(MSG_ERROR, "Line %d: invalid WMM "
- "ac item", line);
- errors++;
- }
- } else if (os_strcmp(buf, "bss") == 0) {
- if (hostapd_config_bss(conf, pos)) {
- wpa_printf(MSG_ERROR, "Line %d: invalid bss "
- "item", line);
- errors++;
- }
- } else if (os_strcmp(buf, "bssid") == 0) {
- if (hwaddr_aton(pos, bss->bssid)) {
- wpa_printf(MSG_ERROR, "Line %d: invalid bssid "
- "item", line);
- errors++;
- }
+ } else if (os_strcmp(buf, "ap_table_max_size") == 0) {
+ conf->ap_table_max_size = atoi(pos);
+ } else if (os_strcmp(buf, "ap_table_expiration_time") == 0) {
+ conf->ap_table_expiration_time = atoi(pos);
+ } else if (os_strncmp(buf, "tx_queue_", 9) == 0) {
+ if (hostapd_config_tx_queue(conf, buf, pos)) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid TX queue item",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "wme_enabled") == 0 ||
+ os_strcmp(buf, "wmm_enabled") == 0) {
+ bss->wmm_enabled = atoi(pos);
+ } else if (os_strcmp(buf, "uapsd_advertisement_enabled") == 0) {
+ bss->wmm_uapsd = atoi(pos);
+ } else if (os_strncmp(buf, "wme_ac_", 7) == 0 ||
+ os_strncmp(buf, "wmm_ac_", 7) == 0) {
+ if (hostapd_config_wmm_ac(conf->wmm_ac_params, buf, pos)) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid WMM ac item",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "bss") == 0) {
+ if (hostapd_config_bss(conf, pos)) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid bss item",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "bssid") == 0) {
+ if (hwaddr_aton(pos, bss->bssid)) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid bssid item",
+ line);
+ return 1;
+ }
#ifdef CONFIG_IEEE80211W
- } else if (os_strcmp(buf, "ieee80211w") == 0) {
- bss->ieee80211w = atoi(pos);
- } else if (os_strcmp(buf, "assoc_sa_query_max_timeout") == 0) {
- bss->assoc_sa_query_max_timeout = atoi(pos);
- if (bss->assoc_sa_query_max_timeout == 0) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "assoc_sa_query_max_timeout", line);
- errors++;
- }
- } else if (os_strcmp(buf, "assoc_sa_query_retry_timeout") == 0)
- {
- bss->assoc_sa_query_retry_timeout = atoi(pos);
- if (bss->assoc_sa_query_retry_timeout == 0) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "assoc_sa_query_retry_timeout",
- line);
- errors++;
- }
+ } else if (os_strcmp(buf, "ieee80211w") == 0) {
+ bss->ieee80211w = atoi(pos);
+ } else if (os_strcmp(buf, "group_mgmt_cipher") == 0) {
+ if (os_strcmp(pos, "AES-128-CMAC") == 0) {
+ bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
+ } else if (os_strcmp(pos, "BIP-GMAC-128") == 0) {
+ bss->group_mgmt_cipher = WPA_CIPHER_BIP_GMAC_128;
+ } else if (os_strcmp(pos, "BIP-GMAC-256") == 0) {
+ bss->group_mgmt_cipher = WPA_CIPHER_BIP_GMAC_256;
+ } else if (os_strcmp(pos, "BIP-CMAC-256") == 0) {
+ bss->group_mgmt_cipher = WPA_CIPHER_BIP_CMAC_256;
+ } else {
+ wpa_printf(MSG_ERROR, "Line %d: invalid group_mgmt_cipher: %s",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "assoc_sa_query_max_timeout") == 0) {
+ bss->assoc_sa_query_max_timeout = atoi(pos);
+ if (bss->assoc_sa_query_max_timeout == 0) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid assoc_sa_query_max_timeout",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "assoc_sa_query_retry_timeout") == 0) {
+ bss->assoc_sa_query_retry_timeout = atoi(pos);
+ if (bss->assoc_sa_query_retry_timeout == 0) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid assoc_sa_query_retry_timeout",
+ line);
+ return 1;
+ }
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_IEEE80211N
- } else if (os_strcmp(buf, "ieee80211n") == 0) {
- conf->ieee80211n = atoi(pos);
- } else if (os_strcmp(buf, "ht_capab") == 0) {
- if (hostapd_config_ht_capab(conf, pos) < 0) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "ht_capab", line);
- errors++;
- }
- } else if (os_strcmp(buf, "require_ht") == 0) {
- conf->require_ht = atoi(pos);
+ } else if (os_strcmp(buf, "ieee80211n") == 0) {
+ conf->ieee80211n = atoi(pos);
+ } else if (os_strcmp(buf, "ht_capab") == 0) {
+ if (hostapd_config_ht_capab(conf, pos) < 0) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid ht_capab",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "require_ht") == 0) {
+ conf->require_ht = atoi(pos);
+ } else if (os_strcmp(buf, "obss_interval") == 0) {
+ conf->obss_interval = atoi(pos);
#endif /* CONFIG_IEEE80211N */
#ifdef CONFIG_IEEE80211AC
- } else if (os_strcmp(buf, "ieee80211ac") == 0) {
- conf->ieee80211ac = atoi(pos);
- } else if (os_strcmp(buf, "vht_capab") == 0) {
- if (hostapd_config_vht_capab(conf, pos) < 0) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "vht_capab", line);
- errors++;
- }
- } else if (os_strcmp(buf, "require_vht") == 0) {
- conf->require_vht = atoi(pos);
- } else if (os_strcmp(buf, "vht_oper_chwidth") == 0) {
- conf->vht_oper_chwidth = atoi(pos);
- } else if (os_strcmp(buf, "vht_oper_centr_freq_seg0_idx") == 0)
- {
- conf->vht_oper_centr_freq_seg0_idx = atoi(pos);
- } else if (os_strcmp(buf, "vht_oper_centr_freq_seg1_idx") == 0)
- {
- conf->vht_oper_centr_freq_seg1_idx = atoi(pos);
+ } else if (os_strcmp(buf, "ieee80211ac") == 0) {
+ conf->ieee80211ac = atoi(pos);
+ } else if (os_strcmp(buf, "vht_capab") == 0) {
+ if (hostapd_config_vht_capab(conf, pos) < 0) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid vht_capab",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "require_vht") == 0) {
+ conf->require_vht = atoi(pos);
+ } else if (os_strcmp(buf, "vht_oper_chwidth") == 0) {
+ conf->vht_oper_chwidth = atoi(pos);
+ } else if (os_strcmp(buf, "vht_oper_centr_freq_seg0_idx") == 0) {
+ conf->vht_oper_centr_freq_seg0_idx = atoi(pos);
+ } else if (os_strcmp(buf, "vht_oper_centr_freq_seg1_idx") == 0) {
+ conf->vht_oper_centr_freq_seg1_idx = atoi(pos);
+ } else if (os_strcmp(buf, "vendor_vht") == 0) {
+ bss->vendor_vht = atoi(pos);
#endif /* CONFIG_IEEE80211AC */
- } else if (os_strcmp(buf, "max_listen_interval") == 0) {
- bss->max_listen_interval = atoi(pos);
- } else if (os_strcmp(buf, "disable_pmksa_caching") == 0) {
- bss->disable_pmksa_caching = atoi(pos);
- } else if (os_strcmp(buf, "okc") == 0) {
- bss->okc = atoi(pos);
+ } else if (os_strcmp(buf, "max_listen_interval") == 0) {
+ bss->max_listen_interval = atoi(pos);
+ } else if (os_strcmp(buf, "disable_pmksa_caching") == 0) {
+ bss->disable_pmksa_caching = atoi(pos);
+ } else if (os_strcmp(buf, "okc") == 0) {
+ bss->okc = atoi(pos);
#ifdef CONFIG_WPS
- } else if (os_strcmp(buf, "wps_state") == 0) {
- bss->wps_state = atoi(pos);
- if (bss->wps_state < 0 || bss->wps_state > 2) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "wps_state", line);
- errors++;
- }
- } else if (os_strcmp(buf, "ap_setup_locked") == 0) {
- bss->ap_setup_locked = atoi(pos);
- } else if (os_strcmp(buf, "uuid") == 0) {
- if (uuid_str2bin(pos, bss->uuid)) {
- wpa_printf(MSG_ERROR, "Line %d: invalid UUID",
- line);
- errors++;
- }
- } else if (os_strcmp(buf, "wps_pin_requests") == 0) {
- os_free(bss->wps_pin_requests);
- bss->wps_pin_requests = os_strdup(pos);
- } else if (os_strcmp(buf, "device_name") == 0) {
- if (os_strlen(pos) > 32) {
- wpa_printf(MSG_ERROR, "Line %d: Too long "
- "device_name", line);
- errors++;
- }
- os_free(bss->device_name);
- bss->device_name = os_strdup(pos);
- } else if (os_strcmp(buf, "manufacturer") == 0) {
- if (os_strlen(pos) > 64) {
- wpa_printf(MSG_ERROR, "Line %d: Too long "
- "manufacturer", line);
- errors++;
- }
- os_free(bss->manufacturer);
- bss->manufacturer = os_strdup(pos);
- } else if (os_strcmp(buf, "model_name") == 0) {
- if (os_strlen(pos) > 32) {
- wpa_printf(MSG_ERROR, "Line %d: Too long "
- "model_name", line);
- errors++;
- }
- os_free(bss->model_name);
- bss->model_name = os_strdup(pos);
- } else if (os_strcmp(buf, "model_number") == 0) {
- if (os_strlen(pos) > 32) {
- wpa_printf(MSG_ERROR, "Line %d: Too long "
- "model_number", line);
- errors++;
- }
- os_free(bss->model_number);
- bss->model_number = os_strdup(pos);
- } else if (os_strcmp(buf, "serial_number") == 0) {
- if (os_strlen(pos) > 32) {
- wpa_printf(MSG_ERROR, "Line %d: Too long "
- "serial_number", line);
- errors++;
- }
- os_free(bss->serial_number);
- bss->serial_number = os_strdup(pos);
- } else if (os_strcmp(buf, "device_type") == 0) {
- if (wps_dev_type_str2bin(pos, bss->device_type))
- errors++;
- } else if (os_strcmp(buf, "config_methods") == 0) {
- os_free(bss->config_methods);
- bss->config_methods = os_strdup(pos);
- } else if (os_strcmp(buf, "os_version") == 0) {
- if (hexstr2bin(pos, bss->os_version, 4)) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "os_version", line);
- errors++;
- }
- } else if (os_strcmp(buf, "ap_pin") == 0) {
- os_free(bss->ap_pin);
- bss->ap_pin = os_strdup(pos);
- } else if (os_strcmp(buf, "skip_cred_build") == 0) {
- bss->skip_cred_build = atoi(pos);
- } else if (os_strcmp(buf, "extra_cred") == 0) {
- os_free(bss->extra_cred);
- bss->extra_cred =
- (u8 *) os_readfile(pos, &bss->extra_cred_len);
- if (bss->extra_cred == NULL) {
- wpa_printf(MSG_ERROR, "Line %d: could not "
- "read Credentials from '%s'",
- line, pos);
- errors++;
- }
- } else if (os_strcmp(buf, "wps_cred_processing") == 0) {
- bss->wps_cred_processing = atoi(pos);
- } else if (os_strcmp(buf, "ap_settings") == 0) {
- os_free(bss->ap_settings);
- bss->ap_settings =
- (u8 *) os_readfile(pos, &bss->ap_settings_len);
- if (bss->ap_settings == NULL) {
- wpa_printf(MSG_ERROR, "Line %d: could not "
- "read AP Settings from '%s'",
- line, pos);
- errors++;
- }
- } else if (os_strcmp(buf, "upnp_iface") == 0) {
- bss->upnp_iface = os_strdup(pos);
- } else if (os_strcmp(buf, "friendly_name") == 0) {
- os_free(bss->friendly_name);
- bss->friendly_name = os_strdup(pos);
- } else if (os_strcmp(buf, "manufacturer_url") == 0) {
- os_free(bss->manufacturer_url);
- bss->manufacturer_url = os_strdup(pos);
- } else if (os_strcmp(buf, "model_description") == 0) {
- os_free(bss->model_description);
- bss->model_description = os_strdup(pos);
- } else if (os_strcmp(buf, "model_url") == 0) {
- os_free(bss->model_url);
- bss->model_url = os_strdup(pos);
- } else if (os_strcmp(buf, "upc") == 0) {
- os_free(bss->upc);
- bss->upc = os_strdup(pos);
- } else if (os_strcmp(buf, "pbc_in_m1") == 0) {
- bss->pbc_in_m1 = atoi(pos);
+ } else if (os_strcmp(buf, "wps_state") == 0) {
+ bss->wps_state = atoi(pos);
+ if (bss->wps_state < 0 || bss->wps_state > 2) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid wps_state",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "wps_independent") == 0) {
+ bss->wps_independent = atoi(pos);
+ } else if (os_strcmp(buf, "ap_setup_locked") == 0) {
+ bss->ap_setup_locked = atoi(pos);
+ } else if (os_strcmp(buf, "uuid") == 0) {
+ if (uuid_str2bin(pos, bss->uuid)) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid UUID", line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "wps_pin_requests") == 0) {
+ os_free(bss->wps_pin_requests);
+ bss->wps_pin_requests = os_strdup(pos);
+ } else if (os_strcmp(buf, "device_name") == 0) {
+ if (os_strlen(pos) > 32) {
+ wpa_printf(MSG_ERROR, "Line %d: Too long "
+ "device_name", line);
+ return 1;
+ }
+ os_free(bss->device_name);
+ bss->device_name = os_strdup(pos);
+ } else if (os_strcmp(buf, "manufacturer") == 0) {
+ if (os_strlen(pos) > 64) {
+ wpa_printf(MSG_ERROR, "Line %d: Too long manufacturer",
+ line);
+ return 1;
+ }
+ os_free(bss->manufacturer);
+ bss->manufacturer = os_strdup(pos);
+ } else if (os_strcmp(buf, "model_name") == 0) {
+ if (os_strlen(pos) > 32) {
+ wpa_printf(MSG_ERROR, "Line %d: Too long model_name",
+ line);
+ return 1;
+ }
+ os_free(bss->model_name);
+ bss->model_name = os_strdup(pos);
+ } else if (os_strcmp(buf, "model_number") == 0) {
+ if (os_strlen(pos) > 32) {
+ wpa_printf(MSG_ERROR, "Line %d: Too long model_number",
+ line);
+ return 1;
+ }
+ os_free(bss->model_number);
+ bss->model_number = os_strdup(pos);
+ } else if (os_strcmp(buf, "serial_number") == 0) {
+ if (os_strlen(pos) > 32) {
+ wpa_printf(MSG_ERROR, "Line %d: Too long serial_number",
+ line);
+ return 1;
+ }
+ os_free(bss->serial_number);
+ bss->serial_number = os_strdup(pos);
+ } else if (os_strcmp(buf, "device_type") == 0) {
+ if (wps_dev_type_str2bin(pos, bss->device_type))
+ return 1;
+ } else if (os_strcmp(buf, "config_methods") == 0) {
+ os_free(bss->config_methods);
+ bss->config_methods = os_strdup(pos);
+ } else if (os_strcmp(buf, "os_version") == 0) {
+ if (hexstr2bin(pos, bss->os_version, 4)) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid os_version",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "ap_pin") == 0) {
+ os_free(bss->ap_pin);
+ bss->ap_pin = os_strdup(pos);
+ } else if (os_strcmp(buf, "skip_cred_build") == 0) {
+ bss->skip_cred_build = atoi(pos);
+ } else if (os_strcmp(buf, "extra_cred") == 0) {
+ os_free(bss->extra_cred);
+ bss->extra_cred = (u8 *) os_readfile(pos, &bss->extra_cred_len);
+ if (bss->extra_cred == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: could not read Credentials from '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "wps_cred_processing") == 0) {
+ bss->wps_cred_processing = atoi(pos);
+ } else if (os_strcmp(buf, "ap_settings") == 0) {
+ os_free(bss->ap_settings);
+ bss->ap_settings =
+ (u8 *) os_readfile(pos, &bss->ap_settings_len);
+ if (bss->ap_settings == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: could not read AP Settings from '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "upnp_iface") == 0) {
+ os_free(bss->upnp_iface);
+ bss->upnp_iface = os_strdup(pos);
+ } else if (os_strcmp(buf, "friendly_name") == 0) {
+ os_free(bss->friendly_name);
+ bss->friendly_name = os_strdup(pos);
+ } else if (os_strcmp(buf, "manufacturer_url") == 0) {
+ os_free(bss->manufacturer_url);
+ bss->manufacturer_url = os_strdup(pos);
+ } else if (os_strcmp(buf, "model_description") == 0) {
+ os_free(bss->model_description);
+ bss->model_description = os_strdup(pos);
+ } else if (os_strcmp(buf, "model_url") == 0) {
+ os_free(bss->model_url);
+ bss->model_url = os_strdup(pos);
+ } else if (os_strcmp(buf, "upc") == 0) {
+ os_free(bss->upc);
+ bss->upc = os_strdup(pos);
+ } else if (os_strcmp(buf, "pbc_in_m1") == 0) {
+ bss->pbc_in_m1 = atoi(pos);
+ } else if (os_strcmp(buf, "server_id") == 0) {
+ os_free(bss->server_id);
+ bss->server_id = os_strdup(pos);
#ifdef CONFIG_WPS_NFC
- } else if (os_strcmp(buf, "wps_nfc_dev_pw_id") == 0) {
- bss->wps_nfc_dev_pw_id = atoi(pos);
- if (bss->wps_nfc_dev_pw_id < 0x10 ||
- bss->wps_nfc_dev_pw_id > 0xffff) {
- wpa_printf(MSG_ERROR, "Line %d: Invalid "
- "wps_nfc_dev_pw_id value", line);
- errors++;
- }
- } else if (os_strcmp(buf, "wps_nfc_dh_pubkey") == 0) {
- wpabuf_free(bss->wps_nfc_dh_pubkey);
- bss->wps_nfc_dh_pubkey = hostapd_parse_bin(pos);
- } else if (os_strcmp(buf, "wps_nfc_dh_privkey") == 0) {
- wpabuf_free(bss->wps_nfc_dh_privkey);
- bss->wps_nfc_dh_privkey = hostapd_parse_bin(pos);
- } else if (os_strcmp(buf, "wps_nfc_dev_pw") == 0) {
- wpabuf_free(bss->wps_nfc_dev_pw);
- bss->wps_nfc_dev_pw = hostapd_parse_bin(pos);
+ } else if (os_strcmp(buf, "wps_nfc_dev_pw_id") == 0) {
+ bss->wps_nfc_dev_pw_id = atoi(pos);
+ if (bss->wps_nfc_dev_pw_id < 0x10 ||
+ bss->wps_nfc_dev_pw_id > 0xffff) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid wps_nfc_dev_pw_id value",
+ line);
+ return 1;
+ }
+ bss->wps_nfc_pw_from_config = 1;
+ } else if (os_strcmp(buf, "wps_nfc_dh_pubkey") == 0) {
+ wpabuf_free(bss->wps_nfc_dh_pubkey);
+ bss->wps_nfc_dh_pubkey = hostapd_parse_bin(pos);
+ bss->wps_nfc_pw_from_config = 1;
+ } else if (os_strcmp(buf, "wps_nfc_dh_privkey") == 0) {
+ wpabuf_free(bss->wps_nfc_dh_privkey);
+ bss->wps_nfc_dh_privkey = hostapd_parse_bin(pos);
+ bss->wps_nfc_pw_from_config = 1;
+ } else if (os_strcmp(buf, "wps_nfc_dev_pw") == 0) {
+ wpabuf_free(bss->wps_nfc_dev_pw);
+ bss->wps_nfc_dev_pw = hostapd_parse_bin(pos);
+ bss->wps_nfc_pw_from_config = 1;
#endif /* CONFIG_WPS_NFC */
#endif /* CONFIG_WPS */
#ifdef CONFIG_P2P_MANAGER
- } else if (os_strcmp(buf, "manage_p2p") == 0) {
- int manage = atoi(pos);
- if (manage)
- bss->p2p |= P2P_MANAGE;
- else
- bss->p2p &= ~P2P_MANAGE;
- } else if (os_strcmp(buf, "allow_cross_connection") == 0) {
- if (atoi(pos))
- bss->p2p |= P2P_ALLOW_CROSS_CONNECTION;
- else
- bss->p2p &= ~P2P_ALLOW_CROSS_CONNECTION;
+ } else if (os_strcmp(buf, "manage_p2p") == 0) {
+ if (atoi(pos))
+ bss->p2p |= P2P_MANAGE;
+ else
+ bss->p2p &= ~P2P_MANAGE;
+ } else if (os_strcmp(buf, "allow_cross_connection") == 0) {
+ if (atoi(pos))
+ bss->p2p |= P2P_ALLOW_CROSS_CONNECTION;
+ else
+ bss->p2p &= ~P2P_ALLOW_CROSS_CONNECTION;
#endif /* CONFIG_P2P_MANAGER */
- } else if (os_strcmp(buf, "disassoc_low_ack") == 0) {
- bss->disassoc_low_ack = atoi(pos);
- } else if (os_strcmp(buf, "tdls_prohibit") == 0) {
- int val = atoi(pos);
- if (val)
- bss->tdls |= TDLS_PROHIBIT;
- else
- bss->tdls &= ~TDLS_PROHIBIT;
- } else if (os_strcmp(buf, "tdls_prohibit_chan_switch") == 0) {
- int val = atoi(pos);
- if (val)
- bss->tdls |= TDLS_PROHIBIT_CHAN_SWITCH;
- else
- bss->tdls &= ~TDLS_PROHIBIT_CHAN_SWITCH;
+ } else if (os_strcmp(buf, "disassoc_low_ack") == 0) {
+ bss->disassoc_low_ack = atoi(pos);
+ } else if (os_strcmp(buf, "tdls_prohibit") == 0) {
+ if (atoi(pos))
+ bss->tdls |= TDLS_PROHIBIT;
+ else
+ bss->tdls &= ~TDLS_PROHIBIT;
+ } else if (os_strcmp(buf, "tdls_prohibit_chan_switch") == 0) {
+ if (atoi(pos))
+ bss->tdls |= TDLS_PROHIBIT_CHAN_SWITCH;
+ else
+ bss->tdls &= ~TDLS_PROHIBIT_CHAN_SWITCH;
#ifdef CONFIG_RSN_TESTING
- } else if (os_strcmp(buf, "rsn_testing") == 0) {
- extern int rsn_testing;
- rsn_testing = atoi(pos);
+ } else if (os_strcmp(buf, "rsn_testing") == 0) {
+ extern int rsn_testing;
+ rsn_testing = atoi(pos);
#endif /* CONFIG_RSN_TESTING */
- } else if (os_strcmp(buf, "time_advertisement") == 0) {
- bss->time_advertisement = atoi(pos);
- } else if (os_strcmp(buf, "time_zone") == 0) {
- size_t tz_len = os_strlen(pos);
- if (tz_len < 4 || tz_len > 255) {
- wpa_printf(MSG_DEBUG, "Line %d: invalid "
- "time_zone", line);
- errors++;
- return errors;
- }
- os_free(bss->time_zone);
- bss->time_zone = os_strdup(pos);
- if (bss->time_zone == NULL)
- errors++;
+ } else if (os_strcmp(buf, "time_advertisement") == 0) {
+ bss->time_advertisement = atoi(pos);
+ } else if (os_strcmp(buf, "time_zone") == 0) {
+ size_t tz_len = os_strlen(pos);
+ if (tz_len < 4 || tz_len > 255) {
+ wpa_printf(MSG_DEBUG, "Line %d: invalid time_zone",
+ line);
+ return 1;
+ }
+ os_free(bss->time_zone);
+ bss->time_zone = os_strdup(pos);
+ if (bss->time_zone == NULL)
+ return 1;
#ifdef CONFIG_WNM
- } else if (os_strcmp(buf, "wnm_sleep_mode") == 0) {
- bss->wnm_sleep_mode = atoi(pos);
- } else if (os_strcmp(buf, "bss_transition") == 0) {
- bss->bss_transition = atoi(pos);
+ } else if (os_strcmp(buf, "wnm_sleep_mode") == 0) {
+ bss->wnm_sleep_mode = atoi(pos);
+ } else if (os_strcmp(buf, "bss_transition") == 0) {
+ bss->bss_transition = atoi(pos);
#endif /* CONFIG_WNM */
#ifdef CONFIG_INTERWORKING
- } else if (os_strcmp(buf, "interworking") == 0) {
- bss->interworking = atoi(pos);
- } else if (os_strcmp(buf, "access_network_type") == 0) {
- bss->access_network_type = atoi(pos);
- if (bss->access_network_type < 0 ||
- bss->access_network_type > 15) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "access_network_type", line);
- errors++;
- }
- } else if (os_strcmp(buf, "internet") == 0) {
- bss->internet = atoi(pos);
- } else if (os_strcmp(buf, "asra") == 0) {
- bss->asra = atoi(pos);
- } else if (os_strcmp(buf, "esr") == 0) {
- bss->esr = atoi(pos);
- } else if (os_strcmp(buf, "uesa") == 0) {
- bss->uesa = atoi(pos);
- } else if (os_strcmp(buf, "venue_group") == 0) {
- bss->venue_group = atoi(pos);
- bss->venue_info_set = 1;
- } else if (os_strcmp(buf, "venue_type") == 0) {
- bss->venue_type = atoi(pos);
- bss->venue_info_set = 1;
- } else if (os_strcmp(buf, "hessid") == 0) {
- if (hwaddr_aton(pos, bss->hessid)) {
- wpa_printf(MSG_ERROR, "Line %d: invalid "
- "hessid", line);
- errors++;
- }
- } else if (os_strcmp(buf, "roaming_consortium") == 0) {
- if (parse_roaming_consortium(bss, pos, line) < 0)
- errors++;
- } else if (os_strcmp(buf, "venue_name") == 0) {
- if (parse_venue_name(bss, pos, line) < 0)
- errors++;
- } else if (os_strcmp(buf, "network_auth_type") == 0) {
- u8 auth_type;
- u16 redirect_url_len;
- if (hexstr2bin(pos, &auth_type, 1)) {
- wpa_printf(MSG_ERROR, "Line %d: Invalid "
- "network_auth_type '%s'",
- line, pos);
- errors++;
- return errors;
- }
- if (auth_type == 0 || auth_type == 2)
- redirect_url_len = os_strlen(pos + 2);
- else
- redirect_url_len = 0;
- os_free(bss->network_auth_type);
- bss->network_auth_type =
- os_malloc(redirect_url_len + 3 + 1);
- if (bss->network_auth_type == NULL) {
- errors++;
- return errors;
- }
- *bss->network_auth_type = auth_type;
- WPA_PUT_LE16(bss->network_auth_type + 1,
- redirect_url_len);
- if (redirect_url_len)
- os_memcpy(bss->network_auth_type + 3,
- pos + 2, redirect_url_len);
- bss->network_auth_type_len = 3 + redirect_url_len;
- } else if (os_strcmp(buf, "ipaddr_type_availability") == 0) {
- if (hexstr2bin(pos, &bss->ipaddr_type_availability, 1))
- {
- wpa_printf(MSG_ERROR, "Line %d: Invalid "
- "ipaddr_type_availability '%s'",
- line, pos);
- bss->ipaddr_type_configured = 0;
- errors++;
- return errors;
- }
- bss->ipaddr_type_configured = 1;
- } else if (os_strcmp(buf, "domain_name") == 0) {
- int j, num_domains, domain_len, domain_list_len = 0;
- char *tok_start, *tok_prev;
- u8 *domain_list, *domain_ptr;
-
- domain_list_len = os_strlen(pos) + 1;
- domain_list = os_malloc(domain_list_len);
- if (domain_list == NULL) {
- errors++;
- return errors;
- }
-
- domain_ptr = domain_list;
- tok_prev = pos;
- num_domains = 1;
- while ((tok_prev = os_strchr(tok_prev, ','))) {
- num_domains++;
- tok_prev++;
- }
- tok_prev = pos;
- for (j = 0; j < num_domains; j++) {
- tok_start = os_strchr(tok_prev, ',');
- if (tok_start) {
- domain_len = tok_start - tok_prev;
- *domain_ptr = domain_len;
- os_memcpy(domain_ptr + 1, tok_prev,
- domain_len);
- domain_ptr += domain_len + 1;
- tok_prev = ++tok_start;
- } else {
- domain_len = os_strlen(tok_prev);
- *domain_ptr = domain_len;
- os_memcpy(domain_ptr + 1, tok_prev,
- domain_len);
- domain_ptr += domain_len + 1;
- }
+ } else if (os_strcmp(buf, "interworking") == 0) {
+ bss->interworking = atoi(pos);
+ } else if (os_strcmp(buf, "access_network_type") == 0) {
+ bss->access_network_type = atoi(pos);
+ if (bss->access_network_type < 0 ||
+ bss->access_network_type > 15) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid access_network_type",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "internet") == 0) {
+ bss->internet = atoi(pos);
+ } else if (os_strcmp(buf, "asra") == 0) {
+ bss->asra = atoi(pos);
+ } else if (os_strcmp(buf, "esr") == 0) {
+ bss->esr = atoi(pos);
+ } else if (os_strcmp(buf, "uesa") == 0) {
+ bss->uesa = atoi(pos);
+ } else if (os_strcmp(buf, "venue_group") == 0) {
+ bss->venue_group = atoi(pos);
+ bss->venue_info_set = 1;
+ } else if (os_strcmp(buf, "venue_type") == 0) {
+ bss->venue_type = atoi(pos);
+ bss->venue_info_set = 1;
+ } else if (os_strcmp(buf, "hessid") == 0) {
+ if (hwaddr_aton(pos, bss->hessid)) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid hessid", line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "roaming_consortium") == 0) {
+ if (parse_roaming_consortium(bss, pos, line) < 0)
+ return 1;
+ } else if (os_strcmp(buf, "venue_name") == 0) {
+ if (parse_venue_name(bss, pos, line) < 0)
+ return 1;
+ } else if (os_strcmp(buf, "network_auth_type") == 0) {
+ u8 auth_type;
+ u16 redirect_url_len;
+ if (hexstr2bin(pos, &auth_type, 1)) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid network_auth_type '%s'",
+ line, pos);
+ return 1;
+ }
+ if (auth_type == 0 || auth_type == 2)
+ redirect_url_len = os_strlen(pos + 2);
+ else
+ redirect_url_len = 0;
+ os_free(bss->network_auth_type);
+ bss->network_auth_type = os_malloc(redirect_url_len + 3 + 1);
+ if (bss->network_auth_type == NULL)
+ return 1;
+ *bss->network_auth_type = auth_type;
+ WPA_PUT_LE16(bss->network_auth_type + 1, redirect_url_len);
+ if (redirect_url_len)
+ os_memcpy(bss->network_auth_type + 3, pos + 2,
+ redirect_url_len);
+ bss->network_auth_type_len = 3 + redirect_url_len;
+ } else if (os_strcmp(buf, "ipaddr_type_availability") == 0) {
+ if (hexstr2bin(pos, &bss->ipaddr_type_availability, 1)) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid ipaddr_type_availability '%s'",
+ line, pos);
+ bss->ipaddr_type_configured = 0;
+ return 1;
+ }
+ bss->ipaddr_type_configured = 1;
+ } else if (os_strcmp(buf, "domain_name") == 0) {
+ int j, num_domains, domain_len, domain_list_len = 0;
+ char *tok_start, *tok_prev;
+ u8 *domain_list, *domain_ptr;
+
+ domain_list_len = os_strlen(pos) + 1;
+ domain_list = os_malloc(domain_list_len);
+ if (domain_list == NULL)
+ return 1;
+
+ domain_ptr = domain_list;
+ tok_prev = pos;
+ num_domains = 1;
+ while ((tok_prev = os_strchr(tok_prev, ','))) {
+ num_domains++;
+ tok_prev++;
+ }
+ tok_prev = pos;
+ for (j = 0; j < num_domains; j++) {
+ tok_start = os_strchr(tok_prev, ',');
+ if (tok_start) {
+ domain_len = tok_start - tok_prev;
+ *domain_ptr = domain_len;
+ os_memcpy(domain_ptr + 1, tok_prev, domain_len);
+ domain_ptr += domain_len + 1;
+ tok_prev = ++tok_start;
+ } else {
+ domain_len = os_strlen(tok_prev);
+ *domain_ptr = domain_len;
+ os_memcpy(domain_ptr + 1, tok_prev, domain_len);
+ domain_ptr += domain_len + 1;
}
+ }
- os_free(bss->domain_name);
- bss->domain_name = domain_list;
- bss->domain_name_len = domain_list_len;
- } else if (os_strcmp(buf, "anqp_3gpp_cell_net") == 0) {
- if (parse_3gpp_cell_net(bss, pos, line) < 0)
- errors++;
- } else if (os_strcmp(buf, "nai_realm") == 0) {
- if (parse_nai_realm(bss, pos, line) < 0)
- errors++;
- } else if (os_strcmp(buf, "gas_frag_limit") == 0) {
- bss->gas_frag_limit = atoi(pos);
- } else if (os_strcmp(buf, "gas_comeback_delay") == 0) {
- bss->gas_comeback_delay = atoi(pos);
+ os_free(bss->domain_name);
+ bss->domain_name = domain_list;
+ bss->domain_name_len = domain_list_len;
+ } else if (os_strcmp(buf, "anqp_3gpp_cell_net") == 0) {
+ if (parse_3gpp_cell_net(bss, pos, line) < 0)
+ return 1;
+ } else if (os_strcmp(buf, "nai_realm") == 0) {
+ if (parse_nai_realm(bss, pos, line) < 0)
+ return 1;
+ } else if (os_strcmp(buf, "gas_frag_limit") == 0) {
+ bss->gas_frag_limit = atoi(pos);
+ } else if (os_strcmp(buf, "gas_comeback_delay") == 0) {
+ bss->gas_comeback_delay = atoi(pos);
+ } else if (os_strcmp(buf, "qos_map_set") == 0) {
+ if (parse_qos_map_set(bss, pos, line) < 0)
+ return 1;
#endif /* CONFIG_INTERWORKING */
#ifdef CONFIG_RADIUS_TEST
- } else if (os_strcmp(buf, "dump_msk_file") == 0) {
- os_free(bss->dump_msk_file);
- bss->dump_msk_file = os_strdup(pos);
+ } else if (os_strcmp(buf, "dump_msk_file") == 0) {
+ os_free(bss->dump_msk_file);
+ bss->dump_msk_file = os_strdup(pos);
#endif /* CONFIG_RADIUS_TEST */
#ifdef CONFIG_HS20
- } else if (os_strcmp(buf, "hs20") == 0) {
- bss->hs20 = atoi(pos);
- } else if (os_strcmp(buf, "disable_dgaf") == 0) {
- bss->disable_dgaf = atoi(pos);
- } else if (os_strcmp(buf, "hs20_oper_friendly_name") == 0) {
- if (hs20_parse_oper_friendly_name(bss, pos, line) < 0)
- errors++;
- } else if (os_strcmp(buf, "hs20_wan_metrics") == 0) {
- if (hs20_parse_wan_metrics(bss, pos, line) < 0) {
- errors++;
- return errors;
- }
- } else if (os_strcmp(buf, "hs20_conn_capab") == 0) {
- if (hs20_parse_conn_capab(bss, pos, line) < 0) {
- errors++;
- return errors;
- }
- } else if (os_strcmp(buf, "hs20_operating_class") == 0) {
- u8 *oper_class;
- size_t oper_class_len;
- oper_class_len = os_strlen(pos);
- if (oper_class_len < 2 || (oper_class_len & 0x01)) {
- wpa_printf(MSG_ERROR, "Line %d: Invalid "
- "hs20_operating_class '%s'",
- line, pos);
- errors++;
- return errors;
- }
- oper_class_len /= 2;
- oper_class = os_malloc(oper_class_len);
- if (oper_class == NULL) {
- errors++;
- return errors;
- }
- if (hexstr2bin(pos, oper_class, oper_class_len)) {
- wpa_printf(MSG_ERROR, "Line %d: Invalid "
- "hs20_operating_class '%s'",
- line, pos);
- os_free(oper_class);
- errors++;
- return errors;
- }
- os_free(bss->hs20_operating_class);
- bss->hs20_operating_class = oper_class;
- bss->hs20_operating_class_len = oper_class_len;
+ } else if (os_strcmp(buf, "hs20") == 0) {
+ bss->hs20 = atoi(pos);
+ } else if (os_strcmp(buf, "disable_dgaf") == 0) {
+ bss->disable_dgaf = atoi(pos);
+ } else if (os_strcmp(buf, "proxy_arp") == 0) {
+ bss->proxy_arp = atoi(pos);
+ } else if (os_strcmp(buf, "osen") == 0) {
+ bss->osen = atoi(pos);
+ } else if (os_strcmp(buf, "anqp_domain_id") == 0) {
+ bss->anqp_domain_id = atoi(pos);
+ } else if (os_strcmp(buf, "hs20_deauth_req_timeout") == 0) {
+ bss->hs20_deauth_req_timeout = atoi(pos);
+ } else if (os_strcmp(buf, "hs20_oper_friendly_name") == 0) {
+ if (hs20_parse_oper_friendly_name(bss, pos, line) < 0)
+ return 1;
+ } else if (os_strcmp(buf, "hs20_wan_metrics") == 0) {
+ if (hs20_parse_wan_metrics(bss, pos, line) < 0)
+ return 1;
+ } else if (os_strcmp(buf, "hs20_conn_capab") == 0) {
+ if (hs20_parse_conn_capab(bss, pos, line) < 0) {
+ return 1;
+ }
+ } else if (os_strcmp(buf, "hs20_operating_class") == 0) {
+ u8 *oper_class;
+ size_t oper_class_len;
+ oper_class_len = os_strlen(pos);
+ if (oper_class_len < 2 || (oper_class_len & 0x01)) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid hs20_operating_class '%s'",
+ line, pos);
+ return 1;
+ }
+ oper_class_len /= 2;
+ oper_class = os_malloc(oper_class_len);
+ if (oper_class == NULL)
+ return 1;
+ if (hexstr2bin(pos, oper_class, oper_class_len)) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid hs20_operating_class '%s'",
+ line, pos);
+ os_free(oper_class);
+ return 1;
+ }
+ os_free(bss->hs20_operating_class);
+ bss->hs20_operating_class = oper_class;
+ bss->hs20_operating_class_len = oper_class_len;
+ } else if (os_strcmp(buf, "hs20_icon") == 0) {
+ if (hs20_parse_icon(bss, pos) < 0) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid hs20_icon '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "osu_ssid") == 0) {
+ if (hs20_parse_osu_ssid(bss, pos, line) < 0)
+ return 1;
+ } else if (os_strcmp(buf, "osu_server_uri") == 0) {
+ if (hs20_parse_osu_server_uri(bss, pos, line) < 0)
+ return 1;
+ } else if (os_strcmp(buf, "osu_friendly_name") == 0) {
+ if (hs20_parse_osu_friendly_name(bss, pos, line) < 0)
+ return 1;
+ } else if (os_strcmp(buf, "osu_nai") == 0) {
+ if (hs20_parse_osu_nai(bss, pos, line) < 0)
+ return 1;
+ } else if (os_strcmp(buf, "osu_method_list") == 0) {
+ if (hs20_parse_osu_method_list(bss, pos, line) < 0)
+ return 1;
+ } else if (os_strcmp(buf, "osu_icon") == 0) {
+ if (hs20_parse_osu_icon(bss, pos, line) < 0)
+ return 1;
+ } else if (os_strcmp(buf, "osu_service_desc") == 0) {
+ if (hs20_parse_osu_service_desc(bss, pos, line) < 0)
+ return 1;
+ } else if (os_strcmp(buf, "subscr_remediation_url") == 0) {
+ os_free(bss->subscr_remediation_url);
+ bss->subscr_remediation_url = os_strdup(pos);
+ } else if (os_strcmp(buf, "subscr_remediation_method") == 0) {
+ bss->subscr_remediation_method = atoi(pos);
#endif /* CONFIG_HS20 */
- } else if (os_strcmp(buf, "vendor_elements") == 0) {
- struct wpabuf *elems;
- size_t len = os_strlen(pos);
- if (len & 0x01) {
- wpa_printf(MSG_ERROR, "Line %d: Invalid "
- "vendor_elements '%s'", line, pos);
- return 1;
- }
- len /= 2;
- if (len == 0) {
- wpabuf_free(bss->vendor_elements);
- bss->vendor_elements = NULL;
- return 0;
- }
-
- elems = wpabuf_alloc(len);
- if (elems == NULL)
- return 1;
-
- if (hexstr2bin(pos, wpabuf_put(elems, len), len)) {
- wpabuf_free(elems);
- wpa_printf(MSG_ERROR, "Line %d: Invalid "
- "vendor_elements '%s'", line, pos);
- return 1;
- }
-
+#ifdef CONFIG_TESTING_OPTIONS
+#define PARSE_TEST_PROBABILITY(_val) \
+ } else if (os_strcmp(buf, #_val) == 0) { \
+ char *end; \
+ \
+ conf->_val = strtod(pos, &end); \
+ if (*end || conf->_val < 0.0 || \
+ conf->_val > 1.0) { \
+ wpa_printf(MSG_ERROR, \
+ "Line %d: Invalid value '%s'", \
+ line, pos); \
+ return 1; \
+ }
+ PARSE_TEST_PROBABILITY(ignore_probe_probability)
+ PARSE_TEST_PROBABILITY(ignore_auth_probability)
+ PARSE_TEST_PROBABILITY(ignore_assoc_probability)
+ PARSE_TEST_PROBABILITY(ignore_reassoc_probability)
+ PARSE_TEST_PROBABILITY(corrupt_gtk_rekey_mic_probability)
+ } else if (os_strcmp(buf, "bss_load_test") == 0) {
+ WPA_PUT_LE16(bss->bss_load_test, atoi(pos));
+ pos = os_strchr(pos, ':');
+ if (pos == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid bss_load_test",
+ line);
+ return 1;
+ }
+ pos++;
+ bss->bss_load_test[2] = atoi(pos);
+ pos = os_strchr(pos, ':');
+ if (pos == NULL) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid bss_load_test",
+ line);
+ return 1;
+ }
+ pos++;
+ WPA_PUT_LE16(&bss->bss_load_test[3], atoi(pos));
+ bss->bss_load_test_set = 1;
+ } else if (os_strcmp(buf, "radio_measurements") == 0) {
+ bss->radio_measurements = atoi(pos);
+#endif /* CONFIG_TESTING_OPTIONS */
+ } else if (os_strcmp(buf, "vendor_elements") == 0) {
+ struct wpabuf *elems;
+ size_t len = os_strlen(pos);
+ if (len & 0x01) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid vendor_elements '%s'",
+ line, pos);
+ return 1;
+ }
+ len /= 2;
+ if (len == 0) {
wpabuf_free(bss->vendor_elements);
- bss->vendor_elements = elems;
- } else {
- wpa_printf(MSG_ERROR, "Line %d: unknown configuration "
- "item '%s'", line, buf);
- errors++;
+ bss->vendor_elements = NULL;
+ return 0;
}
- }
- return errors;
-}
+ elems = wpabuf_alloc(len);
+ if (elems == NULL)
+ return 1;
+ if (hexstr2bin(pos, wpabuf_put(elems, len), len)) {
+ wpabuf_free(elems);
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid vendor_elements '%s'",
+ line, pos);
+ return 1;
+ }
-static void hostapd_set_security_params(struct hostapd_bss_config *bss)
-{
- int pairwise;
-
- if (bss->individual_wep_key_len == 0) {
- /* individual keys are not use; can use key idx0 for
- * broadcast keys */
- bss->broadcast_key_idx_min = 0;
- }
-
- /* Select group cipher based on the enabled pairwise cipher
- * suites */
- pairwise = 0;
- if (bss->wpa & 1)
- pairwise |= bss->wpa_pairwise;
- if (bss->wpa & 2) {
- if (bss->rsn_pairwise == 0)
- bss->rsn_pairwise = bss->wpa_pairwise;
- pairwise |= bss->rsn_pairwise;
- }
- if (pairwise & WPA_CIPHER_TKIP)
- bss->wpa_group = WPA_CIPHER_TKIP;
- else if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) ==
- WPA_CIPHER_GCMP)
- bss->wpa_group = WPA_CIPHER_GCMP;
- else
- bss->wpa_group = WPA_CIPHER_CCMP;
-
- bss->radius->auth_server = bss->radius->auth_servers;
- bss->radius->acct_server = bss->radius->acct_servers;
-
- if (bss->wpa && bss->ieee802_1x) {
- bss->ssid.security_policy = SECURITY_WPA;
- } else if (bss->wpa) {
- bss->ssid.security_policy = SECURITY_WPA_PSK;
- } else if (bss->ieee802_1x) {
- int cipher = WPA_CIPHER_NONE;
- bss->ssid.security_policy = SECURITY_IEEE_802_1X;
- bss->ssid.wep.default_len = bss->default_wep_key_len;
- if (bss->default_wep_key_len)
- cipher = bss->default_wep_key_len >= 13 ?
- WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
- bss->wpa_group = cipher;
- bss->wpa_pairwise = cipher;
- bss->rsn_pairwise = cipher;
- } else if (bss->ssid.wep.keys_set) {
- int cipher = WPA_CIPHER_WEP40;
- if (bss->ssid.wep.len[0] >= 13)
- cipher = WPA_CIPHER_WEP104;
- bss->ssid.security_policy = SECURITY_STATIC_WEP;
- bss->wpa_group = cipher;
- bss->wpa_pairwise = cipher;
- bss->rsn_pairwise = cipher;
+ wpabuf_free(bss->vendor_elements);
+ bss->vendor_elements = elems;
+ } else if (os_strcmp(buf, "sae_anti_clogging_threshold") == 0) {
+ bss->sae_anti_clogging_threshold = atoi(pos);
+ } else if (os_strcmp(buf, "sae_groups") == 0) {
+ if (hostapd_parse_intlist(&bss->sae_groups, pos)) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid sae_groups value '%s'",
+ line, pos);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "local_pwr_constraint") == 0) {
+ int val = atoi(pos);
+ if (val < 0 || val > 255) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid local_pwr_constraint %d (expected 0..255)",
+ line, val);
+ return 1;
+ }
+ conf->local_pwr_constraint = val;
+ } else if (os_strcmp(buf, "spectrum_mgmt_required") == 0) {
+ conf->spectrum_mgmt_required = atoi(pos);
+ } else if (os_strcmp(buf, "wowlan_triggers") == 0) {
+ os_free(bss->wowlan_triggers);
+ bss->wowlan_triggers = os_strdup(pos);
} else {
- bss->ssid.security_policy = SECURITY_PLAINTEXT;
- bss->wpa_group = WPA_CIPHER_NONE;
- bss->wpa_pairwise = WPA_CIPHER_NONE;
- bss->rsn_pairwise = WPA_CIPHER_NONE;
+ wpa_printf(MSG_ERROR,
+ "Line %d: unknown configuration item '%s'",
+ line, buf);
+ return 1;
}
+
+ return 0;
}
@@ -3016,7 +3295,6 @@ static void hostapd_set_security_params(struct hostapd_bss_config *bss)
struct hostapd_config * hostapd_config_read(const char *fname)
{
struct hostapd_config *conf;
- struct hostapd_bss_config *bss;
FILE *f;
char buf[512], *pos;
int line = 0;
@@ -3045,9 +3323,11 @@ struct hostapd_config * hostapd_config_read(const char *fname)
return NULL;
}
- bss = conf->last_bss = conf->bss;
+ conf->last_bss = conf->bss[0];
while (fgets(buf, sizeof(buf), f)) {
+ struct hostapd_bss_config *bss;
+
bss = conf->last_bss;
line++;
@@ -3079,9 +3359,9 @@ struct hostapd_config * hostapd_config_read(const char *fname)
fclose(f);
for (i = 0; i < conf->num_bss; i++)
- hostapd_set_security_params(&conf->bss[i]);
+ hostapd_set_security_params(conf->bss[i], 1);
- if (hostapd_config_check(conf))
+ if (hostapd_config_check(conf, 1))
errors++;
#ifndef WPA_IGNORE_CONFIG_ERRORS
@@ -3111,9 +3391,9 @@ int hostapd_set_iface(struct hostapd_config *conf,
}
for (i = 0; i < conf->num_bss; i++)
- hostapd_set_security_params(&conf->bss[i]);
+ hostapd_set_security_params(conf->bss[i], 0);
- if (hostapd_config_check(conf)) {
+ if (hostapd_config_check(conf, 0)) {
wpa_printf(MSG_ERROR, "Configuration check failed");
return -1;
}
diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 3c9071caa3af..86f1aa6dfdb2 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -1,6 +1,6 @@
/*
* hostapd / UNIX domain socket -based control interface
- * Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -10,6 +10,11 @@
#ifndef CONFIG_NATIVE_WINDOWS
+#ifdef CONFIG_TESTING_OPTIONS
+#include <net/ethernet.h>
+#include <netinet/ip.h>
+#endif /* CONFIG_TESTING_OPTIONS */
+
#include <sys/un.h>
#include <sys/stat.h>
#include <stddef.h>
@@ -18,8 +23,11 @@
#include "utils/eloop.h"
#include "common/version.h"
#include "common/ieee802_11_defs.h"
+#include "crypto/tls.h"
#include "drivers/driver.h"
#include "radius/radius_client.h"
+#include "radius/radius_server.h"
+#include "l2_packet/l2_packet.h"
#include "ap/hostapd.h"
#include "ap/ap_config.h"
#include "ap/ieee802_1x.h"
@@ -29,6 +37,10 @@
#include "ap/wps_hostapd.h"
#include "ap/ctrl_iface_ap.h"
#include "ap/ap_drv_ops.h"
+#include "ap/hs20.h"
+#include "ap/wnm_ap.h"
+#include "ap/wpa_auth.h"
+#include "ap/beacon.h"
#include "wps/wps_defs.h"
#include "wps/wps.h"
#include "config_file.h"
@@ -81,15 +93,15 @@ static int hostapd_ctrl_iface_detach(struct hostapd_data *hapd,
os_memcmp(from->sun_path, dst->addr.sun_path,
fromlen - offsetof(struct sockaddr_un, sun_path))
== 0) {
+ wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor detached",
+ (u8 *) from->sun_path,
+ fromlen -
+ offsetof(struct sockaddr_un, sun_path));
if (prev == NULL)
hapd->ctrl_dst = dst->next;
else
prev->next = dst->next;
os_free(dst);
- wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor detached",
- (u8 *) from->sun_path,
- fromlen -
- offsetof(struct sockaddr_un, sun_path));
return 0;
}
prev = dst;
@@ -236,14 +248,14 @@ static int hostapd_ctrl_iface_wps_check_pin(
if (!wps_pin_valid(pin_val)) {
wpa_printf(MSG_DEBUG, "WPS: Invalid checksum digit");
ret = os_snprintf(buf, buflen, "FAIL-CHECKSUM\n");
- if (ret < 0 || (size_t) ret >= buflen)
+ if (os_snprintf_error(buflen, ret))
return -1;
return ret;
}
}
ret = os_snprintf(buf, buflen, "%s", pin);
- if (ret < 0 || (size_t) ret >= buflen)
+ if (os_snprintf_error(buflen, ret))
return -1;
return ret;
@@ -352,6 +364,116 @@ static int hostapd_ctrl_iface_wps_nfc_token(struct hostapd_data *hapd,
return -1;
}
+
+
+static int hostapd_ctrl_iface_nfc_get_handover_sel(struct hostapd_data *hapd,
+ char *cmd, char *reply,
+ size_t max_len)
+{
+ struct wpabuf *buf;
+ int res;
+ char *pos;
+ int ndef;
+
+ pos = os_strchr(cmd, ' ');
+ if (pos == NULL)
+ return -1;
+ *pos++ = '\0';
+
+ if (os_strcmp(cmd, "WPS") == 0)
+ ndef = 0;
+ else if (os_strcmp(cmd, "NDEF") == 0)
+ ndef = 1;
+ else
+ return -1;
+
+ if (os_strcmp(pos, "WPS-CR") == 0)
+ buf = hostapd_wps_nfc_hs_cr(hapd, ndef);
+ else
+ buf = NULL;
+ if (buf == NULL)
+ return -1;
+
+ res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
+ wpabuf_len(buf));
+ reply[res++] = '\n';
+ reply[res] = '\0';
+
+ wpabuf_free(buf);
+
+ return res;
+}
+
+
+static int hostapd_ctrl_iface_nfc_report_handover(struct hostapd_data *hapd,
+ char *cmd)
+{
+ size_t len;
+ struct wpabuf *req, *sel;
+ int ret;
+ char *pos, *role, *type, *pos2;
+
+ role = cmd;
+ pos = os_strchr(role, ' ');
+ if (pos == NULL)
+ return -1;
+ *pos++ = '\0';
+
+ type = pos;
+ pos = os_strchr(type, ' ');
+ if (pos == NULL)
+ return -1;
+ *pos++ = '\0';
+
+ pos2 = os_strchr(pos, ' ');
+ if (pos2 == NULL)
+ return -1;
+ *pos2++ = '\0';
+
+ len = os_strlen(pos);
+ if (len & 0x01)
+ return -1;
+ len /= 2;
+
+ req = wpabuf_alloc(len);
+ if (req == NULL)
+ return -1;
+ if (hexstr2bin(pos, wpabuf_put(req, len), len) < 0) {
+ wpabuf_free(req);
+ return -1;
+ }
+
+ len = os_strlen(pos2);
+ if (len & 0x01) {
+ wpabuf_free(req);
+ return -1;
+ }
+ len /= 2;
+
+ sel = wpabuf_alloc(len);
+ if (sel == NULL) {
+ wpabuf_free(req);
+ return -1;
+ }
+ if (hexstr2bin(pos2, wpabuf_put(sel, len), len) < 0) {
+ wpabuf_free(req);
+ wpabuf_free(sel);
+ return -1;
+ }
+
+ if (os_strcmp(role, "RESP") == 0 && os_strcmp(type, "WPS") == 0) {
+ ret = hostapd_wps_nfc_report_handover(hapd, req, sel);
+ } else {
+ wpa_printf(MSG_DEBUG, "NFC: Unsupported connection handover "
+ "reported: role=%s type=%s", role, type);
+ ret = -1;
+ }
+ wpabuf_free(req);
+ wpabuf_free(sel);
+
+ return ret;
+}
+
#endif /* CONFIG_WPS_NFC */
@@ -433,8 +555,253 @@ static int hostapd_ctrl_iface_wps_config(struct hostapd_data *hapd, char *txt)
return hostapd_wps_config_ap(hapd, ssid, auth, encr, key);
}
+
+
+static const char * pbc_status_str(enum pbc_status status)
+{
+ switch (status) {
+ case WPS_PBC_STATUS_DISABLE:
+ return "Disabled";
+ case WPS_PBC_STATUS_ACTIVE:
+ return "Active";
+ case WPS_PBC_STATUS_TIMEOUT:
+ return "Timed-out";
+ case WPS_PBC_STATUS_OVERLAP:
+ return "Overlap";
+ default:
+ return "Unknown";
+ }
+}
+
+
+static int hostapd_ctrl_iface_wps_get_status(struct hostapd_data *hapd,
+ char *buf, size_t buflen)
+{
+ int ret;
+ char *pos, *end;
+
+ pos = buf;
+ end = buf + buflen;
+
+ ret = os_snprintf(pos, end - pos, "PBC Status: %s\n",
+ pbc_status_str(hapd->wps_stats.pbc_status));
+
+ if (os_snprintf_error(end - pos, ret))
+ return pos - buf;
+ pos += ret;
+
+ ret = os_snprintf(pos, end - pos, "Last WPS result: %s\n",
+ (hapd->wps_stats.status == WPS_STATUS_SUCCESS ?
+ "Success":
+ (hapd->wps_stats.status == WPS_STATUS_FAILURE ?
+ "Failed" : "None")));
+
+ if (os_snprintf_error(end - pos, ret))
+ return pos - buf;
+ pos += ret;
+
+ /* If status == Failure - Add possible Reasons */
+ if(hapd->wps_stats.status == WPS_STATUS_FAILURE &&
+ hapd->wps_stats.failure_reason > 0) {
+ ret = os_snprintf(pos, end - pos,
+ "Failure Reason: %s\n",
+ wps_ei_str(hapd->wps_stats.failure_reason));
+
+ if (os_snprintf_error(end - pos, ret))
+ return pos - buf;
+ pos += ret;
+ }
+
+ if (hapd->wps_stats.status) {
+ ret = os_snprintf(pos, end - pos, "Peer Address: " MACSTR "\n",
+ MAC2STR(hapd->wps_stats.peer_addr));
+
+ if (os_snprintf_error(end - pos, ret))
+ return pos - buf;
+ pos += ret;
+ }
+
+ return pos - buf;
+}
+
#endif /* CONFIG_WPS */
+#ifdef CONFIG_HS20
+
+static int hostapd_ctrl_iface_hs20_wnm_notif(struct hostapd_data *hapd,
+ const char *cmd)
+{
+ u8 addr[ETH_ALEN];
+ const char *url;
+
+ if (hwaddr_aton(cmd, addr))
+ return -1;
+ url = cmd + 17;
+ if (*url == '\0') {
+ url = NULL;
+ } else {
+ if (*url != ' ')
+ return -1;
+ url++;
+ if (*url == '\0')
+ url = NULL;
+ }
+
+ return hs20_send_wnm_notification(hapd, addr, 1, url);
+}
+
+
+static int hostapd_ctrl_iface_hs20_deauth_req(struct hostapd_data *hapd,
+ const char *cmd)
+{
+ u8 addr[ETH_ALEN];
+ int code, reauth_delay, ret;
+ const char *pos;
+ size_t url_len;
+ struct wpabuf *req;
+
+ /* <STA MAC Addr> <Code(0/1)> <Re-auth-Delay(sec)> [URL] */
+ if (hwaddr_aton(cmd, addr))
+ return -1;
+
+ pos = os_strchr(cmd, ' ');
+ if (pos == NULL)
+ return -1;
+ pos++;
+ code = atoi(pos);
+
+ pos = os_strchr(pos, ' ');
+ if (pos == NULL)
+ return -1;
+ pos++;
+ reauth_delay = atoi(pos);
+
+ url_len = 0;
+ pos = os_strchr(pos, ' ');
+ if (pos) {
+ pos++;
+ url_len = os_strlen(pos);
+ }
+
+ req = wpabuf_alloc(4 + url_len);
+ if (req == NULL)
+ return -1;
+ wpabuf_put_u8(req, code);
+ wpabuf_put_le16(req, reauth_delay);
+ wpabuf_put_u8(req, url_len);
+ if (pos)
+ wpabuf_put_data(req, pos, url_len);
+
+ wpa_printf(MSG_DEBUG, "HS 2.0: Send WNM-Notification to " MACSTR
+ " to indicate imminent deauthentication (code=%d "
+ "reauth_delay=%d)", MAC2STR(addr), code, reauth_delay);
+ ret = hs20_send_wnm_notification_deauth_req(hapd, addr, req);
+ wpabuf_free(req);
+ return ret;
+}
+
+#endif /* CONFIG_HS20 */
+
+
+#ifdef CONFIG_INTERWORKING
+
+static int hostapd_ctrl_iface_set_qos_map_set(struct hostapd_data *hapd,
+ const char *cmd)
+{
+ u8 qos_map_set[16 + 2 * 21], count = 0;
+ const char *pos = cmd;
+ int val, ret;
+
+ for (;;) {
+ if (count == sizeof(qos_map_set)) {
+ wpa_printf(MSG_ERROR, "Too many qos_map_set parameters");
+ return -1;
+ }
+
+ val = atoi(pos);
+ if (val < 0 || val > 255) {
+ wpa_printf(MSG_INFO, "Invalid QoS Map Set");
+ return -1;
+ }
+
+ qos_map_set[count++] = val;
+ pos = os_strchr(pos, ',');
+ if (!pos)
+ break;
+ pos++;
+ }
+
+ if (count < 16 || count & 1) {
+ wpa_printf(MSG_INFO, "Invalid QoS Map Set");
+ return -1;
+ }
+
+ ret = hostapd_drv_set_qos_map(hapd, qos_map_set, count);
+ if (ret) {
+ wpa_printf(MSG_INFO, "Failed to set QoS Map Set");
+ return -1;
+ }
+
+ os_memcpy(hapd->conf->qos_map_set, qos_map_set, count);
+ hapd->conf->qos_map_set_len = count;
+
+ return 0;
+}
+
+
+static int hostapd_ctrl_iface_send_qos_map_conf(struct hostapd_data *hapd,
+ const char *cmd)
+{
+ u8 addr[ETH_ALEN];
+ struct sta_info *sta;
+ struct wpabuf *buf;
+ u8 *qos_map_set = hapd->conf->qos_map_set;
+ u8 qos_map_set_len = hapd->conf->qos_map_set_len;
+ int ret;
+
+ if (!qos_map_set_len) {
+ wpa_printf(MSG_INFO, "QoS Map Set is not set");
+ return -1;
+ }
+
+ if (hwaddr_aton(cmd, addr))
+ return -1;
+
+ sta = ap_get_sta(hapd, addr);
+ if (sta == NULL) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR " not found "
+ "for QoS Map Configuration message",
+ MAC2STR(addr));
+ return -1;
+ }
+
+ if (!sta->qos_map_enabled) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR " did not indicate "
+ "support for QoS Map", MAC2STR(addr));
+ return -1;
+ }
+
+ buf = wpabuf_alloc(2 + 2 + qos_map_set_len);
+ if (buf == NULL)
+ return -1;
+
+ wpabuf_put_u8(buf, WLAN_ACTION_QOS);
+ wpabuf_put_u8(buf, QOS_QOS_MAP_CONFIG);
+
+ /* QoS Map Set Element */
+ wpabuf_put_u8(buf, WLAN_EID_QOS_MAP_SET);
+ wpabuf_put_u8(buf, qos_map_set_len);
+ wpabuf_put_data(buf, qos_map_set, qos_map_set_len);
+
+ ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
+ wpabuf_head(buf), wpabuf_len(buf));
+ wpabuf_free(buf);
+
+ return ret;
+}
+
+#endif /* CONFIG_INTERWORKING */
+
#ifdef CONFIG_WNM
@@ -442,9 +809,8 @@ static int hostapd_ctrl_iface_disassoc_imminent(struct hostapd_data *hapd,
const char *cmd)
{
u8 addr[ETH_ALEN];
- u8 buf[1000], *pos;
- struct ieee80211_mgmt *mgmt;
int disassoc_timer;
+ struct sta_info *sta;
if (hwaddr_aton(cmd, addr))
return -1;
@@ -452,31 +818,15 @@ static int hostapd_ctrl_iface_disassoc_imminent(struct hostapd_data *hapd,
return -1;
disassoc_timer = atoi(cmd + 17);
- os_memset(buf, 0, sizeof(buf));
- mgmt = (struct ieee80211_mgmt *) buf;
- mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
- WLAN_FC_STYPE_ACTION);
- os_memcpy(mgmt->da, addr, ETH_ALEN);
- os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
- os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
- mgmt->u.action.category = WLAN_ACTION_WNM;
- mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ;
- mgmt->u.action.u.bss_tm_req.dialog_token = 1;
- mgmt->u.action.u.bss_tm_req.req_mode =
- WNM_BSS_TM_REQ_DISASSOC_IMMINENT;
- mgmt->u.action.u.bss_tm_req.disassoc_timer =
- host_to_le16(disassoc_timer);
- mgmt->u.action.u.bss_tm_req.validity_interval = 0;
-
- pos = mgmt->u.action.u.bss_tm_req.variable;
-
- if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0) < 0) {
- wpa_printf(MSG_DEBUG, "Failed to send BSS Transition "
- "Management Request frame");
+ sta = ap_get_sta(hapd, addr);
+ if (sta == NULL) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR
+ " not found for disassociation imminent message",
+ MAC2STR(addr));
return -1;
}
- return 0;
+ return wnm_send_disassoc_imminent(hapd, sta, disassoc_timer);
}
@@ -484,50 +834,222 @@ static int hostapd_ctrl_iface_ess_disassoc(struct hostapd_data *hapd,
const char *cmd)
{
u8 addr[ETH_ALEN];
- const char *url;
- u8 buf[1000], *pos;
- struct ieee80211_mgmt *mgmt;
- size_t url_len;
+ const char *url, *timerstr;
+ int disassoc_timer;
+ struct sta_info *sta;
if (hwaddr_aton(cmd, addr))
return -1;
- url = cmd + 17;
- if (*url != ' ')
+
+ sta = ap_get_sta(hapd, addr);
+ if (sta == NULL) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR
+ " not found for ESS disassociation imminent message",
+ MAC2STR(addr));
return -1;
- url++;
- url_len = os_strlen(url);
- if (url_len > 255)
+ }
+
+ timerstr = cmd + 17;
+ if (*timerstr != ' ')
+ return -1;
+ timerstr++;
+ disassoc_timer = atoi(timerstr);
+ if (disassoc_timer < 0 || disassoc_timer > 65535)
return -1;
- os_memset(buf, 0, sizeof(buf));
- mgmt = (struct ieee80211_mgmt *) buf;
- mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
- WLAN_FC_STYPE_ACTION);
- os_memcpy(mgmt->da, addr, ETH_ALEN);
- os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
- os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
- mgmt->u.action.category = WLAN_ACTION_WNM;
- mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ;
- mgmt->u.action.u.bss_tm_req.dialog_token = 1;
- mgmt->u.action.u.bss_tm_req.req_mode =
- WNM_BSS_TM_REQ_ESS_DISASSOC_IMMINENT;
- mgmt->u.action.u.bss_tm_req.disassoc_timer = host_to_le16(0);
- mgmt->u.action.u.bss_tm_req.validity_interval = 0;
+ url = os_strchr(timerstr, ' ');
+ if (url == NULL)
+ return -1;
+ url++;
- pos = mgmt->u.action.u.bss_tm_req.variable;
+ return wnm_send_ess_disassoc_imminent(hapd, sta, url, disassoc_timer);
+}
- /* Session Information URL */
- *pos++ = url_len;
- os_memcpy(pos, url, url_len);
- pos += url_len;
- if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0) < 0) {
- wpa_printf(MSG_DEBUG, "Failed to send BSS Transition "
- "Management Request frame");
+static int hostapd_ctrl_iface_bss_tm_req(struct hostapd_data *hapd,
+ const char *cmd)
+{
+ u8 addr[ETH_ALEN];
+ const char *pos, *end;
+ int disassoc_timer = 0;
+ struct sta_info *sta;
+ u8 req_mode = 0, valid_int = 0x01;
+ u8 bss_term_dur[12];
+ char *url = NULL;
+ int ret;
+ u8 nei_rep[1000];
+ u8 *nei_pos = nei_rep;
+
+ if (hwaddr_aton(cmd, addr)) {
+ wpa_printf(MSG_DEBUG, "Invalid STA MAC address");
return -1;
}
- return 0;
+ sta = ap_get_sta(hapd, addr);
+ if (sta == NULL) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR
+ " not found for BSS TM Request message",
+ MAC2STR(addr));
+ return -1;
+ }
+
+ pos = os_strstr(cmd, " disassoc_timer=");
+ if (pos) {
+ pos += 16;
+ disassoc_timer = atoi(pos);
+ if (disassoc_timer < 0 || disassoc_timer > 65535) {
+ wpa_printf(MSG_DEBUG, "Invalid disassoc_timer");
+ return -1;
+ }
+ }
+
+ pos = os_strstr(cmd, " valid_int=");
+ if (pos) {
+ pos += 11;
+ valid_int = atoi(pos);
+ }
+
+ pos = os_strstr(cmd, " bss_term=");
+ if (pos) {
+ pos += 10;
+ req_mode |= WNM_BSS_TM_REQ_BSS_TERMINATION_INCLUDED;
+ /* TODO: TSF configurable/learnable */
+ bss_term_dur[0] = 4; /* Subelement ID */
+ bss_term_dur[1] = 10; /* Length */
+ os_memset(bss_term_dur, 2, 8);
+ end = os_strchr(pos, ',');
+ if (end == NULL) {
+ wpa_printf(MSG_DEBUG, "Invalid bss_term data");
+ return -1;
+ }
+ end++;
+ WPA_PUT_LE16(&bss_term_dur[10], atoi(end));
+ }
+
+
+ /*
+ * BSS Transition Candidate List Entries - Neighbor Report elements
+ * neighbor=<BSSID>,<BSSID Information>,<Operating Class>,
+ * <Channel Number>,<PHY Type>[,<hexdump of Optional Subelements>]
+ */
+ pos = cmd;
+ while (pos) {
+ u8 *nei_start;
+ long int val;
+ char *endptr, *tmp;
+
+ pos = os_strstr(pos, " neighbor=");
+ if (!pos)
+ break;
+ if (nei_pos + 15 > nei_rep + sizeof(nei_rep)) {
+ wpa_printf(MSG_DEBUG,
+ "Not enough room for additional neighbor");
+ return -1;
+ }
+ pos += 10;
+
+ nei_start = nei_pos;
+ *nei_pos++ = WLAN_EID_NEIGHBOR_REPORT;
+ nei_pos++; /* length to be filled in */
+
+ if (hwaddr_aton(pos, nei_pos)) {
+ wpa_printf(MSG_DEBUG, "Invalid BSSID");
+ return -1;
+ }
+ nei_pos += ETH_ALEN;
+ pos += 17;
+ if (*pos != ',') {
+ wpa_printf(MSG_DEBUG, "Missing BSSID Information");
+ return -1;
+ }
+ pos++;
+
+ val = strtol(pos, &endptr, 0);
+ WPA_PUT_LE32(nei_pos, val);
+ nei_pos += 4;
+ if (*endptr != ',') {
+ wpa_printf(MSG_DEBUG, "Missing Operating Class");
+ return -1;
+ }
+ pos = endptr + 1;
+
+ *nei_pos++ = atoi(pos); /* Operating Class */
+ pos = os_strchr(pos, ',');
+ if (pos == NULL) {
+ wpa_printf(MSG_DEBUG, "Missing Channel Number");
+ return -1;
+ }
+ pos++;
+
+ *nei_pos++ = atoi(pos); /* Channel Number */
+ pos = os_strchr(pos, ',');
+ if (pos == NULL) {
+ wpa_printf(MSG_DEBUG, "Missing PHY Type");
+ return -1;
+ }
+ pos++;
+
+ *nei_pos++ = atoi(pos); /* PHY Type */
+ end = os_strchr(pos, ' ');
+ tmp = os_strchr(pos, ',');
+ if (tmp && (!end || tmp < end)) {
+ /* Optional Subelements (hexdump) */
+ size_t len;
+
+ pos = tmp + 1;
+ end = os_strchr(pos, ' ');
+ if (end)
+ len = end - pos;
+ else
+ len = os_strlen(pos);
+ if (nei_pos + len / 2 > nei_rep + sizeof(nei_rep)) {
+ wpa_printf(MSG_DEBUG,
+ "Not enough room for neighbor subelements");
+ return -1;
+ }
+ if (len & 0x01 ||
+ hexstr2bin(pos, nei_pos, len / 2) < 0) {
+ wpa_printf(MSG_DEBUG,
+ "Invalid neighbor subelement info");
+ return -1;
+ }
+ nei_pos += len / 2;
+ pos = end;
+ }
+
+ nei_start[1] = nei_pos - nei_start - 2;
+ }
+
+ pos = os_strstr(cmd, " url=");
+ if (pos) {
+ size_t len;
+ pos += 5;
+ end = os_strchr(pos, ' ');
+ if (end)
+ len = end - pos;
+ else
+ len = os_strlen(pos);
+ url = os_malloc(len + 1);
+ if (url == NULL)
+ return -1;
+ os_memcpy(url, pos, len);
+ url[len] = '\0';
+ req_mode |= WNM_BSS_TM_REQ_ESS_DISASSOC_IMMINENT;
+ }
+
+ if (os_strstr(cmd, " pref=1"))
+ req_mode |= WNM_BSS_TM_REQ_PREF_CAND_LIST_INCLUDED;
+ if (os_strstr(cmd, " abridged=1"))
+ req_mode |= WNM_BSS_TM_REQ_ABRIDGED;
+ if (os_strstr(cmd, " disassoc_imminent=1"))
+ req_mode |= WNM_BSS_TM_REQ_DISASSOC_IMMINENT;
+
+ ret = wnm_send_bss_tm_req(hapd, sta, req_mode, disassoc_timer,
+ valid_int, bss_term_dur, url,
+ nei_pos > nei_rep ? nei_rep : NULL,
+ nei_pos - nei_rep);
+ os_free(url);
+ return ret;
}
#endif /* CONFIG_WNM */
@@ -547,7 +1069,7 @@ static int hostapd_ctrl_iface_get_config(struct hostapd_data *hapd,
MAC2STR(hapd->own_addr),
wpa_ssid_txt(hapd->conf->ssid.ssid,
hapd->conf->ssid.ssid_len));
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
@@ -556,7 +1078,7 @@ static int hostapd_ctrl_iface_get_config(struct hostapd_data *hapd,
hapd->conf->wps_state == 0 ? "disabled" :
(hapd->conf->wps_state == 1 ? "not configured" :
"configured"));
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
@@ -564,7 +1086,7 @@ static int hostapd_ctrl_iface_get_config(struct hostapd_data *hapd,
hapd->conf->ssid.wpa_passphrase) {
ret = os_snprintf(pos, end - pos, "passphrase=%s\n",
hapd->conf->ssid.wpa_passphrase);
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
@@ -576,7 +1098,7 @@ static int hostapd_ctrl_iface_get_config(struct hostapd_data *hapd,
wpa_snprintf_hex(hex, sizeof(hex),
hapd->conf->ssid.wpa_psk->psk, PMK_LEN);
ret = os_snprintf(pos, end - pos, "psk=%s\n", hex);
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
@@ -584,134 +1106,127 @@ static int hostapd_ctrl_iface_get_config(struct hostapd_data *hapd,
if (hapd->conf->wpa && hapd->conf->wpa_key_mgmt) {
ret = os_snprintf(pos, end - pos, "key_mgmt=");
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
ret = os_snprintf(pos, end - pos, "WPA-PSK ");
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
ret = os_snprintf(pos, end - pos, "WPA-EAP ");
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
#ifdef CONFIG_IEEE80211R
if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
ret = os_snprintf(pos, end - pos, "FT-PSK ");
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
ret = os_snprintf(pos, end - pos, "FT-EAP ");
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
+#ifdef CONFIG_SAE
+ if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
+ ret = os_snprintf(pos, end - pos, "FT-SAE ");
+ if (os_snprintf_error(end - pos, ret))
+ return pos - buf;
+ pos += ret;
+ }
+#endif /* CONFIG_SAE */
#endif /* CONFIG_IEEE80211R */
#ifdef CONFIG_IEEE80211W
if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
ret = os_snprintf(pos, end - pos, "WPA-PSK-SHA256 ");
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
ret = os_snprintf(pos, end - pos, "WPA-EAP-SHA256 ");
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_SAE
+ if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) {
+ ret = os_snprintf(pos, end - pos, "SAE ");
+ if (os_snprintf_error(end - pos, ret))
+ return pos - buf;
+ pos += ret;
+ }
+#endif /* CONFIG_SAE */
+ if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
+ ret = os_snprintf(pos, end - pos, "WPA-EAP-SUITE-B ");
+ if (os_snprintf_error(end - pos, ret))
+ return pos - buf;
+ pos += ret;
+ }
+ if (hapd->conf->wpa_key_mgmt &
+ WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
+ ret = os_snprintf(pos, end - pos,
+ "WPA-EAP-SUITE-B-192 ");
+ if (os_snprintf_error(end - pos, ret))
+ return pos - buf;
+ pos += ret;
+ }
ret = os_snprintf(pos, end - pos, "\n");
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
- if (hapd->conf->wpa && hapd->conf->wpa_group == WPA_CIPHER_CCMP) {
- ret = os_snprintf(pos, end - pos, "group_cipher=CCMP\n");
- if (ret < 0 || ret >= end - pos)
- return pos - buf;
- pos += ret;
- } else if (hapd->conf->wpa &&
- hapd->conf->wpa_group == WPA_CIPHER_GCMP) {
- ret = os_snprintf(pos, end - pos, "group_cipher=GCMP\n");
- if (ret < 0 || ret >= end - pos)
- return pos - buf;
- pos += ret;
- } else if (hapd->conf->wpa &&
- hapd->conf->wpa_group == WPA_CIPHER_TKIP) {
- ret = os_snprintf(pos, end - pos, "group_cipher=TKIP\n");
- if (ret < 0 || ret >= end - pos)
+ if (hapd->conf->wpa) {
+ ret = os_snprintf(pos, end - pos, "group_cipher=%s\n",
+ wpa_cipher_txt(hapd->conf->wpa_group));
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
if ((hapd->conf->wpa & WPA_PROTO_RSN) && hapd->conf->rsn_pairwise) {
ret = os_snprintf(pos, end - pos, "rsn_pairwise_cipher=");
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
- if (hapd->conf->rsn_pairwise & WPA_CIPHER_CCMP) {
- ret = os_snprintf(pos, end - pos, "CCMP ");
- if (ret < 0 || ret >= end - pos)
- return pos - buf;
- pos += ret;
- }
- if (hapd->conf->rsn_pairwise & WPA_CIPHER_GCMP) {
- ret = os_snprintf(pos, end - pos, "GCMP ");
- if (ret < 0 || ret >= end - pos)
- return pos - buf;
- pos += ret;
- }
- if (hapd->conf->rsn_pairwise & WPA_CIPHER_TKIP) {
- ret = os_snprintf(pos, end - pos, "TKIP ");
- if (ret < 0 || ret >= end - pos)
- return pos - buf;
- pos += ret;
- }
+ ret = wpa_write_ciphers(pos, end, hapd->conf->rsn_pairwise,
+ " ");
+ if (ret < 0)
+ return pos - buf;
+ pos += ret;
ret = os_snprintf(pos, end - pos, "\n");
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
if ((hapd->conf->wpa & WPA_PROTO_WPA) && hapd->conf->wpa_pairwise) {
ret = os_snprintf(pos, end - pos, "wpa_pairwise_cipher=");
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
- if (hapd->conf->wpa_pairwise & WPA_CIPHER_CCMP) {
- ret = os_snprintf(pos, end - pos, "CCMP ");
- if (ret < 0 || ret >= end - pos)
- return pos - buf;
- pos += ret;
- }
- if (hapd->conf->wpa_pairwise & WPA_CIPHER_GCMP) {
- ret = os_snprintf(pos, end - pos, "GCMP ");
- if (ret < 0 || ret >= end - pos)
- return pos - buf;
- pos += ret;
- }
- if (hapd->conf->wpa_pairwise & WPA_CIPHER_TKIP) {
- ret = os_snprintf(pos, end - pos, "TKIP ");
- if (ret < 0 || ret >= end - pos)
- return pos - buf;
- pos += ret;
- }
+ ret = wpa_write_ciphers(pos, end, hapd->conf->wpa_pairwise,
+ " ");
+ if (ret < 0)
+ return pos - buf;
+ pos += ret;
ret = os_snprintf(pos, end - pos, "\n");
- if (ret < 0 || ret >= end - pos)
+ if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
}
@@ -752,6 +1267,10 @@ static int hostapd_ctrl_iface_set(struct hostapd_data *hapd, char *cmd)
wps_testing_dummy_cred = atoi(value);
wpa_printf(MSG_DEBUG, "WPS: Testing - dummy_cred=%d",
wps_testing_dummy_cred);
+ } else if (os_strcasecmp(cmd, "wps_corrupt_pkhash") == 0) {
+ wps_corrupt_pkhash = atoi(value);
+ wpa_printf(MSG_DEBUG, "WPS: Testing - wps_corrupt_pkhash=%d",
+ wps_corrupt_pkhash);
#endif /* CONFIG_WPS_TESTING */
#ifdef CONFIG_INTERWORKING
} else if (os_strcasecmp(cmd, "gas_frag_limit") == 0) {
@@ -761,8 +1280,44 @@ static int hostapd_ctrl_iface_set(struct hostapd_data *hapd, char *cmd)
else
hapd->gas_frag_limit = val;
#endif /* CONFIG_INTERWORKING */
+#ifdef CONFIG_TESTING_OPTIONS
+ } else if (os_strcasecmp(cmd, "ext_mgmt_frame_handling") == 0) {
+ hapd->ext_mgmt_frame_handling = atoi(value);
+ } else if (os_strcasecmp(cmd, "ext_eapol_frame_io") == 0) {
+ hapd->ext_eapol_frame_io = atoi(value);
+#endif /* CONFIG_TESTING_OPTIONS */
} else {
+ struct sta_info *sta;
+ int vlan_id;
+
ret = hostapd_set_iface(hapd->iconf, hapd->conf, cmd, value);
+ if (ret)
+ return ret;
+
+ if (os_strcasecmp(cmd, "deny_mac_file") == 0) {
+ for (sta = hapd->sta_list; sta; sta = sta->next) {
+ if (hostapd_maclist_found(
+ hapd->conf->deny_mac,
+ hapd->conf->num_deny_mac, sta->addr,
+ &vlan_id) &&
+ (!vlan_id || vlan_id == sta->vlan_id))
+ ap_sta_disconnect(
+ hapd, sta, sta->addr,
+ WLAN_REASON_UNSPECIFIED);
+ }
+ } else if (hapd->conf->macaddr_acl == DENY_UNLESS_ACCEPTED &&
+ os_strcasecmp(cmd, "accept_mac_file") == 0) {
+ for (sta = hapd->sta_list; sta; sta = sta->next) {
+ if (!hostapd_maclist_found(
+ hapd->conf->accept_mac,
+ hapd->conf->num_accept_mac,
+ sta->addr, &vlan_id) ||
+ (vlan_id && vlan_id != sta->vlan_id))
+ ap_sta_disconnect(
+ hapd, sta, sta->addr,
+ WLAN_REASON_UNSPECIFIED);
+ }
+ }
}
return ret;
@@ -778,7 +1333,12 @@ static int hostapd_ctrl_iface_get(struct hostapd_data *hapd, char *cmd,
if (os_strcmp(cmd, "version") == 0) {
res = os_snprintf(buf, buflen, "%s", VERSION_STR);
- if (res < 0 || (unsigned int) res >= buflen)
+ if (os_snprintf_error(buflen, res))
+ return -1;
+ return res;
+ } else if (os_strcmp(cmd, "tls_library") == 0) {
+ res = tls_get_library_version(buf, buflen);
+ if (os_snprintf_error(buflen, res))
return -1;
return res;
}
@@ -817,11 +1377,481 @@ static int hostapd_ctrl_iface_disable(struct hostapd_iface *iface)
}
+#ifdef CONFIG_TESTING_OPTIONS
+
+static int hostapd_ctrl_iface_radar(struct hostapd_data *hapd, char *cmd)
+{
+ union wpa_event_data data;
+ char *pos, *param;
+ enum wpa_event_type event;
+
+ wpa_printf(MSG_DEBUG, "RADAR TEST: %s", cmd);
+
+ os_memset(&data, 0, sizeof(data));
+
+ param = os_strchr(cmd, ' ');
+ if (param == NULL)
+ return -1;
+ *param++ = '\0';
+
+ if (os_strcmp(cmd, "DETECTED") == 0)
+ event = EVENT_DFS_RADAR_DETECTED;
+ else if (os_strcmp(cmd, "CAC-FINISHED") == 0)
+ event = EVENT_DFS_CAC_FINISHED;
+ else if (os_strcmp(cmd, "CAC-ABORTED") == 0)
+ event = EVENT_DFS_CAC_ABORTED;
+ else if (os_strcmp(cmd, "NOP-FINISHED") == 0)
+ event = EVENT_DFS_NOP_FINISHED;
+ else {
+ wpa_printf(MSG_DEBUG, "Unsupported RADAR test command: %s",
+ cmd);
+ return -1;
+ }
+
+ pos = os_strstr(param, "freq=");
+ if (pos)
+ data.dfs_event.freq = atoi(pos + 5);
+
+ pos = os_strstr(param, "ht_enabled=1");
+ if (pos)
+ data.dfs_event.ht_enabled = 1;
+
+ pos = os_strstr(param, "chan_offset=");
+ if (pos)
+ data.dfs_event.chan_offset = atoi(pos + 12);
+
+ pos = os_strstr(param, "chan_width=");
+ if (pos)
+ data.dfs_event.chan_width = atoi(pos + 11);
+
+ pos = os_strstr(param, "cf1=");
+ if (pos)
+ data.dfs_event.cf1 = atoi(pos + 4);
+
+ pos = os_strstr(param, "cf2=");
+ if (pos)
+ data.dfs_event.cf2 = atoi(pos + 4);
+
+ wpa_supplicant_event(hapd, event, &data);
+
+ return 0;
+}
+
+
+static int hostapd_ctrl_iface_mgmt_tx(struct hostapd_data *hapd, char *cmd)
+{
+ size_t len;
+ u8 *buf;
+ int res;
+
+ wpa_printf(MSG_DEBUG, "External MGMT TX: %s", cmd);
+
+ len = os_strlen(cmd);
+ if (len & 1)
+ return -1;
+ len /= 2;
+
+ buf = os_malloc(len);
+ if (buf == NULL)
+ return -1;
+
+ if (hexstr2bin(cmd, buf, len) < 0) {
+ os_free(buf);
+ return -1;
+ }
+
+ res = hostapd_drv_send_mlme(hapd, buf, len, 0);
+ os_free(buf);
+ return res;
+}
+
+
+static int hostapd_ctrl_iface_eapol_rx(struct hostapd_data *hapd, char *cmd)
+{
+ char *pos;
+ u8 src[ETH_ALEN], *buf;
+ int used;
+ size_t len;
+
+ wpa_printf(MSG_DEBUG, "External EAPOL RX: %s", cmd);
+
+ pos = cmd;
+ used = hwaddr_aton2(pos, src);
+ if (used < 0)
+ return -1;
+ pos += used;
+ while (*pos == ' ')
+ pos++;
+
+ len = os_strlen(pos);
+ if (len & 1)
+ return -1;
+ len /= 2;
+
+ buf = os_malloc(len);
+ if (buf == NULL)
+ return -1;
+
+ if (hexstr2bin(pos, buf, len) < 0) {
+ os_free(buf);
+ return -1;
+ }
+
+ ieee802_1x_receive(hapd, src, buf, len);
+ os_free(buf);
+
+ return 0;
+}
+
+
+static u16 ipv4_hdr_checksum(const void *buf, size_t len)
+{
+ size_t i;
+ u32 sum = 0;
+ const u16 *pos = buf;
+
+ for (i = 0; i < len / 2; i++)
+ sum += *pos++;
+
+ while (sum >> 16)
+ sum = (sum & 0xffff) + (sum >> 16);
+
+ return sum ^ 0xffff;
+}
+
+
+#define HWSIM_PACKETLEN 1500
+#define HWSIM_IP_LEN (HWSIM_PACKETLEN - sizeof(struct ether_header))
+
+void hostapd_data_test_rx(void *ctx, const u8 *src_addr, const u8 *buf,
+ size_t len)
+{
+ struct hostapd_data *hapd = ctx;
+ const struct ether_header *eth;
+ const struct iphdr *ip;
+ const u8 *pos;
+ unsigned int i;
+
+ if (len != HWSIM_PACKETLEN)
+ return;
+
+ eth = (const struct ether_header *) buf;
+ ip = (const struct iphdr *) (eth + 1);
+ pos = (const u8 *) (ip + 1);
+
+ if (ip->ihl != 5 || ip->version != 4 ||
+ ntohs(ip->tot_len) != HWSIM_IP_LEN)
+ return;
+
+ for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++) {
+ if (*pos != (u8) i)
+ return;
+ pos++;
+ }
+
+ wpa_msg(hapd->msg_ctx, MSG_INFO, "DATA-TEST-RX " MACSTR " " MACSTR,
+ MAC2STR(eth->ether_dhost), MAC2STR(eth->ether_shost));
+}
+
+
+static int hostapd_ctrl_iface_data_test_config(struct hostapd_data *hapd,
+ char *cmd)
+{
+ int enabled = atoi(cmd);
+ char *pos;
+ const char *ifname;
+
+ if (!enabled) {
+ if (hapd->l2_test) {
+ l2_packet_deinit(hapd->l2_test);
+ hapd->l2_test = NULL;
+ wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
+ "test data: Disabled");
+ }
+ return 0;
+ }
+
+ if (hapd->l2_test)
+ return 0;
+
+ pos = os_strstr(cmd, " ifname=");
+ if (pos)
+ ifname = pos + 8;
+ else
+ ifname = hapd->conf->iface;
+
+ hapd->l2_test = l2_packet_init(ifname, hapd->own_addr,
+ ETHERTYPE_IP, hostapd_data_test_rx,
+ hapd, 1);
+ if (hapd->l2_test == NULL)
+ return -1;
+
+ wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "test data: Enabled");
+
+ return 0;
+}
+
+
+static int hostapd_ctrl_iface_data_test_tx(struct hostapd_data *hapd, char *cmd)
+{
+ u8 dst[ETH_ALEN], src[ETH_ALEN];
+ char *pos;
+ int used;
+ long int val;
+ u8 tos;
+ u8 buf[HWSIM_PACKETLEN];
+ struct ether_header *eth;
+ struct iphdr *ip;
+ u8 *dpos;
+ unsigned int i;
+
+ if (hapd->l2_test == NULL)
+ return -1;
+
+ /* format: <dst> <src> <tos> */
+
+ pos = cmd;
+ used = hwaddr_aton2(pos, dst);
+ if (used < 0)
+ return -1;
+ pos += used;
+ while (*pos == ' ')
+ pos++;
+ used = hwaddr_aton2(pos, src);
+ if (used < 0)
+ return -1;
+ pos += used;
+
+ val = strtol(pos, NULL, 0);
+ if (val < 0 || val > 0xff)
+ return -1;
+ tos = val;
+
+ eth = (struct ether_header *) buf;
+ os_memcpy(eth->ether_dhost, dst, ETH_ALEN);
+ os_memcpy(eth->ether_shost, src, ETH_ALEN);
+ eth->ether_type = htons(ETHERTYPE_IP);
+ ip = (struct iphdr *) (eth + 1);
+ os_memset(ip, 0, sizeof(*ip));
+ ip->ihl = 5;
+ ip->version = 4;
+ ip->ttl = 64;
+ ip->tos = tos;
+ ip->tot_len = htons(HWSIM_IP_LEN);
+ ip->protocol = 1;
+ ip->saddr = htonl(192 << 24 | 168 << 16 | 1 << 8 | 1);
+ ip->daddr = htonl(192 << 24 | 168 << 16 | 1 << 8 | 2);
+ ip->check = ipv4_hdr_checksum(ip, sizeof(*ip));
+ dpos = (u8 *) (ip + 1);
+ for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++)
+ *dpos++ = i;
+
+ if (l2_packet_send(hapd->l2_test, dst, ETHERTYPE_IP, buf,
+ HWSIM_PACKETLEN) < 0)
+ return -1;
+
+ wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "test data: TX dst=" MACSTR
+ " src=" MACSTR " tos=0x%x", MAC2STR(dst), MAC2STR(src), tos);
+
+ return 0;
+}
+
+
+static int hostapd_ctrl_iface_data_test_frame(struct hostapd_data *hapd,
+ char *cmd)
+{
+ u8 *buf;
+ struct ether_header *eth;
+ struct l2_packet_data *l2 = NULL;
+ size_t len;
+ u16 ethertype;
+ int res = -1;
+ const char *ifname = hapd->conf->iface;
+
+ if (os_strncmp(cmd, "ifname=", 7) == 0) {
+ cmd += 7;
+ ifname = cmd;
+ cmd = os_strchr(cmd, ' ');
+ if (cmd == NULL)
+ return -1;
+ *cmd++ = '\0';
+ }
+
+ len = os_strlen(cmd);
+ if (len & 1 || len < ETH_HLEN * 2)
+ return -1;
+ len /= 2;
+
+ buf = os_malloc(len);
+ if (buf == NULL)
+ return -1;
+
+ if (hexstr2bin(cmd, buf, len) < 0)
+ goto done;
+
+ eth = (struct ether_header *) buf;
+ ethertype = ntohs(eth->ether_type);
+
+ l2 = l2_packet_init(ifname, hapd->own_addr, ethertype,
+ hostapd_data_test_rx, hapd, 1);
+ if (l2 == NULL)
+ goto done;
+
+ res = l2_packet_send(l2, eth->ether_dhost, ethertype, buf, len);
+ wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "test data: TX frame res=%d", res);
+done:
+ if (l2)
+ l2_packet_deinit(l2);
+ os_free(buf);
+
+ return res < 0 ? -1 : 0;
+}
+
+
+static int hostapd_ctrl_test_alloc_fail(struct hostapd_data *hapd, char *cmd)
+{
+#ifdef WPA_TRACE_BFD
+ extern char wpa_trace_fail_func[256];
+ extern unsigned int wpa_trace_fail_after;
+ char *pos;
+
+ wpa_trace_fail_after = atoi(cmd);
+ pos = os_strchr(cmd, ':');
+ if (pos) {
+ pos++;
+ os_strlcpy(wpa_trace_fail_func, pos,
+ sizeof(wpa_trace_fail_func));
+ } else {
+ wpa_trace_fail_after = 0;
+ }
+
+ return 0;
+#else /* WPA_TRACE_BFD */
+ return -1;
+#endif /* WPA_TRACE_BFD */
+}
+
+
+static int hostapd_ctrl_get_alloc_fail(struct hostapd_data *hapd,
+ char *buf, size_t buflen)
+{
+#ifdef WPA_TRACE_BFD
+ extern char wpa_trace_fail_func[256];
+ extern unsigned int wpa_trace_fail_after;
+
+ return os_snprintf(buf, buflen, "%u:%s", wpa_trace_fail_after,
+ wpa_trace_fail_func);
+#else /* WPA_TRACE_BFD */
+ return -1;
+#endif /* WPA_TRACE_BFD */
+}
+
+#endif /* CONFIG_TESTING_OPTIONS */
+
+
+static int hostapd_ctrl_iface_chan_switch(struct hostapd_iface *iface,
+ char *pos)
+{
+#ifdef NEED_AP_MLME
+ struct csa_settings settings;
+ int ret;
+ unsigned int i;
+
+ ret = hostapd_parse_csa_settings(pos, &settings);
+ if (ret)
+ return ret;
+
+ for (i = 0; i < iface->num_bss; i++) {
+ ret = hostapd_switch_channel(iface->bss[i], &settings);
+ if (ret) {
+ /* FIX: What do we do if CSA fails in the middle of
+ * submitting multi-BSS CSA requests? */
+ return ret;
+ }
+ }
+
+ return 0;
+#else /* NEED_AP_MLME */
+ return -1;
+#endif /* NEED_AP_MLME */
+}
+
+
+static int hostapd_ctrl_iface_mib(struct hostapd_data *hapd, char *reply,
+ int reply_size, const char *param)
+{
+#ifdef RADIUS_SERVER
+ if (os_strcmp(param, "radius_server") == 0) {
+ return radius_server_get_mib(hapd->radius_srv, reply,
+ reply_size);
+ }
+#endif /* RADIUS_SERVER */
+ return -1;
+}
+
+
+static int hostapd_ctrl_iface_vendor(struct hostapd_data *hapd, char *cmd,
+ char *buf, size_t buflen)
+{
+ int ret;
+ char *pos;
+ u8 *data = NULL;
+ unsigned int vendor_id, subcmd;
+ struct wpabuf *reply;
+ size_t data_len = 0;
+
+ /* cmd: <vendor id> <subcommand id> [<hex formatted data>] */
+ vendor_id = strtoul(cmd, &pos, 16);
+ if (!isblank(*pos))
+ return -EINVAL;
+
+ subcmd = strtoul(pos, &pos, 10);
+
+ if (*pos != '\0') {
+ if (!isblank(*pos++))
+ return -EINVAL;
+ data_len = os_strlen(pos);
+ }
+
+ if (data_len) {
+ data_len /= 2;
+ data = os_malloc(data_len);
+ if (!data)
+ return -ENOBUFS;
+
+ if (hexstr2bin(pos, data, data_len)) {
+ wpa_printf(MSG_DEBUG,
+ "Vendor command: wrong parameter format");
+ os_free(data);
+ return -EINVAL;
+ }
+ }
+
+ reply = wpabuf_alloc((buflen - 1) / 2);
+ if (!reply) {
+ os_free(data);
+ return -ENOBUFS;
+ }
+
+ ret = hostapd_drv_vendor_cmd(hapd, vendor_id, subcmd, data, data_len,
+ reply);
+
+ if (ret == 0)
+ ret = wpa_snprintf_hex(buf, buflen, wpabuf_head_u8(reply),
+ wpabuf_len(reply));
+
+ wpabuf_free(reply);
+ os_free(data);
+
+ return ret;
+}
+
+
static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
void *sock_ctx)
{
struct hostapd_data *hapd = eloop_ctx;
- char buf[256];
+ char buf[4096];
int res;
struct sockaddr_un from;
socklen_t fromlen = sizeof(from);
@@ -833,7 +1863,8 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
(struct sockaddr *) &from, &fromlen);
if (res < 0) {
- perror("recvfrom(ctrl_iface)");
+ wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
+ strerror(errno));
return;
}
buf[res] = '\0';
@@ -843,8 +1874,11 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
reply = os_malloc(reply_size);
if (reply == NULL) {
- sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
- fromlen);
+ if (sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
+ fromlen) < 0) {
+ wpa_printf(MSG_DEBUG, "CTRL: sendto failed: %s",
+ strerror(errno));
+ }
return;
}
@@ -857,6 +1891,11 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
} else if (os_strncmp(buf, "RELOG", 5) == 0) {
if (wpa_debug_reopen_file() < 0)
reply_len = -1;
+ } else if (os_strcmp(buf, "STATUS") == 0) {
+ reply_len = hostapd_ctrl_iface_status(hapd, reply,
+ reply_size);
+ } else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
+ reply_len = hostapd_drv_status(hapd, reply, reply_size);
} else if (os_strcmp(buf, "MIB") == 0) {
reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
if (reply_len >= 0) {
@@ -886,6 +1925,9 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
reply_len += res;
}
#endif /* CONFIG_NO_RADIUS */
+ } else if (os_strncmp(buf, "MIB ", 4) == 0) {
+ reply_len = hostapd_ctrl_iface_mib(hapd, reply, reply_size,
+ buf + 4);
} else if (os_strcmp(buf, "STA-FIRST") == 0) {
reply_len = hostapd_ctrl_iface_sta_first(hapd, reply,
reply_size);
@@ -914,6 +1956,9 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
} else if (os_strncmp(buf, "DISASSOCIATE ", 13) == 0) {
if (hostapd_ctrl_iface_disassociate(hapd, buf + 13))
reply_len = -1;
+ } else if (os_strcmp(buf, "STOP_AP") == 0) {
+ if (hostapd_ctrl_iface_stop_ap(hapd))
+ reply_len = -1;
#ifdef CONFIG_IEEE80211W
#ifdef NEED_AP_MLME
} else if (os_strncmp(buf, "SA_QUERY ", 9) == 0) {
@@ -940,6 +1985,9 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
} else if (os_strncmp(buf, "WPS_CONFIG ", 11) == 0) {
if (hostapd_ctrl_iface_wps_config(hapd, buf + 11) < 0)
reply_len = -1;
+ } else if (os_strncmp(buf, "WPS_GET_STATUS", 13) == 0) {
+ reply_len = hostapd_ctrl_iface_wps_get_status(hapd, reply,
+ reply_size);
#ifdef CONFIG_WPS_NFC
} else if (os_strncmp(buf, "WPS_NFC_TAG_READ ", 17) == 0) {
if (hostapd_ctrl_iface_wps_nfc_tag_read(hapd, buf + 17))
@@ -950,8 +1998,30 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
} else if (os_strncmp(buf, "WPS_NFC_TOKEN ", 14) == 0) {
reply_len = hostapd_ctrl_iface_wps_nfc_token(
hapd, buf + 14, reply, reply_size);
+ } else if (os_strncmp(buf, "NFC_GET_HANDOVER_SEL ", 21) == 0) {
+ reply_len = hostapd_ctrl_iface_nfc_get_handover_sel(
+ hapd, buf + 21, reply, reply_size);
+ } else if (os_strncmp(buf, "NFC_REPORT_HANDOVER ", 20) == 0) {
+ if (hostapd_ctrl_iface_nfc_report_handover(hapd, buf + 20))
+ reply_len = -1;
#endif /* CONFIG_WPS_NFC */
#endif /* CONFIG_WPS */
+#ifdef CONFIG_INTERWORKING
+ } else if (os_strncmp(buf, "SET_QOS_MAP_SET ", 16) == 0) {
+ if (hostapd_ctrl_iface_set_qos_map_set(hapd, buf + 16))
+ reply_len = -1;
+ } else if (os_strncmp(buf, "SEND_QOS_MAP_CONF ", 18) == 0) {
+ if (hostapd_ctrl_iface_send_qos_map_conf(hapd, buf + 18))
+ reply_len = -1;
+#endif /* CONFIG_INTERWORKING */
+#ifdef CONFIG_HS20
+ } else if (os_strncmp(buf, "HS20_WNM_NOTIF ", 15) == 0) {
+ if (hostapd_ctrl_iface_hs20_wnm_notif(hapd, buf + 15))
+ reply_len = -1;
+ } else if (os_strncmp(buf, "HS20_DEAUTH_REQ ", 16) == 0) {
+ if (hostapd_ctrl_iface_hs20_deauth_req(hapd, buf + 16))
+ reply_len = -1;
+#endif /* CONFIG_HS20 */
#ifdef CONFIG_WNM
} else if (os_strncmp(buf, "DISASSOC_IMMINENT ", 18) == 0) {
if (hostapd_ctrl_iface_disassoc_imminent(hapd, buf + 18))
@@ -959,6 +2029,9 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
} else if (os_strncmp(buf, "ESS_DISASSOC ", 13) == 0) {
if (hostapd_ctrl_iface_ess_disassoc(hapd, buf + 13))
reply_len = -1;
+ } else if (os_strncmp(buf, "BSS_TM_REQ ", 11) == 0) {
+ if (hostapd_ctrl_iface_bss_tm_req(hapd, buf + 11))
+ reply_len = -1;
#endif /* CONFIG_WNM */
} else if (os_strcmp(buf, "GET_CONFIG") == 0) {
reply_len = hostapd_ctrl_iface_get_config(hapd, reply,
@@ -978,6 +2051,46 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
} else if (os_strncmp(buf, "DISABLE", 7) == 0) {
if (hostapd_ctrl_iface_disable(hapd->iface))
reply_len = -1;
+ } else if (os_strcmp(buf, "UPDATE_BEACON") == 0) {
+ if (ieee802_11_set_beacon(hapd))
+ reply_len = -1;
+#ifdef CONFIG_TESTING_OPTIONS
+ } else if (os_strncmp(buf, "RADAR ", 6) == 0) {
+ if (hostapd_ctrl_iface_radar(hapd, buf + 6))
+ reply_len = -1;
+ } else if (os_strncmp(buf, "MGMT_TX ", 8) == 0) {
+ if (hostapd_ctrl_iface_mgmt_tx(hapd, buf + 8))
+ reply_len = -1;
+ } else if (os_strncmp(buf, "EAPOL_RX ", 9) == 0) {
+ if (hostapd_ctrl_iface_eapol_rx(hapd, buf + 9) < 0)
+ reply_len = -1;
+ } else if (os_strncmp(buf, "DATA_TEST_CONFIG ", 17) == 0) {
+ if (hostapd_ctrl_iface_data_test_config(hapd, buf + 17) < 0)
+ reply_len = -1;
+ } else if (os_strncmp(buf, "DATA_TEST_TX ", 13) == 0) {
+ if (hostapd_ctrl_iface_data_test_tx(hapd, buf + 13) < 0)
+ reply_len = -1;
+ } else if (os_strncmp(buf, "DATA_TEST_FRAME ", 16) == 0) {
+ if (hostapd_ctrl_iface_data_test_frame(hapd, buf + 16) < 0)
+ reply_len = -1;
+ } else if (os_strncmp(buf, "TEST_ALLOC_FAIL ", 16) == 0) {
+ if (hostapd_ctrl_test_alloc_fail(hapd, buf + 16) < 0)
+ reply_len = -1;
+ } else if (os_strcmp(buf, "GET_ALLOC_FAIL") == 0) {
+ reply_len = hostapd_ctrl_get_alloc_fail(hapd, reply,
+ reply_size);
+#endif /* CONFIG_TESTING_OPTIONS */
+ } else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) {
+ if (hostapd_ctrl_iface_chan_switch(hapd->iface, buf + 12))
+ reply_len = -1;
+ } else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
+ reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
+ reply_size);
+ } else if (os_strcmp(buf, "ERP_FLUSH") == 0) {
+ ieee802_1x_erp_flush(hapd);
+#ifdef RADIUS_SERVER
+ radius_server_erp_flush(hapd->radius_srv);
+#endif /* RADIUS_SERVER */
} else {
os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
reply_len = 16;
@@ -987,7 +2100,11 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
os_memcpy(reply, "FAIL\n", 5);
reply_len = 5;
}
- sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from, fromlen);
+ if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
+ fromlen) < 0) {
+ wpa_printf(MSG_DEBUG, "CTRL: sendto failed: %s",
+ strerror(errno));
+ }
os_free(reply);
}
@@ -1013,7 +2130,7 @@ static char * hostapd_ctrl_iface_path(struct hostapd_data *hapd)
}
-static void hostapd_ctrl_iface_msg_cb(void *ctx, int level,
+static void hostapd_ctrl_iface_msg_cb(void *ctx, int level, int global,
const char *txt, size_t len)
{
struct hostapd_data *hapd = ctx;
@@ -1042,7 +2159,8 @@ int hostapd_ctrl_iface_init(struct hostapd_data *hapd)
wpa_printf(MSG_DEBUG, "Using existing control "
"interface directory.");
} else {
- perror("mkdir[ctrl_interface]");
+ wpa_printf(MSG_ERROR, "mkdir[ctrl_interface]: %s",
+ strerror(errno));
goto fail;
}
}
@@ -1050,7 +2168,17 @@ int hostapd_ctrl_iface_init(struct hostapd_data *hapd)
if (hapd->conf->ctrl_interface_gid_set &&
chown(hapd->conf->ctrl_interface, -1,
hapd->conf->ctrl_interface_gid) < 0) {
- perror("chown[ctrl_interface]");
+ wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s",
+ strerror(errno));
+ return -1;
+ }
+
+ if (!hapd->conf->ctrl_interface_gid_set &&
+ hapd->iface->interfaces->ctrl_iface_group &&
+ chown(hapd->conf->ctrl_interface, -1,
+ hapd->iface->interfaces->ctrl_iface_group) < 0) {
+ wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s",
+ strerror(errno));
return -1;
}
@@ -1075,7 +2203,7 @@ int hostapd_ctrl_iface_init(struct hostapd_data *hapd)
s = socket(PF_UNIX, SOCK_DGRAM, 0);
if (s < 0) {
- perror("socket(PF_UNIX)");
+ wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno));
goto fail;
}
@@ -1096,15 +2224,16 @@ int hostapd_ctrl_iface_init(struct hostapd_data *hapd)
" allow connections - assuming it was left"
"over from forced program termination");
if (unlink(fname) < 0) {
- perror("unlink[ctrl_iface]");
- wpa_printf(MSG_ERROR, "Could not unlink "
- "existing ctrl_iface socket '%s'",
- fname);
+ wpa_printf(MSG_ERROR,
+ "Could not unlink existing ctrl_iface socket '%s': %s",
+ fname, strerror(errno));
goto fail;
}
if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) <
0) {
- perror("hostapd-ctrl-iface: bind(PF_UNIX)");
+ wpa_printf(MSG_ERROR,
+ "hostapd-ctrl-iface: bind(PF_UNIX): %s",
+ strerror(errno));
goto fail;
}
wpa_printf(MSG_DEBUG, "Successfully replaced leftover "
@@ -1122,19 +2251,32 @@ int hostapd_ctrl_iface_init(struct hostapd_data *hapd)
if (hapd->conf->ctrl_interface_gid_set &&
chown(fname, -1, hapd->conf->ctrl_interface_gid) < 0) {
- perror("chown[ctrl_interface/ifname]");
+ wpa_printf(MSG_ERROR, "chown[ctrl_interface/ifname]: %s",
+ strerror(errno));
+ goto fail;
+ }
+
+ if (!hapd->conf->ctrl_interface_gid_set &&
+ hapd->iface->interfaces->ctrl_iface_group &&
+ chown(fname, -1, hapd->iface->interfaces->ctrl_iface_group) < 0) {
+ wpa_printf(MSG_ERROR, "chown[ctrl_interface/ifname]: %s",
+ strerror(errno));
goto fail;
}
if (chmod(fname, S_IRWXU | S_IRWXG) < 0) {
- perror("chmod[ctrl_interface/ifname]");
+ wpa_printf(MSG_ERROR, "chmod[ctrl_interface/ifname]: %s",
+ strerror(errno));
goto fail;
}
os_free(fname);
hapd->ctrl_sock = s;
- eloop_register_read_sock(s, hostapd_ctrl_iface_receive, hapd,
- NULL);
+ if (eloop_register_read_sock(s, hostapd_ctrl_iface_receive, hapd,
+ NULL) < 0) {
+ hostapd_ctrl_iface_deinit(hapd);
+ return -1;
+ }
hapd->msg_ctx = hapd;
wpa_msg_register_cb(hostapd_ctrl_iface_msg_cb);
@@ -1172,17 +2314,26 @@ void hostapd_ctrl_iface_deinit(struct hostapd_data *hapd)
"directory not empty - leaving it "
"behind");
} else {
- perror("rmdir[ctrl_interface]");
+ wpa_printf(MSG_ERROR,
+ "rmdir[ctrl_interface=%s]: %s",
+ hapd->conf->ctrl_interface,
+ strerror(errno));
}
}
}
dst = hapd->ctrl_dst;
+ hapd->ctrl_dst = NULL;
while (dst) {
prev = dst;
dst = dst->next;
os_free(prev);
}
+
+#ifdef CONFIG_TESTING_OPTIONS
+ l2_packet_deinit(hapd->l2_test);
+ hapd->l2_test = NULL;
+#endif /* CONFIG_TESTING_OPTIONS */
}
@@ -1208,6 +2359,16 @@ static int hostapd_ctrl_iface_remove(struct hapd_interfaces *interfaces,
}
+static void hostapd_ctrl_iface_flush(struct hapd_interfaces *interfaces)
+{
+#ifdef CONFIG_WPS_TESTING
+ wps_version_number = 0x20;
+ wps_testing_dummy_cred = 0;
+ wps_corrupt_pkhash = 0;
+#endif /* CONFIG_WPS_TESTING */
+}
+
+
static void hostapd_global_ctrl_iface_receive(int sock, void *eloop_ctx,
void *sock_ctx)
{
@@ -1222,10 +2383,12 @@ static void hostapd_global_ctrl_iface_receive(int sock, void *eloop_ctx,
res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
(struct sockaddr *) &from, &fromlen);
if (res < 0) {
- perror("recvfrom(ctrl_iface)");
+ wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
+ strerror(errno));
return;
}
buf[res] = '\0';
+ wpa_printf(MSG_DEBUG, "Global ctrl_iface command: %s", buf);
os_memcpy(reply, "OK\n", 3);
reply_len = 3;
@@ -1233,12 +2396,23 @@ static void hostapd_global_ctrl_iface_receive(int sock, void *eloop_ctx,
if (os_strcmp(buf, "PING") == 0) {
os_memcpy(reply, "PONG\n", 5);
reply_len = 5;
+ } else if (os_strncmp(buf, "RELOG", 5) == 0) {
+ if (wpa_debug_reopen_file() < 0)
+ reply_len = -1;
+ } else if (os_strcmp(buf, "FLUSH") == 0) {
+ hostapd_ctrl_iface_flush(interfaces);
} else if (os_strncmp(buf, "ADD ", 4) == 0) {
if (hostapd_ctrl_iface_add(interfaces, buf + 4) < 0)
reply_len = -1;
} else if (os_strncmp(buf, "REMOVE ", 7) == 0) {
if (hostapd_ctrl_iface_remove(interfaces, buf + 7) < 0)
reply_len = -1;
+#ifdef CONFIG_MODULE_TESTS
+ } else if (os_strcmp(buf, "MODULE_TESTS") == 0) {
+ int hapd_module_tests(void);
+ if (hapd_module_tests() < 0)
+ reply_len = -1;
+#endif /* CONFIG_MODULE_TESTS */
} else {
wpa_printf(MSG_DEBUG, "Unrecognized global ctrl_iface command "
"ignored");
@@ -1250,7 +2424,11 @@ static void hostapd_global_ctrl_iface_receive(int sock, void *eloop_ctx,
reply_len = 5;
}
- sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from, fromlen);
+ if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
+ fromlen) < 0) {
+ wpa_printf(MSG_DEBUG, "CTRL: sendto failed: %s",
+ strerror(errno));
+ }
}
@@ -1291,9 +2469,16 @@ int hostapd_global_ctrl_iface_init(struct hapd_interfaces *interface)
wpa_printf(MSG_DEBUG, "Using existing control "
"interface directory.");
} else {
- perror("mkdir[ctrl_interface]");
+ wpa_printf(MSG_ERROR, "mkdir[ctrl_interface]: %s",
+ strerror(errno));
goto fail;
}
+ } else if (interface->ctrl_iface_group &&
+ chown(interface->global_iface_path, -1,
+ interface->ctrl_iface_group) < 0) {
+ wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s",
+ strerror(errno));
+ goto fail;
}
if (os_strlen(interface->global_iface_path) + 1 +
@@ -1302,7 +2487,7 @@ int hostapd_global_ctrl_iface_init(struct hapd_interfaces *interface)
s = socket(PF_UNIX, SOCK_DGRAM, 0);
if (s < 0) {
- perror("socket(PF_UNIX)");
+ wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno));
goto fail;
}
@@ -1323,15 +2508,15 @@ int hostapd_global_ctrl_iface_init(struct hapd_interfaces *interface)
" allow connections - assuming it was left"
"over from forced program termination");
if (unlink(fname) < 0) {
- perror("unlink[ctrl_iface]");
- wpa_printf(MSG_ERROR, "Could not unlink "
- "existing ctrl_iface socket '%s'",
- fname);
+ wpa_printf(MSG_ERROR,
+ "Could not unlink existing ctrl_iface socket '%s': %s",
+ fname, strerror(errno));
goto fail;
}
if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) <
0) {
- perror("bind(PF_UNIX)");
+ wpa_printf(MSG_ERROR, "bind(PF_UNIX): %s",
+ strerror(errno));
goto fail;
}
wpa_printf(MSG_DEBUG, "Successfully replaced leftover "
@@ -1347,8 +2532,16 @@ int hostapd_global_ctrl_iface_init(struct hapd_interfaces *interface)
}
}
+ if (interface->ctrl_iface_group &&
+ chown(fname, -1, interface->ctrl_iface_group) < 0) {
+ wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s",
+ strerror(errno));
+ goto fail;
+ }
+
if (chmod(fname, S_IRWXU | S_IRWXG) < 0) {
- perror("chmod[ctrl_interface/ifname]");
+ wpa_printf(MSG_ERROR, "chmod[ctrl_interface/ifname]: %s",
+ strerror(errno));
goto fail;
}
os_free(fname);
@@ -1391,7 +2584,10 @@ void hostapd_global_ctrl_iface_deinit(struct hapd_interfaces *interfaces)
"directory not empty - leaving it "
"behind");
} else {
- perror("rmdir[ctrl_interface]");
+ wpa_printf(MSG_ERROR,
+ "rmdir[ctrl_interface=%s]: %s",
+ interfaces->global_iface_path,
+ strerror(errno));
}
}
os_free(interfaces->global_iface_path);
diff --git a/hostapd/defconfig b/hostapd/defconfig
index b5ddca34c09d..4cde2b563483 100644
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -15,13 +15,22 @@ CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
#CONFIG_DRIVER_WIRED=y
-# Driver interface for madwifi driver
-#CONFIG_DRIVER_MADWIFI=y
-#CFLAGS += -I../../madwifi # change to the madwifi source directory
-
# Driver interface for drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+#CONFIG_LIBNL32=y
+
+
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
@@ -42,14 +51,14 @@ CONFIG_RSN_PREAUTH=y
CONFIG_PEERKEY=y
# IEEE 802.11w (management frame protection)
-# This version is an experimental implementation based on IEEE 802.11w/D1.0
-# draft and is subject to change since the standard has not yet been finalized.
-# Driver support is also needed for IEEE 802.11w.
-#CONFIG_IEEE80211W=y
+CONFIG_IEEE80211W=y
# Integrated EAP server
CONFIG_EAP=y
+# EAP Re-authentication Protocol (ERP) in integrated EAP server
+CONFIG_ERP=y
+
# EAP-MD5 for the integrated EAP server
CONFIG_EAP_MD5=y
@@ -96,16 +105,13 @@ CONFIG_EAP_TTLS=y
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
-# Note: Default OpenSSL package does not include support for all the
-# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
-# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch)
-# to add the needed functions.
+# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
+# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
+# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
#CONFIG_EAP_FAST=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
-# Enable WSC 2.0 support
-#CONFIG_WPS2=y
# Enable UPnP support for external WPS Registrars
#CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
@@ -117,6 +123,9 @@ CONFIG_EAP_TTLS=y
# Trusted Network Connect (EAP-TNC)
#CONFIG_EAP_TNC=y
+# EAP-EKE for the integrated EAP server
+#CONFIG_EAP_EKE=y
+
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
@@ -132,7 +141,7 @@ CONFIG_IPV6=y
#CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
-# the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211)
+# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
@@ -154,6 +163,12 @@ CONFIG_IPV6=y
# Disabled by default.
#CONFIG_DEBUG_FILE=y
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
# Remove support for RADIUS accounting
#CONFIG_NO_ACCOUNTING=y
@@ -171,7 +186,7 @@ CONFIG_IPV6=y
# Note: This requires libnl 3.1 or newer.
#CONFIG_VLAN_NETLINK=y
-# Remove support for dumping state into a file on SIGUSR1 signal
+# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
#CONFIG_NO_DUMP_STATE=y
@@ -267,3 +282,35 @@ CONFIG_IPV6=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
+
+# Testing options
+# This can be used to enable some testing options (see also the example
+# configuration file) that are really useful only for testing clients that
+# connect to this hostapd. These options allow, for example, to drop a
+# certain percentage of probe requests or auth/(re)assoc frames.
+#
+#CONFIG_TESTING_OPTIONS=y
+
+# Automatic Channel Selection
+# This will allow hostapd to pick the channel automatically when channel is set
+# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# You can customize the ACS survey algorithm with the hostapd.conf variable
+# acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#
+#CONFIG_ACS=y
diff --git a/hostapd/dump_state.c b/hostapd/dump_state.c
deleted file mode 100644
index d33e05f7f3bd..000000000000
--- a/hostapd/dump_state.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * hostapd / State dump
- * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#include <time.h>
-
-#include "utils/common.h"
-#include "radius/radius_client.h"
-#include "radius/radius_server.h"
-#include "eapol_auth/eapol_auth_sm.h"
-#include "eapol_auth/eapol_auth_sm_i.h"
-#include "eap_server/eap.h"
-#include "ap/hostapd.h"
-#include "ap/ap_config.h"
-#include "ap/sta_info.h"
-#include "dump_state.h"
-
-
-static void fprint_char(FILE *f, char c)
-{
- if (c >= 32 && c < 127)
- fprintf(f, "%c", c);
- else
- fprintf(f, "<%02x>", c);
-}
-
-
-static void ieee802_1x_dump_state(FILE *f, const char *prefix,
- struct sta_info *sta)
-{
- struct eapol_state_machine *sm = sta->eapol_sm;
- if (sm == NULL)
- return;
-
- fprintf(f, "%sIEEE 802.1X:\n", prefix);
-
- if (sm->identity) {
- size_t i;
- fprintf(f, "%sidentity=", prefix);
- for (i = 0; i < sm->identity_len; i++)
- fprint_char(f, sm->identity[i]);
- fprintf(f, "\n");
- }
-
- fprintf(f, "%slast EAP type: Authentication Server: %d (%s) "
- "Supplicant: %d (%s)\n", prefix,
- sm->eap_type_authsrv,
- eap_server_get_name(0, sm->eap_type_authsrv),
- sm->eap_type_supp, eap_server_get_name(0, sm->eap_type_supp));
-
- fprintf(f, "%scached_packets=%s\n", prefix,
- sm->last_recv_radius ? "[RX RADIUS]" : "");
-
- eapol_auth_dump_state(f, prefix, sm);
-}
-
-
-/**
- * hostapd_dump_state - SIGUSR1 handler to dump hostapd state to a text file
- */
-static void hostapd_dump_state(struct hostapd_data *hapd)
-{
- FILE *f;
- time_t now;
- struct sta_info *sta;
- int i;
-#ifndef CONFIG_NO_RADIUS
- char *buf;
-#endif /* CONFIG_NO_RADIUS */
-
- if (!hapd->conf->dump_log_name) {
- wpa_printf(MSG_DEBUG, "Dump file not defined - ignoring dump "
- "request");
- return;
- }
-
- wpa_printf(MSG_DEBUG, "Dumping hostapd state to '%s'",
- hapd->conf->dump_log_name);
- f = fopen(hapd->conf->dump_log_name, "w");
- if (f == NULL) {
- wpa_printf(MSG_WARNING, "Could not open dump file '%s' for "
- "writing.", hapd->conf->dump_log_name);
- return;
- }
-
- time(&now);
- fprintf(f, "hostapd state dump - %s", ctime(&now));
- fprintf(f, "num_sta=%d num_sta_non_erp=%d "
- "num_sta_no_short_slot_time=%d\n"
- "num_sta_no_short_preamble=%d\n",
- hapd->num_sta, hapd->iface->num_sta_non_erp,
- hapd->iface->num_sta_no_short_slot_time,
- hapd->iface->num_sta_no_short_preamble);
-
- for (sta = hapd->sta_list; sta != NULL; sta = sta->next) {
- fprintf(f, "\nSTA=" MACSTR "\n", MAC2STR(sta->addr));
-
- fprintf(f,
- " AID=%d flags=0x%x %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s"
- "\n"
- " capability=0x%x listen_interval=%d\n",
- sta->aid,
- sta->flags,
- (sta->flags & WLAN_STA_AUTH ? "[AUTH]" : ""),
- (sta->flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""),
- (sta->flags & WLAN_STA_PS ? "[PS]" : ""),
- (sta->flags & WLAN_STA_TIM ? "[TIM]" : ""),
- (sta->flags & WLAN_STA_PERM ? "[PERM]" : ""),
- (ap_sta_is_authorized(sta) ? "[AUTHORIZED]" : ""),
- (sta->flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" :
- ""),
- (sta->flags & WLAN_STA_SHORT_PREAMBLE ?
- "[SHORT_PREAMBLE]" : ""),
- (sta->flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""),
- (sta->flags & WLAN_STA_WMM ? "[WMM]" : ""),
- (sta->flags & WLAN_STA_MFP ? "[MFP]" : ""),
- (sta->flags & WLAN_STA_WPS ? "[WPS]" : ""),
- (sta->flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""),
- (sta->flags & WLAN_STA_WDS ? "[WDS]" : ""),
- (sta->flags & WLAN_STA_NONERP ? "[NonERP]" : ""),
- (sta->flags & WLAN_STA_WPS2 ? "[WPS2]" : ""),
- sta->capability,
- sta->listen_interval);
-
- fprintf(f, " supported_rates=");
- for (i = 0; i < sta->supported_rates_len; i++)
- fprintf(f, "%02x ", sta->supported_rates[i]);
- fprintf(f, "\n");
-
- fprintf(f,
- " timeout_next=%s\n",
- (sta->timeout_next == STA_NULLFUNC ? "NULLFUNC POLL" :
- (sta->timeout_next == STA_DISASSOC ? "DISASSOC" :
- "DEAUTH")));
-
- ieee802_1x_dump_state(f, " ", sta);
- }
-
-#ifndef CONFIG_NO_RADIUS
- buf = os_malloc(4096);
- if (buf) {
- int count = radius_client_get_mib(hapd->radius, buf, 4096);
- if (count < 0)
- count = 0;
- else if (count > 4095)
- count = 4095;
- buf[count] = '\0';
- fprintf(f, "%s", buf);
-
-#ifdef RADIUS_SERVER
- count = radius_server_get_mib(hapd->radius_srv, buf, 4096);
- if (count < 0)
- count = 0;
- else if (count > 4095)
- count = 4095;
- buf[count] = '\0';
- fprintf(f, "%s", buf);
-#endif /* RADIUS_SERVER */
-
- os_free(buf);
- }
-#endif /* CONFIG_NO_RADIUS */
- fclose(f);
-}
-
-
-int handle_dump_state_iface(struct hostapd_iface *iface, void *ctx)
-{
- size_t i;
-
- for (i = 0; i < iface->num_bss; i++)
- hostapd_dump_state(iface->bss[i]);
-
- return 0;
-}
diff --git a/hostapd/dump_state.h b/hostapd/dump_state.h
deleted file mode 100644
index a209d6535d99..000000000000
--- a/hostapd/dump_state.h
+++ /dev/null
@@ -1,14 +0,0 @@
-/*
- * hostapd / State dump
- * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef DUMP_STATE_H
-#define DUMP_STATE_H
-
-int handle_dump_state_iface(struct hostapd_iface *iface, void *ctx);
-
-#endif /* DUMP_STATE_H */
diff --git a/hostapd/eap_register.c b/hostapd/eap_register.c
index 0a7ff918885d..8477c2154379 100644
--- a/hostapd/eap_register.c
+++ b/hostapd/eap_register.c
@@ -44,6 +44,13 @@ int eap_server_register_methods(void)
ret = eap_server_unauth_tls_register();
#endif /* EAP_SERVER_TLS */
+#ifdef EAP_SERVER_TLS
+#ifdef CONFIG_HS20
+ if (ret == 0)
+ ret = eap_server_wfa_unauth_tls_register();
+#endif /* CONFIG_HS20 */
+#endif /* EAP_SERVER_TLS */
+
#ifdef EAP_SERVER_MSCHAPV2
if (ret == 0)
ret = eap_server_mschapv2_register();
@@ -134,5 +141,10 @@ int eap_server_register_methods(void)
ret = eap_server_pwd_register();
#endif /* EAP_SERVER_PWD */
+#ifdef EAP_SERVER_EKE
+ if (ret == 0)
+ ret = eap_server_eke_register();
+#endif /* EAP_SERVER_EKE */
+
return ret;
}
diff --git a/hostapd/hapd_module_tests.c b/hostapd/hapd_module_tests.c
new file mode 100644
index 000000000000..f7887ebfb7d3
--- /dev/null
+++ b/hostapd/hapd_module_tests.c
@@ -0,0 +1,17 @@
+/*
+ * hostapd module tests
+ * Copyright (c) 2014, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+
+int hapd_module_tests(void)
+{
+ wpa_printf(MSG_INFO, "hostapd module tests");
+ return 0;
+}
diff --git a/hostapd/hlr_auc_gw.c b/hostapd/hlr_auc_gw.c
index e04e2e9d1cdb..42d59dba7ede 100644
--- a/hostapd/hlr_auc_gw.c
+++ b/hostapd/hlr_auc_gw.c
@@ -1,6 +1,6 @@
/*
* HLR/AuC testing gateway for hostapd EAP-SIM/AKA database/authenticator
- * Copyright (c) 2005-2007, 2012, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2005-2007, 2012-2013, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -18,6 +18,9 @@
* SIM-REQ-AUTH <IMSI> <max_chal>
* SIM-RESP-AUTH <IMSI> Kc1:SRES1:RAND1 Kc2:SRES2:RAND2 [Kc3:SRES3:RAND3]
* SIM-RESP-AUTH <IMSI> FAILURE
+ * GSM-AUTH-REQ <IMSI> RAND1:RAND2[:RAND3]
+ * GSM-AUTH-RESP <IMSI> Kc1:SRES1:Kc2:SRES2[:Kc3:SRES3]
+ * GSM-AUTH-RESP <IMSI> FAILURE
*
* EAP-AKA / UMTS query/response:
* AKA-REQ-AUTH <IMSI>
@@ -30,12 +33,16 @@
* IMSI and max_chal are sent as an ASCII string,
* Kc/SRES/RAND/AUTN/IK/CK/RES/AUTS as hex strings.
*
- * The example implementation here reads GSM authentication triplets from a
+ * An example implementation here reads GSM authentication triplets from a
* text file in IMSI:Kc:SRES:RAND format, IMSI in ASCII, other fields as hex
* strings. This is used to simulate an HLR/AuC. As such, it is not very useful
* for real life authentication, but it is useful both as an example
* implementation and for EAP-SIM/AKA/AKA' testing.
*
+ * For a stronger example design, Milenage and GSM-Milenage algorithms can be
+ * used to dynamically generate authenticatipn information for EAP-AKA/AKA' and
+ * EAP-SIM, respectively, if Ki is known.
+ *
* SQN generation follows the not time-based Profile 2 described in
* 3GPP TS 33.102 Annex C.3.2. The length of IND is 5 bits by default, but this
* can be changed with a command line options if needed.
@@ -58,6 +65,7 @@ static char *milenage_file = NULL;
static int update_milenage = 0;
static int sqn_changes = 0;
static int ind_len = 5;
+static int stdout_debug = 1;
/* GSM triplets */
struct gsm_triplet {
@@ -214,6 +222,9 @@ static int db_update_milenage_sqn(struct milenage_parameters *m)
{
char cmd[128], val[13], *pos;
+ if (sqlite_db == NULL)
+ return 0;
+
pos = val;
pos += wpa_snprintf_hex(pos, sizeof(val), m->sqn, 6);
*pos = '\0';
@@ -611,31 +622,30 @@ static struct milenage_parameters * get_milenage(const char *imsi)
}
-static void sim_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen,
- char *imsi)
+static int sim_req_auth(char *imsi, char *resp, size_t resp_len)
{
int count, max_chal, ret;
char *pos;
- char reply[1000], *rpos, *rend;
+ char *rpos, *rend;
struct milenage_parameters *m;
struct gsm_triplet *g;
- reply[0] = '\0';
+ resp[0] = '\0';
pos = strchr(imsi, ' ');
if (pos) {
*pos++ = '\0';
max_chal = atoi(pos);
- if (max_chal < 1 || max_chal < EAP_SIM_MAX_CHAL)
+ if (max_chal < 1 || max_chal > EAP_SIM_MAX_CHAL)
max_chal = EAP_SIM_MAX_CHAL;
} else
max_chal = EAP_SIM_MAX_CHAL;
- rend = &reply[sizeof(reply)];
- rpos = reply;
+ rend = resp + resp_len;
+ rpos = resp;
ret = snprintf(rpos, rend - rpos, "SIM-RESP-AUTH %s", imsi);
if (ret < 0 || ret >= rend - rpos)
- return;
+ return -1;
rpos += ret;
m = get_milenage(imsi);
@@ -643,7 +653,7 @@ static void sim_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen,
u8 _rand[16], sres[4], kc[8];
for (count = 0; count < max_chal; count++) {
if (random_get_bytes(_rand, 16) < 0)
- return;
+ return -1;
gsm_milenage(m->opc, m->ki, _rand, sres, kc);
*rpos++ = ' ';
rpos += wpa_snprintf_hex(rpos, rend - rpos, kc, 8);
@@ -653,7 +663,7 @@ static void sim_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen,
rpos += wpa_snprintf_hex(rpos, rend - rpos, _rand, 16);
}
*rpos = '\0';
- goto send;
+ return 0;
}
count = 0;
@@ -677,15 +687,61 @@ static void sim_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen,
printf("No GSM triplets found for %s\n", imsi);
ret = snprintf(rpos, rend - rpos, " FAILURE");
if (ret < 0 || ret >= rend - rpos)
- return;
+ return -1;
rpos += ret;
}
-send:
- printf("Send: %s\n", reply);
- if (sendto(s, reply, rpos - reply, 0,
- (struct sockaddr *) from, fromlen) < 0)
- perror("send");
+ return 0;
+}
+
+
+static int gsm_auth_req(char *imsi, char *resp, size_t resp_len)
+{
+ int count, ret;
+ char *pos, *rpos, *rend;
+ struct milenage_parameters *m;
+
+ resp[0] = '\0';
+
+ pos = os_strchr(imsi, ' ');
+ if (!pos)
+ return -1;
+ *pos++ = '\0';
+
+ rend = resp + resp_len;
+ rpos = resp;
+ ret = os_snprintf(rpos, rend - rpos, "GSM-AUTH-RESP %s", imsi);
+ if (os_snprintf_error(rend - rpos, ret))
+ return -1;
+ rpos += ret;
+
+ m = get_milenage(imsi);
+ if (m) {
+ u8 _rand[16], sres[4], kc[8];
+ for (count = 0; count < EAP_SIM_MAX_CHAL; count++) {
+ if (hexstr2bin(pos, _rand, 16) != 0)
+ return -1;
+ gsm_milenage(m->opc, m->ki, _rand, sres, kc);
+ *rpos++ = count == 0 ? ' ' : ':';
+ rpos += wpa_snprintf_hex(rpos, rend - rpos, kc, 8);
+ *rpos++ = ':';
+ rpos += wpa_snprintf_hex(rpos, rend - rpos, sres, 4);
+ pos += 16 * 2;
+ if (*pos != ':')
+ break;
+ pos++;
+ }
+ *rpos = '\0';
+ return 0;
+ }
+
+ printf("No GSM triplets found for %s\n", imsi);
+ ret = os_snprintf(rpos, rend - rpos, " FAILURE");
+ if (os_snprintf_error(rend - rpos, ret))
+ return -1;
+ rpos += ret;
+
+ return 0;
}
@@ -711,11 +767,10 @@ static void inc_sqn(u8 *sqn)
}
-static void aka_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen,
- char *imsi)
+static int aka_req_auth(char *imsi, char *resp, size_t resp_len)
{
/* AKA-RESP-AUTH <IMSI> <RAND> <AUTN> <IK> <CK> <RES> */
- char reply[1000], *pos, *end;
+ char *pos, *end;
u8 _rand[EAP_AKA_RAND_LEN];
u8 autn[EAP_AKA_AUTN_LEN];
u8 ik[EAP_AKA_IK_LEN];
@@ -729,16 +784,18 @@ static void aka_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen,
m = get_milenage(imsi);
if (m) {
if (random_get_bytes(_rand, EAP_AKA_RAND_LEN) < 0)
- return;
+ return -1;
res_len = EAP_AKA_RES_MAX_LEN;
inc_sqn(m->sqn);
#ifdef CONFIG_SQLITE
db_update_milenage_sqn(m);
#endif /* CONFIG_SQLITE */
sqn_changes = 1;
- printf("AKA: Milenage with SQN=%02x%02x%02x%02x%02x%02x\n",
- m->sqn[0], m->sqn[1], m->sqn[2],
- m->sqn[3], m->sqn[4], m->sqn[5]);
+ if (stdout_debug) {
+ printf("AKA: Milenage with SQN=%02x%02x%02x%02x%02x%02x\n",
+ m->sqn[0], m->sqn[1], m->sqn[2],
+ m->sqn[3], m->sqn[4], m->sqn[5]);
+ }
milenage_generate(m->opc, m->amf, m->ki, m->sqn, _rand,
autn, ik, ck, res, &res_len);
} else {
@@ -756,18 +813,18 @@ static void aka_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen,
#endif /* AKA_USE_FIXED_TEST_VALUES */
}
- pos = reply;
- end = &reply[sizeof(reply)];
+ pos = resp;
+ end = resp + resp_len;
ret = snprintf(pos, end - pos, "AKA-RESP-AUTH %s ", imsi);
if (ret < 0 || ret >= end - pos)
- return;
+ return -1;
pos += ret;
if (failed) {
ret = snprintf(pos, end - pos, "FAILURE");
if (ret < 0 || ret >= end - pos)
- return;
+ return -1;
pos += ret;
- goto done;
+ return 0;
}
pos += wpa_snprintf_hex(pos, end - pos, _rand, EAP_AKA_RAND_LEN);
*pos++ = ' ';
@@ -779,65 +836,87 @@ static void aka_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen,
*pos++ = ' ';
pos += wpa_snprintf_hex(pos, end - pos, res, res_len);
-done:
- printf("Send: %s\n", reply);
-
- if (sendto(s, reply, pos - reply, 0, (struct sockaddr *) from,
- fromlen) < 0)
- perror("send");
+ return 0;
}
-static void aka_auts(int s, struct sockaddr_un *from, socklen_t fromlen,
- char *imsi)
+static int aka_auts(char *imsi, char *resp, size_t resp_len)
{
char *auts, *__rand;
u8 _auts[EAP_AKA_AUTS_LEN], _rand[EAP_AKA_RAND_LEN], sqn[6];
struct milenage_parameters *m;
+ resp[0] = '\0';
+
/* AKA-AUTS <IMSI> <AUTS> <RAND> */
auts = strchr(imsi, ' ');
if (auts == NULL)
- return;
+ return -1;
*auts++ = '\0';
__rand = strchr(auts, ' ');
if (__rand == NULL)
- return;
+ return -1;
*__rand++ = '\0';
- printf("AKA-AUTS: IMSI=%s AUTS=%s RAND=%s\n", imsi, auts, __rand);
+ if (stdout_debug) {
+ printf("AKA-AUTS: IMSI=%s AUTS=%s RAND=%s\n",
+ imsi, auts, __rand);
+ }
if (hexstr2bin(auts, _auts, EAP_AKA_AUTS_LEN) ||
hexstr2bin(__rand, _rand, EAP_AKA_RAND_LEN)) {
printf("Could not parse AUTS/RAND\n");
- return;
+ return -1;
}
m = get_milenage(imsi);
if (m == NULL) {
printf("Unknown IMSI: %s\n", imsi);
- return;
+ return -1;
}
if (milenage_auts(m->opc, m->ki, _rand, _auts, sqn)) {
printf("AKA-AUTS: Incorrect MAC-S\n");
} else {
memcpy(m->sqn, sqn, 6);
- printf("AKA-AUTS: Re-synchronized: "
- "SQN=%02x%02x%02x%02x%02x%02x\n",
- sqn[0], sqn[1], sqn[2], sqn[3], sqn[4], sqn[5]);
+ if (stdout_debug) {
+ printf("AKA-AUTS: Re-synchronized: "
+ "SQN=%02x%02x%02x%02x%02x%02x\n",
+ sqn[0], sqn[1], sqn[2], sqn[3], sqn[4], sqn[5]);
+ }
#ifdef CONFIG_SQLITE
db_update_milenage_sqn(m);
#endif /* CONFIG_SQLITE */
sqn_changes = 1;
}
+
+ return 0;
+}
+
+
+static int process_cmd(char *cmd, char *resp, size_t resp_len)
+{
+ if (os_strncmp(cmd, "SIM-REQ-AUTH ", 13) == 0)
+ return sim_req_auth(cmd + 13, resp, resp_len);
+
+ if (os_strncmp(cmd, "GSM-AUTH-REQ ", 13) == 0)
+ return gsm_auth_req(cmd + 13, resp, resp_len);
+
+ if (os_strncmp(cmd, "AKA-REQ-AUTH ", 13) == 0)
+ return aka_req_auth(cmd + 13, resp, resp_len);
+
+ if (os_strncmp(cmd, "AKA-AUTS ", 9) == 0)
+ return aka_auts(cmd + 9, resp, resp_len);
+
+ printf("Unknown request: %s\n", cmd);
+ return -1;
}
static int process(int s)
{
- char buf[1000];
+ char buf[1000], resp[1000];
struct sockaddr_un from;
socklen_t fromlen;
ssize_t res;
@@ -859,14 +938,21 @@ static int process(int s)
printf("Received: %s\n", buf);
- if (strncmp(buf, "SIM-REQ-AUTH ", 13) == 0)
- sim_req_auth(s, &from, fromlen, buf + 13);
- else if (strncmp(buf, "AKA-REQ-AUTH ", 13) == 0)
- aka_req_auth(s, &from, fromlen, buf + 13);
- else if (strncmp(buf, "AKA-AUTS ", 9) == 0)
- aka_auts(s, &from, fromlen, buf + 9);
- else
- printf("Unknown request: %s\n", buf);
+ if (process_cmd(buf, resp, sizeof(resp)) < 0) {
+ printf("Failed to process request\n");
+ return -1;
+ }
+
+ if (resp[0] == '\0') {
+ printf("No response\n");
+ return 0;
+ }
+
+ printf("Send: %s\n", resp);
+
+ if (sendto(s, resp, os_strlen(resp), 0, (struct sockaddr *) &from,
+ fromlen) < 0)
+ perror("send");
return 0;
}
@@ -894,8 +980,10 @@ static void cleanup(void)
os_free(prev);
}
- close(serv_sock);
- unlink(socket_path);
+ if (serv_sock >= 0)
+ close(serv_sock);
+ if (socket_path)
+ unlink(socket_path);
#ifdef CONFIG_SQLITE
if (sqlite_db) {
@@ -917,12 +1005,12 @@ static void usage(void)
{
printf("HLR/AuC testing gateway for hostapd EAP-SIM/AKA "
"database/authenticator\n"
- "Copyright (c) 2005-2007, 2012, Jouni Malinen <j@w1.fi>\n"
+ "Copyright (c) 2005-2007, 2012-2013, Jouni Malinen <j@w1.fi>\n"
"\n"
"usage:\n"
"hlr_auc_gw [-hu] [-s<socket path>] [-g<triplet file>] "
"[-m<milenage file>] \\\n"
- " [-D<DB file>] [-i<IND len in bits>]\n"
+ " [-D<DB file>] [-i<IND len in bits>] [command]\n"
"\n"
"options:\n"
" -h = show this usage help\n"
@@ -932,7 +1020,15 @@ static void usage(void)
" -g<triplet file> = path for GSM authentication triplets\n"
" -m<milenage file> = path for Milenage keys\n"
" -D<DB file> = path to SQLite database\n"
- " -i<IND len in bits> = IND length for SQN (default: 5)\n",
+ " -i<IND len in bits> = IND length for SQN (default: 5)\n"
+ "\n"
+ "If the optional command argument, like "
+ "\"AKA-REQ-AUTH <IMSI>\" is used, a single\n"
+ "command is processed with response sent to stdout. Otherwise, "
+ "hlr_auc_gw opens\n"
+ "a control interface and processes commands sent through it "
+ "(e.g., by EAP server\n"
+ "in hostapd).\n",
default_socket_path);
}
@@ -942,6 +1038,7 @@ int main(int argc, char *argv[])
int c;
char *gsm_triplet_file = NULL;
char *sqlite_db_file = NULL;
+ int ret = 0;
if (os_program_init())
return -1;
@@ -1005,18 +1102,31 @@ int main(int argc, char *argv[])
if (milenage_file && read_milenage(milenage_file) < 0)
return -1;
- serv_sock = open_socket(socket_path);
- if (serv_sock < 0)
- return -1;
+ if (optind == argc) {
+ serv_sock = open_socket(socket_path);
+ if (serv_sock < 0)
+ return -1;
- printf("Listening for requests on %s\n", socket_path);
+ printf("Listening for requests on %s\n", socket_path);
- atexit(cleanup);
- signal(SIGTERM, handle_term);
- signal(SIGINT, handle_term);
+ atexit(cleanup);
+ signal(SIGTERM, handle_term);
+ signal(SIGINT, handle_term);
- for (;;)
- process(serv_sock);
+ for (;;)
+ process(serv_sock);
+ } else {
+ char buf[1000];
+ socket_path = NULL;
+ stdout_debug = 0;
+ if (process_cmd(argv[optind], buf, sizeof(buf)) < 0) {
+ printf("FAIL\n");
+ ret = -1;
+ } else {
+ printf("%s\n", buf);
+ }
+ cleanup();
+ }
#ifdef CONFIG_SQLITE
if (sqlite_db) {
@@ -1027,5 +1137,5 @@ int main(int argc, char *argv[])
os_program_deinit();
- return 0;
+ return ret;
}
diff --git a/hostapd/hostapd.8 b/hostapd/hostapd.8
index b4456bbcf3e6..d19d862c0a75 100644
--- a/hostapd/hostapd.8
+++ b/hostapd/hostapd.8
@@ -12,7 +12,7 @@ daemon.
.B hostapd
is a user space daemon for access point and authentication servers.
It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server.
-The current version supports Linux (Host AP, madwifi, mac80211-based drivers) and FreeBSD (net80211).
+The current version supports Linux (Host AP, mac80211-based drivers) and FreeBSD (net80211).
.B hostapd
is designed to be a "daemon" program that runs in the background and acts as the backend component controlling authentication.
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 75b194165350..9e81e9e98683 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -2,10 +2,10 @@
# Empty lines and lines starting with # are ignored
# AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for
-# management frames); ath0 for madwifi
+# management frames with the Host AP driver); wlan0 with many nl80211 drivers
interface=wlan0
-# In case of madwifi, atheros, and nl80211 driver interfaces, an additional
+# In case of atheros and nl80211 driver interfaces, an additional
# configuration parameter, bridge, may be used to notify hostapd if the
# interface is included in a bridge. This parameter is not used with Host AP
# driver. If the bridge parameter is not set, the drivers will automatically
@@ -18,12 +18,15 @@ interface=wlan0
# interface is also created.
#bridge=br0
-# Driver interface type (hostap/wired/madwifi/test/none/nl80211/bsd);
+# Driver interface type (hostap/wired/none/nl80211/bsd);
# default: hostap). nl80211 is used with all Linux mac80211 drivers.
# Use driver=none if building hostapd as a standalone RADIUS server that does
# not control any wireless/wired driver.
# driver=hostap
+# Driver interface parameters (mainly for development testing use)
+# driver_params=<params>
+
# hostapd event logger configuration
#
# Two output method: syslog and stdout (only usable if not forking to
@@ -51,9 +54,6 @@ logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
-# Dump file for state information (on SIGUSR1)
-dump_file=/tmp/hostapd.dump
-
# Interface for separate control program. If this is specified, hostapd
# will create this directory and a UNIX domain socket for listening to requests
# from external programs (CLI/GUI, etc.) for status information and
@@ -105,6 +105,26 @@ ssid=test
# (default: 0 = disabled)
#ieee80211d=1
+# Enable IEEE 802.11h. This enables radar detection and DFS support if
+# available. DFS support is required on outdoor 5 GHz channels in most countries
+# of the world. This can be used only with ieee80211d=1.
+# (default: 0 = disabled)
+#ieee80211h=1
+
+# Add Power Constraint element to Beacon and Probe Response frames
+# This config option adds Power Constraint element when applicable and Country
+# element is added. Power Constraint element is required by Transmit Power
+# Control. This can be used only with ieee80211d=1.
+# Valid values are 0..255.
+#local_pwr_constraint=3
+
+# Set Spectrum Management subfield in the Capability Information field.
+# This config option forces the Spectrum Management bit to be set. When this
+# option is not set, the value of the Spectrum Management bit depends on whether
+# DFS or TPC is required by regulatory authorities. This can be used only with
+# ieee80211d=1 and local_pwr_constraint configured.
+#spectrum_mgmt_required=1
+
# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g,
# ad = IEEE 802.11ad (60 GHz); a/g options are used with IEEE 802.11n, too, to
# specify band)
@@ -115,8 +135,44 @@ hw_mode=g
# (default: 0, i.e., not set)
# Please note that some drivers do not use this value from hostapd and the
# channel will need to be configured separately with iwconfig.
+#
+# If CONFIG_ACS build option is enabled, the channel can be selected
+# automatically at run time by setting channel=acs_survey or channel=0, both of
+# which will enable the ACS survey based algorithm.
channel=1
+# ACS tuning - Automatic Channel Selection
+# See: http://wireless.kernel.org/en/users/Documentation/acs
+#
+# You can customize the ACS survey algorithm with following variables:
+#
+# acs_num_scans requirement is 1..100 - number of scans to be performed that
+# are used to trigger survey data gathering of an underlying device driver.
+# Scans are passive and typically take a little over 100ms (depending on the
+# driver) on each available channel for given hw_mode. Increasing this value
+# means sacrificing startup time and gathering more data wrt channel
+# interference that may help choosing a better channel. This can also help fine
+# tune the ACS scan time in case a driver has different scan dwell times.
+#
+# acs_chan_bias is a space-separated list of <channel>:<bias> pairs. It can be
+# used to increase (or decrease) the likelihood of a specific channel to be
+# selected by the ACS algorithm. The total interference factor for each channel
+# gets multiplied by the specified bias value before finding the channel with
+# the lowest value. In other words, values between 0.0 and 1.0 can be used to
+# make a channel more likely to be picked while values larger than 1.0 make the
+# specified channel less likely to be picked. This can be used, e.g., to prefer
+# the commonly used 2.4 GHz band channels 1, 6, and 11 (which is the default
+# behavior on 2.4 GHz band if no acs_chan_bias parameter is specified).
+#
+# Defaults:
+#acs_num_scans=5
+#acs_chan_bias=1:0.8 6:0.8 11:0.8
+
+# Channel list restriction. This option allows hostapd to select one of the
+# provided channels when a channel should be automatically selected.
+# Default: not set (allow any enabled channel to be selected)
+#chanlist=100 104 108 112 116
+
# Beacon interval in kus (1.024 ms) (default: 100; range 15..65535)
beacon_int=100
@@ -176,7 +232,7 @@ fragm_threshold=2346
# Station MAC address -based authentication
# Please note that this kind of access control requires a driver that uses
# hostapd to take care of management frame processing and as such, this can be
-# used with driver=hostap or driver=nl80211, but not with driver=madwifi.
+# used with driver=hostap or driver=nl80211, but not with driver=atheros.
# 0 = accept unless in deny list
# 1 = deny unless in accept list
# 2 = use external RADIUS server (accept/deny lists are searched first)
@@ -383,10 +439,24 @@ wmm_ac_vo_acm=0
# use a separate bridge.
#wds_bridge=wds-br0
+# Start the AP with beaconing disabled by default.
+#start_disabled=0
+
# Client isolation can be used to prevent low-level bridging of frames between
# associated stations in the BSS. By default, this bridging is allowed.
#ap_isolate=1
+# BSS Load update period (in BUs)
+# This field is used to enable and configure adding a BSS Load element into
+# Beacon and Probe Response frames.
+#bss_load_update_period=50
+
+# Fixed BSS Load value for testing purposes
+# This field can be used to configure hostapd to add a fixed BSS Load element
+# into Beacon and Probe Response frames for testing purposes. The format is
+# <station count>:<channel utilization>:<available admission capacity>
+#bss_load_test=12:80:20000
+
##### IEEE 802.11n related configuration ######################################
# ieee80211n: Whether IEEE 802.11n (HT) is enabled
@@ -399,7 +469,7 @@ wmm_ac_vo_acm=0
# LDPC coding capability: [LDPC] = supported
# Supported channel width set: [HT40-] = both 20 MHz and 40 MHz with secondary
# channel below the primary channel; [HT40+] = both 20 MHz and 40 MHz
-# with secondary channel below the primary channel
+# with secondary channel above the primary channel
# (20 MHz only if neither is set)
# Note: There are limits on which channels can be used with HT40- and
# HT40+. Following table shows the channels that may be available for
@@ -426,13 +496,20 @@ wmm_ac_vo_acm=0
# Maximum A-MSDU length: [MAX-AMSDU-7935] for 7935 octets (3839 octets if not
# set)
# DSSS/CCK Mode in 40 MHz: [DSSS_CCK-40] = allowed (not allowed if not set)
-# PSMP support: [PSMP] (disabled if not set)
+# 40 MHz intolerant [40-INTOLERANT] (not advertised if not set)
# L-SIG TXOP protection support: [LSIG-TXOP-PROT] (disabled if not set)
#ht_capab=[HT40-][SHORT-GI-20][SHORT-GI-40]
# Require stations to support HT PHY (reject association if they do not)
#require_ht=1
+# If set non-zero, require stations to perform scans of overlapping
+# channels to test for stations which would be affected by 40 MHz traffic.
+# This parameter sets the interval in seconds between these scans. Setting this
+# to non-zero allows 2.4 GHz band AP to move dynamically to a 40 MHz channel if
+# no co-existence issues with neighboring devices are found.
+#obss_interval=0
+
##### IEEE 802.11ac related configuration #####################################
# ieee80211ac: Whether IEEE 802.11ac (VHT) is enabled
@@ -627,6 +704,17 @@ eapol_key_index_workaround=0
# is only used by one station.
#use_pae_group_addr=1
+# EAP Re-authentication Protocol (ERP) authenticator (RFC 6696)
+#
+# Whether to initiate EAP authentication with EAP-Initiate/Re-auth-Start before
+# EAP-Identity/Request
+#erp_send_reauth_start=1
+#
+# Domain name for EAP-Initiate/Re-auth-Start. Omitted from the message if not
+# set (no local ER server). This is also used by the integrated EAP server if
+# ERP is enabled (eap_server_erp=1).
+#erp_domain=example.com
+
##### Integrated EAP server ###################################################
# Optionally, hostapd can be configured to use an integrated EAP server
@@ -660,6 +748,11 @@ eap_server=0
# Passphrase for private key
#private_key_passwd=secret passphrase
+# Server identity
+# EAP methods that provide mechanism for authenticated server identity delivery
+# use this value. If not set, "hostapd" is used as a default.
+#server_id=server.example.com
+
# Enable CRL verification.
# Note: hostapd does not yet support CRL downloading based on CDP. Thus, a
# valid CRL signed by the CA is required to be included in the ca_cert file.
@@ -671,6 +764,20 @@ eap_server=0
# 2 = check all CRLs in the certificate path
#check_crl=1
+# Cached OCSP stapling response (DER encoded)
+# If set, this file is sent as a certificate status response by the EAP server
+# if the EAP peer requests certificate status in the ClientHello message.
+# This cache file can be updated, e.g., by running following command
+# periodically to get an update from the OCSP responder:
+# openssl ocsp \
+# -no_nonce \
+# -CAfile /etc/hostapd.ca.pem \
+# -issuer /etc/hostapd.ca.pem \
+# -cert /etc/hostapd.server.pem \
+# -url http://ocsp.example.com:8888/ \
+# -respout /tmp/ocsp-cache.der
+#ocsp_stapling_response=/tmp/ocsp-cache.der
+
# dh_file: File path to DH/DSA parameters file (in PEM format)
# This is an optional configuration file for setting parameters for an
# ephemeral DH key exchange. In most cases, the default RSA authentication does
@@ -683,6 +790,15 @@ eap_server=0
# "openssl dhparam -out /etc/hostapd.dh.pem 1024"
#dh_file=/etc/hostapd.dh.pem
+# OpenSSL cipher string
+#
+# This is an OpenSSL specific configuration option for configuring the default
+# ciphers. If not set, "DEFAULT:!EXP:!LOW" is used as the default.
+# See https://www.openssl.org/docs/apps/ciphers.html for OpenSSL documentation
+# on cipher suite configuration. This is applicable only if hostapd is built to
+# use OpenSSL.
+#openssl_ciphers=DEFAULT:!EXP:!LOW
+
# Fragment size for EAP methods
#fragment_size=1400
@@ -744,6 +860,10 @@ eap_server=0
# EAP method is enabled, the peer will be allowed to connect without TNC.
#tnc=1
+# EAP Re-authentication Protocol (ERP) - RFC 6696
+#
+# Whether to enable ERP on the EAP server.
+#eap_server_erp=1
##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) #######################
@@ -765,6 +885,12 @@ own_ip_addr=127.0.0.1
# 48 octets long.
#nas_identifier=ap.example.com
+# RADIUS client forced local IP address for the access point
+# Normally the local IP address is determined automatically based on configured
+# IP addresses, but this field can be used to force a specific address to be
+# used, e.g., when the device has multiple IP addresses.
+#radius_client_addr=127.0.0.1
+
# RADIUS authentication server
#auth_server_addr=127.0.0.1
#auth_server_port=1812
@@ -814,9 +940,8 @@ own_ip_addr=127.0.0.1
# is used for the stations. This information is parsed from following RADIUS
# attributes based on RFC 3580 and RFC 2868: Tunnel-Type (value 13 = VLAN),
# Tunnel-Medium-Type (value 6 = IEEE 802), Tunnel-Private-Group-ID (value
-# VLANID as a string). vlan_file option below must be configured if dynamic
-# VLANs are used. Optionally, the local MAC ACL list (accept_mac_file) can be
-# used to set static client MAC address to VLAN ID mapping.
+# VLANID as a string). Optionally, the local MAC ACL list (accept_mac_file) can
+# be used to set static client MAC address to VLAN ID mapping.
# 0 = disabled (default)
# 1 = option; use default interface if RADIUS server does not include VLAN ID
# 2 = required; reject authentication if RADIUS server does not include VLAN ID
@@ -828,6 +953,8 @@ own_ip_addr=127.0.0.1
# multiple BSSIDs or SSIDs. Each line in this text file is defining a new
# interface and the line must include VLAN ID and interface name separated by
# white space (space or tab).
+# If no entries are provided by this file, the station is statically mapped
+# to <bss-iface>.<vlan-id> interfaces.
#vlan_file=/etc/hostapd.vlan
# Interface where 802.1q tagged packets should appear when a RADIUS server is
@@ -837,6 +964,12 @@ own_ip_addr=127.0.0.1
# to the bridge.
#vlan_tagged_interface=eth0
+# Bridge (prefix) to add the wifi and the tagged interface to. This gets the
+# VLAN ID appended. It defaults to brvlan%d if no tagged interface is given
+# and br%s.%d if a tagged interface is given, provided %s = tagged interface
+# and %d = VLAN ID.
+#vlan_bridge=brvlan
+
# When hostapd creates a VLAN interface on vlan_tagged_interfaces, it needs
# to know how to name it.
# 0 = vlan<XXX>, e.g., vlan1
@@ -906,6 +1039,11 @@ own_ip_addr=127.0.0.1
# The UDP port number for the RADIUS authentication server
#radius_server_auth_port=1812
+# The UDP port number for the RADIUS accounting server
+# Commenting this out or setting this to 0 can be used to disable RADIUS
+# accounting while still enabling RADIUS authentication.
+#radius_server_acct_port=1813
+
# Use IPv6 with RADIUS server (IPv4 will also be supported using IPv6 API)
#radius_server_ipv6=1
@@ -1012,6 +1150,17 @@ own_ip_addr=127.0.0.1
# 2 = required
#ieee80211w=0
+# Group management cipher suite
+# Default: AES-128-CMAC (BIP)
+# Other options (depending on driver support):
+# BIP-GMAC-128
+# BIP-GMAC-256
+# BIP-CMAC-256
+# Note: All the stations connecting to the BSS will also need to support the
+# selected cipher. The default AES-128-CMAC is the only option that is commonly
+# available in deployed devices.
+#group_mgmt_cipher=AES-128-CMAC
+
# Association SA Query maximum timeout (in TU = 1.024 ms; for MFP)
# (maximum time to wait for a SA Query response)
# dot11AssociationSAQueryMaximumTimeout, 1...4294967295
@@ -1037,6 +1186,19 @@ own_ip_addr=127.0.0.1
# 1 = enabled
#okc=1
+# SAE threshold for anti-clogging mechanism (dot11RSNASAEAntiCloggingThreshold)
+# This parameter defines how many open SAE instances can be in progress at the
+# same time before the anti-clogging mechanism is taken into use.
+#sae_anti_clogging_threshold=5
+
+# Enabled SAE finite cyclic groups
+# SAE implementation are required to support group 19 (ECC group defined over a
+# 256-bit prime order field). All groups that are supported by the
+# implementation are enabled by default. This configuration parameter can be
+# used to specify a limited set of allowed groups. The group values are listed
+# in the IANA registry:
+# http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-9
+#sae_groups=19 20 21 25 26
##### IEEE 802.11r configuration ##############################################
@@ -1111,6 +1273,14 @@ own_ip_addr=127.0.0.1
# 2 = WPS enabled, configured
#wps_state=2
+# Whether to manage this interface independently from other WPS interfaces
+# By default, a single hostapd process applies WPS operations to all configured
+# interfaces. This parameter can be used to disable that behavior for a subset
+# of interfaces. If this is set to non-zero for an interface, WPS commands
+# issued on that interface do not apply to other interfaces and WPS operations
+# performed on other interfaces do not affect this interface.
+#wps_independent=0
+
# AP can be configured into a locked state where new WPS Registrar are not
# accepted, but previously authorized Registrars (including the internal one)
# can continue to add new Enrollees.
@@ -1315,6 +1485,11 @@ own_ip_addr=127.0.0.1
# 1 = enabled
#bss_transition=1
+# Proxy ARP
+# 0 = disabled (default)
+# 1 = enabled
+#proxy_arp=1
+
##### IEEE 802.11u-2011 #######################################################
# Enable Interworking service
@@ -1381,6 +1556,9 @@ own_ip_addr=127.0.0.1
# information to be complete.
#venue_name=eng:Example venue
#venue_name=fin:Esimerkkipaikka
+# Alternative format for language:value strings:
+# (double quoted string, printf-escaped string)
+#venue_name=P"eng:Example\nvenue"
# Network Authentication Type
# This parameter indicates what type of network authentication is used in the
@@ -1432,6 +1610,8 @@ own_ip_addr=127.0.0.1
# accordance with IETF RFC 4282
# NAI Realm(s): Semi-colon delimited NAI Realm(s)
# EAP Method: <EAP Method>[:<[AuthParam1:Val1]>][<[AuthParam2:Val2]>][...]
+# EAP Method types, see:
+# http://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml#eap-numbers-4
# AuthParam (Table 8-188 in IEEE Std 802.11-2012):
# ID 2 = Non-EAP Inner Authentication Type
# 1 = PAP, 2 = CHAP, 3 = MSCHAP, 4 = MSCHAPV2
@@ -1445,6 +1625,23 @@ own_ip_addr=127.0.0.1
# username/password
#nai_realm=0,example.org,13[5:6],21[2:4][5:7]
+# QoS Map Set configuration
+#
+# Comma delimited QoS Map Set in decimal values
+# (see IEEE Std 802.11-2012, 8.4.2.97)
+#
+# format:
+# [<DSCP Exceptions[DSCP,UP]>,]<UP 0 range[low,high]>,...<UP 7 range[low,high]>
+#
+# There can be up to 21 optional DSCP Exceptions which are pairs of DSCP Value
+# (0..63 or 255) and User Priority (0..7). This is followed by eight DSCP Range
+# descriptions with DSCP Low Value and DSCP High Value pairs (0..63 or 255) for
+# each UP starting from 0. If both low and high value are set to 255, the
+# corresponding UP is not used.
+#
+# default: not set
+#qos_map_set=53,2,22,6,8,15,0,7,255,255,16,31,32,39,255,255,40,47,255,255
+
##### Hotspot 2.0 #############################################################
# Enable Hotspot 2.0 support
@@ -1457,6 +1654,21 @@ own_ip_addr=127.0.0.1
# forging such frames to other stations in the BSS.
#disable_dgaf=1
+# OSU Server-Only Authenticated L2 Encryption Network
+#osen=1
+
+# ANQP Domain ID (0..65535)
+# An identifier for a set of APs in an ESS that share the same common ANQP
+# information. 0 = Some of the ANQP information is unique to this AP (default).
+#anqp_domain_id=1234
+
+# Deauthentication request timeout
+# If the RADIUS server indicates that the station is not allowed to connect to
+# the BSS/ESS, the AP can allow the station some time to download a
+# notification page (URL included in the message). This parameter sets that
+# timeout in seconds.
+#hs20_deauth_req_timeout=60
+
# Operator Friendly Name
# This parameter can be used to configure one or more Operator Friendly Name
# Duples. Each entry has a two or three character language code (ISO-639)
@@ -1500,6 +1712,54 @@ own_ip_addr=127.0.0.1
# channels 36-48):
#hs20_operating_class=5173
+# OSU icons
+# <Icon Width>:<Icon Height>:<Language code>:<Icon Type>:<Name>:<file path>
+#hs20_icon=32:32:eng:image/png:icon32:/tmp/icon32.png
+#hs20_icon=64:64:eng:image/png:icon64:/tmp/icon64.png
+
+# OSU SSID (see ssid2 for format description)
+# This is the SSID used for all OSU connections to all the listed OSU Providers.
+#osu_ssid="example"
+
+# OSU Providers
+# One or more sets of following parameter. Each OSU provider is started by the
+# mandatory osu_server_uri item. The other parameters add information for the
+# last added OSU provider.
+#
+#osu_server_uri=https://example.com/osu/
+#osu_friendly_name=eng:Example operator
+#osu_friendly_name=fin:Esimerkkipalveluntarjoaja
+#osu_nai=anonymous@example.com
+#osu_method_list=1 0
+#osu_icon=icon32
+#osu_icon=icon64
+#osu_service_desc=eng:Example services
+#osu_service_desc=fin:Esimerkkipalveluja
+#
+#osu_server_uri=...
+
+##### TESTING OPTIONS #########################################################
+#
+# The options in this section are only available when the build configuration
+# option CONFIG_TESTING_OPTIONS is set while compiling hostapd. They allow
+# testing some scenarios that are otherwise difficult to reproduce.
+#
+# Ignore probe requests sent to hostapd with the given probability, must be a
+# floating point number in the range [0, 1).
+#ignore_probe_probability=0.0
+#
+# Ignore authentication frames with the given probability
+#ignore_auth_probability=0.0
+#
+# Ignore association requests with the given probability
+#ignore_assoc_probability=0.0
+#
+# Ignore reassociation requests with the given probability
+#ignore_reassoc_probability=0.0
+#
+# Corrupt Key MIC in GTK rekey EAPOL-Key frames with the given probability
+#corrupt_gtk_rekey_mic_probability=0.0
+
##### Multiple BSSID support ##################################################
#
# Above configuration is using the default interface (wlan#, or multi-SSID VLAN
@@ -1521,6 +1781,11 @@ own_ip_addr=127.0.0.1
# - is not the same as the MAC address of the radio
# - is not the same as any other explicitly specified BSSID
#
+# Not all drivers support multiple BSSes. The exact mechanism for determining
+# the driver capabilities is driver specific. With the current (i.e., a recent
+# kernel) drivers using nl80211, this information can be checked with "iw list"
+# (search for "valid interface combinations").
+#
# Please note that hostapd uses some of the values configured for the first BSS
# as the defaults for the following BSSes. However, it is recommended that all
# BSSes include explicit configuration of all relevant configuration items.
diff --git a/hostapd/hostapd.eap_user b/hostapd/hostapd.eap_user
index 12a2c61296d7..00edc95af5cd 100644
--- a/hostapd/hostapd.eap_user
+++ b/hostapd/hostapd.eap_user
@@ -48,6 +48,12 @@
# TTLS-CHAP, TTLS-MSCHAP, TTLS-MSCHAPV2. TTLS-PAP and TTLS-CHAP require a
# plaintext password while TTLS-MSCHAP and TTLS-MSCHAPV2 can use NT password
# hash.
+#
+# Arbitrary RADIUS attributes can be added into Access-Accept packets similarly
+# to the way radius_auth_req_attr is used for Access-Request packet in
+# hostapd.conf. For EAP server, this is configured separately for each user
+# entry with radius_accept_attr=<value> line(s) following the main user entry
+# line.
# Phase 1 users
"user" MD5 "password"
diff --git a/hostapd/hostapd.eap_user_sqlite b/hostapd/hostapd.eap_user_sqlite
index f688327103c8..826db349cfc2 100644
--- a/hostapd/hostapd.eap_user_sqlite
+++ b/hostapd/hostapd.eap_user_sqlite
@@ -2,6 +2,7 @@ CREATE TABLE users(
identity TEXT PRIMARY KEY,
methods TEXT,
password TEXT,
+ remediation TEXT,
phase2 INTEGER
);
@@ -15,3 +16,11 @@ INSERT INTO users(identity,methods,password,phase2) VALUES ('DOMAIN\mschapv2 use
INSERT INTO wildcards(identity,methods) VALUES ('','TTLS,TLS');
INSERT INTO wildcards(identity,methods) VALUES ('0','AKA');
+
+CREATE TABLE authlog(
+ timestamp TEXT,
+ session TEXT,
+ nas_ip TEXT,
+ username TEXT,
+ note TEXT
+);
diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
index e8e1bb24a1c5..3f00cbbf0cc7 100644
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -1,6 +1,6 @@
/*
* hostapd - command line interface for hostapd daemon
- * Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -18,7 +18,7 @@
static const char *hostapd_cli_version =
"hostapd_cli v" VERSION_STR "\n"
-"Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi> and contributors";
+"Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> and contributors";
static const char *hostapd_cli_license =
@@ -79,6 +79,7 @@ static const char *commands_help =
#endif /* CONFIG_WPS_NFC */
" wps_ap_pin <cmd> [params..] enable/disable AP PIN\n"
" wps_config <SSID> <auth> <encr> <key> configure AP\n"
+" wps_get_status show current WPS status\n"
#endif /* CONFIG_WPS */
" get_config show current configuration\n"
" help show this usage help\n"
@@ -90,7 +91,12 @@ static const char *commands_help =
static struct wpa_ctrl *ctrl_conn;
static int hostapd_cli_quit = 0;
static int hostapd_cli_attached = 0;
-static const char *ctrl_iface_dir = "/var/run/hostapd";
+
+#ifndef CONFIG_CTRL_IFACE_DIR
+#define CONFIG_CTRL_IFACE_DIR "/var/run/hostapd"
+#endif /* CONFIG_CTRL_IFACE_DIR */
+static const char *ctrl_iface_dir = CONFIG_CTRL_IFACE_DIR;
+
static char *ctrl_ifname = NULL;
static const char *pid_file = NULL;
static const char *action_file = NULL;
@@ -210,8 +216,21 @@ static int hostapd_cli_cmd_relog(struct wpa_ctrl *ctrl, int argc, char *argv[])
}
+static int hostapd_cli_cmd_status(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ if (argc > 0 && os_strcmp(argv[0], "driver") == 0)
+ return wpa_ctrl_command(ctrl, "STATUS-DRIVER");
+ return wpa_ctrl_command(ctrl, "STATUS");
+}
+
+
static int hostapd_cli_cmd_mib(struct wpa_ctrl *ctrl, int argc, char *argv[])
{
+ if (argc > 0) {
+ char buf[100];
+ os_snprintf(buf, sizeof(buf), "MIB %s", argv[0]);
+ return wpa_ctrl_command(ctrl, buf);
+ }
return wpa_ctrl_command(ctrl, "MIB");
}
@@ -219,28 +238,19 @@ static int hostapd_cli_cmd_mib(struct wpa_ctrl *ctrl, int argc, char *argv[])
static int hostapd_cli_exec(const char *program, const char *arg1,
const char *arg2)
{
- char *cmd;
+ char *arg;
size_t len;
int res;
- int ret = 0;
- len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
- cmd = os_malloc(len);
- if (cmd == NULL)
- return -1;
- res = os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2);
- if (res < 0 || (size_t) res >= len) {
- os_free(cmd);
+ len = os_strlen(arg1) + os_strlen(arg2) + 2;
+ arg = os_malloc(len);
+ if (arg == NULL)
return -1;
- }
- cmd[len - 1] = '\0';
-#ifndef _WIN32_WCE
- if (system(cmd) < 0)
- ret = -1;
-#endif /* _WIN32_WCE */
- os_free(cmd);
+ os_snprintf(arg, len, "%s %s", arg1, arg2);
+ res = os_exec(program, arg, 1);
+ os_free(arg);
- return ret;
+ return res;
}
@@ -264,12 +274,15 @@ static void hostapd_cli_action_process(char *msg, size_t len)
static int hostapd_cli_cmd_sta(struct wpa_ctrl *ctrl, int argc, char *argv[])
{
char buf[64];
- if (argc != 1) {
- printf("Invalid 'sta' command - exactly one argument, STA "
+ if (argc < 1) {
+ printf("Invalid 'sta' command - at least one argument, STA "
"address, is required.\n");
return -1;
}
- snprintf(buf, sizeof(buf), "STA %s", argv[0]);
+ if (argc > 1)
+ snprintf(buf, sizeof(buf), "STA %s %s", argv[0], argv[1]);
+ else
+ snprintf(buf, sizeof(buf), "STA %s", argv[0]);
return wpa_ctrl_command(ctrl, buf);
}
@@ -380,7 +393,7 @@ static int hostapd_cli_cmd_wps_check_pin(struct wpa_ctrl *ctrl, int argc,
else
res = os_snprintf(cmd, sizeof(cmd), "WPS_CHECK_PIN %s",
argv[0]);
- if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
+ if (os_snprintf_error(sizeof(cmd), res)) {
printf("Too long WPS_CHECK_PIN command.\n");
return -1;
}
@@ -443,7 +456,7 @@ static int hostapd_cli_cmd_wps_nfc_config_token(struct wpa_ctrl *ctrl,
res = os_snprintf(cmd, sizeof(cmd), "WPS_NFC_CONFIG_TOKEN %s",
argv[0]);
- if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
+ if (os_snprintf_error(sizeof(cmd), res)) {
printf("Too long WPS_NFC_CONFIG_TOKEN command.\n");
return -1;
}
@@ -464,12 +477,35 @@ static int hostapd_cli_cmd_wps_nfc_token(struct wpa_ctrl *ctrl,
}
res = os_snprintf(cmd, sizeof(cmd), "WPS_NFC_TOKEN %s", argv[0]);
- if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
+ if (os_snprintf_error(sizeof(cmd), res)) {
printf("Too long WPS_NFC_TOKEN command.\n");
return -1;
}
return wpa_ctrl_command(ctrl, cmd);
}
+
+
+static int hostapd_cli_cmd_nfc_get_handover_sel(struct wpa_ctrl *ctrl,
+ int argc, char *argv[])
+{
+ char cmd[64];
+ int res;
+
+ if (argc != 2) {
+ printf("Invalid 'nfc_get_handover_sel' command - two arguments "
+ "are required.\n");
+ return -1;
+ }
+
+ res = os_snprintf(cmd, sizeof(cmd), "NFC_GET_HANDOVER_SEL %s %s",
+ argv[0], argv[1]);
+ if (os_snprintf_error(sizeof(cmd), res)) {
+ printf("Too long NFC_GET_HANDOVER_SEL command.\n");
+ return -1;
+ }
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
#endif /* CONFIG_WPS_NFC */
@@ -494,6 +530,13 @@ static int hostapd_cli_cmd_wps_ap_pin(struct wpa_ctrl *ctrl, int argc,
}
+static int hostapd_cli_cmd_wps_get_status(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "WPS_GET_STATUS");
+}
+
+
static int hostapd_cli_cmd_wps_config(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
@@ -553,7 +596,7 @@ static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
res = os_snprintf(buf, sizeof(buf), "DISASSOC_IMMINENT %s %s",
argv[0], argv[1]);
- if (res < 0 || res >= (int) sizeof(buf))
+ if (os_snprintf_error(sizeof(buf), res))
return -1;
return wpa_ctrl_command(ctrl, buf);
}
@@ -565,16 +608,43 @@ static int hostapd_cli_cmd_ess_disassoc(struct wpa_ctrl *ctrl, int argc,
char buf[300];
int res;
- if (argc < 2) {
- printf("Invalid 'ess_disassoc' command - two arguments (STA "
- "addr and URL) are needed\n");
+ if (argc < 3) {
+ printf("Invalid 'ess_disassoc' command - three arguments (STA "
+ "addr, disassoc timer, and URL) are needed\n");
return -1;
}
- res = os_snprintf(buf, sizeof(buf), "ESS_DISASSOC %s %s",
- argv[0], argv[1]);
- if (res < 0 || res >= (int) sizeof(buf))
+ res = os_snprintf(buf, sizeof(buf), "ESS_DISASSOC %s %s %s",
+ argv[0], argv[1], argv[2]);
+ if (os_snprintf_error(sizeof(buf), res))
+ return -1;
+ return wpa_ctrl_command(ctrl, buf);
+}
+
+
+static int hostapd_cli_cmd_bss_tm_req(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char buf[2000], *tmp;
+ int res, i, total;
+
+ if (argc < 1) {
+ printf("Invalid 'bss_tm_req' command - at least one argument (STA addr) is needed\n");
+ return -1;
+ }
+
+ res = os_snprintf(buf, sizeof(buf), "BSS_TM_REQ %s", argv[0]);
+ if (os_snprintf_error(sizeof(buf), res))
return -1;
+
+ total = res;
+ for (i = 1; i < argc; i++) {
+ tmp = &buf[total];
+ res = os_snprintf(tmp, sizeof(buf) - total, " %s", argv[i]);
+ if (os_snprintf_error(sizeof(buf) - total, res))
+ return -1;
+ total += res;
+ }
return wpa_ctrl_command(ctrl, buf);
}
@@ -652,6 +722,90 @@ static int hostapd_cli_cmd_license(struct wpa_ctrl *ctrl, int argc,
}
+static int hostapd_cli_cmd_set_qos_map_set(struct wpa_ctrl *ctrl,
+ int argc, char *argv[])
+{
+ char buf[200];
+ int res;
+
+ if (argc != 1) {
+ printf("Invalid 'set_qos_map_set' command - "
+ "one argument (comma delimited QoS map set) "
+ "is needed\n");
+ return -1;
+ }
+
+ res = os_snprintf(buf, sizeof(buf), "SET_QOS_MAP_SET %s", argv[0]);
+ if (os_snprintf_error(sizeof(buf), res))
+ return -1;
+ return wpa_ctrl_command(ctrl, buf);
+}
+
+
+static int hostapd_cli_cmd_send_qos_map_conf(struct wpa_ctrl *ctrl,
+ int argc, char *argv[])
+{
+ char buf[50];
+ int res;
+
+ if (argc != 1) {
+ printf("Invalid 'send_qos_map_conf' command - "
+ "one argument (STA addr) is needed\n");
+ return -1;
+ }
+
+ res = os_snprintf(buf, sizeof(buf), "SEND_QOS_MAP_CONF %s", argv[0]);
+ if (os_snprintf_error(sizeof(buf), res))
+ return -1;
+ return wpa_ctrl_command(ctrl, buf);
+}
+
+
+static int hostapd_cli_cmd_hs20_wnm_notif(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char buf[300];
+ int res;
+
+ if (argc < 2) {
+ printf("Invalid 'hs20_wnm_notif' command - two arguments (STA "
+ "addr and URL) are needed\n");
+ return -1;
+ }
+
+ res = os_snprintf(buf, sizeof(buf), "HS20_WNM_NOTIF %s %s",
+ argv[0], argv[1]);
+ if (os_snprintf_error(sizeof(buf), res))
+ return -1;
+ return wpa_ctrl_command(ctrl, buf);
+}
+
+
+static int hostapd_cli_cmd_hs20_deauth_req(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char buf[300];
+ int res;
+
+ if (argc < 3) {
+ printf("Invalid 'hs20_deauth_req' command - at least three arguments (STA addr, Code, Re-auth Delay) are needed\n");
+ return -1;
+ }
+
+ if (argc > 3)
+ res = os_snprintf(buf, sizeof(buf),
+ "HS20_DEAUTH_REQ %s %s %s %s",
+ argv[0], argv[1], argv[2], argv[3]);
+ else
+ res = os_snprintf(buf, sizeof(buf),
+ "HS20_DEAUTH_REQ %s %s %s",
+ argv[0], argv[1], argv[2]);
+ if (os_snprintf_error(sizeof(buf), res))
+ return -1;
+ return wpa_ctrl_command(ctrl, buf);
+}
+
+
static int hostapd_cli_cmd_quit(struct wpa_ctrl *ctrl, int argc, char *argv[])
{
hostapd_cli_quit = 1;
@@ -706,8 +860,10 @@ static int hostapd_cli_cmd_interface(struct wpa_ctrl *ctrl, int argc,
}
hostapd_cli_close_connection();
- free(ctrl_ifname);
- ctrl_ifname = strdup(argv[0]);
+ os_free(ctrl_ifname);
+ ctrl_ifname = os_strdup(argv[0]);
+ if (ctrl_ifname == NULL)
+ return -1;
if (hostapd_cli_open_connection(ctrl_ifname)) {
printf("Connected to interface '%s.\n", ctrl_ifname);
@@ -737,7 +893,7 @@ static int hostapd_cli_cmd_set(struct wpa_ctrl *ctrl, int argc, char *argv[])
}
res = os_snprintf(cmd, sizeof(cmd), "SET %s %s", argv[0], argv[1]);
- if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
+ if (os_snprintf_error(sizeof(cmd), res)) {
printf("Too long SET command.\n");
return -1;
}
@@ -757,7 +913,7 @@ static int hostapd_cli_cmd_get(struct wpa_ctrl *ctrl, int argc, char *argv[])
}
res = os_snprintf(cmd, sizeof(cmd), "GET %s", argv[0]);
- if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
+ if (os_snprintf_error(sizeof(cmd), res)) {
printf("Too long GET command.\n");
return -1;
}
@@ -765,6 +921,94 @@ static int hostapd_cli_cmd_get(struct wpa_ctrl *ctrl, int argc, char *argv[])
}
+static int hostapd_cli_cmd_chan_switch(struct wpa_ctrl *ctrl,
+ int argc, char *argv[])
+{
+ char cmd[256];
+ int res;
+ int i;
+ char *tmp;
+ int total;
+
+ if (argc < 2) {
+ printf("Invalid chan_switch command: needs at least two "
+ "arguments (count and freq)\n"
+ "usage: <cs_count> <freq> [sec_channel_offset=] "
+ "[center_freq1=] [center_freq2=] [bandwidth=] "
+ "[blocktx] [ht|vht]\n");
+ return -1;
+ }
+
+ res = os_snprintf(cmd, sizeof(cmd), "CHAN_SWITCH %s %s",
+ argv[0], argv[1]);
+ if (os_snprintf_error(sizeof(cmd), res)) {
+ printf("Too long CHAN_SWITCH command.\n");
+ return -1;
+ }
+
+ total = res;
+ for (i = 2; i < argc; i++) {
+ tmp = cmd + total;
+ res = os_snprintf(tmp, sizeof(cmd) - total, " %s", argv[i]);
+ if (os_snprintf_error(sizeof(cmd) - total, res)) {
+ printf("Too long CHAN_SWITCH command.\n");
+ return -1;
+ }
+ total += res;
+ }
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int hostapd_cli_cmd_enable(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "ENABLE");
+}
+
+
+static int hostapd_cli_cmd_reload(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "RELOAD");
+}
+
+
+static int hostapd_cli_cmd_disable(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "DISABLE");
+}
+
+
+static int hostapd_cli_cmd_vendor(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+ char cmd[256];
+ int res;
+
+ if (argc < 2 || argc > 3) {
+ printf("Invalid vendor command\n"
+ "usage: <vendor id> <command id> [<hex formatted command argument>]\n");
+ return -1;
+ }
+
+ res = os_snprintf(cmd, sizeof(cmd), "VENDOR %s %s %s", argv[0], argv[1],
+ argc == 3 ? argv[2] : "");
+ if (os_snprintf_error(sizeof(cmd), res)) {
+ printf("Too long VENDOR command.\n");
+ return -1;
+ }
+ return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static int hostapd_cli_cmd_erp_flush(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "ERP_FLUSH");
+}
+
+
struct hostapd_cli_cmd {
const char *cmd;
int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]);
@@ -774,6 +1018,7 @@ static struct hostapd_cli_cmd hostapd_cli_commands[] = {
{ "ping", hostapd_cli_cmd_ping },
{ "mib", hostapd_cli_cmd_mib },
{ "relog", hostapd_cli_cmd_relog },
+ { "status", hostapd_cli_cmd_status },
{ "sta", hostapd_cli_cmd_sta },
{ "all_sta", hostapd_cli_cmd_all_sta },
{ "new_sta", hostapd_cli_cmd_new_sta },
@@ -791,12 +1036,15 @@ static struct hostapd_cli_cmd hostapd_cli_commands[] = {
{ "wps_nfc_tag_read", hostapd_cli_cmd_wps_nfc_tag_read },
{ "wps_nfc_config_token", hostapd_cli_cmd_wps_nfc_config_token },
{ "wps_nfc_token", hostapd_cli_cmd_wps_nfc_token },
+ { "nfc_get_handover_sel", hostapd_cli_cmd_nfc_get_handover_sel },
#endif /* CONFIG_WPS_NFC */
{ "wps_ap_pin", hostapd_cli_cmd_wps_ap_pin },
{ "wps_config", hostapd_cli_cmd_wps_config },
+ { "wps_get_status", hostapd_cli_cmd_wps_get_status },
#endif /* CONFIG_WPS */
{ "disassoc_imminent", hostapd_cli_cmd_disassoc_imminent },
{ "ess_disassoc", hostapd_cli_cmd_ess_disassoc },
+ { "bss_tm_req", hostapd_cli_cmd_bss_tm_req },
{ "get_config", hostapd_cli_cmd_get_config },
{ "help", hostapd_cli_cmd_help },
{ "interface", hostapd_cli_cmd_interface },
@@ -805,6 +1053,16 @@ static struct hostapd_cli_cmd hostapd_cli_commands[] = {
{ "quit", hostapd_cli_cmd_quit },
{ "set", hostapd_cli_cmd_set },
{ "get", hostapd_cli_cmd_get },
+ { "set_qos_map_set", hostapd_cli_cmd_set_qos_map_set },
+ { "send_qos_map_conf", hostapd_cli_cmd_send_qos_map_conf },
+ { "chan_switch", hostapd_cli_cmd_chan_switch },
+ { "hs20_wnm_notif", hostapd_cli_cmd_hs20_wnm_notif },
+ { "hs20_deauth_req", hostapd_cli_cmd_hs20_deauth_req },
+ { "vendor", hostapd_cli_cmd_vendor },
+ { "enable", hostapd_cli_cmd_enable },
+ { "reload", hostapd_cli_cmd_reload },
+ { "disable", hostapd_cli_cmd_disable },
+ { "erp_flush", hostapd_cli_cmd_erp_flush },
{ NULL, NULL }
};
diff --git a/hostapd/main.c b/hostapd/main.c
index 56f00023bea8..dd389a8d66a3 100644
--- a/hostapd/main.c
+++ b/hostapd/main.c
@@ -1,6 +1,6 @@
/*
* hostapd / main()
- * Copyright (c) 2002-2011, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -9,10 +9,12 @@
#include "utils/includes.h"
#ifndef CONFIG_NATIVE_WINDOWS
#include <syslog.h>
+#include <grp.h>
#endif /* CONFIG_NATIVE_WINDOWS */
#include "utils/common.h"
#include "utils/eloop.h"
+#include "utils/uuid.h"
#include "crypto/random.h"
#include "crypto/tls.h"
#include "common/version.h"
@@ -24,17 +26,9 @@
#include "ap/ap_drv_ops.h"
#include "config_file.h"
#include "eap_register.h"
-#include "dump_state.h"
#include "ctrl_iface.h"
-extern int wpa_debug_level;
-extern int wpa_debug_show_keys;
-extern int wpa_debug_timestamp;
-
-extern struct wpa_driver_ops *wpa_drivers[];
-
-
struct hapd_global {
void **drv_priv;
size_t drv_count;
@@ -98,22 +92,24 @@ static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
if (hapd && hapd->conf && addr)
os_snprintf(format, maxlen, "%s: STA " MACSTR "%s%s: %s",
hapd->conf->iface, MAC2STR(addr),
- module_str ? " " : "", module_str, txt);
+ module_str ? " " : "", module_str ? module_str : "",
+ txt);
else if (hapd && hapd->conf)
os_snprintf(format, maxlen, "%s:%s%s %s",
hapd->conf->iface, module_str ? " " : "",
- module_str, txt);
+ module_str ? module_str : "", txt);
else if (addr)
os_snprintf(format, maxlen, "STA " MACSTR "%s%s: %s",
MAC2STR(addr), module_str ? " " : "",
- module_str, txt);
+ module_str ? module_str : "", txt);
else
os_snprintf(format, maxlen, "%s%s%s",
- module_str, module_str ? ": " : "", txt);
+ module_str ? module_str : "",
+ module_str ? ": " : "", txt);
if ((conf_stdout & module) && level >= conf_stdout_level) {
wpa_debug_print_timestamp();
- printf("%s\n", format);
+ wpa_printf(MSG_INFO, "%s", format);
}
#ifndef CONFIG_NATIVE_WINDOWS
@@ -147,63 +143,8 @@ static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
/**
- * hostapd_init - Allocate and initialize per-interface data
- * @config_file: Path to the configuration file
- * Returns: Pointer to the allocated interface data or %NULL on failure
- *
- * This function is used to allocate main data structures for per-interface
- * data. The allocated data buffer will be freed by calling
- * hostapd_cleanup_iface().
+ * hostapd_driver_init - Preparate driver interface
*/
-static struct hostapd_iface * hostapd_init(const char *config_file)
-{
- struct hostapd_iface *hapd_iface = NULL;
- struct hostapd_config *conf = NULL;
- struct hostapd_data *hapd;
- size_t i;
-
- hapd_iface = os_zalloc(sizeof(*hapd_iface));
- if (hapd_iface == NULL)
- goto fail;
-
- hapd_iface->config_fname = os_strdup(config_file);
- if (hapd_iface->config_fname == NULL)
- goto fail;
-
- conf = hostapd_config_read(hapd_iface->config_fname);
- if (conf == NULL)
- goto fail;
- hapd_iface->conf = conf;
-
- hapd_iface->num_bss = conf->num_bss;
- hapd_iface->bss = os_calloc(conf->num_bss,
- sizeof(struct hostapd_data *));
- if (hapd_iface->bss == NULL)
- goto fail;
-
- for (i = 0; i < conf->num_bss; i++) {
- hapd = hapd_iface->bss[i] =
- hostapd_alloc_bss_data(hapd_iface, conf,
- &conf->bss[i]);
- if (hapd == NULL)
- goto fail;
- hapd->msg_ctx = hapd;
- }
-
- return hapd_iface;
-
-fail:
- if (conf)
- hostapd_config_free(conf);
- if (hapd_iface) {
- os_free(hapd_iface->config_fname);
- os_free(hapd_iface->bss);
- os_free(hapd_iface);
- }
- return NULL;
-}
-
-
static int hostapd_driver_init(struct hostapd_iface *iface)
{
struct wpa_init_params params;
@@ -243,9 +184,7 @@ static int hostapd_driver_init(struct hostapd_iface *iface)
}
params.bssid = b;
params.ifname = hapd->conf->iface;
- params.ssid = hapd->conf->ssid.ssid;
- params.ssid_len = hapd->conf->ssid.ssid_len;
- params.test_socket = hapd->conf->test_socket;
+ params.driver_params = hapd->iconf->driver_params;
params.use_pae_group_addr = hapd->conf->use_pae_group_addr;
params.num_bridge = hapd->iface->num_bss;
@@ -271,14 +210,35 @@ static int hostapd_driver_init(struct hostapd_iface *iface)
if (hapd->driver->get_capa &&
hapd->driver->get_capa(hapd->drv_priv, &capa) == 0) {
+ struct wowlan_triggers *triggs;
+
iface->drv_flags = capa.flags;
+ iface->smps_modes = capa.smps_modes;
iface->probe_resp_offloads = capa.probe_resp_offloads;
+ iface->extended_capa = capa.extended_capa;
+ iface->extended_capa_mask = capa.extended_capa_mask;
+ iface->extended_capa_len = capa.extended_capa_len;
+ iface->drv_max_acl_mac_addrs = capa.max_acl_mac_addrs;
+
+ triggs = wpa_get_wowlan_triggers(conf->wowlan_triggers, &capa);
+ if (triggs && hapd->driver->set_wowlan) {
+ if (hapd->driver->set_wowlan(hapd->drv_priv, triggs))
+ wpa_printf(MSG_ERROR, "set_wowlan failed");
+ }
+ os_free(triggs);
}
return 0;
}
+/**
+ * hostapd_interface_init - Read configuration file and init BSS data
+ *
+ * This function is used to parse configuration file for a full interface (one
+ * or more BSSes sharing the same radio) and allocate memory for the BSS
+ * interfaces. No actiual driver operations are started.
+ */
static struct hostapd_iface *
hostapd_interface_init(struct hapd_interfaces *interfaces,
const char *config_fname, int debug)
@@ -287,7 +247,7 @@ hostapd_interface_init(struct hapd_interfaces *interfaces,
int k;
wpa_printf(MSG_ERROR, "Configuration file: %s", config_fname);
- iface = hostapd_init(config_fname);
+ iface = hostapd_init(interfaces, config_fname);
if (!iface)
return NULL;
iface->interfaces = interfaces;
@@ -297,13 +257,12 @@ hostapd_interface_init(struct hapd_interfaces *interfaces,
iface->bss[0]->conf->logger_stdout_level--;
}
- if (iface->conf->bss[0].iface[0] != 0 ||
- hostapd_drv_none(iface->bss[0])) {
- if (hostapd_driver_init(iface) ||
- hostapd_setup_interface(iface)) {
- hostapd_interface_deinit_free(iface);
- return NULL;
- }
+ if (iface->conf->bss[0]->iface[0] == '\0' &&
+ !hostapd_drv_none(iface->bss[0])) {
+ wpa_printf(MSG_ERROR, "Interface name not specified in %s",
+ config_fname);
+ hostapd_interface_deinit_free(iface);
+ return NULL;
}
return iface;
@@ -346,10 +305,7 @@ static void handle_reload(int sig, void *signal_ctx)
static void handle_dump_state(int sig, void *signal_ctx)
{
-#ifdef HOSTAPD_DUMP_STATE
- struct hapd_interfaces *interfaces = signal_ctx;
- hostapd_for_each_interface(interfaces, handle_dump_state_iface, NULL);
-#endif /* HOSTAPD_DUMP_STATE */
+ /* Not used anymore - ignore signal */
}
#endif /* CONFIG_NATIVE_WINDOWS */
@@ -452,7 +408,7 @@ static int hostapd_global_run(struct hapd_interfaces *ifaces, int daemonize,
#endif /* EAP_SERVER_TNC */
if (daemonize && os_daemonize(pid_file)) {
- perror("daemon");
+ wpa_printf(MSG_ERROR, "daemon: %s", strerror(errno));
return -1;
}
@@ -468,7 +424,7 @@ static void show_version(void)
"hostapd v" VERSION_STR "\n"
"User space daemon for IEEE 802.11 AP management,\n"
"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
- "Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> "
+ "Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi> "
"and contributors\n");
}
@@ -480,7 +436,8 @@ static void usage(void)
"\n"
"usage: hostapd [-hdBKtv] [-P <PID file>] [-e <entropy file>] "
"\\\n"
- " [-g <global ctrl_iface>] <configuration file(s)>\n"
+ " [-g <global ctrl_iface>] [-G <group>] \\\n"
+ " <configuration file(s)>\n"
"\n"
"options:\n"
" -h show this usage\n"
@@ -488,11 +445,16 @@ static void usage(void)
" -B run daemon in the background\n"
" -e entropy file\n"
" -g global control interface path\n"
+ " -G group for control interfaces\n"
" -P PID file\n"
" -K include key data in debug messages\n"
#ifdef CONFIG_DEBUG_FILE
" -f log output to debug file instead of stdout\n"
#endif /* CONFIG_DEBUG_FILE */
+#ifdef CONFIG_DEBUG_LINUX_TRACING
+ " -T = record to Linux tracing in addition to logging\n"
+ " (records all messages regardless of debug verbosity)\n"
+#endif /* CONFIG_DEBUG_LINUX_TRACING */
" -t include timestamps in some debug messages\n"
" -v show hostapd version\n");
@@ -503,8 +465,9 @@ static void usage(void)
static const char * hostapd_msg_ifname_cb(void *ctx)
{
struct hostapd_data *hapd = ctx;
- if (hapd && hapd->iconf && hapd->iconf->bss)
- return hapd->iconf->bss->iface;
+ if (hapd && hapd->iconf && hapd->iconf->bss &&
+ hapd->iconf->num_bss > 0 && hapd->iconf->bss[0])
+ return hapd->iconf->bss[0]->iface;
return NULL;
}
@@ -519,6 +482,8 @@ static int hostapd_get_global_ctrl_iface(struct hapd_interfaces *interfaces,
return -1;
pos = os_strrchr(interfaces->global_iface_path, '/');
if (pos == NULL) {
+ wpa_printf(MSG_ERROR, "No '/' in the global control interface "
+ "file");
os_free(interfaces->global_iface_path);
interfaces->global_iface_path = NULL;
return -1;
@@ -531,15 +496,57 @@ static int hostapd_get_global_ctrl_iface(struct hapd_interfaces *interfaces,
}
+static int hostapd_get_ctrl_iface_group(struct hapd_interfaces *interfaces,
+ const char *group)
+{
+#ifndef CONFIG_NATIVE_WINDOWS
+ struct group *grp;
+ grp = getgrnam(group);
+ if (grp == NULL) {
+ wpa_printf(MSG_ERROR, "Unknown group '%s'", group);
+ return -1;
+ }
+ interfaces->ctrl_iface_group = grp->gr_gid;
+#endif /* CONFIG_NATIVE_WINDOWS */
+ return 0;
+}
+
+
+#ifdef CONFIG_WPS
+static int gen_uuid(const char *txt_addr)
+{
+ u8 addr[ETH_ALEN];
+ u8 uuid[UUID_LEN];
+ char buf[100];
+
+ if (hwaddr_aton(txt_addr, addr) < 0)
+ return -1;
+
+ uuid_gen_mac_addr(addr, uuid);
+ if (uuid_bin2str(uuid, buf, sizeof(buf)) < 0)
+ return -1;
+
+ printf("%s\n", buf);
+
+ return 0;
+}
+#endif /* CONFIG_WPS */
+
+
int main(int argc, char *argv[])
{
struct hapd_interfaces interfaces;
int ret = 1;
- size_t i;
+ size_t i, j;
int c, debug = 0, daemonize = 0;
char *pid_file = NULL;
const char *log_file = NULL;
const char *entropy_file = NULL;
+ char **bss_config = NULL, **tmp_bss;
+ size_t num_bss_configs = 0;
+#ifdef CONFIG_DEBUG_LINUX_TRACING
+ int enable_trace_dbg = 0;
+#endif /* CONFIG_DEBUG_LINUX_TRACING */
if (os_program_init())
return -1;
@@ -556,7 +563,7 @@ int main(int argc, char *argv[])
interfaces.global_ctrl_sock = -1;
for (;;) {
- c = getopt(argc, argv, "Bde:f:hKP:tvg:");
+ c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:");
if (c < 0)
break;
switch (c) {
@@ -587,31 +594,65 @@ int main(int argc, char *argv[])
case 't':
wpa_debug_timestamp++;
break;
+#ifdef CONFIG_DEBUG_LINUX_TRACING
+ case 'T':
+ enable_trace_dbg = 1;
+ break;
+#endif /* CONFIG_DEBUG_LINUX_TRACING */
case 'v':
show_version();
exit(1);
break;
case 'g':
- hostapd_get_global_ctrl_iface(&interfaces, optarg);
+ if (hostapd_get_global_ctrl_iface(&interfaces, optarg))
+ return -1;
break;
-
+ case 'G':
+ if (hostapd_get_ctrl_iface_group(&interfaces, optarg))
+ return -1;
+ break;
+ case 'b':
+ tmp_bss = os_realloc_array(bss_config,
+ num_bss_configs + 1,
+ sizeof(char *));
+ if (tmp_bss == NULL)
+ goto out;
+ bss_config = tmp_bss;
+ bss_config[num_bss_configs++] = optarg;
+ break;
+#ifdef CONFIG_WPS
+ case 'u':
+ return gen_uuid(optarg);
+#endif /* CONFIG_WPS */
default:
usage();
break;
}
}
- if (optind == argc && interfaces.global_iface_path == NULL)
+ if (optind == argc && interfaces.global_iface_path == NULL &&
+ num_bss_configs == 0)
usage();
wpa_msg_register_ifname_cb(hostapd_msg_ifname_cb);
if (log_file)
wpa_debug_open_file(log_file);
+ else
+ wpa_debug_setup_stdout();
+#ifdef CONFIG_DEBUG_LINUX_TRACING
+ if (enable_trace_dbg) {
+ int tret = wpa_debug_open_linux_tracing();
+ if (tret) {
+ wpa_printf(MSG_ERROR, "Failed to enable trace logging");
+ return -1;
+ }
+ }
+#endif /* CONFIG_DEBUG_LINUX_TRACING */
interfaces.count = argc - optind;
- if (interfaces.count) {
- interfaces.iface = os_calloc(interfaces.count,
+ if (interfaces.count || num_bss_configs) {
+ interfaces.iface = os_calloc(interfaces.count + num_bss_configs,
sizeof(struct hostapd_iface *));
if (interfaces.iface == NULL) {
wpa_printf(MSG_ERROR, "malloc failed");
@@ -619,30 +660,93 @@ int main(int argc, char *argv[])
}
}
- if (hostapd_global_init(&interfaces, entropy_file))
+ if (hostapd_global_init(&interfaces, entropy_file)) {
+ wpa_printf(MSG_ERROR, "Failed to initilize global context");
return -1;
+ }
- /* Initialize interfaces */
+ /* Allocate and parse configuration for full interface files */
for (i = 0; i < interfaces.count; i++) {
interfaces.iface[i] = hostapd_interface_init(&interfaces,
argv[optind + i],
debug);
- if (!interfaces.iface[i])
+ if (!interfaces.iface[i]) {
+ wpa_printf(MSG_ERROR, "Failed to initialize interface");
+ goto out;
+ }
+ }
+
+ /* Allocate and parse configuration for per-BSS files */
+ for (i = 0; i < num_bss_configs; i++) {
+ struct hostapd_iface *iface;
+ char *fname;
+
+ wpa_printf(MSG_INFO, "BSS config: %s", bss_config[i]);
+ fname = os_strchr(bss_config[i], ':');
+ if (fname == NULL) {
+ wpa_printf(MSG_ERROR,
+ "Invalid BSS config identifier '%s'",
+ bss_config[i]);
+ goto out;
+ }
+ *fname++ = '\0';
+ iface = hostapd_interface_init_bss(&interfaces, bss_config[i],
+ fname, debug);
+ if (iface == NULL)
+ goto out;
+ for (j = 0; j < interfaces.count; j++) {
+ if (interfaces.iface[j] == iface)
+ break;
+ }
+ if (j == interfaces.count) {
+ struct hostapd_iface **tmp;
+ tmp = os_realloc_array(interfaces.iface,
+ interfaces.count + 1,
+ sizeof(struct hostapd_iface *));
+ if (tmp == NULL) {
+ hostapd_interface_deinit_free(iface);
+ goto out;
+ }
+ interfaces.iface = tmp;
+ interfaces.iface[interfaces.count++] = iface;
+ }
+ }
+
+ /*
+ * Enable configured interfaces. Depending on channel configuration,
+ * this may complete full initialization before returning or use a
+ * callback mechanism to complete setup in case of operations like HT
+ * co-ex scans, ACS, or DFS are needed to determine channel parameters.
+ * In such case, the interface will be enabled from eloop context within
+ * hostapd_global_run().
+ */
+ interfaces.terminate_on_error = interfaces.count;
+ for (i = 0; i < interfaces.count; i++) {
+ if (hostapd_driver_init(interfaces.iface[i]) ||
+ hostapd_setup_interface(interfaces.iface[i]))
goto out;
}
hostapd_global_ctrl_iface_init(&interfaces);
- if (hostapd_global_run(&interfaces, daemonize, pid_file))
+ if (hostapd_global_run(&interfaces, daemonize, pid_file)) {
+ wpa_printf(MSG_ERROR, "Failed to start eloop");
goto out;
+ }
ret = 0;
out:
hostapd_global_ctrl_iface_deinit(&interfaces);
/* Deinitialize all interfaces */
- for (i = 0; i < interfaces.count; i++)
+ for (i = 0; i < interfaces.count; i++) {
+ if (!interfaces.iface[i])
+ continue;
+ interfaces.iface[i]->driver_ap_teardown =
+ !!(interfaces.iface[i]->drv_flags &
+ WPA_DRIVER_FLAGS_AP_TEARDOWN_SUPPORT);
hostapd_interface_deinit_free(interfaces.iface[i]);
+ }
os_free(interfaces.iface);
hostapd_global_deinit(pid_file);
@@ -650,6 +754,9 @@ int main(int argc, char *argv[])
if (log_file)
wpa_debug_close_file();
+ wpa_debug_close_linux_tracing();
+
+ os_free(bss_config);
os_program_deinit();
diff --git a/hostapd/wps-ap-nfc.py b/hostapd/wps-ap-nfc.py
new file mode 100755
index 000000000000..2fc301296e88
--- /dev/null
+++ b/hostapd/wps-ap-nfc.py
@@ -0,0 +1,342 @@
+#!/usr/bin/python
+#
+# Example nfcpy to hostapd wrapper for WPS NFC operations
+# Copyright (c) 2012-2013, Jouni Malinen <j@w1.fi>
+#
+# This software may be distributed under the terms of the BSD license.
+# See README for more details.
+
+import os
+import sys
+import time
+import argparse
+
+import nfc
+import nfc.ndef
+import nfc.llcp
+import nfc.handover
+
+import logging
+
+import wpaspy
+
+wpas_ctrl = '/var/run/hostapd'
+continue_loop = True
+summary_file = None
+success_file = None
+
+def summary(txt):
+ print txt
+ if summary_file:
+ with open(summary_file, 'a') as f:
+ f.write(txt + "\n")
+
+def success_report(txt):
+ summary(txt)
+ if success_file:
+ with open(success_file, 'a') as f:
+ f.write(txt + "\n")
+
+def wpas_connect():
+ ifaces = []
+ if os.path.isdir(wpas_ctrl):
+ try:
+ ifaces = [os.path.join(wpas_ctrl, i) for i in os.listdir(wpas_ctrl)]
+ except OSError, error:
+ print "Could not find hostapd: ", error
+ return None
+
+ if len(ifaces) < 1:
+ print "No hostapd control interface found"
+ return None
+
+ for ctrl in ifaces:
+ try:
+ wpas = wpaspy.Ctrl(ctrl)
+ return wpas
+ except Exception, e:
+ pass
+ return None
+
+
+def wpas_tag_read(message):
+ wpas = wpas_connect()
+ if (wpas == None):
+ return False
+ if "FAIL" in wpas.request("WPS_NFC_TAG_READ " + str(message).encode("hex")):
+ return False
+ return True
+
+
+def wpas_get_config_token():
+ wpas = wpas_connect()
+ if (wpas == None):
+ return None
+ ret = wpas.request("WPS_NFC_CONFIG_TOKEN NDEF")
+ if "FAIL" in ret:
+ return None
+ return ret.rstrip().decode("hex")
+
+
+def wpas_get_password_token():
+ wpas = wpas_connect()
+ if (wpas == None):
+ return None
+ ret = wpas.request("WPS_NFC_TOKEN NDEF")
+ if "FAIL" in ret:
+ return None
+ return ret.rstrip().decode("hex")
+
+
+def wpas_get_handover_sel():
+ wpas = wpas_connect()
+ if (wpas == None):
+ return None
+ ret = wpas.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR")
+ if "FAIL" in ret:
+ return None
+ return ret.rstrip().decode("hex")
+
+
+def wpas_report_handover(req, sel):
+ wpas = wpas_connect()
+ if (wpas == None):
+ return None
+ return wpas.request("NFC_REPORT_HANDOVER RESP WPS " +
+ str(req).encode("hex") + " " +
+ str(sel).encode("hex"))
+
+
+class HandoverServer(nfc.handover.HandoverServer):
+ def __init__(self, llc):
+ super(HandoverServer, self).__init__(llc)
+ self.ho_server_processing = False
+ self.success = False
+
+ # override to avoid parser error in request/response.pretty() in nfcpy
+ # due to new WSC handover format
+ def _process_request(self, request):
+ summary("received handover request {}".format(request.type))
+ response = nfc.ndef.Message("\xd1\x02\x01Hs\x12")
+ if not request.type == 'urn:nfc:wkt:Hr':
+ summary("not a handover request")
+ else:
+ try:
+ request = nfc.ndef.HandoverRequestMessage(request)
+ except nfc.ndef.DecodeError as e:
+ summary("error decoding 'Hr' message: {}".format(e))
+ else:
+ response = self.process_request(request)
+ summary("send handover response {}".format(response.type))
+ return response
+
+ def process_request(self, request):
+ summary("HandoverServer - request received")
+ try:
+ print "Parsed handover request: " + request.pretty()
+ except Exception, e:
+ print e
+ print str(request).encode("hex")
+
+ sel = nfc.ndef.HandoverSelectMessage(version="1.2")
+
+ for carrier in request.carriers:
+ print "Remote carrier type: " + carrier.type
+ if carrier.type == "application/vnd.wfa.wsc":
+ summary("WPS carrier type match - add WPS carrier record")
+ data = wpas_get_handover_sel()
+ if data is None:
+ summary("Could not get handover select carrier record from hostapd")
+ continue
+ print "Handover select carrier record from hostapd:"
+ print data.encode("hex")
+ if "OK" in wpas_report_handover(carrier.record, data):
+ success_report("Handover reported successfully")
+ else:
+ summary("Handover report rejected")
+
+ message = nfc.ndef.Message(data);
+ sel.add_carrier(message[0], "active", message[1:])
+
+ print "Handover select:"
+ try:
+ print sel.pretty()
+ except Exception, e:
+ print e
+ print str(sel).encode("hex")
+
+ summary("Sending handover select")
+ self.success = True
+ return sel
+
+
+def wps_tag_read(tag):
+ success = False
+ if len(tag.ndef.message):
+ for record in tag.ndef.message:
+ print "record type " + record.type
+ if record.type == "application/vnd.wfa.wsc":
+ summary("WPS tag - send to hostapd")
+ success = wpas_tag_read(tag.ndef.message)
+ break
+ else:
+ summary("Empty tag")
+
+ if success:
+ success_report("Tag read succeeded")
+
+ return success
+
+
+def rdwr_connected_write(tag):
+ summary("Tag found - writing - " + str(tag))
+ global write_data
+ tag.ndef.message = str(write_data)
+ success_report("Tag write succeeded")
+ print "Done - remove tag"
+ global only_one
+ if only_one:
+ global continue_loop
+ continue_loop = False
+ global write_wait_remove
+ while write_wait_remove and tag.is_present:
+ time.sleep(0.1)
+
+def wps_write_config_tag(clf, wait_remove=True):
+ summary("Write WPS config token")
+ global write_data, write_wait_remove
+ write_wait_remove = wait_remove
+ write_data = wpas_get_config_token()
+ if write_data == None:
+ summary("Could not get WPS config token from hostapd")
+ return
+
+ print "Touch an NFC tag"
+ clf.connect(rdwr={'on-connect': rdwr_connected_write})
+
+
+def wps_write_password_tag(clf, wait_remove=True):
+ summary("Write WPS password token")
+ global write_data, write_wait_remove
+ write_wait_remove = wait_remove
+ write_data = wpas_get_password_token()
+ if write_data == None:
+ summary("Could not get WPS password token from hostapd")
+ return
+
+ print "Touch an NFC tag"
+ clf.connect(rdwr={'on-connect': rdwr_connected_write})
+
+
+def rdwr_connected(tag):
+ global only_one, no_wait
+ summary("Tag connected: " + str(tag))
+
+ if tag.ndef:
+ print "NDEF tag: " + tag.type
+ try:
+ print tag.ndef.message.pretty()
+ except Exception, e:
+ print e
+ success = wps_tag_read(tag)
+ if only_one and success:
+ global continue_loop
+ continue_loop = False
+ else:
+ summary("Not an NDEF tag - remove tag")
+ return True
+
+ return not no_wait
+
+
+def llcp_startup(clf, llc):
+ print "Start LLCP server"
+ global srv
+ srv = HandoverServer(llc)
+ return llc
+
+def llcp_connected(llc):
+ print "P2P LLCP connected"
+ global wait_connection
+ wait_connection = False
+ global srv
+ srv.start()
+ return True
+
+
+def main():
+ clf = nfc.ContactlessFrontend()
+
+ parser = argparse.ArgumentParser(description='nfcpy to hostapd integration for WPS NFC operations')
+ parser.add_argument('-d', const=logging.DEBUG, default=logging.INFO,
+ action='store_const', dest='loglevel',
+ help='verbose debug output')
+ parser.add_argument('-q', const=logging.WARNING, action='store_const',
+ dest='loglevel', help='be quiet')
+ parser.add_argument('--only-one', '-1', action='store_true',
+ help='run only one operation and exit')
+ parser.add_argument('--no-wait', action='store_true',
+ help='do not wait for tag to be removed before exiting')
+ parser.add_argument('--summary',
+ help='summary file for writing status updates')
+ parser.add_argument('--success',
+ help='success file for writing success update')
+ parser.add_argument('command', choices=['write-config',
+ 'write-password'],
+ nargs='?')
+ args = parser.parse_args()
+
+ global only_one
+ only_one = args.only_one
+
+ global no_wait
+ no_wait = args.no_wait
+
+ if args.summary:
+ global summary_file
+ summary_file = args.summary
+
+ if args.success:
+ global success_file
+ success_file = args.success
+
+ logging.basicConfig(level=args.loglevel)
+
+ try:
+ if not clf.open("usb"):
+ print "Could not open connection with an NFC device"
+ raise SystemExit
+
+ if args.command == "write-config":
+ wps_write_config_tag(clf, wait_remove=not args.no_wait)
+ raise SystemExit
+
+ if args.command == "write-password":
+ wps_write_password_tag(clf, wait_remove=not args.no_wait)
+ raise SystemExit
+
+ global continue_loop
+ while continue_loop:
+ print "Waiting for a tag or peer to be touched"
+ wait_connection = True
+ try:
+ if not clf.connect(rdwr={'on-connect': rdwr_connected},
+ llcp={'on-startup': llcp_startup,
+ 'on-connect': llcp_connected}):
+ break
+ except Exception, e:
+ print "clf.connect failed"
+
+ global srv
+ if only_one and srv and srv.success:
+ raise SystemExit
+
+ except KeyboardInterrupt:
+ raise SystemExit
+ finally:
+ clf.close()
+
+ raise SystemExit
+
+if __name__ == '__main__':
+ main()
diff --git a/hs20/client/Android.mk b/hs20/client/Android.mk
new file mode 100644
index 000000000000..b23ac17b4b62
--- /dev/null
+++ b/hs20/client/Android.mk
@@ -0,0 +1,81 @@
+LOCAL_PATH := $(call my-dir)
+
+INCLUDES = $(LOCAL_PATH)
+INCLUDES += $(LOCAL_PATH)/../../src/utils
+INCLUDES += $(LOCAL_PATH)/../../src/common
+INCLUDES += $(LOCAL_PATH)/../../src
+INCLUDES += external/openssl/include
+INCLUDES += external/libxml2/include
+INCLUDES += external/curl/include
+INCLUDES += external/webkit/Source/WebKit/gtk
+
+# We try to keep this compiling against older platform versions.
+# The new icu location (external/icu) exports its own headers, but
+# the older versions in external/icu4c don't, and we need to add those
+# headers to the include path by hand.
+ifeq ($(wildcard external/icu),)
+INCLUDES += external/icu4c/common
+else
+# The LOCAL_EXPORT_C_INCLUDE_DIRS from ICU did not seem to fully resolve the
+# build (e.g., "mm -B" failed to build, but following that with "mm" allowed
+# the build to complete). For now, add the include directory manually here for
+# Android 5.0.
+ver = $(filter 5.0%,$(PLATFORM_VERSION))
+ifneq (,$(strip $(ver)))
+INCLUDES += external/icu/icu4c/source/common
+endif
+endif
+
+
+L_CFLAGS += -DCONFIG_CTRL_IFACE
+L_CFLAGS += -DCONFIG_CTRL_IFACE_UNIX
+L_CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/data/misc/wifi/sockets\"
+
+OBJS = spp_client.c
+OBJS += oma_dm_client.c
+OBJS += osu_client.c
+OBJS += est.c
+OBJS += ../../src/common/wpa_ctrl.c
+OBJS += ../../src/common/wpa_helpers.c
+OBJS += ../../src/utils/xml-utils.c
+#OBJS += ../../src/utils/browser-android.c
+OBJS += ../../src/utils/browser-wpadebug.c
+OBJS += ../../src/utils/wpabuf.c
+OBJS += ../../src/utils/eloop.c
+OBJS += ../../src/wps/httpread.c
+OBJS += ../../src/wps/http_server.c
+OBJS += ../../src/utils/xml_libxml2.c
+OBJS += ../../src/utils/http_curl.c
+OBJS += ../../src/utils/base64.c
+OBJS += ../../src/utils/os_unix.c
+L_CFLAGS += -DCONFIG_DEBUG_FILE
+OBJS += ../../src/utils/wpa_debug.c
+OBJS += ../../src/utils/common.c
+OBJS += ../../src/crypto/crypto_internal.c
+OBJS += ../../src/crypto/md5-internal.c
+OBJS += ../../src/crypto/sha1-internal.c
+OBJS += ../../src/crypto/sha256-internal.c
+
+L_CFLAGS += -DEAP_TLS_OPENSSL
+
+L_CFLAGS += -Wno-unused-parameter
+
+
+########################
+include $(CLEAR_VARS)
+LOCAL_MODULE := hs20-osu-client
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_SHARED_LIBRARIES := libc libcutils
+LOCAL_SHARED_LIBRARIES += libcrypto libssl
+#LOCAL_SHARED_LIBRARIES += libxml2
+LOCAL_STATIC_LIBRARIES += libxml2
+LOCAL_SHARED_LIBRARIES += libicuuc
+LOCAL_SHARED_LIBRARIES += libcurl
+
+LOCAL_CFLAGS := $(L_CFLAGS)
+LOCAL_SRC_FILES := $(OBJS)
+LOCAL_C_INCLUDES := $(INCLUDES)
+include $(BUILD_EXECUTABLE)
+
+########################
diff --git a/hs20/client/Makefile b/hs20/client/Makefile
new file mode 100644
index 000000000000..ca67b54da2ee
--- /dev/null
+++ b/hs20/client/Makefile
@@ -0,0 +1,94 @@
+all: hs20-osu-client
+
+ifndef CC
+CC=gcc
+endif
+
+ifndef LDO
+LDO=$(CC)
+endif
+
+Q=@
+E=echo
+ifeq ($(V), 1)
+Q=
+E=true
+endif
+
+ifndef CFLAGS
+CFLAGS = -MMD -O2 -Wall -g
+endif
+
+CFLAGS += -I../../src/utils
+CFLAGS += -I../../src/common
+CFLAGS += -I../../src
+
+ifndef CONFIG_NO_BROWSER
+ifndef CONFIG_BROWSER_SYSTEM
+GTKCFLAGS := $(shell pkg-config --cflags gtk+-3.0 webkitgtk-3.0)
+GTKLIBS := $(shell pkg-config --libs gtk+-3.0 webkitgtk-3.0)
+CFLAGS += $(GTKCFLAGS)
+LIBS += $(GTKLIBS)
+endif
+endif
+
+OBJS=spp_client.o
+OBJS += oma_dm_client.o
+OBJS += osu_client.o
+OBJS += est.o
+OBJS += ../../src/utils/xml-utils.o
+CFLAGS += -DCONFIG_CTRL_IFACE
+CFLAGS += -DCONFIG_CTRL_IFACE_UNIX
+OBJS += ../../src/common/wpa_ctrl.o ../../src/common/wpa_helpers.o
+ifdef CONFIG_NO_BROWSER
+CFLAGS += -DCONFIG_NO_BROWSER
+else
+ifdef CONFIG_BROWSER_SYSTEM
+OBJS += ../../src/utils/eloop.o
+OBJS += ../../src/utils/wpabuf.o
+OBJS += ../../src/wps/httpread.o
+OBJS += ../../src/wps/http_server.o
+OBJS += ../../src/utils/browser-system.o
+else
+OBJS += ../../src/utils/browser.o
+endif
+endif
+OBJS += ../../src/utils/xml_libxml2.o
+OBJS += ../../src/utils/http_curl.o
+OBJS += ../../src/utils/base64.o
+OBJS += ../../src/utils/os_unix.o
+CFLAGS += -DCONFIG_DEBUG_FILE
+OBJS += ../../src/utils/wpa_debug.o
+OBJS += ../../src/utils/common.o
+OBJS += ../../src/crypto/crypto_internal.o
+OBJS += ../../src/crypto/md5-internal.o
+OBJS += ../../src/crypto/sha1-internal.o
+OBJS += ../../src/crypto/sha256-internal.o
+
+CFLAGS += $(shell xml2-config --cflags)
+LIBS += $(shell xml2-config --libs)
+LIBS += -lcurl
+
+CFLAGS += -DEAP_TLS_OPENSSL
+LIBS += -lssl -lcrypto
+
+hs20-osu-client: $(OBJS)
+ $(Q)$(LDO) $(LDFLAGS) -o hs20-osu-client $(OBJS) $(LIBS)
+ @$(E) " LD " $@
+
+%.o: %.c
+ $(Q)$(CC) -c -o $@ $(CFLAGS) $<
+ @$(E) " CC " $<
+
+clean:
+ rm -f core *~ *.o *.d hs20-osu-client
+ rm -f ../../src/utils/*.o
+ rm -f ../../src/utils/*.d
+ rm -f ../../src/common/*.o
+ rm -f ../../src/common/*.d
+ rm -f ../../src/crypto/*.o
+ rm -f ../../src/crypto/*.d
+ rm -f ../../src/wps/*.o
+ rm -f ../../src/wps/*.d
+
+-include $(OBJS:%.o=%.d)
diff --git a/hs20/client/devdetail.xml b/hs20/client/devdetail.xml
new file mode 100644
index 000000000000..6d0389e8a133
--- /dev/null
+++ b/hs20/client/devdetail.xml
@@ -0,0 +1,47 @@
+<DevDetail xmlns="urn:oma:mo:oma-dm-devdetail:1.0">
+ <Ext>
+ <org.wi-fi>
+ <Wi-Fi>
+ <EAPMethodList>
+ <EAPMethod1>
+ <EAPType>13</EAPType>
+ </EAPMethod1>
+ <EAPMethod2>
+ <EAPType>21</EAPType>
+ <InnerMethod>MS-CHAP-V2</InnerMethod>
+ </EAPMethod2>
+ <EAPMethod3>
+ <EAPType>18</EAPType>
+ </EAPMethod3>
+ <EAPMethod4>
+ <EAPType>23</EAPType>
+ </EAPMethod4>
+ <EAPMethod5>
+ <EAPType>50</EAPType>
+ </EAPMethod5>
+ </EAPMethodList>
+ <ManufacturingCertificate>false</ManufacturingCertificate>
+ <Wi-FiMACAddress>020102030405</Wi-FiMACAddress>
+ <IMSI>310026000000000</IMSI>
+ <IMEI_MEID>imei:490123456789012</IMEI_MEID>
+ <ClientTriggerRedirectURI>http://localhost:12345/</ClientTriggerRedirectURI>
+ <Ops>
+ <launchBrowserToURI></launchBrowserToURI>
+ <negotiateClientCertTLS></negotiateClientCertTLS>
+ <getCertificate></getCertificate>
+ </Ops>
+ </Wi-Fi>
+ </org.wi-fi>
+ </Ext>
+ <URI>
+ <MaxDepth>0</MaxDepth>
+ <MaxTotLen>0</MaxTotLen>
+ <MaxSegLen>0</MaxSegLen>
+ </URI>
+ <DevType>MobilePhone</DevType>
+ <OEM>Manufacturer</OEM>
+ <FwV>1.0</FwV>
+ <SwV>1.0</SwV>
+ <HwV>1.0</HwV>
+ <LrgObj>false</LrgObj>
+</DevDetail>
diff --git a/hs20/client/devinfo.xml b/hs20/client/devinfo.xml
new file mode 100644
index 000000000000..d48a520a98a1
--- /dev/null
+++ b/hs20/client/devinfo.xml
@@ -0,0 +1,7 @@
+<DevInfo xmlns="urn:oma:mo:oma-dm-devinfo:1.0">
+ <DevId>urn:Example:HS20-station:123456</DevId>
+ <Man>Manufacturer</Man>
+ <Mod>HS20-station</Mod>
+ <DmV>1.2</DmV>
+ <Lang>en</Lang>
+</DevInfo>
diff --git a/hs20/client/est.c b/hs20/client/est.c
new file mode 100644
index 000000000000..ec05bc4e0f62
--- /dev/null
+++ b/hs20/client/est.c
@@ -0,0 +1,715 @@
+/*
+ * Hotspot 2.0 OSU client - EST client
+ * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "includes.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/rsa.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "common.h"
+#include "utils/base64.h"
+#include "utils/xml-utils.h"
+#include "utils/http-utils.h"
+#include "osu_client.h"
+
+
+static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7,
+ size_t len, char *pem_file, char *der_file)
+{
+ PKCS7 *p7 = NULL;
+ const unsigned char *p = pkcs7;
+ STACK_OF(X509) *certs;
+ int i, num, ret = -1;
+ BIO *out = NULL;
+
+ p7 = d2i_PKCS7(NULL, &p, len);
+ if (p7 == NULL) {
+ wpa_printf(MSG_INFO, "Could not parse PKCS#7 object: %s",
+ ERR_error_string(ERR_get_error(), NULL));
+ write_result(ctx, "Could not parse PKCS#7 object from EST");
+ goto fail;
+ }
+
+ switch (OBJ_obj2nid(p7->type)) {
+ case NID_pkcs7_signed:
+ certs = p7->d.sign->cert;
+ break;
+ case NID_pkcs7_signedAndEnveloped:
+ certs = p7->d.signed_and_enveloped->cert;
+ break;
+ default:
+ certs = NULL;
+ break;
+ }
+
+ if (!certs || ((num = sk_X509_num(certs)) == 0)) {
+ wpa_printf(MSG_INFO, "No certificates found in PKCS#7 object");
+ write_result(ctx, "No certificates found in PKCS#7 object");
+ goto fail;
+ }
+
+ if (der_file) {
+ FILE *f = fopen(der_file, "wb");
+ if (f == NULL)
+ goto fail;
+ i2d_X509_fp(f, sk_X509_value(certs, 0));
+ fclose(f);
+ }
+
+ if (pem_file) {
+ out = BIO_new(BIO_s_file());
+ if (out == NULL ||
+ BIO_write_filename(out, pem_file) <= 0)
+ goto fail;
+
+ for (i = 0; i < num; i++) {
+ X509 *cert = sk_X509_value(certs, i);
+ X509_print(out, cert);
+ PEM_write_bio_X509(out, cert);
+ BIO_puts(out, "\n");
+ }
+ }
+
+ ret = 0;
+
+fail:
+ PKCS7_free(p7);
+ if (out)
+ BIO_free_all(out);
+
+ return ret;
+}
+
+
+int est_load_cacerts(struct hs20_osu_client *ctx, const char *url)
+{
+ char *buf, *resp;
+ size_t buflen;
+ unsigned char *pkcs7;
+ size_t pkcs7_len, resp_len;
+ int res;
+
+ buflen = os_strlen(url) + 100;
+ buf = os_malloc(buflen);
+ if (buf == NULL)
+ return -1;
+
+ os_snprintf(buf, buflen, "%s/cacerts", url);
+ wpa_printf(MSG_INFO, "Download EST cacerts from %s", buf);
+ write_summary(ctx, "Download EST cacerts from %s", buf);
+ ctx->no_osu_cert_validation = 1;
+ http_ocsp_set(ctx->http, 1);
+ res = http_download_file(ctx->http, buf, "Cert/est-cacerts.txt",
+ ctx->ca_fname);
+ http_ocsp_set(ctx->http,
+ (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
+ ctx->no_osu_cert_validation = 0;
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "Failed to download EST cacerts from %s",
+ buf);
+ write_result(ctx, "Failed to download EST cacerts from %s",
+ buf);
+ os_free(buf);
+ return -1;
+ }
+ os_free(buf);
+
+ resp = os_readfile("Cert/est-cacerts.txt", &resp_len);
+ if (resp == NULL) {
+ wpa_printf(MSG_INFO, "Could not read Cert/est-cacerts.txt");
+ write_result(ctx, "Could not read EST cacerts");
+ return -1;
+ }
+
+ pkcs7 = base64_decode((unsigned char *) resp, resp_len, &pkcs7_len);
+ if (pkcs7 && pkcs7_len < resp_len / 2) {
+ wpa_printf(MSG_INFO, "Too short base64 decode (%u bytes; downloaded %u bytes) - assume this was binary",
+ (unsigned int) pkcs7_len, (unsigned int) resp_len);
+ os_free(pkcs7);
+ pkcs7 = NULL;
+ }
+ if (pkcs7 == NULL) {
+ wpa_printf(MSG_INFO, "EST workaround - Could not decode base64, assume this is DER encoded PKCS7");
+ pkcs7 = os_malloc(resp_len);
+ if (pkcs7) {
+ os_memcpy(pkcs7, resp, resp_len);
+ pkcs7_len = resp_len;
+ }
+ }
+ os_free(resp);
+
+ if (pkcs7 == NULL) {
+ wpa_printf(MSG_INFO, "Could not fetch PKCS7 cacerts");
+ write_result(ctx, "Could not fetch EST PKCS#7 cacerts");
+ return -1;
+ }
+
+ res = pkcs7_to_cert(ctx, pkcs7, pkcs7_len, "Cert/est-cacerts.pem",
+ NULL);
+ os_free(pkcs7);
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "Could not parse CA certs from PKCS#7 cacerts response");
+ write_result(ctx, "Could not parse CA certs from EST PKCS#7 cacerts response");
+ return -1;
+ }
+ unlink("Cert/est-cacerts.txt");
+
+ return 0;
+}
+
+
+/*
+ * CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID
+ *
+ * AttrOrOID ::= CHOICE {
+ * oid OBJECT IDENTIFIER,
+ * attribute Attribute }
+ *
+ * Attribute ::= SEQUENCE {
+ * type OBJECT IDENTIFIER,
+ * values SET SIZE(1..MAX) OF OBJECT IDENTIFIER }
+ */
+
+typedef struct {
+ ASN1_OBJECT *type;
+ STACK_OF(ASN1_OBJECT) *values;
+} Attribute;
+
+typedef struct {
+ int type;
+ union {
+ ASN1_OBJECT *oid;
+ Attribute *attribute;
+ } d;
+} AttrOrOID;
+
+typedef struct {
+ int type;
+ STACK_OF(AttrOrOID) *attrs;
+} CsrAttrs;
+
+ASN1_SEQUENCE(Attribute) = {
+ ASN1_SIMPLE(Attribute, type, ASN1_OBJECT),
+ ASN1_SET_OF(Attribute, values, ASN1_OBJECT)
+} ASN1_SEQUENCE_END(Attribute);
+
+ASN1_CHOICE(AttrOrOID) = {
+ ASN1_SIMPLE(AttrOrOID, d.oid, ASN1_OBJECT),
+ ASN1_SIMPLE(AttrOrOID, d.attribute, Attribute)
+} ASN1_CHOICE_END(AttrOrOID);
+
+ASN1_CHOICE(CsrAttrs) = {
+ ASN1_SEQUENCE_OF(CsrAttrs, attrs, AttrOrOID)
+} ASN1_CHOICE_END(CsrAttrs);
+
+IMPLEMENT_ASN1_FUNCTIONS(CsrAttrs);
+
+
+static void add_csrattrs_oid(struct hs20_osu_client *ctx, ASN1_OBJECT *oid,
+ STACK_OF(X509_EXTENSION) *exts)
+{
+ char txt[100];
+ int res;
+
+ if (!oid)
+ return;
+
+ res = OBJ_obj2txt(txt, sizeof(txt), oid, 1);
+ if (res < 0 || res >= (int) sizeof(txt))
+ return;
+
+ if (os_strcmp(txt, "1.2.840.113549.1.9.7") == 0) {
+ wpa_printf(MSG_INFO, "TODO: csrattr challengePassword");
+ } else if (os_strcmp(txt, "1.2.840.113549.1.1.11") == 0) {
+ wpa_printf(MSG_INFO, "csrattr sha256WithRSAEncryption");
+ } else {
+ wpa_printf(MSG_INFO, "Ignore unsupported csrattr oid %s", txt);
+ }
+}
+
+
+static void add_csrattrs_ext_req(struct hs20_osu_client *ctx,
+ STACK_OF(ASN1_OBJECT) *values,
+ STACK_OF(X509_EXTENSION) *exts)
+{
+ char txt[100];
+ int i, num, res;
+
+ num = sk_ASN1_OBJECT_num(values);
+ for (i = 0; i < num; i++) {
+ ASN1_OBJECT *oid = sk_ASN1_OBJECT_value(values, i);
+
+ res = OBJ_obj2txt(txt, sizeof(txt), oid, 1);
+ if (res < 0 || res >= (int) sizeof(txt))
+ continue;
+
+ if (os_strcmp(txt, "1.3.6.1.1.1.1.22") == 0) {
+ wpa_printf(MSG_INFO, "TODO: extReq macAddress");
+ } else if (os_strcmp(txt, "1.3.6.1.4.1.40808.1.1.3") == 0) {
+ wpa_printf(MSG_INFO, "TODO: extReq imei");
+ } else if (os_strcmp(txt, "1.3.6.1.4.1.40808.1.1.4") == 0) {
+ wpa_printf(MSG_INFO, "TODO: extReq meid");
+ } else if (os_strcmp(txt, "1.3.6.1.4.1.40808.1.1.5") == 0) {
+ wpa_printf(MSG_INFO, "TODO: extReq DevId");
+ } else {
+ wpa_printf(MSG_INFO, "Ignore unsupported cstattr extensionsRequest %s",
+ txt);
+ }
+ }
+}
+
+
+static void add_csrattrs_attr(struct hs20_osu_client *ctx, Attribute *attr,
+ STACK_OF(X509_EXTENSION) *exts)
+{
+ char txt[100], txt2[100];
+ int i, num, res;
+
+ if (!attr || !attr->type || !attr->values)
+ return;
+
+ res = OBJ_obj2txt(txt, sizeof(txt), attr->type, 1);
+ if (res < 0 || res >= (int) sizeof(txt))
+ return;
+
+ if (os_strcmp(txt, "1.2.840.113549.1.9.14") == 0) {
+ add_csrattrs_ext_req(ctx, attr->values, exts);
+ return;
+ }
+
+ num = sk_ASN1_OBJECT_num(attr->values);
+ for (i = 0; i < num; i++) {
+ ASN1_OBJECT *oid = sk_ASN1_OBJECT_value(attr->values, i);
+
+ res = OBJ_obj2txt(txt2, sizeof(txt2), oid, 1);
+ if (res < 0 || res >= (int) sizeof(txt2))
+ continue;
+
+ wpa_printf(MSG_INFO, "Ignore unsupported cstattr::attr %s oid %s",
+ txt, txt2);
+ }
+}
+
+
+static void add_csrattrs(struct hs20_osu_client *ctx, CsrAttrs *csrattrs,
+ STACK_OF(X509_EXTENSION) *exts)
+{
+ int i, num;
+
+ if (!csrattrs || ! csrattrs->attrs)
+ return;
+
+ num = SKM_sk_num(AttrOrOID, csrattrs->attrs);
+ for (i = 0; i < num; i++) {
+ AttrOrOID *ao = SKM_sk_value(AttrOrOID, csrattrs->attrs, i);
+ switch (ao->type) {
+ case 0:
+ add_csrattrs_oid(ctx, ao->d.oid, exts);
+ break;
+ case 1:
+ add_csrattrs_attr(ctx, ao->d.attribute, exts);
+ break;
+ }
+ }
+}
+
+
+static int generate_csr(struct hs20_osu_client *ctx, char *key_pem,
+ char *csr_pem, char *est_req, char *old_cert,
+ CsrAttrs *csrattrs)
+{
+ EVP_PKEY_CTX *pctx = NULL;
+ EVP_PKEY *pkey = NULL;
+ RSA *rsa;
+ X509_REQ *req = NULL;
+ int ret = -1;
+ unsigned int val;
+ X509_NAME *subj = NULL;
+ char name[100];
+ STACK_OF(X509_EXTENSION) *exts = NULL;
+ X509_EXTENSION *ex;
+ BIO *out;
+
+ wpa_printf(MSG_INFO, "Generate RSA private key");
+ write_summary(ctx, "Generate RSA private key");
+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
+ if (!pctx)
+ return -1;
+
+ if (EVP_PKEY_keygen_init(pctx) <= 0)
+ goto fail;
+
+ if (EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048) <= 0)
+ goto fail;
+
+ if (EVP_PKEY_keygen(pctx, &pkey) <= 0)
+ goto fail;
+ EVP_PKEY_CTX_free(pctx);
+ pctx = NULL;
+
+ rsa = EVP_PKEY_get1_RSA(pkey);
+ if (rsa == NULL)
+ goto fail;
+
+ if (key_pem) {
+ FILE *f = fopen(key_pem, "wb");
+ if (f == NULL)
+ goto fail;
+ if (!PEM_write_RSAPrivateKey(f, rsa, NULL, NULL, 0, NULL,
+ NULL)) {
+ wpa_printf(MSG_INFO, "Could not write private key: %s",
+ ERR_error_string(ERR_get_error(), NULL));
+ fclose(f);
+ goto fail;
+ }
+ fclose(f);
+ }
+
+ wpa_printf(MSG_INFO, "Generate CSR");
+ write_summary(ctx, "Generate CSR");
+ req = X509_REQ_new();
+ if (req == NULL)
+ goto fail;
+
+ if (old_cert) {
+ FILE *f;
+ X509 *cert;
+ int res;
+
+ f = fopen(old_cert, "r");
+ if (f == NULL)
+ goto fail;
+ cert = PEM_read_X509(f, NULL, NULL, NULL);
+ fclose(f);
+
+ if (cert == NULL)
+ goto fail;
+ res = X509_REQ_set_subject_name(req,
+ X509_get_subject_name(cert));
+ X509_free(cert);
+ if (!res)
+ goto fail;
+ } else {
+ os_get_random((u8 *) &val, sizeof(val));
+ os_snprintf(name, sizeof(name), "cert-user-%u", val);
+ subj = X509_NAME_new();
+ if (subj == NULL ||
+ !X509_NAME_add_entry_by_txt(subj, "CN", MBSTRING_ASC,
+ (unsigned char *) name,
+ -1, -1, 0) ||
+ !X509_REQ_set_subject_name(req, subj))
+ goto fail;
+ X509_NAME_free(subj);
+ subj = NULL;
+ }
+
+ if (!X509_REQ_set_pubkey(req, pkey))
+ goto fail;
+
+ exts = sk_X509_EXTENSION_new_null();
+ if (!exts)
+ goto fail;
+
+ ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
+ "CA:FALSE");
+ if (ex == NULL ||
+ !sk_X509_EXTENSION_push(exts, ex))
+ goto fail;
+
+ ex = X509V3_EXT_conf_nid(NULL, NULL, NID_key_usage,
+ "nonRepudiation,digitalSignature,keyEncipherment");
+ if (ex == NULL ||
+ !sk_X509_EXTENSION_push(exts, ex))
+ goto fail;
+
+ ex = X509V3_EXT_conf_nid(NULL, NULL, NID_ext_key_usage,
+ "1.3.6.1.4.1.40808.1.1.2");
+ if (ex == NULL ||
+ !sk_X509_EXTENSION_push(exts, ex))
+ goto fail;
+
+ add_csrattrs(ctx, csrattrs, exts);
+
+ if (!X509_REQ_add_extensions(req, exts))
+ goto fail;
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+ exts = NULL;
+
+ if (!X509_REQ_sign(req, pkey, EVP_sha256()))
+ goto fail;
+
+ out = BIO_new(BIO_s_mem());
+ if (out) {
+ char *txt;
+ size_t rlen;
+
+ X509_REQ_print(out, req);
+ rlen = BIO_ctrl_pending(out);
+ txt = os_malloc(rlen + 1);
+ if (txt) {
+ int res = BIO_read(out, txt, rlen);
+ if (res > 0) {
+ txt[res] = '\0';
+ wpa_printf(MSG_MSGDUMP, "OpenSSL: Certificate request:\n%s",
+ txt);
+ }
+ os_free(txt);
+ }
+ BIO_free(out);
+ }
+
+ if (csr_pem) {
+ FILE *f = fopen(csr_pem, "w");
+ if (f == NULL)
+ goto fail;
+ X509_REQ_print_fp(f, req);
+ if (!PEM_write_X509_REQ(f, req)) {
+ fclose(f);
+ goto fail;
+ }
+ fclose(f);
+ }
+
+ if (est_req) {
+ BIO *mem = BIO_new(BIO_s_mem());
+ BUF_MEM *ptr;
+ char *pos, *end, *buf_end;
+ FILE *f;
+
+ if (mem == NULL)
+ goto fail;
+ if (!PEM_write_bio_X509_REQ(mem, req)) {
+ BIO_free(mem);
+ goto fail;
+ }
+
+ BIO_get_mem_ptr(mem, &ptr);
+ pos = ptr->data;
+ buf_end = pos + ptr->length;
+
+ /* Remove START/END lines */
+ while (pos < buf_end && *pos != '\n')
+ pos++;
+ if (pos == buf_end) {
+ BIO_free(mem);
+ goto fail;
+ }
+ pos++;
+
+ end = pos;
+ while (end < buf_end && *end != '-')
+ end++;
+
+ f = fopen(est_req, "w");
+ if (f == NULL) {
+ BIO_free(mem);
+ goto fail;
+ }
+ fwrite(pos, end - pos, 1, f);
+ fclose(f);
+
+ BIO_free(mem);
+ }
+
+ ret = 0;
+fail:
+ if (exts)
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+ if (subj)
+ X509_NAME_free(subj);
+ if (req)
+ X509_REQ_free(req);
+ if (pkey)
+ EVP_PKEY_free(pkey);
+ if (pctx)
+ EVP_PKEY_CTX_free(pctx);
+ return ret;
+}
+
+
+int est_build_csr(struct hs20_osu_client *ctx, const char *url)
+{
+ char *buf;
+ size_t buflen;
+ int res;
+ char old_cert_buf[200];
+ char *old_cert = NULL;
+ CsrAttrs *csrattrs = NULL;
+
+ buflen = os_strlen(url) + 100;
+ buf = os_malloc(buflen);
+ if (buf == NULL)
+ return -1;
+
+ os_snprintf(buf, buflen, "%s/csrattrs", url);
+ wpa_printf(MSG_INFO, "Download csrattrs from %s", buf);
+ write_summary(ctx, "Download EST csrattrs from %s", buf);
+ ctx->no_osu_cert_validation = 1;
+ http_ocsp_set(ctx->http, 1);
+ res = http_download_file(ctx->http, buf, "Cert/est-csrattrs.txt",
+ ctx->ca_fname);
+ http_ocsp_set(ctx->http,
+ (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
+ ctx->no_osu_cert_validation = 0;
+ os_free(buf);
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "Failed to download EST csrattrs - assume no extra attributes are needed");
+ } else {
+ size_t resp_len;
+ char *resp;
+ unsigned char *attrs;
+ const unsigned char *pos;
+ size_t attrs_len;
+
+ resp = os_readfile("Cert/est-csrattrs.txt", &resp_len);
+ if (resp == NULL) {
+ wpa_printf(MSG_INFO, "Could not read csrattrs");
+ return -1;
+ }
+
+ attrs = base64_decode((unsigned char *) resp, resp_len,
+ &attrs_len);
+ os_free(resp);
+
+ if (attrs == NULL) {
+ wpa_printf(MSG_INFO, "Could not base64 decode csrattrs");
+ return -1;
+ }
+ unlink("Cert/est-csrattrs.txt");
+
+ pos = attrs;
+ csrattrs = d2i_CsrAttrs(NULL, &pos, attrs_len);
+ os_free(attrs);
+ if (csrattrs == NULL) {
+ wpa_printf(MSG_INFO, "Failed to parse csrattrs ASN.1");
+ /* Continue assuming no additional requirements */
+ }
+ }
+
+ if (ctx->client_cert_present) {
+ os_snprintf(old_cert_buf, sizeof(old_cert_buf),
+ "SP/%s/client-cert.pem", ctx->fqdn);
+ old_cert = old_cert_buf;
+ }
+
+ res = generate_csr(ctx, "Cert/privkey-plain.pem", "Cert/est-req.pem",
+ "Cert/est-req.b64", old_cert, csrattrs);
+ if (csrattrs)
+ CsrAttrs_free(csrattrs);
+
+ return res;
+}
+
+
+int est_simple_enroll(struct hs20_osu_client *ctx, const char *url,
+ const char *user, const char *pw)
+{
+ char *buf, *resp, *req, *req2;
+ size_t buflen, resp_len, len, pkcs7_len;
+ unsigned char *pkcs7;
+ FILE *f;
+ char client_cert_buf[200];
+ char client_key_buf[200];
+ const char *client_cert = NULL, *client_key = NULL;
+ int res;
+
+ req = os_readfile("Cert/est-req.b64", &len);
+ if (req == NULL) {
+ wpa_printf(MSG_INFO, "Could not read Cert/req.b64");
+ return -1;
+ }
+ req2 = os_realloc(req, len + 1);
+ if (req2 == NULL) {
+ os_free(req);
+ return -1;
+ }
+ req2[len] = '\0';
+ req = req2;
+ wpa_printf(MSG_DEBUG, "EST simpleenroll request: %s", req);
+
+ buflen = os_strlen(url) + 100;
+ buf = os_malloc(buflen);
+ if (buf == NULL) {
+ os_free(req);
+ return -1;
+ }
+
+ if (ctx->client_cert_present) {
+ os_snprintf(buf, buflen, "%s/simplereenroll", url);
+ os_snprintf(client_cert_buf, sizeof(client_cert_buf),
+ "SP/%s/client-cert.pem", ctx->fqdn);
+ client_cert = client_cert_buf;
+ os_snprintf(client_key_buf, sizeof(client_key_buf),
+ "SP/%s/client-key.pem", ctx->fqdn);
+ client_key = client_key_buf;
+ } else
+ os_snprintf(buf, buflen, "%s/simpleenroll", url);
+ wpa_printf(MSG_INFO, "EST simpleenroll URL: %s", buf);
+ write_summary(ctx, "EST simpleenroll URL: %s", buf);
+ ctx->no_osu_cert_validation = 1;
+ http_ocsp_set(ctx->http, 1);
+ resp = http_post(ctx->http, buf, req, "application/pkcs10",
+ "Content-Transfer-Encoding: base64",
+ ctx->ca_fname, user, pw, client_cert, client_key,
+ &resp_len);
+ http_ocsp_set(ctx->http,
+ (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
+ ctx->no_osu_cert_validation = 0;
+ os_free(buf);
+ if (resp == NULL) {
+ wpa_printf(MSG_INFO, "EST certificate enrollment failed");
+ write_result(ctx, "EST certificate enrollment failed");
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "EST simpleenroll response: %s", resp);
+ f = fopen("Cert/est-resp.raw", "w");
+ if (f) {
+ fwrite(resp, resp_len, 1, f);
+ fclose(f);
+ }
+
+ pkcs7 = base64_decode((unsigned char *) resp, resp_len, &pkcs7_len);
+ if (pkcs7 == NULL) {
+ wpa_printf(MSG_INFO, "EST workaround - Could not decode base64, assume this is DER encoded PKCS7");
+ pkcs7 = os_malloc(resp_len);
+ if (pkcs7) {
+ os_memcpy(pkcs7, resp, resp_len);
+ pkcs7_len = resp_len;
+ }
+ }
+ os_free(resp);
+
+ if (pkcs7 == NULL) {
+ wpa_printf(MSG_INFO, "Failed to parse simpleenroll base64 response");
+ write_result(ctx, "Failed to parse EST simpleenroll base64 response");
+ return -1;
+ }
+
+ res = pkcs7_to_cert(ctx, pkcs7, pkcs7_len, "Cert/est_cert.pem",
+ "Cert/est_cert.der");
+ os_free(pkcs7);
+
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "EST: Failed to extract certificate from PKCS7 file");
+ write_result(ctx, "EST: Failed to extract certificate from EST PKCS7 file");
+ return -1;
+ }
+
+ wpa_printf(MSG_INFO, "EST simple%senroll completed successfully",
+ ctx->client_cert_present ? "re" : "");
+ write_summary(ctx, "EST simple%senroll completed successfully",
+ ctx->client_cert_present ? "re" : "");
+
+ return 0;
+}
diff --git a/hs20/client/oma_dm_client.c b/hs20/client/oma_dm_client.c
new file mode 100644
index 000000000000..5854b726dba2
--- /dev/null
+++ b/hs20/client/oma_dm_client.c
@@ -0,0 +1,1392 @@
+/*
+ * Hotspot 2.0 - OMA DM client
+ * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "wpa_helpers.h"
+#include "xml-utils.h"
+#include "http-utils.h"
+#include "utils/browser.h"
+#include "osu_client.h"
+
+
+#define DM_SERVER_INITIATED_MGMT 1200
+#define DM_CLIENT_INITIATED_MGMT 1201
+#define DM_GENERIC_ALERT 1226
+
+/* OMA-TS-SyncML-RepPro-V1_2_2 - 10. Response Status Codes */
+#define DM_RESP_OK 200
+#define DM_RESP_AUTH_ACCEPTED 212
+#define DM_RESP_CHUNKED_ITEM_ACCEPTED 213
+#define DM_RESP_NOT_EXECUTED 215
+#define DM_RESP_ATOMIC_ROLL_BACK_OK 216
+#define DM_RESP_NOT_MODIFIED 304
+#define DM_RESP_BAD_REQUEST 400
+#define DM_RESP_UNAUTHORIZED 401
+#define DM_RESP_FORBIDDEN 403
+#define DM_RESP_NOT_FOUND 404
+#define DM_RESP_COMMAND_NOT_ALLOWED 405
+#define DM_RESP_OPTIONAL_FEATURE_NOT_SUPPORTED 406
+#define DM_RESP_MISSING_CREDENTIALS 407
+#define DM_RESP_CONFLICT 409
+#define DM_RESP_GONE 410
+#define DM_RESP_INCOMPLETE_COMMAND 412
+#define DM_RESP_REQ_ENTITY_TOO_LARGE 413
+#define DM_RESP_URI_TOO_LONG 414
+#define DM_RESP_UNSUPPORTED_MEDIA_TYPE_OR_FORMAT 415
+#define DM_RESP_REQ_TOO_BIG 416
+#define DM_RESP_ALREADY_EXISTS 418
+#define DM_RESP_DEVICE_FULL 420
+#define DM_RESP_SIZE_MISMATCH 424
+#define DM_RESP_PERMISSION_DENIED 425
+#define DM_RESP_COMMAND_FAILED 500
+#define DM_RESP_COMMAND_NOT_IMPLEMENTED 501
+#define DM_RESP_ATOMIC_ROLL_BACK_FAILED 516
+
+#define DM_HS20_SUBSCRIPTION_CREATION \
+ "org.wi-fi.hotspot2dot0.SubscriptionCreation"
+#define DM_HS20_SUBSCRIPTION_PROVISIONING \
+ "org.wi-fi.hotspot2dot0.SubscriptionProvisioning"
+#define DM_HS20_SUBSCRIPTION_REMEDIATION \
+ "org.wi-fi.hotspot2dot0.SubscriptionRemediation"
+#define DM_HS20_POLICY_UPDATE \
+ "org.wi-fi.hotspot2dot0.PolicyUpdate"
+
+#define DM_URI_PPS "./Wi-Fi/org.wi-fi/PerProviderSubscription"
+#define DM_URI_LAUNCH_BROWSER \
+ "./DevDetail/Ext/org.wi-fi/Wi-Fi/Ops/launchBrowserToURI"
+
+
+static void add_item(struct hs20_osu_client *ctx, xml_node_t *parent,
+ const char *locuri, const char *data);
+
+
+static const char * int2str(int val)
+{
+ static char buf[20];
+ snprintf(buf, sizeof(buf), "%d", val);
+ return buf;
+}
+
+
+static char * oma_dm_get_target_locuri(struct hs20_osu_client *ctx,
+ xml_node_t *node)
+{
+ xml_node_t *locuri;
+ char *uri, *ret = NULL;
+
+ locuri = get_node(ctx->xml, node, "Item/Target/LocURI");
+ if (locuri == NULL)
+ return NULL;
+
+ uri = xml_node_get_text(ctx->xml, locuri);
+ if (uri)
+ ret = os_strdup(uri);
+ xml_node_get_text_free(ctx->xml, uri);
+ return ret;
+}
+
+
+static void oma_dm_add_locuri(struct hs20_osu_client *ctx, xml_node_t *parent,
+ const char *element, const char *uri)
+{
+ xml_node_t *node;
+
+ node = xml_node_create(ctx->xml, parent, NULL, element);
+ if (node == NULL)
+ return;
+ xml_node_create_text(ctx->xml, node, NULL, "LocURI", uri);
+}
+
+
+static xml_node_t * oma_dm_build_hdr(struct hs20_osu_client *ctx,
+ const char *url, int msgid)
+{
+ xml_node_t *syncml, *synchdr;
+ xml_namespace_t *ns;
+
+ syncml = xml_node_create_root(ctx->xml, "SYNCML:SYNCML1.2", NULL, &ns,
+ "SyncML");
+
+ synchdr = xml_node_create(ctx->xml, syncml, NULL, "SyncHdr");
+ xml_node_create_text(ctx->xml, synchdr, NULL, "VerDTD", "1.2");
+ xml_node_create_text(ctx->xml, synchdr, NULL, "VerProto", "DM/1.2");
+ xml_node_create_text(ctx->xml, synchdr, NULL, "SessionID", "1");
+ xml_node_create_text(ctx->xml, synchdr, NULL, "MsgID", int2str(msgid));
+
+ oma_dm_add_locuri(ctx, synchdr, "Target", url);
+ oma_dm_add_locuri(ctx, synchdr, "Source", ctx->devid);
+
+ return syncml;
+}
+
+
+static void oma_dm_add_cmdid(struct hs20_osu_client *ctx, xml_node_t *parent,
+ int cmdid)
+{
+ xml_node_create_text(ctx->xml, parent, NULL, "CmdID", int2str(cmdid));
+}
+
+
+static xml_node_t * add_alert(struct hs20_osu_client *ctx, xml_node_t *parent,
+ int cmdid, int data)
+{
+ xml_node_t *node;
+
+ node = xml_node_create(ctx->xml, parent, NULL, "Alert");
+ if (node == NULL)
+ return NULL;
+ oma_dm_add_cmdid(ctx, node, cmdid);
+ xml_node_create_text(ctx->xml, node, NULL, "Data", int2str(data));
+
+ return node;
+}
+
+
+static xml_node_t * add_status(struct hs20_osu_client *ctx, xml_node_t *parent,
+ int msgref, int cmdref, int cmdid,
+ const char *cmd, int data, const char *targetref)
+{
+ xml_node_t *node;
+
+ node = xml_node_create(ctx->xml, parent, NULL, "Status");
+ if (node == NULL)
+ return NULL;
+ oma_dm_add_cmdid(ctx, node, cmdid);
+ xml_node_create_text(ctx->xml, node, NULL, "MsgRef", int2str(msgref));
+ if (cmdref)
+ xml_node_create_text(ctx->xml, node, NULL, "CmdRef",
+ int2str(cmdref));
+ xml_node_create_text(ctx->xml, node, NULL, "Cmd", cmd);
+ xml_node_create_text(ctx->xml, node, NULL, "Data", int2str(data));
+ if (targetref) {
+ xml_node_create_text(ctx->xml, node, NULL, "TargetRef",
+ targetref);
+ }
+
+ return node;
+}
+
+
+static xml_node_t * add_results(struct hs20_osu_client *ctx, xml_node_t *parent,
+ int msgref, int cmdref, int cmdid,
+ const char *locuri, const char *data)
+{
+ xml_node_t *node;
+
+ node = xml_node_create(ctx->xml, parent, NULL, "Results");
+ if (node == NULL)
+ return NULL;
+
+ oma_dm_add_cmdid(ctx, node, cmdid);
+ xml_node_create_text(ctx->xml, node, NULL, "MsgRef", int2str(msgref));
+ xml_node_create_text(ctx->xml, node, NULL, "CmdRef", int2str(cmdref));
+ add_item(ctx, node, locuri, data);
+
+ return node;
+}
+
+
+static char * mo_str(struct hs20_osu_client *ctx, const char *urn,
+ const char *fname)
+{
+ xml_node_t *fnode, *tnds;
+ char *str;
+
+ fnode = node_from_file(ctx->xml, fname);
+ if (!fnode)
+ return NULL;
+ tnds = mo_to_tnds(ctx->xml, fnode, 0, urn, "syncml:dmddf1.2");
+ xml_node_free(ctx->xml, fnode);
+ if (!tnds)
+ return NULL;
+
+ str = xml_node_to_str(ctx->xml, tnds);
+ xml_node_free(ctx->xml, tnds);
+ if (str == NULL)
+ return NULL;
+ wpa_printf(MSG_INFO, "MgmtTree: %s", str);
+
+ return str;
+}
+
+
+static void add_item(struct hs20_osu_client *ctx, xml_node_t *parent,
+ const char *locuri, const char *data)
+{
+ xml_node_t *item, *node;
+
+ item = xml_node_create(ctx->xml, parent, NULL, "Item");
+ oma_dm_add_locuri(ctx, item, "Source", locuri);
+ node = xml_node_create(ctx->xml, item, NULL, "Meta");
+ xml_node_create_text_ns(ctx->xml, node, "syncml:metinf", "Format",
+ "Chr");
+ xml_node_create_text_ns(ctx->xml, node, "syncml:metinf", "Type",
+ "text/plain");
+ xml_node_create_text(ctx->xml, item, NULL, "Data", data);
+}
+
+
+static void add_replace_devinfo(struct hs20_osu_client *ctx, xml_node_t *parent,
+ int cmdid)
+{
+ xml_node_t *info, *child, *replace;
+ const char *name;
+ char locuri[200], *txt;
+
+ info = node_from_file(ctx->xml, "devinfo.xml");
+ if (info == NULL) {
+ wpa_printf(MSG_INFO, "Could not read devinfo.xml");
+ return;
+ }
+
+ replace = xml_node_create(ctx->xml, parent, NULL, "Replace");
+ if (replace == NULL) {
+ xml_node_free(ctx->xml, info);
+ return;
+ }
+ oma_dm_add_cmdid(ctx, replace, cmdid);
+
+ xml_node_for_each_child(ctx->xml, child, info) {
+ xml_node_for_each_check(ctx->xml, child);
+ name = xml_node_get_localname(ctx->xml, child);
+ os_snprintf(locuri, sizeof(locuri), "./DevInfo/%s", name);
+ txt = xml_node_get_text(ctx->xml, child);
+ if (txt) {
+ add_item(ctx, replace, locuri, txt);
+ xml_node_get_text_free(ctx->xml, txt);
+ }
+ }
+
+ xml_node_free(ctx->xml, info);
+}
+
+
+static void oma_dm_add_hs20_generic_alert(struct hs20_osu_client *ctx,
+ xml_node_t *syncbody,
+ int cmdid, const char *oper,
+ const char *data)
+{
+ xml_node_t *node, *item;
+ char buf[200];
+
+ node = add_alert(ctx, syncbody, cmdid, DM_GENERIC_ALERT);
+
+ item = xml_node_create(ctx->xml, node, NULL, "Item");
+ oma_dm_add_locuri(ctx, item, "Source", DM_URI_PPS);
+ node = xml_node_create(ctx->xml, item, NULL, "Meta");
+ snprintf(buf, sizeof(buf), "Reversed-Domain-Name: %s", oper);
+ xml_node_create_text_ns(ctx->xml, node, "syncml:metinf", "Type", buf);
+ xml_node_create_text_ns(ctx->xml, node, "syncml:metinf", "Format",
+ "xml");
+ xml_node_create_text(ctx->xml, item, NULL, "Data", data);
+}
+
+
+static xml_node_t * build_oma_dm_1(struct hs20_osu_client *ctx,
+ const char *url, int msgid, const char *oper)
+{
+ xml_node_t *syncml, *syncbody;
+ char *str;
+ int cmdid = 0;
+
+ syncml = oma_dm_build_hdr(ctx, url, msgid);
+ if (syncml == NULL)
+ return NULL;
+
+ syncbody = xml_node_create(ctx->xml, syncml, NULL, "SyncBody");
+ if (syncbody == NULL) {
+ xml_node_free(ctx->xml, syncml);
+ return NULL;
+ }
+
+ cmdid++;
+ add_alert(ctx, syncbody, cmdid, DM_CLIENT_INITIATED_MGMT);
+
+ str = mo_str(ctx, NULL, "devdetail.xml");
+ if (str == NULL) {
+ xml_node_free(ctx->xml, syncml);
+ return NULL;
+ }
+ cmdid++;
+ oma_dm_add_hs20_generic_alert(ctx, syncbody, cmdid, oper, str);
+ os_free(str);
+
+ cmdid++;
+ add_replace_devinfo(ctx, syncbody, cmdid);
+
+ xml_node_create(ctx->xml, syncbody, NULL, "Final");
+
+ return syncml;
+}
+
+
+static xml_node_t * build_oma_dm_1_sub_reg(struct hs20_osu_client *ctx,
+ const char *url, int msgid)
+{
+ xml_node_t *syncml;
+
+ syncml = build_oma_dm_1(ctx, url, msgid, DM_HS20_SUBSCRIPTION_CREATION);
+ if (syncml)
+ debug_dump_node(ctx, "OMA-DM Package 1 (sub reg)", syncml);
+
+ return syncml;
+}
+
+
+static xml_node_t * build_oma_dm_1_sub_prov(struct hs20_osu_client *ctx,
+ const char *url, int msgid)
+{
+ xml_node_t *syncml;
+
+ syncml = build_oma_dm_1(ctx, url, msgid,
+ DM_HS20_SUBSCRIPTION_PROVISIONING);
+ if (syncml)
+ debug_dump_node(ctx, "OMA-DM Package 1 (sub prov)", syncml);
+
+ return syncml;
+}
+
+
+static xml_node_t * build_oma_dm_1_pol_upd(struct hs20_osu_client *ctx,
+ const char *url, int msgid)
+{
+ xml_node_t *syncml;
+
+ syncml = build_oma_dm_1(ctx, url, msgid, DM_HS20_POLICY_UPDATE);
+ if (syncml)
+ debug_dump_node(ctx, "OMA-DM Package 1 (pol upd)", syncml);
+
+ return syncml;
+}
+
+
+static xml_node_t * build_oma_dm_1_sub_rem(struct hs20_osu_client *ctx,
+ const char *url, int msgid)
+{
+ xml_node_t *syncml;
+
+ syncml = build_oma_dm_1(ctx, url, msgid,
+ DM_HS20_SUBSCRIPTION_REMEDIATION);
+ if (syncml)
+ debug_dump_node(ctx, "OMA-DM Package 1 (sub rem)", syncml);
+
+ return syncml;
+}
+
+
+static int oma_dm_exec_browser(struct hs20_osu_client *ctx, xml_node_t *exec)
+{
+ xml_node_t *node;
+ char *data;
+ int res;
+
+ node = get_node(ctx->xml, exec, "Item/Data");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "No Data node found");
+ return DM_RESP_BAD_REQUEST;
+ }
+
+ data = xml_node_get_text(ctx->xml, node);
+ if (data == NULL) {
+ wpa_printf(MSG_INFO, "Invalid data");
+ return DM_RESP_BAD_REQUEST;
+ }
+ wpa_printf(MSG_INFO, "Data: %s", data);
+ wpa_printf(MSG_INFO, "Launch browser to URI '%s'", data);
+ write_summary(ctx, "Launch browser to URI '%s'", data);
+ res = hs20_web_browser(data);
+ xml_node_get_text_free(ctx->xml, data);
+ if (res > 0) {
+ wpa_printf(MSG_INFO, "User response in browser completed successfully");
+ write_summary(ctx, "User response in browser completed successfully");
+ return DM_RESP_OK;
+ } else {
+ wpa_printf(MSG_INFO, "Failed to receive user response");
+ write_summary(ctx, "Failed to receive user response");
+ return DM_RESP_COMMAND_FAILED;
+ }
+}
+
+
+static int oma_dm_exec_get_cert(struct hs20_osu_client *ctx, xml_node_t *exec)
+{
+ xml_node_t *node, *getcert;
+ char *data;
+ const char *name;
+ int res;
+
+ wpa_printf(MSG_INFO, "Client certificate enrollment");
+ write_summary(ctx, "Client certificate enrollment");
+
+ node = get_node(ctx->xml, exec, "Item/Data");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "No Data node found");
+ return DM_RESP_BAD_REQUEST;
+ }
+
+ data = xml_node_get_text(ctx->xml, node);
+ if (data == NULL) {
+ wpa_printf(MSG_INFO, "Invalid data");
+ return DM_RESP_BAD_REQUEST;
+ }
+ wpa_printf(MSG_INFO, "Data: %s", data);
+ getcert = xml_node_from_buf(ctx->xml, data);
+ xml_node_get_text_free(ctx->xml, data);
+
+ if (getcert == NULL) {
+ wpa_printf(MSG_INFO, "Could not parse Item/Data node contents");
+ return DM_RESP_BAD_REQUEST;
+ }
+
+ debug_dump_node(ctx, "OMA-DM getCertificate", getcert);
+
+ name = xml_node_get_localname(ctx->xml, getcert);
+ if (name == NULL || os_strcasecmp(name, "getCertificate") != 0) {
+ wpa_printf(MSG_INFO, "Unexpected getCertificate node name '%s'",
+ name);
+ return DM_RESP_BAD_REQUEST;
+ }
+
+ res = osu_get_certificate(ctx, getcert);
+
+ xml_node_free(ctx->xml, getcert);
+
+ return res == 0 ? DM_RESP_OK : DM_RESP_COMMAND_FAILED;
+}
+
+
+static int oma_dm_exec(struct hs20_osu_client *ctx, xml_node_t *exec)
+{
+ char *locuri;
+ int ret;
+
+ locuri = oma_dm_get_target_locuri(ctx, exec);
+ if (locuri == NULL) {
+ wpa_printf(MSG_INFO, "No Target LocURI node found");
+ return DM_RESP_BAD_REQUEST;
+ }
+
+ wpa_printf(MSG_INFO, "Target LocURI: %s", locuri);
+
+ if (os_strcasecmp(locuri, "./DevDetail/Ext/org.wi-fi/Wi-Fi/Ops/"
+ "launchBrowserToURI") == 0) {
+ ret = oma_dm_exec_browser(ctx, exec);
+ } else if (os_strcasecmp(locuri, "./DevDetail/Ext/org.wi-fi/Wi-Fi/Ops/"
+ "getCertificate") == 0) {
+ ret = oma_dm_exec_get_cert(ctx, exec);
+ } else {
+ wpa_printf(MSG_INFO, "Unsupported exec Target LocURI");
+ ret = DM_RESP_NOT_FOUND;
+ }
+ os_free(locuri);
+
+ return ret;
+}
+
+
+static int oma_dm_run_add(struct hs20_osu_client *ctx, const char *locuri,
+ xml_node_t *add, xml_node_t *pps,
+ const char *pps_fname)
+{
+ const char *pos;
+ size_t fqdn_len;
+ xml_node_t *node, *tnds, *unode, *pps_node;
+ char *data, *uri, *upos, *end;
+ int use_tnds = 0;
+ size_t uri_len;
+
+ wpa_printf(MSG_INFO, "Add command target LocURI: %s", locuri);
+
+ if (os_strncasecmp(locuri, "./Wi-Fi/", 8) != 0) {
+ wpa_printf(MSG_INFO, "Do not allow Add outside ./Wi-Fi");
+ return DM_RESP_PERMISSION_DENIED;
+ }
+ pos = locuri + 8;
+
+ if (ctx->fqdn == NULL)
+ return DM_RESP_COMMAND_FAILED;
+ fqdn_len = os_strlen(ctx->fqdn);
+ if (os_strncasecmp(pos, ctx->fqdn, fqdn_len) != 0 ||
+ pos[fqdn_len] != '/') {
+ wpa_printf(MSG_INFO, "Do not allow Add outside ./Wi-Fi/%s",
+ ctx->fqdn);
+ return DM_RESP_PERMISSION_DENIED;
+ }
+ pos += fqdn_len + 1;
+
+ if (os_strncasecmp(pos, "PerProviderSubscription/", 24) != 0) {
+ wpa_printf(MSG_INFO,
+ "Do not allow Add outside ./Wi-Fi/%s/PerProviderSubscription",
+ ctx->fqdn);
+ return DM_RESP_PERMISSION_DENIED;
+ }
+ pos += 24;
+
+ wpa_printf(MSG_INFO, "Add command for PPS node %s", pos);
+
+ pps_node = get_node(ctx->xml, pps, pos);
+ if (pps_node) {
+ wpa_printf(MSG_INFO, "Specified PPS node exists already");
+ return DM_RESP_ALREADY_EXISTS;
+ }
+
+ uri = os_strdup(pos);
+ if (uri == NULL)
+ return DM_RESP_COMMAND_FAILED;
+ while (!pps_node) {
+ upos = os_strrchr(uri, '/');
+ if (!upos)
+ break;
+ upos[0] = '\0';
+ pps_node = get_node(ctx->xml, pps, uri);
+ wpa_printf(MSG_INFO, "Node %s %s", uri,
+ pps_node ? "exists" : "does not exist");
+ }
+
+ wpa_printf(MSG_INFO, "Parent URI: %s", uri);
+
+ if (!pps_node) {
+ /* Add at root of PPS MO */
+ pps_node = pps;
+ }
+
+ uri_len = os_strlen(uri);
+ os_strlcpy(uri, pos + uri_len, os_strlen(pos));
+ upos = uri;
+ while (*upos == '/')
+ upos++;
+ wpa_printf(MSG_INFO, "Nodes to add: %s", upos);
+
+ for (;;) {
+ end = os_strchr(upos, '/');
+ if (!end)
+ break;
+ *end = '\0';
+ wpa_printf(MSG_INFO, "Adding interim node %s", upos);
+ pps_node = xml_node_create(ctx->xml, pps_node, NULL, upos);
+ if (pps_node == NULL) {
+ os_free(uri);
+ return DM_RESP_COMMAND_FAILED;
+ }
+ upos = end + 1;
+ }
+
+ wpa_printf(MSG_INFO, "Adding node %s", upos);
+
+ node = get_node(ctx->xml, add, "Item/Meta/Type");
+ if (node) {
+ char *type;
+ type = xml_node_get_text(ctx->xml, node);
+ if (type == NULL) {
+ wpa_printf(MSG_ERROR, "Could not find type text");
+ os_free(uri);
+ return DM_RESP_BAD_REQUEST;
+ }
+ use_tnds = node &&
+ os_strstr(type, "application/vnd.syncml.dmtnds+xml");
+ }
+
+ node = get_node(ctx->xml, add, "Item/Data");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "No Add/Item/Data found");
+ os_free(uri);
+ return DM_RESP_BAD_REQUEST;
+ }
+
+ data = xml_node_get_text(ctx->xml, node);
+ if (data == NULL) {
+ wpa_printf(MSG_INFO, "Could not get Add/Item/Data text");
+ os_free(uri);
+ return DM_RESP_BAD_REQUEST;
+ }
+
+ wpa_printf(MSG_DEBUG, "Add/Item/Data: %s", data);
+
+ if (use_tnds) {
+ tnds = xml_node_from_buf(ctx->xml, data);
+ xml_node_get_text_free(ctx->xml, data);
+ if (tnds == NULL) {
+ wpa_printf(MSG_INFO,
+ "Could not parse Add/Item/Data text");
+ os_free(uri);
+ return DM_RESP_BAD_REQUEST;
+ }
+
+ unode = tnds_to_mo(ctx->xml, tnds);
+ xml_node_free(ctx->xml, tnds);
+ if (unode == NULL) {
+ wpa_printf(MSG_INFO, "Could not parse TNDS text");
+ os_free(uri);
+ return DM_RESP_BAD_REQUEST;
+ }
+
+ debug_dump_node(ctx, "Parsed TNDS", unode);
+
+ xml_node_add_child(ctx->xml, pps_node, unode);
+ } else {
+ /* TODO: What to do here? */
+ os_free(uri);
+ return DM_RESP_BAD_REQUEST;
+ }
+
+ os_free(uri);
+
+ if (update_pps_file(ctx, pps_fname, pps) < 0)
+ return DM_RESP_COMMAND_FAILED;
+
+ ctx->pps_updated = 1;
+
+ return DM_RESP_OK;
+}
+
+
+static int oma_dm_add(struct hs20_osu_client *ctx, xml_node_t *add,
+ xml_node_t *pps, const char *pps_fname)
+{
+ xml_node_t *node;
+ char *locuri;
+ char fname[300];
+ int ret;
+
+ node = get_node(ctx->xml, add, "Item/Target/LocURI");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "No Target LocURI node found");
+ return DM_RESP_BAD_REQUEST;
+ }
+ locuri = xml_node_get_text(ctx->xml, node);
+ if (locuri == NULL) {
+ wpa_printf(MSG_ERROR, "No LocURI node text found");
+ return DM_RESP_BAD_REQUEST;
+ }
+ wpa_printf(MSG_INFO, "Target LocURI: %s", locuri);
+ if (os_strncasecmp(locuri, "./Wi-Fi/", 8) != 0) {
+ wpa_printf(MSG_INFO, "Unsupported Add Target LocURI");
+ xml_node_get_text_free(ctx->xml, locuri);
+ return DM_RESP_PERMISSION_DENIED;
+ }
+
+ node = get_node(ctx->xml, add, "Item/Data");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "No Data node found");
+ xml_node_get_text_free(ctx->xml, locuri);
+ return DM_RESP_BAD_REQUEST;
+ }
+
+ if (pps_fname && os_file_exists(pps_fname)) {
+ ret = oma_dm_run_add(ctx, locuri, add, pps, pps_fname);
+ if (ret != DM_RESP_OK) {
+ xml_node_get_text_free(ctx->xml, locuri);
+ return ret;
+ }
+ ret = 0;
+ os_strlcpy(fname, pps_fname, sizeof(fname));
+ } else
+ ret = hs20_add_pps_mo(ctx, locuri, node, fname, sizeof(fname));
+ xml_node_get_text_free(ctx->xml, locuri);
+ if (ret < 0)
+ return ret == -2 ? DM_RESP_ALREADY_EXISTS :
+ DM_RESP_COMMAND_FAILED;
+
+ if (ctx->no_reconnect == 2) {
+ os_snprintf(ctx->pps_fname, sizeof(ctx->pps_fname), "%s",
+ fname);
+ ctx->pps_cred_set = 1;
+ return DM_RESP_OK;
+ }
+
+ wpa_printf(MSG_INFO, "Updating wpa_supplicant credentials");
+ cmd_set_pps(ctx, fname);
+
+ if (ctx->no_reconnect)
+ return DM_RESP_OK;
+
+ wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
+ if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0)
+ wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
+
+ return DM_RESP_OK;
+}
+
+
+static int oma_dm_replace(struct hs20_osu_client *ctx, xml_node_t *replace,
+ xml_node_t *pps, const char *pps_fname)
+{
+ char *locuri, *pos;
+ size_t fqdn_len;
+ xml_node_t *node, *tnds, *unode, *pps_node, *parent;
+ char *data;
+ int use_tnds = 0;
+
+ locuri = oma_dm_get_target_locuri(ctx, replace);
+ if (locuri == NULL)
+ return DM_RESP_BAD_REQUEST;
+
+ wpa_printf(MSG_INFO, "Replace command target LocURI: %s", locuri);
+ if (os_strncasecmp(locuri, "./Wi-Fi/", 8) != 0) {
+ wpa_printf(MSG_INFO, "Do not allow Replace outside ./Wi-Fi");
+ os_free(locuri);
+ return DM_RESP_PERMISSION_DENIED;
+ }
+ pos = locuri + 8;
+
+ if (ctx->fqdn == NULL) {
+ os_free(locuri);
+ return DM_RESP_COMMAND_FAILED;
+ }
+ fqdn_len = os_strlen(ctx->fqdn);
+ if (os_strncasecmp(pos, ctx->fqdn, fqdn_len) != 0 ||
+ pos[fqdn_len] != '/') {
+ wpa_printf(MSG_INFO, "Do not allow Replace outside ./Wi-Fi/%s",
+ ctx->fqdn);
+ os_free(locuri);
+ return DM_RESP_PERMISSION_DENIED;
+ }
+ pos += fqdn_len + 1;
+
+ if (os_strncasecmp(pos, "PerProviderSubscription/", 24) != 0) {
+ wpa_printf(MSG_INFO,
+ "Do not allow Replace outside ./Wi-Fi/%s/PerProviderSubscription",
+ ctx->fqdn);
+ os_free(locuri);
+ return DM_RESP_PERMISSION_DENIED;
+ }
+ pos += 24;
+
+ wpa_printf(MSG_INFO, "Replace command for PPS node %s", pos);
+
+ pps_node = get_node(ctx->xml, pps, pos);
+ if (pps_node == NULL) {
+ wpa_printf(MSG_INFO, "Specified PPS node not found");
+ os_free(locuri);
+ return DM_RESP_NOT_FOUND;
+ }
+
+ node = get_node(ctx->xml, replace, "Item/Meta/Type");
+ if (node) {
+ char *type;
+ type = xml_node_get_text(ctx->xml, node);
+ if (type == NULL) {
+ wpa_printf(MSG_INFO, "Could not find type text");
+ os_free(locuri);
+ return DM_RESP_BAD_REQUEST;
+ }
+ use_tnds = node &&
+ os_strstr(type, "application/vnd.syncml.dmtnds+xml");
+ }
+
+ node = get_node(ctx->xml, replace, "Item/Data");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "No Replace/Item/Data found");
+ os_free(locuri);
+ return DM_RESP_BAD_REQUEST;
+ }
+
+ data = xml_node_get_text(ctx->xml, node);
+ if (data == NULL) {
+ wpa_printf(MSG_INFO, "Could not get Replace/Item/Data text");
+ os_free(locuri);
+ return DM_RESP_BAD_REQUEST;
+ }
+
+ wpa_printf(MSG_DEBUG, "Replace/Item/Data: %s", data);
+
+ if (use_tnds) {
+ tnds = xml_node_from_buf(ctx->xml, data);
+ xml_node_get_text_free(ctx->xml, data);
+ if (tnds == NULL) {
+ wpa_printf(MSG_INFO,
+ "Could not parse Replace/Item/Data text");
+ os_free(locuri);
+ return DM_RESP_BAD_REQUEST;
+ }
+
+ unode = tnds_to_mo(ctx->xml, tnds);
+ xml_node_free(ctx->xml, tnds);
+ if (unode == NULL) {
+ wpa_printf(MSG_INFO, "Could not parse TNDS text");
+ os_free(locuri);
+ return DM_RESP_BAD_REQUEST;
+ }
+
+ debug_dump_node(ctx, "Parsed TNDS", unode);
+
+ parent = xml_node_get_parent(ctx->xml, pps_node);
+ xml_node_detach(ctx->xml, pps_node);
+ xml_node_add_child(ctx->xml, parent, unode);
+ } else {
+ xml_node_set_text(ctx->xml, pps_node, data);
+ xml_node_get_text_free(ctx->xml, data);
+ }
+
+ os_free(locuri);
+
+ if (update_pps_file(ctx, pps_fname, pps) < 0)
+ return DM_RESP_COMMAND_FAILED;
+
+ ctx->pps_updated = 1;
+
+ return DM_RESP_OK;
+}
+
+
+static int oma_dm_get(struct hs20_osu_client *ctx, xml_node_t *get,
+ xml_node_t *pps, const char *pps_fname, char **value)
+{
+ char *locuri, *pos;
+ size_t fqdn_len;
+ xml_node_t *pps_node;
+ const char *name;
+
+ *value = NULL;
+
+ locuri = oma_dm_get_target_locuri(ctx, get);
+ if (locuri == NULL)
+ return DM_RESP_BAD_REQUEST;
+
+ wpa_printf(MSG_INFO, "Get command target LocURI: %s", locuri);
+ if (os_strncasecmp(locuri, "./Wi-Fi/", 8) != 0) {
+ wpa_printf(MSG_INFO, "Do not allow Get outside ./Wi-Fi");
+ os_free(locuri);
+ return DM_RESP_PERMISSION_DENIED;
+ }
+ pos = locuri + 8;
+
+ if (ctx->fqdn == NULL)
+ return DM_RESP_COMMAND_FAILED;
+ fqdn_len = os_strlen(ctx->fqdn);
+ if (os_strncasecmp(pos, ctx->fqdn, fqdn_len) != 0 ||
+ pos[fqdn_len] != '/') {
+ wpa_printf(MSG_INFO, "Do not allow Get outside ./Wi-Fi/%s",
+ ctx->fqdn);
+ os_free(locuri);
+ return DM_RESP_PERMISSION_DENIED;
+ }
+ pos += fqdn_len + 1;
+
+ if (os_strncasecmp(pos, "PerProviderSubscription/", 24) != 0) {
+ wpa_printf(MSG_INFO,
+ "Do not allow Get outside ./Wi-Fi/%s/PerProviderSubscription",
+ ctx->fqdn);
+ os_free(locuri);
+ return DM_RESP_PERMISSION_DENIED;
+ }
+ pos += 24;
+
+ wpa_printf(MSG_INFO, "Get command for PPS node %s", pos);
+
+ pps_node = get_node(ctx->xml, pps, pos);
+ if (pps_node == NULL) {
+ wpa_printf(MSG_INFO, "Specified PPS node not found");
+ os_free(locuri);
+ return DM_RESP_NOT_FOUND;
+ }
+
+ name = xml_node_get_localname(ctx->xml, pps_node);
+ wpa_printf(MSG_INFO, "Get command returned node with name '%s'", name);
+ if (os_strcasecmp(name, "Password") == 0) {
+ wpa_printf(MSG_INFO, "Do not allow Get for Password node");
+ os_free(locuri);
+ return DM_RESP_PERMISSION_DENIED;
+ }
+
+ /*
+ * TODO: No support for DMTNDS, so if interior node, reply with a
+ * list of children node names in Results element. The child list type is
+ * defined in [DMTND].
+ */
+
+ *value = xml_node_get_text(ctx->xml, pps_node);
+ if (*value == NULL)
+ return DM_RESP_COMMAND_FAILED;
+
+ return DM_RESP_OK;
+}
+
+
+static int oma_dm_get_cmdid(struct hs20_osu_client *ctx, xml_node_t *node)
+{
+ xml_node_t *cnode;
+ char *str;
+ int ret;
+
+ cnode = get_node(ctx->xml, node, "CmdID");
+ if (cnode == NULL)
+ return 0;
+
+ str = xml_node_get_text(ctx->xml, cnode);
+ if (str == NULL)
+ return 0;
+ ret = atoi(str);
+ xml_node_get_text_free(ctx->xml, str);
+ return ret;
+}
+
+
+static xml_node_t * oma_dm_send_recv(struct hs20_osu_client *ctx,
+ const char *url, xml_node_t *syncml,
+ const char *ext_hdr,
+ const char *username, const char *password,
+ const char *client_cert,
+ const char *client_key)
+{
+ xml_node_t *resp;
+ char *str, *res;
+ char *resp_uri = NULL;
+
+ str = xml_node_to_str(ctx->xml, syncml);
+ xml_node_free(ctx->xml, syncml);
+ if (str == NULL)
+ return NULL;
+
+ wpa_printf(MSG_INFO, "Send OMA DM Package");
+ write_summary(ctx, "Send OMA DM Package");
+ os_free(ctx->server_url);
+ ctx->server_url = os_strdup(url);
+ res = http_post(ctx->http, url, str, "application/vnd.syncml.dm+xml",
+ ext_hdr, ctx->ca_fname, username, password,
+ client_cert, client_key, NULL);
+ os_free(str);
+ os_free(resp_uri);
+ resp_uri = NULL;
+
+ if (res == NULL) {
+ const char *err = http_get_err(ctx->http);
+ if (err) {
+ wpa_printf(MSG_INFO, "HTTP error: %s", err);
+ write_result(ctx, "HTTP error: %s", err);
+ } else {
+ write_summary(ctx, "Failed to send OMA DM Package");
+ }
+ return NULL;
+ }
+ wpa_printf(MSG_DEBUG, "Server response: %s", res);
+
+ wpa_printf(MSG_INFO, "Process OMA DM Package");
+ write_summary(ctx, "Process received OMA DM Package");
+ resp = xml_node_from_buf(ctx->xml, res);
+ os_free(res);
+ if (resp == NULL) {
+ wpa_printf(MSG_INFO, "Failed to parse OMA DM response");
+ return NULL;
+ }
+
+ debug_dump_node(ctx, "OMA DM Package", resp);
+
+ return resp;
+}
+
+
+static xml_node_t * oma_dm_process(struct hs20_osu_client *ctx, const char *url,
+ xml_node_t *resp, int msgid,
+ char **ret_resp_uri,
+ xml_node_t *pps, const char *pps_fname)
+{
+ xml_node_t *syncml, *syncbody, *hdr, *body, *child;
+ const char *name;
+ char *resp_uri = NULL;
+ int server_msgid = 0;
+ int cmdid = 0;
+ int server_cmdid;
+ int resp_needed = 0;
+ char *tmp;
+ int final = 0;
+ char *locuri;
+
+ *ret_resp_uri = NULL;
+
+ name = xml_node_get_localname(ctx->xml, resp);
+ if (name == NULL || os_strcasecmp(name, "SyncML") != 0) {
+ wpa_printf(MSG_INFO, "SyncML node not found");
+ return NULL;
+ }
+
+ hdr = get_node(ctx->xml, resp, "SyncHdr");
+ body = get_node(ctx->xml, resp, "SyncBody");
+ if (hdr == NULL || body == NULL) {
+ wpa_printf(MSG_INFO, "Could not find SyncHdr or SyncBody");
+ return NULL;
+ }
+
+ xml_node_for_each_child(ctx->xml, child, hdr) {
+ xml_node_for_each_check(ctx->xml, child);
+ name = xml_node_get_localname(ctx->xml, child);
+ wpa_printf(MSG_INFO, "SyncHdr %s", name);
+ if (os_strcasecmp(name, "RespURI") == 0) {
+ tmp = xml_node_get_text(ctx->xml, child);
+ if (tmp)
+ resp_uri = os_strdup(tmp);
+ xml_node_get_text_free(ctx->xml, tmp);
+ } else if (os_strcasecmp(name, "MsgID") == 0) {
+ tmp = xml_node_get_text(ctx->xml, child);
+ if (tmp)
+ server_msgid = atoi(tmp);
+ xml_node_get_text_free(ctx->xml, tmp);
+ }
+ }
+
+ wpa_printf(MSG_INFO, "Server MsgID: %d", server_msgid);
+ if (resp_uri)
+ wpa_printf(MSG_INFO, "RespURI: %s", resp_uri);
+
+ syncml = oma_dm_build_hdr(ctx, resp_uri ? resp_uri : url, msgid);
+ if (syncml == NULL) {
+ os_free(resp_uri);
+ return NULL;
+ }
+
+ syncbody = xml_node_create(ctx->xml, syncml, NULL, "SyncBody");
+ cmdid++;
+ add_status(ctx, syncbody, server_msgid, 0, cmdid, "SyncHdr",
+ DM_RESP_AUTH_ACCEPTED, NULL);
+
+ xml_node_for_each_child(ctx->xml, child, body) {
+ xml_node_for_each_check(ctx->xml, child);
+ server_cmdid = oma_dm_get_cmdid(ctx, child);
+ name = xml_node_get_localname(ctx->xml, child);
+ wpa_printf(MSG_INFO, "SyncBody CmdID=%d - %s",
+ server_cmdid, name);
+ if (os_strcasecmp(name, "Exec") == 0) {
+ int res = oma_dm_exec(ctx, child);
+ cmdid++;
+ locuri = oma_dm_get_target_locuri(ctx, child);
+ if (locuri == NULL)
+ res = DM_RESP_BAD_REQUEST;
+ add_status(ctx, syncbody, server_msgid, server_cmdid,
+ cmdid, name, res, locuri);
+ os_free(locuri);
+ resp_needed = 1;
+ } else if (os_strcasecmp(name, "Add") == 0) {
+ int res = oma_dm_add(ctx, child, pps, pps_fname);
+ cmdid++;
+ locuri = oma_dm_get_target_locuri(ctx, child);
+ if (locuri == NULL)
+ res = DM_RESP_BAD_REQUEST;
+ add_status(ctx, syncbody, server_msgid, server_cmdid,
+ cmdid, name, res, locuri);
+ os_free(locuri);
+ resp_needed = 1;
+ } else if (os_strcasecmp(name, "Replace") == 0) {
+ int res;
+ res = oma_dm_replace(ctx, child, pps, pps_fname);
+ cmdid++;
+ locuri = oma_dm_get_target_locuri(ctx, child);
+ if (locuri == NULL)
+ res = DM_RESP_BAD_REQUEST;
+ add_status(ctx, syncbody, server_msgid, server_cmdid,
+ cmdid, name, res, locuri);
+ os_free(locuri);
+ resp_needed = 1;
+ } else if (os_strcasecmp(name, "Status") == 0) {
+ /* TODO: Verify success */
+ } else if (os_strcasecmp(name, "Get") == 0) {
+ int res;
+ char *value;
+ res = oma_dm_get(ctx, child, pps, pps_fname, &value);
+ cmdid++;
+ locuri = oma_dm_get_target_locuri(ctx, child);
+ if (locuri == NULL)
+ res = DM_RESP_BAD_REQUEST;
+ add_status(ctx, syncbody, server_msgid, server_cmdid,
+ cmdid, name, res, locuri);
+ if (res == DM_RESP_OK && value) {
+ cmdid++;
+ add_results(ctx, syncbody, server_msgid,
+ server_cmdid, cmdid, locuri, value);
+ }
+ os_free(locuri);
+ xml_node_get_text_free(ctx->xml, value);
+ resp_needed = 1;
+#if 0 /* TODO: MUST support */
+ } else if (os_strcasecmp(name, "Delete") == 0) {
+#endif
+#if 0 /* TODO: MUST support */
+ } else if (os_strcasecmp(name, "Sequence") == 0) {
+#endif
+ } else if (os_strcasecmp(name, "Final") == 0) {
+ final = 1;
+ break;
+ } else {
+ locuri = oma_dm_get_target_locuri(ctx, child);
+ add_status(ctx, syncbody, server_msgid, server_cmdid,
+ cmdid, name, DM_RESP_COMMAND_NOT_IMPLEMENTED,
+ locuri);
+ os_free(locuri);
+ resp_needed = 1;
+ }
+ }
+
+ if (!final) {
+ wpa_printf(MSG_INFO, "Final node not found");
+ xml_node_free(ctx->xml, syncml);
+ os_free(resp_uri);
+ return NULL;
+ }
+
+ if (!resp_needed) {
+ wpa_printf(MSG_INFO, "Exchange completed - no response needed");
+ xml_node_free(ctx->xml, syncml);
+ os_free(resp_uri);
+ return NULL;
+ }
+
+ xml_node_create(ctx->xml, syncbody, NULL, "Final");
+
+ debug_dump_node(ctx, "OMA-DM Package 3", syncml);
+
+ *ret_resp_uri = resp_uri;
+ return syncml;
+}
+
+
+int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url)
+{
+ xml_node_t *syncml, *resp;
+ char *resp_uri = NULL;
+ int msgid = 0;
+
+ if (url == NULL) {
+ wpa_printf(MSG_INFO, "Invalid prov command (missing URL)");
+ return -1;
+ }
+
+ wpa_printf(MSG_INFO, "OMA-DM credential provisioning requested");
+ write_summary(ctx, "OMA-DM credential provisioning");
+
+ msgid++;
+ syncml = build_oma_dm_1_sub_reg(ctx, url, msgid);
+ if (syncml == NULL)
+ return -1;
+
+ while (syncml) {
+ resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : url,
+ syncml, NULL, NULL, NULL, NULL, NULL);
+ if (resp == NULL)
+ return -1;
+
+ msgid++;
+ syncml = oma_dm_process(ctx, url, resp, msgid, &resp_uri,
+ NULL, NULL);
+ xml_node_free(ctx->xml, resp);
+ }
+
+ os_free(resp_uri);
+
+ return ctx->pps_cred_set ? 0 : -1;
+}
+
+
+int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url)
+{
+ xml_node_t *syncml, *resp;
+ char *resp_uri = NULL;
+ int msgid = 0;
+
+ if (url == NULL) {
+ wpa_printf(MSG_INFO, "Invalid prov command (missing URL)");
+ return -1;
+ }
+
+ wpa_printf(MSG_INFO, "OMA-DM SIM provisioning requested");
+ ctx->no_reconnect = 2;
+
+ wpa_printf(MSG_INFO, "Wait for IP address before starting SIM provisioning");
+ write_summary(ctx, "Wait for IP address before starting SIM provisioning");
+
+ if (wait_ip_addr(ctx->ifname, 15) < 0) {
+ wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
+ }
+ write_summary(ctx, "OMA-DM SIM provisioning");
+
+ msgid++;
+ syncml = build_oma_dm_1_sub_prov(ctx, url, msgid);
+ if (syncml == NULL)
+ return -1;
+
+ while (syncml) {
+ resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : url,
+ syncml, NULL, NULL, NULL, NULL, NULL);
+ if (resp == NULL)
+ return -1;
+
+ msgid++;
+ syncml = oma_dm_process(ctx, url, resp, msgid, &resp_uri,
+ NULL, NULL);
+ xml_node_free(ctx->xml, resp);
+ }
+
+ os_free(resp_uri);
+
+ if (ctx->pps_cred_set) {
+ wpa_printf(MSG_INFO, "Updating wpa_supplicant credentials");
+ cmd_set_pps(ctx, ctx->pps_fname);
+
+ wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
+ write_summary(ctx, "Requesting reconnection with updated configuration");
+ if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
+ wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
+ write_summary(ctx, "Failed to request wpa_supplicant to reconnect");
+ return -1;
+ }
+ }
+
+ return ctx->pps_cred_set ? 0 : -1;
+}
+
+
+void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
+ const char *pps_fname,
+ const char *client_cert, const char *client_key,
+ const char *cred_username, const char *cred_password,
+ xml_node_t *pps)
+{
+ xml_node_t *syncml, *resp;
+ char *resp_uri = NULL;
+ int msgid = 0;
+
+ wpa_printf(MSG_INFO, "OMA-DM policy update");
+ write_summary(ctx, "OMA-DM policy update");
+
+ msgid++;
+ syncml = build_oma_dm_1_pol_upd(ctx, address, msgid);
+ if (syncml == NULL)
+ return;
+
+ while (syncml) {
+ resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : address,
+ syncml, NULL, cred_username,
+ cred_password, client_cert, client_key);
+ if (resp == NULL)
+ return;
+
+ msgid++;
+ syncml = oma_dm_process(ctx, address, resp, msgid, &resp_uri,
+ pps, pps_fname);
+ xml_node_free(ctx->xml, resp);
+ }
+
+ os_free(resp_uri);
+
+ if (ctx->pps_updated) {
+ wpa_printf(MSG_INFO, "Update wpa_supplicant credential based on updated PPS MO");
+ write_summary(ctx, "Update wpa_supplicant credential based on updated PPS MO and request connection");
+ cmd_set_pps(ctx, pps_fname);
+ if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
+ wpa_printf(MSG_INFO,
+ "Failed to request wpa_supplicant to reconnect");
+ write_summary(ctx,
+ "Failed to request wpa_supplicant to reconnect");
+ }
+ }
+}
+
+
+void oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
+ const char *pps_fname,
+ const char *client_cert, const char *client_key,
+ const char *cred_username, const char *cred_password,
+ xml_node_t *pps)
+{
+ xml_node_t *syncml, *resp;
+ char *resp_uri = NULL;
+ int msgid = 0;
+
+ wpa_printf(MSG_INFO, "OMA-DM subscription remediation");
+ write_summary(ctx, "OMA-DM subscription remediation");
+
+ msgid++;
+ syncml = build_oma_dm_1_sub_rem(ctx, address, msgid);
+ if (syncml == NULL)
+ return;
+
+ while (syncml) {
+ resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : address,
+ syncml, NULL, cred_username,
+ cred_password, client_cert, client_key);
+ if (resp == NULL)
+ return;
+
+ msgid++;
+ syncml = oma_dm_process(ctx, address, resp, msgid, &resp_uri,
+ pps, pps_fname);
+ xml_node_free(ctx->xml, resp);
+ }
+
+ os_free(resp_uri);
+
+ wpa_printf(MSG_INFO, "Update wpa_supplicant credential based on updated PPS MO and request reconnection");
+ write_summary(ctx, "Update wpa_supplicant credential based on updated PPS MO and request reconnection");
+ cmd_set_pps(ctx, pps_fname);
+ if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
+ wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
+ write_summary(ctx, "Failed to request wpa_supplicant to reconnect");
+ }
+}
+
+
+void cmd_oma_dm_add(struct hs20_osu_client *ctx, const char *pps_fname,
+ const char *add_fname)
+{
+ xml_node_t *pps, *add;
+ int res;
+
+ ctx->fqdn = os_strdup("wi-fi.org");
+
+ pps = node_from_file(ctx->xml, pps_fname);
+ if (pps == NULL) {
+ wpa_printf(MSG_INFO, "PPS file %s could not be parsed",
+ pps_fname);
+ return;
+ }
+
+ add = node_from_file(ctx->xml, add_fname);
+ if (add == NULL) {
+ wpa_printf(MSG_INFO, "Add file %s could not be parsed",
+ add_fname);
+ xml_node_free(ctx->xml, pps);
+ return;
+ }
+
+ res = oma_dm_add(ctx, add, pps, pps_fname);
+ wpa_printf(MSG_INFO, "oma_dm_add --> %d", res);
+
+ xml_node_free(ctx->xml, pps);
+ xml_node_free(ctx->xml, add);
+}
+
+
+void cmd_oma_dm_replace(struct hs20_osu_client *ctx, const char *pps_fname,
+ const char *replace_fname)
+{
+ xml_node_t *pps, *replace;
+ int res;
+
+ ctx->fqdn = os_strdup("wi-fi.org");
+
+ pps = node_from_file(ctx->xml, pps_fname);
+ if (pps == NULL) {
+ wpa_printf(MSG_INFO, "PPS file %s could not be parsed",
+ pps_fname);
+ return;
+ }
+
+ replace = node_from_file(ctx->xml, replace_fname);
+ if (replace == NULL) {
+ wpa_printf(MSG_INFO, "Replace file %s could not be parsed",
+ replace_fname);
+ xml_node_free(ctx->xml, pps);
+ return;
+ }
+
+ res = oma_dm_replace(ctx, replace, pps, pps_fname);
+ wpa_printf(MSG_INFO, "oma_dm_replace --> %d", res);
+
+ xml_node_free(ctx->xml, pps);
+ xml_node_free(ctx->xml, replace);
+}
diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c
new file mode 100644
index 000000000000..de7f351da244
--- /dev/null
+++ b/hs20/client/osu_client.c
@@ -0,0 +1,3227 @@
+/*
+ * Hotspot 2.0 OSU client
+ * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "includes.h"
+#include <time.h>
+#include <sys/stat.h>
+#ifdef ANDROID
+#include "private/android_filesystem_config.h"
+#endif /* ANDROID */
+
+#include "common.h"
+#include "utils/browser.h"
+#include "utils/base64.h"
+#include "utils/xml-utils.h"
+#include "utils/http-utils.h"
+#include "common/wpa_ctrl.h"
+#include "common/wpa_helpers.h"
+#include "eap_common/eap_defs.h"
+#include "crypto/crypto.h"
+#include "crypto/sha256.h"
+#include "osu_client.h"
+
+
+void write_result(struct hs20_osu_client *ctx, const char *fmt, ...)
+{
+ va_list ap;
+ FILE *f;
+ char buf[500];
+
+ va_start(ap, fmt);
+ vsnprintf(buf, sizeof(buf), fmt, ap);
+ va_end(ap);
+ write_summary(ctx, "%s", buf);
+
+ if (!ctx->result_file)
+ return;
+
+ f = fopen(ctx->result_file, "w");
+ if (f == NULL)
+ return;
+
+ va_start(ap, fmt);
+ vfprintf(f, fmt, ap);
+ va_end(ap);
+ fprintf(f, "\n");
+ fclose(f);
+}
+
+
+void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...)
+{
+ va_list ap;
+ FILE *f;
+
+ if (!ctx->summary_file)
+ return;
+
+ f = fopen(ctx->summary_file, "a");
+ if (f == NULL)
+ return;
+
+ va_start(ap, fmt);
+ vfprintf(f, fmt, ap);
+ va_end(ap);
+ fprintf(f, "\n");
+ fclose(f);
+}
+
+
+void debug_dump_node(struct hs20_osu_client *ctx, const char *title,
+ xml_node_t *node)
+{
+ char *str = xml_node_to_str(ctx->xml, node);
+ wpa_printf(MSG_DEBUG, "[hs20] %s: '%s'", title, str);
+ free(str);
+}
+
+
+static int valid_fqdn(const char *fqdn)
+{
+ const char *pos;
+
+ /* TODO: could make this more complete.. */
+ if (strchr(fqdn, '.') == 0 || strlen(fqdn) > 255)
+ return 0;
+ for (pos = fqdn; *pos; pos++) {
+ if (*pos >= 'a' && *pos <= 'z')
+ continue;
+ if (*pos >= 'A' && *pos <= 'Z')
+ continue;
+ if (*pos >= '0' && *pos <= '9')
+ continue;
+ if (*pos == '-' || *pos == '.' || *pos == '_')
+ continue;
+ return 0;
+ }
+ return 1;
+}
+
+
+int osu_get_certificate(struct hs20_osu_client *ctx, xml_node_t *getcert)
+{
+ xml_node_t *node;
+ char *url, *user = NULL, *pw = NULL;
+ char *proto;
+ int ret = -1;
+
+ proto = xml_node_get_attr_value(ctx->xml, getcert,
+ "enrollmentProtocol");
+ if (!proto)
+ return -1;
+ wpa_printf(MSG_INFO, "getCertificate - enrollmentProtocol=%s", proto);
+ write_summary(ctx, "getCertificate - enrollmentProtocol=%s", proto);
+ if (os_strcasecmp(proto, "EST") != 0) {
+ wpa_printf(MSG_INFO, "Unsupported enrollmentProtocol");
+ xml_node_get_attr_value_free(ctx->xml, proto);
+ return -1;
+ }
+ xml_node_get_attr_value_free(ctx->xml, proto);
+
+ node = get_node(ctx->xml, getcert, "enrollmentServerURI");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "Could not find enrollmentServerURI node");
+ xml_node_get_attr_value_free(ctx->xml, proto);
+ return -1;
+ }
+ url = xml_node_get_text(ctx->xml, node);
+ if (url == NULL) {
+ wpa_printf(MSG_INFO, "Could not get URL text");
+ return -1;
+ }
+ wpa_printf(MSG_INFO, "enrollmentServerURI: %s", url);
+ write_summary(ctx, "enrollmentServerURI: %s", url);
+
+ node = get_node(ctx->xml, getcert, "estUserID");
+ if (node == NULL && !ctx->client_cert_present) {
+ wpa_printf(MSG_INFO, "Could not find estUserID node");
+ goto fail;
+ }
+ if (node) {
+ user = xml_node_get_text(ctx->xml, node);
+ if (user == NULL) {
+ wpa_printf(MSG_INFO, "Could not get estUserID text");
+ goto fail;
+ }
+ wpa_printf(MSG_INFO, "estUserID: %s", user);
+ write_summary(ctx, "estUserID: %s", user);
+ }
+
+ node = get_node(ctx->xml, getcert, "estPassword");
+ if (node == NULL && !ctx->client_cert_present) {
+ wpa_printf(MSG_INFO, "Could not find estPassword node");
+ goto fail;
+ }
+ if (node) {
+ pw = xml_node_get_base64_text(ctx->xml, node, NULL);
+ if (pw == NULL) {
+ wpa_printf(MSG_INFO, "Could not get estPassword text");
+ goto fail;
+ }
+ wpa_printf(MSG_INFO, "estPassword: %s", pw);
+ }
+
+ mkdir("Cert", S_IRWXU);
+ if (est_load_cacerts(ctx, url) < 0 ||
+ est_build_csr(ctx, url) < 0 ||
+ est_simple_enroll(ctx, url, user, pw) < 0)
+ goto fail;
+
+ ret = 0;
+fail:
+ xml_node_get_text_free(ctx->xml, url);
+ xml_node_get_text_free(ctx->xml, user);
+ xml_node_get_text_free(ctx->xml, pw);
+
+ return ret;
+}
+
+
+static int process_est_cert(struct hs20_osu_client *ctx, xml_node_t *cert,
+ const char *fqdn)
+{
+ u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
+ char *der, *pem;
+ size_t der_len, pem_len;
+ char *fingerprint;
+ char buf[200];
+
+ wpa_printf(MSG_INFO, "PPS for certificate credential - fqdn=%s", fqdn);
+
+ fingerprint = xml_node_get_text(ctx->xml, cert);
+ if (fingerprint == NULL)
+ return -1;
+ if (hexstr2bin(fingerprint, digest1, SHA256_MAC_LEN) < 0) {
+ wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
+ write_result(ctx, "Invalid client certificate SHA256 hash value in PPS");
+ xml_node_get_text_free(ctx->xml, fingerprint);
+ return -1;
+ }
+ xml_node_get_text_free(ctx->xml, fingerprint);
+
+ der = os_readfile("Cert/est_cert.der", &der_len);
+ if (der == NULL) {
+ wpa_printf(MSG_INFO, "Could not find client certificate from EST");
+ write_result(ctx, "Could not find client certificate from EST");
+ return -1;
+ }
+
+ if (sha256_vector(1, (const u8 **) &der, &der_len, digest2) < 0) {
+ os_free(der);
+ return -1;
+ }
+ os_free(der);
+
+ if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
+ wpa_printf(MSG_INFO, "Client certificate from EST does not match fingerprint from PPS MO");
+ write_result(ctx, "Client certificate from EST does not match fingerprint from PPS MO");
+ return -1;
+ }
+
+ wpa_printf(MSG_INFO, "Client certificate from EST matches PPS MO");
+ unlink("Cert/est_cert.der");
+
+ os_snprintf(buf, sizeof(buf), "SP/%s/client-ca.pem", fqdn);
+ if (rename("Cert/est-cacerts.pem", buf) < 0) {
+ wpa_printf(MSG_INFO, "Could not move est-cacerts.pem to client-ca.pem: %s",
+ strerror(errno));
+ return -1;
+ }
+ pem = os_readfile(buf, &pem_len);
+
+ os_snprintf(buf, sizeof(buf), "SP/%s/client-cert.pem", fqdn);
+ if (rename("Cert/est_cert.pem", buf) < 0) {
+ wpa_printf(MSG_INFO, "Could not move est_cert.pem to client-cert.pem: %s",
+ strerror(errno));
+ os_free(pem);
+ return -1;
+ }
+
+ if (pem) {
+ FILE *f = fopen(buf, "a");
+ if (f) {
+ fwrite(pem, pem_len, 1, f);
+ fclose(f);
+ }
+ os_free(pem);
+ }
+
+ os_snprintf(buf, sizeof(buf), "SP/%s/client-key.pem", fqdn);
+ if (rename("Cert/privkey-plain.pem", buf) < 0) {
+ wpa_printf(MSG_INFO, "Could not move privkey-plain.pem to client-key.pem: %s",
+ strerror(errno));
+ return -1;
+ }
+
+ unlink("Cert/est-req.b64");
+ unlink("Cert/est-req.pem");
+ unlink("Cert/est-resp.raw");
+ rmdir("Cert");
+
+ return 0;
+}
+
+
+#define TMP_CERT_DL_FILE "tmp-cert-download"
+
+static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params,
+ const char *fname)
+{
+ xml_node_t *url_node, *hash_node;
+ char *url, *hash;
+ char *cert;
+ size_t len;
+ u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
+ int res;
+ unsigned char *b64;
+ FILE *f;
+
+ url_node = get_node(ctx->xml, params, "CertURL");
+ hash_node = get_node(ctx->xml, params, "CertSHA256Fingerprint");
+ if (url_node == NULL || hash_node == NULL)
+ return -1;
+ url = xml_node_get_text(ctx->xml, url_node);
+ hash = xml_node_get_text(ctx->xml, hash_node);
+ if (url == NULL || hash == NULL) {
+ xml_node_get_text_free(ctx->xml, url);
+ xml_node_get_text_free(ctx->xml, hash);
+ return -1;
+ }
+
+ wpa_printf(MSG_INFO, "CertURL: %s", url);
+ wpa_printf(MSG_INFO, "SHA256 hash: %s", hash);
+
+ if (hexstr2bin(hash, digest1, SHA256_MAC_LEN) < 0) {
+ wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
+ write_result(ctx, "Invalid SHA256 hash value for downloaded certificate");
+ xml_node_get_text_free(ctx->xml, hash);
+ return -1;
+ }
+ xml_node_get_text_free(ctx->xml, hash);
+
+ write_summary(ctx, "Download certificate from %s", url);
+ ctx->no_osu_cert_validation = 1;
+ http_ocsp_set(ctx->http, 1);
+ res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL);
+ http_ocsp_set(ctx->http,
+ (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
+ ctx->no_osu_cert_validation = 0;
+ xml_node_get_text_free(ctx->xml, url);
+ if (res < 0)
+ return -1;
+
+ cert = os_readfile(TMP_CERT_DL_FILE, &len);
+ remove(TMP_CERT_DL_FILE);
+ if (cert == NULL)
+ return -1;
+
+ if (sha256_vector(1, (const u8 **) &cert, &len, digest2) < 0) {
+ os_free(cert);
+ return -1;
+ }
+
+ if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
+ wpa_printf(MSG_INFO, "Downloaded certificate fingerprint did not match");
+ write_result(ctx, "Downloaded certificate fingerprint did not match");
+ os_free(cert);
+ return -1;
+ }
+
+ b64 = base64_encode((unsigned char *) cert, len, NULL);
+ os_free(cert);
+ if (b64 == NULL)
+ return -1;
+
+ f = fopen(fname, "wb");
+ if (f == NULL) {
+ os_free(b64);
+ return -1;
+ }
+
+ fprintf(f, "-----BEGIN CERTIFICATE-----\n"
+ "%s"
+ "-----END CERTIFICATE-----\n",
+ b64);
+
+ os_free(b64);
+ fclose(f);
+
+ wpa_printf(MSG_INFO, "Downloaded certificate into %s and validated fingerprint",
+ fname);
+ write_summary(ctx, "Downloaded certificate into %s and validated fingerprint",
+ fname);
+
+ return 0;
+}
+
+
+static int cmd_dl_osu_ca(struct hs20_osu_client *ctx, const char *pps_fname,
+ const char *ca_fname)
+{
+ xml_node_t *pps, *node;
+ int ret;
+
+ pps = node_from_file(ctx->xml, pps_fname);
+ if (pps == NULL) {
+ wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
+ return -1;
+ }
+
+ node = get_child_node(ctx->xml, pps,
+ "SubscriptionUpdate/TrustRoot");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "No SubscriptionUpdate/TrustRoot/CertURL found from PPS");
+ xml_node_free(ctx->xml, pps);
+ return -1;
+ }
+
+ ret = download_cert(ctx, node, ca_fname);
+ xml_node_free(ctx->xml, pps);
+
+ return ret;
+}
+
+
+static int cmd_dl_polupd_ca(struct hs20_osu_client *ctx, const char *pps_fname,
+ const char *ca_fname)
+{
+ xml_node_t *pps, *node;
+ int ret;
+
+ pps = node_from_file(ctx->xml, pps_fname);
+ if (pps == NULL) {
+ wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
+ return -1;
+ }
+
+ node = get_child_node(ctx->xml, pps,
+ "Policy/PolicyUpdate/TrustRoot");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "No Policy/PolicyUpdate/TrustRoot/CertURL found from PPS");
+ xml_node_free(ctx->xml, pps);
+ return -1;
+ }
+
+ ret = download_cert(ctx, node, ca_fname);
+ xml_node_free(ctx->xml, pps);
+
+ return ret;
+}
+
+
+static int cmd_dl_aaa_ca(struct hs20_osu_client *ctx, const char *pps_fname,
+ const char *ca_fname)
+{
+ xml_node_t *pps, *node, *aaa;
+ int ret;
+
+ pps = node_from_file(ctx->xml, pps_fname);
+ if (pps == NULL) {
+ wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
+ return -1;
+ }
+
+ node = get_child_node(ctx->xml, pps,
+ "AAAServerTrustRoot");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
+ xml_node_free(ctx->xml, pps);
+ return -1;
+ }
+
+ aaa = xml_node_first_child(ctx->xml, node);
+ if (aaa == NULL) {
+ wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
+ xml_node_free(ctx->xml, pps);
+ return -1;
+ }
+
+ ret = download_cert(ctx, aaa, ca_fname);
+ xml_node_free(ctx->xml, pps);
+
+ return ret;
+}
+
+
+static int download_trust_roots(struct hs20_osu_client *ctx,
+ const char *pps_fname)
+{
+ char *dir, *pos;
+ char fname[300];
+ int ret;
+
+ dir = os_strdup(pps_fname);
+ if (dir == NULL)
+ return -1;
+ pos = os_strrchr(dir, '/');
+ if (pos == NULL) {
+ os_free(dir);
+ return -1;
+ }
+ *pos = '\0';
+
+ snprintf(fname, sizeof(fname), "%s/ca.pem", dir);
+ ret = cmd_dl_osu_ca(ctx, pps_fname, fname);
+ snprintf(fname, sizeof(fname), "%s/polupd-ca.pem", dir);
+ cmd_dl_polupd_ca(ctx, pps_fname, fname);
+ snprintf(fname, sizeof(fname), "%s/aaa-ca.pem", dir);
+ cmd_dl_aaa_ca(ctx, pps_fname, fname);
+
+ os_free(dir);
+
+ return ret;
+}
+
+
+static int server_dnsname_suffix_match(struct hs20_osu_client *ctx,
+ const char *fqdn)
+{
+ size_t match_len, len, i;
+ const char *val;
+
+ match_len = os_strlen(fqdn);
+
+ for (i = 0; i < ctx->server_dnsname_count; i++) {
+ wpa_printf(MSG_INFO,
+ "Checking suffix match against server dNSName %s",
+ ctx->server_dnsname[i]);
+ val = ctx->server_dnsname[i];
+ len = os_strlen(val);
+
+ if (match_len > len)
+ continue;
+
+ if (os_strncasecmp(val + len - match_len, fqdn, match_len) != 0)
+ continue; /* no match */
+
+ if (match_len == len)
+ return 1; /* exact match */
+
+ if (val[len - match_len - 1] == '.')
+ return 1; /* full label match completes suffix match */
+
+ /* Reject due to incomplete label match */
+ }
+
+ /* None of the dNSName(s) matched */
+ return 0;
+}
+
+
+int hs20_add_pps_mo(struct hs20_osu_client *ctx, const char *uri,
+ xml_node_t *add_mo, char *fname, size_t fname_len)
+{
+ char *str;
+ char *fqdn, *pos;
+ xml_node_t *tnds, *mo, *cert;
+ const char *name;
+ int ret;
+
+ if (strncmp(uri, "./Wi-Fi/", 8) != 0) {
+ wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO: '%s'",
+ uri);
+ write_result(ctx, "Unsupported location for addMO to add PPS MO: '%s'",
+ uri);
+ return -1;
+ }
+
+ fqdn = strdup(uri + 8);
+ if (fqdn == NULL)
+ return -1;
+ pos = strchr(fqdn, '/');
+ if (pos) {
+ if (os_strcasecmp(pos, "/PerProviderSubscription") != 0) {
+ wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO (extra directory): '%s'",
+ uri);
+ write_result(ctx, "Unsupported location for addMO to "
+ "add PPS MO (extra directory): '%s'", uri);
+ return -1;
+ }
+ *pos = '\0'; /* remove trailing slash and PPS node name */
+ }
+ wpa_printf(MSG_INFO, "SP FQDN: %s", fqdn);
+
+ if (!server_dnsname_suffix_match(ctx, fqdn)) {
+ wpa_printf(MSG_INFO, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
+ fqdn);
+ write_result(ctx, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
+ fqdn);
+ free(fqdn);
+ return -1;
+ }
+
+ if (!valid_fqdn(fqdn)) {
+ wpa_printf(MSG_INFO, "Invalid FQDN '%s'", fqdn);
+ write_result(ctx, "Invalid FQDN '%s'", fqdn);
+ free(fqdn);
+ return -1;
+ }
+
+ mkdir("SP", S_IRWXU);
+ snprintf(fname, fname_len, "SP/%s", fqdn);
+ if (mkdir(fname, S_IRWXU) < 0) {
+ if (errno != EEXIST) {
+ int err = errno;
+ wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
+ fname, strerror(err));
+ free(fqdn);
+ return -1;
+ }
+ }
+
+#ifdef ANDROID
+ /* Allow processes running with Group ID as AID_WIFI,
+ * to read files from SP/<fqdn> directory */
+ if (chown(fname, -1, AID_WIFI)) {
+ wpa_printf(MSG_INFO, "CTRL: Could not chown directory: %s",
+ strerror(errno));
+ /* Try to continue anyway */
+ }
+ if (chmod(fname, S_IRWXU | S_IRGRP | S_IXGRP) < 0) {
+ wpa_printf(MSG_INFO, "CTRL: Could not chmod directory: %s",
+ strerror(errno));
+ /* Try to continue anyway */
+ }
+#endif /* ANDROID */
+
+ snprintf(fname, fname_len, "SP/%s/pps.xml", fqdn);
+
+ if (os_file_exists(fname)) {
+ wpa_printf(MSG_INFO, "PPS file '%s' exists - reject addMO",
+ fname);
+ write_result(ctx, "PPS file '%s' exists - reject addMO",
+ fname);
+ free(fqdn);
+ return -2;
+ }
+ wpa_printf(MSG_INFO, "Using PPS file: %s", fname);
+
+ str = xml_node_get_text(ctx->xml, add_mo);
+ if (str == NULL) {
+ wpa_printf(MSG_INFO, "Could not extract MO text");
+ free(fqdn);
+ return -1;
+ }
+ wpa_printf(MSG_DEBUG, "[hs20] addMO text: '%s'", str);
+
+ tnds = xml_node_from_buf(ctx->xml, str);
+ xml_node_get_text_free(ctx->xml, str);
+ if (tnds == NULL) {
+ wpa_printf(MSG_INFO, "[hs20] Could not parse addMO text");
+ free(fqdn);
+ return -1;
+ }
+
+ mo = tnds_to_mo(ctx->xml, tnds);
+ if (mo == NULL) {
+ wpa_printf(MSG_INFO, "[hs20] Could not parse addMO TNDS text");
+ free(fqdn);
+ return -1;
+ }
+
+ debug_dump_node(ctx, "Parsed TNDS", mo);
+
+ name = xml_node_get_localname(ctx->xml, mo);
+ if (os_strcasecmp(name, "PerProviderSubscription") != 0) {
+ wpa_printf(MSG_INFO, "[hs20] Unexpected PPS MO root node name '%s'",
+ name);
+ free(fqdn);
+ return -1;
+ }
+
+ cert = get_child_node(ctx->xml, mo,
+ "Credential/DigitalCertificate/"
+ "CertSHA256Fingerprint");
+ if (cert && process_est_cert(ctx, cert, fqdn) < 0) {
+ xml_node_free(ctx->xml, mo);
+ free(fqdn);
+ return -1;
+ }
+ free(fqdn);
+
+ if (node_to_file(ctx->xml, fname, mo) < 0) {
+ wpa_printf(MSG_INFO, "Could not write MO to file");
+ xml_node_free(ctx->xml, mo);
+ return -1;
+ }
+ xml_node_free(ctx->xml, mo);
+
+ wpa_printf(MSG_INFO, "A new PPS MO added as '%s'", fname);
+ write_summary(ctx, "A new PPS MO added as '%s'", fname);
+
+ ret = download_trust_roots(ctx, fname);
+ if (ret < 0) {
+ wpa_printf(MSG_INFO, "Remove invalid PPS MO file");
+ write_summary(ctx, "Remove invalid PPS MO file");
+ unlink(fname);
+ }
+
+ return ret;
+}
+
+
+int update_pps_file(struct hs20_osu_client *ctx, const char *pps_fname,
+ xml_node_t *pps)
+{
+ char *str;
+ FILE *f;
+ char backup[300];
+
+ if (ctx->client_cert_present) {
+ xml_node_t *cert;
+ cert = get_child_node(ctx->xml, pps,
+ "Credential/DigitalCertificate/"
+ "CertSHA256Fingerprint");
+ if (cert && os_file_exists("Cert/est_cert.der") &&
+ process_est_cert(ctx, cert, ctx->fqdn) < 0) {
+ wpa_printf(MSG_INFO, "EST certificate update processing failed on PPS MO update");
+ return -1;
+ }
+ }
+
+ wpa_printf(MSG_INFO, "Updating PPS MO %s", pps_fname);
+
+ str = xml_node_to_str(ctx->xml, pps);
+ if (str == NULL) {
+ wpa_printf(MSG_ERROR, "No node found");
+ return -1;
+ }
+ wpa_printf(MSG_MSGDUMP, "[hs20] Updated PPS: '%s'", str);
+
+ snprintf(backup, sizeof(backup), "%s.bak", pps_fname);
+ rename(pps_fname, backup);
+ f = fopen(pps_fname, "w");
+ if (f == NULL) {
+ wpa_printf(MSG_INFO, "Could not write PPS");
+ rename(backup, pps_fname);
+ free(str);
+ return -1;
+ }
+ fprintf(f, "%s\n", str);
+ fclose(f);
+
+ free(str);
+
+ return 0;
+}
+
+
+void get_user_pw(struct hs20_osu_client *ctx, xml_node_t *pps,
+ const char *alt_loc, char **user, char **pw)
+{
+ xml_node_t *node;
+
+ node = get_child_node(ctx->xml, pps,
+ "Credential/UsernamePassword/Username");
+ if (node)
+ *user = xml_node_get_text(ctx->xml, node);
+
+ node = get_child_node(ctx->xml, pps,
+ "Credential/UsernamePassword/Password");
+ if (node)
+ *pw = xml_node_get_base64_text(ctx->xml, node, NULL);
+
+ node = get_child_node(ctx->xml, pps, alt_loc);
+ if (node) {
+ xml_node_t *a;
+ a = get_node(ctx->xml, node, "Username");
+ if (a) {
+ xml_node_get_text_free(ctx->xml, *user);
+ *user = xml_node_get_text(ctx->xml, a);
+ wpa_printf(MSG_INFO, "Use OSU username '%s'", *user);
+ }
+
+ a = get_node(ctx->xml, node, "Password");
+ if (a) {
+ free(*pw);
+ *pw = xml_node_get_base64_text(ctx->xml, a, NULL);
+ wpa_printf(MSG_INFO, "Use OSU password");
+ }
+ }
+}
+
+
+/* Remove old credentials based on HomeSP/FQDN */
+static void remove_sp_creds(struct hs20_osu_client *ctx, const char *fqdn)
+{
+ char cmd[300];
+ os_snprintf(cmd, sizeof(cmd), "REMOVE_CRED provisioning_sp=%s", fqdn);
+ if (wpa_command(ctx->ifname, cmd) < 0)
+ wpa_printf(MSG_INFO, "Failed to remove old credential(s)");
+}
+
+
+static void set_pps_cred_policy_spe(struct hs20_osu_client *ctx, int id,
+ xml_node_t *spe)
+{
+ xml_node_t *ssid;
+ char *txt;
+
+ ssid = get_node(ctx->xml, spe, "SSID");
+ if (ssid == NULL)
+ return;
+ txt = xml_node_get_text(ctx->xml, ssid);
+ if (txt == NULL)
+ return;
+ wpa_printf(MSG_DEBUG, "- Policy/SPExclusionList/<X+>/SSID = %s", txt);
+ if (set_cred_quoted(ctx->ifname, id, "excluded_ssid", txt) < 0)
+ wpa_printf(MSG_INFO, "Failed to set cred excluded_ssid");
+ xml_node_get_text_free(ctx->xml, txt);
+}
+
+
+static void set_pps_cred_policy_spel(struct hs20_osu_client *ctx, int id,
+ xml_node_t *spel)
+{
+ xml_node_t *child;
+
+ xml_node_for_each_child(ctx->xml, child, spel) {
+ xml_node_for_each_check(ctx->xml, child);
+ set_pps_cred_policy_spe(ctx, id, child);
+ }
+}
+
+
+static void set_pps_cred_policy_prp(struct hs20_osu_client *ctx, int id,
+ xml_node_t *prp)
+{
+ xml_node_t *node;
+ char *txt = NULL, *pos;
+ char *prio, *country_buf = NULL;
+ const char *country;
+ char val[200];
+ int priority;
+
+ node = get_node(ctx->xml, prp, "Priority");
+ if (node == NULL)
+ return;
+ prio = xml_node_get_text(ctx->xml, node);
+ if (prio == NULL)
+ return;
+ wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s",
+ prio);
+ priority = atoi(prio);
+ xml_node_get_text_free(ctx->xml, prio);
+
+ node = get_node(ctx->xml, prp, "Country");
+ if (node) {
+ country_buf = xml_node_get_text(ctx->xml, node);
+ if (country_buf == NULL)
+ return;
+ country = country_buf;
+ wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Country = %s",
+ country);
+ } else {
+ country = "*";
+ }
+
+ node = get_node(ctx->xml, prp, "FQDN_Match");
+ if (node == NULL)
+ goto out;
+ txt = xml_node_get_text(ctx->xml, node);
+ if (txt == NULL)
+ goto out;
+ wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s",
+ txt);
+ pos = strrchr(txt, ',');
+ if (pos == NULL)
+ goto out;
+ *pos++ = '\0';
+
+ snprintf(val, sizeof(val), "%s,%d,%d,%s", txt,
+ strcmp(pos, "includeSubdomains") != 0, priority, country);
+ if (set_cred_quoted(ctx->ifname, id, "roaming_partner", val) < 0)
+ wpa_printf(MSG_INFO, "Failed to set cred roaming_partner");
+out:
+ xml_node_get_text_free(ctx->xml, country_buf);
+ xml_node_get_text_free(ctx->xml, txt);
+}
+
+
+static void set_pps_cred_policy_prpl(struct hs20_osu_client *ctx, int id,
+ xml_node_t *prpl)
+{
+ xml_node_t *child;
+
+ xml_node_for_each_child(ctx->xml, child, prpl) {
+ xml_node_for_each_check(ctx->xml, child);
+ set_pps_cred_policy_prp(ctx, id, child);
+ }
+}
+
+
+static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client *ctx, int id,
+ xml_node_t *min_backhaul)
+{
+ xml_node_t *node;
+ char *type, *dl = NULL, *ul = NULL;
+ int home;
+
+ node = get_node(ctx->xml, min_backhaul, "NetworkType");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without mandatory NetworkType node");
+ return;
+ }
+
+ type = xml_node_get_text(ctx->xml, node);
+ if (type == NULL)
+ return;
+ wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s",
+ type);
+ if (os_strcasecmp(type, "home") == 0)
+ home = 1;
+ else if (os_strcasecmp(type, "roaming") == 0)
+ home = 0;
+ else {
+ wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold with invalid NetworkType");
+ xml_node_get_text_free(ctx->xml, type);
+ return;
+ }
+ xml_node_get_text_free(ctx->xml, type);
+
+ node = get_node(ctx->xml, min_backhaul, "DLBandwidth");
+ if (node)
+ dl = xml_node_get_text(ctx->xml, node);
+
+ node = get_node(ctx->xml, min_backhaul, "ULBandwidth");
+ if (node)
+ ul = xml_node_get_text(ctx->xml, node);
+
+ if (dl == NULL && ul == NULL) {
+ wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes");
+ return;
+ }
+
+ if (dl)
+ wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s",
+ dl);
+ if (ul)
+ wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s",
+ ul);
+
+ if (home) {
+ if (dl &&
+ set_cred(ctx->ifname, id, "min_dl_bandwidth_home", dl) < 0)
+ wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
+ if (ul &&
+ set_cred(ctx->ifname, id, "min_ul_bandwidth_home", ul) < 0)
+ wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
+ } else {
+ if (dl &&
+ set_cred(ctx->ifname, id, "min_dl_bandwidth_roaming", dl) <
+ 0)
+ wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
+ if (ul &&
+ set_cred(ctx->ifname, id, "min_ul_bandwidth_roaming", ul) <
+ 0)
+ wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
+ }
+
+ xml_node_get_text_free(ctx->xml, dl);
+ xml_node_get_text_free(ctx->xml, ul);
+}
+
+
+static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client *ctx,
+ int id, xml_node_t *node)
+{
+ xml_node_t *child;
+
+ wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold");
+
+ xml_node_for_each_child(ctx->xml, child, node) {
+ xml_node_for_each_check(ctx->xml, child);
+ set_pps_cred_policy_min_backhaul(ctx, id, child);
+ }
+}
+
+
+static void set_pps_cred_policy_update(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ wpa_printf(MSG_INFO, "- Policy/PolicyUpdate");
+ /* Not used in wpa_supplicant */
+}
+
+
+static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client *ctx,
+ int id, xml_node_t *tuple)
+{
+ xml_node_t *node;
+ char *proto, *port;
+ char *buf;
+ size_t buflen;
+
+ node = get_node(ctx->xml, tuple, "IPProtocol");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node");
+ return;
+ }
+
+ proto = xml_node_get_text(ctx->xml, node);
+ if (proto == NULL)
+ return;
+
+ wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s",
+ proto);
+
+ node = get_node(ctx->xml, tuple, "PortNumber");
+ port = node ? xml_node_get_text(ctx->xml, node) : NULL;
+ if (port) {
+ wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s",
+ port);
+ buflen = os_strlen(proto) + os_strlen(port) + 10;
+ buf = os_malloc(buflen);
+ if (buf)
+ os_snprintf(buf, buflen, "%s:%s", proto, port);
+ xml_node_get_text_free(ctx->xml, port);
+ } else {
+ buflen = os_strlen(proto) + 10;
+ buf = os_malloc(buflen);
+ if (buf)
+ os_snprintf(buf, buflen, "%s", proto);
+ }
+
+ xml_node_get_text_free(ctx->xml, proto);
+
+ if (buf == NULL)
+ return;
+
+ if (set_cred(ctx->ifname, id, "req_conn_capab", buf) < 0)
+ wpa_printf(MSG_INFO, "Could not set req_conn_capab");
+
+ os_free(buf);
+}
+
+
+static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client *ctx,
+ int id, xml_node_t *node)
+{
+ xml_node_t *child;
+
+ wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple");
+
+ xml_node_for_each_child(ctx->xml, child, node) {
+ xml_node_for_each_check(ctx->xml, child);
+ set_pps_cred_policy_required_proto_port(ctx, id, child);
+ }
+}
+
+
+static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ char *str = xml_node_get_text(ctx->xml, node);
+ if (str == NULL)
+ return;
+ wpa_printf(MSG_INFO, "- Policy/MaximumBSSLoadValue - %s", str);
+ if (set_cred(ctx->ifname, id, "max_bss_load", str) < 0)
+ wpa_printf(MSG_INFO, "Failed to set cred max_bss_load limit");
+ xml_node_get_text_free(ctx->xml, str);
+}
+
+
+static void set_pps_cred_policy(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ xml_node_t *child;
+ const char *name;
+
+ wpa_printf(MSG_INFO, "- Policy");
+
+ xml_node_for_each_child(ctx->xml, child, node) {
+ xml_node_for_each_check(ctx->xml, child);
+ name = xml_node_get_localname(ctx->xml, child);
+ if (os_strcasecmp(name, "PreferredRoamingPartnerList") == 0)
+ set_pps_cred_policy_prpl(ctx, id, child);
+ else if (os_strcasecmp(name, "MinBackhaulThreshold") == 0)
+ set_pps_cred_policy_min_backhaul_list(ctx, id, child);
+ else if (os_strcasecmp(name, "PolicyUpdate") == 0)
+ set_pps_cred_policy_update(ctx, id, child);
+ else if (os_strcasecmp(name, "SPExclusionList") == 0)
+ set_pps_cred_policy_spel(ctx, id, child);
+ else if (os_strcasecmp(name, "RequiredProtoPortTuple") == 0)
+ set_pps_cred_policy_required_proto_ports(ctx, id, child);
+ else if (os_strcasecmp(name, "MaximumBSSLoadValue") == 0)
+ set_pps_cred_policy_max_bss_load(ctx, id, child);
+ else
+ wpa_printf(MSG_INFO, "Unknown Policy node '%s'", name);
+ }
+}
+
+
+static void set_pps_cred_priority(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ char *str = xml_node_get_text(ctx->xml, node);
+ if (str == NULL)
+ return;
+ wpa_printf(MSG_INFO, "- CredentialPriority = %s", str);
+ if (set_cred(ctx->ifname, id, "sp_priority", str) < 0)
+ wpa_printf(MSG_INFO, "Failed to set cred sp_priority");
+ xml_node_get_text_free(ctx->xml, str);
+}
+
+
+static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client *ctx,
+ int id, xml_node_t *node)
+{
+ wpa_printf(MSG_INFO, "- AAAServerTrustRoot - TODO");
+}
+
+
+static void set_pps_cred_sub_update(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ wpa_printf(MSG_INFO, "- SubscriptionUpdate");
+ /* not used within wpa_supplicant */
+}
+
+
+static void set_pps_cred_home_sp_network_id(struct hs20_osu_client *ctx,
+ int id, xml_node_t *node)
+{
+ xml_node_t *ssid_node, *hessid_node;
+ char *ssid, *hessid;
+
+ ssid_node = get_node(ctx->xml, node, "SSID");
+ if (ssid_node == NULL) {
+ wpa_printf(MSG_INFO, "Ignore HomeSP/NetworkID without mandatory SSID node");
+ return;
+ }
+
+ hessid_node = get_node(ctx->xml, node, "HESSID");
+
+ ssid = xml_node_get_text(ctx->xml, ssid_node);
+ if (ssid == NULL)
+ return;
+ hessid = hessid_node ? xml_node_get_text(ctx->xml, hessid_node) : NULL;
+
+ wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/SSID = %s", ssid);
+ if (hessid)
+ wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/HESSID = %s",
+ hessid);
+
+ /* TODO: Configure to wpa_supplicant */
+
+ xml_node_get_text_free(ctx->xml, ssid);
+ xml_node_get_text_free(ctx->xml, hessid);
+}
+
+
+static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client *ctx,
+ int id, xml_node_t *node)
+{
+ xml_node_t *child;
+
+ wpa_printf(MSG_INFO, "- HomeSP/NetworkID");
+
+ xml_node_for_each_child(ctx->xml, child, node) {
+ xml_node_for_each_check(ctx->xml, child);
+ set_pps_cred_home_sp_network_id(ctx, id, child);
+ }
+}
+
+
+static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client *ctx,
+ int id, xml_node_t *node)
+{
+ char *str = xml_node_get_text(ctx->xml, node);
+ if (str == NULL)
+ return;
+ wpa_printf(MSG_INFO, "- HomeSP/FriendlyName = %s", str);
+ /* not used within wpa_supplicant(?) */
+ xml_node_get_text_free(ctx->xml, str);
+}
+
+
+static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client *ctx,
+ int id, xml_node_t *node)
+{
+ char *str = xml_node_get_text(ctx->xml, node);
+ if (str == NULL)
+ return;
+ wpa_printf(MSG_INFO, "- HomeSP/IconURL = %s", str);
+ /* not used within wpa_supplicant */
+ xml_node_get_text_free(ctx->xml, str);
+}
+
+
+static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ char *str = xml_node_get_text(ctx->xml, node);
+ if (str == NULL)
+ return;
+ wpa_printf(MSG_INFO, "- HomeSP/FQDN = %s", str);
+ if (set_cred_quoted(ctx->ifname, id, "domain", str) < 0)
+ wpa_printf(MSG_INFO, "Failed to set cred domain");
+ if (set_cred_quoted(ctx->ifname, id, "domain_suffix_match", str) < 0)
+ wpa_printf(MSG_INFO, "Failed to set cred domain_suffix_match");
+ xml_node_get_text_free(ctx->xml, str);
+}
+
+
+static void set_pps_cred_home_sp_oi(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ xml_node_t *child;
+ const char *name;
+ char *homeoi = NULL;
+ int required = 0;
+ char *str;
+
+ xml_node_for_each_child(ctx->xml, child, node) {
+ xml_node_for_each_check(ctx->xml, child);
+ name = xml_node_get_localname(ctx->xml, child);
+ if (strcasecmp(name, "HomeOI") == 0 && !homeoi) {
+ homeoi = xml_node_get_text(ctx->xml, child);
+ wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOI = %s",
+ homeoi);
+ } else if (strcasecmp(name, "HomeOIRequired") == 0) {
+ str = xml_node_get_text(ctx->xml, child);
+ wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'",
+ str);
+ if (str == NULL)
+ continue;
+ required = strcasecmp(str, "true") == 0;
+ xml_node_get_text_free(ctx->xml, str);
+ } else
+ wpa_printf(MSG_INFO, "Unknown HomeOIList node '%s'",
+ name);
+ }
+
+ if (homeoi == NULL) {
+ wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> without HomeOI ignored");
+ return;
+ }
+
+ wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> '%s' required=%d",
+ homeoi, required);
+
+ if (required) {
+ if (set_cred(ctx->ifname, id, "required_roaming_consortium",
+ homeoi) < 0)
+ wpa_printf(MSG_INFO, "Failed to set cred required_roaming_consortium");
+ } else {
+ if (set_cred_quoted(ctx->ifname, id, "roaming_consortium",
+ homeoi) < 0)
+ wpa_printf(MSG_INFO, "Failed to set cred roaming_consortium");
+ }
+
+ xml_node_get_text_free(ctx->xml, homeoi);
+}
+
+
+static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ xml_node_t *child;
+
+ wpa_printf(MSG_INFO, "- HomeSP/HomeOIList");
+
+ xml_node_for_each_child(ctx->xml, child, node) {
+ xml_node_for_each_check(ctx->xml, child);
+ set_pps_cred_home_sp_oi(ctx, id, child);
+ }
+}
+
+
+static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client *ctx,
+ int id, xml_node_t *node)
+{
+ xml_node_t *child;
+ const char *name;
+ char *fqdn = NULL;
+
+ xml_node_for_each_child(ctx->xml, child, node) {
+ xml_node_for_each_check(ctx->xml, child);
+ name = xml_node_get_localname(ctx->xml, child);
+ if (os_strcasecmp(name, "FQDN") == 0 && !fqdn) {
+ fqdn = xml_node_get_text(ctx->xml, child);
+ wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s",
+ fqdn);
+ } else
+ wpa_printf(MSG_INFO, "Unknown OtherHomePartners node '%s'",
+ name);
+ }
+
+ if (fqdn == NULL) {
+ wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored");
+ return;
+ }
+
+ if (set_cred_quoted(ctx->ifname, id, "domain", fqdn) < 0)
+ wpa_printf(MSG_INFO, "Failed to set cred domain for OtherHomePartners node");
+
+ xml_node_get_text_free(ctx->xml, fqdn);
+}
+
+
+static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client *ctx,
+ int id,
+ xml_node_t *node)
+{
+ xml_node_t *child;
+
+ wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners");
+
+ xml_node_for_each_child(ctx->xml, child, node) {
+ xml_node_for_each_check(ctx->xml, child);
+ set_pps_cred_home_sp_other_partner(ctx, id, child);
+ }
+}
+
+
+static void set_pps_cred_home_sp_roaming_consortium_oi(
+ struct hs20_osu_client *ctx, int id, xml_node_t *node)
+{
+ char *str = xml_node_get_text(ctx->xml, node);
+ if (str == NULL)
+ return;
+ wpa_printf(MSG_INFO, "- HomeSP/RoamingConsortiumOI = %s", str);
+ /* TODO: Set to wpa_supplicant */
+ xml_node_get_text_free(ctx->xml, str);
+}
+
+
+static void set_pps_cred_home_sp(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ xml_node_t *child;
+ const char *name;
+
+ wpa_printf(MSG_INFO, "- HomeSP");
+
+ xml_node_for_each_child(ctx->xml, child, node) {
+ xml_node_for_each_check(ctx->xml, child);
+ name = xml_node_get_localname(ctx->xml, child);
+ if (os_strcasecmp(name, "NetworkID") == 0)
+ set_pps_cred_home_sp_network_ids(ctx, id, child);
+ else if (os_strcasecmp(name, "FriendlyName") == 0)
+ set_pps_cred_home_sp_friendly_name(ctx, id, child);
+ else if (os_strcasecmp(name, "IconURL") == 0)
+ set_pps_cred_home_sp_icon_url(ctx, id, child);
+ else if (os_strcasecmp(name, "FQDN") == 0)
+ set_pps_cred_home_sp_fqdn(ctx, id, child);
+ else if (os_strcasecmp(name, "HomeOIList") == 0)
+ set_pps_cred_home_sp_oi_list(ctx, id, child);
+ else if (os_strcasecmp(name, "OtherHomePartners") == 0)
+ set_pps_cred_home_sp_other_partners(ctx, id, child);
+ else if (os_strcasecmp(name, "RoamingConsortiumOI") == 0)
+ set_pps_cred_home_sp_roaming_consortium_oi(ctx, id,
+ child);
+ else
+ wpa_printf(MSG_INFO, "Unknown HomeSP node '%s'", name);
+ }
+}
+
+
+static void set_pps_cred_sub_params(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ wpa_printf(MSG_INFO, "- SubscriptionParameters");
+ /* not used within wpa_supplicant */
+}
+
+
+static void set_pps_cred_creation_date(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ char *str = xml_node_get_text(ctx->xml, node);
+ if (str == NULL)
+ return;
+ wpa_printf(MSG_INFO, "- Credential/CreationDate = %s", str);
+ /* not used within wpa_supplicant */
+ xml_node_get_text_free(ctx->xml, str);
+}
+
+
+static void set_pps_cred_expiration_date(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ char *str = xml_node_get_text(ctx->xml, node);
+ if (str == NULL)
+ return;
+ wpa_printf(MSG_INFO, "- Credential/ExpirationDate = %s", str);
+ /* not used within wpa_supplicant */
+ xml_node_get_text_free(ctx->xml, str);
+}
+
+
+static void set_pps_cred_username(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ char *str = xml_node_get_text(ctx->xml, node);
+ if (str == NULL)
+ return;
+ wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Username = %s",
+ str);
+ if (set_cred_quoted(ctx->ifname, id, "username", str) < 0)
+ wpa_printf(MSG_INFO, "Failed to set cred username");
+ xml_node_get_text_free(ctx->xml, str);
+}
+
+
+static void set_pps_cred_password(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ int len, i;
+ char *pw, *hex, *pos, *end;
+
+ pw = xml_node_get_base64_text(ctx->xml, node, &len);
+ if (pw == NULL)
+ return;
+
+ wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Password = %s", pw);
+
+ hex = malloc(len * 2 + 1);
+ if (hex == NULL) {
+ free(pw);
+ return;
+ }
+ end = hex + len * 2 + 1;
+ pos = hex;
+ for (i = 0; i < len; i++) {
+ snprintf(pos, end - pos, "%02x", pw[i]);
+ pos += 2;
+ }
+ free(pw);
+
+ if (set_cred(ctx->ifname, id, "password", hex) < 0)
+ wpa_printf(MSG_INFO, "Failed to set cred password");
+ free(hex);
+}
+
+
+static void set_pps_cred_machine_managed(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ char *str = xml_node_get_text(ctx->xml, node);
+ if (str == NULL)
+ return;
+ wpa_printf(MSG_INFO, "- Credential/UsernamePassword/MachineManaged = %s",
+ str);
+ /* not used within wpa_supplicant */
+ xml_node_get_text_free(ctx->xml, str);
+}
+
+
+static void set_pps_cred_soft_token_app(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ char *str = xml_node_get_text(ctx->xml, node);
+ if (str == NULL)
+ return;
+ wpa_printf(MSG_INFO, "- Credential/UsernamePassword/SoftTokenApp = %s",
+ str);
+ /* not used within wpa_supplicant */
+ xml_node_get_text_free(ctx->xml, str);
+}
+
+
+static void set_pps_cred_able_to_share(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ char *str = xml_node_get_text(ctx->xml, node);
+ if (str == NULL)
+ return;
+ wpa_printf(MSG_INFO, "- Credential/UsernamePassword/AbleToShare = %s",
+ str);
+ /* not used within wpa_supplicant */
+ xml_node_get_text_free(ctx->xml, str);
+}
+
+
+static void set_pps_cred_eap_method(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ wpa_printf(MSG_INFO, "- Credential/UsernamePassword/EAPMethod - TODO");
+}
+
+
+static void set_pps_cred_username_password(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node)
+{
+ xml_node_t *child;
+ const char *name;
+
+ wpa_printf(MSG_INFO, "- Credential/UsernamePassword");
+
+ xml_node_for_each_child(ctx->xml, child, node) {
+ xml_node_for_each_check(ctx->xml, child);
+ name = xml_node_get_localname(ctx->xml, child);
+ if (os_strcasecmp(name, "Username") == 0)
+ set_pps_cred_username(ctx, id, child);
+ else if (os_strcasecmp(name, "Password") == 0)
+ set_pps_cred_password(ctx, id, child);
+ else if (os_strcasecmp(name, "MachineManaged") == 0)
+ set_pps_cred_machine_managed(ctx, id, child);
+ else if (os_strcasecmp(name, "SoftTokenApp") == 0)
+ set_pps_cred_soft_token_app(ctx, id, child);
+ else if (os_strcasecmp(name, "AbleToShare") == 0)
+ set_pps_cred_able_to_share(ctx, id, child);
+ else if (os_strcasecmp(name, "EAPMethod") == 0)
+ set_pps_cred_eap_method(ctx, id, child);
+ else
+ wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword node '%s'",
+ name);
+ }
+}
+
+
+static void set_pps_cred_digital_cert(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node, const char *fqdn)
+{
+ char buf[200], dir[200];
+
+ wpa_printf(MSG_INFO, "- Credential/DigitalCertificate");
+
+ if (getcwd(dir, sizeof(dir)) == NULL)
+ return;
+
+ /* TODO: could build username from Subject of Subject AltName */
+ if (set_cred_quoted(ctx->ifname, id, "username", "cert") < 0) {
+ wpa_printf(MSG_INFO, "Failed to set username");
+ }
+
+ snprintf(buf, sizeof(buf), "%s/SP/%s/client-cert.pem", dir, fqdn);
+ if (os_file_exists(buf)) {
+ if (set_cred_quoted(ctx->ifname, id, "client_cert", buf) < 0) {
+ wpa_printf(MSG_INFO, "Failed to set client_cert");
+ }
+ }
+
+ snprintf(buf, sizeof(buf), "%s/SP/%s/client-key.pem", dir, fqdn);
+ if (os_file_exists(buf)) {
+ if (set_cred_quoted(ctx->ifname, id, "private_key", buf) < 0) {
+ wpa_printf(MSG_INFO, "Failed to set private_key");
+ }
+ }
+}
+
+
+static void set_pps_cred_realm(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node, const char *fqdn, int sim)
+{
+ char *str = xml_node_get_text(ctx->xml, node);
+ char buf[200], dir[200];
+
+ if (str == NULL)
+ return;
+
+ wpa_printf(MSG_INFO, "- Credential/Realm = %s", str);
+ if (set_cred_quoted(ctx->ifname, id, "realm", str) < 0)
+ wpa_printf(MSG_INFO, "Failed to set cred realm");
+ xml_node_get_text_free(ctx->xml, str);
+
+ if (sim)
+ return;
+
+ if (getcwd(dir, sizeof(dir)) == NULL)
+ return;
+ snprintf(buf, sizeof(buf), "%s/SP/%s/aaa-ca.pem", dir, fqdn);
+ if (os_file_exists(buf)) {
+ if (set_cred_quoted(ctx->ifname, id, "ca_cert", buf) < 0) {
+ wpa_printf(MSG_INFO, "Failed to set CA cert");
+ }
+ }
+}
+
+
+static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client *ctx,
+ int id, xml_node_t *node)
+{
+ char *str = xml_node_get_text(ctx->xml, node);
+
+ if (str == NULL)
+ return;
+
+ wpa_printf(MSG_INFO, "- Credential/CheckAAAServerCertStatus = %s", str);
+ if (os_strcasecmp(str, "true") == 0 &&
+ set_cred(ctx->ifname, id, "ocsp", "2") < 0)
+ wpa_printf(MSG_INFO, "Failed to set cred ocsp");
+ xml_node_get_text_free(ctx->xml, str);
+}
+
+
+static void set_pps_cred_sim(struct hs20_osu_client *ctx, int id,
+ xml_node_t *sim, xml_node_t *realm)
+{
+ xml_node_t *node;
+ char *imsi, *eaptype, *str, buf[20];
+ int type;
+ int mnc_len = 3;
+ size_t imsi_len;
+
+ node = get_node(ctx->xml, sim, "EAPType");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "No SIM/EAPType node in credential");
+ return;
+ }
+ eaptype = xml_node_get_text(ctx->xml, node);
+ if (eaptype == NULL) {
+ wpa_printf(MSG_INFO, "Could not extract SIM/EAPType");
+ return;
+ }
+ wpa_printf(MSG_INFO, " - Credential/SIM/EAPType = %s", eaptype);
+ type = atoi(eaptype);
+ xml_node_get_text_free(ctx->xml, eaptype);
+
+ switch (type) {
+ case EAP_TYPE_SIM:
+ if (set_cred(ctx->ifname, id, "eap", "SIM") < 0)
+ wpa_printf(MSG_INFO, "Could not set eap=SIM");
+ break;
+ case EAP_TYPE_AKA:
+ if (set_cred(ctx->ifname, id, "eap", "AKA") < 0)
+ wpa_printf(MSG_INFO, "Could not set eap=SIM");
+ break;
+ case EAP_TYPE_AKA_PRIME:
+ if (set_cred(ctx->ifname, id, "eap", "AKA'") < 0)
+ wpa_printf(MSG_INFO, "Could not set eap=SIM");
+ break;
+ default:
+ wpa_printf(MSG_INFO, "Unsupported SIM/EAPType %d", type);
+ return;
+ }
+
+ node = get_node(ctx->xml, sim, "IMSI");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "No SIM/IMSI node in credential");
+ return;
+ }
+ imsi = xml_node_get_text(ctx->xml, node);
+ if (imsi == NULL) {
+ wpa_printf(MSG_INFO, "Could not extract SIM/IMSI");
+ return;
+ }
+ wpa_printf(MSG_INFO, " - Credential/SIM/IMSI = %s", imsi);
+ imsi_len = os_strlen(imsi);
+ if (imsi_len < 7 || imsi_len + 2 > sizeof(buf)) {
+ wpa_printf(MSG_INFO, "Invalid IMSI length");
+ xml_node_get_text_free(ctx->xml, imsi);
+ return;
+ }
+
+ str = xml_node_get_text(ctx->xml, node);
+ if (str) {
+ char *pos;
+ pos = os_strstr(str, "mnc");
+ if (pos && os_strlen(pos) >= 6) {
+ if (os_strncmp(imsi + 3, pos + 3, 3) == 0)
+ mnc_len = 3;
+ else if (os_strncmp(imsi + 3, pos + 4, 2) == 0)
+ mnc_len = 2;
+ }
+ xml_node_get_text_free(ctx->xml, str);
+ }
+
+ os_memcpy(buf, imsi, 3 + mnc_len);
+ buf[3 + mnc_len] = '-';
+ os_strlcpy(buf + 3 + mnc_len + 1, imsi + 3 + mnc_len,
+ sizeof(buf) - 3 - mnc_len - 1);
+
+ xml_node_get_text_free(ctx->xml, imsi);
+
+ if (set_cred_quoted(ctx->ifname, id, "imsi", buf) < 0)
+ wpa_printf(MSG_INFO, "Could not set IMSI");
+
+ if (set_cred_quoted(ctx->ifname, id, "milenage",
+ "90dca4eda45b53cf0f12d7c9c3bc6a89:"
+ "cb9cccc4b9258e6dca4760379fb82581:000000000123") <
+ 0)
+ wpa_printf(MSG_INFO, "Could not set Milenage parameters");
+}
+
+
+static void set_pps_cred_credential(struct hs20_osu_client *ctx, int id,
+ xml_node_t *node, const char *fqdn)
+{
+ xml_node_t *child, *sim, *realm;
+ const char *name;
+
+ wpa_printf(MSG_INFO, "- Credential");
+
+ sim = get_node(ctx->xml, node, "SIM");
+ realm = get_node(ctx->xml, node, "Realm");
+
+ xml_node_for_each_child(ctx->xml, child, node) {
+ xml_node_for_each_check(ctx->xml, child);
+ name = xml_node_get_localname(ctx->xml, child);
+ if (os_strcasecmp(name, "CreationDate") == 0)
+ set_pps_cred_creation_date(ctx, id, child);
+ else if (os_strcasecmp(name, "ExpirationDate") == 0)
+ set_pps_cred_expiration_date(ctx, id, child);
+ else if (os_strcasecmp(name, "UsernamePassword") == 0)
+ set_pps_cred_username_password(ctx, id, child);
+ else if (os_strcasecmp(name, "DigitalCertificate") == 0)
+ set_pps_cred_digital_cert(ctx, id, child, fqdn);
+ else if (os_strcasecmp(name, "Realm") == 0)
+ set_pps_cred_realm(ctx, id, child, fqdn, sim != NULL);
+ else if (os_strcasecmp(name, "CheckAAAServerCertStatus") == 0)
+ set_pps_cred_check_aaa_cert_status(ctx, id, child);
+ else if (os_strcasecmp(name, "SIM") == 0)
+ set_pps_cred_sim(ctx, id, child, realm);
+ else
+ wpa_printf(MSG_INFO, "Unknown Credential node '%s'",
+ name);
+ }
+}
+
+
+static void set_pps_credential(struct hs20_osu_client *ctx, int id,
+ xml_node_t *cred, const char *fqdn)
+{
+ xml_node_t *child;
+ const char *name;
+
+ xml_node_for_each_child(ctx->xml, child, cred) {
+ xml_node_for_each_check(ctx->xml, child);
+ name = xml_node_get_localname(ctx->xml, child);
+ if (os_strcasecmp(name, "Policy") == 0)
+ set_pps_cred_policy(ctx, id, child);
+ else if (os_strcasecmp(name, "CredentialPriority") == 0)
+ set_pps_cred_priority(ctx, id, child);
+ else if (os_strcasecmp(name, "AAAServerTrustRoot") == 0)
+ set_pps_cred_aaa_server_trust_root(ctx, id, child);
+ else if (os_strcasecmp(name, "SubscriptionUpdate") == 0)
+ set_pps_cred_sub_update(ctx, id, child);
+ else if (os_strcasecmp(name, "HomeSP") == 0)
+ set_pps_cred_home_sp(ctx, id, child);
+ else if (os_strcasecmp(name, "SubscriptionParameters") == 0)
+ set_pps_cred_sub_params(ctx, id, child);
+ else if (os_strcasecmp(name, "Credential") == 0)
+ set_pps_cred_credential(ctx, id, child, fqdn);
+ else
+ wpa_printf(MSG_INFO, "Unknown credential node '%s'",
+ name);
+ }
+}
+
+
+static void set_pps(struct hs20_osu_client *ctx, xml_node_t *pps,
+ const char *fqdn)
+{
+ xml_node_t *child;
+ const char *name;
+ int id;
+ char *update_identifier = NULL;
+
+ /*
+ * TODO: Could consider more complex mechanism that would remove
+ * credentials only if there are changes in the information sent to
+ * wpa_supplicant.
+ */
+ remove_sp_creds(ctx, fqdn);
+
+ xml_node_for_each_child(ctx->xml, child, pps) {
+ xml_node_for_each_check(ctx->xml, child);
+ name = xml_node_get_localname(ctx->xml, child);
+ if (os_strcasecmp(name, "UpdateIdentifier") == 0) {
+ update_identifier = xml_node_get_text(ctx->xml, child);
+ if (update_identifier) {
+ wpa_printf(MSG_INFO, "- UpdateIdentifier = %s",
+ update_identifier);
+ break;
+ }
+ }
+ }
+
+ xml_node_for_each_child(ctx->xml, child, pps) {
+ xml_node_for_each_check(ctx->xml, child);
+ name = xml_node_get_localname(ctx->xml, child);
+ if (os_strcasecmp(name, "UpdateIdentifier") == 0)
+ continue;
+ id = add_cred(ctx->ifname);
+ if (id < 0) {
+ wpa_printf(MSG_INFO, "Failed to add credential to wpa_supplicant");
+ write_summary(ctx, "Failed to add credential to wpa_supplicant");
+ break;
+ }
+ write_summary(ctx, "Add a credential to wpa_supplicant");
+ if (update_identifier &&
+ set_cred(ctx->ifname, id, "update_identifier",
+ update_identifier) < 0)
+ wpa_printf(MSG_INFO, "Failed to set update_identifier");
+ if (set_cred_quoted(ctx->ifname, id, "provisioning_sp", fqdn) <
+ 0)
+ wpa_printf(MSG_INFO, "Failed to set provisioning_sp");
+ wpa_printf(MSG_INFO, "credential localname: '%s'", name);
+ set_pps_credential(ctx, id, child, fqdn);
+ ctx->pps_cred_set = 1;
+ }
+
+ xml_node_get_text_free(ctx->xml, update_identifier);
+}
+
+
+void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname)
+{
+ xml_node_t *pps;
+ const char *fqdn;
+ char *fqdn_buf = NULL, *pos;
+
+ pps = node_from_file(ctx->xml, pps_fname);
+ if (pps == NULL) {
+ wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
+ return;
+ }
+
+ fqdn = os_strstr(pps_fname, "SP/");
+ if (fqdn) {
+ fqdn_buf = os_strdup(fqdn + 3);
+ if (fqdn_buf == NULL)
+ return;
+ pos = os_strchr(fqdn_buf, '/');
+ if (pos)
+ *pos = '\0';
+ fqdn = fqdn_buf;
+ } else
+ fqdn = "wi-fi.org";
+
+ wpa_printf(MSG_INFO, "Set PPS MO info to wpa_supplicant - SP FQDN %s",
+ fqdn);
+ set_pps(ctx, pps, fqdn);
+
+ os_free(fqdn_buf);
+ xml_node_free(ctx->xml, pps);
+}
+
+
+static int cmd_get_fqdn(struct hs20_osu_client *ctx, const char *pps_fname)
+{
+ xml_node_t *pps, *node;
+ char *fqdn = NULL;
+
+ pps = node_from_file(ctx->xml, pps_fname);
+ if (pps == NULL) {
+ wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
+ return -1;
+ }
+
+ node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
+ if (node)
+ fqdn = xml_node_get_text(ctx->xml, node);
+
+ xml_node_free(ctx->xml, pps);
+
+ if (fqdn) {
+ FILE *f = fopen("pps-fqdn", "w");
+ if (f) {
+ fprintf(f, "%s", fqdn);
+ fclose(f);
+ }
+ xml_node_get_text_free(ctx->xml, fqdn);
+ return 0;
+ }
+
+ xml_node_get_text_free(ctx->xml, fqdn);
+ return -1;
+}
+
+
+static void cmd_to_tnds(struct hs20_osu_client *ctx, const char *in_fname,
+ const char *out_fname, const char *urn, int use_path)
+{
+ xml_node_t *mo, *node;
+
+ mo = node_from_file(ctx->xml, in_fname);
+ if (mo == NULL) {
+ wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
+ return;
+ }
+
+ node = mo_to_tnds(ctx->xml, mo, use_path, urn, NULL);
+ if (node) {
+ node_to_file(ctx->xml, out_fname, node);
+ xml_node_free(ctx->xml, node);
+ }
+
+ xml_node_free(ctx->xml, mo);
+}
+
+
+static void cmd_from_tnds(struct hs20_osu_client *ctx, const char *in_fname,
+ const char *out_fname)
+{
+ xml_node_t *tnds, *mo;
+
+ tnds = node_from_file(ctx->xml, in_fname);
+ if (tnds == NULL) {
+ wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
+ return;
+ }
+
+ mo = tnds_to_mo(ctx->xml, tnds);
+ if (mo) {
+ node_to_file(ctx->xml, out_fname, mo);
+ xml_node_free(ctx->xml, mo);
+ }
+
+ xml_node_free(ctx->xml, tnds);
+}
+
+
+struct osu_icon {
+ int id;
+ char lang[4];
+ char mime_type[256];
+ char filename[256];
+};
+
+struct osu_data {
+ char bssid[20];
+ char url[256];
+ unsigned int methods;
+ char osu_ssid[33];
+ char osu_nai[256];
+ struct osu_lang_text friendly_name[MAX_OSU_VALS];
+ size_t friendly_name_count;
+ struct osu_lang_text serv_desc[MAX_OSU_VALS];
+ size_t serv_desc_count;
+ struct osu_icon icon[MAX_OSU_VALS];
+ size_t icon_count;
+};
+
+
+static struct osu_data * parse_osu_providers(const char *fname, size_t *count)
+{
+ FILE *f;
+ char buf[1000];
+ struct osu_data *osu = NULL, *last = NULL;
+ size_t osu_count = 0;
+ char *pos, *end;
+
+ f = fopen(fname, "r");
+ if (f == NULL) {
+ wpa_printf(MSG_ERROR, "Could not open %s", fname);
+ return NULL;
+ }
+
+ while (fgets(buf, sizeof(buf), f)) {
+ pos = strchr(buf, '\n');
+ if (pos)
+ *pos = '\0';
+
+ if (strncmp(buf, "OSU-PROVIDER ", 13) == 0) {
+ last = realloc(osu, (osu_count + 1) * sizeof(*osu));
+ if (last == NULL)
+ break;
+ osu = last;
+ last = &osu[osu_count++];
+ memset(last, 0, sizeof(*last));
+ snprintf(last->bssid, sizeof(last->bssid), "%s",
+ buf + 13);
+ continue;
+ }
+ if (!last)
+ continue;
+
+ if (strncmp(buf, "uri=", 4) == 0) {
+ snprintf(last->url, sizeof(last->url), "%s", buf + 4);
+ continue;
+ }
+
+ if (strncmp(buf, "methods=", 8) == 0) {
+ last->methods = strtol(buf + 8, NULL, 16);
+ continue;
+ }
+
+ if (strncmp(buf, "osu_ssid=", 9) == 0) {
+ snprintf(last->osu_ssid, sizeof(last->osu_ssid),
+ "%s", buf + 9);
+ continue;
+ }
+
+ if (os_strncmp(buf, "osu_nai=", 8) == 0) {
+ os_snprintf(last->osu_nai, sizeof(last->osu_nai),
+ "%s", buf + 8);
+ continue;
+ }
+
+ if (strncmp(buf, "friendly_name=", 14) == 0) {
+ struct osu_lang_text *txt;
+ if (last->friendly_name_count == MAX_OSU_VALS)
+ continue;
+ pos = strchr(buf + 14, ':');
+ if (pos == NULL)
+ continue;
+ *pos++ = '\0';
+ txt = &last->friendly_name[last->friendly_name_count++];
+ snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 14);
+ snprintf(txt->text, sizeof(txt->text), "%s", pos);
+ }
+
+ if (strncmp(buf, "desc=", 5) == 0) {
+ struct osu_lang_text *txt;
+ if (last->serv_desc_count == MAX_OSU_VALS)
+ continue;
+ pos = strchr(buf + 5, ':');
+ if (pos == NULL)
+ continue;
+ *pos++ = '\0';
+ txt = &last->serv_desc[last->serv_desc_count++];
+ snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 5);
+ snprintf(txt->text, sizeof(txt->text), "%s", pos);
+ }
+
+ if (strncmp(buf, "icon=", 5) == 0) {
+ struct osu_icon *icon;
+ if (last->icon_count == MAX_OSU_VALS)
+ continue;
+ icon = &last->icon[last->icon_count++];
+ icon->id = atoi(buf + 5);
+ pos = strchr(buf, ':');
+ if (pos == NULL)
+ continue;
+ pos = strchr(pos + 1, ':');
+ if (pos == NULL)
+ continue;
+ pos = strchr(pos + 1, ':');
+ if (pos == NULL)
+ continue;
+ pos++;
+ end = strchr(pos, ':');
+ if (!end)
+ continue;
+ *end = '\0';
+ snprintf(icon->lang, sizeof(icon->lang), "%s", pos);
+ pos = end + 1;
+
+ end = strchr(pos, ':');
+ if (end)
+ *end = '\0';
+ snprintf(icon->mime_type, sizeof(icon->mime_type),
+ "%s", pos);
+ if (!pos)
+ continue;
+ pos = end + 1;
+
+ end = strchr(pos, ':');
+ if (end)
+ *end = '\0';
+ snprintf(icon->filename, sizeof(icon->filename),
+ "%s", pos);
+ continue;
+ }
+ }
+
+ fclose(f);
+
+ *count = osu_count;
+ return osu;
+}
+
+
+static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
+ const char *ssid, const char *url,
+ unsigned int methods, int no_prod_assoc,
+ const char *osu_nai)
+{
+ int id;
+ const char *ifname = ctx->ifname;
+ char buf[200];
+ struct wpa_ctrl *mon;
+ int res;
+
+ id = add_network(ifname);
+ if (id < 0)
+ return -1;
+ if (set_network_quoted(ifname, id, "ssid", ssid) < 0)
+ return -1;
+ if (osu_nai && os_strlen(osu_nai) > 0) {
+ char dir[255], fname[300];
+ if (getcwd(dir, sizeof(dir)) == NULL)
+ return -1;
+ os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir);
+
+ if (set_network(ifname, id, "proto", "OSEN") < 0 ||
+ set_network(ifname, id, "key_mgmt", "OSEN") < 0 ||
+ set_network(ifname, id, "pairwise", "CCMP") < 0 ||
+ set_network(ifname, id, "group", "GTK_NOT_USED") < 0 ||
+ set_network(ifname, id, "eap", "WFA-UNAUTH-TLS") < 0 ||
+ set_network(ifname, id, "ocsp", "2") < 0 ||
+ set_network_quoted(ifname, id, "identity", osu_nai) < 0 ||
+ set_network_quoted(ifname, id, "ca_cert", fname) < 0)
+ return -1;
+ } else {
+ if (set_network(ifname, id, "key_mgmt", "NONE") < 0)
+ return -1;
+ }
+
+ mon = open_wpa_mon(ifname);
+ if (mon == NULL)
+ return -1;
+
+ wpa_printf(MSG_INFO, "Associate with OSU SSID");
+ write_summary(ctx, "Associate with OSU SSID");
+ snprintf(buf, sizeof(buf), "SELECT_NETWORK %d", id);
+ if (wpa_command(ifname, buf) < 0)
+ return -1;
+
+ res = get_wpa_cli_event(mon, "CTRL-EVENT-CONNECTED",
+ buf, sizeof(buf));
+
+ wpa_ctrl_detach(mon);
+ wpa_ctrl_close(mon);
+
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "Could not connect");
+ write_summary(ctx, "Could not connect to OSU network");
+ wpa_printf(MSG_INFO, "Remove OSU network connection");
+ snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
+ wpa_command(ifname, buf);
+ return -1;
+ }
+
+ write_summary(ctx, "Waiting for IP address for subscription registration");
+ if (wait_ip_addr(ifname, 15) < 0) {
+ wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
+ }
+
+ if (no_prod_assoc) {
+ if (res < 0)
+ return -1;
+ wpa_printf(MSG_INFO, "No production connection used for testing purposes");
+ write_summary(ctx, "No production connection used for testing purposes");
+ return 0;
+ }
+
+ ctx->no_reconnect = 1;
+ if (methods & 0x02)
+ res = cmd_prov(ctx, url);
+ else if (methods & 0x01)
+ res = cmd_oma_dm_prov(ctx, url);
+
+ wpa_printf(MSG_INFO, "Remove OSU network connection");
+ write_summary(ctx, "Remove OSU network connection");
+ snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
+ wpa_command(ifname, buf);
+
+ if (res < 0)
+ return -1;
+
+ wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
+ write_summary(ctx, "Requesting reconnection with updated configuration");
+ if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
+ wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
+ write_summary(ctx, "Failed to request wpa_supplicant to reconnect");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
+ int connect, int no_prod_assoc,
+ const char *friendly_name)
+{
+ char fname[255];
+ FILE *f;
+ struct osu_data *osu = NULL, *last = NULL;
+ size_t osu_count, i, j;
+ int ret;
+
+ write_summary(ctx, "OSU provider selection");
+
+ if (dir == NULL) {
+ wpa_printf(MSG_INFO, "Missing dir parameter to osu_select");
+ return -1;
+ }
+
+ snprintf(fname, sizeof(fname), "%s/osu-providers.txt", dir);
+ osu = parse_osu_providers(fname, &osu_count);
+ if (osu == NULL) {
+ wpa_printf(MSG_INFO, "Could not any OSU providers from %s",
+ fname);
+ write_result(ctx, "No OSU providers available");
+ return -1;
+ }
+
+ if (friendly_name) {
+ for (i = 0; i < osu_count; i++) {
+ last = &osu[i];
+ for (j = 0; j < last->friendly_name_count; j++) {
+ if (os_strcmp(last->friendly_name[j].text,
+ friendly_name) == 0)
+ break;
+ }
+ if (j < last->friendly_name_count)
+ break;
+ }
+ if (i == osu_count) {
+ wpa_printf(MSG_INFO, "Requested operator friendly name '%s' not found in the list of available providers",
+ friendly_name);
+ write_summary(ctx, "Requested operator friendly name '%s' not found in the list of available providers",
+ friendly_name);
+ free(osu);
+ return -1;
+ }
+
+ wpa_printf(MSG_INFO, "OSU Provider selected based on requested operator friendly name '%s'",
+ friendly_name);
+ write_summary(ctx, "OSU Provider selected based on requested operator friendly name '%s'",
+ friendly_name);
+ ret = i + 1;
+ goto selected;
+ }
+
+ snprintf(fname, sizeof(fname), "%s/osu-providers.html", dir);
+ f = fopen(fname, "w");
+ if (f == NULL) {
+ wpa_printf(MSG_INFO, "Could not open %s", fname);
+ free(osu);
+ return -1;
+ }
+
+ fprintf(f, "<html><head>"
+ "<meta http-equiv=\"Content-type\" content=\"text/html; "
+ "charset=utf-8\"<title>Select service operator</title>"
+ "</head><body><h1>Select service operator</h1>\n");
+
+ if (osu_count == 0)
+ fprintf(f, "No online signup available\n");
+
+ for (i = 0; i < osu_count; i++) {
+ last = &osu[i];
+#ifdef ANDROID
+ fprintf(f, "<p>\n"
+ "<a href=\"http://localhost:12345/osu/%d\">"
+ "<table><tr><td>", (int) i + 1);
+#else /* ANDROID */
+ fprintf(f, "<p>\n"
+ "<a href=\"osu://%d\">"
+ "<table><tr><td>", (int) i + 1);
+#endif /* ANDROID */
+ for (j = 0; j < last->icon_count; j++) {
+ fprintf(f, "<img src=\"osu-icon-%d.%s\">\n",
+ last->icon[j].id,
+ strcasecmp(last->icon[j].mime_type,
+ "image/png") == 0 ? "png" : "icon");
+ }
+ fprintf(f, "<td>");
+ for (j = 0; j < last->friendly_name_count; j++) {
+ fprintf(f, "<small>[%s]</small> %s<br>\n",
+ last->friendly_name[j].lang,
+ last->friendly_name[j].text);
+ }
+ fprintf(f, "<tr><td colspan=2>");
+ for (j = 0; j < last->serv_desc_count; j++) {
+ fprintf(f, "<small>[%s]</small> %s<br>\n",
+ last->serv_desc[j].lang,
+ last->serv_desc[j].text);
+ }
+ fprintf(f, "</table></a><br><small>BSSID: %s<br>\n"
+ "SSID: %s<br>\n",
+ last->bssid, last->osu_ssid);
+ if (last->osu_nai)
+ fprintf(f, "NAI: %s<br>\n", last->osu_nai);
+ fprintf(f, "URL: %s<br>\n"
+ "methods:%s%s<br>\n"
+ "</small></p>\n",
+ last->url,
+ last->methods & 0x01 ? " OMA-DM" : "",
+ last->methods & 0x02 ? " SOAP-XML-SPP" : "");
+ }
+
+ fprintf(f, "</body></html>\n");
+
+ fclose(f);
+
+ snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
+ write_summary(ctx, "Start web browser with OSU provider selection page");
+ ret = hs20_web_browser(fname);
+
+selected:
+ if (ret > 0 && (size_t) ret <= osu_count) {
+ char *data;
+ size_t data_len;
+
+ wpa_printf(MSG_INFO, "Selected OSU id=%d", ret);
+ last = &osu[ret - 1];
+ ret = 0;
+ wpa_printf(MSG_INFO, "BSSID: %s", last->bssid);
+ wpa_printf(MSG_INFO, "SSID: %s", last->osu_ssid);
+ wpa_printf(MSG_INFO, "URL: %s", last->url);
+ write_summary(ctx, "Selected OSU provider id=%d BSSID=%s SSID=%s URL=%s",
+ ret, last->bssid, last->osu_ssid, last->url);
+
+ ctx->friendly_name_count = last->friendly_name_count;
+ for (j = 0; j < last->friendly_name_count; j++) {
+ wpa_printf(MSG_INFO, "FRIENDLY_NAME: [%s]%s",
+ last->friendly_name[j].lang,
+ last->friendly_name[j].text);
+ os_strlcpy(ctx->friendly_name[j].lang,
+ last->friendly_name[j].lang,
+ sizeof(ctx->friendly_name[j].lang));
+ os_strlcpy(ctx->friendly_name[j].text,
+ last->friendly_name[j].text,
+ sizeof(ctx->friendly_name[j].text));
+ }
+
+ ctx->icon_count = last->icon_count;
+ for (j = 0; j < last->icon_count; j++) {
+ char fname[256];
+
+ os_snprintf(fname, sizeof(fname), "%s/osu-icon-%d.%s",
+ dir, last->icon[j].id,
+ strcasecmp(last->icon[j].mime_type,
+ "image/png") == 0 ?
+ "png" : "icon");
+ wpa_printf(MSG_INFO, "ICON: %s (%s)",
+ fname, last->icon[j].filename);
+ os_strlcpy(ctx->icon_filename[j],
+ last->icon[j].filename,
+ sizeof(ctx->icon_filename[j]));
+
+ data = os_readfile(fname, &data_len);
+ if (data) {
+ sha256_vector(1, (const u8 **) &data, &data_len,
+ ctx->icon_hash[j]);
+ os_free(data);
+ }
+ }
+
+ if (connect == 2) {
+ if (last->methods & 0x02)
+ ret = cmd_prov(ctx, last->url);
+ else if (last->methods & 0x01)
+ ret = cmd_oma_dm_prov(ctx, last->url);
+ else
+ ret = -1;
+ } else if (connect)
+ ret = osu_connect(ctx, last->bssid, last->osu_ssid,
+ last->url, last->methods,
+ no_prod_assoc, last->osu_nai);
+ } else
+ ret = -1;
+
+ free(osu);
+
+ return ret;
+}
+
+
+static int cmd_signup(struct hs20_osu_client *ctx, int no_prod_assoc,
+ const char *friendly_name)
+{
+ char dir[255];
+ char fname[300], buf[400];
+ struct wpa_ctrl *mon;
+ const char *ifname;
+ int res;
+
+ ifname = ctx->ifname;
+
+ if (getcwd(dir, sizeof(dir)) == NULL)
+ return -1;
+
+ snprintf(fname, sizeof(fname), "%s/osu-info", dir);
+ if (mkdir(fname, S_IRWXU | S_IRWXG) < 0 && errno != EEXIST) {
+ wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
+ fname, strerror(errno));
+ return -1;
+ }
+
+ snprintf(buf, sizeof(buf), "SET osu_dir %s", fname);
+ if (wpa_command(ifname, buf) < 0) {
+ wpa_printf(MSG_INFO, "Failed to configure osu_dir to wpa_supplicant");
+ return -1;
+ }
+
+ mon = open_wpa_mon(ifname);
+ if (mon == NULL)
+ return -1;
+
+ wpa_printf(MSG_INFO, "Starting OSU fetch");
+ write_summary(ctx, "Starting OSU provider information fetch");
+ if (wpa_command(ifname, "FETCH_OSU") < 0) {
+ wpa_printf(MSG_INFO, "Could not start OSU fetch");
+ wpa_ctrl_detach(mon);
+ wpa_ctrl_close(mon);
+ return -1;
+ }
+ res = get_wpa_cli_event(mon, "OSU provider fetch completed",
+ buf, sizeof(buf));
+
+ wpa_ctrl_detach(mon);
+ wpa_ctrl_close(mon);
+
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "OSU fetch did not complete");
+ write_summary(ctx, "OSU fetch did not complete");
+ return -1;
+ }
+ wpa_printf(MSG_INFO, "OSU provider fetch completed");
+
+ return cmd_osu_select(ctx, fname, 1, no_prod_assoc, friendly_name);
+}
+
+
+static int cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
+ const char *pps_fname, const char *ca_fname)
+{
+ xml_node_t *pps, *node;
+ char pps_fname_buf[300];
+ char ca_fname_buf[200];
+ char *cred_username = NULL;
+ char *cred_password = NULL;
+ char *sub_rem_uri = NULL;
+ char client_cert_buf[200];
+ char *client_cert = NULL;
+ char client_key_buf[200];
+ char *client_key = NULL;
+ int spp;
+
+ wpa_printf(MSG_INFO, "Subscription remediation requested with Server URL: %s",
+ address);
+
+ if (!pps_fname) {
+ char buf[256];
+ wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
+ if (os_strncmp(address, "fqdn=", 5) == 0) {
+ wpa_printf(MSG_INFO, "Use requested FQDN from command line");
+ os_snprintf(buf, sizeof(buf), "%s", address + 5);
+ address = NULL;
+ } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
+ sizeof(buf)) < 0) {
+ wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
+ return -1;
+ }
+ os_free(ctx->fqdn);
+ ctx->fqdn = os_strdup(buf);
+ if (ctx->fqdn == NULL)
+ return -1;
+ wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
+ buf);
+ os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
+ "SP/%s/pps.xml", ctx->fqdn);
+ pps_fname = pps_fname_buf;
+
+ os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
+ ctx->fqdn);
+ ca_fname = ca_fname_buf;
+ }
+
+ if (!os_file_exists(pps_fname)) {
+ wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
+ pps_fname);
+ return -1;
+ }
+ wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
+
+ if (ca_fname && !os_file_exists(ca_fname)) {
+ wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
+ ca_fname);
+ return -1;
+ }
+ wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
+ ctx->ca_fname = ca_fname;
+
+ pps = node_from_file(ctx->xml, pps_fname);
+ if (pps == NULL) {
+ wpa_printf(MSG_INFO, "Could not read PPS MO");
+ return -1;
+ }
+
+ if (!ctx->fqdn) {
+ char *tmp;
+ node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
+ return -1;
+ }
+ tmp = xml_node_get_text(ctx->xml, node);
+ if (tmp == NULL) {
+ wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
+ return -1;
+ }
+ ctx->fqdn = os_strdup(tmp);
+ xml_node_get_text_free(ctx->xml, tmp);
+ if (!ctx->fqdn) {
+ wpa_printf(MSG_INFO, "No FQDN known");
+ return -1;
+ }
+ }
+
+ node = get_child_node(ctx->xml, pps,
+ "SubscriptionUpdate/UpdateMethod");
+ if (node) {
+ char *tmp;
+ tmp = xml_node_get_text(ctx->xml, node);
+ if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
+ spp = 0;
+ else
+ spp = 1;
+ } else {
+ wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
+ spp = 1;
+ }
+
+ get_user_pw(ctx, pps, "SubscriptionUpdate/UsernamePassword",
+ &cred_username, &cred_password);
+ if (cred_username)
+ wpa_printf(MSG_INFO, "Using username: %s", cred_username);
+ if (cred_password)
+ wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
+
+ if (cred_username == NULL && cred_password == NULL &&
+ get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
+ wpa_printf(MSG_INFO, "Using client certificate");
+ os_snprintf(client_cert_buf, sizeof(client_cert_buf),
+ "SP/%s/client-cert.pem", ctx->fqdn);
+ client_cert = client_cert_buf;
+ os_snprintf(client_key_buf, sizeof(client_key_buf),
+ "SP/%s/client-key.pem", ctx->fqdn);
+ client_key = client_key_buf;
+ ctx->client_cert_present = 1;
+ }
+
+ node = get_child_node(ctx->xml, pps, "SubscriptionUpdate/URI");
+ if (node) {
+ sub_rem_uri = xml_node_get_text(ctx->xml, node);
+ if (sub_rem_uri &&
+ (!address || os_strcmp(address, sub_rem_uri) != 0)) {
+ wpa_printf(MSG_INFO, "Override sub rem URI based on PPS: %s",
+ sub_rem_uri);
+ address = sub_rem_uri;
+ }
+ }
+ if (!address) {
+ wpa_printf(MSG_INFO, "Server URL not known");
+ return -1;
+ }
+
+ write_summary(ctx, "Wait for IP address for subscriptiom remediation");
+ wpa_printf(MSG_INFO, "Wait for IP address before starting subscription remediation");
+
+ if (wait_ip_addr(ctx->ifname, 15) < 0) {
+ wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
+ }
+
+ if (spp)
+ spp_sub_rem(ctx, address, pps_fname,
+ client_cert, client_key,
+ cred_username, cred_password, pps);
+ else
+ oma_dm_sub_rem(ctx, address, pps_fname,
+ client_cert, client_key,
+ cred_username, cred_password, pps);
+
+ xml_node_get_text_free(ctx->xml, sub_rem_uri);
+ xml_node_get_text_free(ctx->xml, cred_username);
+ str_clear_free(cred_password);
+ xml_node_free(ctx->xml, pps);
+ return 0;
+}
+
+
+static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
+ const char *pps_fname, const char *ca_fname)
+{
+ xml_node_t *pps;
+ xml_node_t *node;
+ char pps_fname_buf[300];
+ char ca_fname_buf[200];
+ char *uri = NULL;
+ char *cred_username = NULL;
+ char *cred_password = NULL;
+ char client_cert_buf[200];
+ char *client_cert = NULL;
+ char client_key_buf[200];
+ char *client_key = NULL;
+ int spp;
+
+ wpa_printf(MSG_INFO, "Policy update requested");
+
+ if (!pps_fname) {
+ char buf[256];
+ wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
+ if (os_strncmp(address, "fqdn=", 5) == 0) {
+ wpa_printf(MSG_INFO, "Use requested FQDN from command line");
+ os_snprintf(buf, sizeof(buf), "%s", address + 5);
+ address = NULL;
+ } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
+ sizeof(buf)) < 0) {
+ wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
+ return -1;
+ }
+ os_free(ctx->fqdn);
+ ctx->fqdn = os_strdup(buf);
+ if (ctx->fqdn == NULL)
+ return -1;
+ wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
+ buf);
+ os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
+ "SP/%s/pps.xml", ctx->fqdn);
+ pps_fname = pps_fname_buf;
+
+ os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
+ buf);
+ ca_fname = ca_fname_buf;
+ }
+
+ if (!os_file_exists(pps_fname)) {
+ wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
+ pps_fname);
+ return -1;
+ }
+ wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
+
+ if (ca_fname && !os_file_exists(ca_fname)) {
+ wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
+ ca_fname);
+ return -1;
+ }
+ wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
+ ctx->ca_fname = ca_fname;
+
+ pps = node_from_file(ctx->xml, pps_fname);
+ if (pps == NULL) {
+ wpa_printf(MSG_INFO, "Could not read PPS MO");
+ return -1;
+ }
+
+ if (!ctx->fqdn) {
+ char *tmp;
+ node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
+ if (node == NULL) {
+ wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
+ return -1;
+ }
+ tmp = xml_node_get_text(ctx->xml, node);
+ if (tmp == NULL) {
+ wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
+ return -1;
+ }
+ ctx->fqdn = os_strdup(tmp);
+ xml_node_get_text_free(ctx->xml, tmp);
+ if (!ctx->fqdn) {
+ wpa_printf(MSG_INFO, "No FQDN known");
+ return -1;
+ }
+ }
+
+ node = get_child_node(ctx->xml, pps,
+ "Policy/PolicyUpdate/UpdateMethod");
+ if (node) {
+ char *tmp;
+ tmp = xml_node_get_text(ctx->xml, node);
+ if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
+ spp = 0;
+ else
+ spp = 1;
+ } else {
+ wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
+ spp = 1;
+ }
+
+ get_user_pw(ctx, pps, "Policy/PolicyUpdate/UsernamePassword",
+ &cred_username, &cred_password);
+ if (cred_username)
+ wpa_printf(MSG_INFO, "Using username: %s", cred_username);
+ if (cred_password)
+ wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
+
+ if (cred_username == NULL && cred_password == NULL &&
+ get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
+ wpa_printf(MSG_INFO, "Using client certificate");
+ os_snprintf(client_cert_buf, sizeof(client_cert_buf),
+ "SP/%s/client-cert.pem", ctx->fqdn);
+ client_cert = client_cert_buf;
+ os_snprintf(client_key_buf, sizeof(client_key_buf),
+ "SP/%s/client-key.pem", ctx->fqdn);
+ client_key = client_key_buf;
+ }
+
+ if (!address) {
+ node = get_child_node(ctx->xml, pps, "Policy/PolicyUpdate/URI");
+ if (node) {
+ uri = xml_node_get_text(ctx->xml, node);
+ wpa_printf(MSG_INFO, "URI based on PPS: %s", uri);
+ address = uri;
+ }
+ }
+ if (!address) {
+ wpa_printf(MSG_INFO, "Server URL not known");
+ return -1;
+ }
+
+ if (spp)
+ spp_pol_upd(ctx, address, pps_fname,
+ client_cert, client_key,
+ cred_username, cred_password, pps);
+ else
+ oma_dm_pol_upd(ctx, address, pps_fname,
+ client_cert, client_key,
+ cred_username, cred_password, pps);
+
+ xml_node_get_text_free(ctx->xml, uri);
+ xml_node_get_text_free(ctx->xml, cred_username);
+ str_clear_free(cred_password);
+ xml_node_free(ctx->xml, pps);
+
+ return 0;
+}
+
+
+static char * get_hostname(const char *url)
+{
+ const char *pos, *end, *end2;
+ char *ret;
+
+ if (url == NULL)
+ return NULL;
+
+ pos = os_strchr(url, '/');
+ if (pos == NULL)
+ return NULL;
+ pos++;
+ if (*pos != '/')
+ return NULL;
+ pos++;
+
+ end = os_strchr(pos, '/');
+ end2 = os_strchr(pos, ':');
+ if (end && end2 && end2 < end)
+ end = end2;
+ if (end)
+ end--;
+ else {
+ end = pos;
+ while (*end)
+ end++;
+ if (end > pos)
+ end--;
+ }
+
+ ret = os_malloc(end - pos + 2);
+ if (ret == NULL)
+ return NULL;
+
+ os_memcpy(ret, pos, end - pos + 1);
+ ret[end - pos + 1] = '\0';
+
+ return ret;
+}
+
+
+static int osu_cert_cb(void *_ctx, struct http_cert *cert)
+{
+ struct hs20_osu_client *ctx = _ctx;
+ unsigned int i, j;
+ int found;
+ char *host = NULL;
+
+ wpa_printf(MSG_INFO, "osu_cert_cb(osu_cert_validation=%d)",
+ !ctx->no_osu_cert_validation);
+
+ host = get_hostname(ctx->server_url);
+
+ for (i = 0; i < ctx->server_dnsname_count; i++)
+ os_free(ctx->server_dnsname[i]);
+ os_free(ctx->server_dnsname);
+ ctx->server_dnsname = os_calloc(cert->num_dnsname, sizeof(char *));
+ ctx->server_dnsname_count = 0;
+
+ found = 0;
+ for (i = 0; i < cert->num_dnsname; i++) {
+ if (ctx->server_dnsname) {
+ ctx->server_dnsname[ctx->server_dnsname_count] =
+ os_strdup(cert->dnsname[i]);
+ if (ctx->server_dnsname[ctx->server_dnsname_count])
+ ctx->server_dnsname_count++;
+ }
+ if (host && os_strcasecmp(host, cert->dnsname[i]) == 0)
+ found = 1;
+ wpa_printf(MSG_INFO, "dNSName '%s'", cert->dnsname[i]);
+ }
+
+ if (host && !found) {
+ wpa_printf(MSG_INFO, "Server name from URL (%s) did not match any dNSName - abort connection",
+ host);
+ write_result(ctx, "Server name from URL (%s) did not match any dNSName - abort connection",
+ host);
+ os_free(host);
+ return -1;
+ }
+
+ os_free(host);
+
+ for (i = 0; i < cert->num_othername; i++) {
+ if (os_strcmp(cert->othername[i].oid,
+ "1.3.6.1.4.1.40808.1.1.1") == 0) {
+ wpa_hexdump_ascii(MSG_INFO,
+ "id-wfa-hotspot-friendlyName",
+ cert->othername[i].data,
+ cert->othername[i].len);
+ }
+ }
+
+ for (j = 0; !ctx->no_osu_cert_validation &&
+ j < ctx->friendly_name_count; j++) {
+ int found = 0;
+ for (i = 0; i < cert->num_othername; i++) {
+ if (os_strcmp(cert->othername[i].oid,
+ "1.3.6.1.4.1.40808.1.1.1") != 0)
+ continue;
+ if (cert->othername[i].len < 3)
+ continue;
+ if (os_strncasecmp((char *) cert->othername[i].data,
+ ctx->friendly_name[j].lang, 3) != 0)
+ continue;
+ if (os_strncmp((char *) cert->othername[i].data + 3,
+ ctx->friendly_name[j].text,
+ cert->othername[i].len - 3) == 0) {
+ found = 1;
+ break;
+ }
+ }
+
+ if (!found) {
+ wpa_printf(MSG_INFO, "No friendly name match found for '[%s]%s'",
+ ctx->friendly_name[j].lang,
+ ctx->friendly_name[j].text);
+ write_result(ctx, "No friendly name match found for '[%s]%s'",
+ ctx->friendly_name[j].lang,
+ ctx->friendly_name[j].text);
+ return -1;
+ }
+ }
+
+ for (i = 0; i < cert->num_logo; i++) {
+ struct http_logo *logo = &cert->logo[i];
+
+ wpa_printf(MSG_INFO, "logo hash alg %s uri '%s'",
+ logo->alg_oid, logo->uri);
+ wpa_hexdump_ascii(MSG_INFO, "hashValue",
+ logo->hash, logo->hash_len);
+ }
+
+ for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
+ int found = 0;
+ char *name = ctx->icon_filename[j];
+ size_t name_len = os_strlen(name);
+
+ wpa_printf(MSG_INFO, "Looking for icon file name '%s' match",
+ name);
+ for (i = 0; i < cert->num_logo; i++) {
+ struct http_logo *logo = &cert->logo[i];
+ size_t uri_len = os_strlen(logo->uri);
+ char *pos;
+
+ wpa_printf(MSG_INFO, "Comparing to '%s' uri_len=%d name_len=%d",
+ logo->uri, (int) uri_len, (int) name_len);
+ if (uri_len < 1 + name_len)
+ continue;
+ pos = &logo->uri[uri_len - name_len - 1];
+ if (*pos != '/')
+ continue;
+ pos++;
+ if (os_strcmp(pos, name) == 0) {
+ found = 1;
+ break;
+ }
+ }
+
+ if (!found) {
+ wpa_printf(MSG_INFO, "No icon filename match found for '%s'",
+ name);
+ write_result(ctx,
+ "No icon filename match found for '%s'",
+ name);
+ return -1;
+ }
+ }
+
+ for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
+ int found = 0;
+
+ for (i = 0; i < cert->num_logo; i++) {
+ struct http_logo *logo = &cert->logo[i];
+
+ if (logo->hash_len != 32)
+ continue;
+ if (os_memcmp(logo->hash, ctx->icon_hash[j], 32) == 0) {
+ found = 1;
+ break;
+ }
+ }
+
+ if (!found) {
+ wpa_printf(MSG_INFO, "No icon hash match found");
+ write_result(ctx, "No icon hash match found");
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+
+static int init_ctx(struct hs20_osu_client *ctx)
+{
+ xml_node_t *devinfo, *devid;
+
+ os_memset(ctx, 0, sizeof(*ctx));
+ ctx->ifname = "wlan0";
+ ctx->xml = xml_node_init_ctx(ctx, NULL);
+ if (ctx->xml == NULL)
+ return -1;
+
+ devinfo = node_from_file(ctx->xml, "devinfo.xml");
+ if (!devinfo) {
+ wpa_printf(MSG_ERROR, "devinfo.xml not found");
+ return -1;
+ }
+
+ devid = get_node(ctx->xml, devinfo, "DevId");
+ if (devid) {
+ char *tmp = xml_node_get_text(ctx->xml, devid);
+ if (tmp) {
+ ctx->devid = os_strdup(tmp);
+ xml_node_get_text_free(ctx->xml, tmp);
+ }
+ }
+ xml_node_free(ctx->xml, devinfo);
+
+ if (ctx->devid == NULL) {
+ wpa_printf(MSG_ERROR, "Could not fetch DevId from devinfo.xml");
+ return -1;
+ }
+
+ ctx->http = http_init_ctx(ctx, ctx->xml);
+ if (ctx->http == NULL) {
+ xml_node_deinit_ctx(ctx->xml);
+ return -1;
+ }
+ http_ocsp_set(ctx->http, 2);
+ http_set_cert_cb(ctx->http, osu_cert_cb, ctx);
+
+ return 0;
+}
+
+
+static void deinit_ctx(struct hs20_osu_client *ctx)
+{
+ size_t i;
+
+ http_deinit_ctx(ctx->http);
+ xml_node_deinit_ctx(ctx->xml);
+ os_free(ctx->fqdn);
+ os_free(ctx->server_url);
+ os_free(ctx->devid);
+
+ for (i = 0; i < ctx->server_dnsname_count; i++)
+ os_free(ctx->server_dnsname[i]);
+ os_free(ctx->server_dnsname);
+}
+
+
+static void check_workarounds(struct hs20_osu_client *ctx)
+{
+ FILE *f;
+ char buf[100];
+ unsigned long int val = 0;
+
+ f = fopen("hs20-osu-client.workarounds", "r");
+ if (f == NULL)
+ return;
+
+ if (fgets(buf, sizeof(buf), f))
+ val = strtoul(buf, NULL, 16);
+
+ fclose(f);
+
+ if (val) {
+ wpa_printf(MSG_INFO, "Workarounds enabled: 0x%lx", val);
+ ctx->workarounds = val;
+ if (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL)
+ http_ocsp_set(ctx->http, 1);
+ }
+}
+
+
+static void usage(void)
+{
+ printf("usage: hs20-osu-client [-dddqqKt] [-S<station ifname>] \\\n"
+ " [-w<wpa_supplicant ctrl_iface dir>] "
+ "[-r<result file>] [-f<debug file>] \\\n"
+ " [-s<summary file>] \\\n"
+ " <command> [arguments..]\n"
+ "commands:\n"
+ "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n"
+ "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) "
+ "[URN]>\n"
+ "- from_tnds <XML MO in TNDS format> <XML MO>\n"
+ "- set_pps <PerProviderSubscription XML file name>\n"
+ "- get_fqdn <PerProviderSubscription XML file name>\n"
+ "- pol_upd [Server URL] [PPS] [CA cert]\n"
+ "- sub_rem <Server URL> [PPS] [CA cert]\n"
+ "- prov <Server URL> [CA cert]\n"
+ "- oma_dm_prov <Server URL> [CA cert]\n"
+ "- sim_prov <Server URL> [CA cert]\n"
+ "- oma_dm_sim_prov <Server URL> [CA cert]\n"
+ "- signup [CA cert]\n"
+ "- dl_osu_ca <PPS> <CA file>\n"
+ "- dl_polupd_ca <PPS> <CA file>\n"
+ "- dl_aaa_ca <PPS> <CA file>\n"
+ "- browser <URL>\n"
+ "- parse_cert <X.509 certificate (DER)>\n"
+ "- osu_select <OSU info directory> [CA cert]\n");
+}
+
+
+int main(int argc, char *argv[])
+{
+ struct hs20_osu_client ctx;
+ int c;
+ int ret = 0;
+ int no_prod_assoc = 0;
+ const char *friendly_name = NULL;
+ const char *wpa_debug_file_path = NULL;
+ extern char *wpas_ctrl_path;
+ extern int wpa_debug_level;
+ extern int wpa_debug_show_keys;
+ extern int wpa_debug_timestamp;
+
+ if (init_ctx(&ctx) < 0)
+ return -1;
+
+ for (;;) {
+ c = getopt(argc, argv, "df:hi:KNO:qr:s:S:tw:");
+ if (c < 0)
+ break;
+ switch (c) {
+ case 'd':
+ if (wpa_debug_level > 0)
+ wpa_debug_level--;
+ break;
+ case 'f':
+ wpa_debug_file_path = optarg;
+ break;
+ case 'K':
+ wpa_debug_show_keys++;
+ break;
+ case 'N':
+ no_prod_assoc = 1;
+ break;
+ case 'O':
+ friendly_name = optarg;
+ break;
+ case 'q':
+ wpa_debug_level++;
+ break;
+ case 'r':
+ ctx.result_file = optarg;
+ break;
+ case 's':
+ ctx.summary_file = optarg;
+ break;
+ case 'S':
+ ctx.ifname = optarg;
+ break;
+ case 't':
+ wpa_debug_timestamp++;
+ break;
+ case 'w':
+ wpas_ctrl_path = optarg;
+ break;
+ case 'h':
+ default:
+ usage();
+ exit(0);
+ break;
+ }
+ }
+
+ if (argc - optind < 1) {
+ usage();
+ exit(0);
+ }
+
+ wpa_debug_open_file(wpa_debug_file_path);
+
+#ifdef __linux__
+ setlinebuf(stdout);
+#endif /* __linux__ */
+
+ if (ctx.result_file)
+ unlink(ctx.result_file);
+ wpa_printf(MSG_DEBUG, "===[hs20-osu-client START - command: %s ]======"
+ "================", argv[optind]);
+ check_workarounds(&ctx);
+
+ if (strcmp(argv[optind], "to_tnds") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
+ argc > optind + 3 ? argv[optind + 3] : NULL,
+ 0);
+ } else if (strcmp(argv[optind], "to_tnds2") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
+ argc > optind + 3 ? argv[optind + 3] : NULL,
+ 1);
+ } else if (strcmp(argv[optind], "from_tnds") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ cmd_from_tnds(&ctx, argv[optind + 1], argv[optind + 2]);
+ } else if (strcmp(argv[optind], "sub_rem") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ if (argc - optind < 2)
+ wpa_printf(MSG_ERROR, "Server URL missing from command line");
+ else
+ ret = cmd_sub_rem(&ctx, argv[optind + 1],
+ argc > optind + 2 ?
+ argv[optind + 2] : NULL,
+ argc > optind + 3 ?
+ argv[optind + 3] : NULL);
+ } else if (strcmp(argv[optind], "pol_upd") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ ret = cmd_pol_upd(&ctx, argc > 2 ? argv[optind + 1] : NULL,
+ argc > optind + 2 ? argv[optind + 2] : NULL,
+ argc > optind + 3 ? argv[optind + 3] : NULL);
+ } else if (strcmp(argv[optind], "prov") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ ctx.ca_fname = argv[optind + 2];
+ cmd_prov(&ctx, argv[optind + 1]);
+ } else if (strcmp(argv[optind], "sim_prov") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ ctx.ca_fname = argv[optind + 2];
+ cmd_sim_prov(&ctx, argv[optind + 1]);
+ } else if (strcmp(argv[optind], "dl_osu_ca") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ cmd_dl_osu_ca(&ctx, argv[optind + 1], argv[optind + 2]);
+ } else if (strcmp(argv[optind], "dl_polupd_ca") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ cmd_dl_polupd_ca(&ctx, argv[optind + 1], argv[optind + 2]);
+ } else if (strcmp(argv[optind], "dl_aaa_ca") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ cmd_dl_aaa_ca(&ctx, argv[optind + 1], argv[optind + 2]);
+ } else if (strcmp(argv[optind], "osu_select") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ ctx.ca_fname = argc > optind + 2 ? argv[optind + 2] : NULL;
+ cmd_osu_select(&ctx, argv[optind + 1], 2, 1, NULL);
+ } else if (strcmp(argv[optind], "signup") == 0) {
+ ctx.ca_fname = argc > optind + 1 ? argv[optind + 1] : NULL;
+ ret = cmd_signup(&ctx, no_prod_assoc, friendly_name);
+ } else if (strcmp(argv[optind], "set_pps") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ cmd_set_pps(&ctx, argv[optind + 1]);
+ } else if (strcmp(argv[optind], "get_fqdn") == 0) {
+ if (argc - optind < 1) {
+ usage();
+ exit(0);
+ }
+ ret = cmd_get_fqdn(&ctx, argv[optind + 1]);
+ } else if (strcmp(argv[optind], "oma_dm_prov") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ ctx.ca_fname = argv[optind + 2];
+ cmd_oma_dm_prov(&ctx, argv[optind + 1]);
+ } else if (strcmp(argv[optind], "oma_dm_sim_prov") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ ctx.ca_fname = argv[optind + 2];
+ if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1]) < 0) {
+ write_summary(&ctx, "Failed to complete OMA DM SIM provisioning");
+ return -1;
+ }
+ } else if (strcmp(argv[optind], "oma_dm_add") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ cmd_oma_dm_add(&ctx, argv[optind + 1], argv[optind + 2]);
+ } else if (strcmp(argv[optind], "oma_dm_replace") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ cmd_oma_dm_replace(&ctx, argv[optind + 1], argv[optind + 2]);
+ } else if (strcmp(argv[optind], "est_csr") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+ mkdir("Cert", S_IRWXU);
+ est_build_csr(&ctx, argv[optind + 1]);
+ } else if (strcmp(argv[optind], "browser") == 0) {
+ int ret;
+
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+
+ wpa_printf(MSG_INFO, "Launch web browser to URL %s",
+ argv[optind + 1]);
+ ret = hs20_web_browser(argv[optind + 1]);
+ wpa_printf(MSG_INFO, "Web browser result: %d", ret);
+ } else if (strcmp(argv[optind], "parse_cert") == 0) {
+ if (argc - optind < 2) {
+ usage();
+ exit(0);
+ }
+
+ wpa_debug_level = MSG_MSGDUMP;
+ http_parse_x509_certificate(ctx.http, argv[optind + 1]);
+ wpa_debug_level = MSG_INFO;
+ } else {
+ wpa_printf(MSG_INFO, "Unknown command '%s'", argv[optind]);
+ }
+
+ deinit_ctx(&ctx);
+ wpa_printf(MSG_DEBUG,
+ "===[hs20-osu-client END ]======================");
+
+ wpa_debug_close_file();
+
+ return ret;
+}
diff --git a/hs20/client/osu_client.h b/hs20/client/osu_client.h
new file mode 100644
index 000000000000..9a7059edfddb
--- /dev/null
+++ b/hs20/client/osu_client.h
@@ -0,0 +1,118 @@
+/*
+ * Hotspot 2.0 - OSU client
+ * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef OSU_CLIENT_H
+#define OSU_CLIENT_H
+
+#define SPP_NS_URI "http://www.wi-fi.org/specifications/hotspot2dot0/v1.0/spp"
+
+#define URN_OMA_DM_DEVINFO "urn:oma:mo:oma-dm-devinfo:1.0"
+#define URN_OMA_DM_DEVDETAIL "urn:oma:mo:oma-dm-devdetail:1.0"
+#define URN_HS20_DEVDETAIL_EXT "urn:wfa:mo-ext:hotspot2dot0-devdetail-ext:1.0"
+#define URN_HS20_PPS "urn:wfa:mo:hotspot2dot0-perprovidersubscription:1.0"
+
+
+#define MAX_OSU_VALS 10
+
+struct osu_lang_text {
+ char lang[4];
+ char text[253];
+};
+
+struct hs20_osu_client {
+ struct xml