1 /*
2  * hostapd / Configuration helper functions
3  * Copyright (c) 2003-2024, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 
11 #include "utils/common.h"
12 #include "crypto/sha1.h"
13 #include "crypto/tls.h"
14 #include "radius/radius_client.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/ieee802_1x_defs.h"
17 #include "common/eapol_common.h"
18 #include "common/dhcp.h"
19 #include "common/sae.h"
20 #include "eap_common/eap_wsc_common.h"
21 #include "eap_server/eap.h"
22 #include "wpa_auth.h"
23 #include "sta_info.h"
24 #include "airtime_policy.h"
25 #include "ap_config.h"
26 
27 
hostapd_config_free_vlan(struct hostapd_bss_config * bss)28 static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)
29 {
30           struct hostapd_vlan *vlan, *prev;
31 
32           vlan = bss->vlan;
33           prev = NULL;
34           while (vlan) {
35                     prev = vlan;
36                     vlan = vlan->next;
37                     os_free(prev);
38           }
39 
40           bss->vlan = NULL;
41 }
42 
43 
44 #ifndef DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES
45 #define DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES 0
46 #endif /* DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES */
47 
hostapd_config_defaults_bss(struct hostapd_bss_config * bss)48 void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
49 {
50           dl_list_init(&bss->anqp_elem);
51 
52           bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;
53           bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;
54           bss->logger_syslog = (unsigned int) -1;
55           bss->logger_stdout = (unsigned int) -1;
56 
57 #ifdef CONFIG_WEP
58           bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;
59 
60           bss->wep_rekeying_period = 300;
61           /* use key0 in individual key and key1 in broadcast key */
62           bss->broadcast_key_idx_min = 1;
63           bss->broadcast_key_idx_max = 2;
64 #else /* CONFIG_WEP */
65           bss->auth_algs = WPA_AUTH_ALG_OPEN;
66 #endif /* CONFIG_WEP */
67           bss->eap_reauth_period = 3600;
68 
69           bss->wpa_group_rekey = 600;
70           bss->wpa_gmk_rekey = 86400;
71           bss->wpa_deny_ptk0_rekey = PTK0_REKEY_ALLOW_ALWAYS;
72           bss->wpa_group_update_count = 4;
73           bss->wpa_pairwise_update_count = 4;
74           bss->wpa_disable_eapol_key_retries =
75                     DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
76           bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
77 #ifdef CONFIG_NO_TKIP
78           bss->wpa_pairwise = WPA_CIPHER_CCMP;
79           bss->wpa_group = WPA_CIPHER_CCMP;
80 #else /* CONFIG_NO_TKIP */
81           bss->wpa_pairwise = WPA_CIPHER_TKIP;
82           bss->wpa_group = WPA_CIPHER_TKIP;
83 #endif /* CONFIG_NO_TKIP */
84           bss->rsn_pairwise = 0;
85 
86           bss->max_num_sta = MAX_STA_COUNT;
87 
88           bss->dtim_period = 2;
89 
90           bss->radius_server_auth_port = 1812;
91           bss->eap_sim_db_timeout = 1;
92           bss->eap_sim_id = 3;
93           bss->eap_sim_aka_fast_reauth_limit = 1000;
94           bss->ap_max_inactivity = AP_MAX_INACTIVITY;
95           bss->bss_max_idle = 1;
96           bss->eapol_version = EAPOL_VERSION;
97 
98           bss->max_listen_interval = 65535;
99 
100           bss->pwd_group = 19; /* ECC: GF(p=256) */
101 
102           bss->assoc_sa_query_max_timeout = 1000;
103           bss->assoc_sa_query_retry_timeout = 201;
104           bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
105 #ifdef EAP_SERVER_FAST
106            /* both anonymous and authenticated provisioning */
107           bss->eap_fast_prov = 3;
108           bss->pac_key_lifetime = 7 * 24 * 60 * 60;
109           bss->pac_key_refresh_time = 1 * 24 * 60 * 60;
110 #endif /* EAP_SERVER_FAST */
111 
112           /* Set to -1 as defaults depends on HT in setup */
113           bss->wmm_enabled = -1;
114 
115 #ifdef CONFIG_IEEE80211R_AP
116           bss->ft_over_ds = 1;
117           bss->rkh_pos_timeout = 86400;
118           bss->rkh_neg_timeout = 60;
119           bss->rkh_pull_timeout = 1000;
120           bss->rkh_pull_retries = 4;
121           bss->r0_key_lifetime = 1209600;
122 #endif /* CONFIG_IEEE80211R_AP */
123 
124           bss->radius_das_time_window = 300;
125           bss->radius_require_message_authenticator = 1;
126 
127           bss->anti_clogging_threshold = 5;
128           bss->sae_sync = 3;
129 
130           bss->gas_frag_limit = 1400;
131 
132 #ifdef CONFIG_FILS
133           dl_list_init(&bss->fils_realms);
134           bss->fils_hlp_wait_time = 30;
135           bss->dhcp_server_port = DHCP_SERVER_PORT;
136           bss->dhcp_relay_port = DHCP_SERVER_PORT;
137           bss->fils_discovery_min_int = 20;
138 #endif /* CONFIG_FILS */
139 
140           bss->broadcast_deauth = 1;
141 
142 #ifdef CONFIG_MBO
143           bss->mbo_cell_data_conn_pref = -1;
144 #endif /* CONFIG_MBO */
145 
146           /* Disable TLS v1.3 by default for now to avoid interoperability issue.
147            * This can be enabled by default once the implementation has been fully
148            * completed and tested with other implementations. */
149           bss->tls_flags = TLS_CONN_DISABLE_TLSv1_3;
150 
151           bss->max_auth_rounds = 100;
152           bss->max_auth_rounds_short = 50;
153 
154           bss->send_probe_response = 1;
155 
156 #ifdef CONFIG_HS20
157           bss->hs20_release = (HS20_VERSION >> 4) + 1;
158 #endif /* CONFIG_HS20 */
159 
160 #ifdef CONFIG_MACSEC
161           bss->mka_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
162           bss->macsec_port = 1;
163 #endif /* CONFIG_MACSEC */
164 
165           /* Default to strict CRL checking. */
166           bss->check_crl_strict = 1;
167 
168           bss->multi_ap_profile = MULTI_AP_PROFILE_2;
169 
170 #ifdef CONFIG_TESTING_OPTIONS
171           bss->sae_commit_status = -1;
172           bss->test_assoc_comeback_type = -1;
173 #endif /* CONFIG_TESTING_OPTIONS */
174 
175 #ifdef CONFIG_PASN
176           /* comeback after 10 TUs */
177           bss->pasn_comeback_after = 10;
178           bss->pasn_noauth = 1;
179 #endif /* CONFIG_PASN */
180 }
181 
182 
hostapd_config_defaults(void)183 struct hostapd_config * hostapd_config_defaults(void)
184 {
185 #define ecw2cw(ecw) ((1 << (ecw)) - 1)
186 
187           struct hostapd_config *conf;
188           struct hostapd_bss_config *bss;
189           const int aCWmin = 4, aCWmax = 10;
190           const struct hostapd_wmm_ac_params ac_bk =
191                     { aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
192           const struct hostapd_wmm_ac_params ac_be =
193                     { aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
194           const struct hostapd_wmm_ac_params ac_vi = /* video traffic */
195                     { aCWmin - 1, aCWmin, 2, 3008 / 32, 0 };
196           const struct hostapd_wmm_ac_params ac_vo = /* voice traffic */
197                     { aCWmin - 2, aCWmin - 1, 2, 1504 / 32, 0 };
198           const struct hostapd_tx_queue_params txq_bk =
199                     { 7, ecw2cw(aCWmin), ecw2cw(aCWmax), 0 };
200           const struct hostapd_tx_queue_params txq_be =
201                     { 3, ecw2cw(aCWmin), 4 * (ecw2cw(aCWmin) + 1) - 1, 0};
202           const struct hostapd_tx_queue_params txq_vi =
203                     { 1, (ecw2cw(aCWmin) + 1) / 2 - 1, ecw2cw(aCWmin), 30};
204           const struct hostapd_tx_queue_params txq_vo =
205                     { 1, (ecw2cw(aCWmin) + 1) / 4 - 1,
206                       (ecw2cw(aCWmin) + 1) / 2 - 1, 15};
207 
208 #undef ecw2cw
209 
210           conf = os_zalloc(sizeof(*conf));
211           bss = os_zalloc(sizeof(*bss));
212           if (conf == NULL || bss == NULL) {
213                     wpa_printf(MSG_ERROR, "Failed to allocate memory for "
214                                  "configuration data.");
215                     os_free(conf);
216                     os_free(bss);
217                     return NULL;
218           }
219           conf->bss = os_calloc(1, sizeof(struct hostapd_bss_config *));
220           if (conf->bss == NULL) {
221                     os_free(conf);
222                     os_free(bss);
223                     return NULL;
224           }
225           conf->bss[0] = bss;
226 
227           bss->radius = os_zalloc(sizeof(*bss->radius));
228           if (bss->radius == NULL) {
229                     os_free(conf->bss);
230                     os_free(conf);
231                     os_free(bss);
232                     return NULL;
233           }
234 
235           hostapd_config_defaults_bss(bss);
236 
237           conf->num_bss = 1;
238 
239           conf->beacon_int = 100;
240           conf->rts_threshold = -2; /* use driver default: 2347 */
241           conf->fragm_threshold = -2; /* user driver default: 2346 */
242           /* Set to invalid value means do not add Power Constraint IE */
243           conf->local_pwr_constraint = -1;
244 
245           conf->wmm_ac_params[0] = ac_be;
246           conf->wmm_ac_params[1] = ac_bk;
247           conf->wmm_ac_params[2] = ac_vi;
248           conf->wmm_ac_params[3] = ac_vo;
249 
250           conf->tx_queue[0] = txq_vo;
251           conf->tx_queue[1] = txq_vi;
252           conf->tx_queue[2] = txq_be;
253           conf->tx_queue[3] = txq_bk;
254 
255           conf->ht_capab = HT_CAP_INFO_SMPS_DISABLED;
256 
257           conf->ap_table_max_size = 255;
258           conf->ap_table_expiration_time = 60;
259           conf->track_sta_max_age = 180;
260 
261 #ifdef CONFIG_TESTING_OPTIONS
262           conf->ignore_probe_probability = 0.0;
263           conf->ignore_auth_probability = 0.0;
264           conf->ignore_assoc_probability = 0.0;
265           conf->ignore_reassoc_probability = 0.0;
266           conf->corrupt_gtk_rekey_mic_probability = 0.0;
267           conf->ecsa_ie_only = 0;
268 #endif /* CONFIG_TESTING_OPTIONS */
269 
270           conf->acs = 0;
271           conf->acs_ch_list.num = 0;
272 #ifdef CONFIG_ACS
273           conf->acs_num_scans = 5;
274 #endif /* CONFIG_ACS */
275 
276 #ifdef CONFIG_IEEE80211AX
277           conf->he_op.he_rts_threshold = HE_OPERATION_RTS_THRESHOLD_MASK >>
278                     HE_OPERATION_RTS_THRESHOLD_OFFSET;
279           /* Set default basic MCS/NSS set to single stream MCS 0-7 */
280           conf->he_op.he_basic_mcs_nss_set = 0xfffc;
281           conf->he_op.he_bss_color_disabled = 1;
282           conf->he_op.he_bss_color_partial = 0;
283           conf->he_op.he_bss_color = os_random() % 63 + 1;
284           conf->he_op.he_twt_responder = 1;
285           conf->he_6ghz_max_mpdu = 2;
286           conf->he_6ghz_max_ampdu_len_exp = 7;
287           conf->he_6ghz_rx_ant_pat = 1;
288           conf->he_6ghz_tx_ant_pat = 1;
289           conf->he_6ghz_reg_pwr_type = HE_REG_INFO_6GHZ_AP_TYPE_VLP;
290           conf->reg_def_cli_eirp_psd = -1;
291           conf->reg_sub_cli_eirp_psd = -1;
292           conf->reg_def_cli_eirp = -1;
293 #endif /* CONFIG_IEEE80211AX */
294 
295           /* The third octet of the country string uses an ASCII space character
296            * by default to indicate that the regulations encompass all
297            * environments for the current frequency band in the country. */
298           conf->country[2] = ' ';
299 
300           conf->rssi_reject_assoc_rssi = 0;
301           conf->rssi_reject_assoc_timeout = 30;
302 
303 #ifdef CONFIG_AIRTIME_POLICY
304           conf->airtime_update_interval = AIRTIME_DEFAULT_UPDATE_INTERVAL;
305 #endif /* CONFIG_AIRTIME_POLICY */
306 
307           hostapd_set_and_check_bw320_offset(conf, 0);
308 
309           return conf;
310 }
311 
312 
hostapd_mac_comp(const void * a,const void * b)313 int hostapd_mac_comp(const void *a, const void *b)
314 {
315           return os_memcmp(a, b, sizeof(macaddr));
316 }
317 
318 
hostapd_config_read_wpa_psk(const char * fname,struct hostapd_ssid * ssid)319 static int hostapd_config_read_wpa_psk(const char *fname,
320                                                struct hostapd_ssid *ssid)
321 {
322           FILE *f;
323           char buf[128], *pos;
324           const char *keyid;
325           char *context;
326           char *context2;
327           char *token;
328           char *name;
329           char *value;
330           int line = 0, ret = 0, len, ok;
331           u8 addr[ETH_ALEN];
332           struct hostapd_wpa_psk *psk;
333 
334           if (!fname)
335                     return 0;
336 
337           f = fopen(fname, "r");
338           if (!f) {
339                     wpa_printf(MSG_ERROR, "WPA PSK file '%s' not found.", fname);
340                     return -1;
341           }
342 
343           while (fgets(buf, sizeof(buf), f)) {
344                     int vlan_id = 0;
345                     int wps = 0;
346 
347                     line++;
348 
349                     if (buf[0] == '#')
350                               continue;
351                     pos = buf;
352                     while (*pos != '\0') {
353                               if (*pos == '\n') {
354                                         *pos = '\0';
355                                         break;
356                               }
357                               pos++;
358                     }
359                     if (buf[0] == '\0')
360                               continue;
361 
362                     context = NULL;
363                     keyid = NULL;
364                     while ((token = str_token(buf, " ", &context))) {
365                               if (!os_strchr(token, '='))
366                                         break;
367                               context2 = NULL;
368                               name = str_token(token, "=", &context2);
369                               if (!name)
370                                         break;
371                               value = str_token(token, "", &context2);
372                               if (!value)
373                                         value = "";
374                               if (!os_strcmp(name, "keyid")) {
375                                         keyid = value;
376                               } else if (!os_strcmp(name, "wps")) {
377                                         wps = atoi(value);
378                               } else if (!os_strcmp(name, "vlanid")) {
379                                         vlan_id = atoi(value);
380                               } else {
381                                         wpa_printf(MSG_ERROR,
382                                                      "Unrecognized '%s=%s' on line %d in '%s'",
383                                                      name, value, line, fname);
384                                         ret = -1;
385                                         break;
386                               }
387                     }
388 
389                     if (ret == -1)
390                               break;
391 
392                     if (!token)
393                               token = "";
394                     if (hwaddr_aton(token, addr)) {
395                               wpa_printf(MSG_ERROR,
396                                            "Invalid MAC address '%s' on line %d in '%s'",
397                                            token, line, fname);
398                               ret = -1;
399                               break;
400                     }
401 
402                     psk = os_zalloc(sizeof(*psk));
403                     if (psk == NULL) {
404                               wpa_printf(MSG_ERROR, "WPA PSK allocation failed");
405                               ret = -1;
406                               break;
407                     }
408                     psk->vlan_id = vlan_id;
409                     if (is_zero_ether_addr(addr))
410                               psk->group = 1;
411                     else
412                               os_memcpy(psk->addr, addr, ETH_ALEN);
413 
414                     pos = str_token(buf, "", &context);
415                     if (!pos) {
416                               wpa_printf(MSG_ERROR, "No PSK on line %d in '%s'",
417                                            line, fname);
418                               os_free(psk);
419                               ret = -1;
420                               break;
421                     }
422 
423                     ok = 0;
424                     len = os_strlen(pos);
425                     if (len == 2 * PMK_LEN &&
426                         hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
427                               ok = 1;
428                     else if (len >= 8 && len < 64 &&
429                                pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
430                                              4096, psk->psk, PMK_LEN) == 0)
431                               ok = 1;
432                     if (!ok) {
433                               wpa_printf(MSG_ERROR,
434                                            "Invalid PSK '%s' on line %d in '%s'",
435                                            pos, line, fname);
436                               os_free(psk);
437                               ret = -1;
438                               break;
439                     }
440 
441                     if (keyid) {
442                               len = os_strlcpy(psk->keyid, keyid, sizeof(psk->keyid));
443                               if ((size_t) len >= sizeof(psk->keyid)) {
444                                         wpa_printf(MSG_ERROR,
445                                                      "PSK keyid too long on line %d in '%s'",
446                                                      line, fname);
447                                         os_free(psk);
448                                         ret = -1;
449                                         break;
450                               }
451                     }
452 
453                     psk->wps = wps;
454 
455                     psk->next = ssid->wpa_psk;
456                     ssid->wpa_psk = psk;
457           }
458 
459           fclose(f);
460 
461           return ret;
462 }
463 
464 
hostapd_derive_psk(struct hostapd_ssid * ssid)465 static int hostapd_derive_psk(struct hostapd_ssid *ssid)
466 {
467           ssid->wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
468           if (ssid->wpa_psk == NULL) {
469                     wpa_printf(MSG_ERROR, "Unable to alloc space for PSK");
470                     return -1;
471           }
472           wpa_hexdump_ascii(MSG_DEBUG, "SSID",
473                                 (u8 *) ssid->ssid, ssid->ssid_len);
474           wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)",
475                                     (u8 *) ssid->wpa_passphrase,
476                                     os_strlen(ssid->wpa_passphrase));
477           if (pbkdf2_sha1(ssid->wpa_passphrase,
478                               ssid->ssid, ssid->ssid_len,
479                               4096, ssid->wpa_psk->psk, PMK_LEN) != 0) {
480                     wpa_printf(MSG_ERROR, "Error in pbkdf2_sha1()");
481                     return -1;
482           }
483           wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)",
484                               ssid->wpa_psk->psk, PMK_LEN);
485           return 0;
486 }
487 
488 
hostapd_setup_sae_pt(struct hostapd_bss_config * conf)489 int hostapd_setup_sae_pt(struct hostapd_bss_config *conf)
490 {
491 #ifdef CONFIG_SAE
492           struct hostapd_ssid *ssid = &conf->ssid;
493           struct sae_password_entry *pw;
494 
495           if ((conf->sae_pwe == SAE_PWE_HUNT_AND_PECK &&
496                !hostapd_sae_pw_id_in_use(conf) &&
497                !wpa_key_mgmt_sae_ext_key(conf->wpa_key_mgmt) &&
498                !hostapd_sae_pk_in_use(conf)) ||
499               conf->sae_pwe == SAE_PWE_FORCE_HUNT_AND_PECK ||
500               !wpa_key_mgmt_sae(conf->wpa_key_mgmt))
501                     return 0; /* PT not needed */
502 
503           sae_deinit_pt(ssid->pt);
504           ssid->pt = NULL;
505           if (ssid->wpa_passphrase) {
506                     ssid->pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
507                                                    ssid->ssid_len,
508                                                    (const u8 *) ssid->wpa_passphrase,
509                                                    os_strlen(ssid->wpa_passphrase),
510                                                    NULL);
511                     if (!ssid->pt)
512                               return -1;
513           }
514 
515           for (pw = conf->sae_passwords; pw; pw = pw->next) {
516                     sae_deinit_pt(pw->pt);
517                     pw->pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
518                                                ssid->ssid_len,
519                                                (const u8 *) pw->password,
520                                                os_strlen(pw->password),
521                                                pw->identifier);
522                     if (!pw->pt)
523                               return -1;
524           }
525 #endif /* CONFIG_SAE */
526 
527           return 0;
528 }
529 
530 
hostapd_setup_wpa_psk(struct hostapd_bss_config * conf)531 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
532 {
533           struct hostapd_ssid *ssid = &conf->ssid;
534 
535           if (hostapd_setup_sae_pt(conf) < 0)
536                     return -1;
537 
538           if (ssid->wpa_passphrase != NULL) {
539                     if (ssid->wpa_psk != NULL) {
540                               wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK "
541                                            "instead of passphrase");
542                     } else {
543                               wpa_printf(MSG_DEBUG, "Deriving WPA PSK based on "
544                                            "passphrase");
545                               if (hostapd_derive_psk(ssid) < 0)
546                                         return -1;
547                     }
548                     ssid->wpa_psk->group = 1;
549           }
550 
551           return hostapd_config_read_wpa_psk(ssid->wpa_psk_file, &conf->ssid);
552 }
553 
554 
hostapd_config_free_radius(struct hostapd_radius_server * servers,int num_servers)555 static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
556                                                int num_servers)
557 {
558           int i;
559 
560           for (i = 0; i < num_servers; i++) {
561                     os_free(servers[i].shared_secret);
562                     os_free(servers[i].ca_cert);
563                     os_free(servers[i].client_cert);
564                     os_free(servers[i].private_key);
565                     os_free(servers[i].private_key_passwd);
566           }
567           os_free(servers);
568 }
569 
570 
571 struct hostapd_radius_attr *
hostapd_config_get_radius_attr(struct hostapd_radius_attr * attr,u8 type)572 hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type)
573 {
574           for (; attr; attr = attr->next) {
575                     if (attr->type == type)
576                               return attr;
577           }
578           return NULL;
579 }
580 
581 
hostapd_parse_radius_attr(const char * value)582 struct hostapd_radius_attr * hostapd_parse_radius_attr(const char *value)
583 {
584           const char *pos;
585           char syntax;
586           struct hostapd_radius_attr *attr;
587           size_t len;
588 
589           attr = os_zalloc(sizeof(*attr));
590           if (!attr)
591                     return NULL;
592 
593           attr->type = atoi(value);
594 
595           pos = os_strchr(value, ':');
596           if (!pos) {
597                     attr->val = wpabuf_alloc(1);
598                     if (!attr->val) {
599                               os_free(attr);
600                               return NULL;
601                     }
602                     wpabuf_put_u8(attr->val, 0);
603                     return attr;
604           }
605 
606           pos++;
607           if (pos[0] == '\0' || pos[1] != ':') {
608                     os_free(attr);
609                     return NULL;
610           }
611           syntax = *pos++;
612           pos++;
613 
614           switch (syntax) {
615           case 's':
616                     attr->val = wpabuf_alloc_copy(pos, os_strlen(pos));
617                     break;
618           case 'x':
619                     len = os_strlen(pos);
620                     if (len & 1)
621                               break;
622                     len /= 2;
623                     attr->val = wpabuf_alloc(len);
624                     if (!attr->val)
625                               break;
626                     if (hexstr2bin(pos, wpabuf_put(attr->val, len), len) < 0) {
627                               wpabuf_free(attr->val);
628                               os_free(attr);
629                               return NULL;
630                     }
631                     break;
632           case 'd':
633                     attr->val = wpabuf_alloc(4);
634                     if (attr->val)
635                               wpabuf_put_be32(attr->val, atoi(pos));
636                     break;
637           default:
638                     os_free(attr);
639                     return NULL;
640           }
641 
642           if (!attr->val) {
643                     os_free(attr);
644                     return NULL;
645           }
646 
647           return attr;
648 }
649 
650 
hostapd_config_free_radius_attr(struct hostapd_radius_attr * attr)651 void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr)
652 {
653           struct hostapd_radius_attr *prev;
654 
655           while (attr) {
656                     prev = attr;
657                     attr = attr->next;
658                     wpabuf_free(prev->val);
659                     os_free(prev);
660           }
661 }
662 
663 
hostapd_config_free_eap_user(struct hostapd_eap_user * user)664 void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
665 {
666           hostapd_config_free_radius_attr(user->accept_attr);
667           os_free(user->identity);
668           bin_clear_free(user->password, user->password_len);
669           bin_clear_free(user->salt, user->salt_len);
670           os_free(user);
671 }
672 
673 
hostapd_config_free_eap_users(struct hostapd_eap_user * user)674 void hostapd_config_free_eap_users(struct hostapd_eap_user *user)
675 {
676           struct hostapd_eap_user *prev_user;
677 
678           while (user) {
679                     prev_user = user;
680                     user = user->next;
681                     hostapd_config_free_eap_user(prev_user);
682           }
683 }
684 
685 
686 #ifdef CONFIG_WEP
hostapd_config_free_wep(struct hostapd_wep_keys * keys)687 static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
688 {
689           int i;
690           for (i = 0; i < NUM_WEP_KEYS; i++) {
691                     bin_clear_free(keys->key[i], keys->len[i]);
692                     keys->key[i] = NULL;
693           }
694 }
695 #endif /* CONFIG_WEP */
696 
697 
hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk ** l)698 void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **l)
699 {
700           struct hostapd_wpa_psk *psk, *tmp;
701 
702           for (psk = *l; psk;) {
703                     tmp = psk;
704                     psk = psk->next;
705                     bin_clear_free(tmp, sizeof(*tmp));
706           }
707           *l = NULL;
708 }
709 
710 
711 #ifdef CONFIG_IEEE80211R_AP
712 
hostapd_config_clear_rxkhs(struct hostapd_bss_config * conf)713 void hostapd_config_clear_rxkhs(struct hostapd_bss_config *conf)
714 {
715           struct ft_remote_r0kh *r0kh, *r0kh_prev;
716           struct ft_remote_r1kh *r1kh, *r1kh_prev;
717 
718           r0kh = conf->r0kh_list;
719           conf->r0kh_list = NULL;
720           while (r0kh) {
721                     r0kh_prev = r0kh;
722                     r0kh = r0kh->next;
723                     os_free(r0kh_prev);
724           }
725 
726           r1kh = conf->r1kh_list;
727           conf->r1kh_list = NULL;
728           while (r1kh) {
729                     r1kh_prev = r1kh;
730                     r1kh = r1kh->next;
731                     os_free(r1kh_prev);
732           }
733 }
734 
735 #endif /* CONFIG_IEEE80211R_AP */
736 
737 
hostapd_config_free_anqp_elem(struct hostapd_bss_config * conf)738 static void hostapd_config_free_anqp_elem(struct hostapd_bss_config *conf)
739 {
740           struct anqp_element *elem;
741 
742           while ((elem = dl_list_first(&conf->anqp_elem, struct anqp_element,
743                                              list))) {
744                     dl_list_del(&elem->list);
745                     wpabuf_free(elem->payload);
746                     os_free(elem);
747           }
748 }
749 
750 
hostapd_config_free_fils_realms(struct hostapd_bss_config * conf)751 static void hostapd_config_free_fils_realms(struct hostapd_bss_config *conf)
752 {
753 #ifdef CONFIG_FILS
754           struct fils_realm *realm;
755 
756           while ((realm = dl_list_first(&conf->fils_realms, struct fils_realm,
757                                               list))) {
758                     dl_list_del(&realm->list);
759                     os_free(realm);
760           }
761 #endif /* CONFIG_FILS */
762 }
763 
764 
hostapd_config_free_sae_passwords(struct hostapd_bss_config * conf)765 static void hostapd_config_free_sae_passwords(struct hostapd_bss_config *conf)
766 {
767           struct sae_password_entry *pw, *tmp;
768 
769           pw = conf->sae_passwords;
770           conf->sae_passwords = NULL;
771           while (pw) {
772                     tmp = pw;
773                     pw = pw->next;
774                     str_clear_free(tmp->password);
775                     os_free(tmp->identifier);
776 #ifdef CONFIG_SAE
777                     sae_deinit_pt(tmp->pt);
778 #endif /* CONFIG_SAE */
779 #ifdef CONFIG_SAE_PK
780                     sae_deinit_pk(tmp->pk);
781 #endif /* CONFIG_SAE_PK */
782                     os_free(tmp);
783           }
784 }
785 
786 
787 #ifdef CONFIG_DPP2
hostapd_dpp_controller_conf_free(struct dpp_controller_conf * conf)788 static void hostapd_dpp_controller_conf_free(struct dpp_controller_conf *conf)
789 {
790           struct dpp_controller_conf *prev;
791 
792           while (conf) {
793                     prev = conf;
794                     conf = conf->next;
795                     os_free(prev);
796           }
797 }
798 #endif /* CONFIG_DPP2 */
799 
800 
hostapd_config_free_bss(struct hostapd_bss_config * conf)801 void hostapd_config_free_bss(struct hostapd_bss_config *conf)
802 {
803 #if defined(CONFIG_WPS) || defined(CONFIG_HS20)
804           size_t i;
805 #endif
806 
807           if (conf == NULL)
808                     return;
809 
810           hostapd_config_clear_wpa_psk(&conf->ssid.wpa_psk);
811 
812           str_clear_free(conf->ssid.wpa_passphrase);
813           os_free(conf->ssid.wpa_psk_file);
814 #ifdef CONFIG_WEP
815           hostapd_config_free_wep(&conf->ssid.wep);
816 #endif /* CONFIG_WEP */
817 #ifdef CONFIG_FULL_DYNAMIC_VLAN
818           os_free(conf->ssid.vlan_tagged_interface);
819 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
820 #ifdef CONFIG_SAE
821           sae_deinit_pt(conf->ssid.pt);
822 #endif /* CONFIG_SAE */
823 
824           hostapd_config_free_eap_users(conf->eap_user);
825           os_free(conf->eap_user_sqlite);
826 
827           os_free(conf->eap_req_id_text);
828           os_free(conf->erp_domain);
829           os_free(conf->accept_mac);
830           os_free(conf->deny_mac);
831           os_free(conf->nas_identifier);
832           if (conf->radius) {
833                     hostapd_config_free_radius(conf->radius->auth_servers,
834                                                      conf->radius->num_auth_servers);
835                     hostapd_config_free_radius(conf->radius->acct_servers,
836                                                      conf->radius->num_acct_servers);
837                     os_free(conf->radius->force_client_dev);
838           }
839           hostapd_config_free_radius_attr(conf->radius_auth_req_attr);
840           hostapd_config_free_radius_attr(conf->radius_acct_req_attr);
841           os_free(conf->radius_req_attr_sqlite);
842           os_free(conf->rsn_preauth_interfaces);
843           os_free(conf->ctrl_interface);
844           os_free(conf->config_id);
845           os_free(conf->ca_cert);
846           os_free(conf->server_cert);
847           os_free(conf->server_cert2);
848           os_free(conf->private_key);
849           os_free(conf->private_key2);
850           os_free(conf->private_key_passwd);
851           os_free(conf->private_key_passwd2);
852           os_free(conf->check_cert_subject);
853           os_free(conf->ocsp_stapling_response);
854           os_free(conf->ocsp_stapling_response_multi);
855           os_free(conf->dh_file);
856           os_free(conf->openssl_ciphers);
857           os_free(conf->openssl_ecdh_curves);
858           os_free(conf->pac_opaque_encr_key);
859           os_free(conf->eap_fast_a_id);
860           os_free(conf->eap_fast_a_id_info);
861           os_free(conf->eap_sim_db);
862           os_free(conf->imsi_privacy_key);
863           os_free(conf->radius_server_clients);
864           os_free(conf->radius);
865           os_free(conf->radius_das_shared_secret);
866           hostapd_config_free_vlan(conf);
867           os_free(conf->time_zone);
868 
869 #ifdef CONFIG_IEEE80211R_AP
870           hostapd_config_clear_rxkhs(conf);
871           os_free(conf->rxkh_file);
872           conf->rxkh_file = NULL;
873 #endif /* CONFIG_IEEE80211R_AP */
874 
875 #ifdef CONFIG_WPS
876           os_free(conf->wps_pin_requests);
877           os_free(conf->device_name);
878           os_free(conf->manufacturer);
879           os_free(conf->model_name);
880           os_free(conf->model_number);
881           os_free(conf->serial_number);
882           os_free(conf->config_methods);
883           os_free(conf->ap_pin);
884           os_free(conf->extra_cred);
885           os_free(conf->ap_settings);
886           hostapd_config_clear_wpa_psk(&conf->multi_ap_backhaul_ssid.wpa_psk);
887           str_clear_free(conf->multi_ap_backhaul_ssid.wpa_passphrase);
888           os_free(conf->upnp_iface);
889           os_free(conf->friendly_name);
890           os_free(conf->manufacturer_url);
891           os_free(conf->model_description);
892           os_free(conf->model_url);
893           os_free(conf->upc);
894           for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++)
895                     wpabuf_free(conf->wps_vendor_ext[i]);
896           wpabuf_free(conf->wps_application_ext);
897           wpabuf_free(conf->wps_nfc_dh_pubkey);
898           wpabuf_free(conf->wps_nfc_dh_privkey);
899           wpabuf_free(conf->wps_nfc_dev_pw);
900 #endif /* CONFIG_WPS */
901 
902           os_free(conf->roaming_consortium);
903           os_free(conf->venue_name);
904           os_free(conf->venue_url);
905           os_free(conf->nai_realm_data);
906           os_free(conf->network_auth_type);
907           os_free(conf->anqp_3gpp_cell_net);
908           os_free(conf->domain_name);
909           hostapd_config_free_anqp_elem(conf);
910 
911 #ifdef CONFIG_RADIUS_TEST
912           os_free(conf->dump_msk_file);
913 #endif /* CONFIG_RADIUS_TEST */
914 
915 #ifdef CONFIG_HS20
916           os_free(conf->hs20_oper_friendly_name);
917           os_free(conf->hs20_wan_metrics);
918           os_free(conf->hs20_connection_capability);
919           os_free(conf->hs20_operating_class);
920           os_free(conf->hs20_icons);
921           if (conf->hs20_osu_providers) {
922                     for (i = 0; i < conf->hs20_osu_providers_count; i++) {
923                               struct hs20_osu_provider *p;
924                               size_t j;
925                               p = &conf->hs20_osu_providers[i];
926                               os_free(p->friendly_name);
927                               os_free(p->server_uri);
928                               os_free(p->method_list);
929                               for (j = 0; j < p->icons_count; j++)
930                                         os_free(p->icons[j]);
931                               os_free(p->icons);
932                               os_free(p->osu_nai);
933                               os_free(p->osu_nai2);
934                               os_free(p->service_desc);
935                     }
936                     os_free(conf->hs20_osu_providers);
937           }
938           if (conf->hs20_operator_icon) {
939                     for (i = 0; i < conf->hs20_operator_icon_count; i++)
940                               os_free(conf->hs20_operator_icon[i]);
941                     os_free(conf->hs20_operator_icon);
942           }
943           os_free(conf->subscr_remediation_url);
944           os_free(conf->hs20_sim_provisioning_url);
945           os_free(conf->t_c_filename);
946           os_free(conf->t_c_server_url);
947 #endif /* CONFIG_HS20 */
948 
949           wpabuf_free(conf->vendor_elements);
950           wpabuf_free(conf->assocresp_elements);
951 
952           os_free(conf->sae_groups);
953 #ifdef CONFIG_OWE
954           os_free(conf->owe_groups);
955 #endif /* CONFIG_OWE */
956 
957           os_free(conf->wowlan_triggers);
958 
959           os_free(conf->server_id);
960 
961 #ifdef CONFIG_TESTING_OPTIONS
962           wpabuf_free(conf->own_ie_override);
963           wpabuf_free(conf->sae_commit_override);
964           wpabuf_free(conf->rsne_override_eapol);
965           wpabuf_free(conf->rsnxe_override_eapol);
966           wpabuf_free(conf->rsne_override_ft);
967           wpabuf_free(conf->rsnxe_override_ft);
968           wpabuf_free(conf->gtk_rsc_override);
969           wpabuf_free(conf->igtk_rsc_override);
970           wpabuf_free(conf->eapol_m1_elements);
971           wpabuf_free(conf->eapol_m3_elements);
972           wpabuf_free(conf->presp_elements);
973 #endif /* CONFIG_TESTING_OPTIONS */
974 
975           os_free(conf->no_probe_resp_if_seen_on);
976           os_free(conf->no_auth_if_seen_on);
977 
978           hostapd_config_free_fils_realms(conf);
979 
980 #ifdef CONFIG_DPP
981           os_free(conf->dpp_name);
982           os_free(conf->dpp_mud_url);
983           os_free(conf->dpp_extra_conf_req_name);
984           os_free(conf->dpp_extra_conf_req_value);
985           os_free(conf->dpp_connector);
986           wpabuf_free(conf->dpp_netaccesskey);
987           wpabuf_free(conf->dpp_csign);
988 #ifdef CONFIG_DPP2
989           hostapd_dpp_controller_conf_free(conf->dpp_controller);
990 #endif /* CONFIG_DPP2 */
991 #endif /* CONFIG_DPP */
992 
993           hostapd_config_free_sae_passwords(conf);
994 
995 #ifdef CONFIG_AIRTIME_POLICY
996           {
997                     struct airtime_sta_weight *wt, *wt_prev;
998 
999                     wt = conf->airtime_weight_list;
1000                     conf->airtime_weight_list = NULL;
1001                     while (wt) {
1002                               wt_prev = wt;
1003                               wt = wt->next;
1004                               os_free(wt_prev);
1005                     }
1006           }
1007 #endif /* CONFIG_AIRTIME_POLICY */
1008 
1009 #ifdef CONFIG_PASN
1010           os_free(conf->pasn_groups);
1011 #endif /* CONFIG_PASN */
1012 
1013           os_free(conf);
1014 }
1015 
1016 
1017 /**
1018  * hostapd_config_free - Free hostapd configuration
1019  * @conf: Configuration data from hostapd_config_read().
1020  */
hostapd_config_free(struct hostapd_config * conf)1021 void hostapd_config_free(struct hostapd_config *conf)
1022 {
1023           size_t i;
1024 
1025           if (conf == NULL)
1026                     return;
1027 
1028           for (i = 0; i < conf->num_bss; i++)
1029                     hostapd_config_free_bss(conf->bss[i]);
1030           os_free(conf->bss);
1031           os_free(conf->supported_rates);
1032           os_free(conf->basic_rates);
1033           os_free(conf->acs_ch_list.range);
1034           os_free(conf->acs_freq_list.range);
1035           os_free(conf->driver_params);
1036 #ifdef CONFIG_ACS
1037           os_free(conf->acs_chan_bias);
1038 #endif /* CONFIG_ACS */
1039           wpabuf_free(conf->lci);
1040           wpabuf_free(conf->civic);
1041 
1042           os_free(conf);
1043 }
1044 
1045 
1046 /**
1047  * hostapd_maclist_found - Find a MAC address from a list
1048  * @list: MAC address list
1049  * @num_entries: Number of addresses in the list
1050  * @addr: Address to search for
1051  * @vlan_id: Buffer for returning VLAN ID or %NULL if not needed
1052  * Returns: 1 if address is in the list or 0 if not.
1053  *
1054  * Perform a binary search for given MAC address from a pre-sorted list.
1055  */
hostapd_maclist_found(struct mac_acl_entry * list,int num_entries,const u8 * addr,struct vlan_description * vlan_id)1056 int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
1057                                 const u8 *addr, struct vlan_description *vlan_id)
1058 {
1059           int start, end, middle, res;
1060 
1061           start = 0;
1062           end = num_entries - 1;
1063 
1064           while (start <= end) {
1065                     middle = (start + end) / 2;
1066                     res = os_memcmp(list[middle].addr, addr, ETH_ALEN);
1067                     if (res == 0) {
1068                               if (vlan_id)
1069                                         *vlan_id = list[middle].vlan_id;
1070                               return 1;
1071                     }
1072                     if (res < 0)
1073                               start = middle + 1;
1074                     else
1075                               end = middle - 1;
1076           }
1077 
1078           return 0;
1079 }
1080 
1081 
hostapd_rate_found(int * list,int rate)1082 int hostapd_rate_found(int *list, int rate)
1083 {
1084           int i;
1085 
1086           if (list == NULL)
1087                     return 0;
1088 
1089           for (i = 0; list[i] >= 0; i++)
1090                     if (list[i] == rate)
1091                               return 1;
1092 
1093           return 0;
1094 }
1095 
1096 
hostapd_vlan_valid(struct hostapd_vlan * vlan,struct vlan_description * vlan_desc)1097 int hostapd_vlan_valid(struct hostapd_vlan *vlan,
1098                            struct vlan_description *vlan_desc)
1099 {
1100           struct hostapd_vlan *v = vlan;
1101           int i;
1102 
1103           if (!vlan_desc->notempty || vlan_desc->untagged < 0 ||
1104               vlan_desc->untagged > MAX_VLAN_ID)
1105                     return 0;
1106           for (i = 0; i < MAX_NUM_TAGGED_VLAN; i++) {
1107                     if (vlan_desc->tagged[i] < 0 ||
1108                         vlan_desc->tagged[i] > MAX_VLAN_ID)
1109                               return 0;
1110           }
1111           if (!vlan_desc->untagged && !vlan_desc->tagged[0])
1112                     return 0;
1113 
1114           while (v) {
1115                     if (!vlan_compare(&v->vlan_desc, vlan_desc) ||
1116                         v->vlan_id == VLAN_ID_WILDCARD)
1117                               return 1;
1118                     v = v->next;
1119           }
1120           return 0;
1121 }
1122 
1123 
hostapd_get_vlan_id_ifname(struct hostapd_vlan * vlan,int vlan_id)1124 const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
1125 {
1126           struct hostapd_vlan *v = vlan;
1127           while (v) {
1128                     if (v->vlan_id == vlan_id)
1129                               return v->ifname;
1130                     v = v->next;
1131           }
1132           return NULL;
1133 }
1134 
1135 
hostapd_get_psk(const struct hostapd_bss_config * conf,const u8 * addr,const u8 * p2p_dev_addr,const u8 * prev_psk,int * vlan_id)1136 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
1137                                  const u8 *addr, const u8 *p2p_dev_addr,
1138                                  const u8 *prev_psk, int *vlan_id)
1139 {
1140           struct hostapd_wpa_psk *psk;
1141           int next_ok = prev_psk == NULL;
1142 
1143           if (vlan_id)
1144                     *vlan_id = 0;
1145 
1146           if (p2p_dev_addr && !is_zero_ether_addr(p2p_dev_addr)) {
1147                     wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
1148                                  " p2p_dev_addr=" MACSTR " prev_psk=%p",
1149                                  MAC2STR(addr), MAC2STR(p2p_dev_addr), prev_psk);
1150                     addr = NULL; /* Use P2P Device Address for matching */
1151           } else {
1152                     wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
1153                                  " prev_psk=%p",
1154                                  MAC2STR(addr), prev_psk);
1155           }
1156 
1157           for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
1158                     if (next_ok &&
1159                         (psk->group ||
1160                          (addr && ether_addr_equal(psk->addr, addr)) ||
1161                          (!addr && p2p_dev_addr &&
1162                           ether_addr_equal(psk->p2p_dev_addr, p2p_dev_addr)))) {
1163                               if (vlan_id)
1164                                         *vlan_id = psk->vlan_id;
1165                               return psk->psk;
1166                     }
1167 
1168                     if (psk->psk == prev_psk)
1169                               next_ok = 1;
1170           }
1171 
1172           return NULL;
1173 }
1174 
1175 
1176 #ifdef CONFIG_SAE_PK
hostapd_sae_pk_password_without_pk(struct hostapd_bss_config * bss)1177 static bool hostapd_sae_pk_password_without_pk(struct hostapd_bss_config *bss)
1178 {
1179           struct sae_password_entry *pw;
1180           bool res = false;
1181 
1182           if (bss->ssid.wpa_passphrase &&
1183 #ifdef CONFIG_TESTING_OPTIONS
1184               !bss->sae_pk_password_check_skip &&
1185 #endif /* CONFIG_TESTING_OPTIONS */
1186               sae_pk_valid_password(bss->ssid.wpa_passphrase))
1187                     res = true;
1188 
1189           for (pw = bss->sae_passwords; pw; pw = pw->next) {
1190                     if (!pw->pk &&
1191 #ifdef CONFIG_TESTING_OPTIONS
1192                         !bss->sae_pk_password_check_skip &&
1193 #endif /* CONFIG_TESTING_OPTIONS */
1194                         sae_pk_valid_password(pw->password))
1195                               return true;
1196 
1197                     if (bss->ssid.wpa_passphrase && res && pw->pk &&
1198                         os_strcmp(bss->ssid.wpa_passphrase, pw->password) == 0)
1199                               res = false;
1200           }
1201 
1202           return res;
1203 }
1204 #endif /* CONFIG_SAE_PK */
1205 
1206 
hostapd_config_check_bss_6g(struct hostapd_bss_config * bss)1207 static bool hostapd_config_check_bss_6g(struct hostapd_bss_config *bss)
1208 {
1209           if (bss->wpa != WPA_PROTO_RSN) {
1210                     wpa_printf(MSG_ERROR,
1211                                  "Pre-RSNA security methods are not allowed in 6 GHz");
1212                     return false;
1213           }
1214 
1215           if (bss->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED) {
1216                     wpa_printf(MSG_ERROR,
1217                                  "Management frame protection is required in 6 GHz");
1218                     return false;
1219           }
1220 
1221           if (bss->wpa_key_mgmt & (WPA_KEY_MGMT_PSK |
1222                                          WPA_KEY_MGMT_FT_PSK |
1223                                          WPA_KEY_MGMT_PSK_SHA256)) {
1224                     wpa_printf(MSG_ERROR, "Invalid AKM suite for 6 GHz");
1225                     return false;
1226           }
1227 
1228           if (bss->rsn_pairwise & (WPA_CIPHER_WEP40 |
1229                                          WPA_CIPHER_WEP104 |
1230                                          WPA_CIPHER_TKIP)) {
1231                     wpa_printf(MSG_ERROR,
1232                                  "Invalid pairwise cipher suite for 6 GHz");
1233                     return false;
1234           }
1235 
1236           if (bss->wpa_group & (WPA_CIPHER_WEP40 |
1237                                     WPA_CIPHER_WEP104 |
1238                                     WPA_CIPHER_TKIP)) {
1239                     wpa_printf(MSG_ERROR, "Invalid group cipher suite for 6 GHz");
1240                     return false;
1241           }
1242 
1243 #ifdef CONFIG_SAE
1244           if (wpa_key_mgmt_sae(bss->wpa_key_mgmt) &&
1245               bss->sae_pwe == SAE_PWE_HUNT_AND_PECK) {
1246                     wpa_printf(MSG_INFO, "SAE: Enabling SAE H2E on 6 GHz");
1247                     bss->sae_pwe = SAE_PWE_BOTH;
1248           }
1249 #endif /* CONFIG_SAE */
1250 
1251           return true;
1252 }
1253 
1254 
hostapd_config_check_bss(struct hostapd_bss_config * bss,struct hostapd_config * conf,int full_config)1255 static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
1256                                             struct hostapd_config *conf,
1257                                             int full_config)
1258 {
1259           if (full_config && is_6ghz_op_class(conf->op_class) &&
1260               !hostapd_config_check_bss_6g(bss))
1261                     return -1;
1262 
1263           if (full_config && bss->ieee802_1x && !bss->eap_server &&
1264               !bss->radius->auth_servers) {
1265                     wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no "
1266                                  "EAP authenticator configured).");
1267                     return -1;
1268           }
1269 
1270 #ifdef CONFIG_WEP
1271           if (bss->wpa) {
1272                     int wep, i;
1273 
1274                     wep = bss->default_wep_key_len > 0 ||
1275                            bss->individual_wep_key_len > 0;
1276                     for (i = 0; i < NUM_WEP_KEYS; i++) {
1277                               if (bss->ssid.wep.keys_set) {
1278                                         wep = 1;
1279                                         break;
1280                               }
1281                     }
1282 
1283                     if (wep) {
1284                               wpa_printf(MSG_ERROR, "WEP configuration in a WPA network is not supported");
1285                               return -1;
1286                     }
1287           }
1288 #endif /* CONFIG_WEP */
1289 
1290           if (full_config && bss->wpa &&
1291               bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
1292               bss->wpa_psk_radius != PSK_RADIUS_DURING_4WAY_HS &&
1293               bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
1294                     wpa_printf(MSG_ERROR, "WPA-PSK using RADIUS enabled, but no "
1295                                  "RADIUS checking (macaddr_acl=2) enabled.");
1296                     return -1;
1297           }
1298 
1299           if (full_config && bss->wpa &&
1300               wpa_key_mgmt_wpa_psk_no_sae(bss->wpa_key_mgmt) &&
1301               bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
1302               bss->ssid.wpa_psk_file == NULL &&
1303               bss->wpa_psk_radius != PSK_RADIUS_DURING_4WAY_HS &&
1304               (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED ||
1305                bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) {
1306                     wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase "
1307                                  "is not configured.");
1308                     return -1;
1309           }
1310 
1311           if (full_config && !is_zero_ether_addr(bss->bssid)) {
1312                     size_t i;
1313 
1314                     for (i = 0; i < conf->num_bss; i++) {
1315                               if (conf->bss[i] != bss &&
1316                                   (hostapd_mac_comp(conf->bss[i]->bssid,
1317                                                         bss->bssid) == 0)) {
1318                                         wpa_printf(MSG_ERROR, "Duplicate BSSID " MACSTR
1319                                                      " on interface '%s' and '%s'.",
1320                                                      MAC2STR(bss->bssid),
1321                                                      conf->bss[i]->iface, bss->iface);
1322                                         return -1;
1323                               }
1324                     }
1325           }
1326 
1327 #ifdef CONFIG_IEEE80211R_AP
1328           if (full_config && wpa_key_mgmt_ft(bss->wpa_key_mgmt) &&
1329               (bss->nas_identifier == NULL ||
1330                os_strlen(bss->nas_identifier) < 1 ||
1331                os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) {
1332                     wpa_printf(MSG_ERROR, "FT (IEEE 802.11r) requires "
1333                                  "nas_identifier to be configured as a 1..48 octet "
1334                                  "string");
1335                     return -1;
1336           }
1337 #endif /* CONFIG_IEEE80211R_AP */
1338 
1339           if (full_config && conf->ieee80211n &&
1340               conf->hw_mode == HOSTAPD_MODE_IEEE80211B) {
1341                     bss->disable_11n = true;
1342                     wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) in 11b mode is not "
1343                                  "allowed, disabling HT capabilities");
1344           }
1345 
1346 #ifdef CONFIG_WEP
1347           if (full_config && conf->ieee80211n &&
1348               bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1349                     bss->disable_11n = true;
1350                     wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not "
1351                                  "allowed, disabling HT capabilities");
1352           }
1353 #endif /* CONFIG_WEP */
1354 
1355           if (full_config && conf->ieee80211n && bss->wpa &&
1356               !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1357               !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1358                                            WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1359           {
1360                     bss->disable_11n = true;
1361                     wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 "
1362                                  "requires CCMP/GCMP to be enabled, disabling HT "
1363                                  "capabilities");
1364           }
1365 
1366 #ifdef CONFIG_IEEE80211AC
1367 #ifdef CONFIG_WEP
1368           if (full_config && conf->ieee80211ac &&
1369               bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1370                     bss->disable_11ac = true;
1371                     wpa_printf(MSG_ERROR,
1372                                  "VHT (IEEE 802.11ac) with WEP is not allowed, disabling VHT capabilities");
1373           }
1374 #endif /* CONFIG_WEP */
1375 
1376           if (full_config && conf->ieee80211ac && bss->wpa &&
1377               !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1378               !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1379                                            WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1380           {
1381                     bss->disable_11ac = true;
1382                     wpa_printf(MSG_ERROR,
1383                                  "VHT (IEEE 802.11ac) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling VHT capabilities");
1384           }
1385 #endif /* CONFIG_IEEE80211AC */
1386 
1387 #ifdef CONFIG_IEEE80211AX
1388 #ifdef CONFIG_WEP
1389           if (full_config && conf->ieee80211ax &&
1390               bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1391                     bss->disable_11ax = true;
1392                     wpa_printf(MSG_ERROR,
1393                                  "HE (IEEE 802.11ax) with WEP is not allowed, disabling HE capabilities");
1394           }
1395 #endif /* CONFIG_WEP */
1396 
1397           if (full_config && conf->ieee80211ax && bss->wpa &&
1398               !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1399               !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1400                                            WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1401           {
1402                     bss->disable_11ax = true;
1403                     wpa_printf(MSG_ERROR,
1404                                  "HE (IEEE 802.11ax) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling HE capabilities");
1405           }
1406 #endif /* CONFIG_IEEE80211AX */
1407 
1408 #ifdef CONFIG_WPS
1409           if (full_config && bss->wps_state && bss->ignore_broadcast_ssid) {
1410                     wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid "
1411                                  "configuration forced WPS to be disabled");
1412                     bss->wps_state = 0;
1413           }
1414 
1415 #ifdef CONFIG_WEP
1416           if (full_config && bss->wps_state &&
1417               bss->ssid.wep.keys_set && bss->wpa == 0) {
1418                     wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be "
1419                                  "disabled");
1420                     bss->wps_state = 0;
1421           }
1422 #endif /* CONFIG_WEP */
1423 
1424           if (full_config && bss->wps_state && bss->wpa &&
1425               (!(bss->wpa & 2) ||
1426                !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1427                                             WPA_CIPHER_CCMP_256 |
1428                                             WPA_CIPHER_GCMP_256)))) {
1429                     wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without "
1430                                  "WPA2/CCMP/GCMP forced WPS to be disabled");
1431                     bss->wps_state = 0;
1432           }
1433 #endif /* CONFIG_WPS */
1434 
1435 #ifdef CONFIG_HS20
1436           if (full_config && bss->hs20 &&
1437               (!(bss->wpa & 2) ||
1438                !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1439                                             WPA_CIPHER_CCMP_256 |
1440                                             WPA_CIPHER_GCMP_256)))) {
1441                     wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP "
1442                                  "configuration is required for Hotspot 2.0 "
1443                                  "functionality");
1444                     return -1;
1445           }
1446 #endif /* CONFIG_HS20 */
1447 
1448 #ifdef CONFIG_MBO
1449           if (full_config && bss->mbo_enabled && (bss->wpa & 2) &&
1450               bss->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
1451                     wpa_printf(MSG_ERROR,
1452                                  "MBO: PMF needs to be enabled whenever using WPA2 with MBO");
1453                     return -1;
1454           }
1455 #endif /* CONFIG_MBO */
1456 
1457 #ifdef CONFIG_OCV
1458           if (full_config && bss->ieee80211w == NO_MGMT_FRAME_PROTECTION &&
1459               bss->ocv) {
1460                     wpa_printf(MSG_ERROR,
1461                                  "OCV: PMF needs to be enabled whenever using OCV");
1462                     return -1;
1463           }
1464 #endif /* CONFIG_OCV */
1465 
1466 #ifdef CONFIG_SAE_PK
1467           if (full_config && hostapd_sae_pk_in_use(bss) &&
1468               hostapd_sae_pk_password_without_pk(bss)) {
1469                     wpa_printf(MSG_ERROR,
1470                                  "SAE-PK: SAE password uses SAE-PK style, but does not have PK configured");
1471                     return -1;
1472           }
1473 #endif /* CONFIG_SAE_PK */
1474 
1475 #ifdef CONFIG_FILS
1476           if (full_config && bss->fils_discovery_max_int &&
1477               (!conf->ieee80211ax || bss->disable_11ax)) {
1478                     wpa_printf(MSG_ERROR,
1479                                  "Currently IEEE 802.11ax support is mandatory to enable FILS discovery transmission.");
1480                     return -1;
1481           }
1482 
1483           if (full_config && bss->fils_discovery_max_int &&
1484               bss->unsol_bcast_probe_resp_interval) {
1485                     wpa_printf(MSG_ERROR,
1486                                  "Cannot enable both FILS discovery and unsolicited broadcast Probe Response at the same time");
1487                     return -1;
1488           }
1489 #endif /* CONFIG_FILS */
1490 
1491 #ifdef CONFIG_IEEE80211BE
1492           if (full_config && !bss->disable_11be && bss->disable_11ax) {
1493                     bss->disable_11be = true;
1494                     wpa_printf(MSG_INFO,
1495                                  "Disabling IEEE 802.11be as IEEE 802.11ax is disabled for this BSS");
1496           }
1497 #endif /* CONFIG_IEEE80211BE */
1498 
1499           if (full_config && bss->ignore_broadcast_ssid && conf->mbssid) {
1500                     wpa_printf(MSG_ERROR,
1501                                  "Hidden SSID is not suppored when MBSSID is enabled");
1502                     return -1;
1503           }
1504 
1505           return 0;
1506 }
1507 
1508 
hostapd_config_check_cw(struct hostapd_config * conf,int queue)1509 static int hostapd_config_check_cw(struct hostapd_config *conf, int queue)
1510 {
1511           int tx_cwmin = conf->tx_queue[queue].cwmin;
1512           int tx_cwmax = conf->tx_queue[queue].cwmax;
1513           int ac_cwmin = conf->wmm_ac_params[queue].cwmin;
1514           int ac_cwmax = conf->wmm_ac_params[queue].cwmax;
1515 
1516           if (tx_cwmin > tx_cwmax) {
1517                     wpa_printf(MSG_ERROR,
1518                                  "Invalid TX queue cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1519                                  tx_cwmin, tx_cwmax);
1520                     return -1;
1521           }
1522           if (ac_cwmin > ac_cwmax) {
1523                     wpa_printf(MSG_ERROR,
1524                                  "Invalid WMM AC cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1525                                  ac_cwmin, ac_cwmax);
1526                     return -1;
1527           }
1528           return 0;
1529 }
1530 
1531 
hostapd_config_check(struct hostapd_config * conf,int full_config)1532 int hostapd_config_check(struct hostapd_config *conf, int full_config)
1533 {
1534           size_t i;
1535 
1536           if (full_config && is_6ghz_op_class(conf->op_class) &&
1537               !conf->hw_mode_set) {
1538                     /* Use the appropriate hw_mode value automatically when the
1539                      * op_class parameter has been set, but hw_mode was not. */
1540                     conf->hw_mode = HOSTAPD_MODE_IEEE80211A;
1541           }
1542 
1543           if (full_config && conf->ieee80211d &&
1544               (!conf->country[0] || !conf->country[1])) {
1545                     wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11d without "
1546                                  "setting the country_code");
1547                     return -1;
1548           }
1549 
1550           if (full_config && conf->ieee80211h && !conf->ieee80211d) {
1551                     wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11h without "
1552                                  "IEEE 802.11d enabled");
1553                     return -1;
1554           }
1555 
1556           if (full_config && conf->local_pwr_constraint != -1 &&
1557               !conf->ieee80211d) {
1558                     wpa_printf(MSG_ERROR, "Cannot add Power Constraint element without Country element");
1559                     return -1;
1560           }
1561 
1562           if (full_config && conf->spectrum_mgmt_required &&
1563               conf->local_pwr_constraint == -1) {
1564                     wpa_printf(MSG_ERROR, "Cannot set Spectrum Management bit without Country and Power Constraint elements");
1565                     return -1;
1566           }
1567 
1568 #ifdef CONFIG_AIRTIME_POLICY
1569           if (full_config && conf->airtime_mode > AIRTIME_MODE_STATIC &&
1570               !conf->airtime_update_interval) {
1571                     wpa_printf(MSG_ERROR, "Airtime update interval cannot be zero");
1572                     return -1;
1573           }
1574 #endif /* CONFIG_AIRTIME_POLICY */
1575           for (i = 0; i < NUM_TX_QUEUES; i++) {
1576                     if (hostapd_config_check_cw(conf, i))
1577                               return -1;
1578           }
1579 
1580 #ifdef CONFIG_IEEE80211BE
1581           if (full_config && conf->ieee80211be && !conf->ieee80211ax) {
1582                     wpa_printf(MSG_ERROR,
1583                                  "Cannot set ieee80211be without ieee80211ax");
1584                     return -1;
1585           }
1586 
1587           if (full_config)
1588                     hostapd_set_and_check_bw320_offset(conf,
1589                                                                conf->eht_bw320_offset);
1590 #endif /* CONFIG_IEEE80211BE */
1591 
1592           if (full_config && conf->mbssid && !conf->ieee80211ax) {
1593                     wpa_printf(MSG_ERROR,
1594                                  "Cannot enable multiple BSSID support without ieee80211ax");
1595                     return -1;
1596           }
1597 
1598           for (i = 0; i < conf->num_bss; i++) {
1599                     if (hostapd_config_check_bss(conf->bss[i], conf, full_config))
1600                               return -1;
1601           }
1602 
1603           return 0;
1604 }
1605 
1606 
hostapd_set_security_params(struct hostapd_bss_config * bss,int full_config)1607 void hostapd_set_security_params(struct hostapd_bss_config *bss,
1608                                          int full_config)
1609 {
1610 #ifdef CONFIG_WEP
1611           if (bss->individual_wep_key_len == 0) {
1612                     /* individual keys are not use; can use key idx0 for
1613                      * broadcast keys */
1614                     bss->broadcast_key_idx_min = 0;
1615           }
1616 #endif /* CONFIG_WEP */
1617 
1618           if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
1619                     bss->rsn_pairwise = bss->wpa_pairwise;
1620           if (bss->group_cipher)
1621                     bss->wpa_group = bss->group_cipher;
1622           else
1623                     bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
1624                                                                           bss->wpa_pairwise,
1625                                                                           bss->rsn_pairwise);
1626           if (!bss->wpa_group_rekey_set)
1627                     bss->wpa_group_rekey = bss->wpa_group == WPA_CIPHER_TKIP ?
1628                               600 : 86400;
1629 
1630           if (full_config) {
1631                     bss->radius->auth_server = bss->radius->auth_servers;
1632                     bss->radius->acct_server = bss->radius->acct_servers;
1633           }
1634 
1635           if (bss->wpa && bss->ieee802_1x) {
1636                     bss->ssid.security_policy = SECURITY_WPA;
1637           } else if (bss->wpa) {
1638                     bss->ssid.security_policy = SECURITY_WPA_PSK;
1639           } else if (bss->ieee802_1x) {
1640                     int cipher = WPA_CIPHER_NONE;
1641                     bss->ssid.security_policy = SECURITY_IEEE_802_1X;
1642 #ifdef CONFIG_WEP
1643                     bss->ssid.wep.default_len = bss->default_wep_key_len;
1644                     if (full_config && bss->default_wep_key_len) {
1645                               cipher = bss->default_wep_key_len >= 13 ?
1646                                         WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
1647                     } else if (full_config && bss->ssid.wep.keys_set) {
1648                               if (bss->ssid.wep.len[0] >= 13)
1649                                         cipher = WPA_CIPHER_WEP104;
1650                               else
1651                                         cipher = WPA_CIPHER_WEP40;
1652                     }
1653 #endif /* CONFIG_WEP */
1654                     bss->wpa_group = cipher;
1655                     bss->wpa_pairwise = cipher;
1656                     bss->rsn_pairwise = cipher;
1657                     if (full_config)
1658                               bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
1659 #ifdef CONFIG_WEP
1660           } else if (bss->ssid.wep.keys_set) {
1661                     int cipher = WPA_CIPHER_WEP40;
1662                     if (bss->ssid.wep.len[0] >= 13)
1663                               cipher = WPA_CIPHER_WEP104;
1664                     bss->ssid.security_policy = SECURITY_STATIC_WEP;
1665                     bss->wpa_group = cipher;
1666                     bss->wpa_pairwise = cipher;
1667                     bss->rsn_pairwise = cipher;
1668                     if (full_config)
1669                               bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1670 #endif /* CONFIG_WEP */
1671           } else if (bss->osen) {
1672                     bss->ssid.security_policy = SECURITY_OSEN;
1673                     bss->wpa_group = WPA_CIPHER_CCMP;
1674                     bss->wpa_pairwise = 0;
1675                     bss->rsn_pairwise = WPA_CIPHER_CCMP;
1676           } else {
1677                     bss->ssid.security_policy = SECURITY_PLAINTEXT;
1678                     if (full_config) {
1679                               bss->wpa_group = WPA_CIPHER_NONE;
1680                               bss->wpa_pairwise = WPA_CIPHER_NONE;
1681                               bss->rsn_pairwise = WPA_CIPHER_NONE;
1682                               bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1683                     }
1684           }
1685 }
1686 
1687 
hostapd_sae_pw_id_in_use(struct hostapd_bss_config * conf)1688 int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf)
1689 {
1690           int with_id = 0, without_id = 0;
1691           struct sae_password_entry *pw;
1692 
1693           if (conf->ssid.wpa_passphrase)
1694                     without_id = 1;
1695 
1696           for (pw = conf->sae_passwords; pw; pw = pw->next) {
1697                     if (pw->identifier)
1698                               with_id = 1;
1699                     else
1700                               without_id = 1;
1701                     if (with_id && without_id)
1702                               break;
1703           }
1704 
1705           if (with_id && !without_id)
1706                     return 2;
1707           return with_id;
1708 }
1709 
1710 
hostapd_sae_pk_in_use(struct hostapd_bss_config * conf)1711 bool hostapd_sae_pk_in_use(struct hostapd_bss_config *conf)
1712 {
1713 #ifdef CONFIG_SAE_PK
1714           struct sae_password_entry *pw;
1715 
1716           for (pw = conf->sae_passwords; pw; pw = pw->next) {
1717                     if (pw->pk)
1718                               return true;
1719           }
1720 #endif /* CONFIG_SAE_PK */
1721 
1722           return false;
1723 }
1724 
1725 
1726 #ifdef CONFIG_SAE_PK
hostapd_sae_pk_exclusively(struct hostapd_bss_config * conf)1727 bool hostapd_sae_pk_exclusively(struct hostapd_bss_config *conf)
1728 {
1729           bool with_pk = false;
1730           struct sae_password_entry *pw;
1731 
1732           if (conf->ssid.wpa_passphrase)
1733                     return false;
1734 
1735           for (pw = conf->sae_passwords; pw; pw = pw->next) {
1736                     if (!pw->pk)
1737                               return false;
1738                     with_pk = true;
1739           }
1740 
1741           return with_pk;
1742 }
1743 #endif /* CONFIG_SAE_PK */
1744 
1745 
hostapd_acl_comp(const void * a,const void * b)1746 int hostapd_acl_comp(const void *a, const void *b)
1747 {
1748           const struct mac_acl_entry *aa = a;
1749           const struct mac_acl_entry *bb = b;
1750           return os_memcmp(aa->addr, bb->addr, sizeof(macaddr));
1751 }
1752 
1753 
hostapd_add_acl_maclist(struct mac_acl_entry ** acl,int * num,int vlan_id,const u8 * addr)1754 int hostapd_add_acl_maclist(struct mac_acl_entry **acl, int *num,
1755                                   int vlan_id, const u8 *addr)
1756 {
1757           struct mac_acl_entry *newacl;
1758 
1759           newacl = os_realloc_array(*acl, *num + 1, sizeof(**acl));
1760           if (!newacl) {
1761                     wpa_printf(MSG_ERROR, "MAC list reallocation failed");
1762                     return -1;
1763           }
1764 
1765           *acl = newacl;
1766           os_memcpy((*acl)[*num].addr, addr, ETH_ALEN);
1767           os_memset(&(*acl)[*num].vlan_id, 0, sizeof((*acl)[*num].vlan_id));
1768           (*acl)[*num].vlan_id.untagged = vlan_id;
1769           (*acl)[*num].vlan_id.notempty = !!vlan_id;
1770           (*num)++;
1771 
1772           return 0;
1773 }
1774 
1775 
hostapd_remove_acl_mac(struct mac_acl_entry ** acl,int * num,const u8 * addr)1776 void hostapd_remove_acl_mac(struct mac_acl_entry **acl, int *num,
1777                                   const u8 *addr)
1778 {
1779           int i = 0;
1780 
1781           while (i < *num) {
1782                     if (ether_addr_equal((*acl)[i].addr, addr)) {
1783                               os_remove_in_array(*acl, *num, sizeof(**acl), i);
1784                               (*num)--;
1785                     } else {
1786                               i++;
1787                     }
1788           }
1789 }
1790