aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2003-01-20 02:24:05 (GMT)
committerJouni Malinen <j@w1.fi>2003-01-20 02:24:05 (GMT)
commit902fc179bb046fd00f55960579a8efc458a83339 (patch)
treeef3a182968dc4aab18afceda19c7acba0becaf16 /hostapd
parent04f2761504cf44f48256fd9c38906c425a9a9994 (diff)
downloadhostap-history-902fc179bb046fd00f55960579a8efc458a83339.zip
hostap-history-902fc179bb046fd00f55960579a8efc458a83339.tar.gz
hostap-history-902fc179bb046fd00f55960579a8efc458a83339.tar.bz2
Read MAC accept/deny lists from separate files to make modifying them
easier. File names for these files are configured in main configuration file (accept_mac_file and deny_mac_file).
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/config.c98
-rw-r--r--hostapd/hostapd.accept5
-rw-r--r--hostapd/hostapd.conf10
-rw-r--r--hostapd/hostapd.deny5
4 files changed, 85 insertions, 33 deletions
diff --git a/hostapd/config.c b/hostapd/config.c
index 27ec275..c9f143b 100644
--- a/hostapd/config.c
+++ b/hostapd/config.c
@@ -43,29 +43,70 @@ static struct hostapd_config *hostapd_config_defaults(void)
}
-static int read_maclist(macaddr **acl, int *num, char *val)
+static int mac_comp(const void *a, const void *b)
+{
+ return memcmp(a, b, sizeof(macaddr));
+}
+
+
+static int hostapd_config_read_maclist(const char *fname, macaddr **acl,
+ int *num)
{
+ FILE *f;
+ char buf[128], *pos;
+ int line = 0;
u8 addr[ETH_ALEN];
macaddr *newacl;
- if (hwaddr_aton(val, addr))
- return -1;
+ if (!fname)
+ return 0;
- newacl = (macaddr *) realloc(*acl, (*num + 1) * ETH_ALEN);
- if (newacl == NULL)
+ f = fopen(fname, "r");
+ if (!f) {
+ printf("MAC list file '%s' not found.\n", fname);
return -1;
+ }
- *acl = newacl;
- memcpy((*acl)[*num], addr, ETH_ALEN);
- (*num)++;
+ while (fgets(buf, sizeof(buf), f)) {
+ line++;
- return 0;
-}
+ if (buf[0] == '#')
+ continue;
+ pos = buf;
+ while (*pos != '\0') {
+ if (*pos == '\n') {
+ *pos = '\0';
+ break;
+ }
+ pos++;
+ }
+ if (buf[0] == '\0')
+ continue;
+ if (hwaddr_aton(buf, addr)) {
+ printf("Invalid MAC address '%s' at line %d in '%s'\n",
+ buf, line, fname);
+ fclose(f);
+ return -1;
+ }
-static int mac_comp(const void *a, const void *b)
-{
- return memcmp(a, b, sizeof(macaddr));
+ newacl = (macaddr *) realloc(*acl, (*num + 1) * ETH_ALEN);
+ if (newacl == NULL) {
+ printf("MAC list reallocation failed\n");
+ fclose(f);
+ return -1;
+ }
+
+ *acl = newacl;
+ memcpy((*acl)[*num], addr, ETH_ALEN);
+ (*num)++;
+ }
+
+ fclose(f);
+
+ qsort(*acl, *num, sizeof(macaddr), mac_comp);
+
+ return 0;
}
@@ -109,6 +150,7 @@ struct hostapd_config * hostapd_config_read(const char *fname)
char buf[256], *pos;
int line = 0;
int errors = 0;
+ char *accept_mac_file = NULL, *deny_mac_file = NULL;
f = fopen(fname, "r");
if (f == NULL) {
@@ -173,18 +215,16 @@ struct hostapd_config * hostapd_config_read(const char *fname)
printf("Line %d: unknown macaddr_acl %d\n",
line, conf->macaddr_acl);
}
- } else if (strcmp(buf, "accept_mac") == 0) {
- if (read_maclist(&conf->accept_mac,
- &conf->num_accept_mac, pos)) {
- printf("Line %d: invalid MAC address '%s'\n",
- line, pos);
+ } else if (strcmp(buf, "accept_mac_file") == 0) {
+ accept_mac_file = strdup(pos);
+ if (!accept_mac_file) {
+ printf("Line %d: allocation failed\n", line);
errors++;
}
- } else if (strcmp(buf, "deny_mac") == 0) {
- if (read_maclist(&conf->deny_mac,
- &conf->num_deny_mac, pos)) {
- printf("Line %d: invalid MAC address '%s'\n",
- line, pos);
+ } else if (strcmp(buf, "deny_mac_file") == 0) {
+ deny_mac_file = strdup(pos);
+ if (!deny_mac_file) {
+ printf("Line %d: allocation failed\n", line);
errors++;
}
} else if (strcmp(buf, "assoc_ap_addr") == 0) {
@@ -282,6 +322,13 @@ struct hostapd_config * hostapd_config_read(const char *fname)
fclose(f);
+ if (hostapd_config_read_maclist(accept_mac_file, &conf->accept_mac,
+ &conf->num_accept_mac))
+ errors++;
+ if (hostapd_config_read_maclist(deny_mac_file, &conf->deny_mac,
+ &conf->num_deny_mac))
+ errors++;
+
if (hostapd_config_check(conf))
errors++;
@@ -290,11 +337,6 @@ struct hostapd_config * hostapd_config_read(const char *fname)
errors, fname);
hostapd_config_free(conf);
conf = NULL;
- } else {
- qsort(conf->accept_mac, conf->num_accept_mac, sizeof(macaddr),
- mac_comp);
- qsort(conf->deny_mac, conf->num_deny_mac, sizeof(macaddr),
- mac_comp);
}
return conf;
diff --git a/hostapd/hostapd.accept b/hostapd/hostapd.accept
new file mode 100644
index 0000000..57122b6
--- /dev/null
+++ b/hostapd/hostapd.accept
@@ -0,0 +1,5 @@
+# List of MAC addresses that are allowed to authenticate (IEEE 802.11)
+# with the AP.
+00:11:22:33:44:55
+00:66:77:88:99:aa
+00:00:22:33:44:55
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index e11414c..373fdaf 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -26,11 +26,11 @@ ssid=test
# 2 = use external RADIUS server (accept/deny lists are searched first)
macaddr_acl=0
-# Accept/deny lists
-#accept_mac=00:11:22:33:44:55
-#accept_mac=00:66:77:88:99:aa
-#deny_mac=00:20:30:40:50:60
-#deny_mac=00:ab:cd:ef:12:34
+# Accept/deny lists are read from separate files (containing list of
+# MAC addresses, one per line). Use absolute path name to make sure that the
+# files can be read on SIGHUP configuration reloads.
+#accept_mac_file=/etc/hostapd.accept
+#deny_mac_file=/etc/hostapd.deny
# Associate as a station to another AP while still acting as an AP on the same
# channel.
diff --git a/hostapd/hostapd.deny b/hostapd/hostapd.deny
new file mode 100644
index 0000000..1616678
--- /dev/null
+++ b/hostapd/hostapd.deny
@@ -0,0 +1,5 @@
+# List of MAC addresses that are not allowed to authenticate (IEEE 802.11)
+# with the AP.
+00:20:30:40:50:60
+00:ab:cd:ef:12:34
+00:00:30:40:50:60