Commit Graph

2466 Commits

Author SHA1 Message Date
Nicolas Cavallari
40d00d2bfe wpa_auth: Fix race in rejecting 4-way handshake for entropy
When there is not enough entropy and there are two station associating
at the same time, one of the stations will be rejected, but during
that rejection, the "reject_4way_hs_for_entropy" flag gets cleared. This
may allow the second station to avoid rejection and complete a 4-Way
Handshake with a GTK that will be cleared as soon as more entropy is
available and another station connects.

This reworks the logic to ban all 4-way handshakes until enough entropy
is available.

Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
2012-01-29 18:11:43 +02:00
Yogesh Ashok Powar
3dd1d8906d nl80211: Subscribe management frames for WPA_IF_AP_BSS types
In multiple BSSes scenario for the drivers that do not use
monitor interface and do not implement AP SME, RX MGMT
frame subscription happens only for the default bss (first_bss).

Subscribe for RX MGMT frames for such BSSes.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
2012-01-29 12:34:38 +02:00
Yogesh Ashok Powar
a7a6af4cba nl80211: Derive frequency for BSSes other than the first
Commit e4fb216769 moved frequency
storage from driver struct to bss struct and is assigned in
wpa_driver_nl80211_set_freq. As this wpa_driver_nl80211_set_freq is
triggered only on the first_bss, bss->freq for other BSSes is never
being set to the correct value. This sends MLME frames on frequency zero
(initialized value of freq) for BSSes other than the first.

To fix this derive frequency value from first_bss.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
2012-01-29 12:34:32 +02:00
Nicolas Cavallari
f31e19df3a wpa_debug: Support outputting hexdumps into syslog
This patch allows to log hexdumps into syslog.

This is useful when testing, as syslog's network logging
helps to collect debug outputs from several machines.

Signed-hostapd: Nicolas Cavallari <cavallar@lri.fr>
2012-01-29 12:13:43 +02:00
Simon Baatz
4ac384c596 EAP-AKA peer: Append realm when learning the pseudonym
The pseudonym identity should use a realm in environments where a realm is
used. Thus, the realm of the permanent identity is added to the pseudonym
username sent by the server.

Signed-hostap: Simon Baatz <gmbnomis@gmail.com>
2012-01-28 19:41:19 +02:00
Simon Baatz
a6689be84f EAP-SIM peer: Append realm when learning the pseudonym
The pseudonym identity should use a realm in environments where a realm is
used. Thus, the realm of the permanent identity is added to the pseudonym
username sent by the server.

Signed-hostap: Simon Baatz <gmbnomis@gmail.com>
2012-01-28 19:38:46 +02:00
Nicolas Cavallari
913e3cf794 nl80211: Add IBSS BSSID fixing support
If a BSSID and fixed-bssid are requested, fix the BSSID, so
the driver does not attempt to merge.

Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
2012-01-28 11:35:32 +02:00
Nicolas Cavallari
9e2af29f9b Support fixing the BSSID in IBSS mode
When the "bssid=" option is set for an IBSS network and ap_scan = 2,
ask the driver to fix this BSSID, if possible.

Previously, any "bssid=" option were ignored in IBSS mode when ap_scan=2.

Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
2012-01-28 11:33:47 +02:00
Jouni Malinen
ce7b56afab WPS: Fix an interoperability issue with mixed mode and AP Settings
It looks like Windows 7 WPS implementation does not like multiple
Authentication/Encryption Type bits to be set in M7 AP Settings
attributes, i.e., it refused to add a network profile if the AP
was configured for WPA/WPA2 mixed mode and AP PIN was used to
enroll the network.

Leave only a single bit set in the Authentication/Encryption Type
attributes in M7 when the AP is acting as an Enrollee to avoid this
issue.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-01-27 22:32:15 +02:00
Jouni Malinen
552310680c nl80211: Fix send_action on off-channel in P2P GO role
A P2P Action frame may need to be sent on another channel than the GO's
operating channel. This information was lost in
wpa_driver_nl80211_send_action() in the case the interface was in AP
mode. Pass the frequence and related parameters to send_mlme mechanism
to allow the correct frequence to be used with the send frame command in
AP (P2P GO) mode.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-01-26 17:44:11 +02:00
Jouni Malinen
ceb997f394 Fix ap_sta_disconnect() to clear EAPOL/WPA authenticator state
Number of places in hostapd use ap_sta_disconnect() instead of
ap_sta_disassociate() or ap_sta_deauthenticate(). There are some
differences between these functions, e.g., in the area how quickly
the EAPOL state machines get deinitialized. This can result in
somewhat unexpected events since the EAPOL/WPA authenticator
state machines could remain running after deauthentication.

Address this by forcing EAPOL/WPA authenticator state machines
to disabled state whenever ap_sta_disconnect() is called instead
of waiting for the deauthentication callback or other timeout
to clear the STA.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-01-25 22:32:58 +02:00
Jouni Malinen
1e49ccebf7 pcsc: Fix compiler warning on signed vs. unsigned comparison
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-25 17:41:59 +02:00
Jouni Malinen
b1aebbc427 P2P: Do not expire peer entry if we are connected to the peer
Even though we may not update P2P peer entry while connected to the
peer as a P2P client, we should not be expiring a P2P peer entry while
that peer is the GO in a group where we are connected as a P2P client.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-01-25 17:27:47 +02:00
Jouni Malinen
1d277f0260 P2P: Do not expire peer entry if peer is connected as a client
Even though we may not receive a Probe Response from the peer during
the connection, we should not be expiring a P2P peer entry while that
peer is connected to a group where we are the GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-01-25 17:00:59 +02:00
Deepthi Gowri
d8d6b32eec nl80211: P2P: Pass cookie parameter in send action frame
The cookie value needs to be fetched in GO mode, too, to be able to
indicate TX status callbacks with drivers that handle AP mode SME
functionality internally. This fixes issues with client discoverability
where TX status callback for GO Discoverability Request is needed to
trigger the GO to send Device Discoverability Response.
2012-01-23 20:12:06 +02:00
Jouni Malinen
e6c6274947 Add preliminary MNC length determination based on IMSI
Some SIM cards do not include MNC length with in EF_AD. Try to figure
out the MNC length based on the MCC/MNC values in the beginning of the
IMSI. This covers a prepaid Elisa/Kolumbus card that would have ended
up using incorrect MNC length based on the 3-digit default.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-22 21:54:24 +02:00
Jouni Malinen
a3e0105692 Avoid unnecessary memory allocation in building of SIM realm
The temporary IMSI buffer can be used for this without needing the
extra memory allocation. In addition, the implementation is easier
to understand when the extra identity prefix value for EAP-SIM/AKA
is not included while fetching MCC/MNC from the IMSI.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-22 21:54:24 +02:00
Simon Baatz
2d7d0ab307 EAP-SIM/EAP-AKA peer: Support realms according to 3GPP TS 23.003
If the identity is derived from the SIM, use a realm according
to 3GPP TS 23.003.

Signed-hostap: Simon Baatz <gmbnomis@gmail.com>
2012-01-22 21:54:24 +02:00
Jouni Malinen
4646ee67c0 Reject too short IMSI in EAP-SIM/AKA identity generation
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-22 21:54:24 +02:00
Simon Baatz
8ab7a37089 SIM/USIM: Add function to get the MNC length from the SIM/USIM
The EF-AD (administrative data) file may contain information about the
length of the MNC (2 or 3 digits) in the IMSI. This can be used to
construct the realm according to 3GPP TS 23.003 during EAP-SIM or
EAP-AKA authentication.

Signed-hostap: Simon Baatz <gmbnomis@gmail.com>
2012-01-22 19:28:24 +02:00
Jithu Jance
8aebb0e471 P2P: Notify upper framework on stopping the p2p_find(SEARCH)
This patch notifies the upper framework that an on-going discovery has
been stopped. This is useful in cases where a p2p_find with a timeout
value initiated by the upper framework has been finished or when the
framework initiated "p2p_find" is stopped by a "p2p_connect".

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2012-01-22 17:20:53 +02:00
Jouni Malinen
74590e710f Work around interop issue with WPA type EAPOL-Key 4/4 in WPA2 mode
Some deployed station implementations seem to send msg 4/4 with
incorrect type value in WPA2 mode. Add a workaround to ignore that issue
so that such stations can interoperate with hostapd authenticator. The
validation checks were added in commit
f8e96eb6fd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-22 12:23:28 +02:00
Jouni Malinen
8017b538e7 P2P: Use Device ID attribute to filter Probe Request frames as GO
The Device ID attribute was already used in Listen state, but it was
ignored in GO role. Verify that there is a match with Device ID in
GO rule, too, before replying to the Probe Request frame.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-08 09:35:33 -08:00
Jouni Malinen
6d92fa6e92 P2P: Allow Device ID to be specified for p2p_find command
dev_id=<P2P Device Addr> can now be specified as an argument to
p2p_find to request P2P find for a specific P2P device.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-08 09:25:29 -08:00
Jouni Malinen
68921e24b2 Allow SNonce update after sending EAPOL-Key 3/4 if 1/4 was retransmitted
Some supplicant implementations (e.g., Windows XP WZC) update SNonce for
each EAPOL-Key 2/4. This breaks the workaround on accepting any of the
pending requests, so allow the SNonce to be updated even if we have
already sent out EAPOL-Key 3/4.

While the issue was made less likely to occur when the retransmit
timeout for the initial EAPOL-Key msg 1/4 was increased to 1000 ms,
this fixes the problem even if that timeout is not long enough.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-01-02 22:36:11 +02:00
Jouni Malinen
d567479153 Do not disconnect STA based on inactivity on driver failure
Now that we can use driver_nl80211.c with non-mac80211 drivers that
implement SME/MLME internally, we may not get inactivity time from the
driver. If that is the case, we need to skip disconnection based on
maximum inactivity timeout. This fixes some unexpected disconnection
cases with ath6kl in AP mode.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-01-02 21:27:06 +02:00
Jouni Malinen
3d9975d5b0 Do not trigger fast reconnection on locally generated deauth/disassoc
The deauthentication and disassociation events from nl80211 were being
processed identically regardless of whether the frame was generated by
the local STA or the AP. This resulted in fast reconnection mechanism
getting triggered even in the case where the disconnection was detected
locally (e.g., due to beacon loss) while this was supposed to happen
only in the case where the AP is sending an explicit Deauthentication
or Disassociation frame with a specific reason code.

Fix this by adding a new deauth/disassoc event variable to indicate
whether the event was generated locally.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-01 18:55:58 +02:00
Jouni Malinen
d033694ac5 Clear EAPOL authWhile and heldWhile values when port is disabled
IEEE Std 802.1X-2004 does not clear authWhile and heldWhile in this
case, but doing so allows the timer tick to be stopped more quickly when
the port is not enabled. Since these variables are used only within HELD
and RECEIVE states, clearing them on initialization does not change
actual state machine behavior. This reduces some unnecessary operations
in port disabled state and cleans up the wpa_supplicant debug log after
disconnection.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-31 13:42:23 +02:00
Jouni Malinen
ee9fc67ab7 nl80211: Mark Beacon event debug excessive
This can show up way too frequently in AP mode to make debug logs
readable at debug level.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-30 14:10:15 +02:00
Spencer Chang
62a8ea7d01 WPS: Cancel previous registered wps_registrar_pbc_timeout
Since wps_registrar_pbc_timeout is called to stop PBC, previously
registered wps_registrar_pbc_timeout must be canceled when canceling
the WPS operation.

Signed-off-by: Spencer Chang <jungwalk@gmail.com>
2011-12-29 21:32:06 +02:00
Jouni Malinen
b9fd8ce804 nl80211: Fix NL80211_CMD_FRAME to not try offchannel without driver support
The offchanok parameter is hardcoded to one in number of paths and that
added NL80211_ATTR_OFFCHANNEL_TX_OK attribute to NL80211_CMD_FRAME
unconditional. cfg80211 rejects this with EINVAL if the driver does not
indicate support for offchannel TX. Fix this by not requesting
offchannel TX depending on driver capabilities. Remain-on-channel
operation was used for those cases anyway, so the additional attribute
was not really needed for these in the first place.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-12-29 14:15:31 +02:00
Jouni Malinen
0d891981db nl80211: Do not stop AP mode Probe Request reporting on Listen stop
When nl80211_setup_ap() has enabled Probe Request reporting, this must
not be disabled when P2P Listen state is stopped to avoid breaking AP
mode operations. This could happen, e.g., if a Probe Request frame was
received from a P2P device that the we are trying to invite to our group
(i.e., when operating in GO role). p2p_probe_req_rx() calls
p2p_invite_start() in this case and that ends up calling
p2p->cfg->stop_listen() which calls probe_req_report() driver op.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-12-27 20:32:29 +02:00
Yogesh Ashok Powar
ef01fa7bfa hostapd: Make inactivity polling configurable
hostapd uses the poll method to check if the station is alive
after the station has been inactive for ap_max_inactivity seconds.
Make the poll mechanism configurable so that user can choose to
disconnect idle clients.

This can be especially useful when some devices/firmwares have
restrictions on the number of clients that can connect to the AP
and that limit is smaller than the total number of stations trying
to use the AP.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
2011-12-25 20:57:01 +02:00
Jouni Malinen
c3daee1df5 Remove obsolete comment on removed PTK rekeying operation
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-24 13:55:03 +02:00
Jouni Malinen
00338a4fe8 Increase initial group key handshake retransmit timeout to 500 ms
The 100 ms timeout on retransmitting group key message can be too short
for stations that are in power save mode or if there is a large number
of association stations. While the retransmission of the EAPOL-Key frame
should allow this to be recovered from, it is useful to avoid
unnecessary frames to save soem CPU and power.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-24 13:50:59 +02:00
Jouni Malinen
9c3c38db1e Drop priority level of the logger message for unexpected replay counter
This can happen frequently during normal EAPOL-Key exchanges and there
is no need to log it at info level.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-24 13:39:40 +02:00
Jouni Malinen
a6cc0602dd nl80211: Fix mgmt RX for device SME in AP mode without monitor
Drivers that use device SME in AP mode may still need to be
subscribed for Action frame RX when monitor interface is not used.
This fixes number of P2P GO operations with ath6kl.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-12-23 18:15:07 +02:00
Jouni Malinen
536062f274 nl80211: Fix use_monitor driver capability for non-mac80211 drivers
Poll command may be enough for mac80211 to figure out whether monitor
interface is to be used, but this change did not take into account
non-mac80211 drivers that support AP mode without monitor interface.
For example, ath6kl needs to get use_monitor disabled.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-12-23 18:13:01 +02:00
Jouni Malinen
82554b100c nl80211: Show station flush failures in debug log
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-12-23 18:12:07 +02:00
Jouni Malinen
36488c054c nl80211: Add debug prints for mgmt RX subscription
This makes it easier to figure out which management frames has been
subscribed to for RX events.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-12-23 18:10:59 +02:00
Jouni Malinen
fbdcfd577a P2P: Maintain a list of P2P Clients for persistent group on GO
Add a new persistent group network block field, p2p_client_list, to
maintain a list of P2P Clients that have connected to a persistent
group. This allows GO of a persistent group to figure out more easily
whether re-invocation of a persistent group can be used with a specific
peer device.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-22 22:47:41 +02:00
Jouni Malinen
b3ffc80b8c P2P: Move public P2P_PEER info generation into ctrl_iface
The P2P module provides access to public peer data in struct
p2p_peer_info. Use this to build the P2P_PEER information in
ctrl_iface.c instead of providing such text format data from the P2P
module.

The internal data that was previously built in p2p_get_peer_info() as
part of the text format peer data is now available through a separate
p2p_get_peer_info_txt() function. This is still included in P2P_PEER
output to maintain backwards compatibility with external programs that
could have started to use this. However, it should be noted that this
data is not really supposed to be used for anything else apart from
debugging purposes and its format is subject to change.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-22 21:26:31 +02:00
Jouni Malinen
b3bcc0f519 P2P: Replace p2p_get_peer_info with p2p_peer_known when applicable
p2p_get_peer_info() was used in multiple places just to check whether a
specific peer is known. This was not the designed use for the function,
so introduce a simpler function for that purpose to make it obvious that
the p2p_get_peer_info() function is actually used only in ctrl_iface.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-22 21:04:41 +02:00
Jouni Malinen
a601f71bc7 P2P: Fix a typo in a function documentation
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-22 20:55:51 +02:00
Jouni Malinen
d9bdba9f86 P2P: Do not allow pending listen command override connect
If p2p_listen is issued during a p2p_scan, a pending after-scan operation
is scheduled. However, since there is support for only a single pending
operation, this was able to override a previously scheduled pending
connect command. This can break some command sequences, so give higher
priority to pending connect operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-12-21 13:35:18 +02:00
Jouni Malinen
b088cf82c9 Android: nl80211: Work around limited genl_ctrl_resolve()
Android ICS system/core/libnl_2 has very limited genl_ctrl_resolve()
implementation that cannot handle names other than nlctrl. Work
around that by implementing more complete genl_ctrl_resolve()
functionality within driver_nl80211.c for Android builds.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-12-21 13:33:41 +02:00
Jouni Malinen
74781dfc7b Lower RX_MGMT driver event debug level for Beacon frames
This event can be very frequent in AP mode when Beacon frames from
neighboring BSSes are delivered to user space. Drop the debug
message priority from DEBUG to EXCESSIVE for Beacon frames.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-18 21:48:25 +02:00
Ben Greear
300ab0556c Allow linking with libnl-3 (libnl 3.2 and newer)
I needed this patch to compile against the latest
libnl code. I added this to my config file:

CONFIG_LIBNL32=y

Signed-hostap: Ben Greear <greearb@candelatech.com>
2011-12-18 21:12:05 +02:00
Neeraj Kumar Garg
d58ed4e306 P2P: Reduce the idle time in Wait peer connect state
When waiting for go_neg frame from the peer in WAIT_PEER_CONNECT state,
I have observed that sometimes it takes 20 to 30 secs for successful GO
negotiation. I also found out that it is because of 1 second idle time,
in WAIT_PEER_CONNECT state. While it is good to have 1 second idle time
[for doing power-save or doing some other legacy STA Scan or some other
useful stuff], this makes GO Negotiation process slow.

We wait for 1 second idle and then listen for a random time between
100(min)-300(max) ms. Assume P1 is in WAIT_PEER_CONNECT state and P2 is
the one which is now to send go_neg frame. If P2 sends GO Negotiation
frame just at the boundary of 300 ms of P1 and assume that P2 takes
close to 600-800 ms for one iteration of sending go_neg request (one
iteration is GO Negotiation Request frame time + dwell time +
listen_time), P2 needs to transmit at least 16-18 Action frames for
hitting the listen time of P1.

Following patch reduces the idle time to 500 ms. Alternatively we can
increase the listen time interval to 500 ms just for WAIT_PEER_CONNECT
state.
2011-12-18 18:01:11 +02:00
Neeraj Kumar Garg
bfe3557a07 P2P: Fix PROBE_REQ_ONLY flag use for Provision Discovery Request
Provision discovery from a known peer should actually check for
dev->flags & P2P_DEV_PROBE_REQ_ONLY. This is creating an issue of
updating the listen frequency of peer with the PD request frame
frequency. PD request frame will be sent by the peer on our local listen
frequency. This patch fixes that error. Suggested check has already been
implemented in the invitation req receive path.
2011-12-18 17:42:11 +02:00
Jouni Malinen
1ef2f7ffcf P2P: Fix Provision Discovery channel for some join-GO cases
The Provision Discovery Request needs to be sent on the operating
channel of the GO and as such, the frequency from the BSS table
(scan results) need to override the frequency in the P2P peer
table that could be based on the Listen channel of the GO.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-18 17:21:25 +02:00
Reinette Chatre
e5a359cf7e P2P: Make GO negotiation peer and group information available over D-Bus
The GO negotiation response is very cryptic at the moment. For a success
message we only know on which interface the negotiation succeeded, not
which peer. For a failure we know the interface also and a status code
(number).

It will be very useful for clients to know upon receipt of such a message
which peer the negotiation occurred with.

Now that the peer information is available and the API is changed
already, the function composing the D-Bus message might as well include
all GO negotiation information. This is done with a dict to make things
easier on clients if this result information changes down the line.

Signed-hostap: Reinette Chatre <reinette.chatre@intel.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-18 16:52:33 +02:00
Marek Kwaczynski
2f0c8936bf P2P: Do not include own information in the peer table
When the station is connected to P2P GO after calling p2p_find command
the device sees itself. It is related to lack of filtering itself from
clients connected to P2P GO.

Step by step:
1. dev1: p2p_group_add
2. dev2: p2p_connect <MAC1> pbc join
3. dev1: wps_pbc
4. dev2: p2p_find

Skip P2P client information for our own device from a GO with which
we are connected.
2011-12-18 16:38:48 +02:00
Jouni Malinen
f2fe5b3663 PCSC: Accept 0x67 (Wrong length) as a response to READ RECORD
It looks like some USIM cards respond with 0x67 (Wrong length) instead
of 0x6c to 00 b2 01 04 ff. This was getting rejected in
scard_get_record_len(). ETSI TS 102 221 is not very clear on this
detail, but it looks fine to accept the 0x67 error value, too, to learn
the record length.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-18 14:44:03 +02:00
Jouni Malinen
c84b868a71 Make hostapd_eid_wmm_valid() return more logical return values
Return 1/0 instead 0/-1 to indicate valid/invalid element so that
the if statement makes more sense with !wmm_valid().

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-17 12:41:00 +02:00
Jason Young
5d06163714 AP: Pass station's WMM configuration to driver wrappers
This updates a previous patch did more or less the same thing by
providing the qosinfo as a single variable to the driver wrappers.

Signed-hostap: Jason Young <jason.young@dspg.com>
2011-12-17 12:38:06 +02:00
Jouni Malinen
9e088e743d nl80211: Fix memory leaks on nla_put_failure error paths
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-17 12:27:11 +02:00
Jason Young
5883168ae0 nl80211: Fix memory leak on nla_put_failure error paths
Signed-hostap: Jason Young <jason.young@dspg.com>
2011-12-17 12:19:36 +02:00
Eliad Peller
774bfa62ce nl80211: Send uapsd_queues and max_sp values on STA addition
When a new station is added, send its configured WMM params.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-12-17 11:59:34 +02:00
Eliad Peller
5f32f79c6e AP: Add uapsd_queues and max_sp fields
Add uapsd_queues and max_sp fields to sta_info struct,
and pass them to the sta_add callback.

These values are determined by the WMM IE in the (Re)Association Request.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-12-17 11:55:14 +02:00
Eliad Peller
70619a5d8a AP: Consider U-APSD driver support
Check whether the driver advertises support for U-APSD
in AP mode, and evaluate wmm_uapsd only in this case.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-12-17 11:45:53 +02:00
Jouni Malinen
a97bde0af4 Android: Fix PNO start function conversion
The wpa_hexdump_ascii() call did not get converted properly and this
was missed becaused of it getting defined out from the build. Anyway,
this better use the correct variable names should that debug print
ever be enabled for Android.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-15 01:06:02 +02:00
Jouni Malinen
aa543c0c33 nl80211: Fix CONFIG_TDLS=y build
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-12 16:32:07 +02:00
Jouni Malinen
671a50392d nl80211: Clean up info on netdev or nl80211 not found errors
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-11 18:51:55 +02:00
Jean-Michel.Bachot
5aff6fc697 P2P: Remove unexpected pending Provision Discovery Request in Search
A Pending Provision Discovery Request was sent in SEARCH phase after a
previous provision discovery timeout. Fix this by resetting the config
method of P2P device in the pending PD reset function. This avoids the
sending of a pending Provision Discovery Request during the next P2P
search.

Signed-off-by: Jean-Michel.Bachot <jean-michelx.bachot@intel.com>
2011-12-11 17:43:17 +02:00
Jouni Malinen
e3a0706b47 P2P: Fix Provision Discovery name in debug messages
Some debug messages used incorrect name for Provision Discovery.
Replace "Provisioning Discovery" with "Provision Discovery".

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-11 17:36:38 +02:00
Jouni Malinen
36ba8581f7 P2P: Reject Presence Request if current NoA cannot be fetched
It is safer to assume that the driver could be using NoA and reject
any Presence Request unless we are sure that noa NoA is in use.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-11 17:07:41 +02:00
Michael Braun
05ab9712b9 Allow WPA passphrase to be fetched with RADIUS Tunnel-Password attribute
This allows per-device PSK to be configured for WPA-Personal using a
RADIUS authentication server. This uses RADIUS-based MAC address ACL
(macaddr_acl=2), i.e., Access-Request uses the MAC address of the
station as the User-Name and User-Password. The WPA passphrase is
returned in Tunnel-Password attribute in Access-Accept. This
functionality can be enabled with the new hostapd.conf parameter,
wpa_psk_radius.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2011-12-11 13:01:57 +02:00
Vitaly Wool
c3daaf3325 Skip WPS PBC overlap detection if P2P address is the same
WPS overlap detection can detect false overlap if a P2P peer
changes UUID while authentication is ongoing. Changing UUID
is of course wrong but this is what some popular devices do
so we need to work around it in order to keep compatibility
with these devices. There already is a mechanism in WPS
registrar to skip overlap detection if P2P addresses of two
sessions match but it wasn't really triggered because the
address wasn't filled in in the caller function.

Let's fill in this address and also clean up WPS PBC sessions
on WSC process completion if UUID was changed.

Signed-hostap: Vitaly Wool<vitalywool@gmail.com>
2011-12-11 12:03:18 +02:00
Arik Nemtsov
5ed3354617 nl80211: Send Probe Response template to the driver
Pass the raw Probe Response template to kernel via netlink using the
set_ap() driver callback. The data is sent as one of the Beacon
attributes.

Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-12-10 21:11:32 +02:00
Arik Nemtsov
5b99e21a14 Set driver Probe Response template for AP mode offload
Configure a Probe Response template for drivers that support it. The
template is updated when the Beacon template is updated.

The Probe Response template is propagated to the driver via the set_ap()
callback.

Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-12-10 21:11:32 +02:00
Arik Nemtsov
eacc6b2478 Split Probe Response generation into a separate function
This is needed for Probe Response template, so move the code into a
separate function that can be shared.

Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-12-10 21:11:32 +02:00
Arik Nemtsov
4f73d88afa Maintain internal copy of Probe Response offload capabilities
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-12-10 21:11:32 +02:00
Arik Nemtsov
562c9d976e nl80211: Propagate Probe Response offload capabilities from kernel
Translate nl80211 flags to wpa_supplicant flags for Probe Response
offload support. The existence of the nl80211 PROBE_RESP_OFFLOAD_SUPPORT
attribute means Probe Response offload is supported. The value of the
attribute is a bitmap of supported protocols.

Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-12-10 21:11:32 +02:00
Ben Greear
afcc9ea1a6 AP: Improve disconnect and timeout related logging
This previously helped when debugging some auth issues when hitting the
AP with 128 association attempts all at once.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-12-10 16:34:52 +02:00
Ben Greear
e04a163180 AP: Convert some wpa_printf to wpa_msg/dbg
This generates better log messages when running multiple
interfaces in one process.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-12-10 16:28:14 +02:00
Ben Greear
af22a9994b Tell user why a channel cannot be used in AP mode
Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-12-10 16:18:50 +02:00
Jouni Malinen
82ac659d01 P2P: Remove forgotten TODO comment
The P2P peers are already expired.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-10 14:28:23 +02:00
Jithu Jance
10cc6c883e P2P: Append P2P Device Address to AP-STA-DISCONNECTED event
Append "p2p_dev_addr" parameter to AP-STA-DISCONNECTED event for P2P
connections. In addition, for AP-STA-CONNECTED event during P2P
connection, the "dev_addr=" print is replaced with "p2p_dev_addr=" to
be more consistent with other events.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2011-12-10 12:26:00 +02:00
Johannes Berg
341eebee38 nl80211: Store own address in BSS
Storing the address in the BSS instead of the DRV struct makes it usable
for hostapd and thus gets rid of the linux_get_ifhwaddr() call when
receiving a spurious frame.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-10 11:56:31 +02:00
Jouni Malinen
505a36941e Add MSK dump mechanism into hostapd RADIUS server for testing
Testing code can now be enabled in the hostapd RADIUS server to dump
each derived MSK into a text file (e.g., to be used as an input to
wlantest). This functionality is not included in the default build
and can be enabled by adding the following line to hostapd/.config:
CFLAGS += -DCONFIG_RADIUS_TEST

The MSK dump file is specified with dump_msk_file parameter in
hostapd.conf (path to the dump file). If this variable is not set,
MSK dump mechanism is not enabled at run time.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-09 00:15:04 +02:00
Jouni Malinen
c3f4278445 P2P: Add group ifname to P2P-PROV-DISC-* events
If Provision Discovery Request is sent for GO role (i.e., P2P Group ID
attribute is included), add the group interface name to the control
interface event on the GO. This makes it easier to figure out which
ctrl_iface needs to be used for wps_pbc/wps_pin command to authorize
the joining P2P client.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-06 21:57:17 +02:00
Jithu Jance
ec437d9e74 P2P: Skip duplicated provision discovery on join
If p2p_prov_disc join command is used prior to p2p_connect join,
skip the duplicated provision discovery exchange.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2011-12-06 21:44:57 +02:00
Jithu Jance
8c5f730983 P2P: Add optional "join" argument for p2p_prov_disc command
This can be used to request Provision Discovery Request to be sent
for the purpose of joining a running group, e.g., to request the GO
to display a PIN that we can then use with p2p_connect join command.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2011-12-06 21:28:02 +02:00
Jouni Malinen
481234cf1a nl80211: Remove unnecessary struct nl80211_handles wrapper
Since the nl_cache is not used anymore, there is no need for maintaining
the struct nl80211_handles wrapper for struct nl_handle. Clean this up
by using nl_handle directly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-06 19:47:59 +02:00
Johannes Berg
3088e4e52d nl80211: Listen to unexpected 4addr events
Monitor-less AP mode had lost the ability to do
4addr WDS, this adds it back.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-06 19:32:41 +02:00
Johannes Berg
d6c9aab8d2 nl80211: Use global event socket for multicast events
This is a rewrite of Ben Greear's patch, making the
nl80211 code use just a single multicast event socket.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-06 19:30:43 +02:00
Johannes Berg
e32ad281ca nl80211: Register for Beacon frames in AP mode
When running AP mode, we need to receive beacons over overlapping BSSes
to handle protection. Use the new nl80211 command for this. As the
command works per wiphy (and we don't want to receive the Beacon frames
multiple times) add an abstraction that keeps track of per-wiphy data.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-06 18:39:57 +02:00
Johannes Berg
02bb32c393 nl80211: Subscribe to spurious class3 frame events
These events are necessary to send deauth frames to
stations sending spurious data frames. Subscribe to
them on the per-BSS event socket.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-06 18:29:45 +02:00
Johannes Berg
a11241fa11 nl80211: Use nl80211 for mgmt TX/RX in AP mode
To achieve this, multiple things are needed:
 1) since hostapd needs to handle *all* action frames,
    make the normal registration only when in a non-AP
    mode, to be able to do this use the new socket
 2) store the frequency in each BSS to be able to give
    the right frequency to nl80211's mgmt-tx operation
 3) make TX status processing reject non-matched cookie
    only in non-AP mode

The whole thing depends on having station-poll support
in the kernel. That's currently a good indicator since
the kernel patches are added together.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-06 18:24:00 +02:00
Jouni Malinen
5331c274e0 EAP server: Force identity request after eapRestart for passthrough
Fix start of reauthentication after failed authentication with
passthrough (external AAA server) to use internal EAP Identity method.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-06 13:02:23 +02:00
Jouni Malinen
4a9e26b6e7 Revert "EAP server: Force identity request after INITIALIZE for passthrough"
This reverts commit 204dd3f420.
start_reauth was not supposed to be used in this way and setting it
to TRUE in INITIALIZE breaks internal EAP server.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-06 12:47:17 +02:00
Jouni Malinen
8c3ba0784e nl80211: Use driver event to indicate failure on authentication retry
When using authentication retry within driver_nl80211.c, a failure on the
second attempt has to be indicated with a driver event since the return
code from wpa_driver_nl80211_authenticate() is not actually delivered to
the core code in that case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 22:28:30 +02:00
Jouni Malinen
536fd62dba nl80211: Recover from auth req ENOENT with a scan
cfg80211 rejects NL80211_CMD_AUTHENTICATE with ENOENT if the BSS entry
for the target BSS is not available. This can happen if the cfg80211
entry has expired before wpa_supplicant entry (e.g., during a suspend).
To recover from this quickly, run a single channel scan to get the
cfg80211 entry back and then retry authentication command again. This
is handled within driver_nl80211.c to keep the core wpa_supplicant
implementation cleaner.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 21:53:56 +02:00
Jouni Malinen
8b41e05656 EAP-AKA peer: Keep pseudonym identity across EAP exchanges
This updates EAP-AKA peer implementation with the changes that previous
commits did for EAP-SIM.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 17:21:22 +02:00
Simon Baatz
1037235ca0 EAP-SIM peer: Only log the identities that we actually forget
[Bug 425]
2011-12-04 17:17:21 +02:00
Simon Baatz
a9f40ae720 EAP-SIM: Keep pseudonym identity
The pseudonym is a temporary identity, but is no one-time identifier (like
the fast re-authentication identity). Thus, do not forget it if the server
does not include it in every challenge. There are servers that include the
pseudonym identity only at full-auth. [Bug 424]
2011-12-04 17:15:16 +02:00
Jouni Malinen
c8894a3100 Use explicit type casting to avoid sign extensions
Make sure sign extension does not end up getting used here by
explicitly type casting the variables to correct size.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 17:06:35 +02:00
Jouni Malinen
607bcf61a4 Check nt_password_hash() return code
While this is unlikely to fail in practice, better be more consistent
in validating nt_password_hash() result.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 16:59:16 +02:00
Jouni Malinen
d627a9395d Check wpa_supplicant_parse_ies() return value more consistently
Reject messages that fail to be parsed instead of trying to use
partially parsed information.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 16:40:06 +02:00
Jouni Malinen
78018ae91d Fix basic_rates copying
Commit e5693c4775 used incorrect
sizeof to copy the basic rates.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 13:12:30 +02:00
Jouni Malinen
210ff0f7f3 Fix no-NEED_AP_MLME build
Commit 34445d12ee forgot to convert
the hostapd_prepare_rates() inline wrapper for builds that do not
define NEED_AP_MLME.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 12:46:01 +02:00
Arik Nemtsov
3eeee931dd Allow Action frames with unknown BSSID in GO mode
P2P invitation responses are transmitted with the BSSID set to the peer
address. Pass these action frames up to allow the GO to receive the
Invitation Response (and avoid sending the Invitation Request multiple
times).

Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-12-04 12:10:11 +02:00
Johannes Berg
9f12614b8c nl80211: Do not encrypt IEEE 802.1X WEP EAPOL
Set the NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT flag for nl80211 to tell
drivers (mac80211) to not encrypt the EAPOL frames for WEP IEEE 802.1X.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 20:46:12 +02:00
Johannes Berg
cc7a48d1f4 nl80211: Allocate nl CB for BSS RX
In preparation for things that receive on a BSS-specific handle,
allocate a CB for it and hook it up to receive functions.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 20:14:53 +02:00
Johannes Berg
f06aedd92f nl80211: Rename process_event
The next patch will add process_bss_event, rename process_event to
process_drv_event to differentiate between them.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 20:10:44 +02:00
Johannes Berg
a4ae123c3f nl80211: Pass cb to eloop function
By passing the nl_cb as the context to the eloop function we can
(in the next patch) use the same eloop function for BSS events.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 20:07:54 +02:00
Johannes Berg
1afc986d84 nl80211: Use one CB for driver event RX
There's no need to clone the CB all the time
and then assign it, just use a constant one.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 20:00:11 +02:00
Johannes Berg
e4fb216769 nl80211: Store frequency in bss struct
Storing the frequency in the bss struct allows using it for frame
commands in AP mode and not relying on the driver struct as much, which
is good for hostapd mode.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 19:55:22 +02:00
Johannes Berg
3fd1cefb81 nl80211: Move AP SME setup to mode change
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 19:47:01 +02:00
Johannes Berg
32ab485503 nl80211: Use socket error queue for EAPOL TX status
This will allow getting TX status for EAPOL frames
sent as data frames if the driver supports it.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 19:32:23 +02:00
Jouni Malinen
204dd3f420 EAP server: Force identity request after INITIALIZE for passthrough
Previously, sm->start_reauth was set to TRUE in SUCCESS2 state to force
reauthentication to start with EAP identity request. This works fine for
the case of EAP success through the AAA passthrough authentication, but
is not enough to handle passthrough authentication failure. sm->identity
is set in that case and getDecision would return PASSTHROUGH instead of
CONTINUE (to Identity method).

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 17:37:48 +02:00
Jouni Malinen
aef85ba204 nl80211: Ignore interface up event if interface is down
The RTM_NEWLINK even can have IFF_UP flag even if the interface is
down. Do not generate EVENT_INTERFACE_ENABLED event based on such a
message.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 13:18:57 +02:00
Jouni Malinen
3b1c7bfdc5 nl80211: Use binary hexdump for scan IEs instead of text
The IEs are binary data, so there is not much point in trying
to show them as ASCII data in debug prints.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 12:47:34 +02:00
Jouni Malinen
34445d12ee Convert hostapd_prepare_rates() to use struct hostapd_iface
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 12:20:17 +02:00
Jouni Malinen
e5693c4775 Merge set_rate_sets() driver_ops into set_ap()
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 12:16:03 +02:00
Jouni Malinen
5f17b3ee9f Remove unused parameters from set_rate_sets()
Only setting of the basic rate set was supported, so remove the
unused parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 11:57:13 +02:00
Jouni Malinen
e26cd1a180 hostapd: Show driver event names in debug log
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 11:46:47 +02:00
Jouni Malinen
d03e8d118c nl80211: Merge ap_isolate configuration into nl80211_set_bss()
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 11:43:18 +02:00
Jouni Malinen
e53a0c7406 Fix a typo in a comment
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 11:38:51 +02:00
Szymon Bigos
9337e876ab Fix generated WPS PIN values to use zero-padding
The dynamically generated PINs are supposed to have 8 digits, but
some PIN generatation cases were not zero-padding these properly.
2011-12-02 23:04:39 +02:00
Bharat Chakravarty
8e5f913456 WPS: Allow RF Bands value to be overridden
A new hostapd.conf parameter, wps_rf_bands, can now be used to fix the
RF Bands value in cases where hw_mode is not set or when operating a
dual band dual concurrent AP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-30 17:44:43 +02:00
Subrat Dash
910b482d9b WPS: Fix stopping of active WPS operation on dual concurrent AP
When hostapd controls multiple radios, WPS operations are started on
all interfaces. However, when the provisioning run had been completed
successfully, actiove WPS mode was stopped only a single interface. Fix
this to iterate through all interfaces so that this is handled
consistently with the starting of WPS operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-30 16:48:14 +02:00
Jouni Malinen
d6d731b848 WPS ER: Fix segfault in some selected registrar change cases
Commit 628d54639a introduced number
of new WPS related ctrl_iface messages to hostapd. Some of these
were for ER events which do not make any sense to hostapd that
cannot operate as an ER. The WPS_EV_ER_SET_SELECTED_REGISTRAR one
from wps_registrar_sel_registrar_changed_event() was especially
problematic since it can cause wpa_supplicant ER code segfault due
to missing event data.

Revert all the ER specific changes from commit
628d54639a to get rid of the segfault
and undesired extra code in hostapd.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-30 14:44:23 +02:00
Dmitry Shmidt
216eede830 Android: nl80211: Add Android specific PNO configuration
This is based on the Android driver_cmd changes that are converted to
use the sched_scan/stop_sched_scan driver_ops for the case where the
driver does not support the new nl80211 commands.

Change-Id: Iaedc340f84650af422bd2ea57d2a8b0a9d4a5330
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-11-29 15:18:52 +02:00
Dmitry Shmidt
5eb429101a Android: wext: Add sched_scan functions for PNO
(jm: This is based on the Android change that used driver_cmd. The same
implementation is used for the actual driver interface, but the commands
are now accessed through sched_scan/stop_sched_scan driver_ops instead
of driver_cmd)
2011-11-29 15:18:45 +02:00
Dmitry Shmidt
06e356fe14 Android: wext: Add driver state events 2011-11-29 15:18:21 +02:00
Jouni Malinen
363ab44067 EAP-AKA: Use strdup instead of strlen + malloc + memcpy
While the copy is not used as a null terminated string, this can prevent
some static analyzers from complaining about non-issue.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:45:01 +02:00
Jouni Malinen
0ac6c3f71a EAP-PEAP: Remove unused hdr assignment
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:43:21 +02:00
Jouni Malinen
864a8e3bf6 EAP-PSK: Fix memory leak on error path
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:41:38 +02:00
Jouni Malinen
cdc6e5d084 TLS: Add support for SHA256-based cipher suites from RFC 5246
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:33:54 +02:00
Jouni Malinen
1622b331f6 TLS: Update file headers to include TLS v1.2 support
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:13:52 +02:00
Jouni Malinen
a838e71ccf Include TLS v1.1 and v1.2 support in library build
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:08:29 +02:00
Jouni Malinen
4b919be289 TLS: Allow TLS v1.2 to be negotiated
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:08:29 +02:00
Jouni Malinen
f0b1c5f7b3 TLS: Add TLS v1.2 style CertificateVerify functionality
Add support for generating and verifying RFC 3447 RSASSA-PKCS1-v1_5
style DigestInfo for TLS v1.2 CertificateVerify. For now, this is
hardcoded to only support SHA256-based digest.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:08:29 +02:00
Jouni Malinen
949b2e1f61 TLS: Add SHA256-based verify_data derivation for TLS v1.2
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:08:28 +02:00
Jouni Malinen
20b4cdcd41 TLS: Maintain SHA256-based hash values for TLS v1.2
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:48:34 +02:00
Jouni Malinen
ca84eed7ad TLS: Add build configuration for TLS v1.2 support
This allows the internal TLS implementation to be built for TLS v1.2
support. In addition to the build option, this changes the TLS PRF
based on the negotiated version number. Though, this commit does not
yet complete support for TLS v1.2.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:45:07 +02:00
Jouni Malinen
bcf03f5209 TLS: Assume explicit IV for TLS v1.1 and newer
This is needed to allow TLS v1.2 to be supported.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:38:25 +02:00
Jouni Malinen
6c67d77fef TLS: Increase maximum MAC key from 20 to 32 octets
This is in prepartion of adding support for SHA256-based operations
with TLS v1.2.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:36:56 +02:00
Jouni Malinen
d0485a6208 TLS: Pass version to tls_prf() in preparation for new PRFs
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:35:11 +02:00
Jouni Malinen
cd52acec85 Rename tls_prf() to tls_prf_sha1_md5()
Prepare for multiple TLS PRF functions by renaming the SHA1+MD5 based
TLS PRF function to more specific name and add tls_prf() within the
internal TLS implementation as a wrapper for this for now.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:27:01 +02:00
Jouni Malinen
ebe4e8f814 TLS: Add helper functions for version number handling
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:20:18 +02:00
Jouni Malinen
8307489840 Add implementation of TLS v1.2 PRF (P_SHA256)
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:10:06 +02:00
Jouni Malinen
dcff088df7 Add SHA256-hash functions to generic crypto_hash_* functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:10:06 +02:00
Jouni Malinen
e770c497eb TLS: Add a debug information on unsupported private key format
Provide easier to understand reason for failure to use the old
OpenSSL encrypted private key format.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 13:21:36 +02:00
Jouni Malinen
527a398866 wext: Define some new values if linux/wireless.h is too old
IW_ENCODE_ALG_PMK and IW_ENC_CAPA_4WAY_HANDSHAKE are not defined in the
Android tree, so add compatibility defines for these.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-25 23:56:15 +02:00
Dmitry Shmidt
8a5e75f60f P2P: Send STA connected/disconnected events to parent ctrl_iface
Send the connection events from P2P group to both the group interface
and parent interface ctrl_ifaces to make it easier for external monitor
programs to see these events without having to listen to all group
interfaces when virtual group interfaces are used.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-11-25 23:56:13 +02:00
Jouni Malinen
fb67eec6f8 nl80211: Do not set sched_scan filter if driver does not support it
cfg80211 will reject the NL80211_CMD_START_SCHED_SCAN if too many
match sets are requested. To avoid being completely unable to start
any scheduled scans, skip setting these filters if the driver did
not advertise support for large enough number of match sets.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-25 17:46:00 +02:00
Jouni Malinen
29f338af26 nl80211: Implement set_p2p_powersave for legacy_ps changes
This adds initial implementation of set_p2p_powersave to allow legacy PS
mode to be configured. P2P PS parameters are not yet supported.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-25 13:11:22 +02:00
Jouni Malinen
0bf927a03e Use wpa_key_mgmt_*() helpers
This cleans up the source code and makes it less likely that new AKM
addition misses some needed changes in the future.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-24 22:47:46 +02:00
Jouni Malinen
71093e5ea9 WPS: Include WSC IE in (Re)Association Response for maybe-WPS case
If the station is indicating use of WPS, WSC IE should be added into the
(Re)Association Response frame. This is clear for the case when WSC IE
was included in the (Re)Association Request frame. However, even the
WLAN_STA_MAYBE_WPS case may actually indicate use of WPS. Assume that to
be the case when WPA/WPA2 is enabled (i.e., when the STA does not
include WPA/RSN/WSC IE while AP has WPA/RSN enabled).

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-24 22:05:33 +02:00
Jouni Malinen
1323ee314e Move wpa_sm_remove_pmkid() call to PMKSA cache entry freeing
This makes it clearer that the PMKSA caching entry gets removed from
the driver regardless of how the internal entry from wpa_supplicant
gets cleared. In practice, this call was skipped only for the case
when the entry for the current AP was being updated, so the previous
version was likely to work with all drivers. Anyway, it is cleaner
to explicitly remove the old entry even in that case before the new
entry gets added.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-20 12:53:29 +02:00
Jouni Malinen
bf689a409f Fix wired EAPOL authenticator
Commit 940a0ce970 moved the STA associated
check from driver_*.c into ieee802_1x_receive(), but failed to take into
account that wired networks and driver_wired.c do not mark the STA entry
associated. Fix this by skipping the check if the driver wrapper is
using a wired network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-20 12:42:47 +02:00
Jouni Malinen
d5cbee412c Avoid possible compiler warning in os_gmtime()
Use time_t instead of os_time_t variable with the gmtime() call to
avoid possible compiler warnings.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-20 12:19:28 +02:00
Johannes Berg
88df0ef74f nl80211: Set offchannel-OK selectively
It's not really valid to send off-channel in all cases,
so pass whether it should be allowed or not and don't
set it in the AP case.

Also, to get the right ifindex for hostapd, pass a bss
pointer instead of the drv pointer.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-11-19 19:56:34 +02:00
Johannes Berg
221a59c9b6 nl80211: Move preq NL handle into BSS
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-11-19 19:48:49 +02:00
Jouni Malinen
ddc5327139 nl80211: Add no_ack support for NL80211_CMD_FRAME
This is needed to allow no-ACK operation with Probe Response frames
in P2P Listen state.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-19 19:32:05 +02:00
Helmut Schaa
fab2533604 nl80211: Implement noack policy for send_mlme
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
2011-11-19 19:22:13 +02:00
Helmut Schaa
9a898ee879 Avoid excessive probe response retries
Some client implementations only wait a few ms after sending a probe
request while scanning. Since probe responses are always sent at a low
rate this can eat quite some airtime and it might be impossible to get
the frame out before the client leaves the channel again. If the client
leaves before all probe reponses where acked this can cause the probe
reponse to be retried quite often consuming even more airtime.

Hence, add a new noack flag to the driver's send_mlme callback that
allows hostapd to request whether the driver should expect an ACK for
this frame or not.

Use the new noack-policy only for broadcast probe requests that contain
a wildcard SSID.

Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
2011-11-19 19:09:49 +02:00
Helmut Schaa
8cfa3527e1 Allow MLME frames to be sent without expecting an ACK (no retries)
In some situations it might be benefical to send a unicast frame without
the need for getting it ACKed (probe responses for example). In order to
achieve this add a new noack parameter to the drivers send_mlme callback
that can be used to advise the driver to not wait for an ACK for this
frame.

Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
2011-11-19 19:02:05 +02:00
Jouni Malinen
5419d6afed EAP-pwd: Remove struct eap_pwd_hdr
This structure was not really used for anything apart from figuring out
length of the EAP-pwd header (and even that in a way that would not work
with fragmentation). Since the bitfields in the structure could have
been problematic depending on target endianness, remove this unnecessary
structure.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-19 16:52:52 +02:00
Dan Harkins
e547e071e1 EAP-pwd: Fix zero-padding of input to H()
Another niceness of OpenSSL is that if the high-order bit of a 521-bit
big num is not set then BN_bn2bin() will just return 65 bytes instead of
66 bytes with the 1st (big endian, after all) being all zero. When this
happens the wrong number of octets are mixed into function H(). So
there's a whole bunch of "offset" computations and BN_bn2bin() dumps the
big number into a buffer + offset. That should be obvious in the patch
too.
2011-11-19 16:47:25 +02:00
Dan Harkins
18f5f3de03 EAP-pwd: Fix KDF for group 21
The previous EAP-pwd KDF implemented has an issue with group 21, that is
an elliptic curve group based on a 521 bit prime. 521 is not an even
multiple of 8, and therein lies the problem.

OpenSSL's BN library interprets a string of bits as in big-endian format
so all the calls of BN_bin2bn() will take the binary blob of bits and
turn it into a big number in big-endian format. In the EAP-pwd KDF, I am
stretching the key to "primebitlen". When that is not an even multiple
of 8 I have to mask off the excess. But I was masking off the excess
bits in the 1st octet (big endian after all) but that isn't right. The
KDF produces a string of endian-less bits. The 521st bit is the first
bit in the last octet, not the 7th bit in the first octet. So that has
been fixed and you can see in the attached diff what I'm doing.
2011-11-19 16:43:49 +02:00
Johannes Berg
397188521d nl80211: Support in-kernel station poll
If the kernel supports this, don't use manual null
data frame transmissions. This is one thing to get
rid of cooked monitor interfaces.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-11-19 14:23:46 +02:00
Johannes Berg
d12dab4c6f nl80211: Use non-receiving socket for EAPOL TX
The non-monitor TX currently uses a normal L2 abstraction
socket, but that will also receive frames we don't want,
so use a plain socket that isn't bound for RX. This might
be possible using the L2 abstraction, but we need a plain
socket later for getting TX status events here.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-11-19 14:00:53 +02:00
Johannes Berg
61cbe2ffd8 nl80211: Use device AP SME capability
This changes the auto-detection of whether or not the device contains
the AP SME away from monitor interface addition failing to the explicit
attribute in nl80211. Keep the old auto-detection for a little while so
that ath6kl isn't broken right away.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-11-19 13:42:49 +02:00
Jouni Malinen
7a5257bbc9 nl80211: Sync with wireless-testing.git linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-19 13:40:07 +02:00
Johannes Berg
dd840f793c AP: Add explicit EAPOL TX status event
The new event can be used when EAPOL TX status can't be reported as a
complete 802.11 frame but is instead reported as just the EAPOL data as
originally passed to hapd_send_eapol().

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-11-19 13:00:30 +02:00
Maciej Szmigiero
6589774746 OpenSSL: Read certificate chain from server_cert file
Currently OpenSSL implementation of TLS in hostapd loads only top
certificate in server certificate file. Change this to try to the
whole chain first and only if that fails, revert to old behavior.

Signed-off-by: Maciej Szmigiero <mhej@o2.pl>
2011-11-19 12:06:59 +02:00
Jithu Jance
57ebba598d nl80211: Implement shared_freq
This patch implements shared_freq handler for driver_nl80211.c. If a
"p2p_group_add" happens after legacy STA association, then this patch
will help to start the GO on the same frequency. This is useful when
supplicant is started on multiple interface running over a singly "PHY"
and the station interface is not used for the P2P device operations.

For example, wpa_supplicant -iwlan0 ..  -N -iwlan1 ... and wlan0 is used
for station connection and wlan1 as the P2P device interface.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2011-11-19 11:23:49 +02:00
Ben Greear
3b7ea88047 nl80211: Make MLME failure messages unique
Without this, it is impossible to tell exactly which
MLME code returned the error.

Also, convert to wpa_dbg so that we get device names
in the messages.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2011-11-18 23:41:52 +02:00
Johannes Berg
eb916eb899 P2P: Clear WPS method when GO negotiation fails
When GO negotation fails the WPS method is currently not cleared, which
can result in GO negotiation being resumed when a GO negotiation request
frame is received from the peer. That is unexpected as locally we
already gave up.

This manifests itself in getting

1319574733.955685: wlan0: P2P-GO-NEG-FAILURE status=-1
1319574733.955723: P2P: Removing pending group interface p2p-wlan0-0
...
1319574736.648378: wlan0: P2P: Starting GO Negotiation with previously
authorized peer
...
1319574736.650115: wlan0: P2P: Sending GO Negotiation Response
...
1319574736.988038: wlan0: P2P-GO-NEG-SUCCESS
1319574736.988233: P2P: No pending group interface
1319574736.988268: P2P: Create a new interface p2p-wlan0-1 for the group

Clear the WPS method to avoid this situation. I wasn't
able to test this though, but given the log I can only
assume this is how the situation happened.

Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-11-18 23:34:53 +02:00
Dan Williams
98ac6763ff nl80211: Fix UNSPEC signal quality reporting
r->level got assigned so it's clearly not INVALID; instead
r->qual should be invalid.

Signed-hostap: Dan Williams <dcbw@redhat.com>
2011-11-18 23:23:45 +02:00
Jithu Jance
5cfda25e44 P2P: Indicate GO Negotiation failure on peer expiration
If P2P device expires while a GO Negotiation is in progress, currently
p2p->go_neg_peer is cleared without indicating GO Nego failure. This
will result in pending group interfaces to be left over. This patch will
indicate GO Negotiation failure and will remove any pending group
interfaces.

This patch addresses a corner case in GO-Negotiation case. Consider the
scenario where two devices A and B are in discovery stage and Device B
vanishes [moves out of range] when a connect is issued on the Device A.
Then Device A keeps on retrying the GO Negotiation Request till the
retry limit is reached. On reaching retry limit, the pending group
interface is removed. But suppose if the peer entry in the device list
expires before the retry limit is reached, then pending group interface
was not removed.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2011-11-18 23:13:03 +02:00
Jouni Malinen
e159cc5e9b Use NULL instead of 0 for pointers
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-18 22:07:30 +02:00
Jouni Malinen
b5472a450f P2P: Fix collection of member-in-group information for peer entries
Invalid use of memcpy instead of memcmp in comparison resulted in the
GO interface address getting set incorrectly if the GO did not show up
in scan results anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-18 21:58:18 +02:00
Jouni Malinen
19df9b0761 Mark local functions static
These functions are not used outside the file in which they are defined.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-18 21:53:36 +02:00
Jouni Malinen
373f6c7211 Include wpa_auth_glue.h to verify function prototypes
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-18 21:53:03 +02:00
Jouni Malinen
da4419c6db Include list.h after trace.h to avoid offsetof refinition
trace.h may end up including system header files that define offsetof,
so include the compatibility definition from list.h only after this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-18 21:43:43 +02:00
Jouni Malinen
a40e9d3e3d Remove incorrect le16 type cast
HT_INFO_OPERATION_MODE_OP_MODE_MASK is used with variables in host
byte order, so it should not be claimed as le16.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-18 21:39:10 +02:00
Jouni Malinen
4740d5b9d9 Fix the debug message in the previous commit
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-17 23:05:19 +02:00
Jouni Malinen
0d442affb6 Set Secure=1 for EAPOL-Key msg 3/4 in WPA conditional on 2/4
This is a workaround for Windows 7 supplicant rejecting WPA msg 3/4
in case it used Secure=1 in msg 2/4. This can happen, e.g., when
rekeying PTK after EAPOL-Key Error Request (Michael MIC failure)
from the supplicant.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-17 22:59:31 +02:00
Jouni Malinen
e9447a94c0 Use a single define for maximum number of EAP methods
This cleans up the code a bit by not having to deal with theoretical
possibility of maximum number of EAP methods to be different between
various components in hostapd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-17 20:06:33 +02:00
Jouni Malinen
68a0f6d768 WPS: Use strdup to initialize dev_password for PBC
Some static analyzers complain about memset with '0' value. This was
used correctly here, but since use of strdup is about as good an option,
use that to silence the invalid warnings.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-17 19:58:33 +02:00
Jouni Malinen
bfbc4284a8 Avoid 0-length memmove from buffer end to keep static analyzers happier
This avoid incorrect errors from some static analyzers that do not like
memmove with pointers just after the end of a buffer even if the number
of bytes to move is zero.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-17 19:54:26 +02:00
Johannes Berg
335d42b1a6 nl80211: Get rid of family/cache objects
All we really need is the family ID, and we can
get that with genl_ctrl_resolve() and then don't
need to worry about family/cache objects.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-11-16 16:42:49 +02:00
Johannes Berg
38dcca9ab0 P2P: Deal with a peer associating while connected
If a P2P client associates with the group while it is
already associated, two member entries may be added to
the group which also confuses num_members counting.

Deal with this by removing the existing entry first
before adding a new one.

I think the way Reinette ran into this was due to our
tx_sync implementation in iwlagn, mac80211 might have
queued two association frames thinking the first one
just failed, but both only went out after the sync was
really successful (which tx_sync doesn't wait for).

Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-11-16 16:36:40 +02:00
Jouni Malinen
39185dfa54 P2P: Wait until ongoing scan completes before starting P2P find
The P2P_FIND command was failing if it was issued at the moment when
a scan operation was in progress. Avoid returning failure in this
case by scheduling the P2P find to start once the ongoing scan is
completed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-15 21:28:35 +02:00
Jouni Malinen
545cfc4bf3 WEXT: Use linux/wireless.h instead of wireless_copy.h
WEXT is not really changing anymore and more or less all Linux
distros come with linux/wireless.h that is recent enough to
allow the driver wrappers to be build.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-15 20:03:00 +02:00
Jouni Malinen
16476dd124 Fix P2P IE configuration for GO mode
Commit c2ff13c533 broke this with a
copy-paste typo that ended up adding the Probe Request P2P IE into the
Beacon frame (i.e., Beacon frame had two P2P IEs while Probe Response
had none).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-14 16:10:54 +02:00
Jouni Malinen
8f2e2e369b Make crypto_hash_init() easier for static analyzers
Avoid zero-length memset at the end of the buffer. This is not really
needed, but it makes the code a bit easier for static analyzers.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 23:24:08 +02:00
Jouni Malinen
911e10eac6 Make crypto_hash_init() easier for static analyzers
Avoid zero-length memset at the end of the buffer. This is not really
needed, but it makes the code a bit easier for static analyzers.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 23:19:19 +02:00
Jouni Malinen
16cc7a4304 Make radius_msg_add_attr_user_password() easier for static analyzers
Explicitly validate data_len so that static analyzers do not get
confused about the padlen validation. This is not really needed, but it
makes the code a bit easier for static analyzers.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 23:14:57 +02:00
Jouni Malinen
a9ea17491a Make fips186_2_prf() easier for static analyzers
Explicitly validate seed_len to skip memset call with zero length
of copied data at the end of the buffer. This is not really needed,
but it makes the code a bit easier for static analyzers.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 22:59:33 +02:00
Jouni Malinen
7adc3c1296 Make phase2_method initialization easier for static analyzers
data->phase2_method cannot really be NULL if
eap_fast_init_phase2_method() returns success, but this construction
seems to be too difficult for some static analyzers. While this change
is not really needed in practice, it makes it easier to go through
warnings from such analyzers.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 22:47:14 +02:00
Jouni Malinen
4c8a333b54 Make time_adv use easier for static analyzers
hapd->time_adv cannot really be NULL if hostapd_update_time_adv()
returns success, but this construction seems to be too difficult
for some static analyzers. While this change is not really needed
in practice, it makes it easier to go through warnings from such
analyzers.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 22:45:16 +02:00
Jouni Malinen
a5c696adb4 nl80211: Verify that global driver pointer is not NULL
driver_nl80211.c assumes that global driver pointer is set, so better
make this more consistent.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 22:39:57 +02:00
Jouni Malinen
99c01af9aa P2P: Verify that assoc req IEs are available for group update
Do not call p2p_group_notif_assoc() if the driver did not return
IEs from the association request.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 22:33:32 +02:00
Jouni Malinen
a17539ebcd Remove unnecessary include file inclusion
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 22:13:04 +02:00
Jouni Malinen
6ec64015f5 Use shared SHA-256 define for the block size
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 21:43:31 +02:00
Jouni Malinen
7f6400ed19 Make sha256_process() easier for static analyzers
md->curlen cannot indicate full buffer size here since the buffered
data is processed whenever the full block size of data is available.
Avoid invalid warnings from static analyzers on memcpy() outside the
buffer length by verifying that curlen is smaller than block size.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 21:36:23 +02:00
Jouni Malinen
94a9ebb0b2 TLS: Fix double-free on error path
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 20:57:32 +02:00
Jouni Malinen
9d77a392c7 Use a pre-processor macro to simplify event_to_string()
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 19:06:37 +02:00
Ben Greear
6c3771d7d5 Print human readable driver event names
This makes it easier to understand the event related logs.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2011-11-13 19:01:38 +02:00
Jouni Malinen
aea855d752 Move wpa_scan_results_free() into shared C file
Replace the inline helper function with a new C file that can be used
for common driver API related function.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 18:56:26 +02:00
Jouni Malinen
3724ddc0c1 PEAP: Verify peap_prfplus() result
This function can fail in theory since the SHA-1 functions are
allowed to return an error. While this does not really happen in
practice (we would not get this far if SHA-1 does not work), it is
cleaner to include the error handling here to keep static analyzers
happier. [Bug 421]

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 11:29:17 +02:00
Jouni Malinen
b6c8df695c Remove station functionality from hostap and madwifi driver wrappers
This has been obsoleted by the more generic Linux WEXT (driver_wext.c)
support. The hostap and madwifi driver wrappers can now be used only
with hostapd. The old station interface remains available in releases up
to 1.x.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 11:14:44 +02:00
Jouni Malinen
3962b65858 Remove unmaintained driver wrappers
The driver wrappers broadcom, iphone, osx, and ralink have not been
maintained for a while and it does not look like they will be in the
future either. As such, remove them from the development branch. The
previous versions will be included in older releases up to 1.x.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 10:57:46 +02:00
Jouni Malinen
dbdcfa3979 TLS: Add preliminary support for partial message processing
Reassemble partial TLS records to make the internal TLS client
implementation more convenient for stream sockets.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 10:47:04 +02:00
Jouni Malinen
613522a40a TLS: Fix block cipher padding validation
The padding validation was done on the last padding-length octets in the
buffer which misses the first padding octet (the last octet is the
padding length). Fix the starting offset for the comparison loop to get
the first octet verified. [Bug 420]

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 10:42:06 +02:00
Jouni Malinen
c4a3480826 TLS: Clean up TLS record layer processing
Return number of user input bytes from tlsv1_record_receive() to
move this detail into the proper record layer processing. In addition,
ignore unknown content types at record layer and allow processing to
continue after warning level TLS alerts to provide minimal workaround
for closure alerts.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-05 13:04:02 +02:00
Jouni Malinen
edc95487aa Add random.c into libcrypto.a
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-05 13:02:31 +02:00
Jouni Malinen
ae055af4f7 Move AP events for STA connected/disconnected into one function
Instead of trying to remember to add wpa_msg() calls for every possible
path where a STA becomes authorized or unauthorized, use
ap_sta_set_authorized() to send these events more consistently.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 22:17:41 +02:00
Jouni Malinen
3ec1e9020f Fix some recent wpa_msg() calls in hostapd use correct context
wpa_msg() has to use hapd->msg_ctx instead of hapd as the context
pointer to work properly in wpa_supplicant AP mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 22:04:17 +02:00
Nicolas Cavallari
6caaae1e48 hostapd: Send an event when an inactive station is removed
Currently, there is no events over the control interface
when a AP disconnects a station due to inactivity.  With
this patch, an "AP-STA-DISCONNECTED" event will be sent.

Signed-hostap: Nicolas Cavallari <nicolas.cavallari@lri.fr>
2011-11-03 21:58:22 +02:00
Jouni Malinen
39e7d718f6 ndis: Work around lack of C99 designated initializers in MSVC
Use a driver_ndis.c specific initialization function to fill in the
wpa_driver_ops information to make it easier to modify struct
wpa_driver_ops in the future. Being able to build driver_ndis.c
with MSVC was the only reason for having to maintain the same order
of function pointers in struct wpa_driver_ops and for having to
update driver_ndis.c for all changes in that structure.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 18:45:21 +02:00
Jouni Malinen
d33ce0d5b5 Include time.h to fix Windows builds
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 18:00:57 +02:00
Jouni Malinen
75b51fde2d Update version number to 2.0-devel
hostap.git is now a development branch for 2.0 with 1.x releases
having been forked to hostap-1.git.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 12:19:44 +02:00
Yoni Divinsky
9354e59480 Configure new GTK/IGTK to driver in case of TKIP countermeasures
The GTK is renewed in the hostapd after a MIC attack dissassociation
without informing the driver, causing decryption failures. This patch
sends the new GTK/IGTK to the driver after it is updated by the hostapd.

Signed-off-by: Yoni Divinsky <yoni.divinsky@ti.com>
2011-10-30 22:19:49 +02:00
Olivier Sobrie
6f75536fc9 WPS: Send the credential when learning AP params in registrar role
When the supplicant acts as a registrar to learn the access point
parameters send the credentials to the wpa_cli interface after
receiving the 7th message. This is needed for proper behavior with
wps_cred_processing set to 1 or 2.

Without this patch, after the 7th message you got the WPS-CRED-RECEIVED
notification without the credentials. This was because the cred_attr and
cred_attr_len were not filled in in the wps structure.

Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
2011-10-30 22:10:40 +02:00
Pavel Roskin
9339bd5cd2 random: Improve error messages about writing to entropy file 2011-10-30 21:50:22 +02:00
Gary Morain
577db0aedd Prefer 5 GHz networks over 2.4 GHz networks
In scan.c, merge a channel's noise value into the scan results. When
comparing scan results, compute the signal-to-noise ratio and use it
when available. Prefer a 5 GHz network if its SNR is really big (> 30)
or if its SNR is relatively close to the other network's.
2011-10-30 21:08:21 +02:00
Jouni Malinen
fbc72d32c6 Ignore Michael MIC failure reports if cipher is not TKIP
Some stations have been reported to send EAPOL-Key Error Reports
indicating Michael MIC failures even when the cipher is not TKIP
(e.g., when the network is using only CCMP). Ignore such reports
to avoid starting TKIP countermeasures unnecessarily. This can
prevent certaint types of denial of service attacks by insiders,
but mostly this is to work around invalid station implementations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-10-30 12:53:20 +02:00
Jouni Malinen
ec02780529 Move Michael MIC error report processing into separate function
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-10-30 12:53:20 +02:00
Jouni Malinen
01a1749156 Fix TKIP countermeasures stopping in deinit paths
The eloop timeout to stop TKIP countermeasures has to be canceled
on deinit path to avoid leaving bogus timeouts behind.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-10-30 12:53:20 +02:00
Dan Williams
81c57e221d Add wpa_supplicant_ctrl_req_from_string()
Converts from a string to a control request enum when input
from a control interface is received. Will be used by a
subsequent patch.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-30 12:04:24 +02:00
Dan Williams
9ef1aaae24 Use an enum for EAP SM requests
Control requests will be extended for non-EAP uses later, so it makes
sense to have them be generic. Furthermore, having them defined as an
enum is easier for processing internally, and more generic for control
interfaces that may not use field names. The public ctrl_req_type /
field_name conversion function will be used later by the D-Bus control
interface too.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-30 12:04:24 +02:00
Jouni Malinen
af72d17e72 EAP-TTLS peer: Fix user input during implicit identity request
Special processing is needed to handle EAP user request for
identity or password at the beginning of Phase 2 when the implicit
identity request is used. data->pending_phase2_req needs to be set
to an empty buffer in that case to avoid re-processing the previous
part of TLS negotiation when the user enters the needed information.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-10-30 12:02:20 +02:00
Jouni Malinen
b3af99d202 nl80211: Disable IEEE 802.11b rates only for P2P iftypes
Instead of hardcoding IEEE 802.11b rates to be disabled whenever
P2P support is built in and supported by the driver, do this only
when an interface is set to P2P mode (both when adding a new
interface and when changing the interface mode). This re-enables
use of IEEE 802.11b APs with CONFIG_P2P=y builds.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-10-29 22:46:58 +03:00
Jouni Malinen
97bcd562eb Remove disable_11b_rates() driver_ops
This function was used unconditionally if wpa_supplicant build
includes CONFIG_P2P=y. Adding a separate driver_ops for such use
is not really useful since the driver wrappers can do the same
internally. Remove this driver_ops and move matching functionality
into driver_nl80211.c which was the only driver wrapper using
this driver_ops callback.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-10-29 22:25:28 +03:00
Jouni Malinen
1dea5882be nl80211: Fix re-enabling of 802.11b rates
nl80211_disable_11b_rates() function was supposed to use the 'disabled'
parameter to figure out whether to disable or re-enable 802.11b rates.
In addition, the driver deinit path was now ending up re-disabling the
enabled rates at the end of the deinit operations when the interface
type was forced back to station. Both of these issues are now fixed
and the 2.4 GHz band TX rate index is cleared properly when
wpa_supplicant is stopped.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-10-29 22:12:26 +03:00
Eliad Peller
083590503b nl80211: disable_11b_rates on interface mode change
disable_11b_rates() is called on interface addition,
but not on interface type change, resulting in 11b rates
enabled on p2p interfaces.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-10-29 22:00:07 +03:00
Jouni Malinen
b106173a82 Add no_cck parameter for send_action() driver_ops
This can be used to apply the no-CCK rule conditionally depending on
which frame is being sent. The no-CCK rule applies only for P2P
management frames while SA Query and FT use cases do not have similar
restrictions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-10-29 21:49:46 +03:00
Rajkumar Manoharan
970fa12ea2 nl80211: Add support to disable CCK rate for P2P frames
Add a new attribute to specify whether to use CCK rate or not during
scan and sending management frames. This helps to send P2P probes
at non-CCK rate. This ensures that P2P probe request/response/action
frames are always sent at non-CCK rates.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
2011-10-29 21:23:27 +03:00
Jouni Malinen
451c367d06 Remove unused valid_bss_mask driver_ops 2011-10-29 11:34:29 +03:00
Jouni Malinen
735f652237 Remove unconfigurable cts_protection_type
This was included in the AP configuration parameters, but there has
been no way to set it to anything else than the default automatic
mode. Remove this parameter and just hardcode ERP determination to
follow the automatic mode.
2011-10-29 11:24:53 +03:00
Evan Broder
c48183fca2 For MS-CHAP, convert the password from UTF-8 to UCS-2
The MS-CHAPv1 and MS-CHAPv2 RFCs specify that the password is a string
of "Unicode characters", which for Windows means UCS-2; thus the
password could be any even-length string of up to 512 bytes.

Instead of making the incompatible change of requiring the incoming
password to be UCS-2 encoded, assume the password is UTF-8 encoded and
convert it before using it in NtPasswordHash and
EncryptPwBlockWithPasswordHash.

Signed-off-by: Evan Broder <ebroder@mokafive.com>
2011-10-29 00:23:54 +03:00
Johannes Berg
6604da3cf0 dl_list: Add DEFINE_DL_LIST
This allows statically defining an empty initialised list.
2011-10-28 23:03:13 +03:00
Jithu Jance
3074d8f12d P2P: Notify device expiry via P2P-DEVICE-LOST event
This patch will notify applications listening over control socket about
the device expiry [from p2p peer list].
2011-10-28 22:13:18 +03:00
Jouni Malinen
59d249255c nl80211: Ignore netlink interface down if interface is up
The netlink event processing is delayed since they are only returned
after control returns to eloop. This can result in netlink down events
being processed at a point when the interface has is actually still
there (the first event on new interface is down) and that can result in
odd behavior especially when the resulting interface-disabled event is
delivered to AP mode interface with wpa_supplicant.

Work around this by filtering netlink down events if the matching
interface is up at the time the netlink event is processed. This fixes
an issue brought up by commit 36d84860bb.
2011-10-28 21:08:15 +03:00
Jouni Malinen
d28b43f66f Fix WPA authenticator configuration to not leave uninitialized fields
hostapd_wpa_auth_conf() is called on uninitialized memory and the
conditional blocks in this function may leave some fields into
uninitialized state. This can result in unexpected behavior elsewhere
since some of the variables may be used without matching #ifdef
blocks. Fix this by zeroing the memory.
2011-10-28 12:13:56 +03:00
Jouni Malinen
08f6ab76a5 TDLS: Do not clear peer data too early for teardown
TPK will be needed to be able to generate FTIE MIC for the
teardown message, so maintain peer data for a bit longer in
case the teardown FTIE request comes back from the driver.
2011-10-27 23:15:46 +03:00
Jouni Malinen
c581201493 TDLS: Disable link on various error cases
This is needed to be able to return back to AP path on error cases.
2011-10-27 23:13:54 +03:00
Jouni Malinen
db9af0da70 TDLS: Disable previous link to fix renegotiation 2011-10-27 23:13:14 +03:00
Jouni Malinen
da30c93ab1 TDLS: Fix concurrent initialization test code
Must not use data from peer TDLS Setup Request if the concurrent
initialization from us is supposed to be the one that gets completed.
2011-10-27 23:12:08 +03:00
Jouni Malinen
ca03378b27 TDLS: Fix teardown on renegotiation
Need to disable the link when receiving TDLS Setup Request from a
peer with which a direct link has already been set up.
2011-10-27 23:10:21 +03:00
Jouni Malinen
5c1c940f1d TDLS: Fix long frame test for teardown 2011-10-27 23:09:23 +03:00
Jay Katabathuni
1d21e9dd5a Interworking: Fix Advertisement Protocol element length limit
The Query Response Length Limit is not allowed to be zero when
this is sent by the AP. Use 0x7F to indicate that the limit is
based on maximum number of GAS fragments.
2011-10-25 11:31:21 +03:00
Jithu Jance
c9aab27406 P2P: Append P2P Device Address to AP-STA-CONNECTED event
For P2P, the p2p_connect takes in device address argument to make a
connection. However the connected event AP-STA-CONNECTED comes with
interface address. The application listening on events would find it
difficult to map interface address to the p2p device address which is
provided for connection.

Append P2P Device Address to AP-STA-CONNECTED event for P2P Client
connection. This will help applications to easily map the P2P Interface
Address to P2P Device Address on CONNECTED event. For non-P2P case, it
will just print the usual STA MAC address alone.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2011-10-25 00:13:03 +03:00
Jouni Malinen
acc247b260 P2P: Advertise Persistent Reconnect group capability
The persistent_reconnect configuration parameter was used to decide
whether to accept invitation to re-establish a persistent group.
However, this was not being advertised in the Group Capability bitmap.
Add the Persistent Reconnect bit based on this configuration to GO
Negotiation frames and Beacon/Probe Response frames from the GO.
2011-10-24 17:29:37 +03:00
Arik Nemtsov
ccc12d7841 TDLS: Make use of wpa_tdls_add_peer to avoid code duplication
Use the wpa_tdls_add_peer function to allocate TDLS peer structures.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:20:58 +03:00
Arik Nemtsov
2d565a61f2 TDLS: Support mgmt-frame Tx for ctrl-iface operations
Use capability information to decide whether to perform a given TDLS
operation internally or through mgmt-frame Tx.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:20:43 +03:00
Arik Nemtsov
45b722f150 TDLS: Add peer as a STA during link setup
Before commencing setup, add a new STA entry to the driver representing
the peer. Later during setup, update the STA entry using information
received from the peer.

Extend sta_add() callback for adding/modifying a TDLS peer entry and
connect it to the TDLS state machine. Implement this callback for the
nl80211 driver and send peer information to kernel.

Mark TDLS peer entries with a new flag and translate it to a
corresponding nl80211 flag in the nl80211 driver.

In addition, correct TDLS related documentation in the wpa_driver_ops
structure.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:19:35 +03:00
Arik Nemtsov
979bcccf64 TDLS: Collect peer capabilities and supp-rates during link setup
Record the capabilities and supported rates of the TDLS peer during
link setup. These are given in the IEs passed in Setup Request and
Setup Response frames.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:19:13 +03:00
Arik Nemtsov
8f15f711c5 TDLS: Implement low-ack event for lost TDLS peers
Disable the direct connection when a TDLS peer stops responding
to packets, as indicated by the "LOW ACK" event coming from a driver.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:19:08 +03:00
Arik Nemtsov
7a1486cd31 TDLS: Support sending TDLS discovery requests
Allow sending a TDLS discovery request as a frame through the driver.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:19:05 +03:00
Arik Nemtsov
7de27409a2 TDLS: Support sending a teardown frame from usermode
When a driver does not implement the TDLS_TEARDOWN operation internally,
send an explicit TDLS link teardown frame to the driver.

Change all teardown calls to use these calling semantics.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:18:49 +03:00
Arik Nemtsov
35287637cc TDLS/nl80211: Support receiving TDLS discovery response frames
Register for the TDLS discovery response public action frame in nl80211.
Print out a debug message when a Discovery Resp frame is received and
validated.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:18:35 +03:00
Arik Nemtsov
4d0d6b37f9 TDLS: Process discovery requests and send discovery responses
When a discovery request is received, add the peer to the TDLS peer
cache and send a response containing minimal data. Mandatory IEs in
the discovery response frame will be filled out by the driver.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:18:27 +03:00
Arik Nemtsov
c58ab8f249 TDLS: Get TDLS related capabilities from driver
Put glue code in place to propagate TDLS related driver capabilities to
the TDLS state machine.

If the driver doesn't support capabilities, assume TDLS is supported
internally.

When TDLS is explicitly not supported, disable all user facing TDLS
operations.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:15:15 +03:00
Arik Nemtsov
03ea178603 nl80211: Implement TDLS callback functions and propagate capabilities
Allow passing high-level TDLS commands and TDLS frames to kernel
via new nl80211 commands.

Propagate TDLS related nl80211 capability flags from kernel and add them
as driver capability flags.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:15:05 +03:00
Arik Nemtsov
568526f1ea TDLS: Use a valid dialog-token in a setup request
A zero dialog-token is considered invalid by IEEE Std 802.11z-2010.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:14:42 +03:00
Jouni Malinen
8c66e18511 nl80211: Handle special TDLS direct link key index use
An ugly hack is currently used to indicate keys for TDLS direct link:
key_idx == -1. That needs to be converted to 0 for cfg80211 to accept
the key.
2011-10-23 22:14:05 +03:00
Jouni Malinen
33d8a77a39 Remove incorrect statement about get_hw_feature_data() driver_ops
This function is actually needed for quite a bit more than just
user space MLME implementation. The old comment here has not been
accurate for a long time, so get rid of it.
2011-10-23 20:09:40 +03:00
Jouni Malinen
edc3a7c414 Remove unused driver_ops client MLME functions
These driver_ops functions set_channel, set_ssid, set_bssid,
mlme_add_sta, and mlme_remove_sta were used with the user space
MLME implementation in wpa_supplicant. That was only for testing
purposes and was removed, but these driver_ops were forgotten.
Remove them now to remove confusing driver_ops definitions.
2011-10-23 20:07:57 +03:00
Jouni Malinen
e3b473eb4e Allow driver wrappers to indicate whether HT info is known
This is needed to be able to figure out whether the driver is known
not to support HT.
2011-10-23 17:21:39 +03:00
Jouni Malinen
3803bd331d TLS: Validate RSA ClientKeyExchange length field
Instead of using implicit length based on the received buffer, validate
RSA ClientKeyExchange based on the explicit length field.
2011-10-23 13:04:32 +03:00
Jouni Malinen
46eeedac61 Remove unused variables 2011-10-23 12:42:55 +03:00
Jouni Malinen
2683690d91 Fix hostapd_wpa_auth_send_ether() return value
This was not currently used for anything, but better return the correct
value instead of hardcoded -1.
2011-10-23 12:33:17 +03:00
Jouni Malinen
fe4c43ce95 Remove unused variable from os_gmtime() 2011-10-23 12:22:40 +03:00
Jouni Malinen
bd2df8921b nl80211: Remove some unnecessary ifdef HOSTAPD blocks 2011-10-22 22:51:49 +03:00
Jouni Malinen
17fbb751e1 Remove user space client MLME
This code was used only with driver_test.c to allow MLME operations
in hostapd to be tested without having to use a real radio. There
are no plans on extending this to any other use than testing and
mac80211_hwsim has now obsoled the need for this type of testing.
As such, we can drop this code from wpa_supplicant to clean up the
implementation of unnecessary complexity.
2011-10-22 22:45:38 +03:00
Jouni Malinen
9e0e6902a2 Share a single wpa_scan_results_free() implementation
There is not really a very good location for this anywhere, but the
function is small enough to live as an inline function for now.
2011-10-22 22:09:40 +03:00
Andrii Bordunov
d01b205378 Remove unused variable and function 2011-10-22 21:59:17 +03:00
Ben Greear
f935bd4dc5 Fix typo in comment related to EAPOL
Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-10-22 21:41:09 +03:00
Ben Greear
c81eff1a61 nl80211: Use one global ioctl socket
Saves sockets when using multiple VIFS in a single
wpa_supplicant process.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-10-22 21:39:42 +03:00
Ben Greear
276e2d671c nl80211: Use a global netlink command object
Netlink sockets can be shared among all driver instances, saving
sockets and memory when using multiple interfaces in a single process.
2011-10-22 20:06:32 +03:00
Ben Greear
2a7b66f574 nl80211: Use global nl_cb template
All interfaces can share a single nl_cb template.
2011-10-22 20:06:30 +03:00
Ben Greear
dac12351d8 nl80211: Clean up error path in wpa_driver_nl80211_init
No need to duplicate the deinit code since wpa_driver_nl80211_deinit()
can be used here to clean up after a failure.
2011-10-22 18:28:06 +03:00
Johannes Berg
a92dfde818 nl80211: Abstract handle/cache (de)allocation
This is a cleanup now and makes it easier to add more sockets in the
future.
2011-10-22 16:56:43 +03:00
Johannes Berg
7635bfb071 nl80211: Fix hostapd error path
i802_init() tries to clean up everything manually, call
wpa_driver_nl80211_deinit() instead and also handle the
EAPOL socket properly.
2011-10-22 13:04:47 +03:00
Ben Greear
36d84860bb nl80211: Use global netlink rtm event object
Netlink sockets can be shared among all driver instances, saving lots
of sockets, spurious log messages, memory, and CPU usage when using
multiple interfaces in a single process.
2011-10-22 12:39:05 +03:00
Jouni Malinen
4b24282a17 hostapd: Call global_init/global_deinit driver_ops
Now both wpa_supplicant and hostapd allow the driver wrappers to use the
global context similarly.
2011-10-22 12:22:59 +03:00
Jouni Malinen
9fb0407055 nl80211: Use a wrapper for genlmsg_put
This reduces the code size by a kilobyte or so and makes it easier
to replace the netlink instances to be shared among interfaces.
2011-10-22 11:29:03 +03:00
Dmitry Shmidt
bd43938102 wext: Do not set SSID on disconnect on Android
Some drivers seem to try to associate using the random SSID, so
do not use this hack on Android.
2011-10-21 19:11:07 +03:00
Jouni Malinen
724950836f wext: Clean up the disconnect BSSID/SSID clearing 2011-10-21 19:09:25 +03:00
Dmitry Shmidt
8f5b9aa19a Set ANDROID_LOG_NAME depending on application
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-10-21 18:59:42 +03:00
Jouni Malinen
bdc4c18e0a wext: Remove trailing whitespace 2011-10-21 18:58:01 +03:00
Jouni Malinen
122ba57936 Interworking: Filter Probe Request frames based on HESSID and ANT
Do not reply to Interworking-enabled Probe Request frames if they
request mismatching HESSID or ANT.
2011-10-21 12:43:53 +03:00
Jouni Malinen
538958ae9c Interworking: Add Interworking element to IE parser 2011-10-21 12:43:24 +03:00
Jouni Malinen
16991cffd6 Interworking: Include Access Network Type in set_ap() driver_ops
This may be needed for drivers that process Probe Request frames
internally.
2011-10-21 12:12:36 +03:00
Johannes Berg
e8b5e24e04 nl80211: Clean up capability querying
There's no need to store everything once and then copy it. Just fill the
capa struct directly in the function that parses the info from nl80211.
2011-10-20 21:57:32 +03:00
Johannes Berg
9b90955ec7 AP: Pass only bssid/addr/wds to EVENT_RX_FROM_UNKNOWN 2011-10-20 21:51:32 +03:00
Johannes Berg
9236ba4cb5 Move get_hdr_bssid() to make it easier to share for other uses 2011-10-20 21:50:23 +03:00
Jouni Malinen
6e8183d714 nl80211: Stop more quickly on initialization errors
Stop on fatal errors like an attempt to use a non-existing interface or
not have root privileges to avoid producing confusing error messages.
2011-10-20 21:36:36 +03:00
Johannes Berg
40442f5b48 nl80211: Compat code for genl_ctrl_alloc_cache
It's really a waste of bits to duplicate the code for
genl_ctrl_alloc_cache() again and again -- just add a
wrapper like in iw.
2011-10-20 21:08:26 +03:00
Johannes Berg
bcf24348ed AP: Do station poll in driver wrapper
This offloads the station polling to driver wrappers, which may offload
it again to the driver. The hostap driver wrapper uses "real" data
frames while nl80211 uses null data frames.

Also add a specific event to indicate that a poll was successful for
future use with the nl80211 driver.
2011-10-20 21:03:08 +03:00
Jouni Malinen
180cdf45a4 wext: Increase scan timeout from 5 to 10 seconds
Some dualband cards can use more than five seconds to run through
a full scan, so increase the timeout to avoid hitting the missing
scan completed event workaround.
2011-10-18 23:04:36 +03:00
Jouni Malinen
54e9c5fc69 EAP: Clear ClientTimeout back to default value in INITIALIZE
This fixes an issue where WPS run leaves a small ClientTimeout
value (2) configured and the next EAPOL authentication is started
with that small value even for Identity exchange. This can cause
problems when an EAPOL packet gets dropped immediately after
association and a retry of that packet is needed (which may take
more than two seconds).
2011-10-18 18:44:35 +03:00
Dmitry Shmidt
ed3eecd786 Android: Add wpa_ctrl_cleanup()
This function can be used to clean up local UNIX domain socket files
that may be left over from clients that were previously connected to
wpa_supplicant. At least for now, this is only available for Android
builds.
2011-10-18 17:27:53 +03:00
Jouni Malinen
ea08bfe384 netlink: Do not use void pointer for pointer arithmetic
This is a non-standard extension in gcc, so better not depend on it.
2011-10-18 17:00:08 +03:00
Jouni Malinen
39b97072b2 Add support for Time Advertisement
This adds preliminary support for IEEE 802.11v Time Advertisement
mechanism with UTC TSF offset.
2011-10-18 00:24:16 +03:00
Jouni Malinen
96b2cb226a Add os_gmtime() as wrapper for gmtime() 2011-10-18 00:23:42 +03:00
Jouni Malinen
4b2a77aba2 Interworking: Add support for configuring Roaming Consortium List 2011-10-17 23:55:50 +03:00
Jouni Malinen
c7c178e15e Interworking: Add Advertisement Protocol element
For now, assume that ANQP will always be enabled with Interworking.
This may be made separately configurable in the future.
2011-10-17 23:19:52 +03:00
Jouni Malinen
3c11382b6c Remove set_intra_bss() driver_ops
This has been replaced by the isolate parameter available through
set_ap() calls.
2011-10-17 23:04:27 +03:00
Jouni Malinen
ecff342716 atheros: Add a placeholder function for set_ap() driver_ops 2011-10-17 21:36:28 +03:00
Jouni Malinen
8a33a63f58 Add Interworking configuration in set_ap() driver_ops
Drivers that implement SME/MLME may find it easier to use separated
information to configure Interworking related parameters.
2011-10-17 21:35:41 +03:00
Jouni Malinen
a194b06c81 Add Ext Capab and Interworking elements to extra IEs
These need to be provided to drivers that implement SME/MLME.
2011-10-17 21:30:44 +03:00
Jouni Malinen
06c4d2472f Move Ext Capab and Interworking element construction into shared file
These needs to be available for drivers that implement SME/MLME.
2011-10-17 21:03:52 +03:00
Jouni Malinen
c2ff13c533 Clean up AP mode extra IE construction
Make it easier to add more IEs into the buffers.
2011-10-17 20:55:06 +03:00
Jouni Malinen
6c0575c322 Remove unused function argument 2011-10-17 20:10:07 +03:00
Jouni Malinen
31357268e5 Move AP BSS configuration parameters into set_ap()
Remove the separate driver_ops functions set_cts_protect(),
set_preamble(), set_short_slot_time(), and set_ht_params(). These
belong into same set of operations as set_ap(), so there is no need
to maintain separate functions that just make the driver wrapper
more complex.

Since these have only been used with driver_nl80211.c, the driver_ops
can be removed immediately instead of maintaining backwards
compatibility period with the old functions.
2011-10-17 19:31:33 +03:00
Jouni Malinen
fd13a54180 Deprecate set_intra_bss() driver_ops
The AP client isolation parameter is now available through set_ap().
driver_nl80211.c was the only driver wrapper using the set_intra_bss()
call in hostap.git, but some external trees may have used this. Once
those are cleared, the set_infra_bss() driver_ops can be removed
completely. The only remaining use case for it currently is in P2P
GO mode with wpa_supplicant.
2011-10-17 18:58:46 +03:00
Jouni Malinen
5ce0f8b31b Remove unused P2P device discovery hack from Beacon configuration
AP mode operations were used for P2P device discovery Listen state
only during early experiments. This has now been cleaned up and
ieee802_11_set_beacon() is not called for P2P device discovery.
As such, this hack to skip Beacon configuration can be removed.
2011-10-17 18:39:31 +03:00
Jouni Malinen
062390efd4 Start deprecating various AP mode driver_ops
The preferred way of configuring AP mode will be to use set_ap() instead
of number of separate operations hostapd has collected over the years.
2011-10-17 18:35:25 +03:00
Jouni Malinen
9e85b1ed49 atheros: Add debug hexdumps for IE configuration 2011-10-17 17:56:59 +03:00
Mahesh Palivela
d4370eac2e Move SA Query mechanism into a file that can be shared more easily
This is the first step in allowing SA Query mechanism in hostapd to be
used with drivers that implement authentication and association MLME/SME
(i.e., do not use ieee802_11.c).
2011-10-17 17:33:17 +03:00
Jouni Malinen
73c41a8fab Interworking: Parse NAI Realms and match against home realm 2011-10-16 23:55:34 +03:00
Jouni Malinen
b02fe7ff32 Interworking: Add commands for network selection
This adds the basic mechanism for running through network selection:
scan, ANQP fetch, network selection, and connection. Actual rules for
network selection and the creation of the network block are still
missing, but will be added in separate commits.
2011-10-16 23:55:34 +03:00
Jouni Malinen
69fbdfe48d GAS: Export gas_build_initial_resp()
This is needed for some GAS error response messages where the ANQP
Advertisement Protocol element is not used.
2011-10-16 23:55:34 +03:00
Jouni Malinen
696be77eee Define new IEEE 802.11u status codes 2011-10-16 23:55:34 +03:00
Jouni Malinen
71269b3708 WNM: Add BSS Transition Management Request for ESS Disassoc Imminent
"hostapd_cli ess_disassoc (STA addr) (URL)" can now be used to send
an ESS Dissassociation Imminent notification to the STA. This event
is shown in wpa_supplicant ctrl_iface monitors (e.g., wpa_cli):
"WNM: ESS Disassociation Imminent - session_info_url=http://example.com/session/"
2011-10-16 23:55:34 +03:00
Jouni Malinen
4fe9fa0d29 nl80211: Register GAS frames for Interworking
The GAS frames are used both with P2P and Interworking, so register
them if CONFIG_INTERWORKING is used without CONFIG_P2P.
2011-10-16 23:55:34 +03:00
Jouni Malinen
46ee0427b1 IEEE 802.11u: Allow Interworking and HESSID to be configured
The new wpa_supplicant.conf file global parameters interworking and
hessid can be used to configure wpa_supplicant to include
Interworking element in Probe Request frames.
2011-10-16 23:55:34 +03:00
Jouni Malinen
b83e3e93c8 IEEE 802.11u: Add configuration and advertisement for Interworking 2011-10-16 23:55:34 +03:00
Jouni Malinen
08a74e6a61 Use a common error handler in hostapd_notif_assoc() 2011-10-16 17:57:27 +03:00
Jouni Malinen
2bb20281cb Clean up IE processing in hostapd_notif_assoc() 2011-10-16 17:49:02 +03:00
Jouni Malinen
fa15d405c7 WPS: Fix WPS IE processing
Commit 17f6b90056 moved the concatenation
of WPS IEs, but did not include the validation that the IE buffer is not
NULL. In addition, the concatenation needs to be done based on the full
IE buffer instead of the parsed pointer that includes only a single
WPS IE.
2011-10-16 17:10:48 +03:00
Jouni Malinen
1472d32f72 Remove unused function argument 2011-10-16 14:00:30 +03:00
Jouni Malinen
619e6726ba base64: Stop decoding at the first sequence of pad characters
The base64 encoded data cannot included pad characters in the middle, so
we can stop the loop at the first sequence of pad characters. If the
sequence includes more than two pad characters, the encoding is invalid
and we can indicate failure.
2011-10-16 12:36:21 +03:00
Jouni Malinen
c3b75919fa Fix double free with CONFIG_WPS_STRICT=y
Commit 17f6b90056 extended the use of
the concatenated WPS IE outside the CONFIG_WPS_STRICT block, but
forgot to remove the old wpabuf_free(wps) call.
2011-10-16 12:11:00 +03:00
Luciano Coelho
bd525934e5 nl80211: Add support for sched_scan filtering
Use the SSID filter list passed in the scheduled scan request down to
the kernel driver, so it can use the list to return only the wanted
SSIDs. Some kernel drivers can use this information to offload the
SSID filter to the hardware, helping with reducing the power
consumption.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:14 +03:00
Luciano Coelho
b59e6f267b Add filter support to scheduled scans
Pass SSIDs to be matched in scheduled scan results. Only the SSIDs
that are included in the match lists will be reported by the driver,
so the filtering can be offloaded to the hardware and the power
consumption can be reduced.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:14 +03:00
Luciano Coelho
35b741fdf7 Increase maximum number of SSIDs per scan
With scheduled scan support, we may need to pass more than 10 SSIDs in
a single scan request. Some drivers (e.g., wl12xx) support up to 16
SSIDs at once.

Change WPAS_MAX_SCAN_SSIDS from 10 to 16.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Luciano Coelho
d21c63b925 nl80211: Add scheduled scan support
This commit adds scheduled scan support in the nl80211 driver.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Luciano Coelho
cbdf3507e9 Add scheduled scan driver operations
In new Linux kernel versions (>=3.0), nl80211 adds scheduled scan
capability. In order to use this feature to its full extent, we need
to support it in the wpa_supplicant core, so that it can also be used
by other drivers.

This commit adds initial scheduled scan support operations and events.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Jouni Malinen
1e1a0a4dc9 edit: Fix history prev/next selection
Commit 19ec1f262e tried to fix some
cases for history prev selection, but it broke others. Fix this
properly by using a separate entry for the current edit line that
is not yet in history buffer.
2011-10-15 14:03:35 +03:00
Jouni Malinen
44dc872ee5 nl80211: Add debug print for channel changes 2011-10-15 13:29:56 +03:00
Jouni Malinen
dcd1eb5be5 Fix some forgotten comments in set_beacon to set_ap change 2011-10-15 13:15:24 +03:00
Jithu Jance
6758b1677a nl80211: Use shorter monitor interface name for P2P GO
Currently the P2P Interface name[p2p-%s-%d] is reset when the P2P
Interface name reaches the "IFNAMSIZ" limit. Monitor interface name is
derived from p2p interface name with the addition of few characters
[mon.p2p-%s-%d] and hence Monitor interface name hits IFNAMSIZ limit
before P2P Interface name. Rename the monitor interface name to
mon-%s-%d to reduce the length to same with p2p-%s-%d.
2011-10-15 13:07:30 +03:00
Yogesh Ashok Powar
8666585b9e Disconnect STA when it fails to get added in kernel driver/firmware
Data path for stations that get successfully associated to the
hostapd but fail to get added in the driver/firmware, will not
work. In such cases, hostapd should deauth and disconnect such
stations. In such scenario, hostapd should disconnect the STAs.

Sample output with following patch
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: authenticated
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: associated (aid 1)
wlan0: AP-STA-CONNECTED 0c:74:c2:9a:4c:59
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: Could not add STA to kernel driver
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: deauthenticated due to local deauth request

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
2011-10-15 12:41:28 +03:00
B. J
5dd80dd661 Fix NT-hash password use with integrated authentication server
The password_hash parameter was not copied in case of the integrated
authentication server (but was for RADIUS server). This broke EAP
authentication when the user entry used NT-hash.
2011-10-15 12:13:27 +03:00
Janusz Dziedzic
f1afcb391e P2P: Fix wpabuf reuse on p2p_group_notif_noa()
This currently unused function would have triggered wpabuf overflows
due to incorrect variable being reset to zero in the case the old
NoA wpabuf was large enough for the new data.
2011-10-13 01:06:11 +03:00
Jouni Malinen
fd8e4fda50 EAPOL auth: Disconnect after IEEE 802.1X failure
The EAPOL authenticator was previously forcing disconnection in the WPS
use case. However, this can be benefitial operation with any IEEE 802.1X
authentication mechanism and need not be limited to WPS. This helps some
use cases like EAP-FAST where provisioning may require two
authentication runs if the authentication server does not allow the PAC
provisioning step to be used for normal data connection. While the
station would be free to decide to re-associate in such a case, not all
stations do and as such, it helps if the AP does that instead of leaving
the association up with EAPOL state machine in HELD state for 60
seconds.
2011-10-12 20:07:16 +03:00
Jouni Malinen
88dc899a1b EAP-FAST: Allow unprotected EAP-Failure in provisioning case
While EAP-FAST uses protected success notification, RFC 5422, Section
3.5 points out a possibility of EAP-Failure being sent out even after
protected success notification in case of provisioning. Change the
EAP-FAST peer implementation to accept that exception to the protected
success notification. This allows the station to re-connect more quickly
to complete EAP-FAST connection in the case the server rejects the
initial attempt by only allowing it to use to provision a new PAC.
2011-10-12 20:05:02 +03:00
Jouni Malinen
4458d91554 P2P: Do not change SSID during GO negotiation
If GO Negotiation Request (or in theory, also GO Negotiation Response)
frame is delivered multiple time for processing, the SSID of the group
could end up getting changed. This could result in possible issues if
the peer ended up using different SSID. To avoid this, make sure the
SSID does not get changed unless the negotiation is for a new group.
2011-10-11 18:29:31 +03:00
Jouni Malinen
c3fea27274 Clear OKC-based PMKSA caching entries if PMK is changed
Whenever PMK gets changed (e.g., due to re-authentication), all PMKSA
caching entries that were created using the previous PMK needs to be
replaced. Previously, only the entry for the current AP was cleared.
Flush the other entries based on network_ctx matches to get rid of the
OKC entries. These entries can then be re-creating using OKC with the
new PMK.
2011-10-02 19:36:37 +03:00
Jouni Malinen
15e2c77d03 Sync with wireless-testing.git linux/nl80211.h 2011-10-02 13:16:42 +03:00
Johannes Berg
1473f95e98 AP: Use QoS nullfunc for connection poll
When polling a station that has been inactive for a while, hostapd currently
always uses a null data frame. This is a bit strange with uAPSD clients
(though it seems to mostly work) since the EOSP bit can never be set in a
non-QoS frame. Make hostapd use QoS null data frames for probing when the
station is a QoS STA.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-10-01 21:04:11 +03:00
Marek Kwaczynski
ed908a55da P2P: Refresh peer entries on Probe Request RX
Do not expire P2P peer entries if Probe Request frames are received from
them.
2011-10-01 20:40:14 +03:00
Zhi Chen
56aa082a1d WPS: Send AP Settings as a wrapped Credential attribute to ctrl_iface
Wrap self-generated WPS credential for new AP settings and send that to
control interface to provide the needed information in
WPS-NEW-AP-SETTINGS for external processing.
2011-09-30 22:26:37 +03:00
Shan Palanisamy
a52eba0f44 FT: Add driver wrappers for FT with driver-based MLME/SME 2011-09-30 00:05:29 +03:00
Jouni Malinen
0c840c33f7 Move GAS/ANQP build routines to a separate file from P2P
GAS/ANQP is a generic protocol and in no way specific to P2P, so move
routines used to build GAS/ANQP frames to a separate file that can be
shared for other uses than just P2P service discovery.
2011-09-29 22:18:46 +03:00
Jouni Malinen
206e1f422f P2P: Provide mechanism for figuring out p2p_scan_ie() buffer need
The new function, p2p_scan_ie_buf_len(), can be used to figure out
how large a buffer needs to be allocated for p2p_scan_ie() use. This
makes it easier to add new data into the buffer without forcing all
callers to be updated to use a larger buffer.
2011-09-29 22:18:23 +03:00
Jouni Malinen
fc6997b345 P2P: Fix group formation after previous commit
p2p_in_progress() have to ignore P2P_PROVISIONING state to allow
station mode (which includes P2P client) scan to work.
2011-09-29 21:48:07 +03:00
Jouni Malinen
303f60d39b P2P: Do not request station mode scans during P2P operations
The P2P search mechanism depends on the same scan functionality that
is used for station mode scans. If these operations are being used
at the same time, scan result processing is not handled properly.
Avoid unexpected behavior by delaying station mode scan requests
if a P2P operation is in progress.

Among other things, this allows the station mode connection attempt
to be continued after a P2P find or group formation has been completed
if the interface is available (i.e., when the P2P group uses a
separate virtual interface).
2011-09-29 16:53:55 +03:00
Jouni Malinen
0c96fd6d03 P2P: Do not leave P2P scan handler registered if scan fails
If the initial attempt to start a scan for p2p_find fails, an error
is reported. However, the P2P scan handler and search state was
left behind. That can result in unexpected behavior when the next
non-P2P scan results are indicated. Avoid this by clearing the
P2P search state on failure.
2011-09-29 16:52:23 +03:00
Vivek Natarajan
004ba773ce nl80211: Add driver flag for firmware-based BSS selection
This new flag can be used to change wpa_supplicant behavior in the
default ap_scan=1 mode to move BSS selection into the driver (likely
firmware). This commit is only adding the flag; separate commits
will be used to change the actual connection/roaming behavior.
2011-09-26 14:26:55 +03:00
Jouni Malinen
daa30c23aa Rename and fix ANQP definitions to match IEEE Std 802.11u-2011 2011-09-26 11:51:58 +03:00
Mathieu Olivari
8a8c1c0ea5 atheros: Allow flattened driver include file directories
Remove the full driver path to the driver header file to make it
easier to use common include directory for all driver headers.
2011-09-26 11:49:22 +03:00
Jouni Malinen
fd2f2d0489 Remove EAP-TTLSv1 and TLS/IA
These protocols seem to be abandoned: latest IETF drafts have expired
years ago and it does not seem likely that EAP-TTLSv1 would be
deployed. The implementation in hostapd/wpa_supplicant was not complete
and not fully tested. In addition, the TLS/IA functionality was only
available when GnuTLS was used. Since GnuTLS removed this functionality
in 3.0.0, there is no available TLS/IA implementation in the latest
version of any supported TLS library.

Remove the EAP-TTLSv1 and TLS/IA implementation to clean up unwanted
complexity from hostapd and wpa_supplicant. In addition, this removes
any potential use of the GnuTLS extra library.
2011-09-25 21:28:32 +03:00
Jouni Malinen
e655e1f512 GnuTLS: Fix build bit various GnuTLS versions
This fixes some build issues in GnuTLS wrapper to be compatible with
at least following GnuTLS versions: 2.2.5, 2.4.3, 2.6.6, 2.8.6,
2.10.5, 2.12.11, 3.0.3.
2011-09-25 19:32:28 +03:00
Jouni Malinen
5c47af9a7a TLS: Add support for TLS v1.1 (RFC 4346) with internal TLS
This is disabled by defautl and can be enabled with CONFIG_TLSV11=y
build configuration parameter.
2011-09-25 17:24:46 +03:00
Jouni Malinen
3bff59f857 TLS: Do not enforce in-place processing in tlsv1_record_send()
In preparation for record layer format changes, modify
tlsv1_record_send() to use separate buffers for payload
and the output message.
2011-09-25 17:11:52 +03:00
Jouni Malinen
85b7187ffc TLS: Add protection against record layer CBC attacks
Instead of using separate bad_record_mac and decryption_failed alerts,
use only bad_record_mac alert regardless of how the CBC decryption
failed. This provides less information to attackers that could modify
packets. In addition, instead of returning immediately on error, run
through the MAC check to make timing attacks more difficult.
2011-09-25 16:57:35 +03:00
Jouni Malinen
26296a8a7c TLS: Avoid unnecessary copying of encrypted data at record layer
When the received data will be decrypted, there is no need to first
copy it and then handle decryption in-place when decryption step can
take care of both operations.
2011-09-25 16:52:46 +03:00
Jouni Malinen
61f1ed911d TLS: Fix record layer protocol version validation
TLS v1.0 and v1.1 RFCs were not exactly clear on the use of the
protocol version in record later. As such, accept any {03,xx} value
to remain compatible with existing implementations and new protocol
versions.
2011-09-25 16:48:06 +03:00
Jouni Malinen
54b8f99454 P2P: Fix a race condition in some P2P command sequencies
The p2p->drv_in_listen variable is used to track Listen state operations
in the driver. This is cleared when the driver reports that the Listen
state has ended (p2p_listen_end() gets called). However, it is possible
that the driver does not indicate that if the Listen state is canceled.
This can apparently happen in some cases where p2p_connect command is
issues while the Listen state is in progress.

Work around this issue by clearing p2p->drv_in_listen when Listen state
is stopped as part of p2p_stop operation. This allows the P2P module to
process CONNECT_LISTEN timeout in p2p_timeout_connect_listen() to move
to CONNECT state, e.g., when starting GO Negotiation after Device
Discoverability mechanism.
2011-09-22 22:49:21 +03:00
Subrat Dash
6a5200e699 atheros: Fix WEXT SIOCGIWESSID use with WE-21 and newer
The "too long" buffer (32+1 octets) prevented AP from starting up with
32 octet SSID with WE-21 and newer. Fix this by reducing the
SIOCGIWESSID buffer length.
2011-09-22 15:42:03 +03:00
Pavel Roskin
ffbf1eaa26 Fix typos found by codespell
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-09-22 00:43:59 +03:00
Pavel Roskin
a776b19cda wext: Remove write-only variable ap_num
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-09-22 00:41:17 +03:00
Jouni Malinen
c36d52427a nl80211: Support PMKSA candidate events
This adds support for RSN pre-authentication with nl80211 interface and
drivers that handle roaming internally (i.e., wpa_supplicant is not
responsible for requesting scan results that provide the needed
information without these events).
2011-09-21 16:14:41 +03:00
Jouni Malinen
c8c71b395c Sync with wireless-testing.git linux/nl80211.h 2011-09-21 16:14:00 +03:00
Jouni Malinen
20f5a4c24c nl80211: Work around EALREADY from connect command
cfg80211 does not currently allow NL80211_CMD_CONNECT when there
is already an association. This can result in wpa_supplicant being
unable to request a connection if the interface is already in
connected state. Work around this by requesting disconnection if
the connect command fails with EALREADY error. This allows
wpa_supplicant to recover from the unexpected state and complete
the connect request on next attempt.
2011-09-18 21:26:55 +03:00
Jouni Malinen
1b414f59fc eapol_test: Add option for writing server certificate chain to a file
eapol_test command line argument -o<file> can now be used to request
the received server certificate chain to be written to the specified
file. The certificates will be written in PEM format. [Bug 391]
2011-09-17 22:42:54 +03:00
Jouni Malinen
8a55f56453 RSN: Add a debug message when considing addition of OKC entry 2011-09-16 18:45:15 +03:00
Jouni Malinen
a8b8379adf Sync with wireless-testing.git linux/nl80211.h 2011-09-16 17:13:08 +03:00
Jouni Malinen
633d4469e8 Fix AP build without CONFIG_WPS=y
Make the WPS processing of (Re)Association Request frame IEs conditional
on WPS support. This fixes a build issue with wps_is_20() not being
defined and makes the non-WPS build a bit smaller.
2011-09-12 22:23:45 +03:00
Jouni Malinen
531e420dd7 Remove time.h include from utils/includes.h
os_*() wrappers should be used instead of functions from time.h.
Removing the header from includes.h enforces this. os_unix.c can
include this its uses are valid wrapper calls. wps_upnp.c uses
gmtime() for which there is no os_*() wrapper available yet, so
allow it to use time.h, too. Similarly, allow dump_state.c to
use time.h for ctime().
2011-09-12 22:19:26 +03:00
Per Ekman
3d9e2e6615 Remove references to time_t/time()
Use os_time() in AP mode instead of direct time() calls.
2011-09-12 22:14:30 +03:00
Johannes Berg
531f0331a1 nl80211: Cancel not yet started r-o-c
Currently, the following can happen:

1) P2P state machine requests R-O-C
2) user changes their mind and aborts
3) P2P state machine aborts R-O-C
4) driver_nl80211 rejects abort since there
   was no notification about the start yet
5) R-O-C period start notification from kernel
6) P2P state machine requests new R-O-C
7) this overlaps with old R-O-C -- iwlwifi driver
   can't handle that and returns -EBUSY
8) state machine stops dead in its tracks

The reason is that the abort isn't going through properly. Instead of
tracking whether a R-O-C is active in driver_nl80211, track whether one
was requested to avoid this scenario.

Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-09-10 22:57:41 +03:00
Rajkumar Manoharan
47185fc788 P2P: Remove CCK supported rates when running P2P scan
This allows drivers to disable CCK rates from Probe Request frames.
For nl80211, this is currently applying only to the supported rates
element(s), but this mechanism could be extended to address TX rate
control masking, too, to lessen need for global rate disabling.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
2011-09-10 22:40:30 +03:00
Johannes Berg
7626850dd6 nl80211: Automatically use concurrent P2P if possible
Since the kernel can now advertise P2P concurrent support by advertising
interface combinations, we can take advantage of that and automatically
use P2P_CONCURRENT / P2P_MGMT_AND_NON_P2P for drivers that advertise
support.

Keep driver_param=use_p2p_group_interface=1 for anyone not advertising
interface combinations in their drivers yet.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-09-10 21:52:21 +03:00
Jouni Malinen
25e5d5bc08 P2P: Allow advertisement config methods to be limited
The default config methods was hardcoded to claim support for
PushButton, Display, and Keypad. While these are supported by
most P2P devices, there may be some cases where it is convenient
to be able to disable a specific config method. Use config_methods
configuration parameter to set the default values for Config Methods
in the P2P Device Info attribute.
2011-09-08 16:48:06 +03:00
Jouni Malinen
07fecd3915 P2P: Remove Label config method
The P2P specification (3.1.4.3) disallows use of the Label configuration
method between two P2P devices. This was previously enforced at upper
level, but the obsolete code can be removed from wpa_supplicant. This
adds a bit more strict enforcement of the policy, but should not result
in practical differences since no known P2P implementation uses Label
config method.
2011-09-08 16:40:03 +03:00
Jouni Malinen
d8a790b922 Flush PMKSA cache entries and invalidate EAP state on network changes
If a network configuration block is removed or modified, flush
all PMKSA cache entries that were created using that network
configuration. Similarly, invalidate EAP state (fast re-auth).

The special case for OKC on wpa_supplicant reconfiguration
(network_ctx pointer change) is now addressed as part of the
PMKSA cache flushing, so it does not need a separate mechanism
for clearing the network_ctx values in the PMKSA cache.
2011-09-07 17:46:00 +03:00
Jouni Malinen
734baae0af Clear driver PMKSA cache entry on PMKSA cache expiration
If the driver maintains its own copy of the PMKSA cache, we need to
clear an entry from the driver whenever wpa_supplicant is dropping
an old PMKSA cache entry.
2011-09-07 16:31:09 +03:00
Jouni Malinen
cc28ad8cdf Fix Deauth/Disassoc callback handling with test frames
The Deauth/Disassoc TX status callbacks were ending up kicking the
station entry from kernel driver when test functionality was used to
inject Deauth/Disassoc frames from the AP with the purpose of leaving
the local association in place. Fix this by using STA flags to figure
out whether there was a pending callback for the frame that we need
to act on.

In addition, add forgotten functionality for the Disassoc TX status
callback to match the behavior with Deauth.
2011-09-06 21:03:02 +03:00
Jouni Malinen
64fa840a97 nl80211: Fix WPA_VERSIONS attribute for Connect command
The previous code was trying to figure out which WPA version is
used based on the extra IEs requested for Association Request. That
did not work properly in cases where non-WPA networks are used with
some extra IEs. Fix this by using more robust mechanism for passing
the WPA versions from core wpa_supplicant to the driver_ops
associate().
2011-09-02 20:40:23 +03:00
Jouni Malinen
83180479f0 Android: Modify wireless_copy.h to fix Android build 2011-09-02 16:50:43 +03:00
Bharat Chakravarty
a9355fac5f WPS: Set Probe Request config methods based on configuration
Instead of hardcoding the Config Methods attribute value in Probe
Request frames, set this based on the configured parameter
config_methods to allow correct set of methods to be advertised.
2011-09-01 15:24:45 +03:00
Jouni Malinen
ae9c400358 WPS ER: Fix UPnP XML Device Description parser to find correct device
The device description file may include multiple devices. Improve the
simplistic parser by first trying to find the WFADevice:1 device before
fetching the device parameters. While this is still far from complete
XML parsing, this should address the most common root device
specifications.
2011-08-31 13:56:03 +03:00
Jouni Malinen
86957e6298 nl80211: Support AP mode probe/action frame TX/RX without monitor iface
This allows non-mac80211 drivers to report received Probe Request
frames to user space and Probe Response and Action frames to be sent
from user space when using AP/P2P GO mode.
2011-08-29 14:26:55 +03:00
Jouni Malinen
4dc03726de Delay STA entry removal until Deauth/Disassoc TX status in AP mode
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. The STA
entry (and PTK) will be removed from the kernel only after the
Deauth/Disassoc has been transmitted (e.g., when the STA wakes up).
A hardcoded two second timeout is used to limit the length of this
window should the driver fail to deliver the frame (e.g., the STA
is out of range and does not wake up). The kernel STA entry is
marked unauthorized during the wait to avoid accepting Data
frames from the STA that we have decided to disconnect.

This behavior is available only with drivers that provide TX status
events for Deauth/Disassoc frames (nl80211 at this point). Other
drivers continue to use the previous behavior where the STA entry
is removed immediately.
2011-08-28 23:07:02 +03:00
Jouni Malinen
49a191a142 EAP: Add "expanded" EAP type to get_name functions 2011-08-28 19:23:16 +03:00
Jouni Malinen
17f6b90056 WPS: Wait for EAPOL-Start unless WPS 2.0 station as workaround
Extend the code that waits for the station to send EAPOL-Start before
initiating EAPOL authenticator operations to cover the case where the
station includes WPS IE in (Re)Association Request frame if that IE
does not include support for WPS 2.0. While this should not really
be needed, this may help with some deployed WPS 1.0 stations that do
not support EAPOL operations correctly and may get confused of the
EAP-Request/Identity packets that would show up twice if EAPOL-Start
is transmitted.
2011-08-28 19:16:59 +03:00
Jouni Malinen
fb91db5639 Provide extra IEs for AP mode management frames with set_ap
Drivers that build Beacon, Probe Response, and (Re)Association
Response frames can use this information to and WPS and P2P IE
when needed.
2011-08-26 21:14:25 +03:00
Jouni Malinen
97a7a0b504 Add support for setting SSID hiding mode through set_ap() 2011-08-26 21:12:47 +03:00
Jouni Malinen
b11d1d6439 Add crypto parameters to set_ap() command separately
This helps drivers that build the Beacon and Probe Response frames
internally.
2011-08-26 21:11:42 +03:00
Jouni Malinen
d8cc23a438 Sync with include/linux/nl80211.h in wireless-testing.git 2011-08-26 21:09:08 +03:00
Jouni Malinen
9ca47fff8c WPS: Drop responses from ER to a STA that is not in WPS protocol
If an ER tries to send a message to a STA that is not in the middle
of WPS protocol, do not try to deliver that. This can help with issues
where an ER takes long time to reply to M1 and another Registrar has
already completed negotiation.
2011-08-12 11:58:32 +03:00
Jouni Malinen
de6e463f57 Make sure that EAP callbacks are not done if state machine has been removed
It is possible to get a response for a pending EAP callback after the
EAP state machine has already completed its work or has timed out. For
those cases, make sure that the callback function is not delivered since
it could result in NULL pointer dereferences.
2011-08-12 11:56:44 +03:00
Jouni Malinen
167dc97501 WPS: Fix M2/M2D Config Methods to include PushButton even if PBC not in use
The Config Methods attribute in M2 and M2D messages is supposed to
indicate which configuration methods are supported by the Registrar. As
such, it should not depend on whether PBC mode is currently active or
not. That will only affect the Selected Registrar Config Methods and
Device Password ID attributes.
2011-08-11 17:03:57 +03:00
Jouni Malinen
59639fa112 WPS: Fix default virt/phy pushbutton config method setting
Instead of always adding PHY PushButton config method, only add this
if neither virtual nor physical push button is advertised.
2011-08-11 16:51:40 +03:00
Jouni Malinen
ccb941e6da Add SSID as a separate item in AP mode Beacon setup
This makes it easier for drivers that need the SSID to get it from the
Beacon setup operation without having to parse the Beacon IEs.
2011-08-10 13:29:32 +03:00
Jouni Malinen
19c3b56685 Replace set_beacon() driver op with set_ap()
This change is a first step in better supporting different driver
architectures for AP mode operations with nl80211. This commit in
itself does not add new functionality, but it makes it easier to add
new AP mode parameters to address needs of drivers that have more of
the MLME/SME in firmware or kernel.
2011-08-10 13:22:37 +03:00
Jouni Malinen
5fb1a23252 nl80211: Fix hostapd build 2011-08-09 23:32:26 +03:00
Jouni Malinen
bdffdc5ddb AP: Reorder WPA/Beacon initialization
Split WPA initialization into two parts so that the Beacon frames can be
configured fully before the initial keys (GTK/IGTK) are configured. This
makes it easier for drivers that depend on the AP security mode being
fully set before the keys are configured.
2011-08-09 14:56:16 +03:00
Jouni Malinen
bc45d4279f WPS: Do not update Beacon IEs before initial IE set
This avoids a request to the driver to first start beaconing before
the WPA/RSN IE has been generated and then immediately changing the
beacon IEs once the WPA/RSN IE is ready.
2011-08-09 14:40:06 +03:00
Jouni Malinen
f10bfc9adb nl80211: Add l2_packet for AP mode EAPOL TX without monitor iface
This can be used with drivers that do not support monitor interface
when transmitting EAPOL frames in AP mode.
2011-08-09 14:04:53 +03:00
Jouni Malinen
9db931ed6d nl80211: Do not include NL80211_ATTR_DURATION in TX frame if zero
When offloading of the offchannel TX wait is not used, it is better to
not include NL80211_ATTR_DURATION to avoid confusing nl80211/cfg80211.
2011-08-09 14:01:31 +03:00
Jouni Malinen
a381f2a286 nl80211: Fix connect command to not claim WPA if WPS is used
Such using params->wpa_ie to figure out whether the connection is for
WPA/WPA2 is not correct since that buffer is used also to add WPS IE. In
case of WPS, do not add NL80211_ATTR_WPA_VERSIONS to avoid confusing
drivers.
2011-08-09 13:59:43 +03:00
Jouni Malinen
a05225c819 nl80211: Add more debug information on frame TX command failures 2011-08-09 13:59:12 +03:00
Jouni Malinen
2e92310217 random: Check fwrite return value to avoid warnings
Some compilers complain about fwrite calls if the return value is
not checked, so check the value even if it does not really make
much of a difference in this particular case.
2011-08-06 21:16:31 +03:00
Jouni Malinen
6921f1f386 TLS: Reorder certificates if needed when reading them
The internal TLS implementation assumes that the certificate chain
is ordered by issuer certificate following the certificate that it
signed. Add the certificates to the chain in suitable order when
loading multiple certificates.
2011-08-04 22:39:03 +03:00
Anish Nataraj
628d54639a Dispatch more WPS events through hostapd ctrl_iface 2011-08-04 16:56:41 +03:00
Jouni Malinen
70dbe3b6d7 P2P: Fix 802.11b-only rate validation for Probe Request frames
Commit e1d526293b added code for verifying
whether the receive Probe Request frame was indicating support for only
802.11b rates, but it missed the for loop for the extended supported
rates element. Add that to fix the validation code for cases where
non-802.11b rates are in the extended supported rates element.
2011-08-02 11:18:03 +03:00
Jouni Malinen
93ac240496 Clarify hostapd error message on unsupported hw_mode value 2011-07-31 00:51:34 +03:00
Pavel Roskin
e783c9b0e5 madwifi: Implement set_freq for hostapd, adjust hostapd.conf
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-07-29 20:51:55 +03:00
Pavel Roskin
374038fbde hostap: Remove unused variable in handle_frame()
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-07-29 20:51:55 +03:00
Pavel Roskin
f11634bf5d hostap: Add channel selection support in hostapd
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-07-29 20:51:50 +03:00
Dmitry Shmidt
a79d5479df Increase maximum number of SSIDs per scan with ProbeReq to 10 2011-07-19 08:55:46 +03:00
Eliad Peller
2f4f73b154 nl80211: Change vif type to P2P_CLI upon P2P authentication
Currently, wpa_driver_nl80211_authenticate() changes the interface type
to station. However, in case of P2P, we need to change the interface
type to P2P_CLI.

Add p2p field to the authentication params, and consider it for choosing
the correct interface type.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-07-17 20:25:58 +03:00
Eliad Peller
b1f625e0d8 nl80211: Consider P2P when changing vif type
Commit 9f51b11395 added support for P2P
interfaces when adding a new interface. However, it didn't handle the
case in which the same interface is being used and its type is being
changed. Add support for this case.

Consequently, when doing "ap_scan_as_station" we now need to save the
actual AP interface type (AP/P2P GO) in order to restore it properly.
For that, change ap_scan_as_station type from int to nl80211_iftype, and
set it to NL80211_IFTYPE_UNSPECIFED when not used.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-07-17 20:22:11 +03:00
Jouni Malinen
ff6a158b40 nl80211: Do not re-set iftype when initializing added interface
There is no need to force the interface into station mode when
wpa_supplicant adds a new interface (e.g., P2P group) with the correct
iftype.
2011-07-17 20:03:25 +03:00
Jouni Malinen
a1922f934d nl80211: Add more debug info for iftype changes 2011-07-17 19:47:41 +03:00
Jouni Malinen
7d9c369827 nl80211: Ignore ifdown event if mode change triggered it
When driver_nl80211.c has to set the netdev down to change iftype, an
RTM_NEWLINK event is generated. Do not generate
EVENT_INTERFACE_DISABLED event based on that.
2011-07-17 13:56:34 +03:00
Jouni Malinen
6554237f38 FT: Share IE parser implementation for Authenticator and Supplicant
These are almost identical, so there is no point in using separate
implementations.
2011-07-16 11:13:39 +03:00
Jouni Malinen
c3c828ebfd FT: Fix FT IE parser to not count TIE as protected IE 2011-07-16 11:05:28 +03:00
Hong Wu
c284b46141 FT: Fix the calculation of MIC Control field in FTIE
Reassociation Request/Response frame validation need to count all IEs in
the RIC. In addition, TIE is not protected, so it should not be included
in the count.

Signed-off-by: Hong Wu <hong.wu@dspg.com>
2011-07-16 10:57:17 +03:00
Jouni Malinen
e1d526293b P2P: Do not reply to Probe Request frame indicating only 802.11b rates
Per P2P specification 2.4.1, P2P Device shall shall not respond to
Probe Request frames that indicate support for only 802.11b rates.
2011-07-15 21:49:50 +03:00
Jouni Malinen
97c5b3c45b P2P: Check Device ID match in Probe Request frames in Listen state
Do not reply to Probe Request frames that include a Device ID that
does not match with our own P2P Device Address.
2011-07-15 20:48:06 +03:00
Jouni Malinen
04a85e4401 P2P: Filter Probe Request frames based on DA and BSSID in Listen state
Only accept Probe Request frames that have a Wildcard BSSID and a
destination address that matches with our P2P Device Address or is the
broadcast address per P2P specification 3.1.2.1.1.
2011-07-15 20:28:46 +03:00
Jouni Malinen
15f0961447 Check random_get_bytes() result before writing entropy file 2011-07-15 17:17:48 +03:00
Jouni Malinen
40eebf2353 MD5: Fix clearing of temporary stack memory to use correct length
sizeof of the structure instead of the pointer was supposed to be used
here. Fix this to clear the full structure at the end of MD5Final().
2011-07-15 13:42:06 +03:00
Johannes Berg
f67eeb5c32 nl80211: fix interface address assignment
When a new interface is created and already has a separate MAC address
assigned by the kernel, then we need to use that address, not just when
we've created a locally administered address.

This fixes use_p2p_group_interface=1 for iwlagn as it already makes
mac80211 assign an address for a second interface since the hardware has
two addresses assigned.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-07-15 12:05:19 +03:00
Johannes Berg
b14a210ce2 nl80211: Support GTK rekey offload
Add support to wpa_supplicant for device-based GTK rekeying. In order to
support that, pass the KEK, KCK, and replay counter to the driver, and
handle rekey events that update the latter.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-07-12 21:22:51 +03:00
Jouni Malinen
7aec3776b9 Sync with linux/nl80211.h from wireless-testing.git 2011-07-12 20:53:32 +03:00
Arik Nemtsov
95ab606345 nl80211: Send STA flags to kernel on station addition
Send STA flags to kernel when adding a new station. This ensures
stations are added with up to date flags by kernel drivers.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-07-12 20:28:31 +03:00
Arik Nemtsov
d83ab1fe37 hostapd: Set STA flags when adding a new station
When adding a new station, set the STA flags as part of the sta_add()
command. This ensures the flags are up to date when the station is added
by lower level drivers.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-07-12 20:26:52 +03:00
Hong Wu
715ed737dc FT: Disable PMKSA cache for FT-IEEE8021X
wpa_supplicant uses XXKEY instead of PMK to derive PMK-R0 and PMK-R1 for
FT-IEEE8021X key mgmt.

Signed-off-by: Hong Wu <hong.wu@dspg.com>
2011-07-05 20:49:51 +03:00
Jouni Malinen
cb465555d4 Allow PMKSA caching to be disabled on Authenticator
A new hostapd configuration parameter, disable_pmksa_caching=1, can now
be used to disable PMKSA caching on the Authenticator. This forces the
stations to complete EAP authentication on every association when WPA2
is being used.
2011-07-05 17:13:04 +03:00
Jouni Malinen
4f525d8e5b Move peer certificate wpa_msg() calls to notify.c
This type of wpa_supplicant specific message construction does not need
to be at the EAP implementation, so better move it up to notify.c.
2011-07-05 12:40:37 +03:00
Michael Chang
ade74830b4 Add dbus signal for information about server certification
In general, this patch attemps to extend commit
00468b4650 with dbus support.

This can be used by dbus client to implement subject match text
entry with preset value probed from server. This preset value, if
user accepts it, is remembered and passed to subject_match config
for any future authentication.

Signed-off-by: Michael Chang <mchang@novell.com>
2011-07-05 12:22:32 +03:00
Yogesh Ashok Powar
a3e685a04b hostapd: Clear keys configured when hostapd reloads configuration
Data path is broken when hostapd reloads its configuration
disabling the security which was previously enabled (WEP/WPA),
using kill -1, as old keys were not cleared.

The patch clears the keys configured when hostapd reloads
its configuration.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
2011-07-05 11:39:26 +03:00
Jouni Malinen
235279e777 TLS: Add support for tls_disable_time_checks=1 in client mode
This phase1 parameter for TLS-based EAP methods was already supported
with GnuTLS and this commit extends that support for OpenSSL and the
internal TLS implementation.
2011-07-05 11:29:42 +03:00
Angie Chinchilla
f5fc603251 P2P: Only call dev_lost() for devices that have been dev_found()
Fix a bug with the current dev_found()/dev_lost() usage. Previously
in p2p_device_free() dev_lost() was invoked for devices that had
not been dev_found(). This caused dbus related msgs to stderr like:
"Attempted to unregister path (path[0] = fi path[1] = w1) which isn't
registered"

Signed-off-by: Angie Chinchilla <angie.v.chinchilla@intel.com>
2011-07-04 20:30:16 +03:00
Jouni Malinen
5f310a9e24 nl80211: Process association/disassociation events in AP mode
This allows non-mac80211 drivers that implement AP mode SME/MLME
in firmware or driver to notify hostapd/wpa_supplicant of AP mode
association events.
2011-07-01 18:44:09 +03:00