Commit Graph

721 Commits

Author SHA1 Message Date
Eygene Ryabinkin
40fd868c09 wpa_cli: Improve sensitive command detection for readline history
I had added flags to the every command description: just now the only
meaningful flag tells that this command has sensitive arguments and it
shouldn't be written to the disk.  I rewrote the logics for the search
for the sensitive commands: special procedure is now loops over all
commands and tries to see if command has sensitive data. [Bug 289]

Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
2009-01-05 21:07:54 +02:00
Eygene Ryabinkin
413653e839 wpa_cli: fix readline history cleaning
First of all, the history had not been written to the disk, since almost
all commands were cleaned up due to the error in the history cleaning:
the return value of the last os_strncasecmp() call was not compared to
zero, but was rather used as is.  So the condition was almost always
true and most commands were removed from the history.

The second problem was that the evaluation of the potentially sensitive
commands was started at the entry number 1, instead of very first entry.
2009-01-05 20:48:45 +02:00
Ihar Hrachyshka
7ee6258f7c Fix wpa_supplicant build for uClinux
The code contains a bogus #ifdef for uClinux building. [Bug 286]
2009-01-05 20:32:04 +02:00
Jouni Malinen
2c04820d80 Fixed a typo in usage help 2009-01-04 22:13:34 +02:00
Tomasz Wolniewicz
db803a3607 eapol_test: Add a universal way of adding extra RADIUS attributes
This change replaces -I and -i options (Chargeable-User-Identity) with a
new -N option that can add any RADIUS attribute into the Access-Request
messages without having to modify eapol_test for each new attribute.
2009-01-04 22:10:56 +02:00
Jouni Malinen
b39d1280a7 Silenced number of Doxygen warnings 2009-01-04 15:07:54 +02:00
Jouni Malinen
f565d71ac9 Remove wpa_gui from doxygen documentations
The *.ui.h were causing number of warnings and they do not need to be
included in documentation.
2009-01-04 14:58:47 +02:00
Jouni Malinen
f58b20ce66 Fixed IMAGE_PATH for doxygen run in root directory 2009-01-04 14:44:33 +02:00
Jouni Malinen
cd7aacbed4 Remove temporary Qt build directories from Doxygen run 2009-01-04 14:28:20 +02:00
Jouni Malinen
842e11d0bd Remove unwanted wpa_supplicant -> struct wpa_supplicant links
Replace " wpa_supplicant" with " %wpa_supplicant" except for
"struct wpa_supplicant". This makes it easier to write Doxygen comments
since there is no need to add the ugly '%' prefix to each instance of
wpa_supplicant text showing up.
2009-01-04 14:25:58 +02:00
Jouni Malinen
e857fb05df Resolve a Doxygen warning 2009-01-04 14:06:13 +02:00
Jouni Malinen
f1a3e81098 Fixed Doxygen function links
No need to use explicit @link command, but must include () after
function name (and in couple of cases, use the current function name).
2009-01-04 13:54:07 +02:00
Jouni Malinen
08c0f0670a Completed Doxygen documentation for functions declared in wps/wps.h 2009-01-04 13:43:05 +02:00
Jouni Malinen
dcc03dbe78 Use NULL, not 0, when comparing a pointer 2009-01-03 21:01:20 +02:00
Jouni Malinen
2eba45c8de Added endianness annotation for sparse 2009-01-03 21:00:38 +02:00
Jouni Malinen
5306f43fc3 Fixed sparse warnings about integer vs. pointer use
The configuration parsing functions seemed to have worked fine before,
but these were real bugs even if they did not show up in practice.
hostapd_ip_diff() was broken for IPv6 addresses (overwrote address and
always returned 1.
2009-01-03 20:46:32 +02:00
Jouni Malinen
d953d9ab80 Removed sparse destinations since "CC=cgcc make" works fine 2009-01-03 20:39:52 +02:00
Jouni Malinen
7e5ba1b916 Mark functions static if not used elsewhere and use proper prototypes 2009-01-03 20:38:42 +02:00
Jouni Malinen
26d1dc96e9 Include the header file to validate function prototype. 2009-01-03 20:21:12 +02:00
Jouni Malinen
c5adf528a2 Moved WPS Registrar initialization from EAP peer to wps_supplicant.c
This matches the style used in hostapd, i.e., Registrar is initialized
only once and callbacks are now processed in wps_supplicant.c.
2009-01-03 20:18:35 +02:00
Jouni Malinen
41c00105f2 Removed registrar pointer from wps_config and wps_data
wps_context::registrar can be used as the only location for this
pointer.
2009-01-03 20:09:35 +02:00
Jouni Malinen
5a8c6d3353 Removed duplicated authenticator yes/no from wps_config and wps_data
wps_context::ap is available for this purpose and there is no need to
change between AP and not AP between protocol runs.
2009-01-03 19:57:22 +02:00
Jouni Malinen
ae2633af63 Removed unused WPS_PENDING processing result 2009-01-03 19:52:20 +02:00
Jouni Malinen
f90c86d4a3 Added Doxygen documentation for WPS code 2009-01-03 19:50:49 +02:00
Jouni Malinen
875f6d7b93 Create all doxygen docs from root directory to get proper path names
This updated all doxygen runs to use the same style that was used for
wpa_supplicant full documents. The full vs. fast configurations are now
otherwise identical apart from fast not generating dot files or
latex/pdf version of the documentation.
2009-01-03 09:59:12 +02:00
Jouni Malinen
a17df5fb8b Fixed number of doxygen warnings 2009-01-02 22:28:04 +02:00
Jouni Malinen
a4149765a2 Added more src subdirectories into doxygen docs 2009-01-02 22:27:17 +02:00
Jouni Malinen
4be048a8a6 Updated doxygen configuration files to work with new doxygen
The doxygen run is not exactly warning free yet, but this gets a step
closer to being able to produce something useful again.
2009-01-02 21:57:51 +02:00
Jouni Malinen
dd42f95f71 Move addr_un definitions to avoid using out-of-scope buffer 2009-01-02 21:53:21 +02:00
Jouni Malinen
243869858a Initialize wpa_ie_len to 0 if WPA IE is not set on all paths
The new WPS code was not setting this in error case.
2009-01-02 21:50:22 +02:00
Jouni Malinen
862e08a9a4 Include ieee802_11_defs.h explicitly instead of assuming it gets included
Some build configurations failed to compile because this file did not
get included.
2009-01-02 21:14:21 +02:00
Jouni Malinen
a1ba55a58a Replaced string comparison operator '==' with '=' to work with dash 2009-01-02 21:06:36 +02:00
Jouni Malinen
79da74a20c WPS: Generate UUID based on MAC address, if not set
Generate a SHA1 hash -based UUID from the local MAC address if the UUID
was not configured. This makes it easier to prepare for WPS since there
is no need to generate an UUID.
2009-01-01 22:56:52 +02:00
Jouni Malinen
84f5b41fc1 WPS: Cleanup UUID and MAC address configuration
No need to configure these separately for each Enrollee in wps_config
since wps_context is now used both for Registrar and Enrollee.
2009-01-01 22:56:02 +02:00
Jouni Malinen
e834272f73 Include pending MFP defines in nl80211_copy.h
This can be used to get rid of the extra cpp define since we have our
local copy of wireless.h and nl80211.h.
2008-12-31 18:10:14 +02:00
Jouni Malinen
c2fef14520 Sync nl80211.h copy with the current kernel version 2008-12-31 18:00:07 +02:00
Jouni Malinen
ac43f1fa39 Renamed nl80211 HT channel parameters to match with kernel 2008-12-31 17:59:13 +02:00
Jouni Malinen
97d3497e29 MFP: Require MFP is it is enabled and AP scan shows support for it
When using ap_scan=1, we know before the association request that MFP
will be supported, so we can as well require it. This helps mac80211 in
configuring whether to enable MFP.
2008-12-31 17:53:31 +02:00
Jouni Malinen
c3469d1534 MFP: Fix SA Query Action Category
IEEE 802.11w/D7.0 incorrectly changed the Action Category from 8 to 7
when renaming Ping to SA Query. Category 7 is reserved for HT (IEEE
802.11n) and IEEE 802.11w will need to continue to use the category 8
that was allocated for it.
2008-12-31 17:52:05 +02:00
Jouni Malinen
df1e9601a4 Fixed SA Query Request length
Do not send extra 24 octets of random data in the end.
2008-12-31 17:50:14 +02:00
Jouni Malinen
1aa5c13471 Clear BIP keys, too, when removing broadcast keys with MFP enabled 2008-12-31 17:49:43 +02:00
Jouni Malinen
d5263983ac MFP: Remove mac80211 workaround of IGTK in monitor netdev
mac80211 can now figure out which key to use for injected frames (in
most cases), so we can remove the workaround for configuring IGTK on the
monitor interface that is used for injecting frames.
2008-12-31 17:48:13 +02:00
Jouni Malinen
88b4b4246d Added ctrl_interface command for sending a SA Query request
This can be useful for testing IEEE 802.11w functionality, so provide
means for manual request to send a SA Query request.
2008-12-30 18:04:29 +02:00
Jouni Malinen
3f732d1fc3 Fix TLS message processing if Flags field is not present
Previous version assumed that the Flags field is always present and
ended up reading one octet past the end of the buffer should the Flags
field be missing. The message length would also be set incorrectly
(size_t)-1 or (size_t)-5, but it looks like reassembly code ended up
failing in malloc before actually using this huge length to read data.

RFC 2716 uses a somewhat unclear description on what exactly is included
in the TLS Ack message ("no data" can refer to either Data field in 4.1
or TLS Data field in 4.2), so in theory, it would be possible for some
implementations to not include Flags field. However,
EAP-{PEAP,TTLS,FAST} need the Flags field in Ack messages, too, for
indicating the used version.

The EAP peer code will now accept the no-Flags case as an Ack message if
EAP workarounds are enabled (which is the default behavior). If
workarounds are disabled, the message without Flags field will be
rejected.

[Bug 292]
2008-12-30 12:28:02 +02:00
Jouni Malinen
805e6dc663 Disconnect the STA if EAP timeout is reached
There is not really much else the Authenticator can do if it does not
receive valid EAP response from the Supplicant/EAP peer. EAP-Failure
would need to be sent before trying to start again with
EAP-Request/Identity, but that is not allowed before the EAP peer
actually replies. Anyway, forcing a new association is likely to clean
up peer state, too, so it can help fixing some issues that could have
caused the peer not to be able to reply in the first place.
2008-12-29 19:16:48 +02:00
Jouni Malinen
98de443890 WPS: Set recommended retransmission times with EAP method specific hint 2008-12-29 18:50:37 +02:00
Jouni Malinen
8e09c6d253 Fixed retransmission of EAP requests if no response is received
It looks like this never survived the move from IEEE 802.1X-2001 to
IEEE 802.1X-2004 and EAP state machine (RFC 4137). The retransmission
scheduling and control is now in EAP authenticator and the
calculateTimeout() producedure is used to determine timeout for
retransmission (either dynamic backoff or value from EAP method hint).

The recommended calculations based on SRTT and RTTVAR (RFC 2988) are not
yet implemented since there is no round-trip time measurement available
yet.

This should make EAP authentication much more robust in environments
where initial packets are lost for any reason. If the EAP method does
not provide a hint on timeout, default schedule of 3, 6, 12, 20, 20, 20,
... seconds will be used.
2008-12-29 18:10:34 +02:00
Jouni Malinen
65d50f0ac6 Add RADIUS server support for identity selection hint (RFC 4284)
Previously, only the delivery option 1 from RFC 4284
(EAP-Request/Identity from the AP) was supported. Now option 3
(subsequent EAP-Request/Identity from RADIUS server) can also be used
when hostapd is used as a RADIUS server. The eap_user file will need to
have a Phase 1 user entry pointing to Identity method in order for this
to happen (e.g., "* Identity" in the end of the file). The identity hint
is configured in the same was as for AP/Authenticator case (eap_message
in hostapd.conf).
2008-12-26 20:22:12 +02:00
Andriy Tkachuk
d9f5626293 NEED_BASE64 for WPS
It looks like we need base64 routines when compiling WPS in hostapd
(used in src/wps/wps_registrar.c:910).
2008-12-26 16:40:27 +02:00
Jouni Malinen
6f5c8dbd79 Added a TODO item for sending protected Disassoc after failed SA Query 2008-12-26 15:56:30 +02:00