Commit Graph

3843 Commits

Author SHA1 Message Date
Jouni Malinen
505a36941e Add MSK dump mechanism into hostapd RADIUS server for testing
Testing code can now be enabled in the hostapd RADIUS server to dump
each derived MSK into a text file (e.g., to be used as an input to
wlantest). This functionality is not included in the default build
and can be enabled by adding the following line to hostapd/.config:
CFLAGS += -DCONFIG_RADIUS_TEST

The MSK dump file is specified with dump_msk_file parameter in
hostapd.conf (path to the dump file). If this variable is not set,
MSK dump mechanism is not enabled at run time.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-09 00:15:04 +02:00
Jouni Malinen
219fd441fd wlantest: Allow MSK/PMK list to be read from a text file
A text file with MSK/PMK entries (one key per line in hexdump format)
can be read into wlantest (-f<path to file>) to initialize list of
known PMKs.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-09 00:12:27 +02:00
Jouni Malinen
c3f4278445 P2P: Add group ifname to P2P-PROV-DISC-* events
If Provision Discovery Request is sent for GO role (i.e., P2P Group ID
attribute is included), add the group interface name to the control
interface event on the GO. This makes it easier to figure out which
ctrl_iface needs to be used for wps_pbc/wps_pin command to authorize
the joining P2P client.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-06 21:57:17 +02:00
Jithu Jance
ec437d9e74 P2P: Skip duplicated provision discovery on join
If p2p_prov_disc join command is used prior to p2p_connect join,
skip the duplicated provision discovery exchange.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2011-12-06 21:44:57 +02:00
Jithu Jance
8c5f730983 P2P: Add optional "join" argument for p2p_prov_disc command
This can be used to request Provision Discovery Request to be sent
for the purpose of joining a running group, e.g., to request the GO
to display a PIN that we can then use with p2p_connect join command.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2011-12-06 21:28:02 +02:00
Jouni Malinen
61ff2c8080 Remove documentation for label option in p2p_connect
P2P use cases do not allow use of Label config method and the earlier
code for this has already been removed, but this documentation was not
updated at the same time.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-06 21:13:54 +02:00
Jouni Malinen
481234cf1a nl80211: Remove unnecessary struct nl80211_handles wrapper
Since the nl_cache is not used anymore, there is no need for maintaining
the struct nl80211_handles wrapper for struct nl_handle. Clean this up
by using nl_handle directly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-06 19:47:59 +02:00
Johannes Berg
3088e4e52d nl80211: Listen to unexpected 4addr events
Monitor-less AP mode had lost the ability to do
4addr WDS, this adds it back.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-06 19:32:41 +02:00
Johannes Berg
d6c9aab8d2 nl80211: Use global event socket for multicast events
This is a rewrite of Ben Greear's patch, making the
nl80211 code use just a single multicast event socket.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-06 19:30:43 +02:00
Johannes Berg
e32ad281ca nl80211: Register for Beacon frames in AP mode
When running AP mode, we need to receive beacons over overlapping BSSes
to handle protection. Use the new nl80211 command for this. As the
command works per wiphy (and we don't want to receive the Beacon frames
multiple times) add an abstraction that keeps track of per-wiphy data.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-06 18:39:57 +02:00
Johannes Berg
02bb32c393 nl80211: Subscribe to spurious class3 frame events
These events are necessary to send deauth frames to
stations sending spurious data frames. Subscribe to
them on the per-BSS event socket.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-06 18:29:45 +02:00
Johannes Berg
a11241fa11 nl80211: Use nl80211 for mgmt TX/RX in AP mode
To achieve this, multiple things are needed:
 1) since hostapd needs to handle *all* action frames,
    make the normal registration only when in a non-AP
    mode, to be able to do this use the new socket
 2) store the frequency in each BSS to be able to give
    the right frequency to nl80211's mgmt-tx operation
 3) make TX status processing reject non-matched cookie
    only in non-AP mode

The whole thing depends on having station-poll support
in the kernel. That's currently a good indicator since
the kernel patches are added together.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-06 18:24:00 +02:00
Jouni Malinen
5331c274e0 EAP server: Force identity request after eapRestart for passthrough
Fix start of reauthentication after failed authentication with
passthrough (external AAA server) to use internal EAP Identity method.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-06 13:02:23 +02:00
Jouni Malinen
4a9e26b6e7 Revert "EAP server: Force identity request after INITIALIZE for passthrough"
This reverts commit 204dd3f420.
start_reauth was not supposed to be used in this way and setting it
to TRUE in INITIALIZE breaks internal EAP server.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-06 12:47:17 +02:00
Jouni Malinen
8c3ba0784e nl80211: Use driver event to indicate failure on authentication retry
When using authentication retry within driver_nl80211.c, a failure on the
second attempt has to be indicated with a driver event since the return
code from wpa_driver_nl80211_authenticate() is not actually delivered to
the core code in that case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 22:28:30 +02:00
Jouni Malinen
14115a1089 SME: Fix processing of Authentication timeout
The wpa_state needs to be dropped back to DISCONNECTED to allow scan
results to trigger a new authentication attempt.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 22:27:48 +02:00
Jouni Malinen
d00821e913 Try to reconnect to the same BSS on recoverable disconnection
If the AP disconnects us with a reason code that indicates that it has
dropped the association, but could allow us to connect again, try to
reconnect to the same BSS without going through the full scan. This can
save quite a bit of time in some common use cases, e.g., when inactivity
timeout is used on the AP (and especially, when waking up from suspend
which has likely triggered some timeout on the AP).

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 21:57:14 +02:00
Jouni Malinen
536fd62dba nl80211: Recover from auth req ENOENT with a scan
cfg80211 rejects NL80211_CMD_AUTHENTICATE with ENOENT if the BSS entry
for the target BSS is not available. This can happen if the cfg80211
entry has expired before wpa_supplicant entry (e.g., during a suspend).
To recover from this quickly, run a single channel scan to get the
cfg80211 entry back and then retry authentication command again. This
is handled within driver_nl80211.c to keep the core wpa_supplicant
implementation cleaner.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 21:53:56 +02:00
Jouni Malinen
ed57c5907e SME: Fix processing of Authentication request failure
The wpa_state needs to be dropped back to DISCONNECTED to allow scan
results to trigger a new authentication attempt. In addition, we can use
wpas_connection_failed() instead of requesting a scan after a fixed time
to make this error case more consistent with other similar error paths
in sme.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 21:04:24 +02:00
Jouni Malinen
8b41e05656 EAP-AKA peer: Keep pseudonym identity across EAP exchanges
This updates EAP-AKA peer implementation with the changes that previous
commits did for EAP-SIM.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 17:21:22 +02:00
Simon Baatz
1037235ca0 EAP-SIM peer: Only log the identities that we actually forget
[Bug 425]
2011-12-04 17:17:21 +02:00
Simon Baatz
a9f40ae720 EAP-SIM: Keep pseudonym identity
The pseudonym is a temporary identity, but is no one-time identifier (like
the fast re-authentication identity). Thus, do not forget it if the server
does not include it in every challenge. There are servers that include the
pseudonym identity only at full-auth. [Bug 424]
2011-12-04 17:15:16 +02:00
Jouni Malinen
c8894a3100 Use explicit type casting to avoid sign extensions
Make sure sign extension does not end up getting used here by
explicitly type casting the variables to correct size.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 17:06:35 +02:00
Jouni Malinen
607bcf61a4 Check nt_password_hash() return code
While this is unlikely to fail in practice, better be more consistent
in validating nt_password_hash() result.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 16:59:16 +02:00
Jouni Malinen
d627a9395d Check wpa_supplicant_parse_ies() return value more consistently
Reject messages that fail to be parsed instead of trying to use
partially parsed information.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 16:40:06 +02:00
Jouni Malinen
78018ae91d Fix basic_rates copying
Commit e5693c4775 used incorrect
sizeof to copy the basic rates.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 13:12:30 +02:00
Jouni Malinen
210ff0f7f3 Fix no-NEED_AP_MLME build
Commit 34445d12ee forgot to convert
the hostapd_prepare_rates() inline wrapper for builds that do not
define NEED_AP_MLME.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 12:46:01 +02:00
Arik Nemtsov
3eeee931dd Allow Action frames with unknown BSSID in GO mode
P2P invitation responses are transmitted with the BSSID set to the peer
address. Pass these action frames up to allow the GO to receive the
Invitation Response (and avoid sending the Invitation Request multiple
times).

Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-12-04 12:10:11 +02:00
Johannes Berg
9f12614b8c nl80211: Do not encrypt IEEE 802.1X WEP EAPOL
Set the NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT flag for nl80211 to tell
drivers (mac80211) to not encrypt the EAPOL frames for WEP IEEE 802.1X.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 20:46:12 +02:00
Johannes Berg
cc7a48d1f4 nl80211: Allocate nl CB for BSS RX
In preparation for things that receive on a BSS-specific handle,
allocate a CB for it and hook it up to receive functions.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 20:14:53 +02:00
Johannes Berg
f06aedd92f nl80211: Rename process_event
The next patch will add process_bss_event, rename process_event to
process_drv_event to differentiate between them.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 20:10:44 +02:00
Johannes Berg
a4ae123c3f nl80211: Pass cb to eloop function
By passing the nl_cb as the context to the eloop function we can
(in the next patch) use the same eloop function for BSS events.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 20:07:54 +02:00
Johannes Berg
1afc986d84 nl80211: Use one CB for driver event RX
There's no need to clone the CB all the time
and then assign it, just use a constant one.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 20:00:11 +02:00
Johannes Berg
e4fb216769 nl80211: Store frequency in bss struct
Storing the frequency in the bss struct allows using it for frame
commands in AP mode and not relying on the driver struct as much, which
is good for hostapd mode.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 19:55:22 +02:00
Johannes Berg
3fd1cefb81 nl80211: Move AP SME setup to mode change
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 19:47:01 +02:00
Johannes Berg
32ab485503 nl80211: Use socket error queue for EAPOL TX status
This will allow getting TX status for EAPOL frames
sent as data frames if the driver supports it.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-03 19:32:23 +02:00
Jouni Malinen
204dd3f420 EAP server: Force identity request after INITIALIZE for passthrough
Previously, sm->start_reauth was set to TRUE in SUCCESS2 state to force
reauthentication to start with EAP identity request. This works fine for
the case of EAP success through the AAA passthrough authentication, but
is not enough to handle passthrough authentication failure. sm->identity
is set in that case and getDecision would return PASSTHROUGH instead of
CONTINUE (to Identity method).

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 17:37:48 +02:00
Jouni Malinen
bfba8deb8b Update internal MAC address on EVENT_INTERFACE_ENABLED events
This allows the MAC address of the interface to be changed when the
interface is set down even if the interface does not get completed
removed and re-added.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 13:20:40 +02:00
Jouni Malinen
aef85ba204 nl80211: Ignore interface up event if interface is down
The RTM_NEWLINK even can have IFF_UP flag even if the interface is
down. Do not generate EVENT_INTERFACE_ENABLED event based on such a
message.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 13:18:57 +02:00
Johan Hedlund
f98eb880eb Update RSN supplicant MAC address on driver reinitialization
I have a test case where I remove and insert another network adapter
between two connections to AP. The interface get the same interface name
but switches macadresses between the connections. When running WPA2 I
got a failure in EAPOL negotiation and found out that the reason for
this was that the supplicant did not update the MAC address in the
correct place.
2011-12-03 13:02:57 +02:00
Jouni Malinen
3b1c7bfdc5 nl80211: Use binary hexdump for scan IEs instead of text
The IEs are binary data, so there is not much point in trying
to show them as ASCII data in debug prints.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 12:47:34 +02:00
Jouni Malinen
34445d12ee Convert hostapd_prepare_rates() to use struct hostapd_iface
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 12:20:17 +02:00
Jouni Malinen
e5693c4775 Merge set_rate_sets() driver_ops into set_ap()
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 12:16:03 +02:00
Jouni Malinen
5f17b3ee9f Remove unused parameters from set_rate_sets()
Only setting of the basic rate set was supported, so remove the
unused parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 11:57:13 +02:00
Jouni Malinen
e26cd1a180 hostapd: Show driver event names in debug log
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 11:46:47 +02:00
Jouni Malinen
d03e8d118c nl80211: Merge ap_isolate configuration into nl80211_set_bss()
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 11:43:18 +02:00
Jouni Malinen
e53a0c7406 Fix a typo in a comment
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 11:38:51 +02:00
Szymon Bigos
9337e876ab Fix generated WPS PIN values to use zero-padding
The dynamically generated PINs are supposed to have 8 digits, but
some PIN generatation cases were not zero-padding these properly.
2011-12-02 23:04:39 +02:00
Jouni Malinen
47662f4017 Add example WPS AP mode UI for wpa_supplicant
This script shows some minimal WPS user interface requirements for
mobile AP support with wpa_supplicant.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-12-01 22:14:07 +02:00
Jouni Malinen
0bc134683e wpa_supplicant AP: Allows passphrase to be fetched
"wpa_cli status wps" can now be used to fetch the WPA2-Personal
passphrase from AP mode operation with wpa_supplicant to make it
easier to meet WPS requirements for legacy STA support.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-12-01 22:12:03 +02:00