This makes it clearer that the PMKSA caching entry gets removed from
the driver regardless of how the internal entry from wpa_supplicant
gets cleared. In practice, this call was skipped only for the case
when the entry for the current AP was being updated, so the previous
version was likely to work with all drivers. Anyway, it is cleaner
to explicitly remove the old entry even in that case before the new
entry gets added.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 940a0ce970 moved the STA associated
check from driver_*.c into ieee802_1x_receive(), but failed to take into
account that wired networks and driver_wired.c do not mark the STA entry
associated. Fix this by skipping the check if the driver wrapper is
using a wired network.
Signed-hostap: Jouni Malinen <j@w1.fi>
It's not really valid to send off-channel in all cases,
so pass whether it should be allowed or not and don't
set it in the AP case.
Also, to get the right ifindex for hostapd, pass a bss
pointer instead of the drv pointer.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Some client implementations only wait a few ms after sending a probe
request while scanning. Since probe responses are always sent at a low
rate this can eat quite some airtime and it might be impossible to get
the frame out before the client leaves the channel again. If the client
leaves before all probe reponses where acked this can cause the probe
reponse to be retried quite often consuming even more airtime.
Hence, add a new noack flag to the driver's send_mlme callback that
allows hostapd to request whether the driver should expect an ACK for
this frame or not.
Use the new noack-policy only for broadcast probe requests that contain
a wildcard SSID.
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
In some situations it might be benefical to send a unicast frame without
the need for getting it ACKed (probe responses for example). In order to
achieve this add a new noack parameter to the drivers send_mlme callback
that can be used to advise the driver to not wait for an ACK for this
frame.
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
This structure was not really used for anything apart from figuring out
length of the EAP-pwd header (and even that in a way that would not work
with fragmentation). Since the bitfields in the structure could have
been problematic depending on target endianness, remove this unnecessary
structure.
Signed-hostap: Jouni Malinen <j@w1.fi>
Another niceness of OpenSSL is that if the high-order bit of a 521-bit
big num is not set then BN_bn2bin() will just return 65 bytes instead of
66 bytes with the 1st (big endian, after all) being all zero. When this
happens the wrong number of octets are mixed into function H(). So
there's a whole bunch of "offset" computations and BN_bn2bin() dumps the
big number into a buffer + offset. That should be obvious in the patch
too.
The previous EAP-pwd KDF implemented has an issue with group 21, that is
an elliptic curve group based on a 521 bit prime. 521 is not an even
multiple of 8, and therein lies the problem.
OpenSSL's BN library interprets a string of bits as in big-endian format
so all the calls of BN_bin2bn() will take the binary blob of bits and
turn it into a big number in big-endian format. In the EAP-pwd KDF, I am
stretching the key to "primebitlen". When that is not an even multiple
of 8 I have to mask off the excess. But I was masking off the excess
bits in the 1st octet (big endian after all) but that isn't right. The
KDF produces a string of endian-less bits. The 521st bit is the first
bit in the last octet, not the 7th bit in the first octet. So that has
been fixed and you can see in the attached diff what I'm doing.
If the kernel supports this, don't use manual null
data frame transmissions. This is one thing to get
rid of cooked monitor interfaces.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The non-monitor TX currently uses a normal L2 abstraction
socket, but that will also receive frames we don't want,
so use a plain socket that isn't bound for RX. This might
be possible using the L2 abstraction, but we need a plain
socket later for getting TX status events here.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
This changes the auto-detection of whether or not the device contains
the AP SME away from monitor interface addition failing to the explicit
attribute in nl80211. Keep the old auto-detection for a little while so
that ath6kl isn't broken right away.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The new event can be used when EAPOL TX status can't be reported as a
complete 802.11 frame but is instead reported as just the EAPOL data as
originally passed to hapd_send_eapol().
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Currently OpenSSL implementation of TLS in hostapd loads only top
certificate in server certificate file. Change this to try to the
whole chain first and only if that fails, revert to old behavior.
Signed-off-by: Maciej Szmigiero <mhej@o2.pl>
This patch implements shared_freq handler for driver_nl80211.c. If a
"p2p_group_add" happens after legacy STA association, then this patch
will help to start the GO on the same frequency. This is useful when
supplicant is started on multiple interface running over a singly "PHY"
and the station interface is not used for the P2P device operations.
For example, wpa_supplicant -iwlan0 .. -N -iwlan1 ... and wlan0 is used
for station connection and wlan1 as the P2P device interface.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Without this, it is impossible to tell exactly which
MLME code returned the error.
Also, convert to wpa_dbg so that we get device names
in the messages.
Signed-hostap: Ben Greear <greearb@candelatech.com>
When GO negotation fails the WPS method is currently not cleared, which
can result in GO negotiation being resumed when a GO negotiation request
frame is received from the peer. That is unexpected as locally we
already gave up.
This manifests itself in getting
1319574733.955685: wlan0: P2P-GO-NEG-FAILURE status=-1
1319574733.955723: P2P: Removing pending group interface p2p-wlan0-0
...
1319574736.648378: wlan0: P2P: Starting GO Negotiation with previously
authorized peer
...
1319574736.650115: wlan0: P2P: Sending GO Negotiation Response
...
1319574736.988038: wlan0: P2P-GO-NEG-SUCCESS
1319574736.988233: P2P: No pending group interface
1319574736.988268: P2P: Create a new interface p2p-wlan0-1 for the group
Clear the WPS method to avoid this situation. I wasn't
able to test this though, but given the log I can only
assume this is how the situation happened.
Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
If P2P device expires while a GO Negotiation is in progress, currently
p2p->go_neg_peer is cleared without indicating GO Nego failure. This
will result in pending group interfaces to be left over. This patch will
indicate GO Negotiation failure and will remove any pending group
interfaces.
This patch addresses a corner case in GO-Negotiation case. Consider the
scenario where two devices A and B are in discovery stage and Device B
vanishes [moves out of range] when a connect is issued on the Device A.
Then Device A keeps on retrying the GO Negotiation Request till the
retry limit is reached. On reaching retry limit, the pending group
interface is removed. But suppose if the peer entry in the device list
expires before the retry limit is reached, then pending group interface
was not removed.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
Invalid use of memcpy instead of memcmp in comparison resulted in the
GO interface address getting set incorrectly if the GO did not show up
in scan results anymore.
Signed-hostap: Jouni Malinen <j@w1.fi>
trace.h may end up including system header files that define offsetof,
so include the compatibility definition from list.h only after this.
Signed-hostap: Jouni Malinen <j@w1.fi>
HT_INFO_OPERATION_MODE_OP_MODE_MASK is used with variables in host
byte order, so it should not be claimed as le16.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is a workaround for Windows 7 supplicant rejecting WPA msg 3/4
in case it used Secure=1 in msg 2/4. This can happen, e.g., when
rekeying PTK after EAPOL-Key Error Request (Michael MIC failure)
from the supplicant.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up the code a bit by not having to deal with theoretical
possibility of maximum number of EAP methods to be different between
various components in hostapd.
Signed-hostap: Jouni Malinen <j@w1.fi>
Some static analyzers complain about memset with '0' value. This was
used correctly here, but since use of strdup is about as good an option,
use that to silence the invalid warnings.
Signed-hostap: Jouni Malinen <j@w1.fi>
This avoid incorrect errors from some static analyzers that do not like
memmove with pointers just after the end of a buffer even if the number
of bytes to move is zero.
Signed-hostap: Jouni Malinen <j@w1.fi>
All we really need is the family ID, and we can
get that with genl_ctrl_resolve() and then don't
need to worry about family/cache objects.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
If a P2P client associates with the group while it is
already associated, two member entries may be added to
the group which also confuses num_members counting.
Deal with this by removing the existing entry first
before adding a new one.
I think the way Reinette ran into this was due to our
tx_sync implementation in iwlagn, mac80211 might have
queued two association frames thinking the first one
just failed, but both only went out after the sync was
really successful (which tx_sync doesn't wait for).
Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The P2P_FIND command was failing if it was issued at the moment when
a scan operation was in progress. Avoid returning failure in this
case by scheduling the P2P find to start once the ongoing scan is
completed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
WEXT is not really changing anymore and more or less all Linux
distros come with linux/wireless.h that is recent enough to
allow the driver wrappers to be build.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit c2ff13c533 broke this with a
copy-paste typo that ended up adding the Probe Request P2P IE into the
Beacon frame (i.e., Beacon frame had two P2P IEs while Probe Response
had none).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Avoid zero-length memset at the end of the buffer. This is not really
needed, but it makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Avoid zero-length memset at the end of the buffer. This is not really
needed, but it makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Explicitly validate data_len so that static analyzers do not get
confused about the padlen validation. This is not really needed, but it
makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Explicitly validate seed_len to skip memset call with zero length
of copied data at the end of the buffer. This is not really needed,
but it makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
data->phase2_method cannot really be NULL if
eap_fast_init_phase2_method() returns success, but this construction
seems to be too difficult for some static analyzers. While this change
is not really needed in practice, it makes it easier to go through
warnings from such analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
hapd->time_adv cannot really be NULL if hostapd_update_time_adv()
returns success, but this construction seems to be too difficult
for some static analyzers. While this change is not really needed
in practice, it makes it easier to go through warnings from such
analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
md->curlen cannot indicate full buffer size here since the buffered
data is processed whenever the full block size of data is available.
Avoid invalid warnings from static analyzers on memcpy() outside the
buffer length by verifying that curlen is smaller than block size.
Signed-hostap: Jouni Malinen <j@w1.fi>