Commit Graph

2334 Commits

Author SHA1 Message Date
Eyal Shapira
b4e9e2659b WPS: Fix nonce comparisons
Multiple memcmps of nonces were actually comparing only the first byte
instead of all 16 bytes. [Bug 462]

Signed-hostap: Eyal Shapira <eyal@wizery.com>
intended-for: hostap-1
2012-08-13 19:50:33 +03:00
Jouni Malinen
623ecdd5a2 Remove default ACM=1 from AC_VO and AC_VI
There is no need to mandate admission control (ACM=1) by default, so
clear that flag in the case the configuration file does not specify
wmm_ac_{vo,vi}_acm value. This gets closer to the values mentioned
in the sample hostapd.conf file and reduces the need to specify WMM
parameters in the configuration file for most common use cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-12 11:36:45 +03:00
Yoni Divinsky
eda070f14f Move WMM AC parameter parser into a common file
This allows the same implementation to be used for wpa_supplicant, too.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-08-12 11:33:00 +03:00
Jouni Malinen
504a5839ea P2P: Increase GO Negotiation timeouts
p2p_set_timeout() calls in GO Neg Req/Resp TX callbacks used timeout of
100 ms which is the value given in the P2P specification for GO
Negotiation, but this was actually shorter than the
wait-for-offchannel-TX value (200 ms) used for the driver call. In
addition, it looks like some devices (e.g., Galaxy Nexus with JB image)
can take longer time to reply to GO Negotiation Response (somewhere
between 200 and 250 ms has been observed).

Increase the wait-for-GO-Neg-Resp timeout from 100 ms to 200 ms if GO
Negotiation Request frame was acknowledged (this matches with the
offchannel wait timeout that used previously). The no-ack case is left
at 100 ms since we use GO Negotiation Request frame also to discover
whether the peer is on its Listen channel.

Increase the wait-for-GO-Neg-Conf timeout from 100 ms to 250 ms (and
increase the offchannel wait timeout to matching 250 ms) as a workaround
for devices that take over 200 ms to reply to GO Negotiation Response.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-11 21:14:57 +03:00
Christian Lamparter
f0c7a986bb AP: Fix erroneous "station tried TKIP" error
The commit b5fd8b1833
"VHT: Do not allow use of TKIP with VHT" introduced
an off-by-one regression: a WPA/RSN 11n AP would no
longer accept stations to connect, instead it would
produce a bogus error message:
... Station tried to use TKIP with HT association.

Signed-hostapd: Christian Lamparter <chunkeey@googlemail.com>
2012-08-11 10:53:03 +03:00
Mahesh Palivela
9615994ea6 VHT: Add configuration of operating center frequency
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:54:54 +03:00
Mahesh Palivela
140e850a66 VHT: Add option for requiring use of VHT
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:53:24 +03:00
Mahesh Palivela
14708b501f VHT: Add VHT elements into (Re)Association Response
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:51:17 +03:00
Mahesh Palivela
b5fd8b1833 VHT: Do not allow use of TKIP with VHT
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:50:37 +03:00
Mahesh Palivela
de3cdf354a VHT: Store VHT capabilities and manage VHT flag for STAs
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:49:18 +03:00
Mahesh Palivela
74b95d1dc0 VHT: Include VHT capabilities and operation elements in parsing
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:39:43 +03:00
Jouni Malinen
a7f10d65f4 PMKSA: Set cur_pmksa pointer during initial association
cur_pmksa was left to NULL during the initial association. This can
result in unexpected behavior, e.g., in expiring PMKSA cache entries
since the current entry is not locked in that case. Fix this by updated
cur_pmksa when adding the initial PMKSA entry during msg 1/4 processing.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-08-10 18:05:03 +03:00
Dan Williams
0e502f97c5 PMKSA: Do not evict active cache entry when adding new ones
If the PMKSA cache is full (i.e., 32 candidates have been seen in scan
results and have not yet expired) then any additional entries can
potentially evict the current/active entry (if it is the oldest entry),
which triggers a pointless local deauthentication. The supplicant
shouldn't replace the current/active entry if it is still valid, but
instead the oldest entry that is *not* the current/active one.

Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
2012-08-10 17:55:17 +03:00
Michael Braun
473b6f22e9 Fix WPA GTK rekeying with multiple VLANs
When using multiple VLANs, GKeyDoneStations counter is not updated
properly since wpa_auth_for_each_sta() call in wpa_group_setkeys() ends
up iterating through all STAs and not just the STAs of a specific
wpa_group (VLAN). Consequently, GTK rekeying gets initialized multiple
times if more than a single group state machine exists. Fix this by
iterating only through the STAs in the specific wpa_group.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
intended-for: hostap-1
2012-08-10 16:51:56 +03:00
Michael Braun
03a6a2e972 Add option to use netlink to create and remove VLAN interfaces
CONFIG_VLAN_NETLINK=y build option can now be used to replace the
ioctl()-based interface for creating and removing VLAN interfaces
with netlink-based interface.

Signed-hostap: M. Braun <michael-dev@fami-braun.de>
2012-08-10 14:09:05 +03:00
Michael Braun
a00237ceb8 Add hostapd configuration option to set VLAN naming scheme
Signed-hostap: M. Braun <michael-dev@fami-braun.de>
2012-08-10 14:09:03 +03:00
Jouni Malinen
1d0c6fb1eb nl80211: Fix re-enabling of 802.11b rates after P2P use
Commit a11241fa11 removed the 802.11b rate
enabling/disabling code from wpa_driver_nl80211_set_mode() and while
doing that, removed the only place where drv->disabled_11b_rates was
set. Fix this by updating the flag in nl80211_disable_11b_rates(). In
addition, re-enable the 802.11b rates when changing to non-P2P mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-10 11:48:57 +03:00
Rajkumar Manoharan
edb9bfba89 nl80211: Disable 11b rates on configuring P2P interface
Right now 11b rates are masked out while creating a P2P interface,
but this is always failing as the interface is down. Most drivers
allow to configure rates only when the interface is UP and running.
So let us disable 11b rates when interface type is changed into a
P2P type and it is UP and running.

Signed-hostap: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
2012-08-10 11:35:33 +03:00
Jouni Malinen
d99619b243 Sync with linux/nl80211.h in wireless-testing.git
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-10 11:21:16 +03:00
Jouni Malinen
df2f9ec6b2 nl80211: Add nla_put_u32() wrapper for Android
The system/core/libnl_2 re-implementation in AOSP does not include
nla_put_u32().

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-09 18:45:39 +03:00
Jouni Malinen
f54eb34995 Add extra validation of EAP header length field
These validation steps are already done in the EAP parsing code and in
the EAP methods, but the additional check is defensive programming and
can make the validation of received EAP messages more easier to
understand.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 23:03:25 +03:00
Jouni Malinen
bf0d9ae40f Add explicit EAPOL-Key length validation in processKey()
These checks would not really be needed since eapol_sm_rx_eapol()
validates the length fields. Anyway, these makes it more obvious to
anyone reviewing the code that there are no integer underflow issues in
processKey().

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 21:59:15 +03:00
Jouni Malinen
70a26e708c Share a single definition of EAPOL-Key structure for WEP keys
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 21:27:01 +03:00
Jouni Malinen
47e9d50d18 RADIUS: Add explicit attribute length validation checks in functions
These checks would not really be needed since radius_msg_parse()
validates the attribute header fields. Anyway, these makes it more
obvious to anyone reviewing the code that there are no integer underflow
issues in the functions processing RADIUS attributes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 21:11:04 +03:00
Jouni Malinen
c50b0233ed Add sparse endianness annotation for RADIUS header
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 20:54:08 +03:00
Jouni Malinen
d56af7f8cb Fix byte order of VHT Basic MCS set for big endian hosts
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 20:49:23 +03:00
Jouni Malinen
8bea63e095 Use shared function for adding common RADIUS attributes
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 19:13:15 +03:00
Jouni Malinen
e100828b76 Return wpabuf from radius_msg_get_eap()
This simplifies the implementation by using the buffer type to which the
returned data will be converted anyway. This avoids one memory
allocation for each processed RADIUS message.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 18:14:42 +03:00
Jouni Malinen
95ac3bf49f nl80211: Share common function for scan parameters
trigger_scan and start_sched_scan can share code for building the
common attributes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 17:48:52 +03:00
Jouni Malinen
f0494d0f95 nl80211: Check nla_put_nested() return value and handle errors
Couple of functions did not verify that nla_put_nested() succeeded. Fix
these by checking the return value and handling error cases cleanly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 17:27:55 +03:00
Jouni Malinen
6afbc3d698 nl80211: Fix netlink error paths in sched_scan() handler
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 17:11:08 +03:00
Jouni Malinen
e122bb70b8 hostapd: Add alternative format for configuring SSID
The new ssid2 parameter can be used as an alternative mechanism for
configuring SSID for hostapd. It uses the same formats that
wpa_supplicant uses in the configuration file for strings.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 16:27:40 +03:00
Jouni Malinen
b87d70c88a Make wpa_config_parse_string() a shared function
This will be used in future hostapd configuration parser changes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 16:13:51 +03:00
Jouni Malinen
986de33d5c Convert remaining SSID routines from char* to u8*
This makes it more explicit that the SSID is not a null terminated
C string.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 16:07:25 +03:00
Jouni Malinen
771e2f7b33 GAS server: Add forgotten break statement to a switch case
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 15:46:26 +03:00
Jouni Malinen
6bc1f95613 Use printf escaping in SSID-to-printable-string conversion
Instead of masking out non-ASCII characters with underscores, espace the
SSID data using rules compatible with printf.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 13:32:57 +03:00
Jouni Malinen
0d7773b63f Add routines for encoding/decoding printf escaping mechanism
This can be used to build ASCII strings from binary data that is
more likely to use ASCII (i.e., text format is more natural
option than hexdump, but there is possibility of some non-ASCII
characters).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 13:30:13 +03:00
Jouni Malinen
5ff72bdcab edit: Clear edit line on deinit when using readline
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-05 21:45:43 +03:00
Janusz Dziedzic
4307bb8c85 wpa_cli: Print nice prompt when using remote UDP
When CONFIG_CTRL_IFACE=udp-remote is used, print user frendly PS in
wpa_cli. E.g.,
localhost/wlan0>
192.168.1.1/p2p-wlan-0-0>

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:50:17 +03:00
Jouni Malinen
15b97bc3b5 edit: Add support for prompt string with readline
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-05 20:48:54 +03:00
Jouni Malinen
4c3b921ebf edit: Add support for prompt string with internal line edit
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-05 20:48:25 +03:00
Janusz Dziedzic
2d2398a11f edit: Add support for setting prompt string
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:46:34 +03:00
Janusz Dziedzic
d302edd3c4 wpa_cli: Add support for remote access
wpa_cli can be used now as a client for remote access to ctrl_interface
of wpa_supplicant when UDP and remote options are used.

You can simply run:
wpa_cli -i <hostname>:[port]
wpa_cli -i <IP>:[port]

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:09:22 +03:00
Janusz Dziedzic
afadf423db wpa_supplicant: Add optional remote access for ctrl_iface
Add new option for ctrl iface: CONFIG_CTRL_IFACE=udp-remote. This
enables remote access to control interface via UDP port(s). This should
be used for testing purpose only since there is no authentication or
access control on the commands.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:01:07 +03:00
Baruch Siach
37d428aef9 accounting: Staticise accounting_sta_interim
This routine is not used anywhere else.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-08-05 19:40:49 +03:00
Jouni Malinen
55651a4bed OpenSSL: Remove trailing whitespace from lines
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-05 00:38:08 +03:00
Christopher Wiley
d8858cadeb OpenSSL: Fix ca_cert_verify for TPM
This bit is set in the code path that handles keys and certs from places
other than OpenSSL authentication engines. Setting this bit causes
authentication to fail when the server provides certificates that don't
match the client certificate authority.
2012-08-05 00:36:08 +03:00
Michael Braun
59dff51dc8 Fix endless loop in PSK fetching with PSK-from-RADIUS
Commit 05ab9712b9 added support for
fetching WPA PSK from an external RADIUS server and changed
hostapd_wpa_auth_get_psk() to always return the RADIUS supplied PSK (if
set) and ignore the prev_psk parameter for iteration. Fix this by
appending the RADIUS supplied PSK to the list iterated by
hostapd_get_psk and thus returning NULL when prev_psk == sta->psk
(RADIUS).

Signed-hostap: M. Braun <michael-dev@fami-braun.de>
2012-08-04 20:55:47 +03:00
Ben Greear
addde1399e Better logging for ioctl set flags failure
Let user know if the call failed setting interface up vs. down.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-08-04 20:41:35 +03:00
Ben Greear
4fdc8def88 Make UNIX socket non-blocking for ctrl_iface
This keeps wpa_cli from hanging forever if the other end of the socket
dies.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-08-04 20:34:27 +03:00