Commit Graph

2334 Commits

Author SHA1 Message Date
Jouni Malinen
bb45b6d79a WPS: Add new mechanism for communicating NFC tag read events
hostapd ctrl_iface can now be used to deliver payload from read
operation of an NFC tag. This allows operations without having to have
low-level NFC code within hostapd. For now, the new wps_nfc_tag_read
command can be used with NFC password tokens for the case where the AP
has an NFC device that is used to read an NFC tag from the station
Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:13 +03:00
Jouni Malinen
3f2c8ba6d3 WPS: Add new mechanism for NFC config method using password token
Instead of requiring low-level access to an NFC device and synchronous
operations, the new WPS_NFC_TOKEN and WPS_NFC ctrl_iface commands can be
used to build a NFC password token and initiate WPS protocol run using
that token (or pre-configured values) as separate commands. The
WPS_NFC_TOKEN output can be written to a NFC tag using an external
program, i.e., wpa_supplicant does not need to have low-level code for
NFC operations for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
6b5a0c9466 WPS: Move attribute parser definitions into a new header file
This allows wps/wps_attr_parse.h to be included into files outside
src/wps.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
78e625f79a WPS: Split wps_build_oob_dev_password() into parts
This allows sharing of a function to build the attribute without
changing the OOB parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
8a13732f83 NDEF: Mark input data const when it is not modified
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
2f425090fb WPS: Allow NDEF functions to be used from outside src/wps
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
e524ebe387 NDEF: Skip unnecessary wpabuf to ptr/len conversion
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
a0d0c560c3 Add dh5_init_fixed() to allow fixed DH parameters to be used
This allows pre-configured private and public key to be used when
initializing DH for group 5.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
0965813640 WPS: Fix OOB Device Password use for EAP-WSC peer
The OOB Device Password is passed in as a hexdump of the real Device
Password (16..32 octets of arbitrary binary data). The hexdump needs to
be converted to binary form before passing it for WPS processing.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
4e0131d351 WPS: Add support for OOB dev password lengths 16..31
Previously, only the maximum length 32 octets for OOB device password
was accepted. Since the specification allows a shorter password to be
used with limited OOB mechanism (e.g., small NFC tag), we should accept
lengths 16..32.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
582143e544 WPS: Fix potential memory leak with NFC password token
The old stored public key hash needs to be freed before replacing
the pointer with the new value.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
7be6dc2e96 WPS: Fix NFC password token building with WPS 2.0
The earlier WPS 2.0 changes did not increase the wpabuf size when
adding a new attribute to the NFC password token. This could result
in aborting the application on wpabuf overflow if NFC out-of-band
mechanism is used with WPS 2.0 enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-27 21:21:11 +03:00
Thomas Pedersen
1b487b8b1e nl80211: Handle CH_SWITCH event
Some drivers may independently decide to switch channels. Handle this by
updating the hostapd and wpa_supplicant AP and GO configuration.

Signed-hostap: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
2012-06-25 14:45:14 +03:00
Jouni Malinen
e7381b8473 Sync with include/linux/nl80211.h from wireless-testing.git
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-25 14:34:22 +03:00
Jouni Malinen
296a34f0c1 Remove STA entry from AP when starting TKIP countermeasures
Previously, the STA entry was removed only from the driver and the STA
entry within hostapd was just marked disassociated. However, this left
the WPA authenticator state machine with an entry and the session was
not terminated properly. In addition, the STA entry could have remaining
indefinitely if the STA did not reconnect after TKIP countermeasures.
Fix this by removing the STA entry from hostapd instead of just leaving
it disassociated.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-25 13:53:24 +03:00
Yoni Divinsky
9148ae58d0 hostapd: Fix PBC config method of WSC IE in Beacon/Probe Response
In AP which supports WPSv2 with only virtual push button, when PBC is
called, the WSC IE should include Selected Registrar Configuration
Methods attribute with the bit of the physical push button not set.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-06-25 12:20:37 +03:00
Ben Greear
f115560c21 eloop/poll: Handle POLLER | POLLHUP in read logic
Without this, we can get into a tight loop because the
code in general doesn't add eloop exception handlers,
so socket reporting the POLLERR would never be read.

With this change, any socket with POLLERR or POLLHUP
asserted will be handled by the read logic.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-06-24 13:19:34 +03:00
Johannes Berg
cad0f50e02 nl80211: Simplify cbmsg buffer
The control message received from the kernel needs some space, but
there's no need for the strange typing that breaks clang compilation.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-06-23 20:37:09 +03:00
Jouni Malinen
ecabb132b9 atheros: Remove unused variables
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-23 20:34:29 +03:00
Baruch Siach
e2e984ea06 atheros: Fix build when WPS and IEEE80211R are both disabled
Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-23 20:33:50 +03:00
Jouni Malinen
182748e4fb Copy Chargeable-User-Identity in PMKSA caching case
Maintain a copy of Chargeable-User-Identity in the PMKSA cache to allow
it to be included in accounting messages even if full authentication was
not completed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:51:57 +03:00
Jouni Malinen
302fc0a3c7 RADIUS DAS: Support Chargeable-User-Identity with Disconnect-Request
Chargeable-User-Identity can now be used in Disconnect-Request to
identify the station to be disconnected.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:44:46 +03:00
Jouni Malinen
e58b5ffed7 RADIUS: Fix a typo in attribute name in debug messages
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:39:29 +03:00
Jouni Malinen
ff7e4589ea RADIUS DAS: Add Event-Timestamp attribute into ACK/NAK messages
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:35:03 +03:00
Jouni Malinen
8047a95809 RADIUS DAS: Add support for Disconnect-Request
Calling-Station-Id, Acct-Session-Id, and User-Name attributes in a
Disconnect-Request message can now be used to indicate which station is
to be disconnected.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:30:01 +03:00
Jouni Malinen
fc2a924a8c RADIUS DAS: Check Disconnect-Request attributes
Reject Disconnect-Request if it includes unsupported attributes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 18:14:43 +03:00
Jouni Malinen
bde7ba6caf RADIUS DAS: Validate Event-Timestamp
DAS will now validate Event-Timestamp value to be within an acceptable
time window (300 seconds by default; can be set using
radius_das_time_window parameter). In addition, Event-Timestamp can be
required in Disconnect-Request and CoA-Request messages with
radius_das_require_event_timestamp=1.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 17:43:36 +03:00
Masashi Honma
c2d76aa624 P2P: Add p2p_client_list support for FullMAC Persistent GO
Currently, FullMAC Persistent GO can't use p2p_client_list because its
own hapd->p2p_group is NULL at ap_sta_set_authorized(). This patch
changes the processing to use sta->p2p_ie instead of
p2p_group_get_dev_addr() on FullMAC GO.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-06-17 11:58:46 +03:00
Jouni Malinen
f33bc03582 P2P: Fix P2P Client Discoverability bit updates
The P2P Client Discoverability bit is reserved in most frames and its
value in the local P2P peer table should only be updated based on P2P
Group Info attribute from a GO. Fix this by avoiding changes to this
dev_capab bit based on other P2P frames. It would be more correct to
track this separately for each group in which the peer is a member, but
since we do not do that for the other group specific information either,
this can do for now.

It should be noted that prior to commit
18485b5469 wpa_supplicant set this bit in
all P2P frames. However, that commit changed this to match the
specification, i.e., the bit is not set in frames which are received
from P2P Device role. As such, this fix is needed to be able to figure
out that a peer supports client discoverability capability after that
commit.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-16 20:17:39 +03:00
Masashi Honma
18485b5469 P2P: Fix setting of P2P Client Discoverability bit
In the P2P specification v1.1, the P2P Client Discoverability bit is
described in Table 12 "Device Capability Bitmap definition". The table
says "Within a P2P Group Info attribute and a (Re)association request
frame the P2P Client Discoverability field shall be set to 1 when the
P2P Device supports P2P Client Discoverability, and is set to 0
otherwise. This field shall be reserved and set to 0 in all other frames
or uses.". To match with this, filter out P2P Client Discoverability bit
from frames where its use is reserved.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-06-16 19:54:47 +03:00
Jouni Malinen
1cebaabd80 EAP-SIM/AKA server: Allow pseudonym to be used after unknown reauth id
If the peer uses an unknown reauth id, it would still be possible to use
pseudonym instead of permanent id. Allow this by changing the
AT_PERMANENT_ID_REQ to AT_FULLAUTH_ID_REQ in case unknown reauth id is
used in EAP-Response/Identity.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-06-15 18:49:54 +03:00
Jithu Jance
ef35f5a0fd P2P: Add driver op for requesting GO/AP channel switch
Signed-hostap: Jithu Jance <jithu@broadcom.com>
2012-06-10 20:54:31 +03:00
Jouni Malinen
198f82a1e3 P2P: Ignore unexpected GO Neg Resp is we have sent Resp
There is a race condition in GO Negotiation Request frame sending and
processing that may end up with both devices sending GO Negotiation
Response. This response frame was previously accepted even if a response
had already been sent. This could result in two GO Negotiation Confirm
frames being exchanged and consequently, with two separate GO
Negotiations completing concurrently. These negotiations could result in
getting mismatching parameters (e.g., both device could believe it was
the GO).

Fix this by ignoring GO Negotiation Response from the peer if twe have
already sent a GO Negotiation Response frame and we have the higher P2P
Device Address. This is similar to the rule used to determine whether to
reply to GO Negotiation Request frame when Request was already sent,
i.e., the same direction of GO Negotiation is maintained here to enforce
that only the negotiation initiated by the device with smaller P2P
Device Address is completed.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-09 18:31:24 +03:00
Neeraj Kumar Garg
a1d2ab329e P2P: Address race condition with GO Negotiation Request TX status
If both peers initiate GO Negotiation at about the same time, it is
possible for the GO Negotiation Request frame from the peer to be
received between the local attempt to send the GO Negotiation Request
and TX status event for that. This could result in both devices sending
GO Negotiation Response frames even though one of them should have
skipped this based which device uses a higher MAC address.

Resolve this race by incrementing go_neg_req_sent when p2p_send_action()
returns success instead of doing this from the TX status callback. If
the frame is not acknowledged, go_neg_req_sent is cleared in TX status
handler.

Signed-off-by: Neeraj Garg <neerajkg@broadcom.com>
2012-06-09 18:03:47 +03:00
Antonio Quartulli
dada954ad7 sta_info: Remove duplicated function declaration
In sta_info.h, ap_free_sta() was declared twice.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
2012-06-09 12:54:00 +03:00
Jouni Malinen
e22ba3e390 LibTomMath: Use 64-bit mode for mp_digit
For 64-bit x86 builds, enable 64-bit mode to optimize bignum operations
with the internal LibTomMath version.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-09 11:53:30 +03:00
Baruch Siach
3947ed96e8 atheros: Set essid length field only once
Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-08 20:28:23 +03:00
Baruch Siach
7aa4251f2f atheros: Fix build when CONFIG_WPS is disabled
The use of ETH_P_80211_RAW does not depend on CONFIG_WPS, so make its
definition independent as well.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-08 20:27:45 +03:00
Jouni Malinen
579a80982a P2P: Assume GO Negotiation failed if GO Neg Conf wait times out
Stop the connection attempt if GO Negotiation Confirm is not received
within 100 ms of the GO Negotiation Response getting acknowledged.
Previously, we would have continued trying to connect to the peer even
in this case which could result in confusing second GO Negotiation
Request frame and unnecessarily long wait before indicating failure.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-06-08 18:24:08 +03:00
Johannes Berg
792c8877c3 P2P: Send GO Negotiation Confirm without wait
The GO Negotiation Confirm frame doesn't need to be sent with a wait
since we don't expect a response to it.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-06-06 16:37:54 +03:00
Masashi Honma
135b69cc7a P2P: Use consistent Device Capability in Beacon/Probe Response
Concurrent Operation bit was not set for GO even if the device
supports concurrent operations. Make sure the Device Capability
value is consistent with other P2P use cases by using the value
determined in p2p_init().

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-06-06 12:55:44 +03:00
Paul Stewart
dd7fec1f29 wpa_supplicant: Report EAP connection progress to DBus
Send an "EAP" signal via the new DBus interface under various
conditions during EAP authentication:

  - During method selection (ACK and NAK)
  - During certificate verification
  - While sending and receiving TLS alert messages
  - EAP success and failure messages

This provides DBus callers a number of new tools:

  - The ability to probe an AP for available EAP methods
    (given an identity).
  - The ability to identify why the remote certificate was
    not verified.
  - The ability to identify why the remote peer refused
    a TLS connection.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2012-06-04 21:10:01 +03:00
Johannes Berg
24b5bd8b42 nl80211: Use safe list iteration
In certain cases like PBC session overlap it appears to be possible that
an interface is removed due to an event handled on it, this leads to
list corruption. Use safe iteration to prevent this issue.

Reported-by: Nirav Shah <nirav.j2.shah@intel.com>
Reported-by: Neeraj Kumar Garg <neerajkg@broadcom.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
intended-for: hostap-1
2012-06-04 20:25:11 +03:00
Jouni Malinen
8bd0fc0e0c Force driver to disassociate STA if no room for the STA entry
When hostapd (or wpa_supplicant AP mode) limits the maximum number
of STA entries with a driver that implements SME, the driver needs
to be notified of the failed STA addition. Disassociate the STA if
the driver notifies of an association that would go beyond the
maximum number of STAs.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-27 21:21:37 -07:00
Jouni Malinen
b6668734ab WNM: Add advertisement of BSS max idle period
If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period
information to the (Re)Association Response frame from the AP and parse
this information on the station. For SME-in-wpa_supplicant case, add a
timer to handle periodic transmission of the keep-alive frame. The
actual request for the driver to transmit a frame is not yet
implemented.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-27 17:35:00 -07:00
Jouni Malinen
b5671498bf nl80211: Use wait_time with AP mode driver SME for offchannel
When sending an offchannel frame (mainly, P2P Invitation Request), the
wait_time parameter was hardcoded to 0 for drivers that implement AP
mode SME. This is not correct and can cause problems for drivers that
support offloading of off-channel operations with driver/firmware based
AP SME.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-11 18:24:31 +03:00
Jouni Malinen
2e3e456623 nl80211: Add more debug info on NL80211_CMD_FRAME uses
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-11 18:22:53 +03:00
Jouni Malinen
3bc462cb88 P2P: Add option for Provision Discovery before GO Negotiation
This is a workaround for interoperability issues with some deployed P2P
implementations that require a Provision Discovery exchange to be used
before GO Negotiation. The new provdisc parameter for the p2p_connect
command can be used to request this behavior without having to run a
separate p2p_prov_disc command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-11 16:25:47 +03:00
Jouni Malinen
349493bd0c Validate WEP key lengths based on driver capabilities
The nl80211 driver interface does not allow 128-bit WEP to be used
without a vendor specific cipher suite and no such suite is defined for
this purpose. Do not accept WEP key length 16 for nl80211 driver
interface forn ow. wext-interface can still try to use these for
backwards compatibility.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-10 14:34:46 +03:00
Jouni Malinen
64855b9682 HS 2.0: Indicate Hotspot 2.0 in BSS table and status
If the AP indicates support for Hotspot 2.0, show this in the
ctrl_iface commands for BSS table and status.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:30:23 +03:00
Jouni Malinen
0b12e96187 HS 2.0: Parse Hotspot 2.0 IE from IE list
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:30:10 +03:00
Jay Katabathuni
c8a7f9a7b8 HS 2.0: Define Hotspot 2.0 OUI types and subtype values
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:29:25 +03:00
Jouni Malinen
051c7bbdd0 P2P: Reject PD Request for unknown group
If PD Request includes P2P Group ID, verify that the specified
group matches with a group we are currently operating. If no match
is found, reject the PD Request for join-a-group case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 17:38:57 +03:00
Jouni Malinen
6f251b6bb5 P2P: Store SSID of the group in p2p_group data
This can be used with P2P management operations that need to verify
whether the local device is operating a specific group based on
P2P Group ID attribute from a peer.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 17:38:57 +03:00
Jouni Malinen
701fe506c8 P2P: Do not use prov_disc_resp() callback for rejected PD
Commit 349b213cc8 added a separate
callback prov_disc_fail() for indicating PD failures, but it left the
Provision Discovery Response handler to call both callbacks in case the
peer rejected the PD. Commit f65a239ba4
added ctrl_iface event for PD failures. This combination can result in
two ctrl_iface events in the peer rejecting a PD case. Clean this up by
only indicating the failure event.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 17:02:28 +03:00
Jouni Malinen
3fe8b68d63 P2P: Wait 100 ms if driver fails to start listen operation
Some drivers may accept the remain-on-channel command, but instead of
indicating start event for remain-on-channel, just indicate that the
operation has been canceled immediately. This could result in continuous
loop of search/listen states with very limited time to do anything else
in wpa_supplicant if the scan command is also completed quickly (e.g.,
if the driver is unable to scan other channels than the current
operating channel).

As a workaround, do not start the next step (search) in P2P device
discovery if this type of rejection of listen operation is detected.
This gives some more time for wpa_supplicant to handle whatever else
may be needed at to be done at the same time and reduces the amount
of CPU used in a loop that does not really work correctly from the
view point of being discoverable.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-05-08 11:50:03 +03:00
Jouni Malinen
b031338cf0 Add preliminary RADIUS dynamic authorization server (RFC 5176)
This adds the basic DAS mechanism to enable hostapd to be configured
to request dynamic authorization requests (Disconnect-Request and
CoA-Request). This commit does not add actual processing of the
requests, i.e., this will only receive and authenticate the requests
and NAK them regardless of what operation is requested.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-06 22:02:42 +03:00
Jouni Malinen
af35e7af7f hostapd: Allow addition of arbitrary RADIUS attributes
New configuration parameters radius_auth_req_attr and
radius_acct_req_attr can now be used to add (or override) RADIUS
attributes in Access-Request and Accounting-Request packets.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 20:19:56 +03:00
Jouni Malinen
86f6053aa2 hostapd: Add optional Chargeable-User-Identity request (RFC 4372)
radius_request_cui=1 configuration parameter can now be used to
configure hostapd to request CUI from the RADIUS server by including
Chargeable-User-Identity attribute into Access-Request packets.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 18:19:54 +03:00
Jouni Malinen
4e132a618e hostapd: Copy Chargeable-User-Identity into accounting (RFC 4372)
If Access-Accept packet includes the Chargeable-User-Identity attribute,
copy this attribute as-is into accounting messages.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 18:05:09 +03:00
Xi Chen
f2e03085d7 WNM: Define IEEE 802.11v WNM-Sleep elements
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 18:08:19 +03:00
Rajkumar Manoharan
73cdd917a3 Define 20/40 BSS Coexistence elements
This patch defines 20/40 BSS Intolerant Channel Report element
(IEEE 802.11-2012 8.4.2.60) and 20/40 BSS Coexistence element
(IEEE 802.11-2012 8.4.2.62).

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 15:55:35 +03:00
Jouni Malinen
762e4ce620 EAP-AKA': Update to RFC 5448
There was a technical change between the last IETF draft version
(draft-arkko-eap-aka-kdf-10) and RFC 5448 in the leading characters
used in the username (i.e., use unique characters for EAP-AKA' instead
of reusing the EAP-AKA ones). This commit updates EAP-AKA' server and
peer implementations to use the leading characters based on the final
RFC.

Note: This will make EAP-AKA' not interoperate between the earlier
draft version and the new version.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-02 20:45:01 +03:00
Jouni Malinen
8351998313 EAP-AKA' server: Fix identity for MK derivation
Incorrect identity string could end up being used with EAP-AKA' when
the EAP client is using pseudonym. This code was supposed to use
sm->identity just like the EAP-AKA case.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-02 20:40:11 +03:00
Wei-Jen Lin
1c7447d08b P2P: Fix Device ID matching for Probe Request frames
The misplaced parenthesis caused Device ID matching to check only the
first octet of the P2P Device Address, i.e., we could have replied to
Probe Request frames that was searching for another device if any of
the last five octets of the address were different.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-05-02 15:19:02 +03:00
Jouni Malinen
d84b913955 Remove unused variable
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-28 18:30:41 +03:00
Jouni Malinen
e09e61c2c1 Fix compiler warning on printf format with size_t
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-28 18:30:12 +03:00
Jouni Malinen
23c84252a4 P2P: Add option to force SSID/passphrase for GO Negotiation
An existing persistent group information can now be used to force GO
Negotiation to use the previously used SSID/passphrase from a persistent
group if we become a GO. This can be used as an alternative to inviting
a new P2P peer to join the group (i.e., use GO Negotiation with GO
intent 15 instead of starting an autonomous GO and using invitation),
e.g., in case a GO Negotiation Request is received from a peer while we
are not running as a GO. The persistent group to use for parameters is
indicated with persistent=<network id> parameter to p2p_connect.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-27 18:25:30 +03:00
Jouni Malinen
c98b83f2d3 P2P: Do not update peer Listen channel based on PD/Invitation
Commits 17bef1e97a and
ffe98dfb88 started using p2p_add_device()
with other frames than just Probe Response frames from scan results.
However, these changes did not take into account that the PD Request
and Invitation Request frames are normally received on the our own
Listen channel, not on the Listen channel of the peer. As such, these
frames must not be used to update Listen channel information for the
peer.

Fix this by letting p2p_add_device() know whether the results are from
scan results and if not, skip the peer table updates that are specific
to Probe Response frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-04-26 16:11:17 +03:00
Jouni Malinen
1ceb0e1778 Fix validation of PSK-from-RADIUS-server required response
cache->psk is an array and never NULL. The check here needs to check the
cache->has_psk flag instead.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-21 19:46:58 +03:00
Jouni Malinen
93bcb70571 Sync with include/linux/nl80211.h from wireless-testing.git
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-19 20:41:42 +03:00
Deepthi Gowri
f65a239ba4 P2P: Add provision discovery failure event
Add provisional discovery failure ctrl_iface event
(P2P-PROV-DISC-FAILURE) to indicate to the application layer in case of
PD failure.

Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
2012-04-17 19:44:13 +03:00
Jouni Malinen
5b9cecafaf P2P: Fix disallowing of pending listen command to override connect
Commit d9bdba9f86 was supposed to allow
p2p_listen to schedule new after scan operation only if a p2p_connect
operation was not pending. However, it used incorrect P2P_AFTER_SCAN_
value for this and did not actually prevent overriding of p2p_connect
and could have caused some p2p_listen operations to be skipped
unnecessarily.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-04-16 18:51:33 +03:00
Jouni Malinen
7b63c6396a P2P: Clear P2P_DEV_SD_INFO when new wildcard SD query is added
Unlike the unicast SD queries, the queries directed to all peers depend
on P2P_DEV_SD_INFO flag being cleared to allow the query to be sent to
a peer that has previously replied to any SD query.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-11 17:51:19 +03:00
Jouni Malinen
a625ff6059 AP: Reschedule ap_handle_timer event on (re)association
Previously, the timeout scheduled during the previous association was
used after reassociation if the STA entry had not yet been removed. The
next timeout does not need to happen that quickly, so reschedule it
during reassociation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-11 14:24:24 +03:00
Jouni Malinen
42ca9845be AP: Add debug information for ap_handle_timer operations
This makes it easier to figure out what exactly was done with the
ap_handle_timer registration/cancellation based on a debug log.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-11 14:24:24 +03:00
Jouni Malinen
c72bd6d49b AP: Reset STA timeout_next on driver-based-SME association
The next ap_handle_timer action was already cleared when association
is handled with user space -based SME. However, this step was missing
from the driver callback for indicating new association. This could
result in the first ap_handle_timer timeout on the new association
removing the station unexpectedly. Fix this by resetting the timeout_next
in hostapd_notif_assoc().

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-04-11 14:06:50 +03:00
Jouni Malinen
31b4961f02 Fix EAP/WPS to PSK transition on reassociation in authenticator
A station may move from EAP/WPS key_mgmt to PSK using re-association. In
practice, this can happen most likely with WPS when the station runs
through the provisioning step (EAP/WPS) followed by PSK authentication.
If a deauthentication event is missed from the station for whatever
reason, the EAPOL authenticator state machine could have been left
running.

This can result in various issues, including unexpected disconnection of
the station while both the 4-way handshake and EAPOL authenticator state
machines (EAP) are running at the same time when the supplicant is
trying to use PSK. Fix this by explicitly clearing EAPOL authenticator
state machine on (re)association if the new association does not use it.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-04-10 21:30:46 +03:00
Jithu Jance
d3bd0f057c nl80211: Extend shared_freq to handle AP/GO mode interfaces
Signed-hostap: Jithu Jance <jithu@broadcom.com>
2012-04-08 20:44:05 +03:00
Jouni Malinen
7fa56233ae Scan only affected frequencies for 20/40 MHz co-ex check for
When starting an AP with HT40 on 2.4 GHz, limit the set of channels
to scan for based on the affected frequency range to speed up the
AP setup.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-08 12:12:32 +03:00
Jouni Malinen
3208b5a0fe Make random_add_randomness() debug print less verbose
Mark the debug print excessive and print it only in case the entropy
collection is used since this function can get called pretty frequently.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-08 11:34:54 +03:00
Jouni Malinen
9f98810c5d TLS: Use separate TLS library context for tunneled TLS
OpenSSL wrapper was using the same certificate store for both Phase 1
and Phase 2 TLS exchange in case of EAP-PEAP/TLS, EAP-TTLS/TLS, and
EAP-FAST/TLS. This would be fine if the same CA certificates were used
in both phases, but does not work properly if different CA certificates
are used. Enforce full separation of TLS state between the phases by
using a separate TLS library context in EAP peer implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-07 20:57:02 +03:00
Jouni Malinen
763a66f471 Remove experimental Symbian build
This was never really completed and is of not much use at this point,
so clean up the repository by removing the Symbian-specific changes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-07 13:00:30 +03:00
Dmitry Shmidt
5f97dd1c57 Add MASK=0xH option for the ctrl_iface BSS command
This optional parameter to the BSS command can be used to select which
fields are included in the output to avoid having to parse through
unneeded information and to reduce the buffer size.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-04-07 12:50:25 +03:00
Jouni Malinen
873d0fcfd3 nl80211: Skip set_mode event subscription during deinit
There is no need to subscribe to event messages during deinit process,
so skip this to avoid unnecessary operations and to keep the debug logs
a bit cleaner.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-06 18:58:44 +03:00
Ben Greear
9d05374796 Make bind failure messages unique
This helps someone know which part of the code is complaining.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-04-06 12:10:36 +03:00
Ben Greear
ce28e2795a AP: Add fuzz to idle-timer calculations
This should keep us from getting into a state where we bounce large
numbers of stations all at once. Spreading out the bounce should cause
less stress on the network as the idle stations won't all be trying to
reconnect at once.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-04-06 11:47:29 +03:00
Anirban Sirkhell
71dd3b78f9 WPS: Allow vendor specific attribute to be added into M1
wps_vendor_ext_m1 configuration parameter can now be used to add a
vendor specific attribute into the WPS M1 message, e.g., for
Windows Vertical Pairing.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-04 00:08:57 +03:00
Jouni Malinen
2e9f078c8d nl80211: Indicate disconnect event as deauthentication
This was previously indicated as disassociation, but the P2P group
session ending case expect a deauthentication notification. Since the
cfg80211 disconnection event does not really indicate which frame was
used, the easiest approach for now seems to be to just indicate these
as deauthentication events.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-03 17:11:22 +03:00
Jouni Malinen
52b2004285 Change reason code for AP mode BSS termination to 3
Use reason code 3 (Deauthenticated because sending STA is leaving)
instead of reason code 2 (Previous authentication ot valid) in the
Deauthentication frame sent at the time a BSS is terminated. This is
more accurate reason for the message and allows the stations to get
better understand on why they were disconnected. This can be useful
especially for P2P clients that can use this as a signal that the
P2P group session was ended per P2P specification section 3.2.9.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-03 16:17:38 +03:00
Eliad Peller
3c29244eb7 P2P: Add deinit_p2p_cli op to clear P2P client driver state
On P2P group removal, the GO is deinitialized correctly (and the vif
mode is set back to sta in case of nl80211), but the P2P client mode
wasn't deinitialized, and the nl80211 vif stays in P2P client mode.

Add a new deinit_p2p_cli op (similar to deinit_ap), which currently only
sets the interface back to station mode.

Signed-hostap: Eliad Peller <eliad@wizery.com>
intended-for: hostap-1
2012-04-01 21:41:23 +03:00
Johannes Berg
2d43d37ff2 DBus: Add ability to report probe requests
Some applications require knowing about probe requests to identify
devices. This can be the case in AP mode to see the devices before they
connect, or even in P2P mode when operating as a P2P device to identify
non-P2P peers (P2P peers are identified via PeerFound signals).

As there are typically a lot of probe requests, require that an
interested application subscribes to this signal so the bus isn't always
flooded with these notifications. The notifications in DBus are then
unicast only to that application.

A small test script is also included.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-04-01 21:14:48 +03:00
Johannes Berg
baf513d695 Pass signal strength through, fix units
The signal strength is currently never used as the only driver reporting
it is nl80211 which uses IEEE80211_RADIOTAP_DB_ANTSIGNAL which is never
populated by the kernel. The kernel will (soon) populate
IEEE80211_RADIOTAP_DBM_ANTSIGNAL instead though, so use that.

Also, since it was never really populated, we can redefine the signal
field to be in dBm units only.

My next patch will also require knowing the signal strength of probe
requests throughout the code (where available), so add it to the
necessary APIs.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-04-01 18:48:12 +03:00
Luciano Coelho
370b076197 hostapd: Only update already-set beacons when processing OLBC
When hostapd is about to start an AP using HT40, it starts a scan to
check whether it is allowed or not. If OLBC is detected before the
scan has completed, it sets the beacons prematurely.

To fix this, instead of setting all beacons when OLBC is detected,
only update the ones that have already been started.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2012-04-01 18:12:04 +03:00
Jouni Malinen
ca8e039fec Fix memory leaks on radius_client_send error paths
In case this function returns an error, the RADIUS message needs to
freed in the caller.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-01 17:55:20 +03:00
Jouni Malinen
8c6f80e023 Remove extra linefeed from hostapd_logger message
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-01 13:41:03 +03:00
Alexander Couzens
a4e73a0e47 Fix potential double free and use of freed memory in RADIUS client
ieee802_1x_encapsulate_radius() frees the RADIUS message if
radius_client_send() returns error. This could have resulted in use of
freed memory and double freeing of the RADIUS message if send() fails
since the message is also left in the retransmit list. Avoid this by not
returning error to the caller in such a case.

Signed-off-by: Alexander Couzens <lynxis@c-base.org>
2012-04-01 13:36:52 +03:00
Johannes Berg
da873dbb06 nl80211: Report signal strength from nl80211
Report signal strength from nl80211 events to the higher layers.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-04-01 12:39:33 +03:00
Johannes Berg
4f68895e92 debug: Add option to log to Linux tracing
Add the option (-T) to wpa_supplicant to log all debug messages into the
kernel tracing, allowing to aggregate kernel debugging with
wpa_supplicant debugging and recording all with trace-cmd.

Since tracing has relatively low overhead and can be filtered
afterwards, record all messages regardless of log level. However, it
will honor the -K option and not record key material by default.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-03-31 13:55:33 +03:00
Jouni Malinen
526ec4aee8 P2P: Use P2P Device ID attribute if Device Info not available
The "BSS p2p_dev_addr=address" command uses p2p_parse_dev_addr() to
figure out the P2P Device Address of the GO from scan results. This used
to work only if the P2P IE was received from Probe Response frames since
only those include the P2P Device Info attribute. Make this work with
Beacon frames, too, by using P2P Device ID attribute if the P2P Device
Info attribute is not present.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-03-30 15:50:33 +03:00
Bala Shanmugam
1f6c0ab872 Allow background scan period to be configured
A network block specific background scan period can now be configured
for drivers that implement internal background scan mechanism for
roaming and BSS selection.

Signed-hostap: Bala Shanmugam <bkamatch@qca.qualcomm.com>
2012-03-30 15:20:35 +03:00
Subrat Dash
0e28de0d2b TDLS: Add support for TDLS frame RX with bridge interfaces
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-03-30 11:12:33 +03:00
Anirban Sirkhell
4c374cde2f Add wps_cancel for hostapd_cli
Implement wps_cancel for hostapd similarly to how it was already
supported in wpa_supplicant AP mode.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-03-30 11:11:35 +03:00
Jouni Malinen
21d996f775 P2P: Add support for preferred channel list
p2p_pref_chan configuration parameter can now be used to set the
list of preferred channel for P2P GO Negotiation. This will be used
in the priority order if the peer does not support the channel we
are trying to use as the GO (configured operating channel or the
best 2.4 GHz/5 GHz channel) for the case where a forced channel is
not used.

p2p_pref_chan=<op class:channel>,...

For example:
p2p_pref_chan=81:1,81:2,81:3,81:4,81:5,81:6

This would configure 2.4 GHz channels 1-6 as the preferred ones with
channel 1 the most preferred option.

These configuration parameters can be set in wpa_supplicant.conf and
dynamically updated with "wpa_cli set <param> <value>".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-03-29 21:28:34 +03:00
Jouni Malinen
84949a411c Fix eapol_test build without CONFIG_PCSC=y
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-03-29 20:44:36 +03:00
Vasanthakumar Thiagarajan
a0133ee1c9 nl80211: Make use of driver's capability to detect inactive stations
When drivers advertise their capability to free up inactive
stations based on ap_max_inactivity, send the inactivity period
timeout to driver in NL80211_ATTR_INACTIVITY_TIMEOUT. This
introduces a WPA_DRIVER_FLAGS (WPA_DRIVER_FLAGS_INACTIVITY_TIMER)
so that the inactivity period will be sent only when this capability
bit is set.

Signed-hostap: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
2012-03-27 20:49:44 +03:00
Jouni Malinen
17e729d49c Sync with include/linux/nl80211.h from wireless-testing.git
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-03-27 20:49:39 +03:00
Aarthi Thiruvengadam
e1bd4e1934 nl80211: Fix deauth/disassoc for AP mode SME-in-driver case
When the driver (or firmware) implements AP mode SME, the use of raw
management frame TX functions is not working properly at the moment. As
an initial step, convert these AP mode operations to use
NL80211_CMD_DEL_STATION and do not claim that driver provides TX status
for deauth/disassoc frames. While this does not address all use cases
(e.g., reason code is not specified in the command), this fixes number
of issues where the station does not get disconnected properly.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-03-14 14:06:06 -10:00
Masashi Honma
e4e3131d68 WPS: Select the BSD license terms as the only license alternative
I changed license terms which I can change.
(email of Mon, 5 Mar 2012 22:59:02 +0900 to hostap@lists.shmoo.com)
2012-03-05 17:15:47 +02:00
Jouni Malinen
e19467e161 TTLS: Fix peer challenge generation for TTLS/MSCHAPv2
Commit 30680e9332 changed the length
of the implicit challenge result to match with the exact length used
in TTLS. However, it failed to update the peer_challenge generation
to use a separate random value. Previously, this was generated as
part of the implicit challenge, but more correct way would have been
to generate a random value for it separately. Do this now to fix the
read after the allocated buffer (16 bytes after the implicit
challenge).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-03-05 16:59:03 +02:00
Johannes Berg
c8c340a9f6 AP: remove ssi_signal from ap_info
It is never used.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-03-05 16:38:26 +02:00
Jouni Malinen
7f41c92bd6 Interworking: Use EAP-AKA if USIM is used
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-03-04 16:11:02 +02:00
Jouni Malinen
5464bcbcff SCARD: Increase application template DO buffer size
This DO has a maximum length of 127 bytes (TS 102 221), so better use
large enough buffer when reading the record.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-03-03 18:15:23 +02:00
Jouni Malinen
9779e122cd SCARD: Move SIM file definitions into the C file
These are used only within pcsc_funcs.c so no need to define the
file identifiers in the header file.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-03-03 18:10:37 +02:00
Jouni Malinen
67303a5479 SCARD: Add function for fetching PIN retry counter
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-03-03 13:51:34 +02:00
Jouni Malinen
a8f3bfc421 SCARD: Add debug dumps of FCP template TLVs in SELECT response
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-03-03 13:28:46 +02:00
Jouni Malinen
f41ed0f845 SCARD: Reindent scard_parse_fsp_templ()
This was left at incorrect indentation level when moved to a separate
function.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-03-03 12:35:14 +02:00
Jouni Malinen
10531d2166 P2P: Fix provisioning info clearing after successful WPS step
Previously, this provisioning info was cleared using the P2P Interface
Address of the GO as the key. That did not always work in the case the
where we joined an already running group. This could result in the next
connection to that same GO skipping provision discovery. Fix this by
finding the peer entry based on its P2P Device Address instead of the
P2P Interface Address which may not always be set.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-03-01 22:06:03 +02:00
Jouni Malinen
1affa36cb5 WPS: Invalidate wildcard PIN on other radios after successful use
If a wildcard PIN is used on any of the radios that hostapd is
controlling, invalidate the matching PIN on all the other radios
to avoid multiple uses of the same PIN.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-29 20:42:48 +02:00
Jouni Malinen
360182ed7c P2P: Advertise immediate availability of WPS credential
Use Device Password ID in WSC IE of Probe Request and Probe Response
frames to advertise immediate availability of WPS credentials per P2P
specification sections 3.1.2.1.1 (Listen State), 3.1.2.1.2 (Scan Phase),
and 3.1.2.1.3 (Find Phase).

For now, the Device Password ID is set only for the case where we are
active GO Negotiation with a specific peer. In practice, this means that
the Probe Response frames during pending GO Negotiation (whenever in
Listen state) indicate availability of the credential.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-27 23:14:35 +02:00
Jouni Malinen
78db55b800 P2P: Make p2p_flush stop P2P operations consistently
p2p_flush did not explicit stop all P2P operations, i.e., the exact
behavior depended on the P2P module state at the time the p2p_flush
command was issued. Make this more consistent by explicitly calling
p2p_stop_find() from p2p_flush().

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-27 19:10:04 +02:00
Jouni Malinen
1a9c618d3f P2P: Fix remain-on-channel use with PD/Invitation Request while in Listen
If Listen state was in progress on another channel when a request to
send an Action frame (e.g., Provision Discovery Request or Invitation
Request to a peer on the peer's Listen channel that is different from
our Listenc hannel) is issued, wpa_supplicant tried to use concurrent
remain-on-channel operations. While some drivers can handle this
cleanly, there are drivers that don't and wpa_supplicant is not expected
to request concurrent remain-on-channel operations.

Fix this by cancelling the ongoing remain-on-channel with stop_listen
prior to sending the Action frame on another channel. If a P2P search
was in progress, it will be continued after the timeout on the new
operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-27 17:23:41 +02:00
Jouni Malinen
648cc711a5 GAS server: Add support for ANQP Venue Name element
The new venue_name configuration parameter can now be used to configure
the ANQP Venue Name values that stations can request through GAS.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-26 22:53:22 +02:00
Jouni Malinen
3eaee4bf4b GAS server: Add support for ANQP Roaming Consortium list
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-26 22:53:16 +02:00
Jay Katabathuni
dca30c3fb7 Interworking: Add GAS server support for AP mode
This adds GAS/ANQP implementation into hostapd. This commit brings in
the basic GAS/ANQP functionality, but only the ANQP Capability List
element is supported.

For testing purposes, hostapd control interface SET command can be used
to set the gas_frag_limit parameter dynamically.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-26 22:52:53 +02:00
Jay Katabathuni
fb80e86e7d Add hostapd_drv_send_action()
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-26 22:52:37 +02:00
Jouni Malinen
6bcf537833 pcsc: Allow T1 protocol to be enabled
The previous implementation was hardcoding only T0 protocol to be
acceptable. Allow T1 to be selected, too.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-26 13:14:46 +02:00
Jouni Malinen
f64adcd71e Allow PC/SC reader to be selected and initialized at start
New global configuration parameters pcsc_reader and pcsc_pin can now be
used to initialize PC/SC reader context at start of wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-26 13:09:30 +02:00
Jouni Malinen
3825a19bfa Generate random ANonce instead of one based on Counter
Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
ambiguous. The Authenticator state machine uses a counter that is
incremented by one for each 4-way handshake. However, the security
analysis of 4-way handshake points out that unpredictable nonces help in
preventing precomputation attacks. Instead of the state machine
definition, use an unpredictable nonce value here to provide stronger
protection against potential precomputation attacks.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-26 12:06:36 +02:00
Jithu Jance
e60b295186 Add wpa_supplicant AP mode STA deauthenticate/disassociate commands
Move disassociate and deauthenticate commands to ctrl_iface_ap.c, so
that they ares accessible for wpa_supplicant AP mode and wpa_cli (with
CONFIG_AP option enabled).

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2012-02-25 17:22:48 +02:00
Jouni Malinen
974c56ac24 WPS UPnP: Clean up URL parser
Remove unnecessary second copy of the URL and too long memory
allocation. In addition, avoid use of strcpy() to keep static analyzers
happier.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-19 13:19:34 +02:00
Jouni Malinen
4a0d25f08a Android: Extend debug logging to include wpa_dbg and hexdump
This makes the Android debug logs from logcat quite a bit more helpful
in debugging wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-18 20:59:24 +02:00
Jouni Malinen
6d441b0da2 wext: Filter unexpected interface added/up events
It looks like a RTM_NEWLINK event claiming the interface to be UP is
delivered just before removing an interface after having first indicated
that the interface was going down/removed. Ignore this event if the
interface is not present anymore at the moment the event is processed.
This fixes issues where an interface that was re-added after being
removed did not get reconfigured properly.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-02-18 13:28:21 +02:00
Jouni Malinen
d1f4942ba1 nl80211: Filter unexpected interface added/up events
It looks like a RTM_NEWLINK event claiming the interface to be UP is
delivered just before removing an interface after having first indicated
that the interface was going down/removed. Ignore this event if the
interface is not present anymore at the moment the event is processed.
This fixes issues where an interface that was re-added after being
removed did not get reconfigured properly.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-02-18 13:13:23 +02:00
Jouni Malinen
8a6a1e1b14 nl80211: Indicate p2p_probe in debug log as scan parameter
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-18 12:39:01 +02:00
Jouni Malinen
0047c047fc EAP-SIM/AKA server: Fix re-authentication not to update pseudonym
AT_NEXT_PSEUDONYM is supposed to be included only in the Challenge
messages, not in the Re-authentication messages. This attribute was
incorrectly included in the Re-authentication messages and could have
been used to update the pseudonym state on the server without the peer
updating its state.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-02-16 23:31:30 +02:00
Jouni Malinen
05c15c897d EAP-AKA peer: Clean up forgetting-id debug prints
Do not show forgetting of old id values if no value was stored.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-16 23:25:53 +02:00
Shan Palanisamy
deca6eff74 atheros: Add new IEEE 802.11r driver_ops
Add support to send Action frames to the driver.
Add support for TSPEC req and adding STA node to the driver.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:57:33 +02:00
Shan Palanisamy
e03c3069ba Clear WEP configuration on interface deinit
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:48:48 +02:00
Shan Palanisamy
4b8a59e40e Split hostapd_cleanup_iface() into two parts
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:47:54 +02:00
Shan Palanisamy
ed53dec023 Split hostapd_cleanup() into two parts
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:47:14 +02:00
Jouni Malinen
07bcdbb150 Move hostapd_for_each_interface() and hapd_interfaces into src/ap
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:46:27 +02:00
Shan Palanisamy
9e7d033ef4 hostapd: Make sure ctrl_iface is not initialized multiple times
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:44:43 +02:00
Jouni Malinen
8b9d0bfa00 Add mechanism for disabling radio for testing purposes
"wpa_cli set radio_disabled 1/0" can be used to disable/enable
radio to simulate out-of-radio-range condition in a testbed
device.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 16:26:44 +02:00
Shan Palanisamy
56c2588aa8 atheros: Reset frame filter on deinit
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 16:25:07 +02:00
Jouni Malinen
0c01d65d6d Ignore TX status for Data frames from not associated STA
Commit d9a38716cc did this for
hostapd_eapol_tx_status() but missed the older hostapd_tx_status()
path. Address that case, too.

The TX status event may be received after a station has been
disassociated in cases where the disassociation is following a
transmission of a Data frame. Ignore such events if the STA is not
associated at the moment the event is being processed. This avoids
confusing debug entries and rescheduling of the EAPOL TX timeouts for
STAs that are still in the STA table, but are not really in active EAPOL
session.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-02-14 21:04:14 +02:00
Jouni Malinen
ff22d1e10e WPS: Fix clearing of SetSelectedRegistrar with multiple interfaces
The SetSelectedRegistrar timeout was registered for each registrar
instance, but the only context pointer (struct subscription *) was
shared with each registrar which resulted in the timeout getting
cancelled for some of the registrar instances before the selected
registrar (ER) information was cleared.

In addition, when an ER unsubscribed from receiving events, the
selected registrar information got cleared only from a single
registrar.

Fix these issues by registering a pointer to the registrar
instance in the timeout and by iterating over all UPnP interfaces
when removing a subscription.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-13 23:02:57 +02:00
Jouni Malinen
2624ed4311 eloop: Fix allocation failure handling in poll() version
eloop_sock_table_add_sock() needs to fail if pollfd array allocation
fails instead of returning success and leaving behind no buffer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-12 21:33:42 +02:00
Antonio Quartulli
e640888c5e IBSS RSN: Support authorization
In IBSS RSN cfg80211/mac80211 now waits for userspace to authorize new
stations. This patch makes wpa_supplicant notify the driver when a
station can be considered authorized.

Signed-hostap: Antonio Quartulli <ordex@autistici.org>
2012-02-12 21:12:22 +02:00
Ben Greear
2df4c4ef2f eloop: Support poll() in eloop
When using more than around 200 virtual stations, we start hitting the
max number of file descriptors supported by select(). This patch adds
support for poll(), which has no hard upper limit.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-02-12 21:12:22 +02:00