Commit Graph

938 Commits

Author SHA1 Message Date
Jouni Malinen
4a274f487a DFS: Allow 80+80 MHz be configured for VHT
This allows cases where neither 80 MHz segment requires DFS to be
configured. DFS CAC operation itself does not yet support 80+80, though,
so if either segment requires DFS, the AP cannot be brought up.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-09 14:25:55 +03:00
Jouni Malinen
eefec1e40b AES: Extend key wrap design to support longer AES keys
This adds kek_len argument to aes_wrap() and aes_unwrap() functions and
allows AES to be initialized with 192 and 256 bit KEK in addition to
the previously supported 128 bit KEK.

The test vectors in test-aes.c are extended to cover all the test
vectors from RFC 3394.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-07 14:57:06 +03:00
Jouni Malinen
a61fcc131a Clean up authenticator PMKSA cache implementation
This makes the implementation somewhat easier to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-04 23:01:08 +03:00
Jouni Malinen
cb129db34c Clear PMKSA cache entry data when freeing them
Avoid leaving the PMK information unnecessarily in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-04 23:01:08 +03:00
Jouni Malinen
8c8d26aada Remove unnecessary PMKSA cache freeing step
_pmksa_cache_free_entry() is a static function that is never called with
entry == NULL, so there is no need to check for that.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-04 23:01:08 +03:00
Jouni Malinen
9c829900bb Fix authenticator OKC fetch from PMKSA cache to avoid infinite loop
If the first entry in the PMKSA cache did not match the station's MAC
address, an infinite loop could be reached in pmksa_cache_get_okc() when
trying to find a PMKSA cache entry for opportunistic key caching cases.
This would only happen if OKC is enabled (okc=1 included in the
configuration file).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-04 23:01:08 +03:00
Jouni Malinen
47ea24c13d Fix PMKSA cache timeout from Session-Timeout in WPA/WPA2 cases
Previously, WPA/WPA2 case ended up using the hardcoded
dot11RSNAConfigPMKLifetime (43200 seconds) for PMKSA cache entries
instead of using the Session-Timeout value from the RADIUS server (if
included in Access-Accept). Store a copy of the Session-Timeout value
and use it instead of the default value so that WPA/WPA2 cases get the
proper timeout similarly to non-WPA/WPA2 cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-04 23:01:08 +03:00
Kyeyoon Park
39323bc16a AP: hostapd_setup_bss() code clean-up
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-29 13:10:13 +03:00
Philippe De Swert
375f4a3b5a hostapd: Avoid dead code with P2P not enabled
In case P2P is not enabled the if (dev_addr) is always ignored as
dev_addr will be NULL. As this code is relevant only to P2P, it can be
moved to be the ifdef to avoid static analyzer warnings. (CID 72907)

Signed-off-by: Philippe De Swert <philippe.deswert@jollamobile.com>
2014-09-28 20:47:06 +03:00
Stefan Lippers-Hollmann
8c6f4a5a50 ap_config.c: fix typo for "capabilities"
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2014-09-28 11:03:48 +03:00
Sunil Dutt
c53a9bf818 Check for driver's DFS offload capability before handling DFS
This fixes couple of code paths where the WPA_DRIVER_FLAGS_DFS_OFFLOAD
flag was not checked properly and unexpected DFS operations were
initiated (and failed) in case the driver handles all these steps.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-22 16:50:28 +03:00
Darshan Paranji Sri
e4474c1c20 FT: Fix hostapd with driver-based SME to authorize the STA
The driver-based SME case did not set STA flags properly to the kernel
in the way that hostapd-SME did in ieee802_11.c. This resulted in the FT
protocol case not marking the STA entry authorized. Fix that by handling
the special WLAN_AUTH_FT case in hostapd_notif_assoc() and also add the
forgotten hostapd_set_sta_flags() call to synchronize these flag to the
driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-12 18:46:56 +03:00
Jouni Malinen
04a258e7c5 hostapd: Check that EVENT_ASSOC data is present before using it
While hostapd should not really receive the EVENT_ASSOC message for
IBSS, driver_nl80211.c could potentially generate that if something
external forces the interface into IBSS mode and the IBSS case does not
provide the struct assoc_info data. Avoid the potential NULL pointer
dereference by explicitly verifying for the event data to be present.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-08-26 17:23:02 +03:00
Jouni Malinen
6c460eaf7e Add RSN cipher/AKM suite attributes into RADIUS messages
This adds hostapd support for the new WLAN-Pairwise-Cipher,
WLAN-Group-Cipher, WLAN-AKM-Suite, and WLAN-Group-Mgmt-Pairwise-Cipher
attributes defined in RFC 7268. These attributes are added to RADIUS
messages when the station negotiates use of WPA/RSN.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-31 19:55:29 +03:00
Jouni Malinen
cdffd72173 Add WLAN-HESSID into RADIUS messages
This adds hostapd support for the new WLAN-HESSID attribute defined in
RFC 7268. This attribute contains the HESSID and it is added whenever
Interworking is enabled and HESSID is configured.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-31 19:55:29 +03:00
Jouni Malinen
69002fb0a8 Add Mobility-Domain-Id into RADIUS messages
This adds hostapd support for the new Mobility-Domain-Id attribute
defined in RFC 7268. This attribute contains the mobility domain id and
it is added whenever the station negotiates use of FT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-31 19:55:29 +03:00
Jouni Malinen
c0e46bb7d4 DFS: Remove dead assignment
set_dfs_state() return value is not currently checked anywhere, so
remove the dead assignment to avoid static analyzer complaints.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-03 00:51:47 +03:00
Jouni Malinen
b7175b4d02 Clear hostapd configuration keys explicitly
Use an explicit memset call to clear any hostapd configuration parameter
that contains private information like keys or identity. This brings in
an additional layer of protection by reducing the length of time this
type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
164a453f9b FT: Debug print extra response data
This shows any extra data from FT response and also avoids a static
analyzer warning on dead increment.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
0233dcac5b SAE: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
34ef46ce54 WEP shared key: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
870834a19b RSN authenticator: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Michal Kazior
5841958f26 hostapd: Use channel switch fallback on error
It's worth giving a try to fallback to re-starting BSSes at least once
hoping it works out instead of just leaving BSSes disabled.

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-06-28 11:13:11 +03:00
Michal Kazior
8974620e3e hostapd: Perform multi-BSS CSA for DFS properly
Currently hostapd data structures aren't ready for multi-channel BSSes,
so make DFS work now at least with single-channel multi-BSS channel
switching.

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-06-28 11:08:16 +03:00
Michal Kazior
6782b6846b hostapd: Move CSA parameters to hostapd_data
This prepares CSA structure and logic in hostapd for multi-BSS channel
switching.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2014-06-28 11:02:39 +03:00
Pontus Fuchs
dedfa440ed Print frame type name in debug output
"stype=4" becomes "stype=4 (WLAN_FC_STYPE_PROBE_REQ)" etc.

Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com>
2014-06-22 00:51:39 +03:00
Jouni Malinen
35cbadbb14 VHT: Remove useless validation code from Operating Mode Notification
This was added by commit 8a45811638
('hostapd: Add Operating Mode Notification support'), but the validation
steps cannot be true either for the channel width (which is a two-bit
subfield that cannot encode more than the list four values) or Rx NSS
(which cannot encode a value larger 7). Furthermore, the VHT_CHANWIDTH_*
defines do not match the definition of the Channel Width subfield
values.

Since this check cannot ever match, it is better to remove it to make
the code easier to understand and to avoid getting complaints about dead
code from static analyzers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-18 00:45:48 +03:00
Amarnath Hullur Subramanyam
cf1600ace4 hostapd: Configure driver ACL even if MAC address list is empty
Earlier commit related to MAC address based access control list
offloaded to the driver was not sending ACL configuration to the driver
if the MAC address list was empty. Remove this check as empty access
control list is a valid use case and sending ACL parameters should not
be dependent on whether the list is empty.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-16 16:22:36 +03:00
Jouni Malinen
da995b2e11 WNM: Use cleaner way of generating pointer to a field (CID 68099)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
062833c67c GAS server: Fix request frame length validation (CID 68098)
There seemed to be an off-by-one error in the validation of GAS request
frames. If a Public Action frame without the Action code field would
have reached this function, the length could have been passed as
(size_t) -1 which would likely have resulted in a crash due to reading
beyond the buffer. However, it looks like such frame would not be
delivered to hostapd at least with mac80211-based drivers. Anyway, this
function better be more careful with length validation should some other
driver end up reporting invalid Action frames.

In addition, the Action code field is in a fixed location, so the
IEEE80211_HDRLEN can be used here to clean up bounds checking to avoid
false reports from static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
5ce3ae4c8f HT: Use cleaner way of generating pointer to a field (CID 68097)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
1fde15a20a GAS server: Explicitly check that home realm is available
This makes the code easier to understand for static analyzers to avoid
false reports.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 19:05:33 +03:00
Jouni Malinen
aff0bee78a GAS server: Remove unused function parameter
This parameter was not used at all, so just remove the argument instead
of passing NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 19:04:17 +03:00
Jouni Malinen
bc32bb70d7 Make a code path easier for static analyzers to understand
prev cannot be NULL here in the hostapd_eid_country_add() call since
prev is set whenever start becomes non-NULL. That seems to be a bit too
difficult for some static analyzers, so check the prev pointer
explicitly to avoid false warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 15:37:31 +03:00
Darshan Paranji Sri
95b6bca66d Add rsn_pairwise bits to set_ieee8021x() driver_ops
This fixes an issue where a driver using the deprecated set_ieee8021x()
callback did not include rsn_pairwise bits in the driver configuration
even if mixed WPA+WPA2 configuration was used. This could result, e.g.,
in CCMP not being enabled properly when wpa_pairwise=TKIP and
rsn_pairwise=CCMP was used in the configuration. Fix this by using
bitwise OR of the wpa_pairwise and rsn_pairwise values to allow the
driver to enable all pairwise ciphers.

In addition, make the newer set_ap() driver_ops use the same bitwise OR
design instead of picking between rsn_pairwise and wpa_pairwise. This
makes the code paths consistent and can also fix issues with mixed mode
configuration with set_ap().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-03 13:59:22 +03:00
Jouni Malinen
3d4d2348c0 FT: Fix GTK rekeying after FT protocol
Move to PTKINITDONE state and mark PTK valid after successful completion
of FT protocol. This allows the AP/Authenticator to start GTK rekeying
when FT protocol is used. Previously, the station using FT protocol did
not get the new GTK which would break delivery of group addressed
frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-01 13:21:40 +03:00
Jouni Malinen
d92bdf9602 hostapd: Make sure hapd->drv_priv gets cleared on driver deinit
Couple of code paths in hostapd.c could have left hapd->drv_priv
pointing to memory that was freed in driver_nl80211.c when a secondary
BSS interface is removed. This could result in use of freed memory and
segfault when the next driver operation (likely during interface
deinit/removal). Fix this by clearing hapd->drv_priv when there is
reason to believe that the old value is not valid within the driver
wrapper anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-31 17:11:04 +03:00
Jouni Malinen
438e13339d hostapd: Use helper function to avoid duplicate deinit calls
These three calls were used already in three different paths. Use a
helper function to avoid adding even more copies of this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-31 15:57:36 +03:00
Michal Kazior
ac1a224092 hostapd: Clean up if interface setup fails
If for some reason interface setup fails mid-way when setting up
multi-BSS AP it was possible to get segmentation fault because driver
was not properly cleaned up.

One possible trigger, when using nl80211 driver, was udev renaming an
interface created by hostapd causing, e.g., linux_set_iface_flags() to
fail.

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-05-31 15:53:56 +03:00
Michal Kazior
81c4fca100 hostapd: Reset hapd->interface_add properly
This variable is updated when calling hostapd_if_add(), so it makes
sense to do the same thing when calling hostapd_if_remove().

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-05-31 15:49:38 +03:00
Michal Kazior
3fbd036ea9 hostapd: Prevent double interface disabling from segfaulting
Performing, e.g. `wpa_cli -p /var/run/hostapd raw DISABLE` twice led to
hostapd segmentation fault if multiple BSSes were configured. Fix this
by checking if there is anything to disable at all before trying.

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-05-31 15:46:45 +03:00
Jouni Malinen
5d67bf1566 hostapd: Fix configuration of multiple RADIUS servers with SET
The current RADIUS server pointer was updated after each SET command
which broke parsing of multiple RADIUS servers over the control
interface. Fix this by doing the final RADIUS server pointer updates
only once the full configuration is available.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-30 20:40:11 +03:00
Jouni Malinen
d73c7b9626 GAS: Send error response if no room for pending dialog context
Instead of silently dropping the response that requires fragmentation,
send an error response to the station to make it aware that no full
response will be available.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:43 +03:00
Jouni Malinen
10b58b5029 TNC: Allow TNC to be enabled dynamically
Previously, hostapd had to be started with at least one of the
configuration files enabling TNC for TNC to be usable. Change this to
allow TNC to be enabled when the first interface with TNC enabled gets
added during runtime.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-17 20:05:55 +03:00
Rajkumar Manoharan
f41d55da02 hostapd: Check for overlapping 20 MHz BSS before starting 20/40 MHz BSS
Before starting a 20/40 MHz BSS on the 2.4 GHz band, a 40-MHz-capable HT
AP is required by the rules defined in IEEE Std 802.11-2012 10.15.5 to
examine the channels of the current operational regulatory domain to
determine whether the operation of a 20/40 MHz BSS might unfairly
interfere with the operation of existing 20 MHz BSSs. The AP (or some of
its associated HT STAs) is required to scan all of the channels of the
current regulatory domain in order to ascertain the operating channels
of any existing 20 MHz BSSs and 20/40 MHz BSSs. (IEEE 802.11-2012 S.5.2
Establishing a 20/40 MHz BSS).

Add the check for an overlapping 20 MHz BSS to the initial AP scan for
the P == OT_i case in 10.15.3.2.

Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
2014-05-16 01:14:01 +03:00
Petar Koretic
c78c6b73fa WPS: Fix return value when context is not valid
If WPS isn't enabled, hostapd_cli returns 'OK' even though WPS doesn't
get activated because WPS context is not valid:

$ hostapd_cli wps_pbc
Selected interface 'wlan0'
OK

$ hostapd_cli wps_cancel
Selected interface 'wlan0'
OK

Fix this by returning appropriate error when WPS fails to activate:

$ hostapd_cli wps_pbc
Selected interface 'wlan0'
FAIL

$ hostapd_cli wps_cancel
Selected interface 'wlan0'
FAIL

Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
CC: Luka Perkov <luka.perkov@sartura.hr>
2014-05-16 00:58:48 +03:00
Jouni Malinen
c0333c8dd5 Check rx_mgmt::frame more consistently against NULL
If a driver wrapper misbehaves and does not indicate a frame body in the
event, core hostapd code should handle this consistently since that case
was already checked for in one location.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
d6c6b1fb9d Make sta NULL-check easier for static analyzers
sta == NULL check is already done above based on category !=
WLAN_ACTION_PUBLIC, but that seems to be too complex for some static
analyzers, so avoid invalid reports by explicitly checking for this
again in the WLAN_ACTION_FT case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
ee4fefc015 Remove duplicated variable zeroing
It's enough to do this once as part of the for loop.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
4a9d0ebe4a Make PMKID check easier for static analyzers
Checking sm->pmksa is sufficient here, but that seems to be too
difficult for static analyzers to follow, so avoid false reports by
explicitly checking pmkid as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
06df2aa60a Remove floating constant suffix 'd' from test coee
clang scan-build does not seem to like the 'd' suffix on floating
constants and ends up reporting analyzer failures. Since this suffix
does not seem to be needed, get rid of it to clear such warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Peng Xu
5f0bca77a8 Retry initial 20/40 MHz co-ex scan if the driver is busy
This makes the initial OBSS scans in AP mode before starting 40 MHz BSS
more robust. In addition, HT20 can be used as a backup option if none of
the scans succeed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:09 +03:00
Peng Xu
587d60d2b7 Add AP mode support for HT 20/40 co-ex Action frame
If a 2.4 GHz band AP receives a 20/40 Coexistence management frame from
a connected station with 20/40 BSS Intolerant Channel Report element
containing the channel list in which any legacy AP are detected or AP
with 40 MHz intolerant bit set in HT Cap IE is detected in the affected
range of the BSS, the BSS will be moved from 40 to 20 MHz channel width.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:09 +03:00
Peng Xu
9c47f6a2a6 hostapd: Extend support for HT 20/40 coexistence feature
Extend the minimal HT 20/40 co-ex support to include dynamic changes
during the lifetime of the BSS. If any STA connects to a 2.4 GHz AP with
40 MHz intolerant bit set then the AP will switch to 20 MHz operating
mode.

If for a period of time specified by OBSS delay factor and OBSS scan
interval AP does not have any information about 40 MHz intolerant STAs,
the BSS is switched from HT20 to HT40 mode.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:09 +03:00
Peng Xu
196c9c7cd2 Make channel parameters available in set_ap() driver operation
This provides information to allow the driver to be configured for
updated channel parameters, e.g., when dynamically changing HT20/HT40
bandwidth.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:16:51 +03:00
Maxime Bizon
2aa82e52da Interworking: Don't filter probe requests when interworking is disabled
With hidden SSID (ignore_broadcast_ssid), an IOS device trying to
connect to the AP will send a probe request with ANT == 2. If
interworking support is just compiled (not enabled), we will drop the
probe request since default ANT is 0.

Check that interworking is enabled before filtering based on ANT or
HESSID to match the behavior of code without CONFIG_INTERWORKING.

Signed-off-by: Maxime Bizon <mbizon@freebox.fr>
2014-04-24 12:15:32 +03:00
Marek Puzyniak
8a0f3bf613 AP: Fix checking if DFS is required
Sometimes function hostapd_is_dfs_required() returns -1 which indicates
that it was not possible to check if DFS was required. This happens for
channels from the 2.4 GHz band where DFS checking should not happen.
This can be fixed by returning DFS-not-required for mode different from
IEEE80211A and when DFS support is not available (ieee80211h not set).

Signed-off-by: Marek Puzyniak <marek.puzyniak@tieto.com>
2014-04-17 17:12:52 +03:00
Jouni Malinen
5583b8d1eb Document and rename HT Capability/Operation fields
This makes the definitions match the terminology used in IEEE Std
802.11-2012 and makes it easier to understand how the HT Operation
element subfields are used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 22:45:11 +03:00
Jouni Malinen
1dde5b5cdd Remove PSMP option from ht_capab
This was used to fill in the "PSMP support" subfield that was defined
during P802.11n development. However, this subfield was marked reserved
in the published IEEE Std 802.11n-2009 and it is not supported by
current drivers that use hostapd for SME either. As such, there is not
much point in maintaining this field as ht_capab parameter within
hostapd either.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 22:02:14 +03:00
Jouni Malinen
dc39004318 WPS: Remove unused WEP related functionality
Now that WPS 2.0 support is enabled unconditionally, WEP and Shared auth
type are not allowed. This made some of the older code unused and that
can now be removed to clean up the implementation. There is still one
place where WEP is allowed for testing purposes: wpa_supplicant as
Registrar trying to configure an AP to use WEP. That is now only allowed
in CONFIG_TESTING_OPTIONS=y builds, though.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 12:31:45 +03:00
Jouni Malinen
8943cc998a RADIUS server: Add support for MAC ACL
"user" MACACL "password" style lines in the eap_user file can now be
used to configured user entries for RADIUS-based MAC ACL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-29 19:31:56 +02:00
Jouni Malinen
dc87541e1e Clean up debug print for PSK file search
p2p_dev_addr was not NULL, so the all zeros case was printed as well.
Clean this up by printing p2p_dev_addr in debug prints only if it is a
real P2P Device Address.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-29 09:50:51 +02:00
Janusz Dziedzic
bbbacbf2f8 DFS: Print CAC info in ctrl_iface STATUS command
Print CAC time and CAC left time in control interface STATUS command.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-03-28 23:02:45 +02:00
Avraham Stern
3ae8b7b7a2 hostapd: Add vendor command support
Add support of vendor command to hostapd ctrl_iface.
Vendor command's format:
VENDOR <vendor id> <sub command id> [<hex formatted data>]

The 3rd argument will be converted to binary data and then passed as
argument to the sub command.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2014-03-27 15:28:44 +02:00
Pawel Kulakowski
74a1319e50 Fix issue with incorrect secondary_channel in HT40/HT80
When primary and secondary channel were switched and config was
reloaded, secondary channel was incorrectly overwritten.

Proceed as for other settings that should not be changed and don't
allow to overwrite.

Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
2014-03-27 15:22:39 +02:00
Jouni Malinen
c201f93a9e WPS: Enable WSC 2.0 support unconditionally
There is not much point in building devices with WPS 1.0 only supported
nowadays. As such, there is not sufficient justification for maintaining
extra complexity for the CONFIG_WPS2 build option either. Remove this by
enabling WSC 2.0 support unconditionally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 18:33:21 +02:00
Jouni Malinen
4d1e38be9e ACS: Fix number of error path issues
Especially when multiple BSSes are used with ACS, number of the error
paths were not cleaning up driver initialization properly. This could
result in using freed memory and crashing the process if ACS failed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 13:12:29 +02:00
Jouni Malinen
692ec3058b FT: Add support for postponing FT response
If the PMK-R1 needs to be pulled for the R0KH, the previous
implementation ended up rejecting the over-the-air authentication and
over-the-DS action frame unnecessarily while waiting for the RRB
response. Improve this by postponing the Authentication/Action frame
response until the pull response is received.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-23 18:31:06 +02:00
Jouni Malinen
70c35233ae WPS: Comment out unused AP WEP config write with WPS 2.0
The main WPS code rejects WEP parameters, so this code is not used and
can be commented out from WPS 2.0 builds. This is similar to the earlier
commit that commented out in-memory update.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-22 23:31:39 +02:00
Amar Singhal
70634eec0c hostapd: Check driver DFS offload capability for channel disablement
If the driver supports full offloading of DFS operations, do not disable
a channel marked for radar detection. The driver will handle the needed
operations for such channels.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-22 21:31:15 +02:00
Jouni Malinen
a500f3102f WPS: Comment out unused AP WEP config update with WPS 2.0
The main WPS code rejects WEP parameters, so this code is not used and
can be commented out from WPS 2.0 builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-22 19:22:10 +02:00
Jouni Malinen
1d4fe3bcbc Remove unnecessary parameter validation
This is dead code since this helper function is always called with
non-NULL pointer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-22 16:25:28 +02:00
Pawel Kulakowski
513dcec656 Don't overwrite channel on hostapd config reload
There was possibility that the current channel in Beacon information
element was incorrectly set. This problem was easily observed when
primary and secondary channel were switched and then some of hostapd
settings (for example password) were changed using WPS External
Registrar. This caused hostapd_reload_config() function overwrite the
current channel information from config file.

This patch prevents this situation and does not allow to overwrite
channel and some other settings when config is reloaded.

Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
2014-03-21 23:30:57 +02:00
Jouni Malinen
20ff2642e1 WPS: Clear WPS data on init failure
It was possible for hapd->wps_beacon_ie and hapd->wps_probe_resp_ie to
be set if WPS initialization in hostapd failed after having set these
parameters (e.g., during UPnP configuration). In addition, many of the
other WPS configuration parameters that were allocated during the first
part of the initialization were not properly freed on error paths.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-21 13:23:23 +02:00
Jouni Malinen
f4e3860f8a Fix AP mode default TXOP Limit values for AC_VI and AC_VO
These were previous set to 3.0 and 1.5 ms which ended up using values 93
and 46 in 36 usec inits. However, the default values for these are
actually defined as 3.008 ms and 1.504 ms (94/47) and those values are
also listed in the hostapd.conf example.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-17 18:48:40 +02:00
Michal Kazior
c3722e1241 ACS: Fix VHT20
The center segment0 calculation for VHT20 ACS was incorrect. This caused
ACS to fail with: "Could not set channel for kernel driver".

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-03-15 19:04:31 +02:00
Jouni Malinen
49b74430d9 Fix HT40 co-ex scan for some pri/sec channel switches
Secondary channel was compared incorrectly (-4/4 vs. actual channel
number) which broke matching neighboring 40 MHz BSSes and only the
no-beacons-on-secondary-channel rule was applied in practice. Once
sec_chan was fixed, this triggered another issue in this function where
both rules to switch pri/sec channels could end up getting applied in a
way that effectively canceled the switch.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
5bdac4abce Remove unused STA entry information
previous_ap and last_assoc_req were not really used for anything
meaninful, so get rid of them to reduce the size of per-STA memory
allocation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 09:57:10 +02:00
Jouni Malinen
c9d9ee94e5 Fix hostapd_add_iface error path to deinit partially initialized BSS
It was possible for the control interface and some of the BSS setup to
be left partially initialized in failure cases while the BSS structures
were still freed. Fix this by properly cleaning up anything that may
have passed initialization successfully before freeing memory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:46 +02:00
Jouni Malinen
8dd9f9cdde Allow management group cipher to be configured
This allows hostapd to set a different management group cipher than the
previously hardcoded default BIP (AES-128-CMAC). The new configuration
file parameter group_mgmt_cipher can be set to BIP-GMAC-128,
BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in
IEEE Std 802.11ac-2013.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:45 +02:00
Paul Stewart
db63757dbc hostapd: Supply default parameters for OBSS scan
For some client OBSS implementations that are performed in
firmware, all OBSS parameters need to be set to valid values.
Do this, as well as supplying the "20/40 Coex Mgmt Support"
flag in the extended capabilities IE.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2014-03-14 21:49:08 +02:00
Johannes Berg
67e1a402df hostapd: For VHT 20/40, allow center segment 0 to be zero
The 802.11ac amendment specifies that that the center segment 0 field
is reserved, so it should be zero. Hostapd previously required it to
be set, which is likely a good idea for interoperability, but allow it
to be unset. However, don't allow it to be set to a random value, only
allow zero and the correct channel.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-03-14 17:07:17 +02:00
Jouni Malinen
d0bf06f2d9 GAS server: Remove incomplete remote ANQP processing
Some of the remote ANQP server concepts were introduces into gas_serv.c,
but these were not completed. Remote the unused implementation for now.
It can be added back if support for remote ANQP server is added at some
point.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 21:12:39 +02:00
Jouni Malinen
ce6b9cd482 Allow reason code to be specified for DEAUTH/DISASSOC test frame
hostapd DEAUTHENTICATE and DISASSOCIATE control interface commands
accepted both a test=<0/1> and reason=<val> parameters, but these were
not supported in the same command as a combination. Move the code around
a bit to allow that as well since it can be helpful for automated test
scripts.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 01:26:09 +02:00
Jouni Malinen
0f23a5e7d6 Mark AP disabled if initialization steps fail
Previously, some of the last initialization steps could fail without
clearly marking the interface disabled. For example, configuring the
channel to the driver could fail, but hostapd would not clearly identify
as the interface not being in functional state apart from not moving it
to the ENABLED state. Send an AP-DISABLED event and mark interface state
DISABLED if such a setup operation fails.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 13:55:05 +02:00
Ben Greear
7450c1287d DFS: Add extra debugging messages
This might help someone realize why their hostapd config isn't working
properly.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2014-03-11 19:26:48 +02:00
Simon Wunderlich
1d91f504e4 hostapd: Process management frames only once per BSS
At least in nl80211, broadcast management frames like Probe Request
frames, may be processed multiple times per BSS if multi-BSS is active
and NL80211_CMD_FRAME event is used to deliver them. In the case of
Probe Request frames, hostapd will create multiple redundant Probe
Response frames which are problematic when many BSS are on one channel.

This problem is caused by driver_nl80211 generating an event for
wpa_supplicant_event() for each BSS, and hostapd_mgmt_rx() calls
ieee802_11_mgmt() for each BSS, too.

Fix this by processing broadcast events only for the BSS the driver
intended to. The behavior is not changed for drivers not setting a BSS.

Signed-hostap: Simon Wunderlich <simon@open-mesh.com>
2014-03-11 19:07:25 +02:00
Simon Wunderlich
e070051207 hostapd: Allow to switch to usable DFS channels
If channels are "available", change to "usable" DFS channels as a
fallback, too. This requires CAC, but it is still better to do that
instead of stopping service completely.

Signed-hostap: Simon Wunderlich <sw@simonwunderlich.de>
2014-03-11 19:04:15 +02:00
Simon Wunderlich
01b99998bd hostapd: Allow to switch to DFS channels if available
If DFS channels are marked as "available", an AP can switch to them
immediately without performing CAC. Therefore, the channel selection
function should consider these channels even though these are radar
channels.

Signed-hostap: Simon Wunderlich <sw@simonwunderlich.de>
2014-03-11 19:01:44 +02:00
Simon Wunderlich
70ee1be248 hostapd: Add config option chanlist for DFS channels
Different channels allow different transmission power, at least in ETSI
countries. Also, ETSI requires a "channel plan" for DFS operation, and
channels should be randomly choosen from these channels.

Add a channel list configuration option for users to add channels
hostapd may pick from.

Signed-hostap: Simon Wunderlich <sw@simonwunderlich.de>
2014-03-11 18:59:40 +02:00
Jouni Malinen
3b9c5176d1 Fix PTK derivation for CCMP-256 and GCMP-256
Incorrect PTK length was used in PMK-to-PTK derivation and the Michael
MIC TX/RX key swapping code was incorrectly executed for these ciphers
on supplicant side.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-11 15:00:09 +02:00
Jouni Malinen
b465f5d3a1 Remove unused hostapd_wep_key_cmp()
The only user was removed five years ago in commit
fb6d357532.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-10 10:27:58 +02:00
Jouni Malinen
8a57da7e28 RADIUS server: Add option for storing log information to SQLite DB
If eap_user_file is configured to point to an SQLite database, RADIUS
server code can use that database for log information.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-09 18:21:13 +02:00
Jouni Malinen
ec33bc67f8 Enable RADIUS message dumps with excessive debug verbosity
Previously, this was enabled only at msgdump verbosity level, but any
level that is more verbose than it should also be included.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-08 11:35:08 +02:00
Jouni Malinen
226e3579f9 Revert "bridge: Track inter-BSS usage"
This reverts commit 4345fe963e. That
introduced number of memory leaks and since the rest of the VLAN changes
did not yet go in, it is easier to revert this for now and bring back
the changes after fixes if there is sufficient interest for them in the
future.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-08 11:35:08 +02:00
Jouni Malinen
d0ee16edc8 Allow arbitrary RADIUS attributes to be added into Access-Accept
This extends the design already available for Access-Request packets to
the RADIUS server and Access-Accept messages. Each user entry can be
configured to add arbitrary RADIUS attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-08 11:35:08 +02:00
Jouni Malinen
0ac3876627 Fix PMF protect disconnection on session timeout
Request the driver to send a Deauthentication frame before doing
any other disconnection steps on the session timeout path. This is
needed when PMF is negotiated for the association since the driver
will need to find the STA entry and the PTK for it to be able to
protect the robust Deauthentication frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-07 23:24:54 +02:00
Pawel Kulakowski
185677b74c Disable interface if ACS fails
In case of Automatic Channel Selection (ACS) failure, we do not have a
real fallback path. Interface still remains in ACS state. To reflect we
did not succeed with ACS, simply disable the interface and indicate this
to user/upper layer entity so that a suitable recovery or error
notification can be performed.

Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
2014-03-06 23:12:33 +02:00
Jouni Malinen
95faa36ad9 HS 2.0R2: Check for OSEN when determining whether to authorize STA
handle_assoc_cb() got this addition, but the check in
hostapd_new_assoc_sta() was not modified to be aware of the OSEN special
case for EAPOL state machines to be used for marking a STA authorized.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-06 22:48:37 +02:00
Sunil Dutt Undekari
113318ad57 Set the station to authorized on assoc event for open authentication
This was done in handle_assoc_cb() in ieee802_11.c for drivers that use
hostapd SME/MLME. However, drivers that include SME/MLME implementation
do not use that function and the STA flag needs to be set when
processing the association notification. This is needed to get the STA
entry into showing the proper authorized state and to get the
AP-STA-CONNECTED/DISCONNECTED events on the control interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-06 22:45:15 +02:00