Commit Graph

2340 Commits

Author SHA1 Message Date
Baruch Siach
37d428aef9 accounting: Staticise accounting_sta_interim
This routine is not used anywhere else.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-08-05 19:40:49 +03:00
Jouni Malinen
55651a4bed OpenSSL: Remove trailing whitespace from lines
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-05 00:38:08 +03:00
Christopher Wiley
d8858cadeb OpenSSL: Fix ca_cert_verify for TPM
This bit is set in the code path that handles keys and certs from places
other than OpenSSL authentication engines. Setting this bit causes
authentication to fail when the server provides certificates that don't
match the client certificate authority.
2012-08-05 00:36:08 +03:00
Michael Braun
59dff51dc8 Fix endless loop in PSK fetching with PSK-from-RADIUS
Commit 05ab9712b9 added support for
fetching WPA PSK from an external RADIUS server and changed
hostapd_wpa_auth_get_psk() to always return the RADIUS supplied PSK (if
set) and ignore the prev_psk parameter for iteration. Fix this by
appending the RADIUS supplied PSK to the list iterated by
hostapd_get_psk and thus returning NULL when prev_psk == sta->psk
(RADIUS).

Signed-hostap: M. Braun <michael-dev@fami-braun.de>
2012-08-04 20:55:47 +03:00
Ben Greear
addde1399e Better logging for ioctl set flags failure
Let user know if the call failed setting interface up vs. down.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-08-04 20:41:35 +03:00
Ben Greear
4fdc8def88 Make UNIX socket non-blocking for ctrl_iface
This keeps wpa_cli from hanging forever if the other end of the socket
dies.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-08-04 20:34:27 +03:00
Paul Stewart
21270bb4b3 Fix a couple memory leaks
Found using valgrind.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2012-08-04 20:10:08 +03:00
Jouni Malinen
0ebb23e340 EXT PW: Add support for password parameter from external storage
This allows the password parameter for EAP methods to be fetched
from an external storage.

Following example can be used for developer testing:

ext_password_backend=test:pw1=password|pw2=testing

network={
    key_mgmt=WPA-EAP
    eap=TTLS
    identity="user"
    password=ext:pw1
    ca_cert="ca.pem"
    phase2="auth=PAP"
}

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-03 22:15:42 +03:00
Jouni Malinen
306ae22556 EXT PW: Add framework for supporting external password storage
This new mechanism can be used to make wpa_supplicant using external
storage (e.g., key store in the operating system) for passwords,
passphrases, and PSKs. This commit is only adding the framework part
needed to support this, i.e., no actual configuration parameter can
yet use this new mechanism. In addition, only a simple test backend
is added to allow developer testing of the functionality.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-03 22:15:42 +03:00
Xi Chen
c7673de462 atheros: Implement WNM-Sleep Mode driver operations
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-01 13:21:30 +03:00
Xi Chen
75cad1a0d4 WNM: Add WNM-Sleep Mode for station mode
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-01 13:21:27 +03:00
Xi Chen
d32d94dbf4 WNM: Add WNM-Sleep Mode implementation for AP
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-01 13:21:23 +03:00
Xi Chen
a884be9da1 WNM: Add placeholders for WNM driver commands and events
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-01 13:21:20 +03:00
Jay Katabathuni
ada8a5bd60 atheros: Add HS 2.0 Action frame TX/RX support
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-01 13:21:17 +03:00
Jouni Malinen
5c61a2820f Fix compiler warning with wpa_supplicant AP builds without 802.11r
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-01 13:14:09 +03:00
Jay Katabathuni
e1e3b5bb34 atheros: Add support for Action frame TX/RX
This allows hostapd to send and receive various Action frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-01 13:11:59 +03:00
Mahesh Palivela
7d9c0cd345 Add support for using SA Query with drivers that implement MLME
This allows the SA Query mechanism in hostapd to be used with drivers
that implement authentication and association MLME/SME.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-01 13:11:56 +03:00
Shan Palanisamy
88b32a99d3 FT: Add FT AP support for drivers that manage MLME internally
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-01 13:11:53 +03:00
Jouni Malinen
e509167495 Add new drv_flag for indicating user space AP MLME
This makes it easier for hostapd to determine at runtime which
operations to use.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-01 10:34:35 +03:00
Jay Katabathuni
45ac307a2b HS 2.0: Add HS Capability element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 22:25:23 +03:00
Jay Katabathuni
26fac8b6a0 Interworking: Add Domain Name element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 22:25:19 +03:00
Jay Katabathuni
78bda93e83 Interworking: Add IP Address Type Availability element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 22:25:16 +03:00
Jay Katabathuni
550a3958f7 Interworking: Add Network Auth Type element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 22:25:14 +03:00
Jouni Malinen
8342185012 HS 2.0: Add mechanism for disabling DGAF
disable_dgaf=1 in hostapd.conf can now be used to disable downstream
group-addressed forwarding (DGAF). In this configuration, a unique
GTK (and IGTK) is provided to each STA in the BSS to make sure the
keys do not match and no STA can forge group-addressed frames.

An additional mechanism in the AP needs to be provided to handle some
group-addressed frames, e.g., by converting DHCP packets to unicast
IEEE 802.11 frames regardless of their destination IP address and by
providing Proxy ARP functionality.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 18:23:52 +03:00
Jay Katabathuni
19a8ad9944 HS 2.0: Add Hotspot 2.0 Indication for AP
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 18:23:38 +03:00
Jay Katabathuni
159c89ab4f HS 2.0: Add configuration for Hotspot 2.0 AP support
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 18:23:11 +03:00
Thomas Pedersen
bf8d6d2430 nl80211: Support setting sched scan RSSI threshold
Allow the user to configure an RSSI threshold in dBm below which the
nl80211 driver won't report scan results. Currently only supported
during scheduled (PNO) scans.

Signed-off-by: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-25 16:56:43 +03:00
Jouni Malinen
488f4a7108 P2P: Fix provision discovery retries during p2p_find
Commit 6b56cc2d97 added retries of
provision discovery request frames in IDLE state. However, it did not
make the p2p_find case behave consistently with the new limitied retry
behavior. This can result in way too many and frequent PD retries. Fix
this by extending the previous commit to address PD retries and maximum
retry limit consistently regardless of whether p2p_find is running.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-07-23 21:59:01 +03:00
Jouni Malinen
a5ed45586c WPS SSDP: Fix socket leaks on error paths
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-07 13:01:45 +03:00
Jouni Malinen
19991e5fb2 WPS UDF: Fix fd leak on error path
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-07 13:00:00 +03:00
Jouni Malinen
c7803a0294 Fix AP build without NEED_AP_MLME
Commit 1b487b8b1e added CH_SWITCH
event for nl80211, but ended up using hostapd_hw_get_channel()
regardless of build configuration for driver interfaces. This
function is not always available, so make its use conditional
on NEED_AP_MLME.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-07 12:34:48 +03:00
Jouni Malinen
895cb1683d OpenSSL: Add support for HMAC functions with 0.9.8 and older
Commit d9cc4646eb added
crypto_hash_{init,update,finish}() wrappers for OpenSSL, but it
assumed the current HMAC API in OpenSSL. This was changed in 0.9.9
to return error codes from the functions while older versions used
void functions. Add support for the older versions, too.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-07 10:58:32 +03:00
Mahesh Palivela
990933fb1d nl80211: Save VHT capabilities from the driver
Save VHT capabilities coming through nl80211 within hostapd.

Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-07-04 21:42:56 +03:00
Jouni Malinen
80518c073b Sync with linux/nl80211.h from wireless-testing.git
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-04 21:40:31 +03:00
Jouni Malinen
4be921ac60 eloop: Fix EVENT_TYPE_WRITE with poll()-based eloop
This needs to use POLLOUT instead of POLLIN to get the correct event.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-04 21:36:38 +03:00
Jouni Malinen
daf10baf9e EAP-pwd: Replace direct OpenSSL HMAC use with wrapper
This is a step towards allowing EAP-pwd to be supported with other
crypto libraries.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-02 22:10:03 +03:00
Jouni Malinen
d9cc4646eb OpenSSL: Add support for crypto_hash_{init,update,finish}()
This adds initial support for HMAC operations using the
crypto_hash_{init,update,finish}() wrappers.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-02 22:04:25 +03:00
Masashi Honma
8f4636e41c P2P: Check memory allocation result in a Service Discovery Response
This patch adds a check of the return value of wpabuf_dup() in a large
Service Discovery Response.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-07-02 20:53:46 +03:00
Jouni Malinen
0cb87fdeb5 Update license notification in driver_wired.c
This updates the license notification to use only the BSD license. The
changes were acknowledged by email (Gunter Burchardt, tmisu@gmx.de,
Mon, 02 Jul 2012 17:54:28 +0200).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-02 20:50:03 +03:00
Jouni Malinen
cb2b381169 Update license notification in roboswitch interface file
This updates the license notification to use only the BSD license. The
changes were acknowledged by email (Jouke Witteveen
<j.witteveen@gmail.com>, Mon, 2 Jul 2012 11:38:34 +0200).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-02 12:43:16 +03:00
Jouni Malinen
dcc3305701 Move p2p_connect PIN format validation into a separate function
This functionality could be shared for other commands, too, so move
it to a common function. In addition, implement the validation in a
bit more strict way to avoid accepting values like '-123' as a valid
PIN.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-30 21:27:32 +03:00
Jouni Malinen
3df2f4fe99 P2P: Remove unused P2P_SCAN_SPECIFIC
This is not used anymore after the commit
e6ecfc4fd3.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-30 20:20:29 +03:00
Johannes Berg
e6ecfc4fd3 P2P: Remove GO neg/invite special cases from search
There are separate states for these, so we can't really get into this
situation unless somebody tries to do multiple things at the same
time. p2p_connect stops find and CONNECT state is used to probe the peer
on its Listen channel with GO Negotiation Request frames. Similarly,
p2p_invite() stops find and INVITE state is used to probe the peer on
its Listen channel with Invitation Request frames. The older mechanism
of using Search state functionality to find the peer can be removed.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-06-30 20:18:07 +03:00
Jouni Malinen
d001defeec Update license notification in files initially contributed by Sam
This updates these files to use the license notification that uses only
the BSD license. The changes were acknowledged by email (Sam Leffler
<sam@errno.com>, Sat, 30 Jun 2012 07:57:53 -0700).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-30 19:36:04 +03:00
Jouni Malinen
8350d0afd8 EAP-pwd: Avoid double-frees on some error paths
At least some error paths (e.g., hitting the limit on hunt-and-peck
iterations) could have resulted in double-freeing of some memory
allocations. Avoid this by setting the pointers to NULL after they have
been freed instead of trying to free the data structure in a location
where some external references cannot be cleared. [Bug 453]

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-30 16:16:32 +03:00
Jouni Malinen
0f27f15911 EAP-pwd: Increase maximum number of hunting-and-pecking iterations
The previously used limit (10) is too small for practical purposes since
it can result in about 1 out of 1000 authentication attempts failing.
Increase the limit to 30 to avoid such issues. [Bug 453]

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-30 16:12:41 +03:00
Mahesh Palivela
532b16c7a9 hostapd: Add IEEE 802.11ac VHT IEs into Beacon/Probe Response
IEEE 802.11ac VHT changes to include VHT IEs in Beacon and Probe
Response frames.

Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-06-30 13:57:52 +03:00
Mahesh Palivela
efe45d1471 hostapd: Initial IEEE 802.11ac (VHT) definitions
Add IEEE 802.11ac definitions for config, IEEE structures, constants.

Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-06-30 13:52:13 +03:00
Jouni Malinen
bfc62fe133 WPS: Share a single function for generating NFS password tokens
There is no need for both hostapd and wpa_supplicant to have their
own functions for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 21:01:37 +03:00
Jouni Malinen
72df0cd28c WPS: Use random_get_bytes() for NFC password id
os_random() may not be seeded properly, so use stronger mechanism for
generating the password id for NFC password tokens.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 20:40:16 +03:00
Jouni Malinen
ffdaa05a6b WPS: Add support for NCF password token from AP
The new hostapd ctrl_iface command WPS_NFC_TOKEN can now be used to
manage AP-as-Enrollee operations with NFC password token. WPS/NDEF
parameters to this command can be used to generate a new NFC password
token. enable/disable parameters can be used to enable/disable use of
NFC password token (instead of AP PIN) for external Registrars.

A preconfigured NFS password token can be used by providing its
parameters with new hostapd.conf fields wps_nfc_dev_pw_id,
wps_nfc_dh_pubkey, wps_nfc_dh_privkey, and wps_nfc_dev_pw. This use
will also depend on WPS_NFC_TOKEN enable/disable commands, i.e., the
configured NFS password token is disabled by default.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 19:43:29 +03:00
Jouni Malinen
e484e927a6 WPS: Allow NFC password token from AP to be used with wps_reg
The AP PIN on wps_reg command can now be replaced with special value
"nfc-pw" to use device password from a NFC password token from the AP.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 19:41:26 +03:00
Jouni Malinen
1cea09a9e2 WPS ER: Add support for building NFC configuration token
WPS_ER_NFC_CONFIG_TOKEN command can now be used to build a NFC
configuration token based on AP Settings learnt with WPS_ER_LEARN
or set with WPS_ER_CONFIG.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 16:35:51 +03:00
Jouni Malinen
d7645d239d WPS: Add support for NFC configuration token from external program
The new wpa_supplicant ctrl_iface command WPS_NFC_TAG_READ can now be
used to process NFC tags read by external programs to initiate
wpa_supplicant to use NFC Configuration Token to create a new network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 13:59:29 +03:00
Jouni Malinen
3cf7a59d4f WPS: Add new mechanism for generation NFC configuration token
The new hostapd ctrl_iface command WPS_NFC_CONFIG_TOKEN can now be used
to fetch payload for an NFC configuration token so that an external
program can be used to write this on an NFC tag.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 13:25:48 +03:00
Jouni Malinen
0e3c16546b WPS: Use separate list of NFC Password Tokens in the Registrar
This adds a cleaner mechanism for handling NFC Password Tokens in the
WPS Registrar. There could be more than one active NFC Password Token in
use and as such, a list of tokens needs to be maintained. The old
WPS_OOB interface is still using the old mechanism that supports only a
single active NFC Password Token.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 22:15:55 +03:00
Jouni Malinen
bb45b6d79a WPS: Add new mechanism for communicating NFC tag read events
hostapd ctrl_iface can now be used to deliver payload from read
operation of an NFC tag. This allows operations without having to have
low-level NFC code within hostapd. For now, the new wps_nfc_tag_read
command can be used with NFC password tokens for the case where the AP
has an NFC device that is used to read an NFC tag from the station
Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:13 +03:00
Jouni Malinen
3f2c8ba6d3 WPS: Add new mechanism for NFC config method using password token
Instead of requiring low-level access to an NFC device and synchronous
operations, the new WPS_NFC_TOKEN and WPS_NFC ctrl_iface commands can be
used to build a NFC password token and initiate WPS protocol run using
that token (or pre-configured values) as separate commands. The
WPS_NFC_TOKEN output can be written to a NFC tag using an external
program, i.e., wpa_supplicant does not need to have low-level code for
NFC operations for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
6b5a0c9466 WPS: Move attribute parser definitions into a new header file
This allows wps/wps_attr_parse.h to be included into files outside
src/wps.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
78e625f79a WPS: Split wps_build_oob_dev_password() into parts
This allows sharing of a function to build the attribute without
changing the OOB parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
8a13732f83 NDEF: Mark input data const when it is not modified
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
2f425090fb WPS: Allow NDEF functions to be used from outside src/wps
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
e524ebe387 NDEF: Skip unnecessary wpabuf to ptr/len conversion
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
a0d0c560c3 Add dh5_init_fixed() to allow fixed DH parameters to be used
This allows pre-configured private and public key to be used when
initializing DH for group 5.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
0965813640 WPS: Fix OOB Device Password use for EAP-WSC peer
The OOB Device Password is passed in as a hexdump of the real Device
Password (16..32 octets of arbitrary binary data). The hexdump needs to
be converted to binary form before passing it for WPS processing.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
4e0131d351 WPS: Add support for OOB dev password lengths 16..31
Previously, only the maximum length 32 octets for OOB device password
was accepted. Since the specification allows a shorter password to be
used with limited OOB mechanism (e.g., small NFC tag), we should accept
lengths 16..32.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
582143e544 WPS: Fix potential memory leak with NFC password token
The old stored public key hash needs to be freed before replacing
the pointer with the new value.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
7be6dc2e96 WPS: Fix NFC password token building with WPS 2.0
The earlier WPS 2.0 changes did not increase the wpabuf size when
adding a new attribute to the NFC password token. This could result
in aborting the application on wpabuf overflow if NFC out-of-band
mechanism is used with WPS 2.0 enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-27 21:21:11 +03:00
Thomas Pedersen
1b487b8b1e nl80211: Handle CH_SWITCH event
Some drivers may independently decide to switch channels. Handle this by
updating the hostapd and wpa_supplicant AP and GO configuration.

Signed-hostap: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
2012-06-25 14:45:14 +03:00
Jouni Malinen
e7381b8473 Sync with include/linux/nl80211.h from wireless-testing.git
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-25 14:34:22 +03:00
Jouni Malinen
296a34f0c1 Remove STA entry from AP when starting TKIP countermeasures
Previously, the STA entry was removed only from the driver and the STA
entry within hostapd was just marked disassociated. However, this left
the WPA authenticator state machine with an entry and the session was
not terminated properly. In addition, the STA entry could have remaining
indefinitely if the STA did not reconnect after TKIP countermeasures.
Fix this by removing the STA entry from hostapd instead of just leaving
it disassociated.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-25 13:53:24 +03:00
Yoni Divinsky
9148ae58d0 hostapd: Fix PBC config method of WSC IE in Beacon/Probe Response
In AP which supports WPSv2 with only virtual push button, when PBC is
called, the WSC IE should include Selected Registrar Configuration
Methods attribute with the bit of the physical push button not set.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-06-25 12:20:37 +03:00
Ben Greear
f115560c21 eloop/poll: Handle POLLER | POLLHUP in read logic
Without this, we can get into a tight loop because the
code in general doesn't add eloop exception handlers,
so socket reporting the POLLERR would never be read.

With this change, any socket with POLLERR or POLLHUP
asserted will be handled by the read logic.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-06-24 13:19:34 +03:00
Johannes Berg
cad0f50e02 nl80211: Simplify cbmsg buffer
The control message received from the kernel needs some space, but
there's no need for the strange typing that breaks clang compilation.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-06-23 20:37:09 +03:00
Jouni Malinen
ecabb132b9 atheros: Remove unused variables
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-23 20:34:29 +03:00
Baruch Siach
e2e984ea06 atheros: Fix build when WPS and IEEE80211R are both disabled
Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-23 20:33:50 +03:00
Jouni Malinen
182748e4fb Copy Chargeable-User-Identity in PMKSA caching case
Maintain a copy of Chargeable-User-Identity in the PMKSA cache to allow
it to be included in accounting messages even if full authentication was
not completed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:51:57 +03:00
Jouni Malinen
302fc0a3c7 RADIUS DAS: Support Chargeable-User-Identity with Disconnect-Request
Chargeable-User-Identity can now be used in Disconnect-Request to
identify the station to be disconnected.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:44:46 +03:00
Jouni Malinen
e58b5ffed7 RADIUS: Fix a typo in attribute name in debug messages
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:39:29 +03:00
Jouni Malinen
ff7e4589ea RADIUS DAS: Add Event-Timestamp attribute into ACK/NAK messages
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:35:03 +03:00
Jouni Malinen
8047a95809 RADIUS DAS: Add support for Disconnect-Request
Calling-Station-Id, Acct-Session-Id, and User-Name attributes in a
Disconnect-Request message can now be used to indicate which station is
to be disconnected.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:30:01 +03:00
Jouni Malinen
fc2a924a8c RADIUS DAS: Check Disconnect-Request attributes
Reject Disconnect-Request if it includes unsupported attributes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 18:14:43 +03:00
Jouni Malinen
bde7ba6caf RADIUS DAS: Validate Event-Timestamp
DAS will now validate Event-Timestamp value to be within an acceptable
time window (300 seconds by default; can be set using
radius_das_time_window parameter). In addition, Event-Timestamp can be
required in Disconnect-Request and CoA-Request messages with
radius_das_require_event_timestamp=1.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 17:43:36 +03:00
Masashi Honma
c2d76aa624 P2P: Add p2p_client_list support for FullMAC Persistent GO
Currently, FullMAC Persistent GO can't use p2p_client_list because its
own hapd->p2p_group is NULL at ap_sta_set_authorized(). This patch
changes the processing to use sta->p2p_ie instead of
p2p_group_get_dev_addr() on FullMAC GO.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-06-17 11:58:46 +03:00
Jouni Malinen
f33bc03582 P2P: Fix P2P Client Discoverability bit updates
The P2P Client Discoverability bit is reserved in most frames and its
value in the local P2P peer table should only be updated based on P2P
Group Info attribute from a GO. Fix this by avoiding changes to this
dev_capab bit based on other P2P frames. It would be more correct to
track this separately for each group in which the peer is a member, but
since we do not do that for the other group specific information either,
this can do for now.

It should be noted that prior to commit
18485b5469 wpa_supplicant set this bit in
all P2P frames. However, that commit changed this to match the
specification, i.e., the bit is not set in frames which are received
from P2P Device role. As such, this fix is needed to be able to figure
out that a peer supports client discoverability capability after that
commit.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-16 20:17:39 +03:00
Masashi Honma
18485b5469 P2P: Fix setting of P2P Client Discoverability bit
In the P2P specification v1.1, the P2P Client Discoverability bit is
described in Table 12 "Device Capability Bitmap definition". The table
says "Within a P2P Group Info attribute and a (Re)association request
frame the P2P Client Discoverability field shall be set to 1 when the
P2P Device supports P2P Client Discoverability, and is set to 0
otherwise. This field shall be reserved and set to 0 in all other frames
or uses.". To match with this, filter out P2P Client Discoverability bit
from frames where its use is reserved.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-06-16 19:54:47 +03:00
Jouni Malinen
1cebaabd80 EAP-SIM/AKA server: Allow pseudonym to be used after unknown reauth id
If the peer uses an unknown reauth id, it would still be possible to use
pseudonym instead of permanent id. Allow this by changing the
AT_PERMANENT_ID_REQ to AT_FULLAUTH_ID_REQ in case unknown reauth id is
used in EAP-Response/Identity.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-06-15 18:49:54 +03:00
Jithu Jance
ef35f5a0fd P2P: Add driver op for requesting GO/AP channel switch
Signed-hostap: Jithu Jance <jithu@broadcom.com>
2012-06-10 20:54:31 +03:00
Jouni Malinen
198f82a1e3 P2P: Ignore unexpected GO Neg Resp is we have sent Resp
There is a race condition in GO Negotiation Request frame sending and
processing that may end up with both devices sending GO Negotiation
Response. This response frame was previously accepted even if a response
had already been sent. This could result in two GO Negotiation Confirm
frames being exchanged and consequently, with two separate GO
Negotiations completing concurrently. These negotiations could result in
getting mismatching parameters (e.g., both device could believe it was
the GO).

Fix this by ignoring GO Negotiation Response from the peer if twe have
already sent a GO Negotiation Response frame and we have the higher P2P
Device Address. This is similar to the rule used to determine whether to
reply to GO Negotiation Request frame when Request was already sent,
i.e., the same direction of GO Negotiation is maintained here to enforce
that only the negotiation initiated by the device with smaller P2P
Device Address is completed.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-09 18:31:24 +03:00
Neeraj Kumar Garg
a1d2ab329e P2P: Address race condition with GO Negotiation Request TX status
If both peers initiate GO Negotiation at about the same time, it is
possible for the GO Negotiation Request frame from the peer to be
received between the local attempt to send the GO Negotiation Request
and TX status event for that. This could result in both devices sending
GO Negotiation Response frames even though one of them should have
skipped this based which device uses a higher MAC address.

Resolve this race by incrementing go_neg_req_sent when p2p_send_action()
returns success instead of doing this from the TX status callback. If
the frame is not acknowledged, go_neg_req_sent is cleared in TX status
handler.

Signed-off-by: Neeraj Garg <neerajkg@broadcom.com>
2012-06-09 18:03:47 +03:00
Antonio Quartulli
dada954ad7 sta_info: Remove duplicated function declaration
In sta_info.h, ap_free_sta() was declared twice.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
2012-06-09 12:54:00 +03:00
Jouni Malinen
e22ba3e390 LibTomMath: Use 64-bit mode for mp_digit
For 64-bit x86 builds, enable 64-bit mode to optimize bignum operations
with the internal LibTomMath version.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-09 11:53:30 +03:00
Baruch Siach
3947ed96e8 atheros: Set essid length field only once
Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-08 20:28:23 +03:00
Baruch Siach
7aa4251f2f atheros: Fix build when CONFIG_WPS is disabled
The use of ETH_P_80211_RAW does not depend on CONFIG_WPS, so make its
definition independent as well.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-08 20:27:45 +03:00
Jouni Malinen
579a80982a P2P: Assume GO Negotiation failed if GO Neg Conf wait times out
Stop the connection attempt if GO Negotiation Confirm is not received
within 100 ms of the GO Negotiation Response getting acknowledged.
Previously, we would have continued trying to connect to the peer even
in this case which could result in confusing second GO Negotiation
Request frame and unnecessarily long wait before indicating failure.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-06-08 18:24:08 +03:00
Johannes Berg
792c8877c3 P2P: Send GO Negotiation Confirm without wait
The GO Negotiation Confirm frame doesn't need to be sent with a wait
since we don't expect a response to it.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-06-06 16:37:54 +03:00
Masashi Honma
135b69cc7a P2P: Use consistent Device Capability in Beacon/Probe Response
Concurrent Operation bit was not set for GO even if the device
supports concurrent operations. Make sure the Device Capability
value is consistent with other P2P use cases by using the value
determined in p2p_init().

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-06-06 12:55:44 +03:00
Paul Stewart
dd7fec1f29 wpa_supplicant: Report EAP connection progress to DBus
Send an "EAP" signal via the new DBus interface under various
conditions during EAP authentication:

  - During method selection (ACK and NAK)
  - During certificate verification
  - While sending and receiving TLS alert messages
  - EAP success and failure messages

This provides DBus callers a number of new tools:

  - The ability to probe an AP for available EAP methods
    (given an identity).
  - The ability to identify why the remote certificate was
    not verified.
  - The ability to identify why the remote peer refused
    a TLS connection.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2012-06-04 21:10:01 +03:00
Johannes Berg
24b5bd8b42 nl80211: Use safe list iteration
In certain cases like PBC session overlap it appears to be possible that
an interface is removed due to an event handled on it, this leads to
list corruption. Use safe iteration to prevent this issue.

Reported-by: Nirav Shah <nirav.j2.shah@intel.com>
Reported-by: Neeraj Kumar Garg <neerajkg@broadcom.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
intended-for: hostap-1
2012-06-04 20:25:11 +03:00
Jouni Malinen
8bd0fc0e0c Force driver to disassociate STA if no room for the STA entry
When hostapd (or wpa_supplicant AP mode) limits the maximum number
of STA entries with a driver that implements SME, the driver needs
to be notified of the failed STA addition. Disassociate the STA if
the driver notifies of an association that would go beyond the
maximum number of STAs.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-27 21:21:37 -07:00