Commit Graph

4387 Commits

Author SHA1 Message Date
Jouni Malinen
e8e365def6 wext: Add support for renamed Host AP driver ifname
Previous workaround for WEXT events from the Host AP driver required
wlan# and wifi# interfaces to have fixed names with the same number.
While that used to be the common case ten years ago, it is less common
nowadays. Extend this to use sysfs (if available) to figure out the
wifi# interface name if the specified interface is detected to be using
the Host AP driver.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-29 11:42:02 +03:00
Ben Greear
fc48d33b0d Improve error messages related to EAP DB
Add SQLite error message and DB name to the DB related errors. Add
enough tracing so that users can know exactly where users are failing to
be found.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2015-03-28 13:16:26 +02:00
Ben Greear
23dd15a992 http-curl: Improve log messages
Helps to track down why some problems relating to certs can happen.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2015-03-28 11:23:16 +02:00
Jouni Malinen
a52410c29f Allow PSK/passphrase to be set only when needed
The new network profile parameter mem_only_psk=1 can be used to specify
that the PSK/passphrase for that network is requested over the control
interface (ctrl_iface or D-Bus) similarly to the EAP network parameter
requests. The PSK/passphrase can then be configured temporarily in a way
that prevents it from getting stored to the configuration file.

For example:

Event:
CTRL-REQ-PSK_PASSPHRASE-0:PSK or passphrase needed for SSID test-wpa2-psk

Response:
CTRL-RSP-PSK_PASSPHRASE-0:"qwertyuiop"

Note: The response value uses the same encoding as the psk network
profile parameter, i.e., passphrase is within double quotation marks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-28 11:05:13 +02:00
Jouni Malinen
3e808b831c EAP-pwd peer: Add support for hashed password
This extends EAP-pwd peer support to allow NtHash version of password
storage in addition to full plaintext password. In addition, this allows
the server to request hashed version even if the plaintext password is
available on the client. Furthermore, unsupported password preparation
requests are now rejected rather than allowing the authentication
attempt to continue.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-28 09:43:33 +02:00
Jouni Malinen
e4840b381c EAP-pwd server: Add support for hashed password
This extends EAP-pwd server support to allow NtHash version of password
storage in addition to full plaintext password.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-28 09:42:31 +02:00
Jouni Malinen
2bd2ed2006 EAP-pwd: Mark helper function arguments const when appropriate
These variables are not modified during PWE or key computation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-28 09:34:30 +02:00
Ben Greear
0f8385e6fa Show OSEN key management properly in scan results
Old code defaulted to WEP for an AP advertising OSEN. Show as OSEN
instead. Re-use most of the RSN parsing logic since all but the header
is the same.

Example output:

[root@ath9k-f lanforge]# ./local/bin/wpa_cli -i sta0 scan_results
bssid / frequency / signal level / flags / ssid
00:0e:8e:6f:40:49	2462	-23	[OSEN-OSEN-CCMP][ESS]	ben-138

Signed-off-by: Ben Greear <greearb@candelatech.com>
2015-03-25 16:04:03 +02:00
Ilan Peer
54d3dc9184 AP: Unset HT capabilities for an HT association request without WMM
HT requires QoS/WMM, so unset HT capabilities for a station
whose association request does not include a valid WMM IE.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-03-25 15:02:58 +02:00
Krishna Vamsi
c41d0840a1 nl80211: Allow driver-based roam to change ESS
This extends NL80211_CMD_ROAM event processing to allow the driver to
roam to another ESS (different SSID) when using offloaded BSS selection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-24 21:13:28 +02:00
Ashok Kumar Ponnaiah
1de071007e atheros: Clear WPS appie during deinit
The WPS IE(s) need to be cleared from the driver explicitly.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-24 15:05:43 +02:00
Manikandan Mohan
857d94225a Extend offloaded ACS QCA vendor command to support VHT
Update ACS driver offload feature for VHT configuration. In addition,
this allows the chanlist parameter to be used to specify which channels
are included as options for the offloaded ACS case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-23 12:18:05 +02:00
Max Stepanov
c40a8918ec P2PS: Delete ASP advertisements on wpas_p2p_service_flush
Delete all ASP serice advertisement on wpas_p2p_service_flush similarly
to Bonjour and UPnP services.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2015-03-20 15:56:59 +02:00
Eliad Peller
030a3e12da DFS: Fix range availability check
There's off-by-one in the range availability check - the case of
first_chan_idx + num_chans == num_channels should be allowed (e.g., 0 +
1 == 1, for the case of a single 20 MHz channel).

Signed-off-by: Maital Hahn <maitalm@ti.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2015-03-20 15:56:59 +02:00
Eliad Peller
56ef99255c DFS: Consider non-contiguous channels
When looking for a new operating channel, consider the case of
non-contiguous channels when checking all the needed channels (e.g., the
driver might support channels 36, 38, 40, so look for channels 36+40
explicitly, instead of failing when encountering channel 38).

Signed-off-by: Eliad Peller <eliad@wizery.com>
2015-03-20 15:56:59 +02:00
Eliad Peller
e7a296ba13 Remove unused shared_freq driver op
This driver op is not used anymore

Signed-off-by: Eliad Peller <eliad@wizery.com>
2015-03-20 15:56:59 +02:00
Zefir Kurtisi
5f9c92f8f7 nl80211: Fix vendor command handling
In wiphy_info_handler(), vendor specific commands were
interpreted as QCA specific without checking for the OUI,
which caused incorrect setting of driver flags with
commands from other vendors. As a result, that could
prevent proper operation (e.g., inability to process CSA).

This patch ensures that QCA vendor specific commands are
checked against QCA OUI before related flags are set.

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
2015-03-20 15:56:59 +02:00
Jouni Malinen
2c50246078 Add a AP mode event message for possible PSK/passphrase mismatch
If the AP/Authenticator receives an EAPOL-Key msg 2/4 for an association
that negotiated use of PSK and the EAPOL-Key MIC does not match, it is
likely that the station is trying to use incorrect PSK/passphrase.
Report this with "AP-STA-POSSIBLE-PSK-MISMATCH <STA addr>" control
interface event.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-19 13:14:21 +02:00
Jouni Malinen
6784168d07 Remove SChannel support
SChannel/CryptoAPI as a TLS/crypto library alternative was never
completed. Critical functionality is missing and there are bugs in this
implementation. Since there are no known plans of completing this
support, it is better to remove this code.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-18 22:31:36 +02:00
Peter Oh
6128a90979 hostapd: Add channel 140 to allowed HT40 channel pairs
Channel 140 is needed as allowed HT40 channel pair to use
channel 144 introduced in 802.11ac for VHT40 and VHT80.

Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
2015-03-16 12:03:36 +02:00
Jouni Malinen
74fa78b281 Add AVG_BEACON_RSSI to SIGNAL_POLL output
If the driver reports separate signal strength average for Beacon
frames, report that in SIGNAL_POLL output.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-15 20:45:20 +02:00
Janusz Dziedzic
4acdc48a43 nl80211: Handle NL80211_ATTR_EXT_FEATURES attribute
Handle NL80211_ATTR_EXT_FEATURES attribute and
NL80211_EXT_FEATURE_VHT_IBSS to determine whether
the driver supports VHT with IBSS.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-03-15 20:36:49 +02:00
Jouni Malinen
a0563ac626 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2015-03-04.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-15 20:35:21 +02:00
Jouni Malinen
8b949804b3 FT: Avoid unnecessary allocation for MIC calculation
Use the vector version of omac1_aes_128() to avoid unnecessary memory
allocation for each FTIE MIC calculation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-15 20:18:14 +02:00
Jouni Malinen
18da814be7 The master branch is now used for v2.5 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-15 19:38:15 +02:00
Jouni Malinen
bc04db9b06 Change version information for the 2.4 release
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-15 19:30:39 +02:00
Jouni Malinen
319d9daab9 Fix bitfield_get_first_zero() to not read beyond buffer
It was possible for bitfield_get_first_zero() to read one octet beyond
the allocated bit buffer in case the first zero bit was not within
size-1 first octets.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-14 13:50:12 +02:00
Jouni Malinen
39c3bfcde3 Indicate AP-DISABLED on main AP mode deinit path
This event was previously used only when disabling AP mode operation
through hostapd control interface. Make this more consistent by
providing same indication when disabling hostapd interface through the
interface deinit path. This adds the event to the case where a full
hostapd radio instance is removed which also applies for the
wpa_supplicant AP mode operations.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-14 10:14:22 +02:00
Rohit Agrawal
00033a0903 OpenSSL: Always accept pinned certificates
If OpenSSL reports that a presented leaf certificate is invalid,
but it has been explicitly pinned, accept it anyway.

Signed-off-by: Rohit Agrawal <rohit.agrawal.mn@gmail.com>
2015-03-07 21:26:26 +02:00
Sunil Dutt
b2329e4ad5 Add QCA vendor subcmd for Data Offload
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-07 19:19:30 +02:00
Jouni Malinen
761396e4be Reject Group Key message 1/2 prior to completion of 4-way handshake
Previously, it would have been possible to complete RSN connection by
skipping the msg 3/4 and 4/4 completely. This would have resulted in
pairwise key not being configured. This is obviously not supposed to
happen in practice and could result in unexpected behavior, so reject
group key message before the initial 4-way handshake has been completed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-07 13:00:06 +02:00
Sunil Dutt
3f0e6ec4f3 nl80211: Extend NL80211_CMD_TDLS_OPER to support discovery
ML80211_ATTR_TDLS_OPERATION can now set to NL80211_TDLS_DISCOVERY_REQ to
allow the driver to request wpa_supplicant to initiate TDLS Discovery
Request.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-06 21:13:21 +02:00
Sunil Dutt
c10ca2a66f TDLS: Allow driver to request TDLS Discovery Request initiation
This extends the TDLS operation request mechanism to allow TDLS
Discovery Request to be initiated by the driver similarly to the
existing Setup and Teardown requests.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-06 21:08:54 +02:00
Jouni Malinen
ac8e074ec1 Clear RSN timers for preauth and PTK rekeying on disassociation
Previously, it was possible for the wpa_sm_start_preauth() and
wpa_sm_rekey_ptk() eloop callbacks to remain active after disconnection
and potentially continue to be used for the next association. This is
not correct behavior, so explicitly cancel these timeouts to avoid
unexpected attempts to complete RSN preauthentication or to request PTK
to be rekeyed.

It was possible to trigger this issue, e.g., by running the following
hwsim test case sequence: ap_wpa2_ptk_rekey ap_ft_sae_over_ds

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-06 18:43:03 +02:00
Jouni Malinen
f2f65dd685 Reserve QCA vendor specific nl80211 commands 61..90
These are reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-06 15:46:49 +02:00
Jouni Malinen
bea8d9a39a nl80211: Use the new bridge port option proxyarp_wifi
The initial IEEE 802.11 ProxyARP functionality in the kernel needed
changes in behavior and that ended up requiring an independent
configuration parameter to be used. Update hostapd to use that new
proxyarp_wifi parameter instead of the earlier proxyarp.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-06 11:32:16 +02:00
Jouni Malinen
6e9023ea49 DFS: Allow wpa_supplicant AP mode to use non-offloaded DFS
This extends the hostapd-like setup of DFS-in-userspace for
wpa_supplicant AP mode operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-05 17:25:13 +02:00
Ahmad Kholaif
02e42ab75b nl80211: Add vendor event parsing for DFS offload events
This converts the QCA vendor event to EVENT_DFS_* events for the case
of DFS offloaded to the driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-05 17:24:32 +02:00
Ahmad Kholaif
1e2aaffbc8 DFS offload: Indicate AP-CSA-FINISHED for DFS offloaded case
Modify the string for AP-CSA-FINISHED event indication to include a flag
which tells the framework whether the new channel is a DFS channel.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-05 17:22:03 +02:00
Ahmad Kholaif
c13578c339 DFS offload: Add main DFS handler for offloaded case
Add handling logic for DFS offloaded case, and add a helper function
that takes the frequency (MHz) as a param and returns 1 if given channel
requires DFS, or 0 otherwise.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-05 17:21:30 +02:00
Ahmad Kholaif
5de81d7a7a DFS offload: Skip user space processing for CAC operations
If DFS is offloaded to the driver, hostapd should not be performing
these operations. Send the relevant control interface events to provide
information to upper layer software that may use such events to track
DFS/CAC state. This makes the offloaded DFS implementation more
consistent with the DFS-in-hostapd behavior.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-05 16:24:39 +02:00
Sunil Dutt
dd5c155e2e eap_proxy: Callback to notify any updates from eap_proxy
This commit introduces a callback to notify any configuration updates
from the eap_proxy layer. This is used to trigger re-reading of IMSI and
MNC length.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-02 12:47:20 +02:00
Vivek Natarajan
9a05d98bf9 atheros: Add a new flag for OSEN support
Signed-off-by: Vivek Natarajan <nataraja@qti.qualcomm.com>
2015-03-02 12:40:41 +02:00
Jouni Malinen
b4a9292cfb RADIUS client: Fix server failover on return-to-primary on error case
If a connection with the primary server cannot be established, restore
connection to the previously used server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Jouni Malinen
1a7ed38670 RADIUS client: Fix a copy-paste error in accounting server failover
Commit 347c55e216 ('RADIUS client: Re-try
connection if socket is closed on retransmit') added a new option for
initialing RADIUS server failover from radius_client_retransmit(), but
ended up trying to change authentication servers when accounting server
was supposed to be changed due to a copy-paste issue.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Jouni Malinen
de7c06ee17 P2P: Continue find in GO-Neg-Resp-fail status corner cases
It was possible for the GO Negotiation Response (failure) TX status to
be processed at a point where there is no P2P timeout to continue
search. Avoid stopping the ongoing search operation by explicitly
restarting it from this callback.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Daisuke Niwa
fa9f381f20 P2P: Allow a specific channel to be specified in P2P_FIND
The optional freq=<MHz> can now be used with the P2P_FIND command to
specify a single channel to scan during the first round of P2P search.
For example, this can be used to replace the full initial scan with a
single channel scan of a known operation channel.

Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
2015-02-28 21:52:56 +02:00
Daichi Ueura
eb78a8d5e3 P2P: Restore P2P_SCAN_SPECIFIC
This reverts commit 3df2f4fe99 ('P2P:
Remove unused P2P_SCAN_SPECIFIC') with a modification to fit the current
code base.

Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
2015-02-28 21:41:38 +02:00
Rajkumar Manoharan
d988ff76bf hostapd: Disable VHT caps for STAs when no valid VHT MCS found
Disable VHT caps for STAs for which there is not even a single
allowed MCS in any supported number of streams. i.e STA is
advertising 3 (not supported) as VHT MCS rates for all supported
streams.

Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
2015-02-28 21:00:00 +02:00
Jouni Malinen
70fd8287eb RADIUS client: Fix previous failover change
Commit 347c55e216 ('RADIUS client: Re-try
connection if socket is closed on retransmit') added a possibility of
executing RADIUS server failover change within
radius_client_retransmit() without taking into account that this
operation may end up freeing the pending message that is being
processed. This could result in use of freed memory. Avoid this by
checking whether any pending messages have been removed and if so, do
not try to retransmit the potentially freed message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 20:52:08 +02:00