Commit Graph

928 Commits

Author SHA1 Message Date
Jouni Malinen
0c80427d77 NDIS: Fix association for WPS provisioning with protected AP
Some NDIS drivers require a workaround to allow them to associate
with a WPS AP that is already using protection (Privacy field = 1).
Let driver_ndis.c know if the AP is already using Privacy and if so,
configure a dummy WEP key to force the driver to associate.
2010-09-04 13:56:12 +03:00
Jouni Malinen
687179edb5 Add libgcc_s_dw2-1.dll to the Windows installation package
This seems to be needed for wpa_gui.exe with the new Qt version.
2010-09-04 12:55:55 +03:00
Jouni Malinen
de1267d4eb winreg: Get rid of compiler warning 2010-09-02 13:22:52 +03:00
Jouni Malinen
0c703df32d Fix BSS selection with multiple configured networks
Commit d8d940b746 broke the logic on
iterating through all configured network blocks. This was supposed
to continue the loop on mismatch to allow other than the first
configured network to be found.
2010-08-28 12:04:21 +03:00
Masashi Honma
60da5e0f3f Solaris: Add support for wired IEEE 802.1X client
This patch adds support for wired IEEE 802.1X client on the Solaris.

I have tested with these:
OS : OpenSolaris 2009.06
EAP : EAP-MD5
Switch : Cisco Catalyst 2950
2010-08-28 11:40:07 +03:00
Jouni Malinen
9ff80a10e8 bgscan learn: Skip immediate scan on initial signal event
The driver is likely to indicate an immediate signal event when the
threshold value is configured. Since we do this immediately after
association, there is not much point in requesting a new scan to be
started based on this event.
2010-08-27 20:30:19 +03:00
Jouni Malinen
1e6ef6455c bgscan simple: Skip immediate scan on initial signal event
The driver is likely to indicate an immediate signal event when the
threshold value is configured. Since we do this immediately after
association, there is not much point in requesting a new scan to be
started based on this event.
2010-08-27 20:29:02 +03:00
Jouni Malinen
d8d940b746 Merge WPA and non-WPA network selection routines
This removes quite a bit of duplicated code and allows network block
priority configuration to be used to prefer unprotected networks and
also allows use on open network with good signal strength even if
scan results show a protected network with marginal signal strength
that does not allow it to be used.
2010-08-27 20:05:49 +03:00
Jouni Malinen
60a972a68d Add current signal strength into signal quality change events 2010-08-27 16:58:06 +03:00
Jouni Malinen
09f58c0984 Share common code in wpa_supplicant_{disassociate,deauthenticate}() 2010-08-26 13:43:38 +03:00
Jouni Malinen
eb0a3c7f96 Cancel authentication timeout on local deauth/disassoc request
Without this, the timeout may be left behind even when we are not
connected and may result in unwanted operation when the timeout
triggers.
2010-08-26 13:39:58 +03:00
Masashi Honma
509a39727f WPS: Fix unused variable warning
The wpa_supplicant compilation without CONFIG_WPS option results in
messages below.

scan.c: In function 'wpa_supplicant_scan':
scan.c:246: warning: unused variable 'wps'

This trivial patch erases this warning.
2010-08-20 09:44:50 +03:00
Jouni Malinen
f9cd8587fb dbus: Deauthenticate instead of disassociate on disconnect command
This clears up authentication state in the driver and in case of
cfg80211, unlocks the BSS entry for the previously used AP. The
previous commit cf4783e35f changed
only the ctrl_iface DISCONNECT command behavior; this new commit
does the same for D-Bus commands.
2010-08-18 21:27:30 +03:00
Samuel Ortiz
7e26053a2c sme: Check for prev_bssid from sme_event_disassoc
wpa_s->bssid is already cleared by mark_disassoc() when we're getting the
disassociation event for the case where wpa_supplicant requested
disassociation. wpa_s->sme.prev_bssid holds the BSSID we need to check
for, so use that instead.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2010-08-18 21:23:26 +03:00
Jouni Malinen
2e75a2b3a6 Add more debug info on deauth/disassoc events and commands 2010-08-17 21:04:38 +03:00
Samuel Ortiz
cb1583f64b sme: Try all authentication algorithms when the first one fails
When passing several authentication algorithms through auth_alg, we
should try all of them when the first one fails. The wext driver goes
through the connect nl80211 command and the retries are then handled by
the kernel. The nl80211 doesn't and we have to handle that from
userspace.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2010-08-17 16:39:33 +03:00
Jouni Malinen
77895cd937 Add a mechanism to insert notes to wpa_supplicant debug log
This can be used to insert information from external programs to the
wpa_supplicant debug log.
2010-08-11 18:07:22 +03:00
Jouni Malinen
f3f0f648d7 wpa_cli: Clean up redrawing and filter out BSS added/removed events 2010-08-11 17:58:04 +03:00
Jouni Malinen
24f7694062 Remove get-first-scan-results-before-request optimization
This has already been disabled in most use cases and can result
in problems with some drivers, so better just remove it completely.
2010-07-18 16:11:03 -07:00
Jouni Malinen
9b7124b27f Add some more debug for driver events 2010-07-17 20:33:34 -07:00
Jouni Malinen
5bc0cdb721 Ignore scan results in wpa_supplicant AP mode
This is needed to avoid trying to reassociate based on new scan
results when using wpa_supplicant to control AP mode. This could
happen if something external triggered the driver to run a scan.
2010-07-17 20:32:25 -07:00
Jouni Malinen
979b988ed6 WPS: Do not allow Label and Display config methods to be enabled
It is unclear which PIN is used if both Label and Display config
methods are advertised. Avoid this by not allowing such configuration.
2010-07-17 20:30:49 -07:00
Jouni Malinen
4436274bef SME: Do not skip initial scan request
When SME is in wpa_supplicant (mac80211), we need to make sure that
the kernel code has valid BSS entry for the AP. In some cases it
seemed to be possible to end up not having current information in
cfg80211 or mac80211 which can result to association failures. Avoid
this by always running through the scan request before initial
connection attempt.
2010-07-17 20:28:22 -07:00
Jouni Malinen
6e3f7173f1 SME: Retry scan after authentication failure
This is needed to avoid getting stuck if driver fails authentication
request for some reason.
2010-07-17 20:27:19 -07:00
Jouni Malinen
3f967fe055 Verify that l2_packet is initialized before notification call
It is possible that l2_packet is not used with wpa_supplicant
in some cases, so better make sure we do not end up notifying
l2_packet code about authentications unless it was actually
initialized in the first place.
2010-07-17 20:26:47 -07:00
Jouni Malinen
69a6b47aa0 Fix wpa_supplicant AP mode to ignore EAPOL Supplicant port callback
This is needed to avoid setting EAPOL PAE port status incorrectly
when using wpa_supplicant to control AP mode operations.
2010-07-17 20:25:41 -07:00
Jouni Malinen
79614ec55b bgscan learn: Remove forgotten debug printf 2010-07-10 19:59:31 -07:00
Jouni Malinen
3b7442e5fe bgscan learn: Mark BSSes that show up in the same scan as neighbors 2010-07-10 18:33:22 -07:00
Jouni Malinen
2e2a8d073d bgscan learn: Probe one new channel at a time to find APs
This allows APs to be found from channels that have not previously
been observed to contain APs for this ESS.
2010-07-10 18:09:41 -07:00
Jouni Malinen
fc480e88bf bgscan learn: Learn BSS information based on previous scans
Store list of all discovered BSSes in the ESS and on which frequencies
they have been seen. Use this information to dynamically generated the
list of channels for background scans.
2010-07-10 17:41:16 -07:00
Jouni Malinen
2e8d6ae32e bgscan learn: Add data file for storing learned network information 2010-07-10 16:05:31 -07:00
Jouni Malinen
c4d71c2505 bgscan: Add starting point for more advanced bgscan module: learn
This is based on the bgscan "simple" module and this initial commit
does not add any new functionality.
2010-07-10 15:55:48 -07:00
Jouni Malinen
c2594c3677 bgscan: Provide scan results to the notify_scan handler 2010-07-10 15:43:44 -07:00
Sam Leffler
3b038d7968 Fix bgscan stopping after dissassociation
Clear bgscan_ssid on disassoc event so bgscan is initialized the next
time we reach COMPLETED state.
2010-07-10 14:43:48 -07:00
Jouni Malinen
41e650ae5c WPS: Use different scan result sorting rules when doing WPS provisioning
The AP configuration may change after provisioning, so it is better
not to use the current security policy to prioritize results. Instead,
use WPS Selected Registrar attribute as the main sorting key and use
signal strength next without considering security policy or rate sets.
The non-WPS provisioning case remains as-is, i.e., this change applies
only when trying to find an AP for WPS provisioning.
2010-06-11 13:50:13 -07:00
Jouni Malinen
f62c2315f7 Show signal level and WPS support in scan results debug dump
This makes it easier to debug AP selection for WPS provisioning.
2010-06-11 13:47:33 -07:00
Jouni Malinen
d902a9c1bc Fix scan_runs counting
Addition of the background scanning mechanism in commit
60b94c9819 moved the scan trigger
into a new function that was also incrementing the scan_runs
counter, but the removal of the previous scan_runs incrementation
was forgotten from that patch. This counter should only be updated
into a single location, so remove the old one. This improves AP
selection for WPS provisioning by not skipping some of the initial
scans.
2010-06-11 11:15:16 -07:00
Jouni Malinen
7d6640a62c WPS ER: Add command for configuring an AP
wps_er_config can now be used to configure an AP. It is similar to
wps_er_learn, but instead of only learning the current AP settings,
it continues to send M8 with the new settings for the AP.
2010-05-28 00:01:48 +03:00
Jouni Malinen
3085b8052e WPS ER: Add initial documentation for External Registrar functionality 2010-05-27 15:25:18 +03:00
Jouni Malinen
15dbf1291a WPS ER: Add ctrl_iface event for learned AP settings 2010-05-27 15:24:45 +03:00
Jouni Malinen
0848668513 WPS ER: Allow AP filtering based on IP address
wps_er_start command now takes an optional parameter that can be used
to configure a filter to only allow UPnP SSDP messages from the
specified IP address. In practice, this limits the WPS ER operations
to a single AP and filters out all other devices in the network.
2010-05-27 15:23:55 +03:00
Jouni Malinen
7cc5995845 Skip D-Bus signals if the dbus_path is not yet set
This avoids an invalid D-Bus call during interface initialization.
The wpa_state change can happen before the D-Bus interface is set up,
so we must be preparted to handle this early event signal. In theory,
it should be possible to reorder initialization code to make sure
D-Bus signals are ready, but that would likely require quite a bit of
code restructuring, so it looks like a safer option for now is to just
skip the early event.
2010-05-23 20:23:11 +03:00
Jouni Malinen
25c226ea45 Fix CONFIG_AP=y build without CONFIG_IEEE8021X_EAPOL=y 2010-05-23 12:18:47 +03:00
Masashi Honma
37a86b7b36 Fix: AP mode wpa_supplicant build
The wpa_supplicant compilation with CONFIG_AP option and without
CONFIG_IEEE80211R, CONFIG_WPS, NEED_SME, CONFIG_CLIENT_MLME options
results in following messages.

../src/ap/drv_callbacks.o: In function `hostapd_notif_assoc':
../src/ap/drv_callbacks.c:59: undefined reference to
`ieee802_11_parse_elems'
gmake: *** [wpa_supplicant] Error 1
2010-05-23 12:12:40 +03:00
Jouni Malinen
8401a6b028 Add Linux rfkill support
Add a new wpa_supplicant state: interface disabled. This can be used
to allow wpa_supplicant to be running with the network interface even
when the driver does not actually allow any radio operations (e.g.,
due to rfkill).

Allow driver_nl80211.c and driver_wext.c to start while rfkill is in
blocked state (i.e., when ifconfig up fails) and process rfkill
events to block/unblock WLAN.
2010-05-23 10:27:32 +03:00
Kel Modderman
1491f8a785 wpa_gui-qt4: Fix network selection
Use regular expression matches to see if input is not the (now translated?)
string "Select any network" and is a "<network id>: <ssid>" string or the
"all" keyword where that is applicable.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2010-05-02 11:17:13 +03:00
Kel Modderman
adc8d4a791 Fix enabling of networks while another network is being used
Enable a network block, even if there is a current configuration, if it
was disabled.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2010-05-02 11:08:03 +03:00
Jouni Malinen
0b86f67a29 Add wpa_gui-qt4 translation files into build 2010-04-18 19:15:07 +03:00
Jouni Malinen
4fc387fce8 wpa_gui: lupdate run before release 2010-04-18 19:08:14 +03:00
Jouni Malinen
df9b245e76 wpa_gui: Fix Windows build 2010-04-18 19:06:24 +03:00
Jouni Malinen
be48214d2b Preparations for 0.7.2 release 2010-04-18 18:02:34 +03:00
Masashi Honma
5008cb5e55 Support for Solaris default shell restriction
Some shells (like Solaris default /bin/sh) doesn't allow -e
option for file existence check. Use -f instead.
2010-04-17 17:15:23 +03:00
Jouni Malinen
74e259ec7c Do not trigger initial scan if there are no enabled networks
This allows wpa_supplicant to be started quickly with an empty
configuration. If an external program wants to fetch scan results
from wpa_supplicant, it will need to request a scan explicitly
in this type of case.
2010-04-16 18:56:23 +03:00
Jouni Malinen
5fbc1f279b Fix get_interfaces() driver call to use correct drv_priv data 2010-04-14 16:38:53 +03:00
Jouni Malinen
20e26395c8 SME: Fix build without 802.11r or WPS 2010-04-12 09:39:36 +03:00
Jouni Malinen
92aaafe6bd .gitignore for generated language files 2010-04-11 23:00:51 +03:00
Stefan Oswald
7c00f6ba86 wpa_gui: Add Qt translator installation and German translation
This takes QTranslator into use and adds a German translation of
wpa_gui.
2010-04-11 22:58:08 +03:00
Stefan Oswald
0d76b1ab5f wpa_gui: Make Status strings visible to linguist
Linguist cannot see the strings coming from wpa_supplicant, so create
a function that translates these to tr() strings inside wpa_gui
source code.
2010-04-11 22:42:02 +03:00
Stefan Oswald
9086fe4466 wpa_gui: Convert strings to use tr() in user-visible text
This is in preparation for allowing wpa_gui to be translated.
2010-04-11 22:35:02 +03:00
Witold Sowa
c56ce48a6f dbus: Add new KeyMgmt interface capabilities
Add "wpa-ft-psk", "wpa-psk-sha256", "wpa-ft-eap" and "wpa-eap-sha256"
possible KeyMgmt values of interface capabilities to fit values in
BSS RSN options dictionary.
2010-04-11 21:37:28 +03:00
Jouni Malinen
0544b24248 Add BSSID and reason code (if available) to disconnect event
This adds more details into the CTRL-EVENT-DISCONNECTED event to
make it easier to figure out which network was disconnected in some
race conditions and to what could have been the reason for
disconnection. The reason code is currently only available with
the nl80211 driver wrapper.
2010-04-11 21:25:15 +03:00
Jouni Malinen
c706d5aa17 Add wpa_supplicant AP mode events for Public Action frames 2010-04-11 20:33:33 +03:00
Jouni Malinen
b3db190fa2 Started to make set_ap_wps_ie() capable of adding multiple IEs
This mechanism can be used to add various IEs to Beacon and Probe
Response frames and it should be made clear that it is not reserved
only for WPS IE.
2010-04-11 20:16:43 +03:00
Jouni Malinen
f90ceeaabf wpa_supplicant AP mode: Add function for enabling MAC address filtering
This can be used to allow only a specific station to associate.
2010-04-11 20:08:00 +03:00
Jouni Malinen
48b357a989 Make sure AP interface is initialize before accepting WPS commands 2010-04-11 20:06:12 +03:00
Jouni Malinen
7a649c7dda wpa_supplicant AP: More thorough AP mode deinit 2010-04-11 20:03:39 +03:00
Jouni Malinen
508545f3a9 Add more wpa_supplicant AP mode parameters for the driver wrapper
This makes it easier to configure AP mode for drivers that take care
of WPA/RSN IE generation.
2010-04-11 20:02:01 +03:00
Jouni Malinen
4b768ed0b2 Add registerable callback for wpa_supplicant AP mode completion 2010-04-11 19:59:33 +03:00
Jouni Malinen
1c4c9c5078 Try to start a new scan more quickly after driver rejection
This speeds up recovery from some cases where the driver may refuse
a new scan request command temporarily.
2010-04-11 19:56:23 +03:00
Jouni Malinen
8cd82735cb Add an option to request a connection without a new scan 2010-04-11 19:55:40 +03:00
Jouni Malinen
64e58f5189 Add option for overriding scan result handler for a single scan 2010-04-11 19:53:31 +03:00
Jouni Malinen
814782b9fe Allow driver wrappers to indicate maximum remain-on-channel duration 2010-04-11 19:42:37 +03:00
Jouni Malinen
6700a277a9 Avoid dropping ctrl_iface on ENOBUFS error burst
These bursts can result in control interface monitors being detached
even if the external program is still working properly. Use much larger
error threshold for ENOBUFS to avoid this.
2010-04-11 19:29:24 +03:00
Jouni Malinen
cf4783e35f Deauthenticate instead of disassociate on disconnect command
This clears up authentication state in the driver and in case of
cfg80211, unlocks the BSS entry for the previously used AP.
2010-04-11 19:27:41 +03:00
Jouni Malinen
f3585c8a85 Simplify driver_ops for virtual interface add/remove
There is no absolute requirement for separating address allocation
into separate functions, so simplify the driver wrapper interface
to use just if_add and if_remove instead of adding the new
alloc_interface_addr() and release_interface_addr() functions.

if_add() can now indicate if the driver forced a different interface
name or address on the virtual interface.
2010-04-11 19:23:09 +03:00
Jouni Malinen
977b11747f Allow sub-second resolution for scan requests
This is in preparation to use cases that may benefit from more frequent
scanning.
2010-04-11 19:10:01 +03:00
Jouni Malinen
17a4734dc4 Optimize post-WPS scan based on channel used during provisioning
Scan only the frequency that was used during provisioning during the
first five scans for the connection. This speeds up connection in the
most likely case where the AP remains on the same channel. If the AP is
not found after these initial scans, all channels will be scanned.
2010-04-11 19:06:42 +03:00
Jouni Malinen
9efc3f2a4b SME: Handle association without own extra IEs
Need to check for this before calling ieee802_11_parse_elems().
2010-04-11 12:19:02 +03:00
Jouni Malinen
86d4f806da Add ctrl_iface command for triggering a roam to a specific BSS
'wpa_cli roam <bssid>' can now be used to test roaming within an ESS
(e.g., for FT over-the-air). This command will bypass a new scan and
will select the BSS based on the specified BSSID. It is responsibility
of the caller to make sure that the target AP is in the BSS table.
This can be done, e.g., by running a scan before the roam command,
if needed.
2010-04-10 22:56:55 +03:00
Jouni Malinen
a7b6c42232 Fix error messages to print ASCII MAC address, not the parse buffer 2010-04-10 22:46:54 +03:00
Jouni Malinen
0d7b44099f SME: Do not try to use FT over-the-air if PTK is not available 2010-04-10 22:39:49 +03:00
Jouni Malinen
e7846b6859 FT: Clean up wpa_sm_set_ft_params() by using common parse
Instead of parsing the IEs in the callers, use the already existing
parser in wpa_ft.c to handle MDIE and FTIE from initial MD association
response. In addition, this provides more complete access to association
response IEs to FT code which will be needed to fix FT 4-way handshake
message 2/4.
2010-04-10 11:36:35 +03:00
Jouni Malinen
579ce77122 FT: Deauthenticate in case of Reassoc Response validation error
If validation of the Reassociation Response frame fails during FT
Protocol, do not allow association to be completed; instead, force
deauthentication.
2010-04-09 16:59:27 +03:00
Jouni Malinen
f4ec630d1b FT: Set FT Capability and Policy properly in MDIE during initial MD assoc
This field needs to be copied from the scan results for the AP
per IEEE Std 802.11r-2008, 11A.4.2.
2010-04-09 16:41:57 +03:00
Jouni Malinen
76b7981d07 FT: Copy FT Capability and Policy to MDIE from target AP
This sets the FT Capability and Policy field in the MDIE to the values
received from the target AP (if available). This fixes the MDIE contents
during FT Protocol, but the correct value may not yet be used in initial
mobility domain association.
2010-04-09 16:26:20 +03:00
Jouni Malinen
d9a27b0455 Fix SME to update WPA/RSN IE for rsn_supp module based on AssocReq
When using wpa_supplicant SME (i.e., using nl80211), the rsn_supp
module was not informed of the WPA/RSN IE that was used in
(Re)Association Request frame. This broke roaming between APs that
use different security policy (e.g., changing between WPA/TKIP and
WPA2/CCMP APs) or when using PMKSA caching.
2010-04-07 10:31:06 +03:00
Jouni Malinen
32d5295f9d Add a drop_sa command to allow 802.11w testing
This drops PTK and PMK without notifying the AP.
2010-03-29 15:42:04 -07:00
Jouni Malinen
e820cf952f MFP: Add MFPR flag into station RSN IE if 802.11w is mandatory 2010-03-29 10:48:01 -07:00
Jouni Malinen
e2f74005f5 bgscan: Add signal strength change events
This allows bgscan modules to use more information to decide on when
to perform background scans. bgscan_simple can now change between
short and long background scan intervals based on signal strength
and in addition, it can trigger immediate scans when the signal
strength is detected to be dropping.

bgscan_simple takes following parameters now:
short interval:signal strength threshold:long interval
For example:
	bgscan="simple:30:-45:300"
2010-03-28 15:32:34 -07:00
Jouni Malinen
b625473c6c Add driver command and event for signal strength monitoring 2010-03-28 15:31:04 -07:00
Jouni Malinen
b766a9a293 Add freq_list network configuration parameter
This can be used to limit which frequencies are considered when
selecting a BSS. This is somewhat similar to scan_freq, but will
also affect any scan results regardless of which program triggered
the scan.
2010-03-26 22:45:50 -07:00
Jouni Malinen
62c72d7299 FT: Process reassoc resp FT IEs when using wpa_supplicant SME 2010-03-13 21:13:18 +02:00
Jouni Malinen
2a7e7f4e4a FT: Add driver op for marking a STA authenticated
This can be used with FT-over-DS where FT Action frame exchange
triggers transition to State 2 (authenticated) without Authentication
frame exchange.
2010-03-13 18:28:15 +02:00
Jouni Malinen
fe1919856c FT: Update SME frequency info before sme_associate() call
This is needed to allow FT-over-DS to request correct channel for
the reassociation with the target AP.
2010-03-13 18:26:25 +02:00
Jouni Malinen
71024cb255 FT: Request reassociation after successful FT Action frame exchange 2010-03-13 17:14:41 +02:00
Jouni Malinen
a7918ec749 wpa_cli: Improved command parameter tab completion 2010-03-12 19:43:15 +02:00
Jouni Malinen
037f83eb44 wpa_cli: Fix detach race with forked monitor process
Need to kill the monitor process before running detach command on
the monitor connection to avoid race where the monitor process may
end up getting the detach command result.
2010-03-12 17:34:56 +02:00
Jouni Malinen
dd63f314bd wpa_cli: Redisplay readline edit after event messages 2010-03-12 17:24:50 +02:00
Jouni Malinen
036f7c4aab FT: Add preliminary processing of FT Action Response from EVENT_RX_ACTION
Previously, this was only done with userspace MLME (i.e., driver_test.c);
now, driver_nl80211.c can deliver the FT Action Response (FT-over-DS)
for processing. The reassociation after successful FT Action frame
exchange is not yet implemented.
2010-03-12 00:43:00 +02:00
Jouni Malinen
a4652ce64c wpa_gui: Remove unneeded wpa_ctrl_request() msg_cb 2010-03-07 17:28:00 +02:00
Jouni Malinen
3234cba40e Remove unnecessary ifname parameter to sta_set_flags() driver op 2010-03-07 11:45:41 +02:00
Jouni Malinen
62847751e4 Remove unnecessary ifname parameter from sta_add() driver op 2010-03-07 11:42:41 +02:00
Jouni Malinen
17557ebe30 Remove forgotten ifname parameter from set_beacon() call 2010-03-07 10:04:35 +02:00
Felix Fietkau
4c32757d22 hostapd: add ifname to the sta_set_flags callback
This fixes multi-BSS STA operations (e.g., setting AUTHORIZED flag) with
nl80211-based drivers.
2010-03-06 20:44:31 +02:00
Jouni Malinen
23e2550c0e Remove unneeded CONFIG_EAP comments
These are not needed for WPS builds since CONFIG_WPS=y enables all
the needed EAP components.
2010-03-06 16:40:53 +02:00
Dmitry Shmidt
aa53509ffe Update priority list after priority change
Despite comments in the wpa_config_update_prio_list(struct wpa_config
*config) telling that it is called "if priority for a network is
changed", it is apparently not.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2010-03-06 11:13:50 +02:00
Kel Modderman
09bd6e8cca wpa_supplicant: fix FTBFS on Debian GNU/kFreeBSD
This patch allows wpa_supplicant to compile on Debian's kfreebsd
architectures.

Patch by Stefan Lippers-Hollmann based on work done by Petr Salinger
and Emmanuel Bouthenot for 0.6.X (http://bugs.debian.org/480572).
2010-03-06 10:16:47 +02:00
Jouni Malinen
3812464cda Add optional scan result filter based on SSID
filter_ssids=1 global configuration parameter can now be used to
enable scan result filtering (with -Dnl80211 only for now) based on
the configured SSIDs. In other words, only the scan results that have
an SSID matching with one of the configured networks are included in the
BSS table. This can be used to reduce memory needs in environments that
have huge number of APs.
2010-03-05 21:42:06 +02:00
Jouni Malinen
c9c38b0996 Make maximum BSS table size configurable
New global configuration parameter bss_max_count can now be used to
change the maximum BSS table size. The old fixed size limit (200) is
used as the default value for this parameter.
2010-03-05 20:20:09 +02:00
Jouni Malinen
ac26ebd8b5 Allow roam based on preferred BSSID regardless of signal strength 2010-02-28 11:09:58 +02:00
Jouni Malinen
36d1343a4b Do not inhibit suspend even if wpa_cli command fails
There is no point in inhibiting suspend in case wpa_supplicant is
not running and as such, return success unconditionally from this
script.
2010-02-27 20:03:13 +02:00
Jouni Malinen
207ef3fb12 Add suspend/resume notifications
wpa_supplicant can now be notified of suspend/resume events, e.g.,
from pm-action scripts. This allows wpa_supplicant to clear information
that may become invalid during a suspend operation.
2010-02-27 18:46:02 +02:00
Jouni Malinen
be8be6717d Clear current_bss pointer on disassociation/deauthentication
This is needed to allow the BSS table entry for the previously used
BSS to be removed. Now wpa_bss_in_use() can return 0 for the last BSS
that was used as soon as deauthentication/disassociation event has been
received.
2010-02-27 18:40:25 +02:00
Jouni Malinen
159dd3e28a Add more debug prints to make deauth/disassoc events clearer 2010-02-27 18:39:09 +02:00
Jouni Malinen
e824cc4648 Use os_snprintf instead of snprintf 2010-02-19 19:14:41 +02:00
Jouni Malinen
94d9bfd59b Rename EAP server source files to avoid duplicate names
This makes it easier to build both EAP peer and server functionality
into the same project with some toolchains.
2010-02-19 18:54:07 +02:00
Jouni Malinen
b7a2b0b68c Add alloc_interface_addr() drv op option for specifying ifname
Some drivers may need to use a specific ifname for the virtual
interface, so allow them to do this with a new parameter passed
to the alloc_interface_addr() handler.
2010-02-16 19:34:51 +02:00
Jouni Malinen
cbf7855883 wpa_cli: Add option to use child process to receive events
CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config can be used to
configure wpa_cli build to make a version of wpa_cli that forks
a child process to receive event messages. This allows the events
to be shown immediately instead of having to wait for the next
periodic poll with PING.
2010-02-14 16:14:20 +02:00
Jouni Malinen
4a3ade4e11 wpa_gui: Use separate ctrl_iface connection for event messages 2010-02-13 21:37:35 +02:00
Kel Modderman
aff5e54d4a wpa_gui-qt4: do not show WPS AP available event tray messages
Do not show WPS event tray messages as they can happen too frequently.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2010-02-13 14:03:18 +02:00
Jouni Malinen
00468b4650 Add TLS client events, server probing, and srv cert matching
This allows external programs (e.g., UI) to get more information
about server certificate chain used during TLS handshake. This can
be used both to automatically probe the authentication server to
figure out most likely network configuration and to get information
about reasons for failed authentications.

The follow new control interface events are used for this:
CTRL-EVENT-EAP-PEER-CERT
CTRL-EVENT-EAP-TLS-CERT-ERROR

In addition, there is now an option for matching the server certificate
instead of the full certificate chain for cases where a trusted CA is
not configured or even known. This can be used, e.g., by first probing
the network and learning the server certificate hash based on the new
events and then adding a network configuration with the server
certificate hash after user have accepted it. Future connections will
then be allowed as long as the same server certificate is used.

Authentication server probing can be done, e.g., with following
configuration options:
    eap=TTLS PEAP TLS
    identity=""
    ca_cert="probe://"

Example set of control events for this:
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' hash=5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=8 depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' err='Server certificate chain probe'
CTRL-EVENT-EAP-FAILURE EAP authentication failed

Server certificate matching is configured with ca_cert, e.g.:
    ca_cert="hash://server/sha256/5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a"

This functionality is currently available only with OpenSSL. Other
TLS libraries (including internal implementation) may be added in
the future.
2010-02-13 11:14:23 +02:00
Jouni Malinen
c5674000a3 wpa_gui-qt4: Stop BSS fetch loop on error for Peers dialog
There is no need to continue the loop until the 1000 max BSS limit
if a BSS command fails.
2010-01-24 18:42:45 -08:00
Jouni Malinen
48563d86b2 Try to avoid some unnecessary roaming
When multiple APs are present in scan results with similar signal
strength, wpa_supplicant may end up bounching between them frequently
whenever new scan results are available (e.g., due to periodic scans
requested by NetworkManager). This can result in unnecessary roaming
and in case of the current cfg80211 version, to frequent network
disconnections.

Do not request a roam if the current BSS is still present in the scan
results and the selected BSS is in the same ESS and has only a slighly
stronger signal strength.
2010-01-24 18:19:50 -08:00
Jouni Malinen
b85e772449 SME: Request a new scan if SME association command fails
This handles some error cases without getting stuck waiting for new
events from the driver if association command fails for any reason.
2010-01-24 18:09:36 -08:00
Jouni Malinen
dff0f701d0 Preparations for v0.7.1 release 2010-01-16 19:04:38 +02:00
Jouni Malinen
3e674c063c Update VS 2005 project files with new/removed source files 2010-01-16 18:49:17 +02:00
Witold Sowa
7899e2f42d dbus: Change WPA/RSNIE byte array props to dicts
Expose RSN and WPA properties for BSS objects containing information
about key management and cipher suites. Get rid of WPA/RSN/WPSIE
byte array properties and add IEs byte array property with all IE data
instead.
2010-01-16 16:37:37 +02:00
Jouni Malinen
8c0906542c Fetch IEs from both Beacon and Probe Response frames if available
This allows the driver wrappers to return two sets of IEs, so that
the BSS code can use information from both Beacon and Probe Response
frames if needed. For example, some Cisco APs seem to include more
information in Wireless Provisioning Services IE when it is in the
Beacon frame.
2010-01-16 16:11:05 +02:00
Jouni Malinen
af47308823 Add deinit_ap driver op to help wpa_supplicant AP mode use 2010-01-16 12:20:51 +02:00
Jouni Malinen
e882899981 Add BSSID to TX/RX Action frame driver ops
This meets better the needs for various Public Action frame use cases.
2010-01-16 12:16:20 +02:00
Jouni Malinen
a2e4f66edc Remove completed to-do item 2010-01-16 09:44:41 +02:00
Jouni Malinen
20766f2007 Make wpa_bss_get_max_rate() a bit more readable with a local variable 2010-01-10 22:53:36 +02:00
Jouni Malinen
a416fb47eb IBSS RSN: Explicitly check addr != NULL before passing it to memcmp
idx == 0 should be enough to make sure that the addr is set, but
verify that this is indeed the case to avoid any potential issues if
auth_set_key() gets called incorrectly.
2010-01-10 21:53:17 +02:00
Jouni Malinen
6f9b5d1696 IBSS RSN: Check explicitly that WPA auth sm assoc call succeeded
Verify that association processing did not end up freeing the state
machine. This should not really happen in practice, but better verify
it anyway.
2010-01-10 21:45:44 +02:00
Jouni Malinen
f337f0e950 Remove unnecessary bss != NULL checks from sme_authenticate()
This is already verified in the beginning of the function, so no need
to repeat that multiple times.
2010-01-10 21:31:54 +02:00
Jouni Malinen
2b057028cb Fix client MLME test code for IBSS scan request
wpa_s->mlme.ssid is an array so it is always != NULL and this
comparision should really have used ssid_len instead.
2010-01-10 20:41:33 +02:00
Marcel Holtmann
097c5802da dbus: Fix value of BSS Privacy property
Checking for IEEE80211_CAP_PRIVACY needs to use & and not &&.
2010-01-10 18:18:08 +02:00
Jouni Malinen
728e776c09 Fix alloc validation in wpa_bss_get_bit_rates()
Need to check the value returned by os_malloc(), not the pointer to
this value.
2010-01-09 23:56:09 +02:00
Witold Sowa
8e5568f874 dbus: Change BSS, Network and some errors interface names
Remove ".Interface" part from BSS and Network objects and some
error names.
2010-01-09 11:41:09 +02:00
Masashi Honma
953f0f6333 bsd: Add support for WPA_TRACE and WPA_TRACE_BFD
On FreeBSD 8.0, WPA_TRACE and WPA_TRACE_BFD functionality build fails.
2010-01-09 11:01:12 +02:00
Jouni Malinen
d97572a40f dbus: Add a test script for D-Bus API signals 2010-01-06 21:33:54 +02:00
Jouni Malinen
c91278a5b4 dbus: Do not try to unregister not-yet-registered network object 2010-01-06 21:31:13 +02:00
Jouni Malinen
d58f4a8177 Remove forgotten script termination attempt 2010-01-06 20:23:47 +02:00
Witold Sowa
158c6c7467 dbus: Add BSS property change notifications 2010-01-06 20:03:01 +02:00
Jouni Malinen
c3299a8b74 dbus: Fix crash on property change if D-Bus API is disabled 2010-01-06 12:14:35 +02:00
Jouni Malinen
6c195cd507 dbus: Fix prop_changed_flags allocation to count properties correctly
There was an extra semicolon that broke the calculation of registered
properties and resulted in obj_desc->prop_changed_flags not being
allocated long enough for all the flags.
2010-01-06 11:55:21 +02:00
Jouni Malinen
e30020c7ab dbus: Fix flush_object_timeout_handler context to be consistent
The path pointer used as the timeout_ctx was not constant; the path
string itself may have been the same, but the pointer certainly was not
since it was sometimes from stack and sometimes from the dynamically
allocated buffer in obj_desc. This caused some of the eloop timeout
cancellations not to find the timeout. Fix this by using the obj_desc
as the timeout context data.
2010-01-06 11:50:43 +02:00
Witold Sowa
abd7a4e353 dbus: Aggregate PropertiesChanged signals
Instead of sending PropertiesChanged signals for each changed
property separately, mark properties as changed and send aggregated
PropertiesChanged signals for each interface in each object.
Aggregated PropertiesChanged signal is sent
- for all object after responding on DBus call
- for specified object after manual call to
  wpa_dbus_flush_object_changed_properties() function
- for each object separately after short timeout (currently 5 ms)
  which starts when first property in object is marked changed
2010-01-04 17:15:57 +02:00
Witold Sowa
75d328af50 dbus: Change BSS property MaxRate to Rates
Instead of exposing maximum BSS bit rate, expose sorted array
of all supported rates.
2010-01-04 16:52:30 +02:00
Jouni Malinen
58e1452474 dbus: Remove forgotten, unused functions from GetAll script 2010-01-04 16:35:38 +02:00