www.project-moonshot.org Git - mech

P2P: Reject p2p_find when in provisioning

A p2p_find during provisioning shall not allow the enrollee to
pick the network, hence disable p2p_find during provisioning.

Signed-hostap: Sunil Dutt Undekari <duttus@codeaurora.org>

Remove STA entry from AP when starting TKIP countermeasures

Previously, the STA entry was removed only from the driver and the STA
entry within hostapd was just marked disassociated. However, this left
the WPA authenticator state machine with an entry and the session was
not terminated properly. In addition, the STA entry could have remaining
indefinitely if the STA did not reconnect after TKIP countermeasures.
Fix this by removing the STA entry from hostapd instead of just leaving
it disassociated.

Signed-hostap: Jouni Malinen <j@w1.fi>

hostapd: Fix PBC config method of WSC IE in Beacon/Probe Response

In AP which supports WPSv2 with only virtual push button, when PBC is
called, the WSC IE should include Selected Registrar Configuration
Methods attribute with the bit of the physical push button not set.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>

eloop/poll: Handle POLLER | POLLHUP in read logic

Without this, we can get into a tight loop because the
code in general doesn't add eloop exception handlers,
so socket reporting the POLLERR would never be read.

With this change, any socket with POLLERR or POLLHUP
asserted will be handled by the read logic.

Signed-hostap: Ben Greear <greearb@candelatech.com>

Describe CONFIG_AP=y and CONFIG_P2P=y in defconfig

Signed-hostap: Jouni Malinen <j@w1.fi>

Fix a typo

Signed-hostap: Jouni Malinen <j@w1.fi>

nl80211: Simplify cbmsg buffer

The control message received from the kernel needs some space, but
there's no need for the strange typing that breaks clang compilation.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>

atheros: Remove unused variables

Signed-hostap: Jouni Malinen <j@w1.fi>

atheros: Fix build when WPS and IEEE80211R are both disabled

Signed-hostap: Baruch Siach <baruch@tkos.co.il>

P2P: Fix fallback to GO Negotiation to avoid PD-before-join timeout

The wpas_p2p_pd_before_join_timeout could be left behind if the PD
Request in p2p_connect-auto case does not succeed. This timeout can
result in unexpected operations since it could trigger join operation
while going through GO Negotiation. Fix this by canceling the timeout
when falling back to GO Negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

Copy Chargeable-User-Identity in PMKSA caching case

Maintain a copy of Chargeable-User-Identity in the PMKSA cache to allow
it to be included in accounting messages even if full authentication was
not completed.

Signed-hostap: Jouni Malinen <j@w1.fi>

RADIUS DAS: Support Chargeable-User-Identity with Disconnect-Request

Chargeable-User-Identity can now be used in Disconnect-Request to
identify the station to be disconnected.

Signed-hostap: Jouni Malinen <j@w1.fi>

RADIUS: Fix a typo in attribute name in debug messages

Signed-hostap: Jouni Malinen <j@w1.fi>

RADIUS DAS: Add Event-Timestamp attribute into ACK/NAK messages

Signed-hostap: Jouni Malinen <j@w1.fi>

RADIUS DAS: Add support for Disconnect-Request

Calling-Station-Id, Acct-Session-Id, and User-Name attributes in a
Disconnect-Request message can now be used to indicate which station is
to be disconnected.

Signed-hostap: Jouni Malinen <j@w1.fi>

RADIUS DAS: Check Disconnect-Request attributes

Reject Disconnect-Request if it includes unsupported attributes.

Signed-hostap: Jouni Malinen <j@w1.fi>

RADIUS DAS: Validate Event-Timestamp

DAS will now validate Event-Timestamp value to be within an acceptable
time window (300 seconds by default; can be set using
radius_das_time_window parameter). In addition, Event-Timestamp can be
required in Disconnect-Request and CoA-Request messages with
radius_das_require_event_timestamp=1.

Signed-hostap: Jouni Malinen <j@w1.fi>

P2P: Add p2p_client_list support for FullMAC Persistent GO

Currently, FullMAC Persistent GO can't use p2p_client_list because its
own hapd->p2p_group is NULL at ap_sta_set_authorized(). This patch
changes the processing to use sta->p2p_ie instead of
p2p_group_get_dev_addr() on FullMAC GO.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>

hostapd: Return error value on configuration check failure

Don't count errors since the number isn't used anyway.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>

hostapd: Remove redundant variable initialization

The 'errors' variable is initialized later anyway.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>

P2P: Fix P2P Client Discoverability bit updates

The P2P Client Discoverability bit is reserved in most frames and its
value in the local P2P peer table should only be updated based on P2P
Group Info attribute from a GO. Fix this by avoiding changes to this
dev_capab bit based on other P2P frames. It would be more correct to
track this separately for each group in which the peer is a member, but
since we do not do that for the other group specific information either,
this can do for now.

It should be noted that prior to commit
18485b5469c5eeea6a552264fbfaabb089a0a557 wpa_supplicant set this bit in
all P2P frames. However, that commit changed this to match the
specification, i.e., the bit is not set in frames which are received
from P2P Device role. As such, this fix is needed to be able to figure
out that a peer supports client discoverability capability after that
commit.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1

P2P: Fix setting of P2P Client Discoverability bit

In the P2P specification v1.1, the P2P Client Discoverability bit is
described in Table 12 "Device Capability Bitmap definition". The table
says "Within a P2P Group Info attribute and a (Re)association request
frame the P2P Client Discoverability field shall be set to 1 when the
P2P Device supports P2P Client Discoverability, and is set to 0
otherwise. This field shall be reserved and set to 0 in all other frames
or uses.". To match with this, filter out P2P Client Discoverability bit
from frames where its use is reserved.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>

EAP-SIM/AKA server: Allow pseudonym to be used after unknown reauth id

If the peer uses an unknown reauth id, it would still be possible to use
pseudonym instead of permanent id. Allow this by changing the
AT_PERMANENT_ID_REQ to AT_FULLAUTH_ID_REQ in case unknown reauth id is
used in EAP-Response/Identity.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Add driver op for requesting GO/AP channel switch

Signed-hostap: Jithu Jance <jithu@broadcom.com>

P2P: Add preference setting for concurrent use cases

Add an additional parameter to prioritize either sta or p2p connection
to resolve conflicts arising during single channel concurrency.

Signed-hostap: Jithu Jance <jithu@broadcom.com>

P2P: Do not use reassociation after getting disassociated

This avoids issues with some APs rejecting a reassociation if the
station is not currently associated as reported by Yossi Wortzel.
The change is based on a patch from Arik Nemtsov.

Signed-hostap: Jouni Malinen <j@w1.fi>

P2P: Ignore unexpected GO Neg Resp is we have sent Resp

There is a race condition in GO Negotiation Request frame sending and
processing that may end up with both devices sending GO Negotiation
Response. This response frame was previously accepted even if a response
had already been sent. This could result in two GO Negotiation Confirm
frames being exchanged and consequently, with two separate GO
Negotiations completing concurrently. These negotiations could result in
getting mismatching parameters (e.g., both device could believe it was
the GO).

Fix this by ignoring GO Negotiation Response from the peer if twe have
already sent a GO Negotiation Response frame and we have the higher P2P
Device Address. This is similar to the rule used to determine whether to
reply to GO Negotiation Request frame when Request was already sent,
i.e., the same direction of GO Negotiation is maintained here to enforce
that only the negotiation initiated by the device with smaller P2P
Device Address is completed.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1

P2P: Address race condition with GO Negotiation Request TX status

If both peers initiate GO Negotiation at about the same time, it is
possible for the GO Negotiation Request frame from the peer to be
received between the local attempt to send the GO Negotiation Request
and TX status event for that. This could result in both devices sending
GO Negotiation Response frames even though one of them should have
skipped this based which device uses a higher MAC address.

Resolve this race by incrementing go_neg_req_sent when p2p_send_action()
returns success instead of doing this from the TX status callback. If
the frame is not acknowledged, go_neg_req_sent is cleared in TX status
handler.

Signed-off-by: Neeraj Garg <neerajkg@broadcom.com>

sta_info: Remove duplicated function declaration

In sta_info.h, ap_free_sta() was declared twice.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>

LibTomMath: Use 64-bit mode for mp_digit

For 64-bit x86 builds, enable 64-bit mode to optimize bignum operations
with the internal LibTomMath version.

Signed-hostap: Jouni Malinen <j@w1.fi>

atheros: Set essid length field only once

Signed-hostap: Baruch Siach <baruch@tkos.co.il>

atheros: Fix build when CONFIG_WPS is disabled

The use of ETH_P_80211_RAW does not depend on CONFIG_WPS, so make its
definition independent as well.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>

P2P: Assume GO Negotiation failed if GO Neg Conf wait times out

Stop the connection attempt if GO Negotiation Confirm is not received
within 100 ms of the GO Negotiation Response getting acknowledged.
Previously, we would have continued trying to connect to the peer even
in this case which could result in confusing second GO Negotiation
Request frame and unnecessarily long wait before indicating failure.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Fix group formation timeout on GO during WPS step

Commit 361cdf34009c7407ddf22dee6f5e6ce82e81bcae changed the way the
group formation timeout is used on P2P client. However, it resulted in
clearing the timeout on the GO when the GO started beaconing. This is
not correct since the timeout is supposed to be maintained until at
least the completion of the WPS provisioning step. Fix this regression
by clearing the timeout here only in the case we are not GO in group
formation phase.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS: Cancel WPS operation also in DISCONNECTED state

It is possible for wpa_state to be WPA_DISCONNECTED when a new scan is
scheduled to be started in the future. If wpas_wps_cancel() gets called
(e.g., through control interface wps_cancel or a P2P group removal)
while in that state, the WPS operation (scan request and special network
block) were not removed. Fix this by clearing the WPS operations both in
WPA_SCANNING and WPA_DISCONNECTED states.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1

P2P: Fix scan_res_handler setting for p2p_scan

The previous version set scan_res_handler unconditionally and then
cleared it if scan request failed. This can result in incorrect clearing
of the handler to NULL for a previously started scan that has not yet
completed. This can make p2p_find command fail to use the
start-after-scan-completion mechanism in some cases. Fix this by setting
scan_res_handler properly after having verified that the driver command
for starting the scan was successful.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1

P2P: Send GO Negotiation Confirm without wait

The GO Negotiation Confirm frame doesn't need to be sent with a wait
since we don't expect a response to it.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>

P2P: Improve p2p_prov_disc-auto robustness

Perform addition additional scan runs on the operating channel of the GO
(if known from previous scan results) and fall back to initiate the PD
for GO Negotiation if these additional scans do not detect the peer as
GO.

Signed-hostap: Sunil Dutt Undekari <duttus@codeaurora.org>

P2P: Use consistent Device Capability in Beacon/Probe Response

Concurrent Operation bit was not set for GO even if the device
supports concurrent operations. Make sure the Device Capability
value is consistent with other P2P use cases by using the value
determined in p2p_init().

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>

P2P: Fix P2P Group Formation timeout registration (use parent iface)

Commit 361cdf34009c7407ddf22dee6f5e6ce82e81bcae extended the use of
group formation timeout for the way handshake, but the registration was
done on the group_interface while the cancellation was done on the
parent interface. Fix the registration to set the eloop timeout on
parent to address potential issues when using a separate group
interface.

Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>

bss: Don't remove a BSS that is in use

When looking for a BSS to eject due to too many entries, never
pick one that is in use. Otherwise, we run the risk of having
pointers to freed data.

Signed-hostap: Paul Stewart <pstew@chromium.org>

wpa_supplicant: Report EAP connection progress to DBus

Send an "EAP" signal via the new DBus interface under various
conditions during EAP authentication:

  - During method selection (ACK and NAK)
  - During certificate verification
  - While sending and receiving TLS alert messages
  - EAP success and failure messages

This provides DBus callers a number of new tools:

  - The ability to probe an AP for available EAP methods
    (given an identity).
  - The ability to identify why the remote certificate was
    not verified.
  - The ability to identify why the remote peer refused
    a TLS connection.

Signed-hostap: Paul Stewart <pstew@chromium.org>

nl80211: Use safe list iteration

In certain cases like PBC session overlap it appears to be possible that
an interface is removed due to an event handled on it, this leads to
list corruption. Use safe iteration to prevent this issue.

Reported-by: Nirav Shah <nirav.j2.shah@intel.com>
Reported-by: Neeraj Kumar Garg <neerajkg@broadcom.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
intended-for: hostap-1

wpa_supplicant: Support dtim_period configuration for AP mode

Signed-off-by: Etay Luz <eluz@qca.qualcomm.com>

WNM: Send empty IPv4 packet as keep-alive for now

Use an empty IPv4 packet as the keep-alive packet for WNM BSS max idle
period mechanism. This is not really the best possible frame to use for
this, but for now, it can do until a more suitable frame is figured out
for this (e.g., special LLC header to indicate link test purposes).

Signed-hostap: Jouni Malinen <j@w1.fi>

Force driver to disassociate STA if no room for the STA entry

When hostapd (or wpa_supplicant AP mode) limits the maximum number
of STA entries with a driver that implements SME, the driver needs
to be notified of the failed STA addition. Disassociate the STA if
the driver notifies of an association that would go beyond the
maximum number of STAs.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WNM: Fix build without CONFIG_SME=y

Commit b6668734ab8ac235f129d1cd0aff4c4e1c922b41 missed #ifdef CONFIG_SME
protection around wpa_s->sme access.

Signed-hostap: Jouni Malinen <j@w1.fi>

WNM: Add advertisement of BSS max idle period

If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period
information to the (Re)Association Response frame from the AP and parse
this information on the station. For SME-in-wpa_supplicant case, add a
timer to handle periodic transmission of the keep-alive frame. The
actual request for the driver to transmit a frame is not yet
implemented.

Signed-hostap: Jouni Malinen <j@w1.fi>

P2P: Improve handling of p2p_connect-auto fallback

Commit aa9bb7644b0f7acbc9403189f0c47c17079205bc improved robustness
of p2p_connect-auto mechanism by using older scan results to help in
determination whether the peer was operating a GO. Improve this by
accepting new GO information from scan-for-WPS-provisioning results
even if the GO is not yet ready for WPS.

In addition, fix an issue where Provision Discovery exchange timeout
could have left offchannel TX operation in progress when the fallback
was used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

wpa_supplicant: Make Android makefiles available under the BSD license

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

nl80211: Use wait_time with AP mode driver SME for offchannel

When sending an offchannel frame (mainly, P2P Invitation Request), the
wait_time parameter was hardcoded to 0 for drivers that implement AP
mode SME. This is not correct and can cause problems for drivers that
support offloading of off-channel operations with driver/firmware based
AP SME.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

nl80211: Add more debug info on NL80211_CMD_FRAME uses

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Add option for Provision Discovery before GO Negotiation

This is a workaround for interoperability issues with some deployed P2P
implementations that require a Provision Discovery exchange to be used
before GO Negotiation. The new provdisc parameter for the p2p_connect
command can be used to request this behavior without having to run a
separate p2p_prov_disc command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

Add debug prints of scan result IEs

Excessive debug level can now be used to dump the IEs received in scan
results from both Beacon and Probe Response frames. This makes it easier
to debug issues where the driver (or well, more likely cfg80211) does
not update the IEs based on Beacon frames if even a single Probe
Response frame has been received.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

Fix BSSID enforcement with driver-based BSS selection

Previously, wpa_supplicant did not specify BSSID to any connection
request if the driver indicated that it will take care of BSS selection.
This is fine for most use cases, but can result to issues if the network
block has an explicit bssid parameter to select which BSS is to be used.
Fix this by setting BSSID and channel when the network block includes the
bssid parameter even if the driver indicates support for BSS selection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1

WPS: Fix BSSID filter handling

If WPS commands are used with a specific BSSID instead of wildcard,
the BSSID that was supposed to be used only for the provisioning step
may end up getting copied to the network block that gets provisioned
based on the WPS credentials. Fix this by clearing ssid->bssid_set
when creating the network block by replacing the block used for WPS
provisioning.

This issue could show up with the provisioned network not getting
selected properly with APs that have multiple radios. Depending on
the driver, this could result in only a single one of the available
BSSes being available or the connection failing completely.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1

Add ChangeLog entries from v1.0 release

Signed-hostap: Jouni Malinen <j@w1.fi>

Validate WEP key lengths based on driver capabilities

The nl80211 driver interface does not allow 128-bit WEP to be used
without a vendor specific cipher suite and no such suite is defined for
this purpose. Do not accept WEP key length 16 for nl80211 driver
interface forn ow. wext-interface can still try to use these for
backwards compatibility.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

wpa_supplicant: Fix overlapping memcpy on WPS interface addition

I think this should fix the following valgrind complaint:

==1972== Source and destination overlap in memcpy(0x5181708, 0x5181708, 16)
==1972==    at 0x4A073BA: memcpy (mc_replace_strmem.c:602)
==1972==    by 0x45872B: wpas_wps_set_uuid (wps_supplicant.c:1116)
==1972==    by 0x4599EC: wpas_wps_update_config (wps_supplicant.c:1747)
==1972==    by 0x4C8DB0: wpa_supplicant_update_config (wpa_supplicant.c:3090)
==1972==    by 0x4C3E5E: wpa_supplicant_reload_configuration (wpa_supplicant.c:746)
==1972==    by 0x4B8B37: wpa_supplicant_ctrl_iface_process (ctrl_iface.c:4082)
==1972==    by 0x4BA39C: wpa_supplicant_ctrl_iface_receive (ctrl_iface_unix.c:168)
==1972==    by 0x4114D4: eloop_sock_table_dispatch_table (eloop.c:335)
==1972==    by 0x411541: eloop_sock_table_dispatch (eloop.c:352)
==1972==    by 0x41200D: eloop_run (eloop.c:766)
==1972==    by 0x4C8B43: wpa_supplicant_run (wpa_supplicant.c:3010)
==1972==    by 0x4D44AD: main (main.c:286)

Signed-hostap: Ben Greear <greearb@candelatech.com>
intended-for: hostap-1

P2P: Deinitialize global P2P context on P2P mgmt interface removal

The P2P implementation assumes that the first wpa_s interface instance
is used to manage P2P operations and the P2P module maintains a pointer
to this interface in msg_ctx. This can result in issues (e.g., use of
freed memory) when the management interface is removed. Fix this by
deinitializing global P2P data if the interface that created it is
removed. This will disable P2P until the next interface is added.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1

HS 2.0: Add Hotspot 2.0 ANQP elements to Interworking queries

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

HS 2.0: Indicate Hotspot 2.0 in BSS table and status

If the AP indicates support for Hotspot 2.0, show this in the
ctrl_iface commands for BSS table and status.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

HS 2.0: Parse Hotspot 2.0 IE from IE list

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

HS 2.0: Add HS 2.0 Indication element into (Re)Association Request

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

HS 2.0: Add Hotspot 2.0 indication into Probe Request

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

HS 2.0: Add Hotspot 2.0 station ctrl_iface

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

HS 2.0: Add runtime configuration of Hotspot 2.0 station

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

HS 2.0: Add Hotspot 2.0 ANQP routines

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

HS 2.0: Define Hotspot 2.0 OUI types and subtype values

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

Remove scripts and notes related to the Windows binary package

There are no plans to continue making the Windows binary package for
wpa_supplicant for 1.x or newer releases, so remove the scripts and
notes that are related to this.

Signed-hostap: Jouni Malinen <j@w1.fi>

P2P: Reject PD Request for unknown group

If PD Request includes P2P Group ID, verify that the specified
group matches with a group we are currently operating. If no match
is found, reject the PD Request for join-a-group case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Store SSID of the group in p2p_group data

This can be used with P2P management operations that need to verify
whether the local device is operating a specific group based on
P2P Group ID attribute from a peer.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Allow older scan results to improve p2p_connect-auto robustness

Previusly the peer was assumed to not be operating a GO if the BSS entry
for it was not updated in the single scan run started by
p2p_connect-auto. This is not very robust since a scan may miss the peer
if either a Probe Request or Probe Response frame is lost. Improve
robustness by assuming the peer is still operating the GO and starting
the join operation. If the GO is not found during PD-for-join or the
single-channel scans during the join, fall back to GO Negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Do not use prov_disc_resp() callback for rejected PD

Commit 349b213cc8babdc0212938714104f7e28d34b335 added a separate
callback prov_disc_fail() for indicating PD failures, but it left the
Provision Discovery Response handler to call both callbacks in case the
peer rejected the PD. Commit f65a239ba4760cc6e8a169d21a4fcabed444a90b
added ctrl_iface event for PD failures. This combination can result in
two ctrl_iface events in the peer rejecting a PD case. Clean this up by
only indicating the failure event.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Wait 100 ms if driver fails to start listen operation

Some drivers may accept the remain-on-channel command, but instead of
indicating start event for remain-on-channel, just indicate that the
operation has been canceled immediately. This could result in continuous
loop of search/listen states with very limited time to do anything else
in wpa_supplicant if the scan command is also completed quickly (e.g.,
if the driver is unable to scan other channels than the current
operating channel).

As a workaround, do not start the next step (search) in P2P device
discovery if this type of rejection of listen operation is detected.
This gives some more time for wpa_supplicant to handle whatever else
may be needed at to be done at the same time and reduces the amount
of CPU used in a loop that does not really work correctly from the
view point of being discoverable.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1

Ignore network blocks that have invalid WEP key length

Do not try to associate with a network that has an invalid or incomplete
configuration because the association or at least data connection would
fail anyway. This commits adds a common function for checking whether a
network block is disabled to make it easier to check network blocks
without having to reject them during configuration file parsing (which
would prevent wpa_supplicant from starting). The only additional check
added in this commit is to verify the WEP key length. Similar checks for
other parameters can be added in future commits.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

Update copyright and license notification in D-Bus interace P2P files

This adds the copyright notice for Intel and moves to the license
notification that uses only the BSD license. The changes were
acknowledged by email ("Berg, Johannes" <johannes.berg@intel.com>,
Mon, 7 May 2012 07:33:53 +0000).

Signed-hostap: Jouni Malinen <j@w1.fi>

Add preliminary RADIUS dynamic authorization server (RFC 5176)

This adds the basic DAS mechanism to enable hostapd to be configured
to request dynamic authorization requests (Disconnect-Request and
CoA-Request). This commit does not add actual processing of the
requests, i.e., this will only receive and authenticate the requests
and NAK them regardless of what operation is requested.

Signed-hostap: Jouni Malinen <j@w1.fi>

hostapd: Allow addition of arbitrary RADIUS attributes

New configuration parameters radius_auth_req_attr and
radius_acct_req_attr can now be used to add (or override) RADIUS
attributes in Access-Request and Accounting-Request packets.

Signed-hostap: Jouni Malinen <j@w1.fi>

hostapd: Add optional Chargeable-User-Identity request (RFC 4372)

radius_request_cui=1 configuration parameter can now be used to
configure hostapd to request CUI from the RADIUS server by including
Chargeable-User-Identity attribute into Access-Request packets.

Signed-hostap: Jouni Malinen <j@w1.fi>

hostapd: Copy Chargeable-User-Identity into accounting (RFC 4372)

If Access-Accept packet includes the Chargeable-User-Identity attribute,
copy this attribute as-is into accounting messages.

Signed-hostap: Jouni Malinen <j@w1.fi>

Add more documentation for IEEE 802.11w/PMF configuration

Signed-hostap: Jouni Malinen <j@w1.fi>

Fix SIM/USIM determination to support EAP-AKA'

Both EAP-AKA and EAP-AKA' use USIM. Without this change, use of real
USIM card for EAP-AKA' was not allowed to proceed, i.e., only the
software simulated USIM operations were supported.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1

hlr_auc_gw: Use 5 bit IND for SQN updates

Change the SQN generation mechanism to use not time-based Profile 2
as described in 3GPP TS 33.102 Annex C.3.2. The previous implementation
used void IND (i.e.., all of SQN was SEQ1). The new default uses 5 bits
of SQN as IND. The length of IND can be configured on the command line
with the new -i<IND len in bits> parameter. -i0 would make hlr_auc_gw
behave in the same way as the previous implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>

hlr_auc_gw: Add support for updating Milenage file SQN

If the new command line argument -u is used, hlr_auc_gw will update
the Milenage file SQN numbers when exiting based on what was the last
SQN used during the process runtime.

Signed-hostap: Jouni Malinen <j@w1.fi>

hlr_auc_gw: Fix CONFIG_WPA_TRACE=y build

Need to initialize tracing code and use correct free() wrapper.

Signed-hostap: Jouni Malinen <j@w1.fi>

P2P: Add P2P information for Doxygen docs

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WNM: Define IEEE 802.11v WNM-Sleep elements

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

Allow pbc_in_m1 workaround to be enabled in wpa_supplicant AP mode

This workaround for Windows 7 WPS probing mechanism was previously
allowed only with hostapd, but the same interoperability issue can
happen with wpa_supplicant AP/GO mode. Allow the workaround to be
enabled in wpa_supplicant configuration for these uses.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Clone max_sta_num parameter for group interfaces

This is needed to allow the max_sta_num parameter set in the main
configuration file to apply to dynamically created P2P group
interfaces.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1

Scan only 2.4 GHz band for OBSS scans

Since we are reporting 20/40 BSS coex information only for 2.4 GHz band,
there is no need to run the full scan on dualband cards.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

Add handling of OBSS scan requests and 20/40 BSS coex reports

Add support for HT STA to report 40 MHz intolerance to the associated AP.
A HT station generates a report (20/40 BSS coexistence) of channel list
if it finds a non-HT capable AP or a HT AP which prohibits 40 MHz
transmission (i.e., 40 MHz intolerant bit is set in HT capabilities IE)
from the scan results.

Parse the OBSS scan parameter from Beacon or Probe Response frames and
schedule periodic scan to generate 20/40 coexistence channel report if
requested to do so. This patch decodes Scan Interval alone from the OBSS
Scan Parameters element and triggers scan on timeout.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

Define 20/40 BSS Coexistence elements

This patch defines 20/40 BSS Intolerant Channel Report element
(IEEE 802.11-2012 8.4.2.60) and 20/40 BSS Coexistence element
(IEEE 802.11-2012 8.4.2.62).

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

EAP-AKA': Update to RFC 5448

There was a technical change between the last IETF draft version
(draft-arkko-eap-aka-kdf-10) and RFC 5448 in the leading characters
used in the username (i.e., use unique characters for EAP-AKA' instead
of reusing the EAP-AKA ones). This commit updates EAP-AKA' server and
peer implementations to use the leading characters based on the final
RFC.

Note: This will make EAP-AKA' not interoperate between the earlier
draft version and the new version.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1

EAP-AKA' server: Fix identity for MK derivation

Incorrect identity string could end up being used with EAP-AKA' when
the EAP client is using pseudonym. This code was supposed to use
sm->identity just like the EAP-AKA case.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1

P2P: Fix Device ID matching for Probe Request frames

The misplaced parenthesis caused Device ID matching to check only the
first octet of the P2P Device Address, i.e., we could have replied to
Probe Request frames that was searching for another device if any of
the last five octets of the address were different.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1

Remove unused variable if CONFIG_P2P=y is not used

Signed-hostap: Jouni Malinen <j@w1.fi>

Remove unused variable

Signed-hostap: Jouni Malinen <j@w1.fi>

Fix compiler warning on printf format with size_t

Signed-hostap: Jouni Malinen <j@w1.fi>

Fix D-Bus build without ctrl_iface

Commit 7de5688d682d4a96a4ce1f7959428a0112d4b75f started using
wpa_supplicant_ctrl_iface_ctrl_rsp_handle() from the D-Bus code, but
left this function in ctrl_iface.c that is included conditionally. Fix
this by moving the common function into wpa_supplicant.c so that it can
be included for builds that include only either ctrl_iface or D-Bus.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1