Masashi Honma [Sat, 11 Aug 2012 14:46:58 +0000 (17:46 +0300)]
Do not proceed with association if get_bssid() returns failure
This is the normal flow for association:
wpa_supplicant <--(EVENT_ASSOC event )-- device driver
wpa_supplicant --( get_bssid() )--> device driver
wpa_supplicant <--( return BSSID )-- device driver
However, a device driver could return EINVAL for get_bssid() because it
recognizes it has already been disconnected. When the wpa_supplicant
received EINVAL, the bssid field could be used uninitialized in the
following flow:
wpa_supplicant <--(EVENT_ASSOC event )-- device driver
device driver (receive deauth)
wpa_supplicant --( get_bssid() )--> device driver
wpa_supplicant <--( return EINVAL )-- device driver
Prevent this by requiring the get_bssid() call to succeed when
processing association events.
Arik Nemtsov [Sat, 11 Aug 2012 14:08:54 +0000 (17:08 +0300)]
SME: Correctly check mode HT caps for enabling OBSS scan
Don't assume the 11g mode is always first in the list of mode (sometimes
it isn't). Traverse the array of modes and check the HT40 capability is
turned on for 11g.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Jouni Malinen [Sat, 11 Aug 2012 09:41:31 +0000 (12:41 +0300)]
P2P: Move group removal reason to a function parameter
wpa_s->removal_reason was set only when calling wpas_p2p_group_delete()
and while couple of call places did not set this, it should really be
set in each case. As such, it works better as a function parameter than
a variable in struct wpa_supplicant.
Signed-hostap: Jouni Malinen <j@w1.fi>
Michael Naumov [Sat, 11 Aug 2012 09:06:23 +0000 (12:06 +0300)]
P2P: p2p_group_remove should fail on non-P2P interface
p2p_group_remove should only attempt to remove P2P group
interfaces and fail on non-P2P group interfaces.
Signed-hostap: Michael Naumov <michael.naumov@intel.com>
Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
Christian Lamparter [Sat, 11 Aug 2012 07:53:03 +0000 (10:53 +0300)]
AP: Fix erroneous "station tried TKIP" error
The commit
b5fd8b18335f2a7784a1f0a5eb5dbe45976d9e21
"VHT: Do not allow use of TKIP with VHT" introduced
an off-by-one regression: a WPA/RSN 11n AP would no
longer accept stations to connect, instead it would
produce a bogus error message:
... Station tried to use TKIP with HT association.
Signed-hostapd: Christian Lamparter <chunkeey@googlemail.com>
Mahesh Palivela [Fri, 10 Aug 2012 16:54:54 +0000 (19:54 +0300)]
VHT: Add configuration of operating center frequency
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
Mahesh Palivela [Fri, 10 Aug 2012 16:53:24 +0000 (19:53 +0300)]
VHT: Add option for requiring use of VHT
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
Mahesh Palivela [Fri, 10 Aug 2012 16:51:17 +0000 (19:51 +0300)]
VHT: Add VHT elements into (Re)Association Response
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
Mahesh Palivela [Fri, 10 Aug 2012 16:50:37 +0000 (19:50 +0300)]
VHT: Do not allow use of TKIP with VHT
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
Mahesh Palivela [Fri, 10 Aug 2012 16:49:18 +0000 (19:49 +0300)]
VHT: Store VHT capabilities and manage VHT flag for STAs
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
Mahesh Palivela [Fri, 10 Aug 2012 16:44:16 +0000 (19:44 +0300)]
VHT: Document vht_oper_chwidth and fix indentation
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
Mahesh Palivela [Fri, 10 Aug 2012 16:39:43 +0000 (19:39 +0300)]
VHT: Include VHT capabilities and operation elements in parsing
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
Jouni Malinen [Fri, 10 Aug 2012 16:32:15 +0000 (19:32 +0300)]
Replace non-ASCII characters with ASCII characters
There is no point to use non-ASCII characters in this file when
perfectly fine ASCII characters are available..
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 10 Aug 2012 15:05:03 +0000 (18:05 +0300)]
PMKSA: Set cur_pmksa pointer during initial association
cur_pmksa was left to NULL during the initial association. This can
result in unexpected behavior, e.g., in expiring PMKSA cache entries
since the current entry is not locked in that case. Fix this by updated
cur_pmksa when adding the initial PMKSA entry during msg 1/4 processing.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
Dan Williams [Fri, 10 Aug 2012 14:55:17 +0000 (17:55 +0300)]
PMKSA: Do not evict active cache entry when adding new ones
If the PMKSA cache is full (i.e., 32 candidates have been seen in scan
results and have not yet expired) then any additional entries can
potentially evict the current/active entry (if it is the oldest entry),
which triggers a pointless local deauthentication. The supplicant
shouldn't replace the current/active entry if it is still valid, but
instead the oldest entry that is *not* the current/active one.
Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
Michael Braun [Fri, 10 Aug 2012 13:48:35 +0000 (16:48 +0300)]
Fix WPA GTK rekeying with multiple VLANs
When using multiple VLANs, GKeyDoneStations counter is not updated
properly since wpa_auth_for_each_sta() call in wpa_group_setkeys() ends
up iterating through all STAs and not just the STAs of a specific
wpa_group (VLAN). Consequently, GTK rekeying gets initialized multiple
times if more than a single group state machine exists. Fix this by
iterating only through the STAs in the specific wpa_group.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
intended-for: hostap-1
Eyal Shapira [Fri, 10 Aug 2012 13:28:38 +0000 (16:28 +0300)]
Add p2p_go_max_inactivity config option
This enables setting a different max inactivity timeout for P2P GO.
This timeout is used to detect inactive clients. In some scenarios
it may be useful to have control over this and set a shorter timeout
than the default 300s. For example when running STA and P2P GO interfaces
concurrently, the STA interface may perform scans which may cause the
GO to miss a disassoc / deauth frames from a client and keep assuming
that the client is connected until the inactivity detection kicks in.
300 secs is a bit too long for such scenarios and creates a bad user
experience.
Signed-hostap: Eyal Shapira <eyal@wizery.com>
Michael Braun [Fri, 10 Aug 2012 09:55:33 +0000 (12:55 +0300)]
Add option to use netlink to create and remove VLAN interfaces
CONFIG_VLAN_NETLINK=y build option can now be used to replace the
ioctl()-based interface for creating and removing VLAN interfaces
with netlink-based interface.
Signed-hostap: M. Braun <michael-dev@fami-braun.de>
Michael Braun [Fri, 10 Aug 2012 09:38:17 +0000 (12:38 +0300)]
Add hostapd configuration option to set VLAN naming scheme
Signed-hostap: M. Braun <michael-dev@fami-braun.de>
Jouni Malinen [Fri, 10 Aug 2012 08:48:57 +0000 (11:48 +0300)]
nl80211: Fix re-enabling of 802.11b rates after P2P use
Commit
a11241fa114923b47892ad3279966839e9c2741d removed the 802.11b rate
enabling/disabling code from wpa_driver_nl80211_set_mode() and while
doing that, removed the only place where drv->disabled_11b_rates was
set. Fix this by updating the flag in nl80211_disable_11b_rates(). In
addition, re-enable the 802.11b rates when changing to non-P2P mode.
Signed-hostap: Jouni Malinen <j@w1.fi>
Rajkumar Manoharan [Fri, 10 Aug 2012 08:35:33 +0000 (11:35 +0300)]
nl80211: Disable 11b rates on configuring P2P interface
Right now 11b rates are masked out while creating a P2P interface,
but this is always failing as the interface is down. Most drivers
allow to configure rates only when the interface is UP and running.
So let us disable 11b rates when interface type is changed into a
P2P type and it is UP and running.
Signed-hostap: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Jouni Malinen [Fri, 10 Aug 2012 08:21:16 +0000 (11:21 +0300)]
Sync with linux/nl80211.h in wireless-testing.git
Signed-hostap: Jouni Malinen <j@w1.fi>
Dmitry Shmidt [Tue, 28 Feb 2012 19:21:32 +0000 (11:21 -0800)]
Android: Enable CONFIG_IEEE80211N option for hostapd
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jouni Malinen [Thu, 9 Aug 2012 15:45:39 +0000 (18:45 +0300)]
nl80211: Add nla_put_u32() wrapper for Android
The system/core/libnl_2 re-implementation in AOSP does not include
nla_put_u32().
Signed-hostap: Jouni Malinen <j@w1.fi>
Paul Stewart [Thu, 9 Aug 2012 10:54:36 +0000 (13:54 +0300)]
wpa_supplicant: Add DBus "Reassociate" command
Create a DBus command to reassociate, similar to the
ctrl-interface "reassociate" command.
Signed-hostap: Paul Stewart <pstew@chromium.org>
Jouni Malinen [Tue, 7 Aug 2012 20:03:25 +0000 (23:03 +0300)]
Add extra validation of EAP header length field
These validation steps are already done in the EAP parsing code and in
the EAP methods, but the additional check is defensive programming and
can make the validation of received EAP messages more easier to
understand.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 18:59:15 +0000 (21:59 +0300)]
Add explicit EAPOL-Key length validation in processKey()
These checks would not really be needed since eapol_sm_rx_eapol()
validates the length fields. Anyway, these makes it more obvious to
anyone reviewing the code that there are no integer underflow issues in
processKey().
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 18:27:01 +0000 (21:27 +0300)]
Share a single definition of EAPOL-Key structure for WEP keys
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 18:11:04 +0000 (21:11 +0300)]
RADIUS: Add explicit attribute length validation checks in functions
These checks would not really be needed since radius_msg_parse()
validates the attribute header fields. Anyway, these makes it more
obvious to anyone reviewing the code that there are no integer underflow
issues in the functions processing RADIUS attributes.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 17:54:08 +0000 (20:54 +0300)]
Add sparse endianness annotation for RADIUS header
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 17:49:23 +0000 (20:49 +0300)]
Fix byte order of VHT Basic MCS set for big endian hosts
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 16:13:15 +0000 (19:13 +0300)]
Use shared function for adding common RADIUS attributes
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 15:14:42 +0000 (18:14 +0300)]
Return wpabuf from radius_msg_get_eap()
This simplifies the implementation by using the buffer type to which the
returned data will be converted anyway. This avoids one memory
allocation for each processed RADIUS message.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 14:48:52 +0000 (17:48 +0300)]
nl80211: Share common function for scan parameters
trigger_scan and start_sched_scan can share code for building the
common attributes.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 14:27:55 +0000 (17:27 +0300)]
nl80211: Check nla_put_nested() return value and handle errors
Couple of functions did not verify that nla_put_nested() succeeded. Fix
these by checking the return value and handling error cases cleanly.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 14:11:08 +0000 (17:11 +0300)]
nl80211: Fix netlink error paths in sched_scan() handler
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 13:27:40 +0000 (16:27 +0300)]
hostapd: Add alternative format for configuring SSID
The new ssid2 parameter can be used as an alternative mechanism for
configuring SSID for hostapd. It uses the same formats that
wpa_supplicant uses in the configuration file for strings.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 13:13:51 +0000 (16:13 +0300)]
Make wpa_config_parse_string() a shared function
This will be used in future hostapd configuration parser changes.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 13:07:25 +0000 (16:07 +0300)]
Convert remaining SSID routines from char* to u8*
This makes it more explicit that the SSID is not a null terminated
C string.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 12:46:26 +0000 (15:46 +0300)]
GAS server: Add forgotten break statement to a switch case
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 10:50:39 +0000 (13:50 +0300)]
Add support for using printf-escaped strings in configuration
P"<escaped string>" can now be used as an alternative method for
specifying non-ASCII strings (including control characters). For
example, ssid=P"abc\x00test".
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 10:32:57 +0000 (13:32 +0300)]
Use printf escaping in SSID-to-printable-string conversion
Instead of masking out non-ASCII characters with underscores, espace the
SSID data using rules compatible with printf.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Aug 2012 10:30:13 +0000 (13:30 +0300)]
Add routines for encoding/decoding printf escaping mechanism
This can be used to build ASCII strings from binary data that is
more likely to use ASCII (i.e., text format is more natural
option than hexdump, but there is possibility of some non-ASCII
characters).
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Aug 2012 19:27:52 +0000 (22:27 +0300)]
wpa_cli: Handle wpa_supplicant termination more cleanly
Process CTRL-EVENT-TERMINATING in wpa_cli interactive mode and close
ctrl_iface connection without trying to detach the monitor interface
when this happens. This avoids a timeout on the DETACH command. In
addition, print out connection lost/re-established messages without
overriding the edit line.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Aug 2012 19:04:22 +0000 (22:04 +0300)]
wpa_cli: Go through ifname determination on connection retries
This is needed to allow the default behavior (pick first interface) to
be used in cases where wpa_supplicant is not available when wpa_cli is
started in interactive mode.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Aug 2012 18:54:56 +0000 (21:54 +0300)]
wpa_cli: Fix an issue in the cleanup of udp-remote commits
wpa_ctrl_get_remote_ifname() is defined only for UDP ctrl_iface socket,
so this call needs to be made conditional on build parameters.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Aug 2012 18:47:18 +0000 (21:47 +0300)]
wpa_cli: Use eloop during connection attempts in interactive mode
This changes the call flow to allow full eloop operations to be used
while waiting for wpa_cli to establish a connection to wpa_supplicant in
the beginning of an interactive session. This allows the cleanup steps
to be more consistent and avoid debugging issues due to unfreed memory
or other resources if wpa_cli is killed with Ctrl-c.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Aug 2012 18:45:43 +0000 (21:45 +0300)]
edit: Clear edit line on deinit when using readline
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Aug 2012 17:58:44 +0000 (20:58 +0300)]
wpa_cli: Fix resource leak on attach failures in interactive mode
When starting interactive mode, wpa_cli is trying to attach the
monitor connection. If that fails, the operation is retried, but
this was done without freeing all the resources that could have
been allocated (mainly, the command connection).
Signed-hostap: Jouni Malinen <j@w1.fi>
Janusz Dziedzic [Sun, 5 Aug 2012 17:50:17 +0000 (20:50 +0300)]
wpa_cli: Print nice prompt when using remote UDP
When CONFIG_CTRL_IFACE=udp-remote is used, print user frendly PS in
wpa_cli. E.g.,
localhost/wlan0>
192.168.1.1/p2p-wlan-0-0>
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Jouni Malinen [Sun, 5 Aug 2012 17:48:54 +0000 (20:48 +0300)]
edit: Add support for prompt string with readline
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Aug 2012 17:48:25 +0000 (20:48 +0300)]
edit: Add support for prompt string with internal line edit
Signed-hostap: Jouni Malinen <j@w1.fi>
Janusz Dziedzic [Sun, 5 Aug 2012 17:46:34 +0000 (20:46 +0300)]
edit: Add support for setting prompt string
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Sun, 5 Aug 2012 17:12:16 +0000 (20:12 +0300)]
wpa_cli: Add IFNAME command
This command will return wpa_s->ifname that can be used for a nice
prompt in wpa_cli.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Sun, 5 Aug 2012 17:09:22 +0000 (20:09 +0300)]
wpa_cli: Add support for remote access
wpa_cli can be used now as a client for remote access to ctrl_interface
of wpa_supplicant when UDP and remote options are used.
You can simply run:
wpa_cli -i <hostname>:[port]
wpa_cli -i <IP>:[port]
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Sun, 5 Aug 2012 17:01:07 +0000 (20:01 +0300)]
wpa_supplicant: Add optional remote access for ctrl_iface
Add new option for ctrl iface: CONFIG_CTRL_IFACE=udp-remote. This
enables remote access to control interface via UDP port(s). This should
be used for testing purpose only since there is no authentication or
access control on the commands.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Baruch Siach [Sun, 5 Aug 2012 16:40:49 +0000 (19:40 +0300)]
accounting: Staticise accounting_sta_interim
This routine is not used anywhere else.
Signed-hostap: Baruch Siach <baruch@tkos.co.il>
Fernando Herrera [Sat, 4 Aug 2012 21:43:19 +0000 (00:43 +0300)]
D-Bus: Fix wpas_dbus_getter_bss_expire_count
bss_expire_count getter was getting a wrong value. Fix it to return
bss_expiration_scan_count.
intended-for: hostap-1
Jouni Malinen [Sat, 4 Aug 2012 21:38:08 +0000 (00:38 +0300)]
OpenSSL: Remove trailing whitespace from lines
Signed-hostap: Jouni Malinen <j@w1.fi>
Christopher Wiley [Sat, 4 Aug 2012 21:36:08 +0000 (00:36 +0300)]
OpenSSL: Fix ca_cert_verify for TPM
This bit is set in the code path that handles keys and certs from places
other than OpenSSL authentication engines. Setting this bit causes
authentication to fail when the server provides certificates that don't
match the client certificate authority.
Michael Naumov [Sat, 4 Aug 2012 21:26:36 +0000 (00:26 +0300)]
D-Bus: Remove network_object dictionary entry from signal GroupStarted
The network_object path should be returned by the NetworkAdded signal
and not by the GroupStarted Signal. Starting a Group does not
necessarily validate the network object.
Signed-hostap: Michael Naumov <michael.naumov@intel.com>
Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
intended-for: hostap-1
Michael Naumov [Sat, 4 Aug 2012 21:24:40 +0000 (00:24 +0300)]
P2P: Add D-Bus python script to perform Disconnect
D-Bus script using python glib is added to perform Disconnect on an
interface.
Signed-hostap: Michael Naumov <michael.naumov@intel.com>
Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
Michael Naumov [Sat, 4 Aug 2012 21:20:48 +0000 (00:20 +0300)]
P2P: Add D-Bus python script to perform p2p_invite
D-Bus script using python glib is added to perform p2p_invite on a group
interface to invite a peer.
Signed-hostap: Michael Naumov <michael.naumov@intel.com>
Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
Dmitry Shmidt [Sat, 4 Aug 2012 18:17:04 +0000 (21:17 +0300)]
Add 'get_capability channels' command for ctrl_iface
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Michael Braun [Sat, 4 Aug 2012 17:55:47 +0000 (20:55 +0300)]
Fix endless loop in PSK fetching with PSK-from-RADIUS
Commit
05ab9712b9977192b713f01f07c3b14ca4d1ba78 added support for
fetching WPA PSK from an external RADIUS server and changed
hostapd_wpa_auth_get_psk() to always return the RADIUS supplied PSK (if
set) and ignore the prev_psk parameter for iteration. Fix this by
appending the RADIUS supplied PSK to the list iterated by
hostapd_get_psk and thus returning NULL when prev_psk == sta->psk
(RADIUS).
Signed-hostap: M. Braun <michael-dev@fami-braun.de>
Ben Greear [Sat, 4 Aug 2012 17:41:35 +0000 (20:41 +0300)]
Better logging for ioctl set flags failure
Let user know if the call failed setting interface up vs. down.
Signed-hostap: Ben Greear <greearb@candelatech.com>
Ben Greear [Sat, 4 Aug 2012 17:38:50 +0000 (20:38 +0300)]
Add some debug info for config file error cases
It didn't always spit out useful stuff when reading config failed.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Ben Greear [Sat, 4 Aug 2012 17:34:27 +0000 (20:34 +0300)]
Make UNIX socket non-blocking for ctrl_iface
This keeps wpa_cli from hanging forever if the other end of the socket
dies.
Signed-hostap: Ben Greear <greearb@candelatech.com>
jim1_lin [Sat, 4 Aug 2012 17:14:59 +0000 (20:14 +0300)]
WPS: Update dev.config_methods in wps_update_config
dev.config_methods was not updated when wps_update_config was called.
This could lead to mismatching config methods between Probe Request and
M1 packets. Add missing part for it.
Paul Stewart [Sat, 4 Aug 2012 17:10:08 +0000 (20:10 +0300)]
Fix a couple memory leaks
Found using valgrind.
Signed-hostap: Paul Stewart <pstew@chromium.org>
Jouni Malinen [Fri, 3 Aug 2012 19:12:55 +0000 (22:12 +0300)]
EXT PW: Allow Interwork cred block to use external storage for password
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 3 Aug 2012 18:47:31 +0000 (21:47 +0300)]
EXT PW: Add support for password parameter from external storage
This allows the password parameter for EAP methods to be fetched
from an external storage.
Following example can be used for developer testing:
ext_password_backend=test:pw1=password|pw2=testing
network={
key_mgmt=WPA-EAP
eap=TTLS
identity="user"
password=ext:pw1
ca_cert="ca.pem"
phase2="auth=PAP"
}
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 3 Aug 2012 18:36:38 +0000 (21:36 +0300)]
EXT PW: Add support for psk parameter from external storage
This allows wpa_supplicant configuration file to be created without
the PSK/passphrase value included in the file when a backend for
external password storage is available.
Following example can be used for developer testing:
ext_password_backend=test:psk1=
12345678
network={
ssid="test-psk"
key_mgmt=WPA-PSK
psk=ext:psk1
}
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 3 Aug 2012 18:28:42 +0000 (21:28 +0300)]
EXT PW: Add framework for supporting external password storage
This new mechanism can be used to make wpa_supplicant using external
storage (e.g., key store in the operating system) for passwords,
passphrases, and PSKs. This commit is only adding the framework part
needed to support this, i.e., no actual configuration parameter can
yet use this new mechanism. In addition, only a simple test backend
is added to allow developer testing of the functionality.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 3 Aug 2012 17:56:18 +0000 (20:56 +0300)]
Move PSK/passphrase configuration check into use time from parsing
Instead of rejecting network blocks without PSK/passphrase at the time
the configuration file is read, allow such configuration to be loaded
and only behave as if the network block with missing PSK/passphrase is
disabled.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 3 Aug 2012 19:13:32 +0000 (22:13 +0300)]
Interworking: Set key_mgmt parameter for the temporary network block
Previously, this was left to the default (WPA-EAP WPA-PSK) value which
could potentially result in unexpected behavior if an AP were to enable
both WPA2-Enterprise and WPA2-Personal in the same BSS. While this is
not really that likely for APs supporting Interworking, it is good to
get the PSK option removed to avoid any issues with missing
passphrase/PSK configuration parameter.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 2 Aug 2012 15:48:31 +0000 (18:48 +0300)]
Interworking: Add support for using Roaming Consortium OI for matching
Each cred block can now be matched based on Roaming Consortium OI as an
alternative mechanism to using NAI Realm information. This may be
optimized for efficiency in the future since Roaming Consortium
information is available in scan results without having to go through
ANQP queries. In addition, this is easier to support in case there is a
large number of realms that can be used for authentication.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 2 Aug 2012 15:40:45 +0000 (18:40 +0300)]
Interworking: Allow pre-configuration of EAP parameters
The new cred block parameters eap, phase1, and phase2 can be used to
select which EAP method is used with network selection instead of using
the value specified in ANQP information (e.g., NAI Realm).
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 2 Aug 2012 15:35:18 +0000 (18:35 +0300)]
Interworking: Move EAP parameter setting into a separate function
This makes it easier to share the common code with other credential
matching cases in the future.
Signed-hostap: Jouni Malinen <j@w1.fi>
Xi Chen [Sun, 26 Feb 2012 15:28:42 +0000 (17:28 +0200)]
atheros: Implement WNM-Sleep Mode driver operations
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Xi Chen [Sun, 26 Feb 2012 15:27:19 +0000 (17:27 +0200)]
WNM: Add WNM-Sleep Mode for station mode
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Xi Chen [Sun, 26 Feb 2012 15:25:55 +0000 (17:25 +0200)]
WNM: Add WNM-Sleep Mode implementation for AP
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Xi Chen [Sun, 26 Feb 2012 15:22:02 +0000 (17:22 +0200)]
WNM: Add placeholders for WNM driver commands and events
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jay Katabathuni [Mon, 24 Oct 2011 21:34:52 +0000 (00:34 +0300)]
atheros: Add HS 2.0 Action frame TX/RX support
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 1 Aug 2012 10:14:09 +0000 (13:14 +0300)]
Fix compiler warning with wpa_supplicant AP builds without 802.11r
Signed-hostap: Jouni Malinen <j@w1.fi>
Jay Katabathuni [Thu, 8 Sep 2011 17:52:23 +0000 (20:52 +0300)]
atheros: Add support for Action frame TX/RX
This allows hostapd to send and receive various Action frames.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Mahesh Palivela [Mon, 22 Aug 2011 21:35:26 +0000 (14:35 -0700)]
Add support for using SA Query with drivers that implement MLME
This allows the SA Query mechanism in hostapd to be used with drivers
that implement authentication and association MLME/SME.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Shan Palanisamy [Mon, 25 Oct 2010 11:30:04 +0000 (14:30 +0300)]
FT: Add FT AP support for drivers that manage MLME internally
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 1 Aug 2012 07:34:35 +0000 (10:34 +0300)]
Add new drv_flag for indicating user space AP MLME
This makes it easier for hostapd to determine at runtime which
operations to use.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jay Katabathuni [Mon, 30 Jul 2012 19:01:08 +0000 (22:01 +0300)]
HS 2.0: Add HS Capability element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jay Katabathuni [Mon, 30 Jul 2012 18:55:46 +0000 (21:55 +0300)]
Interworking: Add Domain Name element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jay Katabathuni [Mon, 30 Jul 2012 18:51:19 +0000 (21:51 +0300)]
Interworking: Add IP Address Type Availability element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jay Katabathuni [Mon, 30 Jul 2012 18:45:31 +0000 (21:45 +0300)]
Interworking: Add Network Auth Type element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 18 Oct 2011 09:38:32 +0000 (12:38 +0300)]
HS 2.0: Add mechanism for disabling DGAF
disable_dgaf=1 in hostapd.conf can now be used to disable downstream
group-addressed forwarding (DGAF). In this configuration, a unique
GTK (and IGTK) is provided to each STA in the BSS to make sure the
keys do not match and no STA can forge group-addressed frames.
An additional mechanism in the AP needs to be provided to handle some
group-addressed frames, e.g., by converting DHCP packets to unicast
IEEE 802.11 frames regardless of their destination IP address and by
providing Proxy ARP functionality.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jay Katabathuni [Thu, 8 Sep 2011 17:52:23 +0000 (20:52 +0300)]
HS 2.0: Add Hotspot 2.0 Indication for AP
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jay Katabathuni [Thu, 8 Sep 2011 17:52:23 +0000 (20:52 +0300)]
HS 2.0: Add configuration for Hotspot 2.0 AP support
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 30 Jul 2012 14:55:41 +0000 (17:55 +0300)]
Fix a typo in a comment
Signed-hostap: Jouni Malinen <j@w1.fi>
Thomas Pedersen [Wed, 25 Jul 2012 13:56:43 +0000 (16:56 +0300)]
nl80211: Support setting sched scan RSSI threshold
Allow the user to configure an RSSI threshold in dBm below which the
nl80211 driver won't report scan results. Currently only supported
during scheduled (PNO) scans.
Signed-off-by: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 25 Jul 2012 13:18:12 +0000 (16:18 +0300)]
P2P: Leave forced BSSID parameter for P2P group
P2P group is only going to use a single GO, so we can leave the fixed
BSSID parameter set for the actual data connection in addition to the
initial WPS provisionign step. This can speed up operations with drivers
that select BSS internally by allowing them to skip an extra scan when
the BSSID and frequency of the GO is already known.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 23 Jul 2012 18:59:01 +0000 (21:59 +0300)]
P2P: Fix provision discovery retries during p2p_find
Commit
6b56cc2d97fe9efd1feea8d418714b4658b056f1 added retries of
provision discovery request frames in IDLE state. However, it did not
make the p2p_find case behave consistently with the new limitied retry
behavior. This can result in way too many and frequent PD retries. Fix
this by extending the previous commit to address PD retries and maximum
retry limit consistently regardless of whether p2p_find is running.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1