Jouni Malinen [Tue, 25 Feb 2014 20:37:57 +0000 (22:37 +0200)]
Interworking: Prefer last added network during network selection
Previously, any network block could be used to select the BSS to connect
to when processing scan results after Interworking network selection.
This can result in somewhat unexpected network selection in cases where
credential preferences indicated that a specific network was selected,
but another network ended up getting used for the connection. While the
older networks continue to be valid, add special processing for this
initial post-interworking-connect case to get more consistent network
selection to match with the Interworking network selection result.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 25 Feb 2014 18:04:16 +0000 (20:04 +0200)]
tests: Add module tests for blacklist to complete coverage
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 25 Feb 2014 17:29:05 +0000 (19:29 +0200)]
P2P: Remove unnecessary ifdef CONFIG_NO_CONFIG_WRITE
wpa_config_write() is defined as a dummy function even if actual
operation to write the configuration file are commented out from the
build. This cleans up the code a bit and removed a compiler warning on
set-only variable.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Purushottam Kushwaha [Tue, 25 Feb 2014 13:55:53 +0000 (15:55 +0200)]
Fix documentation for wpa_supplicant_global_ctrl_iface_process()
This fixes a copy-paste error in the function name in
wpa_supplicant_global_ctrl_iface_process() documentation.
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Luciano Coelho [Mon, 10 Feb 2014 15:06:19 +0000 (17:06 +0200)]
hwsim tests: Add support for the chanctx flag when creating radios
Add a new option to set the use_chanctx flag when creating a radio.
While at it, refactor the arguments parsing code to use argparse.
Signed-hostap: Luciano Coelho <luciano.coelho@intel.com>
Jouni Malinen [Tue, 25 Feb 2014 14:47:22 +0000 (16:47 +0200)]
DFS: Fix coding style (missing whitespace)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Janusz Dziedzic [Sat, 15 Feb 2014 18:37:22 +0000 (19:37 +0100)]
DFS: Add VHT160 available channels
Add VHT160 available channels we can choose from when having detected a
radar event.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Sat, 15 Feb 2014 18:37:21 +0000 (19:37 +0100)]
hostapd: DFS allow mixed channels
Allow mixed DFS and non-DFS channels, e.g., VHT160 on channels 36-64.
This is useful for testing VHT160 with mac80211_hwsim.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Mon, 24 Feb 2014 12:22:16 +0000 (13:22 +0100)]
wpa_supplicant: Add support for IPv6 with UDP ctrl_iface
Add IPv6 support when using udp/udp-remote control interface using the
following new build configuration options:
CONFIG_CTRL_IFACE=udp6
CONFIG_CTRL_IFACE=udp6-remote
This is useful for testing, while we don't need to assign IPv4 address
(static or using DHCP) and can just use auto configured IPv6 addresses
(link local, which is based on the MAC address). Also add scope id
support for link local case.
For example,
./wpa_cli
./wpa_cli -i ::1,9877
./wpa_cli -i fe80::203:7fff:fe05:69%wlan0,9877
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Emanuel Taube [Tue, 18 Feb 2014 10:36:35 +0000 (11:36 +0100)]
hostapd: Deauthenticate clients forbidden by maclist changes
After adding or removing a MAC address from a list, the
corresponding station was not deauthenticated as expected.
Signed-off-by: Emanuel Taube <emanuel.taube@gmail.com>
Emanuel Taube [Tue, 25 Feb 2014 09:59:44 +0000 (10:59 +0100)]
hostapd: Make it possible to remove addresses from maclists
It is already possible to add MAC addresses at runtime. This patch
allows also to remove some of them by using the prefix "-" in the
address file.
Signed-off-by: Emanuel Taube <emanuel.taube@gmail.com>
Emanuel Taube [Tue, 25 Feb 2014 09:59:44 +0000 (10:59 +0100)]
Add os_remove_in_array()
This can be used to remove members from an array.
Signed-off-by: Emanuel Taube <emanuel.taube@gmail.com>
Jouni Malinen [Tue, 25 Feb 2014 11:52:26 +0000 (13:52 +0200)]
Force OFDM/HT/VHT to be disabled on channel 14
The regulatory rules in Japan do not allow OFDM to be used on channel
14. While this was to some extend assumed to be enforced by drivers
(many of which apparently don't), it is safer to make hostapd enforce
this by disabling any OFDM-related functionality. This tries to avoid
backwards compatibility issues by downgrading the mode rather than
rejecting the invalid configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 25 Feb 2014 11:34:20 +0000 (13:34 +0200)]
nl80211: Show regulatory rule flags in debug output
These can be useful in understanding why some channels are disabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Chaitanya T K [Fri, 21 Feb 2014 13:42:18 +0000 (14:42 +0100)]
hostapd: Configure spectrum management capability
Add configuration of Spectrum Management subfield in the Capability
Information of Beacon, Probe Response, and Association Response frames.
Spectrum Management bit is set when directly requested by new
configuration option spectrum_mgmt_required=1 or when AP is running on
DFS channels. In the future, also TPC shall require this bit to be set.
Signed-hostap: Srinivasan <srinivasanb@posedge.com>
Signed-hostap: Chaitanya T K <chaitanyatk@posedge.com>
Signed-hostap: Marek Puzyniak <marek.puzyniak@tieto.com>
Srinivasan B [Fri, 21 Feb 2014 13:42:17 +0000 (14:42 +0100)]
hostapd: Add Power Constraint element
Add Power Constraint information element to Beacon and Probe Response
frames when hostapd is configured on 5 GHz band and Country information
element is also added. According to IEEE Std 802.11-2012 a STA shall
determine a local maximum transmit power for the current channel based
on information derived from Country and Power Constraint elements.
In order to add Power Constraint element ieee80211d option need to be
enabled and new local_pwr_constraint config option need to be set to
unsigned value in units of decibels. For now this value is statically
configured but the future goal is to implement dynamic TPC algorithm
to control local power constraint.
Signed-hostap: Srinivasan <srinivasanb@posedge.com>
Signed-hostap: Chaitanya T K <chaitanyatk@posedge.com>
Signed-hostap: Marek Puzyniak <marek.puzyniak@tieto.com>
Stefan Lippers-Hollmann [Thu, 20 Feb 2014 21:19:12 +0000 (21:19 +0000)]
Fix spelling s/algorith/algorithm/
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Jouni Malinen [Mon, 24 Feb 2014 15:15:16 +0000 (17:15 +0200)]
tests: Enable CCMP fragmentation check
This was triggering failures due to a mac80211 bug that has now been
fixed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 24 Feb 2014 13:22:35 +0000 (15:22 +0200)]
Do not start another connect work while one is pending
It was possible for the connect or sme-connect radio work to get
re-scheduled while an earlier request was still pending, e.g.,
select_network is issued at the moment a scan radio work is in progress
and the old scan results are recent enough for starting the connection.
This could result in unexpected attempt to re-associate immediately
after completing the first connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sat, 22 Feb 2014 12:06:58 +0000 (14:06 +0200)]
tests: WPS UPnP operations
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Feb 2014 09:52:59 +0000 (11:52 +0200)]
tests: WPS UPnP SSDP testing
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 24 Feb 2014 11:55:42 +0000 (13:55 +0200)]
tests: Stop WPS ER on station reset
This seems to be needed in some cases to avoid issues in test cases that
assume there are no other ERs running.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sat, 22 Feb 2014 16:57:41 +0000 (18:57 +0200)]
WPS: Fix UNSUBSCRIBE error returns if NT or CALLBACK header is used
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Feb 2014 16:51:37 +0000 (18:51 +0200)]
WPS: Fix UNSUBSCRIBE to return 412 if no SID match found
UPnP-arch-DeviceArchitecture describe ErrorCode 412 to be used for the
case where no un-epxired subscription matches. This used to return 200
which is not strictly speaking correct even though it is unlikely to
cause any problems.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Feb 2014 11:43:08 +0000 (13:43 +0200)]
WPS: Remove unnecessary filename NULL check
The caller of the GET parser is checking this already and the GET case
was the only one that ended up doing the duplicated validation step.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Feb 2014 08:47:49 +0000 (10:47 +0200)]
tests: Remove forgotten tcpdump references
tcpdump has not been used in the test scripts for a while, so no need
to stop it from stop.sh.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 21 Feb 2014 18:25:25 +0000 (20:25 +0200)]
tests: Fix the file comment to describe what this script does
Signed-off-by: Jouni Malinen <j@w1.fi>
Roger Zanoni [Fri, 21 Feb 2014 18:23:56 +0000 (20:23 +0200)]
tests: Change the python interpreter directive
This makes the script check the environment for the current python
interpreter in use instead of assuming that the python executable points
to a python 2 interpreter.
Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
Jouni Malinen [Fri, 21 Feb 2014 18:21:53 +0000 (20:21 +0200)]
tests: Remove unnecessary interpreter line from most python files
Only run-tests.py is actually executed, so there is no need to specify
the interpreter in all the helper files and test script files.
Signed-off-by: Jouni Malinen <j@w1.fi>
Rahul Jain [Thu, 20 Feb 2014 11:04:09 +0000 (16:34 +0530)]
P2P: Fix missing eloop_cancel_timeout in invitation trigger
When a Probe Request frame from an invitation peer is received, a timer
is schedule to start invitation. However, this could have been scheduled
multiple times (once per Probe Request frame) which is undesirable since
only a single invitation should be initiated.
Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
Jouni Malinen [Thu, 20 Feb 2014 23:15:16 +0000 (01:15 +0200)]
tests: Add module tests for WPS attribute parsing
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 20 Feb 2014 22:14:30 +0000 (00:14 +0200)]
tests: Add a module test integration to hwsim tests
CONFIG_MODULE_TESTS=y build option can now be used to build in module
tests into hostapd and wpa_supplicant binaries. These test cases will be
used to get better testing coverage for various details that are
difficult to test otherwise through the control interface control. A
single control interface command is used to executed these tests within
the hwsim test framework. This commit adds just the new mechanism, but no
module tests are yet integrated into this mechanism.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 21 Feb 2014 11:05:37 +0000 (13:05 +0200)]
WPS: Fix parsing of 0-length WFA vendor extension subelement
The previous parser would have skipped a WFA vendor extension attribute
that includes only a single zero-length subelement. No such subelement
has been defined so far, so this does not really affect any
functionality, but better make the parser address this correctly should
such an element ever be added.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 20 Feb 2014 14:59:29 +0000 (16:59 +0200)]
P2P: Add even more debug prints for Probe Request in non-Listen state
It looks like discovery_dev_id test case can still fail and based on the
previously added debug prints, this is happening since the P2P module
believes it is not in Listen state even when a P2P_LISTEN was issued.
p2p_listen_cb() did not get called on remain-on-channel event for some
reason, so lets add more debug to find out why this can happen.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Roger Zanoni [Wed, 19 Feb 2014 19:46:11 +0000 (15:46 -0400)]
Avoid undefined references with CONFIG_WPA_TRACE_BFD=y
libdl, libiberty, and libzlib are dependencies for libbfd.
Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
Anders Kaseorg [Sun, 16 Feb 2014 00:08:32 +0000 (19:08 -0500)]
wpa_debug: Remove 2048 byte message length limit
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Jouni Malinen [Thu, 20 Feb 2014 14:17:48 +0000 (16:17 +0200)]
tests: Increase P2P SD test coverage
Verify cases both with multiple peers (one of which not advertising any
services) and with multiple SD queries.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jithu Jance [Thu, 20 Feb 2014 11:43:25 +0000 (17:13 +0530)]
P2P: Address few issues seen with P2P SD
Suppose we have multiple peers and we have peers advertising SD
capability, but no services registered for advertising. In this case,
even if there are multiple broadcast queries set, we might end up
sending only the lastly added broadcast query to the same device (since
SD_INFO won't get set for the first broadcast query). Add support for
multiple wildcard queries to be tracked to enable this type of use
case.
Some times it is seen that before advancing to next device in the list,
the scan results come and update SD_SCHEDULE flag. This will result in
sending the already sent query to the same device without giving chance
to other devices. This issue again is seen with peer devices advertising
SD capability without any services registered.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
Dmitry Shmidt [Wed, 19 Feb 2014 21:21:58 +0000 (13:21 -0800)]
TLS: Add tls_disable_tlsv1_1 and tls_disable_tlsv1_2 phase1 params
These can be used to disable TLSv1.1 and TLSv1.2 as a workaround for AAA
servers that have issues interoperating with newer TLS versions.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jouni Malinen [Thu, 20 Feb 2014 11:56:27 +0000 (13:56 +0200)]
tests: Verify NAS identification attributes in Disconnect-Request
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 20 Feb 2014 11:55:36 +0000 (13:55 +0200)]
RADIUS DAS: Add support for NAS identification attributes
This allows NAS-IP-Address, NAS-Identifier, and NAS-IPv6-Address to be
included in the Disconnect-Request packets.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 20 Feb 2014 11:27:16 +0000 (13:27 +0200)]
tests: Verify that Disconnect-Request prevents PMKSA caching
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 20 Feb 2014 11:26:22 +0000 (13:26 +0200)]
RADIUS DAS: Remove PMKSA entry on Disconnect-Request
When a station is disconnected based on Disconnect-Request, it is better
to force the station to go through full EAP authentication if it tries
to reconnect.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 19 Feb 2014 21:51:55 +0000 (23:51 +0200)]
WPS: Fix STA state validation when processing PutWLANResponse
It is possible for an ER to send an unexpected PutWLANResponse action
when the destination STA is in disassociated, but not fully
deauthenticated state. sta->eapol_sm can be NULL in such state and as
such, it would be possible to hit a NULL pointer dereference in the
eapol_auth_eap_pending_cb() call at the end of the
hostapd_wps_probe_req_rx() when trying to proxy the WPS message to the
station. Fix this by validating that sta->eapol_sm is set before
processing the message.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Dmitry Shmidt [Wed, 19 Feb 2014 00:26:10 +0000 (16:26 -0800)]
Android: Use external libnl 2.0 dynamic library
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Roger Zanoni [Mon, 17 Feb 2014 19:02:47 +0000 (15:02 -0400)]
Fix hostapd and wpa_supplicant build with binutils >= 2.24.x
Using binutils >= 2.24.x and setting
CONFIG_WPA_TRACE/CONFIG_WPA_TRACE_BDF causes both builds to fail with
"#error config.h must be included before this header" message.
Since version 2.24.x, the bfd header checks for PACKAGE and
PACKAGE_VERSION macros.
As suggested in http://sourceware.org/bugzilla/show_bug.cgi?id=14243
projects that use bfd and don't use autotools should define a PACKAGE
macro.
Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
Jouni Malinen [Wed, 19 Feb 2014 09:56:02 +0000 (11:56 +0200)]
Revert "OpenSSL: Do not accept SSL Client certificate for server"
This reverts commit
51e3eafb68e15e78e98ca955704be8a6c3a7b304. There are
too many deployed AAA servers that include both id-kp-clientAuth and
id-kp-serverAuth EKUs for this change to be acceptable as a generic rule
for AAA authentication server validation. OpenSSL enforces the policy of
not connecting if only id-kp-clientAuth is included. If a valid EKU is
listed with it, the connection needs to be accepted.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 17 Feb 2014 11:15:29 +0000 (13:15 +0200)]
P2P: Enable U-APSD support on GO automatically
Since P2P specification mandates P2P GO to support WMM-PS with legacy
STAs, enable this automatically if the driver indicates support for
U-APSD in AP mode. The "P2P_SET go_apsd 0" command can still be used to
disable this if needed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 17 Feb 2014 09:43:53 +0000 (11:43 +0200)]
P2P: Add more debug prints for Probe Request processing
It can be helpful to see from the debug log why the P2P Device role did
not reply to a Probe Request frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 17 Feb 2014 09:42:43 +0000 (11:42 +0200)]
tests: Add more time for P2P discovery tests
It looks like some of the discovery_* test cases have been failing every
now and then on the virtual server and the one second timeout could have
been a bit too short to cover some possible timing cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Andrei Otcheretianski [Thu, 13 Feb 2014 09:24:00 +0000 (11:24 +0200)]
wpa_supplicant: Complete radio works on disable event
While testing rfkill blocking of a scanning interface, it
was seen that the ongoing scan never completes. This happens
since EVENT_SCAN_RESULTS is discarded on a disabled interface.
Fix this and also other possible radio work completion issues
by removing all the radio works (including started) of the
disabled interface.
To be able to remove already started radio works, make their
callbacks be reentrant with deinit flag (when the work
is started), so each radio work should be able to handle
its own termination.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Jouni Malinen [Sat, 15 Feb 2014 20:03:06 +0000 (22:03 +0200)]
tests: Verify CoA-Request behavior
This version verifies that hostapd NAKs a valid request since
CoA-Request is not yet supported.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 17:52:56 +0000 (19:52 +0200)]
tests: Convert connect() to use kwargs
This makes it more convenient to add new network block parameters.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 17:27:35 +0000 (19:27 +0200)]
tests: Verify RADIUS Disconnect-Request behavior
This uses pyrad to build and send various Disconnect-Request packets to
hostapd.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 17:26:12 +0000 (19:26 +0200)]
Convert RADIUS debug dumps to use wpa_printf()
This allows the debug dumps of RADIUS messages to be captured through
normal wpa_printf() mechanisms.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 14:45:57 +0000 (16:45 +0200)]
EAP-SIM DB: Remove client socket file on connect() error
If the connection from hostapd authentication server to hlr_auc_gw fails
due to hlr_auc_gw not running yet, the local socket file was left
behind. Delete the socket file on connect() failure path.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 13:57:21 +0000 (15:57 +0200)]
tests: Verify RADIUS server MIB values
Enable hostapd control interface for the RADIUS server instance and
verify that the RADIUS server MIB counters are incremented.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 13:38:30 +0000 (15:38 +0200)]
tests: Verify RADIUS accounting functionality
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 15:07:35 +0000 (17:07 +0200)]
tests: Build hlr_auc_gw separately for code coverage analysis
This improves accuracy of the code coverage reports with hostapd-as-AS
and hlr_auc_gw getting analyzed separately.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 13:37:53 +0000 (15:37 +0200)]
RADIUS: Add minimal accounting server support
This can be used to test RADIUS Accounting in hostapd.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 10:08:50 +0000 (12:08 +0200)]
tests: Verify NtPasswordHash with different UTF-8 cases
This adds a password that uses one, two, and three octet encoding
for UTF-8 characters. The value is tested against a pre-configured
hash to verify that utf8_to_ucs2() function works correctly.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 10:06:35 +0000 (12:06 +0200)]
Fix MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding
This fixes issues in using a password that includes a UTF-8 character
with three-byte encoding with EAP methods that use NtPasswordHash
(anything using MSCHAPv2 or LEAP).
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 09:49:09 +0000 (11:49 +0200)]
Fix nt_password_hash build
This needs librt on some systems for clock_gettime().
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 09:31:20 +0000 (11:31 +0200)]
Remove unused crypto_bignum_rshift()
Commit
bf4f5d6570c847109378fd4f44e3d89c6ebb3acd removed the only user of
this function.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 09:22:26 +0000 (11:22 +0200)]
Remove unused NFC_RX_HANDOVER_REQ
The more generic NFC_REPORT_HANDOVER is now used to report completed NFC
connection handover operations in either role and NFC_RX_HANDOVER_REQ
did not have any implementation within wpa_supplicant.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 08:42:56 +0000 (10:42 +0200)]
tests: Set dh_file on EAP client
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 08:33:55 +0000 (10:33 +0200)]
tests: EAP-TTLS and server certificate with client EKU
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 08:28:22 +0000 (10:28 +0200)]
tests: Expired server certificate
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Feb 2014 08:10:56 +0000 (10:10 +0200)]
tests: Domain name suffix match against CN
Signed-off-by: Jouni Malinen <j@w1.fi>
Ilan Peer [Thu, 13 Feb 2014 09:24:01 +0000 (11:24 +0200)]
nl80211: Use nl80211_set_iface_id() to get hw features data
Use nl80211_set_iface_id() in wpa_driver_nl80211_get_hw_feature_data(),
as otherwise the function fails for a P2P Device interface (which does
not have a netdev associated with it).
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Marek Kwaczynski [Mon, 10 Feb 2014 12:43:05 +0000 (13:43 +0100)]
hostapd: Add Operating Mode Notification support
Handle Operating Mode Notification received in (Re)Association Request
frames.
Signed-hostap: Marek Kwaczynski <marek.kwaczynski@tieto.com>
Helmut Schaa [Fri, 7 Feb 2014 09:31:56 +0000 (10:31 +0100)]
hostapd: Enable IEEE 802.11w in defconfig
IEEE 802.11w is ratified since 2009 already, so this comment does not
seem to be valid anymore.
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
Jouni Malinen [Thu, 13 Feb 2014 14:14:04 +0000 (16:14 +0200)]
NFC: Workaround nfcpy message debug exception
The current nfcpy version does not support new WSC connection handover
message format and the handover server fails to process the request due
to a debug print. As a temporary workaround, override
HandoverServer::_process_request() with a version that avoids pretty()
print of the handover messages. This can be removed once nfcpy has been
updated to support the new format.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Eytan Lifshitz [Mon, 10 Feb 2014 10:55:09 +0000 (12:55 +0200)]
Avoid NULL dereference in ieee802_1x_get_mib_sta() printf
In function ieee802_1x_get_mib_sta(), eap_server_get_name() may return
NULL, and it could be dereferenced immidiately by os_snprintf() (if the
snprintf implementation does not handle NULL pointer).
Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
Eytan Lifshitz [Mon, 10 Feb 2014 10:55:08 +0000 (12:55 +0200)]
wpa_supplicant: Fix NULL dereference in tls_verify_cb()
In function tls_verify_cb(), X509_STORE_CTX_get_current_cert() may
return NULL, and it will be dereferenced by X509_get_subject_name().
Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
Eytan Lifshitz [Mon, 10 Feb 2014 10:55:07 +0000 (12:55 +0200)]
wpa_supplicant: Fix NULL dereference in eap_fast_parse_end()
In eap_fast_parse_end(), pos might be NULL if the line doesn't
contain '='.
Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
Eytan Lifshitz [Mon, 10 Feb 2014 10:55:06 +0000 (12:55 +0200)]
Remove unnecessary NULL check
In send_assoc_resp(), sta was checked for NULL, although it can't be
NULL.
Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
Eytan Lifshitz [Mon, 10 Feb 2014 10:55:06 +0000 (12:55 +0200)]
Fix theoretical NULL dereference in debug printf
In hostapd_logger_cb(), module_str is checked for NULL (on a path that
does not get executed in practice), and then possibly dereferenced in
snprintf() anyway.
Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
Max Stepanov [Mon, 10 Feb 2014 10:55:05 +0000 (12:55 +0200)]
P2P: Avoid compiler warning in p2p_supplicant.c
Initialize flag variable explicitly to avoid [-Wmaybeuninitialized]
compiler warning in wpas_p2p_verify_channel().
Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
Max Stepanov [Mon, 10 Feb 2014 10:55:04 +0000 (12:55 +0200)]
DFS: Avoid compiler warnings in src/ap/dfs.c
Initialize variables explicitly to avoid [-Wmaybeuninitialized] compiler
warning in hostapd_handle_dfs() and
hostapd_dfs_start_channel_switch_cac() functions.
Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
Eytan Lifshitz [Mon, 10 Feb 2014 10:55:03 +0000 (12:55 +0200)]
wpa_supplicant: Fix memory leak in wfd_subelems error path
Memory allocated by calling function ieee802_11_vendor_ie_concat()
was not freed on an error path int ctrl_iface BSS command.
Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
Jouni Malinen [Thu, 13 Feb 2014 13:29:09 +0000 (15:29 +0200)]
Fix CONFIG_WPS_NFC=y build without CONFIG_P2P=y
Some of the control interface operations for P2P were not properly
protected with #ifdef CONFIG_P2P.
Signed-off-by: Jouni Malinen <j@w1.fi>
Dmitry Shmidt [Thu, 13 Feb 2014 13:14:18 +0000 (15:14 +0200)]
Add bssid/freq hint for driver-based BSS selection
This uses the new nl80211 attributes to allow the connect command to
provide bssid and freq hints to the driver without limiting roaming to
the specific BSS/frequency. This can be used by drivers that perform
internal BSS selection (WPA_DRIVER_FLAGS_BSS_SELECTION) as a candidate
for initial association.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jouni Malinen [Thu, 13 Feb 2014 12:56:42 +0000 (14:56 +0200)]
Start using unodified Developer Certificate of Origin v1.1
With the license terms having been cleaned up in the hostap.git files,
there is no continued need for the additional (e) item to explicitly
acknowledge BSD license option for contributions. Since DCO v1.1 is now
available from http://developercertificate.org/ it looks reasonable to
move to the unmodified version of DCO and to the commonly used
Signed-off-by tag for this project.
Signed-hostap: Jouni Malinen <j@w1.fi>
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 13 Feb 2014 12:35:01 +0000 (14:35 +0200)]
Sync with wireless-testing.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2014-02-12.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 12 Feb 2014 15:46:33 +0000 (17:46 +0200)]
Fix SAE state validation on AP
Confirm-before-commit validation step allowed execution to continue on
error case. This could result in segfault in sae_check_confirm() if the
temporary SAE data was not available (as it would not be, e.g., in case
of an extra SAE confirm message being received after successful
exchange). Fix this by stopping SAE processing immediately after
detecting unexpected state for confirm message. In addition, make the
public sae.c functions verify sae->tmp before dereferencing it to make
this type of bugs less likely to result in critical issues.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 12 Feb 2014 10:48:26 +0000 (12:48 +0200)]
NFC: Add summary and success file options for nfcpy scripts
These can be used to get updates on NFC operation status and success for
external programs.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 12 Feb 2014 10:45:07 +0000 (12:45 +0200)]
P2P NFC: Add p2p-nfc.py --handover-only option
p2p-nfc.py allowed an NFC Tag to be read and reported to wpa_supplicant
even in cases where it was explicitly asked to initiate negotiated
connection handover and return after completing this operation. The new
command line argument can be used to disable NFC Tag read operations
when a negotiated connection handover is expected.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 11 Feb 2014 17:33:43 +0000 (19:33 +0200)]
P2P NFC: Clean up p2p-nfc.py error handling
If wpa_supplicant reports a failure when trying to generate a handover
request, detect that before trying to decode the response as a hex
string.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 18 Dec 2013 00:00:21 +0000 (16:00 -0800)]
WPS: Make UUID-from-MAC Address easily available
"hostapd -u<MAC Address>" can now be used to display the UUID that will
be generated based on a MAC Address (i.e., when hostapd configuration
does not set a specific UUID).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 10 Feb 2014 12:36:39 +0000 (14:36 +0200)]
P2P: Do not indicate P2P_FIND failure if p2p_scan is in progress
It was possible to FAIL return for a P2P_FIND command that was issued
while an already started P2P_FIND operation was in the scan phase. This
can be confusing for upper layer software, so hide the failure report
from the ctrl_iface response. The previously started scan will continue
the find operation after this.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 16 Jan 2014 15:37:39 +0000 (17:37 +0200)]
WPS: Add more debug information to M7 AP Settings
This allows the AP Settings data to be included in debug log
(only with -K on command line).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 16 Jan 2014 15:35:45 +0000 (17:35 +0200)]
WPS: Indicate current AP settings in M7 in unconfigurated state
Previously, unconfigured state was forcing the best supported
authentication and encryption state to be shown in WPS messages,
including AP Settings in M7 in case the AP acts as an Enrollee. This is
not really correct for the AP Settings case, so change that one to
indicate the currently configured state.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 7 Feb 2014 14:26:59 +0000 (16:26 +0200)]
P2P: Handle unexpected GO Neg Req reject message more cleanly
The mechanism of using Status attribute in GO Negotiation Request was
used in some early specification drafts, but it is not compliant with
the current P2P specification where GO Negotiation Request is used only
for the purpose of initiating a new GO Negotiation. However, some
deployed devices use it to indicate rejection of GO Negotiation in a
case where they have sent out GO Negotiation Response with status 1. The
P2P specification explicitly disallows this.
To avoid unnecessary interoperability issues and extra frames, mark the
pending negotiation as failed and do not reply to this GO Negotiation
Request frame. Previously, GO Negotiation Response frame with status=4
was sent back as an indication of the GO Negotiation Request frame being
invalid. This response is not sent anymore and the status code for the
P2P-GO-NEG-FAILURE event is changed from 4 (invalid parameters) to 11
(rejected by user) for this specific workaround case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Mahesh A Saptasagar [Mon, 27 Jan 2014 14:46:02 +0000 (20:16 +0530)]
Fix persistent P2P connection failure in case channel list changes
P2P persistent connection may fail due to 802.11d channel change event
invalidating support of the operating frequency sent in the invitation
request, before receiving the invitation response. If the operating
frequency is invalid at the time the invitation response is processed
and there is no forced frequency provided by user, allow frequency
re-selection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Dmitry Shmidt [Mon, 3 Feb 2014 21:30:46 +0000 (13:30 -0800)]
wpa_supplicant: Add DFS indicator to get_capability freq
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jouni Malinen [Thu, 6 Feb 2014 14:03:42 +0000 (16:03 +0200)]
Handle Wi-Fi Display commands more carefully if P2P is disabled
If P2P was disabled (e.g., due to driver not supporting it or through
p2p_disabled=1 configuration), setting Wi-Fi Display parameters could
result in segmentation fault when the WFD IE is updated without the P2P
module being initialized. Fix this by skipping the update if P2P module
is not in use. In addition, show Wi-Fi Display as disabled in "GET
wifi_display" and refuse to enable it with "SET wifi_display 1" if P2P
is not enabled.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 6 Feb 2014 13:22:06 +0000 (15:22 +0200)]
Fix Beacon RX before AP setup completion
It is possible for the driver to report Beacon RX prior to hostapd
having completed AP mode setup, e.g., when changing country code. Beacon
frame processing for OLBC was not prepared for this and could trigger
segfault due to NULL pointer dereference. Fix this by ignoring the
Beacon frames received prior to completing interface setup when
determining OLBC updates.
Signed-hostap: Jouni Malinen <j@w1.fi>
Yun Park [Tue, 4 Feb 2014 21:11:14 +0000 (23:11 +0200)]
nl80211: Fix regression in returning to AP mode after scan
Commit
b1f625e0d81b76bb2380d0b47b95f5ad61123ba5 extended
ap_scan_as_station to be able to distinguish between AP and P2P GO
iftypes. However, it did this in a way that completely lost the original
mode because drv->nlmode had already been replaced with the station
mode. Fix this by storing the correct old mode.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 4 Feb 2014 15:16:32 +0000 (17:16 +0200)]
P2P: Do not re-start invitation on Probe Req RX if already ack'ed
If the peer device has already acknowledge receipt of the Invitation
Request frame, it is better not to re-start invitation by sending
another Invitation Request. This should not be needed since the peer
already has received the Invitation Request frame and sending the second
round in this type of sequence can cause issues with nl80211 offloaded
offchannel TX operations since driver_nl80211.c will lose the cookie
value for the first pending Action frame and may not be able to cancel
offchannel wait for it properly. this has been seen to trigger a failure
in the p2p_go_invite_auth test case with the scan failing due to GO
sending out Probe Response frame on incorrect channel (the channel used
in that not-cancelled Action TX).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>