David Spinadel [Mon, 15 Feb 2016 14:53:28 +0000 (16:53 +0200)]
MBO: Add cellular capability to MBO IE
Add cellular capability attribute to MBO IE and add MBO IE with cellular
capabilities to Probe Request frames. By default, cellular capability
value is set to Not Cellular capable (3).
Signed-off-by: David Spinadel <david.spinadel@intel.com>
David Spinadel [Mon, 15 Feb 2016 14:53:25 +0000 (16:53 +0200)]
MBO: Send MBO WNM-Notification Request frames to notify changes
Send a WNM-Notification Request frame with Non-preferred Channel Report
subelement if the non-preferred channels list changes during an
association.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
David Spinadel [Mon, 15 Feb 2016 14:53:24 +0000 (16:53 +0200)]
MBO: Implement MBO non-preferred channel report in Association Request
Add MBO IE with non-preferred channels to (Re)Association Request
frames.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
David Spinadel [Mon, 15 Feb 2016 14:53:22 +0000 (16:53 +0200)]
MBO: Add non-preferred channel configuration in wpa_supplicant
Add non-preferred channel configuration to wpa_config for MBO.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
David Spinadel [Mon, 15 Feb 2016 14:53:19 +0000 (16:53 +0200)]
MBO: Add Multi Band Operation definitions
These are based on the specification draft WFA_MBO_TechSpec_v0.0_r19.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Jouni Malinen [Sun, 21 Feb 2016 15:07:47 +0000 (17:07 +0200)]
ndis: Use the new get_ie() helper to avoid duplicated code
This removes more duplicated implementation of finding the first IE
based on the id.
Signed-off-by: Jouni Malinen <j@w1.fi>
Avraham Stern [Mon, 15 Feb 2016 14:53:17 +0000 (16:53 +0200)]
utils: Share a single helper function to get IE by ID
Add a helper function to find a certain IE inside IEs buffer by ID and
use this function in several places that implemented similar
functionality locally.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Mon, 15 Feb 2016 14:53:13 +0000 (16:53 +0200)]
wpa_supplicant: Share a single get_mode() implementation
There is no need to duplicate this helper function in multiple files.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Jouni Malinen [Sat, 20 Feb 2016 17:22:43 +0000 (19:22 +0200)]
VLAN: Check vlan_desc validity in a failure debug print
The recent VLAN changes added an explicit code path that sets vlan_desc
= NULL within ap_sta_set_vlan(). This makes some code analyzers warn
about the debug print that could potentially dereference this pointer.
Silence that warning by verifying the pointer more consistently within
this function.
Signed-off-by: Jouni Malinen <j@w1.fi>
Nick Lowe [Fri, 19 Feb 2016 15:22:25 +0000 (15:22 +0000)]
Use 64-bit TX/RX byte counters for statistics
If the driver supports 64-bit TX/RX byte counters, use them directly.
The old 32-bit counter extension is maintained for backwards
compatibility with older drivers.
For nl80211 driver interface, the newer NL80211_STA_INFO_RX_BYTES64 and
NL80211_STA_INFO_TX_BYTES64 attributes are used when available. This
resolves the race vulnerable 32-bit value wrap/overflow. Rework RADIUS
accounting to use these for Acct-Input-Octets, Acct-Input-Gigawords,
Acct-Output-Octets, and Acct-Output-Gigawords, these values are often
used for billing purposes.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Andrei Otcheretianski [Tue, 16 Feb 2016 09:54:33 +0000 (11:54 +0200)]
AP: Set STA assoc flag in the driver before sending Assoc Resp frame
Previously, stations were added to the driver only after the
(Re)Association Response frame was acked. In the time period between the
station has acked the (Re)Association Response frame and the time the
station was added to the kernel, the station can already start sending
Data frames, which will be dropped by the hardware/driver. In addition
to the data loss, the driver may ignore NDPs with PM bit set from this
STA.
Fix this by setting/adding the STA with associated flag set to the
driver before the AP sends the (Re)Association Response frame with
status success. If the (Re)Association Response frame wasn't acked,
remove the station from the driver.
Note that setting a station to associated state before the non-AP
station acknowledges the (Re)Association Response frame is not compliant
with the IEEE 802.11 standard that specifically states that a non-AP
station should transition to authenticated/associated state only after
it acknowledged the (Re)Association Response frame. However, this is a
justifiable simplification to work around the issue described above since
1. The station will be removed in case it does not acknowledge the
(Re)Association Response frame.
2. All Data frames would be dropped until the station is set to
authorized state and there are no known issues with processing the
other Class 3 frames during the short window before the
acknowledgement is seen.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ayala Beker [Tue, 16 Feb 2016 09:54:32 +0000 (11:54 +0200)]
AP: Add support for full station state
Add support for drivers that support full AP client state, i.e., can
handle adding stations that are not associated yet. For such drivers,
add a station after processing the authentication request, instead of
adding it in the association response callback.
Doing so is beneficial in cases where the driver cannot handle the add
station request, in which case it is useless to perform the complete
connection establishment.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Ayala Beker [Tue, 16 Feb 2016 09:54:31 +0000 (11:54 +0200)]
nl80211: Add support for full station state operations
This provides means for determining whether the driver supports full AP
station state and setting the needed STA flags for using this
functionality.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Jouni Malinen [Sat, 20 Feb 2016 10:05:48 +0000 (12:05 +0200)]
tests: EAP-FAST protocol testing
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 20 Feb 2016 08:06:48 +0000 (10:06 +0200)]
EAP-FAST peer: Remove fixed return value from eap_fast_parse_phase1()
This function was always returning 0, so the error path was unreachable.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 20 Feb 2016 08:06:02 +0000 (10:06 +0200)]
tests: Verify fast_max_pac_list_len=0 special case
Signed-off-by: Jouni Malinen <j@w1.fi>
Nick Lowe [Tue, 9 Feb 2016 16:02:32 +0000 (16:02 +0000)]
EAP-pwd server: Use os_get_random() for unpredictable token
Do not use os_random() that uses a low quality PRNG to generate the
anti-clogging token. The construction can be improved upon by replacing
it with a call to os_get_random(), which uses a high quality PRNG. While
the RFC 5931 explictly recommends not to do this ("SHOULD NOT be from a
source of random entropy"), it does still mandate unpredicability ("MUST
be unpredictable"). The anti-clogging token is most unpredictable when
it is taken from a high quality PRNG.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Nick Lowe [Tue, 9 Feb 2016 14:49:35 +0000 (14:49 +0000)]
DFS: Remove the os_random() fallback
Remove the fallback dependency on os_random() from the code that gets a
valid DFS channel. This is exceptionally unlikely to ever be called as
the call to os_get_random() is unlikely to fail. The intention is to
facilitate future removal of os_random() as it uses a low quality PRNG.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Nick Lowe [Tue, 9 Feb 2016 14:47:47 +0000 (14:47 +0000)]
WPS: Use only os_get_random() for PIN generation
Remove the fallback dependency on os_random() when generating a WPS pin.
This is exceptionally unlikely to ever be called as the call to
os_get_random() is unlikely to fail. The intention is to facilitate
future removal of os_random() as it uses a low quality PRNG.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Nick Lowe [Tue, 9 Feb 2016 14:43:21 +0000 (14:43 +0000)]
Use os_get_random() for Shared Key authentication challenge
Do not use the system clock or os_random() that uses a low quality PRNG
as part of the pseudo-random challenge in auth_shared_key(). The
construction can be improved upon by replacing it with a call to
os_get_random(), which uses a high quality PRNG.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Jouni Malinen [Fri, 19 Feb 2016 16:43:45 +0000 (18:43 +0200)]
tests: Allow PIN generation failure during OOM in ap_wps_random_ap_pin
This is needed to avoid reporting failures after a change to remove the
fallback path in PIN generation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Nick Lowe [Sat, 13 Feb 2016 12:20:12 +0000 (12:20 +0000)]
Add RADIUS Service-Type attribute with a value of Framed
This seems to be the common value used by APs and also mentioned in RFC
3580.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Jouni Malinen [Fri, 19 Feb 2016 16:41:23 +0000 (18:41 +0200)]
tests: Renew expired certificates
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Masashi Honma [Wed, 17 Feb 2016 10:48:53 +0000 (19:48 +0900)]
mesh: Drop Authentication frames from BLOCKED STA
Previously, only mesh Action frames from BLOCKED STA were dropped.
Extend that to drop Authentication frames as well.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Masashi Honma [Mon, 15 Feb 2016 02:23:37 +0000 (11:23 +0900)]
SAE: Fix PMKID calculation for PMKSA cache
The SAE PMKID is calculated with IEEE Std 802.11-2012 11.3.5.4, but the
PMKID was re-calculated with 11.6.1.3 and saved into PMKSA cache. Fix
this to save the PMKID calculated with 11.3.5.4 into the PMKSA cache.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Nick Lowe [Sat, 13 Feb 2016 20:29:47 +0000 (20:29 +0000)]
Print Acct-Session-Id and Acct-Multi-Session-Id 64-bit values
These are now 64-bit variables and the printf formats and type casts
need to be updated to match.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Roy Marples [Wed, 10 Feb 2016 20:39:14 +0000 (20:39 +0000)]
kqueue: Use 0 instead of NULL for udata
Use 0 for udata instead of NULL for portability.
NetBSD uses uintptr_t, others a pointer.
Signed-off-by: Roy Marples <roy@marples.name>
Roy Marples [Wed, 10 Feb 2016 19:27:42 +0000 (19:27 +0000)]
ctype functions require an unsigned char
Ensure that characters are represented as unsigned char when using
isblank() and isspace(). These function take in a "int c" argument, but
it needs to be unsigned for the cases where EOF is not indicated.
Signed-off-by: Roy Marples <roy@marples.name>
Roy Marples [Wed, 10 Feb 2016 11:53:41 +0000 (11:53 +0000)]
Fix compile on NetBSD for vlan
Shuffle includes above system ones so to fix a compile issue
on NetBSD where the if_type #define from <net/if.h>
conflicts with the wpa_driver_if_type enum.
Signed-off-by: Roy Marples <roy@marples.name>
Roy Marples [Wed, 10 Feb 2016 11:22:11 +0000 (11:22 +0000)]
wired: Fix compile on NetBSD for wired driver
Shuffle wpa_supplicant includes above system ones so that
to fix a compile problem on NetBSD where if_type #define
conflicts with the wpa_driver_if_type enum.
Signed-off-by: Roy Marples <roy@marples.name>
Roy Marples [Wed, 10 Feb 2016 10:48:01 +0000 (10:48 +0000)]
Add CONFIG_ELOOP_KQUEUE to defconfig
Signed-off-by: Roy Marples <roy@marples.name>
Jouni Malinen [Thu, 18 Feb 2016 09:59:58 +0000 (11:59 +0200)]
nl80211: Avoid wpa_printf %s call with NULL pointer in set_param()
While most C libraries print "(null)" when NULL is used as an argument
to printf format string %s, this is not really necessary to print here,
so move the debug print to be after the NULL check.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Michael Braun [Thu, 21 Jan 2016 13:52:07 +0000 (14:52 +0100)]
tests: Verify correct VLAN after RSN pre-authentication
This enhances the test pmksa_cache_preauth_vlan_used to check
connectivity in the correct VLAN bridge.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:52:06 +0000 (14:52 +0100)]
tests: Verify connectivity with untagged/tagged VLAN mixed configuration
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:52:05 +0000 (14:52 +0100)]
tests: Untagged VLAN ID with EGRESS_VLANID RADIUS attribute
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:52:04 +0000 (14:52 +0100)]
tests: STA assigned to vif under per_sta_vif
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:52:03 +0000 (14:52 +0100)]
tests: Verify ap_vlan_iface_cleanup_multibss with per_sta_vif
This adds a new test case to run ap_vlan_iface_cleanup_multibss with
per_sta_vif enabled.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:52:02 +0000 (14:52 +0100)]
tests: Verify tagged-only connectivity
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:52:01 +0000 (14:52 +0100)]
wpa_supplicant: Parse ifname argument from DATA_TEST_CONFIG
This is required to test tagged VLANs.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:52:00 +0000 (14:52 +0100)]
VLAN: Add per-STA vif option
This allows the stations to be assigned to their own vif. It does not
need dynamic_vlan to be set. Make hostapd call ap_sta_set_vlan even if
!vlan_desc.notempty, so vlan_id can be assigned regardless.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:51:59 +0000 (14:51 +0100)]
VLAN: Actually add tagged VLANs to AP_VLAN
This makes vlan_newlink() and vlan_dellink() add tagged VLANs to AP_VLAN
interfaces as given by struct vlan_description.
hostapd_vlan_if_remove() is done in vlan_dellink() as tagged interfaces
need to be removed before the interface can be deleted and a DELLINK
message can be generated.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:51:58 +0000 (14:51 +0100)]
VLAN: Factor out per-vid code in newlink/dellink
To prepare for adding tagged VLAN support in vlan_init.c, vlan_newlink()
and vlan_dellink() are split into multiple functions. This reduces
indention and eases adding tagged VLANs as well.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:51:57 +0000 (14:51 +0100)]
radius: Add tagged VLAN parsing
1. Add tagged VLAN to struct vlan_description
(compile limited number of tagged VLANs per description)
For k tagged VLANs, the first k entries in vlan_description.tagged
are used. They are sorted in ascending order. All other entries are
zero. This way os_memcmp() can find identical configurations.
2. Let tagged VLANs be parsed from RADIUS Access-Accept
3. Print VLAN %d+ with %d=untagged VID if tagged VLANs are set
4. Select an unused vlan_id > 4096 for new tagged VLAN configurations
5. Add EGRESS_VLAN RADIUS attribute parsing also for untagged VLANs
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:51:56 +0000 (14:51 +0100)]
VLAN: Separate station grouping and uplink configuration
Separate uplink configuration (IEEE 802.1q VID) and grouping of stations
into AP_VLAN interfaces.
The int vlan_id will continue to identify the AP_VLAN interface the
station should be assigned to. Each AP_VLAN interface corresponds to an
instance of struct hostapd_vlan that is uniquely identified by int
vlan_id within an BSS.
New: Each station and struct hostapd_vlan holds a struct
vlan_description vlan_desc member that describes the uplink
configuration requested. Currently this is just an int untagged IEEE
802.1q VID, but can be extended to tagged VLANs and other settings
easily.
When the station was about to be assigned its vlan_id, vlan_desc and
vlan_id will now be set simultaneously by ap_sta_set_vlan(). So
sta->vlan_id can still be tested for whether the station needs to be
moved to an AP_VLAN interface.
To ease addition of tagged VLAN support, a member notempty is added to
struct vlan_description. Is is set to 1 if an untagged or tagged VLAN
assignment is requested and needs to be validated. The inverted form
allows os_zalloc() to initialize an empty description.
Though not depended on by the code, vlan_id assignment ensures:
* vlan_id = 0 will continue to mean no AP_VLAN interface
* vlan_id < 4096 will continue to mean vlan_id = untagged vlan id
with no per_sta_vif and no extra tagged vlan.
* vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans.
This way struct wpa_group and drivers API do not need to be changed in
order to implement tagged VLANs or per_sta_vif support.
DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only,
thus grouping of the stations for per_sta_vif can be used with
DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct
hostapd_vlan is still used to manage AP_VLAN interfaces.
MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of
VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will
continue to refer to int vlan_id.
Renaming vlan_id to vlan_desc when type changed from int to struct
vlan_description was avoided when vlan_id was also used in a way that
did not depend on its type (for example, when passed to another
function).
Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN
%d" will refer to untagged IEEE 802.1q VID.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Jouni Malinen [Tue, 16 Feb 2016 16:30:55 +0000 (18:30 +0200)]
OpenSSL: Fix PKCS#12 parsing of extra certificates with OpenSSL 1.0.1
Commit
8bcf8de827e841a35841034edd6f8281a7a3aeba ('OpenSSL: Fix memory
leak in PKCS12 additional certificate parsing') tried to fix a memory
leak in both the 1.0.2(and newer) and 1.0.1 branches of PKCS12 parsing.
However, the 1.0.1 case was not properly tested and freeing of the
certificate after a successful SSL_CTX_add_extra_chain_cert() call
resulted in use of freed memory when going through the TLS handshake.
Fix this by not freeing the certificate in that specific case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 13:52:08 +0000 (15:52 +0200)]
wpa_cli: Clean up logical operation
While '!func() == 0' here resulted in correct behavior, it is not clear
and clang is starting to warn about this (-Wlogical-not-parentheses).
Use 'func()' instead as the condition to clear this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 13:49:28 +0000 (15:49 +0200)]
TDLS: Clean up os_memcmp use
Ciuple of the nonce comparisons used a strange '!os_memcmp() == 0' to
check if the values were different. While this resulted in correct
behavior, the construction is not exactly clear and clang has started
warning about this (-Wlogical-not-parentheses). Clean this up by using
'os_mecmp() != 0'.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 13:28:16 +0000 (15:28 +0200)]
tests: Fix eap_proto_sake_errors with OpenSSL 1.1.0
The use of the newer OpenSSL API in openssl_hmac_vector() removes one of
the memory allocations, so the TEST_ALLOC_FAIL here could not trigger.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 12:10:29 +0000 (14:10 +0200)]
trace: Free symbols on program exit
This makes valgrind memleak checks with CONFIG_WPA_TRACE=y somewhat
cleaner.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 11:29:40 +0000 (13:29 +0200)]
OpenSSL: Fix memory leak in PKCS12 additional certificate parsing
The additional PKCS12 certificates were not freed properly in the loop
added in commit
de2a7b796d82d92120aa9532450863f503e1885a ('OpenSSL: Use
connection certificate chain with PKCS#12 extra certs').
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 11:13:36 +0000 (13:13 +0200)]
OpenSSL: Fix memory leak in HMAC_CTX compatibility wrapper function
Commit
5c9a33702fd9e9ae9c349d6461a6621801d4f9cb ('OpenSSL: Clean up
crypto_hash_*() to use a single implementation') added a wrapper
function to allow the new OpenSSL API to be used with older OpenSSL
versions. However, the HMAC_CTX_free() wrapper was incorrectly skipping
the call to HMAC_CTX_cleanup() which is still needed to free the
resources OpenSSL allocated internally.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:40:41 +0000 (00:40 +0200)]
OpenSSL: Fix memory leak in OCSP parsing
The result from OCSP_cert_to_id() needs to be freed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:35:34 +0000 (00:35 +0200)]
OpenSSL: Do not use library init/deinit functions with 1.1.0
SSL_library_init() does not work properly after EVP_cleanup() starting
from OpenSSL 1.1.0 pre release 3. The automated library init/deinit
functions in that pre release are supposed to handle all initialization
and deinitialiation, so comment out the explicit calls to these function
with OpenSSL 1.1.0 and newer.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:34:42 +0000 (00:34 +0200)]
OpenSSL: Fix memory leak in subjectAltName parsing
The parsed data from X509_get_ext_d2i() needs to be freed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:33:27 +0000 (00:33 +0200)]
curl: Fix memory leak in subjectAltName parsing
The parsed data from X509_get_ext_d2i() needs to be freed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:30:43 +0000 (00:30 +0200)]
OpenSSL: Fix memory leak with EVP_CIPHER_CTX_new()
Commit
1eb87ae48d829b77e805de9ba71f958b53930c88 ('OpenSSL: Use
EVP_CIPHER_CTX_new() to work with OpenSSL 1.1.0') started using
EVP_CIPHER_CTX_new() to allocate EVP_CIPHER_CTX from heap instead of
using stack memory. This commit used incorrect EVP_CIPHER_CTX_reset()
function in number of cases when the allocated memory was supposed to be
freed instead of just reset for reuse. Fix this by using
EVP_CIPHER_CTX_free() properly.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:14:47 +0000 (00:14 +0200)]
rfkill: Fix a memory leak
rfkill_init() uses realpath() which allocates memory and that memory was
not freed on the success path.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 19:53:33 +0000 (21:53 +0200)]
OpenSSL: Fix memory leak on error path
If SSL_CTX_new(SSLv23_method()) fails, tls_init() error path did not
free the allocated struct tls_data instance.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Lior David [Mon, 8 Feb 2016 10:30:04 +0000 (12:30 +0200)]
wpa_supplicant: Basic support for PBSS/PCP
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.
Add a new "pbss" argument to network block. The argument is used
in the following scenarios:
1. When network has mode=2 (AP), when pbss flag is set will start
as a PCP instead of an AP.
2. When network has mode=0 (station), when pbss flag is set will
connect to PCP instead of AP.
The function wpa_scan_res_match() was modified to match BSS according to
the pbss flag in the network block (wpa_ssid structure). When pbss flag
is set it will match only PCPs, and when it is clear it will match only
APs.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Lior David [Mon, 8 Feb 2016 10:16:45 +0000 (12:16 +0200)]
nl80211: Basic support for PBSS/PCP
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.
Add a pbss flag to the relevant structures to support starting a PCP and
connecting to a PCP. Implement support in the nl80211 driver by using
the new PBSS flag attribute.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Jouni Malinen [Mon, 8 Feb 2016 20:12:57 +0000 (22:12 +0200)]
Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2016-01-28.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 19:14:45 +0000 (21:14 +0200)]
tests: EAP state machine status information
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 19:05:02 +0000 (21:05 +0200)]
tests: Additional EAP-Finish local error coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 19:01:41 +0000 (21:01 +0200)]
EAP peer: Simplify buildNotify return
There is no need for the local variable and two return statements.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 19:01:06 +0000 (21:01 +0200)]
tests: EAP Notification errors
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 18:51:04 +0000 (20:51 +0200)]
Clean up EAP peer PCSC identity functions
Leave out more code if PCSC_FUNCS is not defined since config->pcsc != 0
case cannot be used with such a build.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 18:43:48 +0000 (20:43 +0200)]
tests: EAP-Nak special cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 18:35:35 +0000 (20:35 +0200)]
tests: Memory allocation failing for expanded EAP-Nak
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 18:27:13 +0000 (20:27 +0200)]
tests: EAP-Success/Failure prior to any EAP method
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 18:16:04 +0000 (20:16 +0200)]
tests: ERP init error case on allocation failure
Signed-off-by: Jouni Malinen <j@w1.fi>
Nick Lowe [Sun, 7 Feb 2016 10:11:46 +0000 (10:11 +0000)]
Use stronger PRNG for MS-MPPE-Send/Recv-Key salt
When generating a MS-MPPE-Send/Recv-Key, don't use a weak PRNG for the
salt.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Jouni Malinen [Sun, 7 Feb 2016 16:08:02 +0000 (18:08 +0200)]
eloop: Clean up coding style for eloop debug prints
Signed-off-by: Jouni Malinen <j@w1.fi>
Roy Marples [Fri, 22 Jan 2016 20:28:25 +0000 (20:28 +0000)]
Implement kqueue(2) support via CONFIG_ELOOP_KQUEUE
NOTE: kqueue has to be closed and re-build after forking. epoll *should*
do the same, but it seems that wpa_supplicant doesn't need it at least.
I have re-worked a little bit of the epoll code (moved into a similar
kqueue function) so it's trivial to requeue epoll if needed in the
future.
Signed-off-by: Roy Marples <roy@marples.name>
Roy Marples [Fri, 22 Jan 2016 20:28:25 +0000 (20:28 +0000)]
eloop: Add eloop_sock_requeue()
This function can be used to re-build eloop socket tables after forking
for eloop implementations that need this.
Signed-off-by: Roy Marples <roy@marples.name>
Jörg Krause [Tue, 26 Jan 2016 15:28:53 +0000 (16:28 +0100)]
wpa_ctrl: Retry select() on EINTR
Retry select() if it was interrupted by a signal.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Lubomir Rintel [Wed, 27 Jan 2016 16:02:07 +0000 (17:02 +0100)]
D-Bus: Don't do <deny send_interface="..." /> in dbus service file
It does more than intended; apart from denying messages to that
particular interface it also denies all messages non-qualified with an
interface globally. This blocks messages completely unrelated to
wpa_supplicant, such as NetworkManager communication with the VPN
plugins.
From the dbus-daemon manual:
Be careful with send_interface/receive_interface, because the
interface field in messages is optional. In particular, do NOT
specify <deny send_interface="org.foo.Bar"/>! This will cause
no-interface messages to be blocked for all services, which is almost
certainly not what you intended. Always use rules of the form: <deny
send_interface="org.foo.Bar" send_destination="org.foo.Service"/>
We can just safely remove those rules, since we're sufficiently
protected by the send_destination matches and method calls are
disallowed by default anyway.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Jouni Malinen [Sat, 6 Feb 2016 19:24:48 +0000 (21:24 +0200)]
tests: Secure mesh network plink counting during reconnection
This verifies that num_plinks is decremented properly if a peer mesh STA
reconnects without closing the link explicitly.
Signed-off-by: Jouni Malinen <j@w1.fi>
Srinivasa Duvvuri [Sun, 31 Jan 2016 02:45:30 +0000 (18:45 -0800)]
mesh: Fix peer link counting when a mesh peer reconnects
When a mesh point reconnects by starting from Authentication frame
sequence, the plink count was not decremented from its last connection.
This resulted in leaking peer link count and causing wpa_supplicant to
reject the connection after max_peer_links (default: 99) reconnects.
This was reproduced by pre-configuring 2 mesh points with mesh
credentials. Boot both mesh points and make sure they connect to each
other. Then in a loop reboot one of the mesh points after it
successfully connects while leaving the other mesh point up and running.
After 99 iterations the supplicant on mesh point that is not rebooting
will reject the connection request from the other mesh point.
Fix this by decrementing num_plinks when freeing a STA entry that is
still in PLINK_ESTAB state.
Signed-off-by: Srinivasa Duvvuri <sduvvuri@chromium.org>
Avraham Stern [Mon, 25 Jan 2016 10:28:49 +0000 (12:28 +0200)]
P2P: Fall back to no VHT when starting AP/P2P GO
In cases where the bandwidth is not set when starting an AP/P2P GO,
the code tries to use 160 MHz or 80 MHz channels. As a result, the
AP/P2P GO configuration is set to use these channel widths even if
they are not available, which may results in failing to start the
AP/P2P GO.
Fix this by changing the AP/P2P GO configuration not to use VHT channels
when they are not available. In this case the AP/P2P GO will use a 40
MHz channel, if available, or a 20 MHz channel, if this is the maximum
available width.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Mon, 25 Jan 2016 10:28:48 +0000 (12:28 +0200)]
P2P: Reduce off channel wait time for some P2P Action frames
Setting a long off channel wait time for P2P Action frames when
we know we are already on the right channel may cause a delay in
sending the Action frame (because the driver may not be able to
satisfy the request for long wait time until previous off channel
requests are over). This may be crucial for P2P response frames
that must be sent within 100 milliseconds of receiving the request.
Fix this by adjusting P2P Action frame wait times as follows:
1. For GO Negotiation Response frame, shorten the wait time to 100 ms.
This is reasonable because the peer has just sent us the GO
Negotiation Request frame, so it is known to be on the right
channel and is probably ready to send us the GO Negotiation
Confirmation frame without delay.
2. For GO Negotiation Confirmation, P2P Invitation Response, and
Provision Discovery Response frames, there is no need for wait
time at all as this is the last frame in the exchange. So set
the wait time to 50 ms to ensure there is enough time to send the
frame.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Jouni Malinen [Sat, 6 Feb 2016 14:27:52 +0000 (16:27 +0200)]
RADIUS: Share a single function for generating session IDs
There is no need to maintain three copies of this functionality even if
it is currently implemented as a single function call.
Signed-off-by: Jouni Malinen <j@w1.fi>
Nick Lowe [Wed, 27 Jan 2016 13:22:48 +0000 (13:22 +0000)]
RADIUS: Redesign Request Authenticator generation
Simplify and make properly random the generation of the Request
Authenticator.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Nick Lowe [Mon, 25 Jan 2016 16:49:59 +0000 (16:49 +0000)]
Send an Acct-Multi-Session-Id attribute in Access-Request packets
Previously, this was included only in Accounting-Request packets.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Nick Lowe [Mon, 25 Jan 2016 10:43:33 +0000 (10:43 +0000)]
Add Acct-Session-Id to Accounting-On/Off
An Acct-Session-Id is required on Accounting-On and Accounting-Off forms
of Accounting-Request.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Nick Lowe [Sun, 24 Jan 2016 11:37:46 +0000 (11:37 +0000)]
RADIUS: Use more likely unique accounting Acct-{,Multi-}Session-Id
Rework the Acct-Session-Id and Acct-Multi-Session-Id implementation to
give better global and temporal uniqueness. Previously, only 32-bits of
the Acct-Session-Id would contain random data, the other 32-bits would
be incremented. Previously, the Acct-Multi-Session-Id would not use
random data. Switch from two u32 variables to a single u64 for the
Acct-Session-Id and Acct-Multi-Session-Id. Do not increment, this serves
no legitimate purpose. Exclusively use os_get_random() to get quality
random numbers, do not use or mix in the time. Inherently take a
dependency on /dev/urandom working properly therefore. Remove the global
Acct-Session-Id and Acct-Multi-Session-Id values that serve no
legitimate purpose.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Jouni Malinen [Sat, 6 Feb 2016 14:31:28 +0000 (16:31 +0200)]
EAPOL auth: Move radius_cui/identity freeing to eapol_auth_free()
These can get allocated within eapol_auth_alloc(), so it is more logical
to free them in eapol_auth_free() instead of ieee802_1x_free_station()
that ends up calling eapol_auth_free().
Signed-off-by: Jouni Malinen <j@w1.fi>
Roshan Pius [Thu, 21 Jan 2016 23:15:13 +0000 (15:15 -0800)]
wpa_supplicant: Fix couple of C++ compiler errors with header files
Need to include these headers in C++ files for adding a binder interface
to wpa_supplicant. So, fix the following C++ compiler errors in them:
1. Add explicit C-style casts in wpa_buf.h header.
2. Move the nested definition of wpa_driver_scan_ssid in driver.h
outside of wpa_driver_scan_params because it is used in another
structure below.
Signed-off-by: Roshan Pius <rpius@google.com>
Jouni Malinen [Sat, 6 Feb 2016 11:23:42 +0000 (13:23 +0200)]
tests: Additional EAP-FAST PAC coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Nick Lowe [Sun, 24 Jan 2016 11:38:40 +0000 (11:38 +0000)]
Add Event-Timestamp to all Accounting-Request packets
Event-Timestamp should be sent for all Accounting-Request packets and
only after the system clock has a sane value, not where there's a value
close to the Unix time epoch.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Max Stepanov [Mon, 25 Jan 2016 10:28:50 +0000 (12:28 +0200)]
GAS: Calculate response buffer length of ANQP elements
Calculate the required length needed for the extra ANQP elements added
to GAS response buffer instead of using fixed size and truncating the
response if there was not sufficient space.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Jouni Malinen [Fri, 5 Feb 2016 23:09:42 +0000 (01:09 +0200)]
tests: PKCS#12 with extra certs on the server
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Ayala Beker [Mon, 25 Jan 2016 10:28:47 +0000 (12:28 +0200)]
OpenSSL: Fix server side PKCS#12 processing with extra certificates
Fix a possible null pointer dereference in tls_parse_pkcs12() when
loading a PKCS#12 file for the server keys and the file includes extra
certificates.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Ayala Beker [Mon, 25 Jan 2016 10:28:46 +0000 (12:28 +0200)]
OpenSSL: Fix possible null pointer dereference on an OCSP error path
Fix possible null pointer dereference in check_ocsp_resp() if an memory
allocation fails.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Roy Marples [Fri, 5 Feb 2016 16:11:50 +0000 (16:11 +0000)]
Remove -w support from wpa_supplicant README
wpa_supplicant dropped the -w option long long time ago..
Signed-off-by: Roy Marples <roy@marples.name>
Jouni Malinen [Fri, 5 Feb 2016 22:28:16 +0000 (00:28 +0200)]
tests: EAP-FAST and binary PAC errors
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 5 Feb 2016 22:26:31 +0000 (00:26 +0200)]
EAP-FAST: Fix an error path in PAC binary format parsing
Need to clear the pac pointer for the first error case to avoid freeing
the previous PAC entry if the following entry has an invalid header.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
John Ernberg [Mon, 1 Feb 2016 12:04:57 +0000 (12:04 +0000)]
D-Bus: Fix p2p interface capability message
If the config file for the interface says "p2p_disabled=1", don't report
p2p capabilities on this interface. This helps programs like Connman to
not enable p2p when it's been disabled in wpa_supplicant.
Signed-off-by: John Ernberg <john.ernberg@actia.se>
Nick Lowe [Mon, 25 Jan 2016 10:53:28 +0000 (10:53 +0000)]
Do not send Acct-Authentic in Accounting-On/Off
Acct-Authentic is used to indicate how the user was authenticated and as
such, should not be sent in Accounting-On and Accounting-Off.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Nick Lowe [Sun, 24 Jan 2016 10:20:33 +0000 (10:20 +0000)]
RADIUS: Do not include Acct-Terminate-Cause in Accounting-On/Off
Per RFC 2866, 5.10, it is invalid to send Acct-Terminate-Cause in
Accounting-On and Accounting-Off (this is included only when
Acct-Status-Type is set to Stop).
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Eduardo Abinader [Thu, 21 Jan 2016 10:26:35 +0000 (11:26 +0100)]
Make fallback from HT40 to HT20 work
Ensure that if it is not possible to configure an allowed 20 MHz
channel pair, hostapd falls back to a single 20 MHz channel.
Signed-off-by: Eduardo Abinader <eabinader@ocedo.com>