eapol_test command line argument -o<file> can now be used to request
the received server certificate chain to be written to the specified
file. The certificates will be written in PEM format. [Bug 391]
The proactive_key_caching parameter was missed in mapping the
config_ssid data into the WPA state machine configuration. This
prevented addition of PMKSA cache entries based on PMKSA caching
candidate events.
This allows drivers to disable CCK rates from Probe Request frames.
For nl80211, this is currently applying only to the supported rates
element(s), but this mechanism could be extended to address TX rate
control masking, too, to lessen need for global rate disabling.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
The P2P specification (3.1.4.3) disallows use of the Label configuration
method between two P2P devices. This was previously enforced at upper
level, but the obsolete code can be removed from wpa_supplicant. This
adds a bit more strict enforcement of the policy, but should not result
in practical differences since no known P2P implementation uses Label
config method.
If a network configuration block is removed or modified, flush
all PMKSA cache entries that were created using that network
configuration. Similarly, invalidate EAP state (fast re-auth).
The special case for OKC on wpa_supplicant reconfiguration
(network_ctx pointer change) is now addressed as part of the
PMKSA cache flushing, so it does not need a separate mechanism
for clearing the network_ctx values in the PMKSA cache.
The previous code was trying to figure out which WPA version is
used based on the extra IEs requested for Association Request. That
did not work properly in cases where non-WPA networks are used with
some extra IEs. Fix this by using more robust mechanism for passing
the WPA versions from core wpa_supplicant to the driver_ops
associate().
Instead of hardcoding the Config Methods attribute value in Probe
Request frames, set this based on the configured parameter
config_methods to allow correct set of methods to be advertised.
This change is a first step in better supporting different driver
architectures for AP mode operations with nl80211. This commit in
itself does not add new functionality, but it makes it easier to add
new AP mode parameters to address needs of drivers that have more of
the MLME/SME in firmware or kernel.
Various pieces of the P2P code assume that P2P is enabled, so make
the D-Bus code not call the P2P stuff if P2P is disabled. Also
ensures that if P2P is disabled a suitable error is returned to
the D-Bus caller.
Signed-off-by: Dan Williams <dcbw@redhat.com>
The read, write, read-write permissions can be figured out from
getter/setter function pointers, so there is no need for maintaining
that information separately.
If uapsd is explicitly enabled, set conf->bss->wmm_enabled and
conf->bss->wmm_uapsd to enable (and advertise) uapsd.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
These properties are already correctly treated as bytes for the local
device, we need to do same for peers.
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
A number of fixes/improvements here:
1) Remove casting of getter/setter function types which allows
us to change the prototypes in the future and not have hard-to-find
runtime segfaults
2) Instead of having the getters create a fake reply message which
then gets its arguments copied into the real reply message, and is
then disposed, just pass message iters around and have them add
their arguments to the message itself
3) For setters, just pass in the message iter positioned at the
start of the argument list, instead of each setter having to skip
over the standard interface+property name
4) Convert error handling to use DBusError and return the error
back down through the call stacks to the function that will
actually send the error back to the caller, instead of having a
fake DBusMessage of type DBUS_MESSAGE_TYPE_ERROR that then
needs to have the error extracted from it.
But most of all, this fixes various segfaults (like rh #725517
and #678625) which were caused by some functions deep down in the
getter callpaths wanting a source DBusMessage* when the getters were
used for two things: signals (which don't have a source DBusMessage)
and methods (which will have a source DBusMessage that's being
replied to). This duality made the code fragile when handling
errors like invalid IEs over the air.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Fix the previous code that was hardcoding the p2p parameter based
on the driver P2P capability regardless of whether the connection
was really used for P2P or not.
Currently, wpa_driver_nl80211_authenticate() changes the interface type
to station. However, in case of P2P, we need to change the interface
type to P2P_CLI.
Add p2p field to the authentication params, and consider it for choosing
the correct interface type.
Signed-off-by: Eliad Peller <eliad@wizery.com>
This makes sure that the old connection is not maintained if the new
configuration does not allow it anymore. In addition, it is better to
use wpa_supplicant_clear_connection() instead of just clearing
wpa_s->current_ssid here to keep things in sync.
When the BSS table size limit has been reached, drop first the oldest
BSS entries for which there is not a matching network in the
configuration based on SSID (wildcards are ignored). This makes it
less likely to hit connection issues in environments with huge number
of visible APs.
Only accept Probe Request frames that have a Wildcard BSSID and a
destination address that matches with our P2P Device Address or is the
broadcast address per P2P specification 3.1.2.1.1.
The current implementation of p2p_intra_bss doesn't work since the flag
isn't propagated into the corresponding hostapd config, so AP code will
never enable AP isolation and will in fact disable it again after it had
been enabled by the P2P code.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The paths pointer could have been NULL when going through the shared
freeing path in error case. Avoid the NULL pointer dereference by
checking whether that is the case. In addition, remove unnecessary
gotos to make the function more readable.
Add support to wpa_supplicant for device-based GTK rekeying. In order to
support that, pass the KEK, KCK, and replay counter to the driver, and
handle rekey events that update the latter.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Previous ft_ies needs to be removed before supplicant starts a new FT
initial association and this requires the ft_used state to be cleared
here.
Signed-off-by: Hong Wu <hong.wu@dspg.com>
If the driver supports HT20, set the config parameter ieee80211n
to enable it. This does not enable HT40.
Signed-off-by: Angie Chinchilla <angie.v.chinchilla@intel.com>
Regardless of how the AP mode is disabled, wpa_supplicant_ap_deinit()
must be called. Make sure this happens on all paths by calling the
deinit function from wpa_supplicant_mark_disassoc().
In general, this patch attemps to extend commit
00468b4650 with dbus support.
This can be used by dbus client to implement subject match text
entry with preset value probed from server. This preset value, if
user accepts it, is remembered and passed to subject_match config
for any future authentication.
Signed-off-by: Michael Chang <mchang@novell.com>
This is required for cross-compilation support on certain
platforms to avoid changing the pkg-config files themselves.
Signed-off-by: David James <davidjames@chromium.org>
Signed-off-by: Paul Stewart <pstew@chromium.org>
Make sure that the WPA and EAPOL state machines do not hold a pointer
to a network configuration that is about to be freed. This can fix
potential issues with references to freed memory.
Fix a NULL pointer dereference in commit
3734552f15 in the case of PBC overlap and
timeout case.
Signed-off-by: Jean-Michel.Bachot <jean-michelx.bachot@intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Signed-off-by: Angie Chinchilla <angie.v.chinchilla@intel.com>
Some P2PDevice properties were not updated in p2p->cfg structure:
reg_class, channel, op_reg_class, and op_channel. Hence, update p2p->cfg
parameters through p2p core calls in wpas_p2p_update_config().
Signed-off-by: Jean-Michel.Bachot <jean-michelx.bachot@intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Signal is triggered if an error occurs during WPS provisioning phase.
Signed-off-by: Jean-Michel.Bachot <jean-michelx.bachot@intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Extend commit c2762e410f to allow
applications to manage (add/remove) persistent groups and accepted
network object paths while invoking a persistent group.
This can be used to activate the keep alive mechanism enabled in
mac80211. Allows to trigger Peer Disconnected signal if signal is lost
on a P2P peer.
Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Move level parameter from p2p_device to p2p_device_info in order to
expose this information and modify D-Bus P2P handler to return this new
parameter through the P2P device properties.
Signed-off-by: Fabien Marotte <fabienx.marotte@intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Do not emit network objects during P2P group formation since such
network objects can confuse certain apps. Instead, a persistent group
object is created to allow apps to keep track of persistent groups.
Persistent group objects only represent the info needed to recreate the
group.
Also fixes a minor bug in the handling of persistent group objects
during WPS operations.
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Append "P2P" to capability information if supported by device.
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Need to define CONFIG_NO_PBKDF2 even though the crypto cleanup moved
the function to a separate file since there is conditional code in
wpa_supplicant/config.c. In addition, wpa_passphrase should not be
built at all if passphrase functionality is removed.
These checks were previously skipped if the scan result included WPA
or RSN IE. However, that can result in selecting a network that does
not match local configuration in some cases.
There are some corner cases, where the wpa_supplicant_req_scan() call
may end up scheduling a scan even if we are about to start a GO. Avoid
this by explicitly marking the GO network to be selected for the next
connection.
Some new code we're working on will require the dbus type "aay" (an
array of arrays of bytes). To add this, refactor the array code to
reduce code duplication by given a type string to the array starting
code, and also add code to create and parse such arrays from or into an
array of struct wpabuf respectively.
Since there's no unique DBus type for this, add a "fake"
WPAS_DBUS_TYPE_BINARRAY type that is separate from the regular DBus
types for parsing.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Moved wpas_dbus_new_decompose_object_path from dbus_new_handlers.c
to dbus_new_helpers.c.
Signed-off-by: Fabien Marotte <fabienx.marotte@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This can be used to avoid rejection of first two 4-way handshakes every
time hostapd (or wpa_supplicant in AP/IBSS mode) is restarted. A new
command line parameter, -e, can now be used to specify an entropy file
that will be used to maintain the needed state.
Processing of the scan results for RSN pre-authentication candidates
was moved to happen before the network was selected. This resulted in
all candidates being dropped due to no SSID having been configured.
Fix this by moving the processing to happen after the network has
been selected. Since the raw scan results are not available at that
point, use the BSS table instead of scan results to fetch the
information.
When using the p2p_oper_reg_class configuration option instead of
p2p_group_add freq parameter, the operating class 124 was not
processed correctly. Include that class in the list of 5 GHz classes
for the p2p_oper_reg_class to resolve this.
Both the SA and IEs from the received Probe Request frames must be
included and the Probe Request RX callback functions may assume that
these are not NULL.
When comparing BSS table entries, handle empty concatenated
vendor-specific IE differently from completely missing IE. This
does not change anything for the only currently compared IE that
can be fragmented (WPS IE), but it is better to have the generic
code here ready for any possible new IE that could be used in
with zero-length data.
Better make sure the address value included in the event message gets
cleared in case the GO Device Address is not known for some reason.
Previously, this could potentially have been some random data from
stack should we ever hit the case where wpa_s->current_ssid is not
set (which should not really happen in normal use cases).
It is now possible to configure the the time in seconds that
wpa_supplicant waits before requesting a new scan after failing to find
a suitable network in scan results.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
If WPA/WPA2 was enabled in the configuration, the non-WPA exception
could allow an incorrect AP to be selected from scan results. Do
not use the exception if WPA/WPA2 is enabled in configuration.
Commit c76e5d7f9b moved the
ap_configured_cb() call into a completion callback from AP mode code.
However, this callback can be called before hostap_setup_interface()
returns. In that case, the ap_configured_cb() ended up getting
called before the wpa_supplicant connection information was updated.
Fix this by reordering code to set up everything before calling
hostapd_setup_interface().
This should fix EAPOL reauthentication and rekeying timeout issues
with Intel clients when using WMM (e.g., with IEEE 802.11n). These
stations do not seem to be able to handle EAPOL data frames as
non-QoS Data frames after the initial setup.
This adds STA flags to hapd_send_eapol() driver op to allow
driver_nl80211.c to mark the EAPOL frames as QoS Data frame
when injecting it through the monitor interface.
If the scan interval switches to the short interval soon after a
scan, bgscan_simple should not immediately scan again. However,
it should also make sure that the next scan occurs no later than
the new, short scan interval.
Signed-off-by: Paul Stewart <pstew@google.com>
We gain diminishing returns by the short scan interval. The short
scan interval is used to hunt for a better AP if the RSSI of the
current AP drops. However, if we never roam, and the AP continues
to have low RSSI, at some point we should give up and return to
the slow background scan rate, otherwise we waste a lot of power.
Signed-off-by: Paul Stewart <pstew@google.com>
It is not guaranteed that we will get a CQM signal shortly after setting
up monitoring. In order to establish the correct initial background
scanning rate, poll directly for the signal strength.
Signed-off-by: Paul Stewart
This provides a means for the supplicant to directly request signal
quality metrics from the driver. This is useful, for example for
background scan algorithms that might ask desire this information
out-of-band with CQM events.
Signed-off-by: Paul Stewart <pstew@google.com>
The "debug_strings" private array in dbus_new_handles.c has fallen out
of sync with wpa_debug.h. Add the new "excessive" level to the head of
the list, realigning everything.
Signed-off-by: Paul Stewart <pstew@google.com>
Change the old design of running a single long living RSN IBSS
instance to keep a separate instance for each IBSS connection.
This fixes number of issues in getting keys set properly for
new connections and is in general quite a bit more correct
design.
Replace compile-time BSS cache expiration age and scan count by config
parameters that can be set via wpa_cli and the new D-Bus API. The latter
is done with interface properties BSSExpireAge and BSSExpireCount.
Move the code snippet to switch on bgscan over to wpa_supplicant.c
from event.c, so that it can be activated on wpa_supplicant_set_state().
Also create a centralized place to switch off bgscan. bgscan is now
turned on in COMPLETED, not ASSOCIATED.
This adds a new command to the interface to remove all configured
netblocks. Without this it's necessary to query properties on the
interface and explicitly remove each netblock.
This fixes an issue seen in our wifi testbed, where we frequently
switch the SSID of the AP. wpa_supplicant's BSS list will have, for
example both <bssid, "Check11b"> (from the previous test) and <bssid,
"Check11g"> (from the current test) - note that the bssid is the same for
both. The (old) D-Bus API for fetching scan responses from wpa_supplicant
is fetch-by-bssid, so the caller (flimflam) incorrectly believes we're
associated with <bssid, "Check11b">.
Add an "Interface.FlushBSS" method to the new D-Bus API and a "flush"
method to the old API. Both take an age parameter that is a threshold
(in seconds) for selecting entries to evict. Setting this parameter
to zero flushes all entries from the cache.
This mechanism is useful for a connection manager to clear state at
startup and on resume (where the age parameter may be used to hold
onto recent/valid data).
This provides feature parity with the old-style D-Bus API. Explicit
properties to control global parameters is preferred but until that
happens this allows doing things like setting pkcs11_engine_path and
pkcs11_module_path via D-Bus.
The AP code might, currently only in the case of HT40, defer actual
enabling to after a scan. In this case, the wpa_s AP code gets confused.
Add a callback for it to use and make it use it to finish only when the
setup has actually completed.
With appropriate hacks in place this allows using HT40 in P2P mode.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When wpa_s scans in AP mode, it doesn't propagate the scan event to the
AP code, so that code can get stuck if it uses the callbacks there.
Simply call them where appropriate.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This adds the ability to add WPS vendor extension attributes in P2P
frames, like GO Negotiation and Probe Response frames.
Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of converting back and forth from the string representation,
always use the binary representation internally.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The secondary device type list is an optional attribute in the WSC IE.
Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
There's a bug in the getter for the 'Interfaces' property
of /fi/w1/wpa_supplicant1 (new D-Bus interface) which causes a
'Segmentation Fault' when there are multiple interfaces.
Chooses between EAP and non-EAP authentication modes and
uses the appropriate method to retrieve the name.
Signed-off-by: Paul Stewart <pstew@google.com>
Use a specific return value, WPS-PBC-OVERLAP, to indicate a reason
for rejecting a wps_pbc command in wpa_supplicant AP mode if the
PBC mode cannot be started due to PBC session overlap having been
detected during monitor time.
If the wpa_supplicant configuration file does not specify an UUID,
we need to copy the generated UUID, not the all zeros buffer
reserved for the configured UUID.
Instead of generating a different UUID for each interface, use the
same UUID that was either configured of generated for the first
interface. This avoids potential issues with PBC session overlap
detection should multiple interfaces end up running a PBC scan
at the same time which may happen at least in some P2P use cases.
If there is already a link the requested peer, request start of
renegotiation instead of completely new link. This seems to be needed
to allow some driver to accept the trigger for a new negotiation.
These special test cases can be configured at run time with "wpa_cli
tdls_testing <value>" where <value> is an integer (either as a decimal
or as a hex value with 0x prefix) bitmap of special features with
following bits available at this point:
bit 0 = long frame (add dummy subelement to make FTIE very long)
bit 1 = use alternative RSN IE (different RSN capab value and no extra
replay counters)
bit 2 = send incorrect BSSID in Link Identifier of TDLS Setup Request
(e.g., 1 = long FTIE, 2 = different RSN IE, 3 = both of those)
This is disabled by default and can be enabled for the build by
adding the following line to .config:
CFLAGS += -DCONFIG_TDLS_TESTING
This allows driver wrappers to indicate whether the association was
done using Association Request/Response or with Reassociation
Request/Response frames.