Commit graph

2285 commits

Author SHA1 Message Date
Jouni Malinen
af3e1b0ec2 dbus: Verify WPA/RSN IE parser result before returning data 2010-09-04 22:01:29 +03:00
Jouni Malinen
7f5420691e wpa_supplicant AP: Make sure deauth/disassoc event is valid
Verify that the driver wrapper is using a valid deauth/disassoc
event before dereferencing the addr pointer. The address is required
to be set in AP mode, but it is safer to verify this here than to
trust on all driver wrappers doing the correct thing.
2010-09-04 21:50:12 +03:00
Jouni Malinen
cce1f698e5 WPS: Use more defensive design to avoid theoretical NULL deref
Prior to commit 6195adda9b the sm->user
dereference did not exist here. While this is in practice non-NULL,
better use more defensive construction here to avoid NULL pointer
dereference should this ever change.
2010-09-04 21:37:36 +03:00
Jouni Malinen
a745b7a775 wpa_gui-qt4: Update copyright years to include 2010 2010-09-04 17:39:33 +03:00
Jouni Malinen
17f9f44ed8 Update WinPcap to the latest stable version 4.1.2 2010-09-04 17:37:57 +03:00
Jouni Malinen
0c80427d77 NDIS: Fix association for WPS provisioning with protected AP
Some NDIS drivers require a workaround to allow them to associate
with a WPS AP that is already using protection (Privacy field = 1).
Let driver_ndis.c know if the AP is already using Privacy and if so,
configure a dummy WEP key to force the driver to associate.
2010-09-04 13:56:12 +03:00
Jouni Malinen
687179edb5 Add libgcc_s_dw2-1.dll to the Windows installation package
This seems to be needed for wpa_gui.exe with the new Qt version.
2010-09-04 12:55:55 +03:00
Jouni Malinen
f4e5fd948a l2_packet_ndis: Fix overlapped write not to corrupt stack
When using overlapped write, we must have the provided memory
areas available during the operation and cannot just use stack
unless we wait for the completion within the function. In the case
of TX here, we can easily wait for the completion since it is likely
to happen immediately. In addition, this provides more reliable
success/failure return value for l2_packet_send(). [Bug 328]
2010-09-02 13:23:14 +03:00
Jouni Malinen
de1267d4eb winreg: Get rid of compiler warning 2010-09-02 13:22:52 +03:00
Helmut Schaa
36af1c7d31 hostapd: enable STBC only for STBC capable STAs
hostapd simply used its own STBC configuration in the STA's HT caps. This
resulted in TX STBC being used for STAs not supporting RX STBC, which in
turn resulted in the STA not receiving anything.

Fix this by handling the STBC flags in the same way mac80211 does. Mask
out RX STBC if we don't support TX STBC and vice versa.

Tested only with the nl80211 driver and a STBC incapable STA.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2010-08-28 12:25:44 +03:00
Jouni Malinen
0c703df32d Fix BSS selection with multiple configured networks
Commit d8d940b746 broke the logic on
iterating through all configured network blocks. This was supposed
to continue the loop on mismatch to allow other than the first
configured network to be found.
2010-08-28 12:04:21 +03:00
Masashi Honma
60da5e0f3f Solaris: Add support for wired IEEE 802.1X client
This patch adds support for wired IEEE 802.1X client on the Solaris.

I have tested with these:
OS : OpenSolaris 2009.06
EAP : EAP-MD5
Switch : Cisco Catalyst 2950
2010-08-28 11:40:07 +03:00
Jouni Malinen
9ff80a10e8 bgscan learn: Skip immediate scan on initial signal event
The driver is likely to indicate an immediate signal event when the
threshold value is configured. Since we do this immediately after
association, there is not much point in requesting a new scan to be
started based on this event.
2010-08-27 20:30:19 +03:00
Jouni Malinen
1e6ef6455c bgscan simple: Skip immediate scan on initial signal event
The driver is likely to indicate an immediate signal event when the
threshold value is configured. Since we do this immediately after
association, there is not much point in requesting a new scan to be
started based on this event.
2010-08-27 20:29:02 +03:00
Jouni Malinen
d8d940b746 Merge WPA and non-WPA network selection routines
This removes quite a bit of duplicated code and allows network block
priority configuration to be used to prefer unprotected networks and
also allows use on open network with good signal strength even if
scan results show a protected network with marginal signal strength
that does not allow it to be used.
2010-08-27 20:05:49 +03:00
Jouni Malinen
60a972a68d Add current signal strength into signal quality change events 2010-08-27 16:58:06 +03:00
Masashi Honma
9c77ad1889 trace: Fix void pointer arithmetic
The arithmetic on void pointer exists in trace routine. On GNU C, it
works because void pointer size is 1, but not all compilers behave like
this. So this patch specifies the size of the pointer.
2010-08-26 18:35:55 +03:00
Jouni Malinen
09f58c0984 Share common code in wpa_supplicant_{disassociate,deauthenticate}() 2010-08-26 13:43:38 +03:00
Jouni Malinen
eb0a3c7f96 Cancel authentication timeout on local deauth/disassoc request
Without this, the timeout may be left behind even when we are not
connected and may result in unwanted operation when the timeout
triggers.
2010-08-26 13:39:58 +03:00
Jouni Malinen
31fa4c6d98 Remove unused ieee802_11_send_deauth() 2010-08-25 21:18:54 +03:00
Jouni Malinen
ef546700e2 WPS: Optimize M2 processing in AP Setup Locked case
There is no need to process the public key and generate keys if
the AP is going to reject this M2 anyway. This limits effect of
potential CPU DoS attacks in cases where AP PIN is disabled.
2010-08-24 16:42:26 +03:00
Jouni Malinen
5a1cc30f1a WPS: Add support for dynamic AP PIN management
A new hostapd_cli command, wps_ap_pin, can now be used to manage
AP PIN at runtime. This can be used to generate a random AP PIN and
to only enable the AP PIN for short period (e.g., based on user
action on the AP device). Use of random AP PIN that is only enabled
for short duration is highly recommended to avoid security issues
with a static AP PIN.
2010-08-24 16:35:37 +03:00
Jouni Malinen
944814106e WPS: Do not disable AP PIN permanently, only slow down attacks
As a compromise between usability and security, do not disable
AP PIN permanently based on failed PIN validations. Instead, go to
AP Setup Locked state for increasing amount of time between each
failure to slow down brute force attacks against the AP PIN.

This avoids problems with some external Registrars that may try
to use the same PIN multiple times without user input. Now, the
user will still be able to fix the PIN and try again later while
a real attack is delayed enough to make it impractical.
2010-08-24 15:24:05 +03:00
Jouni Malinen
035cc69d98 WPS: Use WSC_NACK if no device password is known on M2 RX
This can happen on the AP if the AP PIN is not configured and
the client tries to go through the protocol instead of just using
Registrar mode to receive M1 from the AP. It is cleaner to send
out the WSC_NACK instead of just stopping the protocol.
2010-08-24 12:56:11 +03:00
Masashi Honma
509a39727f WPS: Fix unused variable warning
The wpa_supplicant compilation without CONFIG_WPS option results in
messages below.

scan.c: In function 'wpa_supplicant_scan':
scan.c:246: warning: unused variable 'wps'

This trivial patch erases this warning.
2010-08-20 09:44:50 +03:00
Jouni Malinen
8cbd92ee29 EAP-FAST server: Add I-ID into PAC-Info
This indicates that the peer identity is associated with the
credential and will be required to match with the identity used
during authentication when the PAC is used (RFC 5422, 4.2.4).
2010-08-19 21:16:19 +03:00
Jouni Malinen
f9cd8587fb dbus: Deauthenticate instead of disassociate on disconnect command
This clears up authentication state in the driver and in case of
cfg80211, unlocks the BSS entry for the previously used AP. The
previous commit cf4783e35f changed
only the ctrl_iface DISCONNECT command behavior; this new commit
does the same for D-Bus commands.
2010-08-18 21:27:30 +03:00
Samuel Ortiz
7e26053a2c sme: Check for prev_bssid from sme_event_disassoc
wpa_s->bssid is already cleared by mark_disassoc() when we're getting the
disassociation event for the case where wpa_supplicant requested
disassociation. wpa_s->sme.prev_bssid holds the BSSID we need to check
for, so use that instead.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2010-08-18 21:23:26 +03:00
Jouni Malinen
2e75a2b3a6 Add more debug info on deauth/disassoc events and commands 2010-08-17 21:04:38 +03:00
Jouni Malinen
43dd46b3bc Fix memory leak in AP WEP key configuration 2010-08-17 21:04:07 +03:00
Samuel Ortiz
cb1583f64b sme: Try all authentication algorithms when the first one fails
When passing several authentication algorithms through auth_alg, we
should try all of them when the first one fails. The wext driver goes
through the connect nl80211 command and the retries are then handled by
the kernel. The nl80211 doesn't and we have to handle that from
userspace.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2010-08-17 16:39:33 +03:00
Paul Stewart
cb30b297bd nl80211: Ignore "DEAUTH" messages from APs we are not associated to
DEAUTH messages can come from a number of different sources. The one
that's hurting us currently is DEAUTH netlink messages coming to us
from compat-wireless in response to local_state_change DEAUTH messages
we sent as a part of cleaning up state in driver_nl80211's
clear_state_mismatch() function. However, DEAUTH messages can come
from a variety of unwanted sources, including directed denial-of-service
attacks (although MAC verification doesn't place that high a barrier),
so this validation is actually generically useful, I think.

The downside to this method is that without a kernel based approach
"iw dev wlan0 link" no longer works correctly after clear_state_mismatch()
is done.  This will be pursued with the kernel folks.
2010-08-16 21:27:26 +03:00
Daniel Gryniewicz
6c78ae1443 Fix RSN preauth candidate list clearing to avoid segfaults
Commit c5b26e33c1 broke the processing
of the candidate list entries when an old entry was either removed or
reused. The entry needs to be removed from the list to avoid leaving
pointers to freed memory.

http://bugs.gentoo.org/show_bug.cgi?id=330085
http://w1.fi/bugz/show_bug.cgi?id=372
2010-08-14 19:01:14 +03:00
Johannes Berg
ba2d0d7d68 nl80211: Don't pass ctx to wpa_driver_nl80211_init_nl
Currently, we don't use the sock_ctx that we get passed by eloop, so
don't assign it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-08-11 18:33:24 +03:00
Johannes Berg
f48ffe4364 nl80211: Remove unused pending_send_action
This variable is assigned only once and never tested, so basically
unused.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-08-11 18:33:02 +03:00
Jouni Malinen
77895cd937 Add a mechanism to insert notes to wpa_supplicant debug log
This can be used to insert information from external programs to the
wpa_supplicant debug log.
2010-08-11 18:07:22 +03:00
Jouni Malinen
92afbe9d63 WPS: Make DH debug prints easier to understand 2010-08-11 18:02:39 +03:00
Jouni Malinen
15ed5535ad nl80211: Show remain-on-channel duration in debug output 2010-08-11 18:02:19 +03:00
Jouni Malinen
26af9dcaef nl80211: Try mode changes multiple times to avoid some races
cfg80211/mac80211 seems to be unwilling to change interface mode in
some cases. Make these less likely to cause problems by trying the
changes up to 10 times with 100 msec intervals.
2010-08-11 18:01:37 +03:00
Jouni Malinen
f3f0f648d7 wpa_cli: Clean up redrawing and filter out BSS added/removed events 2010-08-11 17:58:04 +03:00
Jouni Malinen
6195adda9b WPS: Allow AP to start in Enrollee mode without AP PIN for probing
In theory, this should not really be needed, but Windows 7 uses
Registrar mode to probe AP's WPS capabilities before trying to use
Enrollee and fails if the AP does not allow that probing to happen.
This allows the AP to start as an Enrollee and send M1, but refuse
to continue beyond that (M3 will not be sent if AP PIN is not known).
2010-07-26 18:12:08 -07:00
Jouni Malinen
67ccef7e6c FT: Send RRB data directly when managed by same hostapd process
This makes it easier (and a bit faster) to handle multiple local
radios with FT. There is no need to depend on l2_packet in that
case since the frame can be delivered as a direct function call.
2010-07-25 20:30:12 -07:00
Jouni Malinen
08b19cb404 WPS: Limit WPS ER event_id < 2^31 bits to avoid issues with atoi()
Previously, large event_id values (> 2^31) resulted in integer
overflow that would make ER drop all events from the AP.
2010-07-20 22:56:58 -07:00
Jouni Malinen
7f6ec672ea EAP server: Add support for configuring fragment size 2010-07-20 22:56:10 -07:00
Jouni Malinen
f3a3e6987e WPS: Allow fragment size to be configured 2010-07-20 22:55:39 -07:00
Jouni Malinen
24f7694062 Remove get-first-scan-results-before-request optimization
This has already been disabled in most use cases and can result
in problems with some drivers, so better just remove it completely.
2010-07-18 16:11:03 -07:00
Jouni Malinen
4e22adb4d1 WPS: Move from WLAN_STA_MAYBE_WPS to WLAN_STA_WPS based on EAP messages
If the station does not include WSC IE in Association Request, it
is marked with WLAN_STA_MAYBE_WPS flag. We can update that to
WLAN_STA_WPS if the station uses either of the WPS identity strings.
This enables some workarounds for WPS stations.
2010-07-18 16:10:08 -07:00
Jouni Malinen
9301f6515e WPS: Reduce client timeout with EAP-WSC to avoid long wait
This works around issues with EAP-Failure getting lost for some reason.
Instead of waiting up to 60 seconds on a timeout, 30 second timeout is
now used and whenever the provisioning step has been completed (either
successfully or unsuccessfully), this timeout is reduced to 2 seconds.
2010-07-18 16:09:30 -07:00
Jouni Malinen
3239706303 WPS: Force disconnection after provisioning step
This works around some problems where the station is unable to disconnect
for some reason (e.g., if EAP-Failure gets dropped).
2010-07-18 16:08:52 -07:00
Jouni Malinen
9b7124b27f Add some more debug for driver events 2010-07-17 20:33:34 -07:00