Commit graph

1938 commits

Author SHA1 Message Date
Paul Stewart
45ac5793fc new_dbus_handlers: Clear errno
There are a few instances where dbus handlers test the value
of errno to test whether strtoul completes successfully.
Since strtoul does not clear errno, and there's no strong
reason to suspect that errno is already clear, it is safer
to clear it right before calling strtoul.  Also, any failure
in strtoul (setting errno non-zero) should be considered a
failure.

While testing using dbus-send, I found that a malformed
network path can cause a crash due to net_id being left
NULL.  We should test for this before calling strtoul
on it.

Tested with:

dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
    /fi/w1/wpa_supplicant1/Interfaces/0 \
    org.freedesktop.DBus.Properties.Get \
    string:fi.w1.wpa_supplicant1.Interface string:Networks
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
   /fi/w1/wpa_supplicant1/Interfaces/0 \
   fi.w1.wpa_supplicant1.Interface.RemoveNetwork \
   objpath:/fi/w1/wpa_supplicant1/Interfaces/0/Networks/0
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
   /fi/w1/wpa_supplicant1/Interfaces/0 \
   fi.w1.wpa_supplicant1.Interface.RemoveNetwork \
   objpath:/fi/w1/wpa_supplicant1/Interfaces/0/Networks/0
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
   /fi/w1/wpa_supplicant1/Interfaces/0 \
   fi.w1.wpa_supplicant1.Interface.RemoveNetwork \
   objpath:/fi/w1/wpa_supplicant1/Interfaces/0

Signed-hostap: Paul Stewart <pstew@chromium.org>
intended-for: hostap-1
2012-11-11 11:18:31 +02:00
Jouni Malinen
1e8a6e7553 Remove unused wpa_supplicant_disassociate()
This function is now unused after the last couple of commits that
removed the last uses, so remove this to keep code simpler since all
places that disassociate, can use deauthentication instead.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 17:05:37 +02:00
Jouni Malinen
07783eaaa0 Use deauthentication instead of disassociation if not associated
cfg80211/mac80211 may reject disassociation command if association has
not yet been formed. Use deauthentication in cases where it is possible
that we are associating at the moment the command is issued.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 16:58:00 +02:00
Jouni Malinen
42d235477f Use wpa_drv_{disassociate,deauthenticate} while waiting for connection
wpa_supplicant_{disassociate,deauthenticate}() need to inform the driver
about decision to disconnect even if this happens during the time when
the driver is still trying to complete association. During that time,
wpa_s->bssid is not set, so the code in these functions needs to figure
out the correct BSSID based on that field or wpa_s->pending_bssid. In
addition, it is possible that the BSSID is not even known at
wpa_supplicant at this point in time when using drivers that perform BSS
selection internally. In those cases, the disconnect command needs to be
sent to the driver without the BSSID.

This fixes issues where the driver (or cfg80211 in particular) may be
left in mismatching state with wpa_supplicant when disconnection (e.g.,
due to a ctrl_iface command) happens between connection request and
association event.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 16:57:57 +02:00
Jouni Malinen
e50d01b4f1 WPS: Add support for NFC connection handover with nfcpy
This helper script can now handle both reading of a NFC tag and
initiation of NFC connection handover if a peer NFC device is touched.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-04 16:04:42 +02:00
Jouni Malinen
dab710c4d0 WPS: Move NFC tag processing into a separate function
This makes it cleaner to add processing of other NFC operations to the
python script.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-04 15:56:46 +02:00
Jouni Malinen
ec4f5a37b8 WPS: Move wpactrl setup into a separate function
This makes it easier to share this functionality for new NFC use cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-04 15:53:33 +02:00
Jouni Malinen
d4f612b7dd WPS: Add an example python script for NFC operations
wps-nfc.py uses nfcpy and python-wpactrl to provide NFC tag information
to wpa_supplicant for WPS operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-03 22:43:15 +02:00
Sven Neumann
caff399250 dbus: Add getter for WPS properties
Add "WPS" property to the DBus interface that allows to
identify the active WPS method of a BSS.

Signed-hostap: Sven Neumann <s.neumann@raumfeld.com>
2012-11-03 18:38:51 +02:00
Jouni Malinen
10737aba22 Handle assoc reject events without wpa_supplicant SME
If the driver indicates the association (or authentication) was
rejected, wpa_supplicant should handle this connection failure similarly
to other cases. Previously, this was only handled with drivers that use
wpa_supplicant SME.

In case of cfg80211-based drivers, a rejected association was actually
already handled since cfg80211 generates a deauthentication event after
indicating connection failure. However, rejected authentication resulted
in wpa_supplicant waiting for authentication timeout to expire which is
unnecessary long wait.

Fix this by calling wpas_connection_failed() to use the common mechanism
to reschedule a new connection attempt with the previously attempted
BSSID blacklisted.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-03 13:50:17 +02:00
Sasha Levitskiy
5ff2c7faed Add parameter checking and error reporting to wpa_blacklist API
Signed-off-by: Sasha Levitskiy <sanek@google.com>
2012-11-01 20:41:27 +02:00
Jouni Malinen
b363121a20 WPS: Reject invalid credential more cleanly
If WPS Registrar tries to provision a WPA/WPA2-Personal network without
including a valid Network Key, the network block cannot be used to
connect to the network. Reject such credential without adding the
network block. This makes wpa_supplicant send WSC_NACK as a response to
the invalid Credential and stop the provisioning process immediately
rather than only after trying unsuccessfully to connect to the network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-01 16:30:35 +02:00
Jouni Malinen
8c9ad085e9 P2P: Relax Bonjour SD query matching
The DNS Name is allowed to use or not use domain name compression. To
handle both cases, check human readable DNS Name match if binary
matching does not show a hit.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-31 18:25:30 +02:00
Jouni Malinen
560f8bda8c P2P: Support multiple P2P SD Bonjour services with same key
There may be multiple Bonjour PTR matches for the same key, so extend
the P2P SD code for this to allow such entries to be added (i.e., do not
override previously added value, but add a new one). Similarly, return
multiple matches (one per Service TLV) for a query if it happens to
match more than a single configured Bonjour service.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-31 13:01:43 +02:00
Jouni Malinen
96beff11d1 P2P: Allow discoverable interval for p2p_find to be configured
The new P2P_SET parameter disc_int can now be used to configure
discoverable interval for p2p_find operations. The format of the command
for setting the values is "P2P_SET disc_int <minDiscoverableInterval>
<maxDiscoverableInterval> <max TUs for discoverable interval>". The
first two parameters are given in units of 100 TUs (102.4 ms). The third
parameter can be used to further limit the interval into a specific TU
amount. If it is set to -1, no such additional limitation is enforced.
It should be noted that the P2P specification describes the random
Listen state interval to be in units of 100 TUs, so setting the max TU
value to anything else than -1 is not compliant with the specification
and should not be used in normal cases. The default parameters can be
set with "P2P_SET disc_int 1 3 -1".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-30 15:12:04 +02:00
Jouni Malinen
23270cd8f5 Restore wpa_s->scan_req if scan trigger fails
If the driver rejects the scan request while handling an external
requested scan (e.g., SCAN command on ctrl_iface), wpa_s->scan_req gets
cleared in wpa_supplicant_scan(). This can results in issues when the
scheduled re-try of the scan in one seconds trigger another call to this
function. If ap_scan==2 mode is used, this would result in new
association attempt instead of a new scan. Avoid this by restoring value
of wpa_s->scan_req in case the scan trigger fails and a new scan attempt
is scheduled.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-30 12:27:05 +02:00
Jouni Malinen
340f1c48f7 P2P: Clear pending_pd_before_join on PD timeout
wpas_p2p_pd_before_join_timeout() needs to clear the
pending_pd_before_join flag to match other uses of this flag prior to
calling wpas_p2p_join_start(). Without this, the flag could be left set
which can cause following P2P operations to behave in unexpected ways.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-29 16:25:02 +02:00
Jouni Malinen
d76cd41a3a P2P: Allow separate P2P group interface use to be disabled
The new p2p_no_group_iface=1 configuration parameter can now be used to
disable the default behavior of adding a separate interface for the P2P
group when driver support for concurrent interfaces is available.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-29 15:02:30 +02:00
Jouni Malinen
5fbddfdcf1 P2P: Fix default p2p_group_idle timeout for P2P client role
Commit 0d30cc240f forced
wpa_s->current_ssid to be cleared in wpa_supplicant_mark_disassoc()
which gets called from wpa_supplicant_event_disassoc(). This breaks the
P2P group idle mechanism for the case where p2p_group_idle is not set
(i.e., is the default 0) since wpas_p2p_group_idle_timeout() ignores the
timeout in that case if the interface is not recognized as a client
interface (which was based on wpa_s->current_ssid being set).

Fix this by making wpas_p2p_is_client() default to client case if
wpa_s->current_ssid is NULL. This is much more likely case since the P2P
GO mode operation would not really clear the pointer without explicit
request to disconnect.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 21:37:15 +02:00
Jouni Malinen
9f36eac6e5 WPS: Remove old OOB NFC interface
The old WPS interface for using NFC has no known deployments and even
the binary libraries referenced here are not easily available anymore.
Since the new interface for using NFC with WPS covers the same
functionality, remove the old implementation to clean up WPS
implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 18:20:03 +02:00
Jouni Malinen
bd3a373767 WPS: Use AP Channel attribute in credential to speed up scan
When WPS is used with NFC connection handover, the AP may indicate its
operating channel within the credential information. Use this
informatiom, if present, to speed up the scan process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 18:02:04 +02:00
Jouni Malinen
e65552ddf2 WPS: Add preliminary NFC connection handover support for Enrollee
This commit adds new wpa_supplicant ctrl_iface commands to allow
external programs to go through NFC connection handover mechanism
with wpa_supplicant taking care of the WPS processing. This version
includes only the case where wpa_supplicant is operating as a
station/Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 17:39:46 +02:00
Jouni Malinen
04a3e69dd1 P2P: Allow all channels with multi-channel concurrency
If the driver indicates support for multi-channel concurrency, change
the p2p_connect behavior to not force the current operating channel, but
instead, just mark it as preferred for GO Negotiation. This change
applies only for the case when the freq parameter is not used with the
p2p_connect command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-26 18:10:46 +03:00
Jouni Malinen
f3989ced4f P2P: Add secondary device types into p2p_peer output
This allows the P2P_PEER command to be used to fetch the list of
secondary device types that each P2P peer has advertised.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-25 09:16:27 +03:00
Jouni Malinen
13ece96f70 P2P: Improve robustness against lost ctrl::ack frames
P2P includes two use cases where one of the devices is going to start a
group and likely change channels immediately after processing a frame.
This operation may be fast enough to make the device leave the current
channel before the peer has completed layer 2 retransmission of the
frame in case the ctrl::ack frame was lost. This can result in the peer
not getting TX status success notification.

For GO Negotiation Confirm frame, p2p_go_neg_conf_cb() has a workaround
that ignores the TX status failure and will continue with the group
formation with the assumption that the peer actually received the frame
even though we did not receive ctrl::ack. For Invitation Response frame
to re-invoke a persistent group, no such workaround is used in
p2p_invitation_resp_cb(). Consequently, TX status failure due to lost
ctrl::ack frame results in one of the peers not starting the group.

Increase the likelihood of layer 2 retransmission getting acknowledged
and ctrl::ack being received by waiting a short duration after having
processed the GO Negotiation Confirm and Invitation Response frames for
the re-invocation case. For the former, use 20 ms wait since this case
has been worked around in deployed devices. For the latter, use 50 ms
wait to get even higher likelihood of getting ctrl::ack through since
deployed devices (and the current wpa_supplicant implementation) do not
have a workaround to ignore TX status failure.

20 ms is long enough to include at least couple of retries and that
should increase likelihood of getting ctrl::ack through quite a bit. The
longer 50 ms wait is likely to include full set of layer 2 retries.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-13 17:33:16 +03:00
Jouni Malinen
c423708f02 WPS: Allow PIN timeout to be specified with wpa_supplicant AP/GO
Extend the wpa_cli wps_pin command to support specification of the PIN
expiration time in seconds similarly to hostapd_cli wps_pin command when
using wpa_supplicant for AP mode (including P2P GO).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-10 17:22:35 +03:00
Jouni Malinen
7a808c7eb7 P2P: Allow P2P functionality to be disabled per interface
By default, P2P is enabled globally for all virtual interfaces and this
makes wpa_supplicant include WSC and P2P IEs in Probe Request frames for
all scans even if this is for a non-P2P station connection to speed up
device discovery. If an interface is dedicated for non-P2P station mode
operations, it is now possible to disable addition of WSC and P2P IEs
into Probe Request frames with a per-interface p2p_disabled parameter.
This can be set either in the configuration file (p2p_disabled=1) or at
run time ("wpa_cli -i wlan0 set p2p_disabled 1"). Unlike the previous
mechanism ("wpa_cli p2p_set disabled 1"), the new parameter changes the
behavior only for the specified interface while other interfaces
continue to follow the global P2P enabled/disabled state.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-10 13:08:23 +03:00
Jouni Malinen
d86a33853e Do not clear PMKSA cache on all network block parameter changes
The bssid and priority parameters in a network block do not have any
effect on the validity of a PMKSA cache entry, so avoid flushing the
PMKSA cache when only these parameters are changed. This is mainly
to allow forced roaming or network selection changes without causing
a disconnection if the changes are done during RSN association that
used EAP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-09 13:06:37 +03:00
Jouni Malinen
c9a8221800 Filter out unlikely "pre-shared key may be incorrect" messages
Add a function to filter out known cases of disconnection during 4-way
handshake that are caused by something else than mismatch in PSK. This
commit adds the case where the local end determines a mismatch in
WPA/RSN element between Beacon/Probe Response frames and EAPOL-Key msg
3/4.

This can avoid some potentially confusing "WPA: 4-Way Handshake failed -
pre-shared key may be incorrect" ctrl_iface messages.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-08 17:49:54 +03:00
Jouni Malinen
21af6d15a8 SAE: Add Finite Cyclic Group negotiation and Send-Confirm
This replaces the previously used bogus test data in SAE messages with
the first real field. The actual SAE authentication mechanism is still
missing and the Scaler, Element, and Confirm fields are not included.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-06 19:30:54 +03:00
Jouni Malinen
6d22a377bd P2P: Fix network removal on P2P connect to select correct block
If wpa_s->current_ssid is not set (e.g., after disconnection that
did not result in immediate group removal), an incorrect group could
have been removed since the network block iteration here could select
the network block that is used to store persistent group credentials.
Fix this by verifying that disabled != 2 to avoid picking the network
block that could not have been the temporary P2P group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-05 20:37:49 +03:00
Sunil Dutt
ec947ffcd8 WPS: Reenable the networks disabled during wpa_wpas_reassoc
During the association for the WPS handshake all the other configured
networks are disabled. This patch makes wpa_supplicant reenable the
disabled networks after the success/failure of the WPS handshake.

Signed-hostap: Sunil Dutt Undekari <duttus@codeaurora.org>
2012-10-04 21:11:04 +03:00
Jouni Malinen
485e3a9228 Interworking: Unshare ANQP results on explicit ANQP requests
When ANQP_GET or HS20_ANQP_GET is used to request ANQP information,
unshare the ANQP information (i.e., create a per-BSS copy of it) to
make sure the information from the specified BSS is available in case
the APs provide different information within HESSID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-03 14:17:41 +03:00
Jouni Malinen
2edcd5046a HS 2.0: Include parsed WAN Metrics in RX-HS20-ANQP event
This adds parsed version of WAN Metrics information to the control
event message as follows:

RX-HS20-ANQP 02:00:00:00:01:00 WAN Metrics 01:8000:1000:80:240:3000

format: <WAN Info>:<DL Speed>:<UL Speed>:<DL Load>:<UL Load>:<LMD>
WAN Info: B0-B1: Link Status, B2: Symmetric Link, B3: At Capabity
   (encoded as two hex digits)
Downlink Speed: Estimate of WAN backhaul link current downlink speed in kbps;
	1..4294967295; 0 = unknown
Uplink Speed: Estimate of WAN backhaul link current uplink speed in kbps
	1..4294967295; 0 = unknown
Downlink Load: Current load of downlink WAN connection (scaled to 255 = 100%)
Uplink Load: Current load of uplink WAN connection (scaled to 255 = 100%)
Load Measurement Duration: Duration for measuring downlink/uplink load in
tenths of a second (1..65535); 0 if load cannot be determined

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-03 13:58:56 +03:00
Jouni Malinen
3385647da9 Fix build without CONFIG_WPS=y
Commit 620c783753 modified
wpas_wps_ssid_bss_match() prototype but forgot to update the non-WPS
wrapper inline function. Fix that to match with the new bss parameter
type.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-01 16:07:07 +03:00
Arik Nemtsov
a93a15bbfd P2P: Add a conf parameter to start a GO as HT40 if allowed
When specified in the conf file this parameter will make all invocations
of p2p_group_add, p2p_connect, and p2p_invite behave as if "ht40" has
been specified on the command line. This shouldn't do harm since
regulatory constraints and driver capabilities are consulted anyway
before starting HT40 mode.

Signed-hostap: Arik Nemtsov <arik@wizery.com>
2012-09-30 20:35:51 +03:00
Jouni Malinen
c10347f246 Add initial parts for SAE
This introduces new AKM for SAE and FT-SAE and adds the initial parts
for going through the SAE Authentication frame exchange. The actual SAE
algorithm and new fields in Authentication frames are not yet included
in this commit and will be added separately. This version is able to
complete a dummy authentication with the correct authentication
algorithm and transaction values to allow cfg80211/mac80211 drivers to
be tested (all the missing parts can be handled with
hostapd/wpa_supplicant changes).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:51:07 +03:00
Dan Williams
1634ac0654 dbus: Add global capabilities property
Otherwise it's difficult to determine if the supplicant was built with
CONFIG_AP, CONFIG_IBSS_RSN, CONFIG_P2P, etc. CONFIG_AP and CONFIG_P2P
can be inferred from the introspection data of the Interface object,
but CONFIG_IBSS_RSN does not change the introspection data at all and
thus it's impossible to determine whether the supplicant supports it
without knowing its compile-time options.

Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
2012-09-29 19:06:30 +03:00
Jouni Malinen
30b8038921 P2P: Fix p2p_cancel processing during group formation
The wpa_s->p2p_in_provisioning flag did not get cleared in some cases
where p2p_cancel command is used to stop group formation. This can result
in some operations (like p2p_find) failing afterwards. Fix this by using
wpas_group_formation_completed() when processing p2p_cancel for a group
that has not yet completed group formation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-28 22:01:48 +03:00
Jouni Malinen
93face0e06 Interworking: Support Android JB keystore with EAP-TLS
If the keystore:// prefix is used in the private_key entry, convert that
to the OpenSSL engine style configuration used for Android JB keystore.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-28 17:12:27 +03:00
Jouni Malinen
fa5c5b43e4 Interworking: Fix failed GAS query processing
The pending GAS entry must be removed from the list when it is removed.
This fixes an issue with potential segfault due to freed memory being
accessed if the driver fails to accept a GAS query.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-28 17:09:15 +03:00
Jouni Malinen
6407f4132f Add disallow_aps parameter to disallow BSSIDs/SSIDs
External programs can use this new parameter to prevent wpa_supplicant
from connecting to a list of BSSIDs and/or SSIDs. The disallowed BSSes
will still be visible in scan results and it is possible to run ANQP
operations with them, but BSS selection for connection will skip any
BSS that matches an entry in the disallowed list.

The new parameter can be set with the control interface SET command
using following syntax:

SET disallow_aps <disallow_list>
disallow_list ::= <ssid_spec> | <bssid_spec> | <disallow_list> | “”
SSID_SPEC ::= ssid <SSID_HEX>
BSSID_SPEC ::= bssid <BSSID_HEX>

For example:
wpa_cli set disallow_list "ssid 74657374 bssid 001122334455 ssid 68656c6c6f"
wpa_cli set disallow_list
(the empty value removes all entries)

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-27 17:36:59 +03:00
Jouni Malinen
83218d20dd P2P: Clear sta_scan_pending on group removal
It is possible for the P2P client group to be removed while waiting for
a pending scan operation (e.g., when p2p_group_idle timeout hits after
getting disconnected from the GO with something else than
Deauthentication with reason code 3). If this happens with a P2P
interface that is used both for P2P Device and group roles, scan state
could get stuck while waiting for the next scan to complete since no
more station (P2P client) mode scans are scheduled. Fix this by clearing
sta_scan_pending when removing the temporary group network block.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-25 02:55:20 +03:00
Jouni Malinen
2cd0758441 P2P: Allow peer to propose channel in invitation process
Make Invitation process for re-invoking a persistent group behave
similarly to GO Negotiation as far as channel negotiation is concerned.
The Operating Channel value (if present) is used as a starting point if
the local device does not have a forced operating channel (e.g., due to
concurrent use). Channel lists from devices are then compared to check
that the selected channel is in the intersection. If not, channel is
selected based on GO Negotiation channel rules (best channel preferences
etc.). Invitation Request is rejected if no common channel can be
selected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-24 22:15:58 +03:00
Jouni Malinen
4c490780e2 P2P: Fix pending-sta-scan processing for concurrent operation cases
If two P2P_FIND commands and a station mode SCAN command are issued in a
sequence with the second P2P_FIND and SCAN commands started before the
initial scan from the first P2P_FIND command has completed,
sta_scan_pending may be left set without an automatic way of getting it
cleared. This can get P2P search stuck if no further station mode scan
operations are run.

Fix this by clearing the sta_scan_pending flag whenever station mode scans
are stopped due to no enabled networks resulting in INACTIVE mode getting
entered. In addition, avoid setting sta_scan_pending flag when a special
scan_res_handler is set so that this does not get enabled on the P2P
Device interface during a P2P search operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-24 13:46:27 +03:00
Jouni Malinen
ac06fb12f5 P2P: Add more debug prints for GO start routines
This makes it easier to debug issues in starting GO mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-24 01:05:51 +03:00
Jouni Malinen
d4534bde9c Add debug print for no-enabled-networks case
If there are any disabled networks, show a debug print with the count
of those networks when no enabled networks are found. This can be
helpful in trying to figure out why scans are being skipped.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-24 01:04:00 +03:00
Jouni Malinen
b470b2bf37 Print control interface commands in easier format
The ASCII hexdump is somewhat difficult to search for (especially on
Android builds), so make the debug log easier to parse by printing the
full control interface command as a text string. In addition, use
wpa_dbg() to get the interface name printed so that multi-interface
cases can be debugged.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-24 01:01:26 +03:00
Jouni Malinen
c244dd2ec0 P2P: Fix PSK configuration for GO network
Setting just ssid->passphrase is not enough to complete the network
block for the GO entry. Also the PSK needs to be derived so that the
network is considered enabled by wpas_network_disabled(). The previous
version worked as long as something else allowed the scan request to be
performed (this is needed even though the actual scan is skipped when
starting GO).

The first GO start was allowed because wpa_s->scan_req is initialized to
1 in wpa_supplicant_alloc(). However, other attempts may fail if
wpa_s->scan_req is cleared. This failure shows up as "No enabled
networkas - do not scan" in debug log followed by state change to
INACTIVE when trying to start GO.

Fix this by deriving PSK from the passphrase for GO mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-24 00:56:57 +03:00
Jouni Malinen
0c802384a7 P2P: Fix p2p_group_idle in no-group-interface P2P client case
Commit 30ee769235 started skipping P2P
group removal if wpa_s->current_ssid is not set and commit
0d30cc240f started clearing
wpa_s->current_ssid on disconnection. This combination broke
p2p_group_idle timeout on P2P client interface in a case where no
separate P2P group interface is used and when the disconnection is
triggered by something else than an explicit indication of GO
terminating the group.

Fix this by relaxing network block matching rules when figuring out
whether any of the configured network blocks could be in P2P use. The
p2p_group flag alone should be enough for this since temporary P2P group
network blocks are removed once the P2P group is terminated.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-23 20:28:03 +03:00
Dan Williams
8c981d179b wpa_supplicant: Set state to DISCONNECTED on AP creation errors
If the AP creation failed (missing freq= or driver error) the supplicant
would previously stay in SCANNING state forever. Instead, it should
handle the error a bit better and drop back to DISCONNECTED so clients
know something went wrong.

Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
2012-09-23 13:55:58 +03:00
Mykyta Iziumtsev
dd31eb79a2 P2P: Remove channel 14 from supported P2P channels
Channel 14 is available only in Japan and is DSSS-only according to
IEEE 802.11-2012 19.4.3 and MIC Equipment Ordinance (EO)
for Regulating Radio Equipment article 49.20.

At the same time, P2P should avoid using DSSS modulation in normal
operation according to P2P specification v1.2 2.4.1.

Signed-hostap: Mykyta Iziumtsev <mykyta.iziumtsev@gmail.com>
intended-for: hostap-1
2012-09-23 12:49:52 +03:00
Jouni Malinen
54c61e6e08 P2P: Fix p2p_ctrl_invite_persistent() to parse peer parameter
Commit 4d32c0c44d added another use for the
local pos variable and that broke the mechanism used to determine wheter
the peer address was provided. Fix this by using a separate pointer to the
peer address.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-15 22:21:46 -07:00
Masashi Honma
6df865face Remove unused function warning in WPS NFC case
When I use CONFIG_WPS_NFC=y a warning appears.

wps_supplicant.c:1872:12: warning: 'wpas_wps_add_nfc_password_token'
defined but not used [-Wunused-function]

This patch removes this warning.

Signed-hostap: Masashi Honma <masashi.honma at gmail.com>
2012-09-15 22:02:09 -07:00
Jouni Malinen
0dd5431312 Do not inform other virtual interfaces of scan results in all cases
If a connection operation is started on an interface based on scan
results, other virtual interfaces should not be information about the
results to avoid potential concurrent operations during the association
steps. Since the sibling notification of scan results received was added
as an optimization, skipping it for this type of cases is the simplest
way of avoiding unnecessary concurrent operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-13 18:07:02 -07:00
Jouni Malinen
ab03f6da7a P2P: Schedule new scan if P2P operation delays scan
This makes sure that the interrupted station mode scan can be completed
after the P2P operations have had their chance of using the radio.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-13 18:05:55 -07:00
Jouni Malinen
58d3760e7e P2P: Check all interfaces for pending scan for p2p_scan failures
Driver could reject the new scan based on any virtual interface
running a concurrent scan. As such, mark the pending scan callback
for P2P based on any interfaces instead of just the one used for
the p2p_scan operation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-13 18:03:14 -07:00
Jouni Malinen
e665ca9a8d P2P: Move p2p_cb_on_scan_complete to global context
Since we have a global P2P module, the flag to trigger scan completion
events to it needs to be in similar context. The previous design
maintained this separately for each virtual interface and if P2P module
did not run its scan operation on the virtual interface that completed
the scan, P2P module would not be allowed to restart operations
properly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-13 17:58:22 -07:00
Jouni Malinen
762b99db7a Fix last_scan_res update existing BSS entry is update
The BSS pointer may change if the entry needs to be reallocated
and the new pointer has to be added to the last_scan_res array
to avoid using pointers to freed memory.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-10 12:36:55 +02:00
Yuhao Zheng
dc7785f845 wpa_supplicant: Add PKTCNT_POLL command to get TX/RX packet counters
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-09-05 17:02:02 +03:00
Jouni Malinen
53c9fc1df6 Interworking: Share ANQP data within homogenous ESS
If two BSS entries have the same HESSID and SSID, share the fetched ANQP
information between these BSS entries to save memory and GAS/ANQP
operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-04 17:22:42 +03:00
Jouni Malinen
c739d7e968 Interworking: Store HESSID in BSS entry
This makes it more convenient to match BSS entries that belong to the
same homogenous ESS.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-04 17:08:58 +03:00
Jouni Malinen
7e414b21c2 Interworking: Allow EAP-SIM/AKA/AKA' override in cred block
The eap parameter in the cred block can now be used to override
automatic EAP-SIM/AKA/AKA' selection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-04 16:50:52 +03:00
Jouni Malinen
476aed355a Interworking: Move BSS ANQP information into separate struct
This is an initial step in allowing the ANQP responses to be shared
among multiple BSSes if the BSSes are determined to be operating under
identical configuration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-04 16:22:35 +03:00
Deepthi Gowri
59ff6653aa Fix REMOVE_NETWORK to not run operations with invalid current_ssid
If the REMOVE_NETWORK command is used to delete the currently connected
network, some operations were run between removing the network and
clearing of wpa_s->current_ssid. This left wpa_s->current_ssid pointing
to freed memory and should any operation end up using it before the
pointer gets cleared, freed memory could be references. Avoid this by
removing the network only after having completed the operations that
clear wpa_s->current_ssid.

Signed-hostap: Deepthi Gowri <deepthi@codeaurora.org>
intended-for: hostap-1
2012-09-03 11:55:38 +03:00
Jouni Malinen
7ff833674b Interworking: Fetch only the needed ANQP information
Use configured credentials to figure out which ANQP information needs to
be fetched and only fetch those when using Interworking network
selection. The fetch_anqp command is still fetching all ANQP
information.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 21:05:54 +03:00
Jouni Malinen
a594e2a9ab Interworking: Skip extra scan after network auto-select
If the scan results from before ANQP fetch are fresh (less than five
seconds old), do not run a new scan when selecting the BSS after having
used Interworking network selection.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 20:18:48 +03:00
Jouni Malinen
620c783753 Use BSS entries instead of scan results for BSS selection
This allows the BSS selection functions to be called without having the
scan result data structure. This can be used to skip extra scans in
cases where previous results can be considered fresh.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 19:56:57 +03:00
Jouni Malinen
cf8baca6a5 BSS: Add wpa_bss_get_vendor_ie_multi_beacon()
This can be used to fetch vendor IEs from Beacon frames.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 19:54:42 +03:00
Jouni Malinen
a297201df1 Maintain list of BSS entries in last scan result order
This allows last results to be used even after they have been freed
since the information is copied to the BSS entries anyway and this new
array provides the order in which scan results were processed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 19:53:15 +03:00
Jouni Malinen
20ed5e40ba Use BSS table instead of scan results in need-to-roam determination
The same information is available in the BSS table, so we can reduce the
need for using the raw scan results in wpa_supplicant_need_to_roam().

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 17:39:35 +03:00
Jouni Malinen
e026159a8e EAP-SIM/AKA: Store pseudonym identity in configuration
Use the anonymous_identity field to store EAP-SIM/AKA pseudonym identity
so that this can be maintained between EAP sessions (e.g., after
wpa_supplicant restart) even if fast re-authentication data was cleared.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 13:04:18 +03:00
Jouni Malinen
bcdf2096bd SME: Fix disconnec-while-authenticating
Commit 0d30cc240f forced
wpa_s->current_ssid to be cleared in wpa_supplicant_mark_disassoc()
which gets called from wpa_supplicant_event_disassoc(). This broke SME
disassoc-while-authenticating workaround for cfg80211. Fix this by
restoring wpa_s->current_ssid in case SME authentication is in progress.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 17:20:27 +03:00
Jouni Malinen
0aadd5682f Fix disconnection event processing
Commit 0d30cc240f forced
wpa_s->current_ssid and wpa_s->key_mgmt to be cleared in
wpa_supplicant_mark_disassoc() which gets called from
wpa_supplicant_event_disassoc(). This broke IEEE 802.1X authentication
failure processing and P2P deauthentication notification (group
termination).

Fix this by splitting wpa_supplicant_event_disassoc() into two parts and
make wpas_p2p_deauth_notif() indicate whether the interface was removed.
If so, the last part of disassocition event processing is skipped. Since
the wpa_supplicant_mark_disassoc() call is in the second part, the above
mentioned issues are resolved. In addition, this cleans up the P2P group
interface removal case by not trying to use fast reconnection mechanism
just before the interface gets removed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 22:04:41 +03:00
Jouni Malinen
6f1ca696c7 P2P: Do not fail p2p_group_remove just based on current_ssid
The wpa_s->current_ssid pointer may get cleared, e.g., when
disconnected. Commit 30ee769235 made
wpas_p2p_group_delete() exit early before removing a P2P interface in
this type of case. That can cause number of issues from p2p_group_remove
command failing to busy loop when terminating wpa_supplicant if there is
a P2P group interface in client mode and that interface happens to be in
disconnected state. Fix these issues by allowing wpas_p2p_group_delete()
remove the P2P group interface regardless of whether wpa_s->currnt_ssid
is set.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 21:35:32 +03:00
Jouni Malinen
4d32c0c44d P2P: Allow p2p_invite-persistent to specify channel for GO
The freq and ht40 parameters can now be used with the p2p_invite
command when reinvoking a persistent group as the GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 21:20:51 +03:00
Jouni Malinen
55d834e172 Android: Add Wi-Fi Display into the makefile
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 18:34:32 +03:00
Jouni Malinen
43323e43d3 Android: Include Hotspot 2.0 support in the default build
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 18:34:30 +03:00
Jouni Malinen
50cfe0e1cb Android: Add new keystore include path for JB
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 18:34:27 +03:00
Jouni Malinen
7b1aa4fe30 Move variable declaration into the beginning of function
The variables used within the #ifndef block here needs to be defined in
the beginning of the function to avoid issues with some compilers.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-30 00:37:59 +03:00
Jouni Malinen
1f3a3ec4a4 Interworking: Fix build without CONFIG_PCSC=y
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-30 00:35:53 +03:00
Jouni Malinen
6ffdc2f7bd WFD: Add preliminary WSD request processing and response
This commit does not yet address support for different device roles,
i.e., the same set of subelements are returned regardless of which
role was indicated in the request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
347d6a5b76 WFD: Add support for sending Wi-Fi Display service discovery requests
wpa_cli p2p_serv_disc_req command can now be used to request WSD
request to be sent to specified or all peers who support WSD.

format: wifi-display <list of roles> <list of subelements>
examples:
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source] 2,3,4,5
p2p_serv_disc_req 02:01:02:03:04:05 wifi-display [pri-sink] 3
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [sec-source] 2
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source+sink] 2,3,4,5
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source][pri-sink] 2,3,4,5

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
337c781f9c WFD: Add wfd_subelems hexdump in BSS ctrl_iface command output
This makes it easier to parse the WFD subelements from scan results.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
9675ce354a WFD: Add Wi-Fi Display support
This commit adds control interface commands and internal storage of
Wi-Fi Display related configuration. In addition, WFD IE is now added
to various P2P frames, Probe Request/Response, and (Re)Association
Request/Response frames. WFD subelements from peers are stored in the
P2P peer table.

Following control interface commands are now available:
SET wifi_display <0/1>
GET wifi_display
WFD_SUBELEM_SET <subelem> [hexdump of length+body]
WFD_SUBELEM_GET <subelem>

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
eb7719ff22 Add support for using GCMP cipher from IEEE 802.11ad
This allows both hostapd and wpa_supplicant to be used to derive and
configure keys for GCMP. This is quite similar to CCMP key
configuration, but a different cipher suite and somewhat different rules
are used in cipher selection. It should be noted that GCMP is not
included in default parameters at least for now, so explicit
pairwise/group configuration is needed to enable it. This may change in
the future to allow GCMP to be selected automatically in cases where
CCMP could have been used.

This commit does not included changes to WPS or P2P to allow GCMP to be
used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 11:52:15 +03:00
Jouni Malinen
01335e2c8d wpa_cli: Add tab completion for p2p_find
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-28 17:38:53 +03:00
Jouni Malinen
e4f6873cce wpa_cli: Fix tab completion
Commit b49039bda9 redesigned tab
completion, but added the new call to completion functions into wrong
location. This needs to be done within the loop to find the correct
completion function.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-28 17:25:09 +03:00
Jouni Malinen
4d5bda5fca Interworking: Add optional use of network selection on normal scans
auto_interworking=1 configuration parameter can be used to request
wpa_supplicant to use Interworking network selection automatically as a
part of the normal (non-Interworking) network selection if the scan
results do not match with enabled networks. This makes scanning work
similarly to the "interworking_select auto" command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-28 16:14:13 +03:00
Jouni Malinen
b1f122964e Add generic GAS request mechanism
The new gas_request and gas_response_get commands can be used to request
arbitary GAS queries to be performed. These can be used with ANQP or
with other (including vendor specific) advertisement protocols.

gas_request <BSSID> <AdvProtoID> [Query]
gas_response_get <addr> <dialog token> [offset,length]

For example, ANQP query for Capability list in interactive wpa_cli
session:

> gas_request 02:00:00:00:01:00 00 000102000101
<3>GAS-RESPONSE-INFO addr=02:00:00:00:01:00 dialog_token=0
status_code=0 resp_len=32
> gas_response_get 02:00:00:00:01:00 00
01011c00010102010501070108010c01dddd0c00506f9a110200020304050607
> gas_response_get 02:00:00:00:01:00 00 0,10
01011c00010102010501
> gas_response_get 02:00:00:00:01:00 00 10,10
070108010c01dddd0c00
> gas_response_get 02:00:00:00:01:00 00 20,10
506f9a11020002030405
> gas_response_get 02:00:00:00:01:00 00 30,2
0607

It should be noted that the maximum length of the response buffer is
currently 4096 bytes which allows about 2000 bytes of the response data
to be fetched with a single gas_response_get command. If the response is
longer, it can be fetched in pieces as shown in the example above.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-27 18:13:10 +03:00
Jouni Malinen
a462036a47 WPS: Allow AP that becomes active be tried immediately
Clear the possible blacklisting of a WPS AP during WPS PIN iteration if
the AP moves to selected registrar TRUE state or if it adds our MAC
address to the list of authorized MACs.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-27 13:51:35 +03:00
Jouni Malinen
f9f0526bcd WPS: Maintain more AP state during WPS PIN iteration
Maintain state of WPS APs during iteration to find the correct AP for
WPS PIN operation when no specific BSSID is specified. This information
can be used for optimizing the order in which the APs are tried. This
commit is only adding the collection of the information and more
detailed debug information to make debug logs more helpful in figuring
out how the AP selection order could be improved.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-27 13:48:11 +03:00
Jouni Malinen
0d30cc240f Clear current_ssid and key_mgmt when disconnected
This makes wpa_supplicant state somewhat cleaner since the information
from previously used connection is not maintained after getting
disconnected.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:08 +03:00
Jouni Malinen
00e5e3d509 Disable network block temporarily on authentication failures
If 4-way handshake fails due to likely PSK failure or if EAP
authentication fails, disable the network block temporarily. Use longer
duration if multiple consecutive failures are seen.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:07 +03:00
Jouni Malinen
2af4d404a8 wpa_cli: Add optional argument for the help command
"help <cmd>" can now be used to print the usage text for the
specified command (or set of commands matching the prefix).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:07 +03:00
Jouni Malinen
b49039bda9 wpa_cli: Add tab completion function into the command table
Instead of using a separate list of commands, use the main command table
to assign tab completion functions. In addition, use the existing BSS
and P2P peer completions functions with the commands that use BSSID or
P2P Device address the first argument.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:07 +03:00
Jouni Malinen
632c9458c4 Interworking: Fix home SP check with real SIM card
The NAI building routine assumed that the credential included the IMSI,
but that is not the case when using a real SIM card. Build the NAI based
on the IMSI read for the card in such a case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:04 +03:00
Jouni Malinen
8f23401281 Interworking: Fix PLMN matching with multiple entries
The pos variable was not advanced when comparing PLMN entries in
3GPP Cellular Network information and as such, only the first
entry was really used.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-08-26 20:37:11 +03:00
Jouni Malinen
27b80b5b4c wpa_cli: Add a 'raw' command for sending unprocessed data
This can be used to test new control interface commands and to use
commands that may not yet be supported by wpa_cli.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-25 13:33:29 +03:00
Dmitry Shmidt
39ee845f92 wpa_supplicant: Add bss_flush command to invalidate scan results
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-08-25 10:23:22 +03:00