Commit graph

199 commits

Author SHA1 Message Date
Jouni Malinen
cf15b15cc1 Add writing of network block ocsp parameter
This was forgotten from the per-network ocsp parameter addition. The new
parameter needs to be stored to the configuration file similarly to the
other EAP parameters.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-28 16:56:41 +02:00
Alexander Bondar
54ac5aa271 config: Add bgscan option when saving global configuration
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
2014-03-04 22:27:39 +02:00
Jouni Malinen
cf6d08a63f Interworking: Add OCSP parameter to the cred block
This new parameter can be used to configure credentials to mandate use
of OCSP stapling for AAA server authentication.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
74794891c7 Interworking: Add sp_priority cred parameter
This new priority parameter can be used to specify priorities between
credentials provisioned by the same SP. cred->priority is checked first
and if it is same and the provisioning_sp parameter matches, the new
sp_priority is used to order the credentials. It should be noted that
the order of priorities is different (higher 'priority' value indicates
higher priority of the credential, while higher 'sp_priority' indicates
lower priority of the credential).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
a45b2dc5dc HS 2.0R2: Add support for Policy/MaximumBSSLoadValue
The new credential parameter max_bss_load can be used to specify
restrictions on BSS Load in the home network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
4cad9df15a HS 2.0R2: Add support for Policy/MinBackhaulThreshold
The new credential parameters min_{dl,ul}_bandwidth_{home,roaming} can
be used to specify restrictions on available backhaul bandwidth.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
aa26ba68b4 HS 2.0R2: Add tracking of provisioning SP
The new provisioning_sp cred field can now be used to track which SP
provisioned the credential. This makes it easier to find the matching
PPS MO from the management tree (./Wi-Fi/<provisioning_sp>).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
f9cd147d6b HS 2.0R2: Update Indication element to Release 2
The HS 2.0 Indication element from wpa_supplicant now includes the
release number field and wpa_supplicant shows the release number of the
AP in STATUS command (hs20=1 replaced with hs20=<release>).

The new update_identifier field in the cred block can now be used to
configure the PPS MO ID so that wpa_supplicant adds it to the Indication
element in Association Request frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
bc00053c9d Interworking: Allow roaming partner configuration
The new roaming_partner parameter within a cred block can be used to
configure priorities for roaming partners.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
03ed332407 Interworking: Allow cred blocks not to be saved to a file
The new cred block parameter 'temporary' can be used to indicate that a
cred block is not to be saved to wpa_supplicant configuration file
(e.g., "SET_CRED 0 temporary 1"). This is similar to the concept of
temporary network blocks and allows cred blocks to be managed outside
the wpa_supplicant config file when other parameters are still saved to
the file written by wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-30 15:43:55 +02:00
Sunil Dutt
800d58721c TDLS: Provide external control to specify the peers for setup
There are use cases requesting the host driver to initiate the TDLS
setup with the peer only when configured by the external applications.
Thus, enable this control by tdls_external_control=1 and pass the
requisite information for the specific TDLS operation to the driver
on the request from such use cases.

This operation mode expects the driver to initiate TDLS link
automatically based on signal strength and traffic to a peer and tear
down links whenever they are not used or suitable due to signal strength
etc. The list of peers with which such operations are to be performed
are provided with the TDLS driver operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-15 03:02:08 +02:00
Jouni Malinen
9ec876662b P2P: Allow GO P2P Device Address to be used for scan result matching
This is a better way of matching P2P groups based on the unique P2P
Device Address (e.g., from P2P Group ID) and SSID pair instead of using
the not necessarily unique P2P Interface Address.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 13:49:01 +02:00
Eliad Peller
20ea1ca406 P2P: Add VHT parameter to P2P operations
Add the option to ask for VHT operation similarly to the way ht40 is
configured - either by adding 'vht' param to the relevant p2p_*
commands or by configuring p2p_go_vht=1 in the configuration file.

This patch only adds the configuration option (e.g., via control
interface). The actual handling of the VHT parameter (asking the driver
to use VHT, etc.) will be done by the following patch.

Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
2013-10-27 19:46:17 +02:00
Jouni Malinen
51e9f22809 P2P: Add option to allow additional client channels
The new p2p_add_cli_chan=1 configuration parameter can be used to
request passive-scan channels to be included in P2P channel lists for
cases where the local end may become the P2P client in a group. This
allows more options for the peer to use channels, e.g., if the local
device is not aware of its current location and has marked most channels
to require passive scanning.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-26 17:49:10 +03:00
Jouni Malinen
556b30daca P2P: Add option to remove channels from GO use
The new p2p_no_go_freq frequency range list (comma-separated list of
min-max frequency ranges in MHz) can now be used to configure channels
on which the local device is not allowed to operate as a GO, but on
which that device can be a P2P Client. These channels are left in the
P2P Channel List in GO Negotiation to allow the peer device to select
one of the channels for the cases where the peer becomes the GO. The
local end will remove these channels from consideration if it becomes
the GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-26 17:49:10 +03:00
Jouni Malinen
a5d44ac083 EAP peer: Add framework for external SIM/USIM processing
The new configuration parameter external_sim=<0/1> can now be used to
configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM
authentication for EAP-SIM or UMTS authentication for EAP-AKA). The
requests and responses for such operations are sent over the ctrl_iface
CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing
password query mechanism.

Changes to the EAP methods to use this new mechanism will be added in
separate commits.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 13:12:04 +03:00
Jouni Malinen
ac1bc54948 Interworking: Add domain_suffix_match for credentials
This allow domain_suffix_match to be specified for a cred block and then
get this copied for the network blocks generated from this credential as
part of Interworking network selection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Jouni Malinen
463c8ffbd5 Interworking: Add support for multiple home FQDNs
Credentials can now be configured with more than one FQDN ('domain'
field in the cred block) to perform Domain Name List matching against
multiple home domains.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Jouni Malinen
01f809c7db Add AAA server domain name suffix matching constraint
The new domain_suffix_match (and domain_suffix_match2 for Phase 2
EAP-TLS) can now be used to specify an additional constraint for the
server certificate domain name. If set, one of the dNSName values (or if
no dNSName is present, one of the commonName values) in the certificate
must have a suffix match with the specified value. Suffix match is done
based on full domain name labels, i.e., "example.com" matches
"test.example.com" but not "test-example.com".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 13:34:26 +03:00
Masashi Honma
1a9f24714e Make scan_freq field to be saved by save_config
Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2013-09-23 16:06:06 +03:00
Jouni Malinen
01a57fe420 P2P: Maintain list of per-client PSKs for persistent groups
Record all generated per-client PSKs in the persistent group network
block and configure these for the GO Authenticator whenever re-starting
the persistent group. This completes per-client PSK support for
persistent groups.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 21:35:10 +03:00
Ben Greear
6124e858fd wpa_supplicant: Allow vifs to scan only current channel
If a VIF is already associated, then only scan on the associated
frequency if user requests such. This is a big help when using
lots of virtual stations.

Signed-hostap: Ben Greear <greearb@candelatech.com>
Signed-off-by: Ben Greear <greearb@candelatech.com>
2013-05-09 12:43:40 +03:00
Sheng Fang
4aa8186806 Add a configration parameter for sched_scan interval
The new sched_scan_interval parameter can be used to set the default
sched_scan interval, e.g., for power saving purposes.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-07 12:41:14 +03:00
Ben Greear
f5ffc348dc wpa_supplicant: Allow global scan frequencies configuration
This allows one to limit the channels that wpa_supplicant will
scan. This is a useful addition to the freq_list configurable
in the network {} section.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2013-05-05 11:46:54 +03:00
Dmitry Shmidt
e6304cad47 wpa_supplicant: Add option -I for additional config file
This option can be used only for global parameters that are not going
to be changed from settings.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Iliyan Malchev <malchev@google.com>
2013-04-23 17:38:57 +03:00
Jouni Malinen
4342326fc7 Add ignore_old_scan_res configuration parameter
This can be used to configure wpa_supplicant to ignore old scan results
from the driver cache in cases where such results were not updated after
the scan trigger from wpa_supplicant. This can be useful in some cases
where the driver may cache information for a significant time and the AP
configuration is changing. Many such cases are for testing scripts, but
this could potentially be useful for some WPS use cases, too.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 18:05:42 +03:00
Jouni Malinen
ef8151ac57 P2P: Write p2p_ignore_shared_freq to configuration file on updates
Commit b277a2bebc added a new global
configuration parameter, but forgot to update configuration file saving
to store this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-26 22:24:41 +02:00
Jouni Malinen
18a2eaabe3 Add ap_vendor_elements for wpa_supplicant AP/P2P GO mode
This new parameter allows wpa_supplicant AP mode operations to use
similar design to the vendor_elements parameter in hostapd to add
vendor_elements into Beacon/Probe Response IE parameters.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-21 15:52:41 +02:00
Jouni Malinen
18206e02c5 Allow wpa_supplicant AP mode to configure Beacon interval
beacon_int (in TU) can now be used to configure Beacon interval for AP
mode operations (including P2P GO) in wpa_supplicant. This can be set
either in a network block or as a global parameter in the configuration
file (or with "SET beacon_int <value>" control interface command) to
apply for all networks that do not include the beacon_int parameter to
override the default.

In addition, this commits extends the dtim_period parameter to be
available as a global parameter to set the default value. dtim_period is
now stored in the configuration file, too, if it was set.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 20:50:08 +02:00
Jouni Malinen
042ec551d4 WPS: Use pre-configured NFC password token instead of overriding it
"WPS_NFC_TOKEN <WPS/NDEF>" used to generate a new NFC password token
regardless of whether there was a pre-configured token in the
configuration. Change this to use the pre-configured value, if
available, instead. This allows the same command to be used to write the
password token to an NFC tag more conveniently.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 11:24:29 +02:00
Jouni Malinen
625f202a74 SAE: Allow enabled groups to be configured
hostapd.conf sae_groups parameter can now be used to limit the set of
groups that the AP allows for SAE. Similarly, sae_groups parameter is
wpa_supplicant.conf can be used to set the preferred order of groups. By
default, all implemented groups are enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Janusz Dziedzic
bca06366a9 wpa_supplicant: Save frequency configuration parameter
In case of wpa_supplicant IBSS and AP modes after we will call wpa_cli
save command we should also save configured frequency. In other case
after wpa_supplicant restart we have frequency = 0 and AP start will
fail.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-01-12 10:23:45 +02:00
Jouni Malinen
dbea8ac7ab Interworking: Allow SSID-based network exclusion for credentials
The new excluded_ssid parameter within a cred block can be used to
excluded networks from matching with credentials.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:01:50 +02:00
Jouni Malinen
9aae09f196 Interworking: Fix cred saving
Number of cred block fields were not saved when wpa_supplicant is
writing the configuration file.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:00:52 +02:00
Jouni Malinen
62d4980331 Allow PMF to be enabled by default
Previously, PMF (protected management frames, IEEE 802.11w) could be
enabled only with a per-network parameter (ieee80211w). The new global
parameter (pmf) can now be used to change the default behavior to be PMF
enabled (pmf=1) or required (pmf=2) for network blocks that do not
override this with the ieee80211w parameter.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-24 22:21:29 +02:00
Jouni Malinen
6e2020210a Allow OKC to be enabled by default
Previously, OKC (opportunistic key caching, a.k.a. proactive key
caching) could be enabled only with a per-network parameter
(proactive_key_caching). The new global parameter (okc) can now be used
to change the default behavior to be OKC enabled (okc=1) for network
blocks that do not override this with the proactive_key_caching
parameter.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-12 20:07:53 +02:00
Jouni Malinen
d76cd41a3a P2P: Allow separate P2P group interface use to be disabled
The new p2p_no_group_iface=1 configuration parameter can now be used to
disable the default behavior of adding a separate interface for the P2P
group when driver support for concurrent interfaces is available.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-29 15:02:30 +02:00
Jouni Malinen
7a808c7eb7 P2P: Allow P2P functionality to be disabled per interface
By default, P2P is enabled globally for all virtual interfaces and this
makes wpa_supplicant include WSC and P2P IEs in Probe Request frames for
all scans even if this is for a non-P2P station connection to speed up
device discovery. If an interface is dedicated for non-P2P station mode
operations, it is now possible to disable addition of WSC and P2P IEs
into Probe Request frames with a per-interface p2p_disabled parameter.
This can be set either in the configuration file (p2p_disabled=1) or at
run time ("wpa_cli -i wlan0 set p2p_disabled 1"). Unlike the previous
mechanism ("wpa_cli p2p_set disabled 1"), the new parameter changes the
behavior only for the specified interface while other interfaces
continue to follow the global P2P enabled/disabled state.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-10 13:08:23 +03:00
Arik Nemtsov
a93a15bbfd P2P: Add a conf parameter to start a GO as HT40 if allowed
When specified in the conf file this parameter will make all invocations
of p2p_group_add, p2p_connect, and p2p_invite behave as if "ht40" has
been specified on the command line. This shouldn't do harm since
regulatory constraints and driver capabilities are consulted anyway
before starting HT40 mode.

Signed-hostap: Arik Nemtsov <arik@wizery.com>
2012-09-30 20:35:51 +03:00
Jouni Malinen
4d5bda5fca Interworking: Add optional use of network selection on normal scans
auto_interworking=1 configuration parameter can be used to request
wpa_supplicant to use Interworking network selection automatically as a
part of the normal (non-Interworking) network selection if the scan
results do not match with enabled networks. This makes scanning work
similarly to the "interworking_select auto" command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-28 16:14:13 +03:00
Jouni Malinen
d42bc5e178 Handle long configuration file lines more gracefully
Skip the end of long configuration lines that get truncated in
wpa_config_get_line(). Without this, the rest of the file was being
parsed as another line and that resulted in an unexpected error
message (wrong line number and wrong starting point).

In addition, increase the read buffer for network blocks from 256
to 2000 since p2p_client_list parameter can have long values. These
were supposed to truncated cleanly, but the unexpected processing of
the end of the file (which is now fixed in this commit) could cause
configuration file to be rejected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-08-23 23:52:45 +03:00
Eyal Shapira
462a7439e1 Add p2p_go_max_inactivity config option
This enables setting a different max inactivity timeout for P2P GO.
This timeout is used to detect inactive clients. In some scenarios
it may be useful to have control over this and set a shorter timeout
than the default 300s. For example when running STA and P2P GO interfaces
concurrently, the STA interface may perform scans which may cause the
GO to miss a disassoc / deauth frames from a client and keep assuming
that the client is connected until the inactivity detection kicks in.
300 secs is a bit too long for such scenarios and creates a bad user
experience.

Signed-hostap: Eyal Shapira <eyal@wizery.com>
2012-08-10 16:28:38 +03:00
Ben Greear
481cac211e Add some debug info for config file error cases
It didn't always spit out useful stuff when reading config failed.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2012-08-04 20:38:50 +03:00
Jouni Malinen
306ae22556 EXT PW: Add framework for supporting external password storage
This new mechanism can be used to make wpa_supplicant using external
storage (e.g., key store in the operating system) for passwords,
passphrases, and PSKs. This commit is only adding the framework part
needed to support this, i.e., no actual configuration parameter can
yet use this new mechanism. In addition, only a simple test backend
is added to allow developer testing of the functionality.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-03 22:15:42 +03:00
Jouni Malinen
2518aad3e8 Move PSK/passphrase configuration check into use time from parsing
Instead of rejecting network blocks without PSK/passphrase at the time
the configuration file is read, allow such configuration to be loaded
and only behave as if the network block with missing PSK/passphrase is
disabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-03 22:15:42 +03:00
Jouni Malinen
3f2c8ba6d3 WPS: Add new mechanism for NFC config method using password token
Instead of requiring low-level access to an NFC device and synchronous
operations, the new WPS_NFC_TOKEN and WPS_NFC ctrl_iface commands can be
used to build a NFC password token and initiate WPS protocol run using
that token (or pre-configured values) as separate commands. The
WPS_NFC_TOKEN output can be written to a NFC tag using an external
program, i.e., wpa_supplicant does not need to have low-level code for
NFC operations for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
1aea2ca325 Write autoscan parameter to config file on updates
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:43:05 +03:00
Jay Katabathuni
66aadbd7bf HS 2.0: Add runtime configuration of Hotspot 2.0 station
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:29:45 +03:00
Wei-Jen Lin
1298c14594 Allow pbc_in_m1 workaround to be enabled in wpa_supplicant AP mode
This workaround for Windows 7 WPS probing mechanism was previously
allowed only with hostapd, but the same interoperability issue can
happen with wpa_supplicant AP/GO mode. Allow the workaround to be
enabled in wpa_supplicant configuration for these uses.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 16:51:04 +03:00
Jouni Malinen
54ddd74369 Add disable_scan_offload parameter to disable automatic scan offloading
This new configuration parameter can be used to disable automatic
offloading of scan requests to the driver which was previously used
by default if the driver supported sched_scan.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-17 16:30:15 +03:00
Jouni Malinen
4f920dc63e Do not write bg_scan_period value if default (-1) has not been changed
There is no need to force this configuration parameter to be written
into the configuration file for each network block that has not modified
the default value.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-06 18:11:47 +03:00
Ed Wildgoose
af548f5320 Save bgscan parameter into configuration file
Signed-off-by: Ed Wildgoose <lists@wildgooses.com>
intended-for: hostap-1
2012-04-06 17:59:34 +03:00
Anirban Sirkhell
71dd3b78f9 WPS: Allow vendor specific attribute to be added into M1
wps_vendor_ext_m1 configuration parameter can now be used to add a
vendor specific attribute into the WPS M1 message, e.g., for
Windows Vertical Pairing.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-04 00:08:57 +03:00
Bala Shanmugam
1f6c0ab872 Allow background scan period to be configured
A network block specific background scan period can now be configured
for drivers that implement internal background scan mechanism for
roaming and BSS selection.

Signed-hostap: Bala Shanmugam <bkamatch@qca.qualcomm.com>
2012-03-30 15:20:35 +03:00
Jouni Malinen
21d996f775 P2P: Add support for preferred channel list
p2p_pref_chan configuration parameter can now be used to set the
list of preferred channel for P2P GO Negotiation. This will be used
in the priority order if the peer does not support the channel we
are trying to use as the GO (configured operating channel or the
best 2.4 GHz/5 GHz channel) for the case where a forced channel is
not used.

p2p_pref_chan=<op class:channel>,...

For example:
p2p_pref_chan=81:1,81:2,81:3,81:4,81:5,81:6

This would configure 2.4 GHz channels 1-6 as the preferred ones with
channel 1 the most preferred option.

These configuration parameters can be set in wpa_supplicant.conf and
dynamically updated with "wpa_cli set <param> <value>".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-03-29 21:28:34 +03:00
Jouni Malinen
d7b01abd5e Interworking: Support real SIM/USIM card for network selection
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-03-04 16:02:56 +02:00
Jouni Malinen
f64adcd71e Allow PC/SC reader to be selected and initialized at start
New global configuration parameters pcsc_reader and pcsc_pin can now be
used to initialize PC/SC reader context at start of wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-26 13:09:30 +02:00
Jouni Malinen
1a712d2fc1 Interworking: Add support for credential priorities
This allows credentials to be set with a specific priority to allow
the automatic network selection behavior to be controlled with user
preferences. The priority values are configured to the network block
and BSS selection will select the network based on priorities from
both pre-configured network blocks and credentials.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 16:37:21 +02:00
Jouni Malinen
f2c207515a Interworking: Write cred blocks into configuration file
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 16:35:10 +02:00
Jouni Malinen
1bb7b8e84c Interworking: Add support for multiple credentials
This replaces the global home_* parameters with a list of credentials
that can be configured similarly to network blocks. For example:

cred={
	realm="example.com"
	username="user@example.com"
	password="password"
	ca_cert="/etc/wpa_supplicant/ca.pem"
	domain="example.com"
}

cred={
	imsi="310026-000000000"
	milenage="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123"
}

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 16:34:22 +02:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
fbdcfd577a P2P: Maintain a list of P2P Clients for persistent group on GO
Add a new persistent group network block field, p2p_client_list, to
maintain a list of P2P Clients that have connected to a persistent
group. This allows GO of a persistent group to figure out more easily
whether re-invocation of a persistent group can be used with a specific
peer device.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-22 22:47:41 +02:00
Jouni Malinen
0bf927a03e Use wpa_key_mgmt_*() helpers
This cleans up the source code and makes it less likely that new AKM
addition misses some needed changes in the future.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-24 22:47:46 +02:00
Jouni Malinen
8e8280bd5e Do not save an invalid network block in wpa_supplicant.conf
wpa_supplicant is going to reject a configuration file that uses
WPA/WPA2-Personal (the default key_mgmt), but does not define
passphrase/PSK. Refuse to save such a configuration to avoid getting
stuck with a configuration that wpa_supplicant will reject.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-24 22:47:32 +02:00
Jouni Malinen
a769b094d7 Do not write all zeros device_type
This is the default value if device_type is not set, so do not
write it to the wpa_supplicant configuration file when saving
updated configuration.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-24 22:22:16 +02:00
Jouni Malinen
11540c0b21 Interworking: Allow ANT to be configured for Probe Request frames
Access Network Type can now be configured (default: 15 = wildcard) to
limit which APs reply to the scan.
2011-10-21 12:44:29 +03:00
Jouni Malinen
3b840b6748 Interworking: Support for using EAP-SIM credentials in network selection
New configuration parameters home_imsi and home_milenage can be used
to configure SIM/USIM simulator parameters for network selection based
on SIM/USIM credentials.

home_imsi=(MCC | MNC | '-' | rest of IMSI)
home_milenage=(Ki):(OPc):(SQN)

For example:
home_imsi=310026-000000000
home_milenage=90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123
2011-10-16 23:55:34 +03:00
Jouni Malinen
67e1b98463 Interworking: Support username/password based network selection
Add support for network selection for username/password credentials with
EAP-TTLS and EAP-PEAP. The new global configuration parameters
home_username, home_password, and home_ca_cert can be used to specify
credentials for network selection.
2011-10-16 23:55:34 +03:00
Jouni Malinen
73c41a8fab Interworking: Parse NAI Realms and match against home realm 2011-10-16 23:55:34 +03:00
Jouni Malinen
46ee0427b1 IEEE 802.11u: Allow Interworking and HESSID to be configured
The new wpa_supplicant.conf file global parameters interworking and
hessid can be used to configure wpa_supplicant to include
Interworking element in Probe Request frames.
2011-10-16 23:55:34 +03:00
Sam Leffler
78633c3709 wpa_supplicant: Parameterize BSS table expiration age + count
Replace compile-time BSS cache expiration age and scan count by config
parameters that can be set via wpa_cli and the new D-Bus API. The latter
is done with interface properties BSSExpireAge and BSSExpireCount.
2011-03-20 12:40:59 +02:00
Johannes Berg
2f646b6e83 WPS: Store (secondary) device type as binary
Instead of converting back and forth from the string representation,
always use the binary representation internally.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-17 18:50:22 +02:00
Johannes Berg
0d7e5a3a29 Allow AP mode to disconnect STAs based on low ACK condition
The nl80211 driver can report low ACK condition (in fact it reports
complete loss right now only). Use that, along with a config option, to
disconnect stations when the data connection is not working properly,
e.g., due to the STA having went outside the range of the AP. This is
disabled by default and can be enabled with disassoc_low_ack=1 in
hostapd or wpa_supplicant configuration file.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-12-28 17:15:01 +02:00
Dmitry Shmidt
ae6e1bee67 Add WPA_IGNORE_CONFIG_ERRORS option to continue in case of bad config
This is an option to continue with wpa_supplicant and hostapd even if
config file has errors. The problem is that these daemons are the best
"candidates" for the config change, so if they can not start because
config file was let's say corrupted, you can not fix it easily.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2010-10-31 12:38:49 +02:00
Jouni Malinen
3071e18109 P2P: Add mechanism for timing out idle groups
A new configuration parameter, p2p_group_idle, can now be used to set
idle timeout value for P2P groups in seconds (0 = no timeout). If set,
this values is used to remove P2P group (both GO and P2P client)
interfaces after the group has been idle (no clients/GO seen) for the
configuration duration.

The P2P-GROUP-REMOVED event is now indicating the reason for group
removal when known. For example:
P2P-GROUP-REMOVED wlan0 GO reason=REQUESTED
P2P-GROUP-REMOVED wlan1 client reason=IDLE
2010-10-25 18:24:15 +03:00
Jouni Malinen
dae608d5d3 Add max_num_sta config option for wpa_supplicant AP mode
This can be used to limit the number of stations allowed to be
connected to the AP.
2010-10-19 17:08:20 +03:00
Sudhakar Swaminathan
0f66abd25b P2P: Add option for disabling intra BSS distribution
p2p_intra_bss configuration parameter can now be used to
disable/enable intra BSS distribution (bridging of frames between
the clients in a group).
2010-09-10 10:30:26 -07:00
Jouni Malinen
2ff99b3c38 P2P: Do not save temporary networks 2010-09-09 07:17:16 -07:00
Jouni Malinen
e3768e7c94 P2P: Add global configuration parameters for P2P 2010-09-09 07:17:16 -07:00
Jouni Malinen
121adf9c2e Move global configuration parser into config.c
This makes it easier to provide support for dynamic updates of the
global configuration parameters while wpa_supplicant is running.
2010-09-09 07:17:16 -07:00
Jouni Malinen
3812464cda Add optional scan result filter based on SSID
filter_ssids=1 global configuration parameter can now be used to
enable scan result filtering (with -Dnl80211 only for now) based on
the configured SSIDs. In other words, only the scan results that have
an SSID matching with one of the configured networks are included in the
BSS table. This can be used to reduce memory needs in environments that
have huge number of APs.
2010-03-05 21:42:06 +02:00
Jouni Malinen
c9c38b0996 Make maximum BSS table size configurable
New global configuration parameter bss_max_count can now be used to
change the maximum BSS table size. The old fixed size limit (200) is
used as the default value for this parameter.
2010-03-05 20:20:09 +02:00
Jouni Malinen
c0e4dd9eeb WPS: Make Config Methods configurable for wpa_supplicant
This adds config_methods configuration option for wpa_supplicant
following the design used in hostapd. In addition, the string is
now parsed in common code from src/wps/wps_common.c and the list
of configurable methods include all the defined methods from
WPS 1.0h spec.
2009-12-21 15:59:25 +02:00
Jouni Malinen
2d106f21aa Remove unnecessary defines
The following defines are not really needed in most places, so
remove them to clean up source code and build scripts:
EAP_TLS_FUNCS
EAP_TLS_OPENSSL
EAP_TLS_GNUTLS
CONFIG_TLS_INTERNAL
2009-12-05 22:51:08 +02:00
Jouni Malinen
476621644c WPS: Add configurable option for processing credentials externally
The wps_cred_process option can be used to configure wpa_supplicant to
send received Credential attributes for external processing over
ctrl_iface and dbus. This allows external programs to update their
configuration when WPS is used to provision new networks.
2009-01-18 12:27:12 +02:00
Jouni Malinen
9be0963605 Fixed global conf write to skip default values for uuid and os_version 2008-12-18 21:29:59 +02:00
Jouni Malinen
6e783c6da9 Added INT_RANGE parser for global configuration variables 2008-12-13 18:21:16 +02:00
Jouni Malinen
32896a0dd1 Use shared string parser for global configuration fields 2008-12-13 18:17:27 +02:00
Jouni Malinen
d7afb15a10 Share the same global config parser function for integer values 2008-12-13 18:04:43 +02:00
Jouni Malinen
55655636d8 First step in cleaning up global config parser: use parse_data array 2008-12-13 17:57:17 +02:00
Jouni Malinen
3c0b7aa4fe Added configuration of WPS device parameters for wpa_supplicant 2008-12-13 17:20:46 +02:00
Jouni Malinen
315ce40a00 Renamed the 'alpha2' variable to 'country' to match with config string 2008-12-09 22:15:47 +02:00
Luis R. Rodriguez
6d1584905c wpa_supplicant: Add support for setting of a regulatory domain
This adds support for setting of a regulatory domain to wpa_supplicant
drivers. It also adds regulatory domain setting for the nl80211 driver.
We expect an ISO / IEC 3166 alpha2 in the wpa configuration file as a
global.
2008-12-09 22:11:14 +02:00
Jouni Malinen
f855f923a7 WPS: Moved UUID configuration from phase1 into global config area 2008-11-26 20:47:24 +02:00
Jouni Malinen
ad08c3633c Added preliminary Wi-Fi Protected Setup (WPS) implementation
This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.

Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
2008-11-23 19:34:26 +02:00
Carolin Latze
98842d51ec Separate OpenSSL engine configuration for Phase 2
I fixed the engine issue in phase2 of EAP-TTLS. The problem was that you
only defined one engine variable, which was read already in phase1. I
defined some new variables:

engine2
engine2_id
pin2

and added support to read those in phase2 wheres all the engine
variables without number are only read in phase1. That solved it and I
am now able to use an engine also in EAP-TTLS phase2.
2008-11-18 16:53:32 +02:00
Jouni Malinen
565861976d Added support for using SHA256-based stronger key derivation for WPA2
IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for
key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new
AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 22:57:28 +03:00
David Smith
61ee0f71bb Add support to wpa_supplicant configuring eap_peer for client cert and CA
cert on smartcard, plus handling phase2 auth with smartcard same as phase1.
2008-05-23 10:55:30 +03:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00