Commit graph

3968 commits

Author SHA1 Message Date
Jouni Malinen
b031338cf0 Add preliminary RADIUS dynamic authorization server (RFC 5176)
This adds the basic DAS mechanism to enable hostapd to be configured
to request dynamic authorization requests (Disconnect-Request and
CoA-Request). This commit does not add actual processing of the
requests, i.e., this will only receive and authenticate the requests
and NAK them regardless of what operation is requested.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-06 22:02:42 +03:00
Jouni Malinen
af35e7af7f hostapd: Allow addition of arbitrary RADIUS attributes
New configuration parameters radius_auth_req_attr and
radius_acct_req_attr can now be used to add (or override) RADIUS
attributes in Access-Request and Accounting-Request packets.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 20:19:56 +03:00
Jouni Malinen
86f6053aa2 hostapd: Add optional Chargeable-User-Identity request (RFC 4372)
radius_request_cui=1 configuration parameter can now be used to
configure hostapd to request CUI from the RADIUS server by including
Chargeable-User-Identity attribute into Access-Request packets.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 18:19:54 +03:00
Jouni Malinen
4e132a618e hostapd: Copy Chargeable-User-Identity into accounting (RFC 4372)
If Access-Accept packet includes the Chargeable-User-Identity attribute,
copy this attribute as-is into accounting messages.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 18:05:09 +03:00
Jouni Malinen
4732ee3a87 Add more documentation for IEEE 802.11w/PMF configuration
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 16:48:23 +03:00
Jouni Malinen
3d332fe75e Fix SIM/USIM determination to support EAP-AKA'
Both EAP-AKA and EAP-AKA' use USIM. Without this change, use of real
USIM card for EAP-AKA' was not allowed to proceed, i.e., only the
software simulated USIM operations were supported.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-05 14:19:13 +03:00
Jouni Malinen
5daba48ca7 hlr_auc_gw: Use 5 bit IND for SQN updates
Change the SQN generation mechanism to use not time-based Profile 2
as described in 3GPP TS 33.102 Annex C.3.2. The previous implementation
used void IND (i.e.., all of SQN was SEQ1). The new default uses 5 bits
of SQN as IND. The length of IND can be configured on the command line
with the new -i<IND len in bits> parameter. -i0 would make hlr_auc_gw
behave in the same way as the previous implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 14:12:42 +03:00
Jouni Malinen
5336861301 hlr_auc_gw: Add support for updating Milenage file SQN
If the new command line argument -u is used, hlr_auc_gw will update
the Milenage file SQN numbers when exiting based on what was the last
SQN used during the process runtime.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-03 22:39:49 +03:00
Jouni Malinen
057a92ec5c hlr_auc_gw: Fix CONFIG_WPA_TRACE=y build
Need to initialize tracing code and use correct free() wrapper.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-03 22:05:04 +03:00
Jouni Malinen
f765701faf P2P: Add P2P information for Doxygen docs
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 18:08:23 +03:00
Xi Chen
f2e03085d7 WNM: Define IEEE 802.11v WNM-Sleep elements
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 18:08:19 +03:00
Wei-Jen Lin
1298c14594 Allow pbc_in_m1 workaround to be enabled in wpa_supplicant AP mode
This workaround for Windows 7 WPS probing mechanism was previously
allowed only with hostapd, but the same interoperability issue can
happen with wpa_supplicant AP/GO mode. Allow the workaround to be
enabled in wpa_supplicant configuration for these uses.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 16:51:04 +03:00
Wei-Jen Lin
f571b593ba P2P: Clone max_sta_num parameter for group interfaces
This is needed to allow the max_sta_num parameter set in the main
configuration file to apply to dynamically created P2P group
interfaces.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-05-03 16:41:15 +03:00
Jouni Malinen
6434ad09d6 Scan only 2.4 GHz band for OBSS scans
Since we are reporting 20/40 BSS coex information only for 2.4 GHz band,
there is no need to run the full scan on dualband cards.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 15:55:42 +03:00
Rajkumar Manoharan
c3701c66a5 Add handling of OBSS scan requests and 20/40 BSS coex reports
Add support for HT STA to report 40 MHz intolerance to the associated AP.
A HT station generates a report (20/40 BSS coexistence) of channel list
if it finds a non-HT capable AP or a HT AP which prohibits 40 MHz
transmission (i.e., 40 MHz intolerant bit is set in HT capabilities IE)
from the scan results.

Parse the OBSS scan parameter from Beacon or Probe Response frames and
schedule periodic scan to generate 20/40 coexistence channel report if
requested to do so. This patch decodes Scan Interval alone from the OBSS
Scan Parameters element and triggers scan on timeout.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 15:55:38 +03:00
Rajkumar Manoharan
73cdd917a3 Define 20/40 BSS Coexistence elements
This patch defines 20/40 BSS Intolerant Channel Report element
(IEEE 802.11-2012 8.4.2.60) and 20/40 BSS Coexistence element
(IEEE 802.11-2012 8.4.2.62).

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 15:55:35 +03:00
Jouni Malinen
762e4ce620 EAP-AKA': Update to RFC 5448
There was a technical change between the last IETF draft version
(draft-arkko-eap-aka-kdf-10) and RFC 5448 in the leading characters
used in the username (i.e., use unique characters for EAP-AKA' instead
of reusing the EAP-AKA ones). This commit updates EAP-AKA' server and
peer implementations to use the leading characters based on the final
RFC.

Note: This will make EAP-AKA' not interoperate between the earlier
draft version and the new version.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-02 20:45:01 +03:00
Jouni Malinen
8351998313 EAP-AKA' server: Fix identity for MK derivation
Incorrect identity string could end up being used with EAP-AKA' when
the EAP client is using pseudonym. This code was supposed to use
sm->identity just like the EAP-AKA case.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-02 20:40:11 +03:00
Wei-Jen Lin
1c7447d08b P2P: Fix Device ID matching for Probe Request frames
The misplaced parenthesis caused Device ID matching to check only the
first octet of the P2P Device Address, i.e., we could have replied to
Probe Request frames that was searching for another device if any of
the last five octets of the address were different.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-05-02 15:19:02 +03:00
Jouni Malinen
1f0cc27eb9 Remove unused variable if CONFIG_P2P=y is not used
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-28 18:31:01 +03:00
Jouni Malinen
d84b913955 Remove unused variable
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-28 18:30:41 +03:00
Jouni Malinen
e09e61c2c1 Fix compiler warning on printf format with size_t
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-28 18:30:12 +03:00
Jouni Malinen
d211881474 Fix D-Bus build without ctrl_iface
Commit 7de5688d68 started using
wpa_supplicant_ctrl_iface_ctrl_rsp_handle() from the D-Bus code, but
left this function in ctrl_iface.c that is included conditionally. Fix
this by moving the common function into wpa_supplicant.c so that it can
be included for builds that include only either ctrl_iface or D-Bus.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-04-27 21:21:31 +03:00
Jouni Malinen
23c84252a4 P2P: Add option to force SSID/passphrase for GO Negotiation
An existing persistent group information can now be used to force GO
Negotiation to use the previously used SSID/passphrase from a persistent
group if we become a GO. This can be used as an alternative to inviting
a new P2P peer to join the group (i.e., use GO Negotiation with GO
intent 15 instead of starting an autonomous GO and using invitation),
e.g., in case a GO Negotiation Request is received from a peer while we
are not running as a GO. The persistent group to use for parameters is
indicated with persistent=<network id> parameter to p2p_connect.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-27 18:25:30 +03:00
Jouni Malinen
0918c4bf3b P2P: Add p2p_prov_disc auto mechanism
wpa_supplicant can now be requested to automatically figure out whether
the indicated peer is operating as a GO and if so, use join-a-group
style PD instead of pre-GO Negotiation PD.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-26 17:13:03 +03:00
Jouni Malinen
25a94f525c P2P: Fix PD Failure event to show peer device address
The p2p_dev_addr parameter in the P2P-PROV-DISC-FAILURE event (added in
commit f65a239ba4) was supposed to the P2P
Device Address of the peer, not the local device.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-26 17:09:02 +03:00
Jouni Malinen
c98b83f2d3 P2P: Do not update peer Listen channel based on PD/Invitation
Commits 17bef1e97a and
ffe98dfb88 started using p2p_add_device()
with other frames than just Probe Response frames from scan results.
However, these changes did not take into account that the PD Request
and Invitation Request frames are normally received on the our own
Listen channel, not on the Listen channel of the peer. As such, these
frames must not be used to update Listen channel information for the
peer.

Fix this by letting p2p_add_device() know whether the results are from
scan results and if not, skip the peer table updates that are specific
to Probe Response frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-04-26 16:11:17 +03:00
Jouni Malinen
7c4e92115a Update Doxygen documentation for new version
Add src/p2p directory and work around some issues with newer Doxygen
versions disliking the wpa_supplicant prefix in labels.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-24 20:37:24 +03:00
Jouni Malinen
1ceb0e1778 Fix validation of PSK-from-RADIUS-server required response
cache->psk is an array and never NULL. The check here needs to check the
cache->has_psk flag instead.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-21 19:46:58 +03:00
Jouni Malinen
fcbf0b0ca9 Sync wpa_supplicant man page with README changes
The man page source was not up-to-date with removed driver wrappers,
so bring in the wpa_supplicant/README changes to make this somewhat
closer to the current state.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-21 19:17:14 +03:00
Jouni Malinen
eab6f5e04a Remove unnecessary EVENT_RX_MGMT data validation
Make wpa_supplicant_event() more consistent by not checking
data in either location handling EVENT_RX_MGMT events. This event
is required to specify the data so this pointer cannot be NULL.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-21 18:57:13 +03:00
Adrien Bustany
c9b72c257a P2P: Don't rely on dictionary ordering in wpas_dbus_handler_p2p_add_service
In most languages, DBus dictionaries are mapped to either sorted maps
or hash tables, so you can't control the actual ordering of the
generated a{sv}. Relying on ordering in this method is unnecessary and
makes it use from DBus much harder.

Signed-hostap: Adrien Bustany <adrien.bustany@nokia.com>
2012-04-21 18:28:10 +03:00
Masashi Honma
78039295e6 P2P: Remove unused variable
The "type" variable is not used in wpas_p2p_deinit_global().
So this patch removes it.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-04-21 18:21:30 +03:00
Jouni Malinen
93bcb70571 Sync with include/linux/nl80211.h from wireless-testing.git
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-04-19 20:41:42 +03:00
Deepthi Gowri
f65a239ba4 P2P: Add provision discovery failure event
Add provisional discovery failure ctrl_iface event
(P2P-PROV-DISC-FAILURE) to indicate to the application layer in case of
PD failure.

Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
2012-04-17 19:44:13 +03:00
Jouni Malinen
b55aca4672 Fix sched_scan for max-num-of-scan_ssid=1 networks
When the network configuration includes exactly the number of
scan_ssid=1 networks as the driver supports for scan_sched and no
networks need wildcard SSID scan, there is no need to use sched_scan
timeout. Check this condition and optimize this case to avoid the extra
sched_scan start/stop operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-17 16:51:09 +03:00
Jouni Malinen
7d21a223f1 Fix sched_scan debug print regarding timeout
The debug messages were showing the opposite of what the actual
implementation was doing for sched_scan timeout.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-17 16:32:40 +03:00
Jouni Malinen
54ddd74369 Add disable_scan_offload parameter to disable automatic scan offloading
This new configuration parameter can be used to disable automatic
offloading of scan requests to the driver which was previously used
by default if the driver supported sched_scan.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-17 16:30:15 +03:00
Jouni Malinen
5b9cecafaf P2P: Fix disallowing of pending listen command to override connect
Commit d9bdba9f86 was supposed to allow
p2p_listen to schedule new after scan operation only if a p2p_connect
operation was not pending. However, it used incorrect P2P_AFTER_SCAN_
value for this and did not actually prevent overriding of p2p_connect
and could have caused some p2p_listen operations to be skipped
unnecessarily.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-04-16 18:51:33 +03:00
Adrien Bustany
e56fc9e81b P2P: Allow wildcard service discovery from DBus API
Using the socket command interface, it is possible to pass a NULL dst to
wpas_p2p_sd_request, however you could not do so using the D-Bus API,
since it required a valid Peer object path. This patch changes the
behavior, so that if the "peer_object" is missing from the parameters,
a NULL dst is passed to wpas_p2p_sd_request.

Signed-hostap: Adrien Bustany <adrien.bustany@nokia.com>
intended-for: hostap-1
2012-04-14 21:06:16 +03:00
Nirav Shah
cca0060f1e P2P: Cleanup P2PDevice D-Bus interface for hostap-1 release
This patch cleans up the P2PDevice D-Bus interface for the hostap-1
release. A spelling error is corrected and P2PDeviceProperties is
renamed to clarify that this data is configuration data and not the
total collection of Properties for the P2PDevice interface.

Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
Signed-hostap: Angie Chinchilla <angie.v.chinchilla@intel.com>
intended-for: hostap-1
2012-04-14 20:52:59 +03:00
Nirav Shah
445335fd86 P2P: Fix D-Bus property getters to default to "/" for Group, PeerGO
The D-Bus property getters should not return an error when the
properties are not valid/relevant. Returning an error breaks the
GetAll method in the dbus interface. Change Group and PeerGO
property getters to make GetAll work on P2PDevice.

Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
Signed-hostap: Angie Chinchilla <angie.v.chinchilla@intel.com>
intended-for: hostap-1
2012-04-14 20:48:26 +03:00
Dmitry Shmidt
51a0c3d417 wpa_supplicant: Use bss_id list for 'bss FIRST' command
Command 'bss FISRT' should use bss_id list, because 'bss NEXT-N' is using
bss_id list as well.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-04-14 20:39:10 +03:00
Jouni Malinen
5f482d55fd P2P: Allow immediate group idle timeout configuration
A special value p2p_group_idle=-1 can now be used to configure the P2P
group idle mechanism to terminate a P2P client group immediately on any
disconnection after the completion of the initial 4-way handshake.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-13 17:03:27 +03:00
Jouni Malinen
361cdf3400 P2P: Extend use of group formation timeout until end of 4-way handshake
Instead of relying on the P2P group idle timeout before the group
connection has been fully established, re-start the group formation
timeout in the end of the WPS provisioning step and clear it at the
successful completion of the initial 4-way handshake. This allows the
P2P group idle timeout to be set to a small value without triggering it
during the initial scan and connection attempt.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-13 17:01:15 +03:00
Jouni Malinen
205e6474a1 P2P: Fix p2p_connect join scan handler in error cases
wpa_drv_scan() may fail for the initial p2p_connect join scan request,
e.g., if the driver happened to be scanning at the time the new
operation was initialized. Previously, a special scan result handler was
registered regardless of whether the new scan was started. This could
result in partial scan results (e.g., from p2p_find social scan) from
being used as full results for join (or now more importantly for
p2p_connect auto) purposes. Fix this by registering the new scan result
handler only if wpa_drv_scan() returns success.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-13 16:13:14 +03:00
Jouni Malinen
b31be3a0fd P2P: Add automatic GO Negotiation vs. join-a-group selection
p2p_connect command can now be used with an optional "auto" parameter
to request wpa_supplicant to determine automatically whether to use
join-a-group operation (if the peer is operating as a GO) or group
formation. This makes it easier for external programs to handle
connection type selection by offloading this to wpa_supplicant. The
previously used p2p_connect join commands can be replaced with
p2p_connect auto to use this new mechanism.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-13 16:04:36 +03:00
Jouni Malinen
7b63c6396a P2P: Clear P2P_DEV_SD_INFO when new wildcard SD query is added
Unlike the unicast SD queries, the queries directed to all peers depend
on P2P_DEV_SD_INFO flag being cleared to allow the query to be sent to
a peer that has previously replied to any SD query.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-11 17:51:19 +03:00
Vasanthakumar Thiagarajan
5cbf5fd9bd Allow disable_ht to override 11n configuration in AP mode
This is being done only for station mode, extend it to AP mode as well.

Signed-hostap: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
2012-04-11 16:24:03 +03:00
Jouni Malinen
a625ff6059 AP: Reschedule ap_handle_timer event on (re)association
Previously, the timeout scheduled during the previous association was
used after reassociation if the STA entry had not yet been removed. The
next timeout does not need to happen that quickly, so reschedule it
during reassociation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-11 14:24:24 +03:00