Android platform assigns the same socket id if the socket identifier in
conf->ctrl_interface and global->params.ctrl_interface (parameter for
android_get_control_socket) point to the same Android specific control
socket. This ends up having two eloop socket handlers registered for the
same file descriptor and thus, two attempt to receive and process each
command. This can result in unexpected failure, e.g., the prefix IFNAME=
for any command is valid for global socket handler, but results in
UNKNOWN COMMAND response from the per-interface ctrl socket handler).
Since it might be possible to end up with this type of invalid
configuration in OTA upgrade, compare the socket identifiers and do not
open the ctrl socket on the respective interface if both point to same.
This allows the Wi-Fi framework to use the global control interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This was already the case for most command sequences, but it was
possible for wpa_s->reassociate to be set to 1 when CTRL-RSP-* commands
were used to set identity, password, or passphrase for EAP
authentication. In such cases, ENABLE_NETWORK issued after the
connection was completed could result in a new connection attempt
(likely reconnection back to the same BSS).
Fix this by checking whether an actual connection is already present
even if wpa_s->reassociate is set when processing the ENABLE_NETWORK
command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible for driver-based BSS selection to end up reassociating
back to the current AP. If wpa_supplicant preferred another BSS, it
would have updated the internal knowledge of the AP's WPA/RSN IE when
requesting a new connection. In the special case of existing association
and new association being with the same BSS that is different from the
wpa_supplicant preference, association event processing skipped the
WPA/RSN IE update. This could result in the following 4-way handshake
getting rejected due to incorrectly detected mismatch with AP's RSN/WPA
IE between Beacon/Probe Response frame and EAPOL-Key msg 3/4.
Fix this by updating the AP WPA/RSN IE on all association events when
driver-based BSS selection is used regardless of whether the BSSID
changes. This could also cover a theoretical case of the AP changing its
RSN/WPA IE at the very moment we try to reassociate back to the same
BSS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These prints were at DEBUG level (-d), but they can be very frequent, so
drop them to MSGDUMP (-dd). This allows the prints to be suppressed in
common debugging cases while still leaving them easily enablable to
debug control interface issues without having to enable excessive
debugging.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commands like BSS and GET_NETWORK are used in some cases very frequently
and those can increase the amount of debug information from
wpa_supplicant without significant benefit. These were logged at the
DEBUG level (-d). Move logging of such read-only commands (i.e., no new
wpa_supplicant operation is started based on it) to EXCESSIVE level
(-ddd) which was already used for the PING command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When wpa_init() in __mesh_rsn_auth_init() failed, empty rsn->auth caused
segmentation fault due to NULL pointer dereference when wpa_deinit() was
called. Fix this by checking the pointer before executing deinit steps.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The RSN IE is required by IEEE Std 802.11-2012 on SAE use case:
Table 8-262 Mesh Peering Open frame Action field format
Table 8-263 Mesh Peering Confirm frame Action field format
Add the RSN IE to these frames.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Double the buffer length from 2048 to 4096 to match the length used
currently in wpa_supplicant. This allows wpa_gui to retrieve information
for more networks than previously.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows control interface monitors to get more detailed information
in cases where wpa_supplicant-based SME receives an Authentication frame
with non-zero status code.
Signed-off-by: Jouni Malinen <j@w1.fi>
For now, there is no support for passing extended_capa pointers through
the driver_privsep.c interface from wpa_priv. Avoid leaving bogus
pointers by explicitly clearing these on both wpa_priv and
wpa_supplicant sides.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add more details into configuration comments and a runtime info message
if ap_scan=2 is used with the nl80211 driver interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds a new helper function wpa_ctrl_open2() that can be used
instead of wpa_ctrl_open() to override the default client socket
directory. Add optional -s<directory path> argument to hostapd_cli and
wpa_cli to allow the client socket directory to be specified.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, the BSS command returned an error if the WSC IE(s) in scan
results could not be parsed. This may be not ideal for all cases, to
instead of rejecting the command completely, return all other
information apart from the WPS information in such a case.
Signed-off-by: Jouni Malinen <j@w1.fi>
scan_freq and freq_list are not parsed correctly by
wpa_config_parse_int_array() if quoted.
Patch for dbus_old_handlers.c, the same change as done by Robert Shade
<robert.shade@gmail.com> for dbus_new_handlers.c in commit
99276998fa ('dbus: Do not quote scan_freq
and freq_list').
Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
While the EAPOL-Key MIC derivation was already changed from SHA256 to
SHA384 for the Suite B 192-bit AKM, KDF had not been updated similarly.
Fix this by using HMAC-SHA384 instead of HMAC-SHA256 when deriving PTK
from PMK when using the Suite B 192-bit AKM.
Signed-off-by: Jouni Malinen <j@w1.fi>
Config file is written to a temp file and then it is renamed to the
original config file. However, it is possible that the rename operation
will be commited to storage while file data will be still in cache
causing original config file to be empty or partially written in case of
a system reboot without a clean shutdown. Make this less likely to occur
by forcing the data to be written to the storage device before renaming
the file.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This allows a BSS entry to be expired if the AP has changed its SSID
while maintaining the same BSSID and we are associated with the BSS.
Previously, the same BSSID was enough to mark all BSS entries from the
BSSID as in use regardless of the SSID and as such, they could remain in
the wpa_supplicant BSS table indefinitely as long as the association
remaining.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The P2P group is not yet operating when going through GO Negotiation
exchange. Previously, an old cached scan result could be used to skip
the scan immediately after the GO Negotiation. While this is quite
unlikely to happen in practice, we can easily force a scan here now with
the generic scan_min_time mechanism. Do that to avoid any corner cases
that a previous instance of the group could have if found in cached scan
results.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The P2P group is not yet operating when going through invitation
exchange for re-invocation. Previously, an old cached scan result could
be used to skip the scan immediately after the invitation exchange.
While this may result in the fastest possible connection, it does have
some issues with cases where the GO takes some time to start up. It
would also be at least theoretically possible for some of the BSS
parameters to be different, so having a fresh scan result from the new
GO instance may be desired in any case.
Add a mechanism to skip scan results that have been last updated before
a specific point in time and as the first user for this mechanism,
require chan results to be more recent than the invitation message
exchange for the P2P Client role in persistent group re-invocation case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This new script can be used as an example of load testing for RADIUS
authentication servers. It can control multiple eapol_test processes
over the control interface to run EAP-TLS authentication. As an example,
the following commands would run eight instances of eapol_test
concurrently:
for i in 0 1 2 3 4 5 6 7; do
./eapol_test -T /tmp/eapol_test -i $i > eapol_test.log$i &
done
time ./eapol_test.py --ctrl /tmp/eapol_test --num 8 --iter 100
0: PASS 100
1: PASS 100
2: PASS 100
3: PASS 100
4: PASS 100
5: PASS 100
6: PASS 100
7: PASS 100
real 0m0.339s
time ./eapol_test.py --ctrl /tmp/eapol_test --num 8 --iter 100 --no-fast-reauth
0: PASS 100
1: PASS 100
2: PASS 100
3: PASS 100
4: PASS 100
5: PASS 100
6: PASS 100
7: PASS 100
real 0m1.876s
Signed-off-by: Jouni Malinen <j@w1.fi>
The -T<ctrl_iface> command line argument can now be used to start
eapol_test in mode where the configuration file is not needed and the
authentication operations are started through the control interface.
Network profile is also managed through the control interface in this
case. This can be used to provide more control for scripted RADIUS
authentication server testing.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new -i<ifname> command line argument can be used to specify the name
of the interface to use. This is mainly to allow unique control
interface names to be defined without having to use multiple
directories.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like BoringSSL has removed the AES_wrap_key(), AES_unwrap_key()
API. This broke wpa_supplicant/hostapd build since those functions from
OpenSSL were used to replace the internal AES key wrap implementation.
Add a new build configuration option
(CONFIG_OPENSSL_INTERNAL_AES_WRAP=y) to allow the internal
implementation to be used with CONFIG_OPENSSL=y build to allow build
against the latest BoringSSL version.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_s->scan_req needs to be set in these cases to get correct scanning
behavior. This is mainly needed for starting of AP mode operation
immediately in ap_scan=2 case.
This fixes an issue that was found with mac80211_hwsim test cases in the
following sequence: dbus_autoscan dbus_ap_scan_2_ap_mode_scan
Signed-off-by: Jouni Malinen <j@w1.fi>
If P2PS PD concludes to use default P2PS method wpas_p2p_scan_res_join()
ignores this value and tries to perform a redundant legacy PD.
Fix this by considering WPS_P2PS method too.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Ordering the units before network.target causes them to be stopped
after network.target on shutdown. This ensures that any network
filesystems will be unmounted before wpa_supplicant is killed.
Adding Wants=network.target ensures that network.target will be included
in the active dependency graph. This is typical of units which are
involved in networking setup functions.
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
This makes it easier to track the output queue state on a control
interface socket and determine what could be causing issues with running
out of space in the buffer.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
PNO was stopped by the wpa_supplicant during the connection attempts or
while handling disassociation indication. External entities, mainly, the
Android Wi-Fi framework, does not expects PNO to be stopped by other
modules. Hence, do not stop the sched_scan in these scenarios if it is
triggered externally for PNO.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant_assoc_try() would result in the currently operating AP to
get stopped if wpa_supplicant_scan() ends up getting triggered without
MANUAL_SCAN_REQ while operating an AP. With ap_scan=2, this could
resulted in unintentional stopping of AP mode operations, so check
explicitly for that case and skip the wpa_supplicant_assoc_try() call if
needed to avoid this.
Signed-off-by: Jouni Malinen <j@w1.fi>
The D-Bus Scan() handler was setting wpa_s->scan_req = MANUAL_SCAN_REQ
on the code path that used wpa_supplicant_req_scan(). However, it did
not do anything similar for the cases where
wpa_supplicant_trigger_scan() is called directly. This could result in
unexpected wpa_s->last_scan_req value and incorrect behavior especially
when using ap_scan=2 and running a scan while operating in AP mode. Fix
this by explicitly setting wpa_s->last_scan_req = MANUAL_SCAN_REQ when
using wpa_supplicant_trigger_scan() from the Scan() handler.
Signed-off-by: Jouni Malinen <j@w1.fi>
When using P2P invitation to re-invoke a persistent P2P group without
specifying the operating channel, query the driver for the preferred
frequency list, and use it to select the operating channel of the group.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
With the radio work design, it is possible for a network entry to get
disabled (e.g., DISABLE_NETWORK <id>) during the time the connect or
sme-connect radio work waits to start. Previously, only the validity of
the BSS entry and BSSID/SSID was verified when starting the actual
connection step. Add call to wpas_network_disabled() to those checks to
catch the case where the network profile is disabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When starting an autonomous GO without specifying the operating channel,
query the driver for the preferred frequency list, and use it to select
the operating channel of the GO (if supported).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When P2PS PD with default P2PS method is done, the peer that becomes GO
should authorize the client. However, P2PS specification doesn't require
the client to include its intended interface address in PD
Request/Response. As a result, the P2P Client's interface address may not
be known and any address may need to be authorized.
Previously, client's P2P Device Address was used for authorization,
which is not correct when a dedicated interface is used for P2P Client.
This is not resulting in a connection failure, however it causes a
significant delay (until WPS_PIN_TIME_IGNORE_SEL_REG elapses). Fix this
by authorizing the intended interface address, if known; or any address,
if not known.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>