Commit graph

3897 commits

Author SHA1 Message Date
Jouni Malinen
e7381b8473 Sync with include/linux/nl80211.h from wireless-testing.git
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-25 14:34:22 +03:00
Jouni Malinen
c1c023429b Set state to DISCONNECTED on auth/assoc failures
Some of the authentication/association failure paths left wpa_state to
its previous value. This can result in unexpected behavior when
wpa_supplicant tries to find an AP to connect to since the uncleared
state can result the in the selected BSS being ignored if it is same as
the previously used BSS. This could happen, e.g., when wpa_supplicant
SME was used and the AP rejected authentication. Fix this by explicitly
setting state to DISCONNECTED on auth/assoc failures that did not yet do
this.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-25 14:23:25 +03:00
Sunil Dutt Undekari
5bda43cdee P2P: Reject p2p_find when in provisioning
A p2p_find during provisioning shall not allow the enrollee to
pick the network, hence disable p2p_find during provisioning.

Signed-hostap: Sunil Dutt Undekari <duttus@codeaurora.org>
2012-06-25 14:05:49 +03:00
Jouni Malinen
296a34f0c1 Remove STA entry from AP when starting TKIP countermeasures
Previously, the STA entry was removed only from the driver and the STA
entry within hostapd was just marked disassociated. However, this left
the WPA authenticator state machine with an entry and the session was
not terminated properly. In addition, the STA entry could have remaining
indefinitely if the STA did not reconnect after TKIP countermeasures.
Fix this by removing the STA entry from hostapd instead of just leaving
it disassociated.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-25 13:53:24 +03:00
Yoni Divinsky
9148ae58d0 hostapd: Fix PBC config method of WSC IE in Beacon/Probe Response
In AP which supports WPSv2 with only virtual push button, when PBC is
called, the WSC IE should include Selected Registrar Configuration
Methods attribute with the bit of the physical push button not set.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-06-25 12:20:37 +03:00
Ben Greear
f115560c21 eloop/poll: Handle POLLER | POLLHUP in read logic
Without this, we can get into a tight loop because the
code in general doesn't add eloop exception handlers,
so socket reporting the POLLERR would never be read.

With this change, any socket with POLLERR or POLLHUP
asserted will be handled by the read logic.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-06-24 13:19:34 +03:00
Jouni Malinen
ef3e60bf22 Describe CONFIG_AP=y and CONFIG_P2P=y in defconfig
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-24 01:07:15 +03:00
Jouni Malinen
781d8e0f2b Fix a typo
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-24 00:59:06 +03:00
Johannes Berg
cad0f50e02 nl80211: Simplify cbmsg buffer
The control message received from the kernel needs some space, but
there's no need for the strange typing that breaks clang compilation.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-06-23 20:37:09 +03:00
Jouni Malinen
ecabb132b9 atheros: Remove unused variables
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-23 20:34:29 +03:00
Baruch Siach
e2e984ea06 atheros: Fix build when WPS and IEEE80211R are both disabled
Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-23 20:33:50 +03:00
Aarthi Thiruvengadam
c66cf68d5c P2P: Fix fallback to GO Negotiation to avoid PD-before-join timeout
The wpas_p2p_pd_before_join_timeout could be left behind if the PD
Request in p2p_connect-auto case does not succeed. This timeout can
result in unexpected operations since it could trigger join operation
while going through GO Negotiation. Fix this by canceling the timeout
when falling back to GO Negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-06-20 21:38:31 +03:00
Jouni Malinen
182748e4fb Copy Chargeable-User-Identity in PMKSA caching case
Maintain a copy of Chargeable-User-Identity in the PMKSA cache to allow
it to be included in accounting messages even if full authentication was
not completed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:51:57 +03:00
Jouni Malinen
302fc0a3c7 RADIUS DAS: Support Chargeable-User-Identity with Disconnect-Request
Chargeable-User-Identity can now be used in Disconnect-Request to
identify the station to be disconnected.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:44:46 +03:00
Jouni Malinen
e58b5ffed7 RADIUS: Fix a typo in attribute name in debug messages
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:39:29 +03:00
Jouni Malinen
ff7e4589ea RADIUS DAS: Add Event-Timestamp attribute into ACK/NAK messages
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:35:03 +03:00
Jouni Malinen
8047a95809 RADIUS DAS: Add support for Disconnect-Request
Calling-Station-Id, Acct-Session-Id, and User-Name attributes in a
Disconnect-Request message can now be used to indicate which station is
to be disconnected.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:30:01 +03:00
Jouni Malinen
fc2a924a8c RADIUS DAS: Check Disconnect-Request attributes
Reject Disconnect-Request if it includes unsupported attributes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 18:14:43 +03:00
Jouni Malinen
bde7ba6caf RADIUS DAS: Validate Event-Timestamp
DAS will now validate Event-Timestamp value to be within an acceptable
time window (300 seconds by default; can be set using
radius_das_time_window parameter). In addition, Event-Timestamp can be
required in Disconnect-Request and CoA-Request messages with
radius_das_require_event_timestamp=1.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 17:43:36 +03:00
Masashi Honma
c2d76aa624 P2P: Add p2p_client_list support for FullMAC Persistent GO
Currently, FullMAC Persistent GO can't use p2p_client_list because its
own hapd->p2p_group is NULL at ap_sta_set_authorized(). This patch
changes the processing to use sta->p2p_ie instead of
p2p_group_get_dev_addr() on FullMAC GO.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-06-17 11:58:46 +03:00
Baruch Siach
17706d1c76 hostapd: Return error value on configuration check failure
Don't count errors since the number isn't used anyway.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-16 20:30:28 +03:00
Baruch Siach
4929898dab hostapd: Remove redundant variable initialization
The 'errors' variable is initialized later anyway.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-16 20:26:51 +03:00
Jouni Malinen
f33bc03582 P2P: Fix P2P Client Discoverability bit updates
The P2P Client Discoverability bit is reserved in most frames and its
value in the local P2P peer table should only be updated based on P2P
Group Info attribute from a GO. Fix this by avoiding changes to this
dev_capab bit based on other P2P frames. It would be more correct to
track this separately for each group in which the peer is a member, but
since we do not do that for the other group specific information either,
this can do for now.

It should be noted that prior to commit
18485b5469 wpa_supplicant set this bit in
all P2P frames. However, that commit changed this to match the
specification, i.e., the bit is not set in frames which are received
from P2P Device role. As such, this fix is needed to be able to figure
out that a peer supports client discoverability capability after that
commit.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-16 20:17:39 +03:00
Masashi Honma
18485b5469 P2P: Fix setting of P2P Client Discoverability bit
In the P2P specification v1.1, the P2P Client Discoverability bit is
described in Table 12 "Device Capability Bitmap definition". The table
says "Within a P2P Group Info attribute and a (Re)association request
frame the P2P Client Discoverability field shall be set to 1 when the
P2P Device supports P2P Client Discoverability, and is set to 0
otherwise. This field shall be reserved and set to 0 in all other frames
or uses.". To match with this, filter out P2P Client Discoverability bit
from frames where its use is reserved.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-06-16 19:54:47 +03:00
Jouni Malinen
1cebaabd80 EAP-SIM/AKA server: Allow pseudonym to be used after unknown reauth id
If the peer uses an unknown reauth id, it would still be possible to use
pseudonym instead of permanent id. Allow this by changing the
AT_PERMANENT_ID_REQ to AT_FULLAUTH_ID_REQ in case unknown reauth id is
used in EAP-Response/Identity.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-06-15 18:49:54 +03:00
Jithu Jance
ef35f5a0fd P2P: Add driver op for requesting GO/AP channel switch
Signed-hostap: Jithu Jance <jithu@broadcom.com>
2012-06-10 20:54:31 +03:00
Jithu Jance
b9cfc09a81 P2P: Add preference setting for concurrent use cases
Add an additional parameter to prioritize either sta or p2p connection
to resolve conflicts arising during single channel concurrency.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2012-06-10 20:53:09 +03:00
Jouni Malinen
a0227929dc P2P: Do not use reassociation after getting disassociated
This avoids issues with some APs rejecting a reassociation if the
station is not currently associated as reported by Yossi Wortzel.
The change is based on a patch from Arik Nemtsov.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-10 19:51:36 +03:00
Jouni Malinen
198f82a1e3 P2P: Ignore unexpected GO Neg Resp is we have sent Resp
There is a race condition in GO Negotiation Request frame sending and
processing that may end up with both devices sending GO Negotiation
Response. This response frame was previously accepted even if a response
had already been sent. This could result in two GO Negotiation Confirm
frames being exchanged and consequently, with two separate GO
Negotiations completing concurrently. These negotiations could result in
getting mismatching parameters (e.g., both device could believe it was
the GO).

Fix this by ignoring GO Negotiation Response from the peer if twe have
already sent a GO Negotiation Response frame and we have the higher P2P
Device Address. This is similar to the rule used to determine whether to
reply to GO Negotiation Request frame when Request was already sent,
i.e., the same direction of GO Negotiation is maintained here to enforce
that only the negotiation initiated by the device with smaller P2P
Device Address is completed.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-09 18:31:24 +03:00
Neeraj Kumar Garg
a1d2ab329e P2P: Address race condition with GO Negotiation Request TX status
If both peers initiate GO Negotiation at about the same time, it is
possible for the GO Negotiation Request frame from the peer to be
received between the local attempt to send the GO Negotiation Request
and TX status event for that. This could result in both devices sending
GO Negotiation Response frames even though one of them should have
skipped this based which device uses a higher MAC address.

Resolve this race by incrementing go_neg_req_sent when p2p_send_action()
returns success instead of doing this from the TX status callback. If
the frame is not acknowledged, go_neg_req_sent is cleared in TX status
handler.

Signed-off-by: Neeraj Garg <neerajkg@broadcom.com>
2012-06-09 18:03:47 +03:00
Antonio Quartulli
dada954ad7 sta_info: Remove duplicated function declaration
In sta_info.h, ap_free_sta() was declared twice.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
2012-06-09 12:54:00 +03:00
Jouni Malinen
e22ba3e390 LibTomMath: Use 64-bit mode for mp_digit
For 64-bit x86 builds, enable 64-bit mode to optimize bignum operations
with the internal LibTomMath version.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-09 11:53:30 +03:00
Baruch Siach
3947ed96e8 atheros: Set essid length field only once
Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-08 20:28:23 +03:00
Baruch Siach
7aa4251f2f atheros: Fix build when CONFIG_WPS is disabled
The use of ETH_P_80211_RAW does not depend on CONFIG_WPS, so make its
definition independent as well.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-08 20:27:45 +03:00
Jouni Malinen
579a80982a P2P: Assume GO Negotiation failed if GO Neg Conf wait times out
Stop the connection attempt if GO Negotiation Confirm is not received
within 100 ms of the GO Negotiation Response getting acknowledged.
Previously, we would have continued trying to connect to the peer even
in this case which could result in confusing second GO Negotiation
Request frame and unnecessarily long wait before indicating failure.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-06-08 18:24:08 +03:00
Jouni Malinen
73ccd08378 P2P: Fix group formation timeout on GO during WPS step
Commit 361cdf3400 changed the way the
group formation timeout is used on P2P client. However, it resulted in
clearing the timeout on the GO when the GO started beaconing. This is
not correct since the timeout is supposed to be maintained until at
least the completion of the WPS provisioning step. Fix this regression
by clearing the timeout here only in the case we are not GO in group
formation phase.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-06-08 18:22:03 +03:00
Jouni Malinen
476dea24ff WPS: Cancel WPS operation also in DISCONNECTED state
It is possible for wpa_state to be WPA_DISCONNECTED when a new scan is
scheduled to be started in the future. If wpas_wps_cancel() gets called
(e.g., through control interface wps_cancel or a P2P group removal)
while in that state, the WPS operation (scan request and special network
block) were not removed. Fix this by clearing the WPS operations both in
WPA_SCANNING and WPA_DISCONNECTED states.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-06-06 22:07:11 +03:00
Jouni Malinen
5b37633364 P2P: Fix scan_res_handler setting for p2p_scan
The previous version set scan_res_handler unconditionally and then
cleared it if scan request failed. This can result in incorrect clearing
of the handler to NULL for a previously started scan that has not yet
completed. This can make p2p_find command fail to use the
start-after-scan-completion mechanism in some cases. Fix this by setting
scan_res_handler properly after having verified that the driver command
for starting the scan was successful.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-06-06 17:07:46 +03:00
Johannes Berg
792c8877c3 P2P: Send GO Negotiation Confirm without wait
The GO Negotiation Confirm frame doesn't need to be sent with a wait
since we don't expect a response to it.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-06-06 16:37:54 +03:00
Sunil Dutt Undekari
84286a227b P2P: Improve p2p_prov_disc-auto robustness
Perform addition additional scan runs on the operating channel of the GO
(if known from previous scan results) and fall back to initiate the PD
for GO Negotiation if these additional scans do not detect the peer as
GO.

Signed-hostap: Sunil Dutt Undekari <duttus@codeaurora.org>
2012-06-06 15:46:05 +03:00
Masashi Honma
135b69cc7a P2P: Use consistent Device Capability in Beacon/Probe Response
Concurrent Operation bit was not set for GO even if the device
supports concurrent operations. Make sure the Device Capability
value is consistent with other P2P use cases by using the value
determined in p2p_init().

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-06-06 12:55:44 +03:00
Nirav Shah
ad85320234 P2P: Fix P2P Group Formation timeout registration (use parent iface)
Commit 361cdf3400 extended the use of
group formation timeout for the way handshake, but the registration was
done on the group_interface while the cancellation was done on the
parent interface. Fix the registration to set the eloop timeout on
parent to address potential issues when using a separate group
interface.

Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
2012-06-04 21:58:34 +03:00
Paul Stewart
a6b71f726a bss: Don't remove a BSS that is in use
When looking for a BSS to eject due to too many entries, never
pick one that is in use.  Otherwise, we run the risk of having
pointers to freed data.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2012-06-04 21:52:08 +03:00
Paul Stewart
dd7fec1f29 wpa_supplicant: Report EAP connection progress to DBus
Send an "EAP" signal via the new DBus interface under various
conditions during EAP authentication:

  - During method selection (ACK and NAK)
  - During certificate verification
  - While sending and receiving TLS alert messages
  - EAP success and failure messages

This provides DBus callers a number of new tools:

  - The ability to probe an AP for available EAP methods
    (given an identity).
  - The ability to identify why the remote certificate was
    not verified.
  - The ability to identify why the remote peer refused
    a TLS connection.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2012-06-04 21:10:01 +03:00
Johannes Berg
24b5bd8b42 nl80211: Use safe list iteration
In certain cases like PBC session overlap it appears to be possible that
an interface is removed due to an event handled on it, this leads to
list corruption. Use safe iteration to prevent this issue.

Reported-by: Nirav Shah <nirav.j2.shah@intel.com>
Reported-by: Neeraj Kumar Garg <neerajkg@broadcom.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
intended-for: hostap-1
2012-06-04 20:25:11 +03:00
Etay Luz
fdfb1c8bcf wpa_supplicant: Support dtim_period configuration for AP mode
Signed-off-by: Etay Luz <eluz@qca.qualcomm.com>
2012-06-04 17:52:37 +03:00
Jouni Malinen
f5d4dd5ad4 WNM: Send empty IPv4 packet as keep-alive for now
Use an empty IPv4 packet as the keep-alive packet for WNM BSS max idle
period mechanism. This is not really the best possible frame to use for
this, but for now, it can do until a more suitable frame is figured out
for this (e.g., special LLC header to indicate link test purposes).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-28 14:36:23 -07:00
Jouni Malinen
8bd0fc0e0c Force driver to disassociate STA if no room for the STA entry
When hostapd (or wpa_supplicant AP mode) limits the maximum number
of STA entries with a driver that implements SME, the driver needs
to be notified of the failed STA addition. Disassociate the STA if
the driver notifies of an association that would go beyond the
maximum number of STAs.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-27 21:21:37 -07:00
Jouni Malinen
597c7a8dd8 WNM: Fix build without CONFIG_SME=y
Commit b6668734ab missed #ifdef CONFIG_SME
protection around wpa_s->sme access.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-27 18:17:41 -07:00
Jouni Malinen
b6668734ab WNM: Add advertisement of BSS max idle period
If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period
information to the (Re)Association Response frame from the AP and parse
this information on the station. For SME-in-wpa_supplicant case, add a
timer to handle periodic transmission of the keep-alive frame. The
actual request for the driver to transmit a frame is not yet
implemented.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-27 17:35:00 -07:00