Commit graph

432 commits

Author SHA1 Message Date
Jouni Malinen
092794f480 WPS: Add HTTP client module to clean up code
Instead of implementing HTTP client functionality inside
wps_upnp_event.c, use a generic HTTP client module to do this. The HTTP
client code can now be shared more easily for other purposes, too.
2009-11-08 12:35:37 +02:00
Jouni Malinen
e9bcfebfce WPS: Add initial part of External Registrar functionality
This is the first step in adding support for using wpa_supplicant as a
WPS External Registrar to manage APs over UPnP. Only the device
discovery part is implemented in this commit.
2009-11-07 12:41:01 +02:00
Jouni Malinen
d27df100b5 Allow driver and ctrl_interface parameters to be overridden
New wpa_supplicant command line options -o<driver> and -O<ctrl> can
now be used to override the parameters received in add interface
command from dbus or global ctrl_interface. This can be used, e.g.,
to enable control interface when using NetworkManager (add
-O/var/run/wpa_supplicant into the Exec parameter in
/usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service).
Similarly, this can be used to use another driver wrapper with
NetworkManager (e.g., -onl80211 to replace WEXT with nl80211).
2009-11-04 20:16:15 +02:00
Jouni Malinen
eb999fefcb Add Xcode project file for building wpa_supplicant 2009-11-02 19:37:46 +02:00
Jouni Malinen
e6c0ebff68 Fix int_array_concat() to bail out on realloc failure
The previous version could have ended up dereferencing a NULL pointer
if the reallocation call were to fail.
2009-11-02 19:14:17 +02:00
Oleg Kravtsov
63330c6832 WPS: Add PBC overlap and timeout events from WPS module
This provides information about PBC mode result from the WPS Registrar
module. This could be used, e.g., to provide a user notification on the
AP UI on PBC failures.
2009-11-01 21:26:13 +02:00
Jouni Malinen
76d11d3f42 SME: Improve processing of association rejection
Force deauthentication from the AP to clear mac80211 state (it would get
stuck with future scans if the AP is left in authenticated, but not
associated, state).

Add blacklist entry for the AP to allow other APs with worse signal
strength to be tried (e.g., when APs are trying to do load balancing
with status code 17). Reduce wait for the next scan to speed up
connection in cases where there could be other APs that could accept
association, but which show worse signal strength.
2009-10-31 23:21:43 +02:00
Sam Leffler
cca8773165 Allow CONFIG_DEBUG_SYSLOG=y to be used
Instead of having to add the syslog define manually into CFLAGS,
CONFIG_DEBUG_SYSLOG=y can now be used in .config.
2009-10-22 11:17:05 -07:00
Sam Leffler
2d8fe38109 Stub out the dbus function w/o CONFIG_WPS to fix build 2009-10-22 11:08:10 -07:00
Jouni Malinen
f1739bac4f Move PKCS# {1,5,8} functionality into separate files
This functionality fits better with src/tls (i.e., internal TLS
implementation), so move it there to make crypto_internal.c more
of a wrapper like other crypto_*.c files.
2009-10-17 12:48:55 +03:00
Jouni Malinen
385f16c611 Remove wpa_priv on 'make clean' 2009-10-16 21:49:45 +03:00
Jouni Malinen
43fb529750 Add AP mode WPA status into ctrl_iface 2009-10-16 18:35:45 +03:00
Jouni Malinen
f730b421e9 wpa_gui-qt4: Dynamically update associated STAs in peer dialog 2009-10-16 17:53:02 +03:00
Jouni Malinen
e81634cd18 Skip networks without known SSID when selecting the BSS
Previously, APs that were hiding SSID (zero-length SSID IE in
Beacon frames) could have been selected when wildcard SSID matching
was used. This would result in failed association attempt since
the client does not know the correct SSID. This can slow down WPS
which is often using wildcard SSID matching.

Ignore BSSes without known SSID in the scan results when selecting
which BSS to use.
2009-10-15 21:58:58 +03:00
Witold Sowa
dc461de43e wpa_supplicant and dbus code separation
This patch completely separates supplicant's code from dbus.
It introduces three new notifications which copes with all
remaining dbus stuff.
wpas_notify_unregister_interface() was renamed to
wpas_notify_iface_removed().
2009-10-15 21:15:10 +03:00
Sam Leffler
4f34d51abe Do not schedule a new scan if no networks are enabled
This avoids an extra timeout to move to INACTIVE state.
2009-10-14 22:05:58 +03:00
Jouni Malinen
3afe7b61e0 Fix AES dependencies for CONFIG_AP=y (and IBSS) builds 2009-10-13 11:16:05 +03:00
Jouni Malinen
35deb646cc Fix CONFIG_AP=y build without CONFIG_CTRL_IFACE 2009-10-13 11:15:39 +03:00
Masashi Honma
279d859b8f Fix IEEE 802.11r/w compilation error
The hostapd/wpa_supplicant compilation failed with CONFIG_IEEE80211R=y
or CONFIG_IEEE80211W=y option if CONFIG_EAP_PSK and CONFIG_EAP_GPSK are
not used.
2009-10-13 10:04:46 +03:00
Jouni Malinen
6d6f4bb87f nl80211: Work around mac80211 limitation on (re)auth when authenticated
mac80211 does not currently allow (re)authentication when we are already
authenticated. In order to work around this, force deauthentication if
nl80211 authentication command fails with EALREADY. Unfortunately, the
workaround code in driver_nl80211.c alone is not enough since the
following disconnection event would clear wpa_supplicant authentication
state. To handle this, add some code to restore authentication state
when using userspace SME.

This workaround will hopefully become unnecessary in some point should
mac80211 start accepting new authentication requests even when in
authenticated state.
2009-10-12 09:39:55 +03:00
Masashi Honma
0e27f655f1 MFP: Clear IGTK
The fourth and fifth keys are used as IGTK for management frame
protection. This patch clears these keys.

I have tested with linux kernel 2.6.31.2.
2009-10-12 07:19:01 +03:00
Jouni Malinen
bd4e9d033b Replace CONFIG_NO_AES_EXTRAS with auto-detection during build
There is no need to do this manually since it is possible to figure
out automatically which AES extra files need to be included in the
build.
2009-10-11 22:23:50 +03:00
Jouni Malinen
38b462868c Clean up crypto makefile segments
Reorganize the TLS/crypto library segments into a single set of blocks
for each library instead of multiple locations handling library-specific
operations. Group crypto functionality together and get wpa_supplicant
and hostapd Makefile closer to eachother in order to make it easier to
eventually move this into a shared makefile.
2009-10-11 22:04:29 +03:00
Jouni Malinen
7137456941 Move TLS_FUNCS and NEED_CRYPTO segment next to each other 2009-10-11 20:34:26 +03:00
Jouni Malinen
9d388d5007 Further crypto makefile unification 2009-10-11 20:31:15 +03:00
Jouni Malinen
0dba0175c5 Fix crypto config for minimal builds 2009-10-11 20:19:12 +03:00
Jouni Malinen
000bbd77c9 Cleaned up and unified some of the crypto Makefile code 2009-10-11 19:42:04 +03:00
Jouni Malinen
f042122a57 Allow the internal DH implementation to be overridden
Crypto library wrappers can now override the internal DH (group 5)
implementation. As a starting point, this is done with OpenSSL. The
new mechanism is currently available only for WPS (i.e., IKEv2 still
depends on the internal DH implementation).
2009-10-11 19:17:22 +03:00
Jouni Malinen
dd01b1ff9d Include only the used DH groups in the build
This reduces the binary size by 3 kB or so when WPS is included in
the build, but IKEv2 is not.
2009-10-11 15:24:40 +03:00
Jouni Malinen
9fac49c15c Fix wpa_passphrase build with NSS 2009-09-30 19:14:43 +03:00
Jouni Malinen
d094741c5a wpa_gui-qt4: Add pending WPS PIN queries into peer dialog
Whenever running wpa_supplicant in AP mode with WPS enabled, the
notifications of missing WPS PIN are now shown on the peer dialog
to make it easier to provide the PIN.
2009-09-29 23:16:21 +03:00
Jouni Malinen
4f760fcc7c Fix hostapd wpa_msg() calls ctx for wpa_supplicant AP mode
Need to use wpa_s pointer, not hapd pointer, for these calls.
2009-09-29 21:25:14 +03:00
Jouni Malinen
acfbf1f5d7 wpa_gui-qt4: Fix peer_role_address for AP entry 2009-09-29 20:51:45 +03:00
Jouni Malinen
b55aaa5fdf Allow IBSS/AP mode networks to be created in ap_scan=1 mode
If no BSSes/IBSSes matching the enabled networks are found in the scan
results, IBSS/AP mode network (if configured) can be created in
ap_scan=1 mode instead of requiring ap_scan=2 mode to be used whenever
using IBSS or AP mode.
2009-09-29 17:11:36 +03:00
Jouni Malinen
09b9df4e4a Split wpa_supplicant_event_scan_results() into helper functions 2009-09-29 14:30:11 +03:00
Jouni Malinen
289ffc2b61 Add preliminary version of NSS TLS/crypto wrapper for wpa_supplicant
This brings in the first step in adding support for using NSS
(Mozilla Network Security Services) as the crypto and TLS library
with wpa_supplicant. This version is able to run through EAP-PEAP
and EAP-TTLS authentication, but does not yet implement any
certificate/private key configuration. In addition, this does not
implement proper key fetching functions either, so the end result
is not really of much use in real world yet.
2009-09-29 01:21:09 +03:00
Johannes Berg
0194fedb46 driver_nl80211: Fix MLME key settings for static WEP
Current wpa_supplicant has a bug with WEP keys, it adds a zero-length
sequence counter field to netlink which the kernel doesn't accept.

Additionally, the kernel API slightly changed to accept keys only when
connected, so we need to send it the keys after that. For that to work
with shared key authentication, we also include the default WEP TX key
in the authentication command.

To upload the keys properly _after_ associating, add a new flag
WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE indicating that the driver
needs the keys at that point and not earlier.
2009-09-15 10:48:30 +03:00
Jouni Malinen
60b94c9819 Add preliminary background scan and roaming module design
This allows background scanning and roaming decisions to be contained in
a single place based on a defined set of notification events which will
hopefully make it easier to experiment with roaming improvements. In
addition, this allows multiple intra-ESS roaming policies to be used
(each network configuration block can configure its own bgscan module).

The beacon loss and signal strength notifications are implemented for
the bgscan API, but the actual events are not yet available from the
driver.

The included sample bgscan module ("simple") is an example of what can
be done with the new bgscan mechanism. It requests periodic background
scans when the device remains associated with an ESS and has couple of
notes on what a more advanced bgscan module could do to optimize
background scanning and roaming. The periodic scans will cause the scan
result handler to pick a better AP if one becomes available. This bgscan
module can be taken into use by adding bgscan="simple" (or
bgscan="simple:<bgscan interval in seconds>") into the network
configuration block.
2009-09-15 00:08:24 +03:00
Samuel Ortiz
3180d7a208 Getting back to DISCONNECTED afer SCANNING
After transitioning from DISCONNECTED to SCANNING, we never go back
to DISCONNECTED even though scanning is done or failed.
We're thus stuck in SCANNING while scanning is actually done.
2009-09-14 17:25:03 +03:00
Masashi Honma
f1b0de09d9 WPS: Fix CONFIG_WPS=y compilation of wpa_supplicant
The wpa_supplicant compilation failed with CONFIG_WPS=y option
if CONFIG_CLIENT_MLME and CONFIG_IEEE80211R are not used.
2009-09-14 16:50:53 +03:00
Witold Sowa
3e53b314f5 Share same freeing and error checking code in get_scan_results
Convert wpa_supplicant_get_scan_results_old() to use the same return
style with the other get_scan_results options and clean up the code
by sharing the same scan result freeing and error checking code for
all the options.
2009-09-13 22:21:52 +03:00
Witold Sowa
86b89452f6 Use shared functions for network operations and param changes
Instead of implementing these separately in various control
interface handlers, use shared functions. These add some of the
previously missing notification calls, too, for the affected areas.
2009-09-13 21:16:43 +03:00
Jouni Malinen
8bac466b00 Add wpa_supplicant notification calls
This introduces a new mechanism for collecting notification calls into
a single place (notify.c). As a result of this, most of the
wpa_supplicant code does not need to know about dbus (etc. mechanisms
that could use the notifications). Some empty placeholder functions are
also added in preparation of new dbus code that needs more event
notifications.
2009-09-13 20:53:32 +03:00
Witold Sowa
1bd3f426d3 Remove extra whitespace 2009-09-13 20:27:54 +03:00
Jouni Malinen
614ff64fe0 wpa_gui-qt4: Fix WPS AP detection for peer window 2009-09-11 19:06:38 +03:00
Jouni Malinen
b1078a4bfb wpa_gui-qt4: Add scan results into the peer window
In addition, add a peer entry type for each peer entry. Currently,
this is only stored as an integer and visible in the context menu.
Eventually, different icons should be used based on this type.
2009-09-11 18:37:16 +03:00
Jouni Malinen
acd8ba74c0 wpa_gui-qt4: Handle UNKNOWN COMMAND reply during peer window update
Avoid an infinite loop if wpa_supplicant is not built with AP support.
2009-09-11 17:52:46 +03:00
Jouni Malinen
611ed49118 Add parsed information from WPS IE(s) into scan results
This makes it easier for external programs to show WPS information
since they do not need to parse the WPS IE themselves anymore.
2009-09-11 17:14:49 +03:00
Jouni Malinen
6a88ae863f wpa_gui-qt4: Add context menu for peers dialog
Replace the clicked() event with more appropriate context menu
and add a WPS PIN entry as an example command.
2009-09-10 14:43:08 +03:00
Jouni Malinen
e2670b1176 wpa_gui-qt4: Include cstdio to avoid some compiler issues
It looks like some build systems do not find snprintf() here unless
cstdio is included explicitly.
2009-09-09 11:11:42 +03:00