This allows the password parameter for EAP methods to be fetched
from an external storage.
Following example can be used for developer testing:
ext_password_backend=test:pw1=password|pw2=testing
network={
key_mgmt=WPA-EAP
eap=TTLS
identity="user"
password=ext:pw1
ca_cert="ca.pem"
phase2="auth=PAP"
}
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows wpa_supplicant configuration file to be created without
the PSK/passphrase value included in the file when a backend for
external password storage is available.
Following example can be used for developer testing:
ext_password_backend=test:psk1=12345678
network={
ssid="test-psk"
key_mgmt=WPA-PSK
psk=ext:psk1
}
Signed-hostap: Jouni Malinen <j@w1.fi>
This new mechanism can be used to make wpa_supplicant using external
storage (e.g., key store in the operating system) for passwords,
passphrases, and PSKs. This commit is only adding the framework part
needed to support this, i.e., no actual configuration parameter can
yet use this new mechanism. In addition, only a simple test backend
is added to allow developer testing of the functionality.
Signed-hostap: Jouni Malinen <j@w1.fi>
Instead of rejecting network blocks without PSK/passphrase at the time
the configuration file is read, allow such configuration to be loaded
and only behave as if the network block with missing PSK/passphrase is
disabled.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, this was left to the default (WPA-EAP WPA-PSK) value which
could potentially result in unexpected behavior if an AP were to enable
both WPA2-Enterprise and WPA2-Personal in the same BSS. While this is
not really that likely for APs supporting Interworking, it is good to
get the PSK option removed to avoid any issues with missing
passphrase/PSK configuration parameter.
Signed-hostap: Jouni Malinen <j@w1.fi>
Each cred block can now be matched based on Roaming Consortium OI as an
alternative mechanism to using NAI Realm information. This may be
optimized for efficiency in the future since Roaming Consortium
information is available in scan results without having to go through
ANQP queries. In addition, this is easier to support in case there is a
large number of realms that can be used for authentication.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new cred block parameters eap, phase1, and phase2 can be used to
select which EAP method is used with network selection instead of using
the value specified in ANQP information (e.g., NAI Realm).
Signed-hostap: Jouni Malinen <j@w1.fi>
Allow the user to configure an RSSI threshold in dBm below which the
nl80211 driver won't report scan results. Currently only supported
during scheduled (PNO) scans.
Signed-off-by: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
P2P group is only going to use a single GO, so we can leave the fixed
BSSID parameter set for the actual data connection in addition to the
initial WPS provisionign step. This can speed up operations with drivers
that select BSS internally by allowing them to skip an extra scan when
the BSSID and frequency of the GO is already known.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Four D-Bus scripts using python glib are added to perform the following
operations: p2p_flush, p2p_group_add, p2p_listen and p2p_stop_find.
Signed-hostap: Michael Naumov <michael.naumov@intel.com>
Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
Commit 7c865c6853 introduced a code
path that can skip extra_ie initialization in wpa_supplicant_scan().
This could result in semi-random crashes when using the autoscan
mechanism. Fix this by initializing extra_ie to NULL.
Signed-hostap: Jouni Malinen <j@w1.fi>
This updates the license notification to use only the BSD license. The
changes were acknowledged by email (Kel Modderman <kel@otaku42.de>,
Mon, 2 Jul 2012 20:02:37 +1000).
Signed-hostap: Jouni Malinen <j@w1.fi>
This updates these files to use the license notification that uses only
the BSD license. The changes were acknowledged by email (Dan Williams
<dcbw@redhat.com>, Sun, 01 Jul 2012 15:53:36 -0500).
Signed-hostap: Jouni Malinen <j@w1.fi>
This functionality could be shared for other commands, too, so move
it to a common function. In addition, implement the validation in a
bit more strict way to avoid accepting values like '-123' as a valid
PIN.
Signed-hostap: Jouni Malinen <j@w1.fi>
Reject invalid PIN value in p2p_connect command. Before this, typos
like "pbd" as the third parameter could have resulted in OK return
value since this parameter was interpreted as the PIN.
Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
When a special scan_res_handler is used the scan parameters may not have
been suitable for other purposes (e.g., during a p2p_find operation). As
such, do not indicate such scan results to other virtual interfaces
using the same radio.
Signed-hostap: Jouni Malinen <j@w1.fi>
In the properties changed signal, added a new property
"DisconnectReason", which carries the IEEE 802.11 reason code of the
most recent disassociation or deauthentication event. The reason code is
negative if it is locally generated. The property is sent to the DBUS
immediately so as to prevent it from being coalesced with other
disconnect events.
Signed-off-by: Gary Morain <gmorain@chromium.org>
Two DBUS scripts using python glib are added to perform p2p_find and
p2p_connect operations respectively. p2p_connect script just performs
the traditional connect to create a new p2p group. Additional updates
will be required to perform join, auth etc. al.
Signed-hostap: Michael Naumov <michael.naumov@intel.com>
Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
nfc_pw_token can be used to build random NFC password token for WPS.
This tool prints out the wpa_supplicant.conf (or hostapd.conf)
parameters and the hexdump of the WPS password token (with and without
NDEF encapsulation) so that it can be written to a NFC tag with an
external program.
Signed-hostap: Jouni Malinen <j@w1.fi>
os_random() may not be seeded properly, so use stronger mechanism for
generating the password id for NFC password tokens.
Signed-hostap: Jouni Malinen <j@w1.fi>
The AP PIN on wps_reg command can now be replaced with special value
"nfc-pw" to use device password from a NFC password token from the AP.
Signed-hostap: Jouni Malinen <j@w1.fi>
WPS_ER_NFC_CONFIG_TOKEN command can now be used to build a NFC
configuration token based on AP Settings learnt with WPS_ER_LEARN
or set with WPS_ER_CONFIG.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new wpa_supplicant ctrl_iface command WPS_NFC_TAG_READ can now be
used to process NFC tags read by external programs to initiate
wpa_supplicant to use NFC Configuration Token to create a new network.
Signed-hostap: Jouni Malinen <j@w1.fi>
Instead of requiring low-level access to an NFC device and synchronous
operations, the new WPS_NFC_TOKEN and WPS_NFC ctrl_iface commands can be
used to build a NFC password token and initiate WPS protocol run using
that token (or pre-configured values) as separate commands. The
WPS_NFC_TOKEN output can be written to a NFC tag using an external
program, i.e., wpa_supplicant does not need to have low-level code for
NFC operations for this.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, a pending scan request could be left running when processing
DISCONNECT command from control interface. This can result in unexpected
scan, so cancel the request to avoid this.
Signed-hostap: Jouni Malinen <j@w1.fi>
Use wpa_supplicant_set_state() to initialize state to DISCONNECT so that
autoscan gets initialized properly. This needs a change in
autoscan_init() to avoid extra scan request that would postpone the
first scan request when an interface is added.
Signed-hostap: Jouni Malinen <j@w1.fi>
The first time the limit is exceeded could result in using larger
value - avoid that by limiting the interval also in that case.
Signed-hostap: Jouni Malinen <j@w1.fi>
This module will sets a fixed scanning interval. Thus, the parameter to
this module is following this format: <fixed interval>
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
This module will compute the interval on a base exponential. Thus,
params to this module are following this format: <base>:<limit>
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Like bgscan, autoscan is an optional module based feature to automate
scanning but while disconnected or inactive.
Instead of requesting directly a scan, it only sets the scan_interval
and the sched_scan_interval. So, if the driver supports sched_scan,
autoscan will be able to tweak its interval. Otherwise, the tweaked
scan_interval will be used. If scan parameters needs to be tweaked, an
autoscan_params pointer in wpa_s will provide those. So req_scan /
req_sched_scan will not set the scan parameters as they usually do, but
instead will use this pointer.
Modules will not have to request a scan directly, like bgscan does.
Instead, it will need to return the interval it wants after each
notification.
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
