These are no longer needed now. Note that this was never actually
sufficient since src/drivers/ isn't the only thing shared, and thus a
cross-build detection didn't work in all cases.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If the .config file changes, basically everything needs to be
rebuilt since we don't try to detect which symbols changed or
such. Now that the .config file handling is in the common
build system, make everything depend on it if there's one.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of building in the source tree, put most object
files into the build/ folder at the root, and put each
thing that's being built into a separate folder.
This then allows us to build hostapd and wpa_supplicant
(or other combinations) without "make clean" inbetween.
For the tests keep the objects in place for now (and to
do that, add the build rule) so that we don't have to
rewrite all of that with $(call BUILDOBJS,...) which is
just noise there.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This will make it easier to split out the handling in
a proper way, and handle common cflags/dependencies.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Clean up in a more common fashion as well, initially for ../src/.
Also add $(Q) to the clean target in src/
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Some things are used by most of the binaries, pull them
into a common rule fragment that we can use properly.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If there is no matching interface given, but interface matching is
enabled, all interfaces on the system will try to be initialized. Non
wireless interfaces will fail and the loopback device will be one of
these, so just log a diagnostic rather than an error.
Signed-off-by: Roy Marples <roy@marples.name>
Instead, log a diagnostic so that noise to the user is reduced. This is
expected behavior with driver interfaces that do not report supported
operating modes/classes.
Signed-off-by: Roy Marples <roy@marples.name>
This is needed for clearing previously set parameters in a similar
manner that was already available through the control interface
SET_NETWORK command.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Teach wpa_supplicant to {de,}initialize bgscans when bgscan parameters
are set after initial connection.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Currently, wpa_config_set(), the function that sets wpa_supplicant
per-network properties, returns 1 when a property it attempts to set is
unchanged. Its global parallel, wpa_config_process_global(), doesn't do
this even though much of the code is very similar. Change this, and
several of the parser functions, to resemble the per-network parser and
setter functions.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
When network properties are updated via dbus, wpa_config_set() is used
to update the property in the wpa_ssid struct. If it returns 1, the
property was not changed and there's no need to perform any of the
update actions.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
D-Bus clients can call CreateInterface() once and use the resulting
Interface object to connect multiple times to different networks.
However, if the network interface gets added to a bridge, clients
currently have to remove the Interface object and create a new one.
Improve this by supporting the change of the BridgeIfname property of
an existing Interface object.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Add a new configuration parameter p2p_6ghz_disable=1 to disable P2P
operation in the 6 GHz band. This avoids additional delays caused by
scanning 6 GHz channels in p2p_find and p2p_join operations in the cases
where user doesn't want P2P connection in the 6 GHz band.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Generate a control interface event upon receipt of DPP Presence
Announcement frames. This allows external programs to instrument
wpa_supplicant with bootstrapping information on-demand.
Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
ignore_broadcast_ssid is supported when using with the config
file. But it generates an error if you try to set it via the
DBus interface.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Check if the 2.4 GHz channel 6 is in the list of available channels
advertised by the driver before adding in to the chirping frequency
list. This fixes issues, e.g., with a 5 GHz only interface.
Signed-off-by: Disha Das <dishad@codeaurora.org>
The per-interface P2P data freeing function did not cover this eloop
timeout that could potentially have been registered. Explicitly cancel
this timeout to make sure no references to freed memory can remain in
such a case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
wpa_supplicant_remove_iface() removes the P2P management interface from
the global interfaces list before calling wpa_supplicant_deinit_iface().
When wpas_p2p_group_remove() is called from
wpa_supplicant_deinit_iface(), the P2P group created on the calling
wpa_s was not getting cleared as the calling wpa_s is not in the list of
global->ifaces. This results in the P2P management interface being
removed without disconnecting the p2p_group created on it. This could
result in an illegal access of freed memory, e.g., when a pending eloop
task wpas_p2p_reconsider_moving_go() was triggered with the leftover ctx
pointer to the removed P2P interface instance.
Fix this by disconnecting the P2P group created on interface to be
deinitialized before deinitializing the interface.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
With the configuration defined in the global_op_class array, the
channels starting from 149 in the operating classes 128 and 130 were not
considered for P2P channel setup due to the non-continuous
incrementation of channel indexes. The other channels in these operating
classes were considered. Handle the channels from 149 to 161 in the
operating classes 128 and 130 for P2P channel setup by handling this
jump in the channel number incrementation.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Previously this fallback from PFS enabled to disabled (and back to
enabled) was used only if the local network profile used key_mgmt=DPP,
i.e., did not enable another other AKM. That leaves out some valid cases
since the local network profile could actually enable both DPP and SAE.
Extend this check to accept cases DPP AKM is enabled and it was selected
for the connection even if there other enabled AKMs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Enhance the return values of ocv_verify_tx_params with enum to indicate
different OCI verification failures to caller.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Previously wpabuf_head() of the buffer is passed to wpa_hexdump_buf()
instead of the wpabuf struct itself and it was causing wpa_supplicant to
crash. Fix this by using the correct pointer in the debug prints.
Fixes: a118047245 ("MSCS: Add support to send MSCS Request frames")
Fixes: c504ff5398 ("MSCS: Add support to populate MSCS Descriptor IE in (Re)AssocReq")
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
These were not really used anymore since the AP/Relay case did not set
msg_ctx or process_conf_obj in the global DPP context. Get the
appropriate pointers more directly from the more specific data
structures instead and remove these global values.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend hostapd support for DPP Controller to cover the DPP_CONTROLLER_*
cases that were previously implemented only in wpa_supplicant. This
allows hostapd/AP to be provisioned using DPP over TCP.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Share the same setup steps from the negotiated connection handover to
fix issues with NFC Tag write cases in AP mode. This addresses issues in
the AP mode DPP listen operation not actually receiving anything when
the write-a-tag code path was used.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The local network profile parameters for EAP are not available without
IEEE8021X_EAPOL, so do not try to set these in builds that do not
include any EAP support.
Signed-off-by: Jouni Malinen <j@w1.fi>
The updated socket.poll() loop did not terminate properly in cases where
no response is available. Fix that to check for both False and None.
Fixes: 1733e356e4 ("dpp-nfc: Fix handover client wait for receiving handover select")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Allow MSCS change/remove request to be sent only after an initial setup,
i.e., after an add request has been accepted.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add support to parse the (Re)Association Response frames to check if the
AP has accepted/declined the MSCS request in response to the
corresponding (Re)Association Request frame. AP indicates the result by
setting it in the optional MSCS Status subelement of MSCS Descriptor
element in (Re)Association Response frame.
This MSCS Status subelement is defined in the process of being added
into P802.11-REVmd/D4.0 (11-20-0516-17-000m-cr-mscs-and-cid4158).
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Include the MSCS Descriptor IE in the (Re)Association Request frames to
setup MSCS between the AP and the STA during association.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add support to receive and process MSCS Response frames from the AP and
indicate the status to upper layers.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
This was supposed to wait for up to 3.0 seconds for the handover select,
but the incorrect loop terminated ended up limiting this to a single
iteration of 0.1 second wait. This was too fast for some cases like the
AP mode operation where it may take significant time to enable the radio
for listening to DPP authentication messages.
Fix the loop to allow that full three second wait for the response to be
used. In addition, report the amount of time it takes to receive the
response.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Do not process channel switch event in wpa_supplicant's SME when SME is
offloaded to the driver/firmware to avoid SA Query initiation from both
wpa_supplicant and the driver/firmware for the OCV case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously, wpa_supplicant fetched BSS channel info from scan results to
send ANQP Query frames. If the scan results for the specified BSS are
not available, the ANQP_GET command request was getting rejected.
Add support to send ANQP Query frame on the specified frequency without
requiring the scan results to be available.
The control interface command format:
- ANQP_GET <dst_addr> [freq=<freq in MHz>] <Query ID1>[,<Query ID2>,..]
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
The GAS query source MAC address was not getting updated correctly when
preassoc_mac_addr is enabled. Fix this by copying the current MAC
address to the GAS query source address.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Skip unnecessary random MAC generation due to preassoc_mac_addr
parameter when gas_rand_mac_addr parameter is enabled.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
SAE-PK password can be set using psk parameter also in case of mixed
SAE+PSK networks, so look for acceptable SAE-PK BSS when SAE password
not set and psk parameter meets SAE-PK password criteria.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
The offchannel operations (scan, Public Action frame TX/RX) have
significantly more latency when performed while connected, so disconnect
when requested to initiate DPP reconfiguration to avoid this. The old
network profile (i.e., likely the current connection) is going to be
replaced in practice and as such, there is no need to try continue that
association any further.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend DPP authentication session search for the DPP_QR_CODE command to
cover the ongoing exchanges in Controller/Responder.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend the DPP_CONTROLLER_START command to accept the optional qr=mutual
parameter similarly to the DPP_LISTEN case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use the alternative channel list in the handover server role when
processing an alternative proposal. This was previously done only in the
handover client role, but with the updated design, both roles act in a
similar manner for the case where the alternative channel list is
specified.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Do not use the hardcoded channel 1 (2412 MHz) with DPP_LISTEN if a
channel list is specified when writing an NFC Tag. Instead, pick the
first channel from that list as the listen channel.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add an optional iter=# parameter to DPP_RECONFIG similarly to the way
this was handled with DPP_CHIRP.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add an encrypted Enrollee identifier into Reconfig Announcement frames
and decrypt that on the Configurator side. The actual E-id value is
currently not used for anything, but it can be used in the future to
provide better control over reconfiguration.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This was added to the protocol design to support cases where the
C-sign-key uses a different group than the netAccessKey. The Enrollee
now indicates its netAccessKey group in Reconfig Announcement and the
Configurator builds it own reconfig Connector using that group instead
of the group used for the C-sign-key.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Only the sae_password parameter was previously accepted for SAE-PK use.
That is not sufficient for covering mixed SAE+PSK cases. Extend this by
allowing the psk parameter to be used as well just like it can be used
for SAE without SAE-PK.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add override parameters to use the specified channel while populating
OCI element in EAPOL-Key group msg 2/2, FT reassoc request, FILS assoc
request and WNM sleep request frames.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Do not use red color for the "No response receive" message in case
another HR will be sent after this.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Fix processing of the case where no handover select is sent out and add
automatic (delayed) termination of the link on completing the handover
successfully.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
terminate_now was not being set in the only_one case with connection
handover. Set it for that case as well as the tag cases to automatically
close down the link once it is not needed anymore.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use a shorter polling interval in recv_octets() to be able to send out
the alternative HR more quickly when using a single thread and handover
client. In addition, fix recv_records() to handle normal exception cases
like not receiving anything.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Postpone closing of the handover client to allow the same client to be
used for sending both handover request messages if an alternative URI
needs to be tried.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Set logging level to various upper layer nfcpy modules to enable more
detailed debugging of the actual NFC operations when requested (-d on
the command line).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Do not try to perform DPP operations on the P2P management interface
when no specific interface has been identified.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If an alternative proposal (second handover request) is sent, the
response (or lack of it) to the initial handover request should be
ignored.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This avoids potential loops of endless alternative URI exchanges over
NFC negotiated connection handover. Only allow one such alternative
proposal and declarare the handover as a failure if another alternative
were needed.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Allow all actual DPP processing steps in wpa_supplicant to be skipped by
specifying hardcoded URI values. Also allow a hardcoded crn to be
specified to force specific handover requestor/selector roles.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use the "tmp_disallow" name more consistently so that both the core
wpa_supplicant functionality (struct wpa_bss_tmp_disallowed) and the
wpa_driver_ops callback have more similar names.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
remove_on_tx_status needs to be set in this case even if
dpp_config_processing=2 is used since there will be no connection
attempt when receiving a Configurator backup instead of station config
object.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
For now, this is done only for the case where the NFC Device is not
usable and if writing a single tag fails.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make the debug output easier to read when performing interactive NFC
operations on a device that has a terminal showing the log.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The change to checking DPP_LISTEN return value ended up overwriting the
actual URI information from wpas_get_nfc_uri().
Fixes: 288c0ffaaa ("dpp-nfc: Do not hardcode netrole for NFC Tag writing cases")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Allow netrole to be specified for NFC Tag writing cases. Previously,
this was hardcoded to use netrole=configurator when starting the listen
operation. Now the netrole parameter is not included by default, but any
netrole value can be specified with the new --netrole command line
argument.
In addition, fix the listening frequency for the case where a channel is
picked.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When removing a mesh peer with control interface commands (ACCEPT_ACL
DEL_MAC/DENY_ACL ADD_MAC/MESH_PEER_REMOVE) the plink count was not
decreased from its last connection. This resulted in peer link count
leakage and wpa_supplicant rejecting the connections after reaching
max_peer_links (default: 99).
Fix this by decreasing the plink count when removing a mesh peer which
is in PLINK_ESTAB state.
Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
wpa_s->dpp_auth did not get cleaner if dpp_config_processing=1 is used.
Clear this after having received TX status for Configuration Result to
avoid leaving behind the completed provisioning instance.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The pending authentication exchange will make us ignore Reconfig
Authentication Request, so do not allow reconfiguration to be started in
that state.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The use of the alternative channel list did not work properly for the
case were both ends were trying to initiate the negotiated connection
handover. Fix this by always starting a new connection handover client
thread for sending the alternative proposal and ignoring peer messages
(likely something from the first attempt) during this modified attempt.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When a PMKSA cache entry is available and used for connection with FILS
key management suite, use FILS authentication algorithm for connection
even if ERP keys are not available. This scenario may happen when
applications using wpa_supplicant cache persistently only PMKSA but not
ERP keys and reconfigures wpa_supplicant with PMKSA cache after
restarting wpa_supplicant.
The previous implementation correctly handles SME-in-wpa_supplicant
cases. However, SME-in-driver cases, complete FILS authentication
without PMKSA caching is performed.
Fix SME-in-driver behavior by setting authentication algorithm to
WPA_AUTH_ALG_FILS when connecting to a FILS AP using PMKSA caching.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The channel numbering/center frequencies was changed in IEEE
P802.11ax/D6.1. The center frequencies of the channels were shifted by
10 MHz. Also, a new operating class 136 was defined with a single
channel 2. Add required support to change the channelization as per IEEE
P802.11ax/D6.1.
Signed-off-by: Wu Gao<wugao@codeaurora.org>
Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
If the peer's channel list in negotiated handover does not have any
common channels and the local end is configured with an alternative
channel list, try to initiate another negotiation handover with the
alternative channels.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Be clearer about only a tag read being allowed when dpp-nfc is
configured to not allow connection handover.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This fixes an issue where the pending authentication might have held a
reference to auth->tmp_peer_bi and dpp_auth_deinit() would try to free
that bootstrapping entry. This needs to happen before the call to
dpp_global_clear() to avoid double-removal of the bootstrapping entry
from the list.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add events for within-ESS reassociation. This allows us to monitor roam
events, both skipped and allowed, in tests.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Pull all the within-ESS roam code out of wpa_supplicant_need_to_roam()
and into its own function, wpa_supplicant_need_to_roam_within_ess().
This way, we avoid interleaving several #ifndef's in the original
function and wrap the new function in one big #ifndef. This also
modularizes the within-ESS roam code and makes it easier to test.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
This allows the DPP_CA_SET command to be targeting a specific DPP-CST
event in cases where the Configurator did not receive the bootstrapping
information for the peer.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
"DPP_CA_SET name=status value=<int>" can now be used to explicitly
indicate that CSR was rejected by CA/RA.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add initial Enrollee functionality for provisioning enterprise (EAP-TLS)
configuration object. This commit is handling only the most basic case
and a number of TODO items remains to handle more complete CSR
generation and config object processing.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>