Commit graph

67 commits

Author SHA1 Message Date
Kel Modderman
1c63bd0c41 wpa_gui-qt4: add status fields to tray message
Add extra state status fields to the tray icon message bubble. Do not
display an empty message.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-25 21:06:32 +03:00
Andriy Tkachuk
488af690b6 Fix build with CONFIG_CLIENT_MLME, but without CONFIG_IEEE80211W
mlme.c: In function 'ieee80211_rx_mgmt_action':
mlme.c:1990: warning: implicit declaration of function
'ieee80211_rx_mgmt_ping_action'
...
mlme.o(.text+0x3007): In function `ieee80211_sta_rx':
/home/ant/hostap/hostap06/hostap/wpa_supplicant/mlme.c:1990: undefined reference
to `ieee80211_rx_mgmt_ping_action'
collect2: ld returned 1 exit status
2008-09-24 13:02:17 +03:00
Dan Nicholson
23e072374e Don't post scan results when initial scan is emtpy
When the initial scan is made, just the cached results from the driver
are used. If this is empty, it's useless to post the results since
another scan is being scheduled immediately. This just causes extra
processing from listeners for no gain.
2008-09-24 12:51:08 +03:00
Dan Nicholson
2064c2f985 Restore scan request settings if initial association failed
The scan path to initiate another scan if the initial association failed
was broken due to wpa_s->scan_req being zeroed earlier in
wpa_supplicant_scan(). This caused the second scan to bail out early
since it thought this was not a requested scan.
2008-09-24 12:48:33 +03:00
Jouni Malinen
76dca89295 Add a new auto-generated file to be ignored 2008-09-24 12:29:04 +03:00
Kel Modderman
b199b7e654 wpa_gui-qt4: add system tray support
Add system tray icon support to wpa_gui-qt4. The tray icon remains quiet
when the main dialog is visible, so it should not cause too much pain for
more conservative users of wpa_gui. The addition involves the following
changes:

* when closing wpa_gui via window manager close box, wpa_gui close event is
  ignored and it is minimised to system tray. A status message is displayed
  (or popup dialog box if tray messages are not supported) to provide a
  visual hint that the program is still running in the background.
* add File->Exit slot handler to facilitate application quit from main
  dialog
* provide a context menu with a short list of useful actions
* show/hide main dialog when icon is triggered (single click)
* ensure main dialog is visible when event handler or scan results is
  chosen from tray icon context menu
* show tray messages on connected and disconnected events, display a status
  message a few seconds after connected events

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-24 12:26:57 +03:00
Kel Modderman
0fae9ad39b wpa_gui-qt4: remove qPixmapFromMimeSource from ui files
When integrating the new art, this UI entry:

<pixmapfunction>qPixmapFromMimeSource</pixmapfunction>

Caused the following error:

.obj/wpagui.o: In function `Ui_WpaGui::setupUi(QMainWindow*)':
wpagui.cpp:(.text._ZN9Ui_WpaGui7setupUiEP11QMainWindow[Ui_WpaGui::setupUi(QMainWindow*)]+0xd3): undefined reference to `qPixmapFromMimeSource(QString const&)'
collect2: ld returned 1 exit status

Removing qPixmapFromMimeSource seems to have no unwanted side effects, and
allows successful build again. Research leads me to believe it depends on
Qt3Support, which we do not want.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-24 12:24:49 +03:00
Kel Modderman
62b86dba6e wpa_gui-qt4: use new svg as application icon
Enhance wpa_gui's appearance by integrating the new svg icon via a resource
file.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-24 12:22:50 +03:00
Kel Modderman
11caae9d1f wpa_gui-qt4: desktop entry file
A desktop entry file for wpa_gui.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-24 12:20:58 +03:00
Bernard Gray
99112a2d75 wpa_gui-qt4: add svg icon
Introducing an original wpa_gui icon, in svg format, with Makefile for
easy conversion to other icon formats. The icon is thanks to Bernard Gray.

Signed-off-by: Bernard Gray <bernard.gray@gmail.com>
Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-24 12:19:31 +03:00
Jouni Malinen
6572fc0d1b IEEE 802.11w: Use comeback duration to delay association 2008-09-01 11:49:51 +03:00
Jouni Malinen
c684525947 FT: Fixed FTIE for authentication after a failed association 2008-09-01 11:38:13 +03:00
Jouni Malinen
565861976d Added support for using SHA256-based stronger key derivation for WPA2
IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for
key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new
AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 22:57:28 +03:00
Jouni Malinen
5d22a1d5aa IEEE 802.11w: Added association ping
This updates management frame protection to use the assocition ping process
from the latest draft (D6.0) to protect against unauthenticated
authenticate or (re)associate frames dropping association.
2008-08-31 11:04:47 +03:00
Jouni Malinen
0b60b0aaad Updated MFP defines based on IEEE 802.11w/D6.0 and use new MFPC/MFPR
This adds most of the new frame format and identifier definitions from IEEE
802.11w/D6.0. In addition, the RSN IE capability field values for MFP is
replaced with the new two-bit version with MFPC (capable) and MFPR
(required) processing.
2008-08-30 14:59:39 +03:00
Jouni Malinen
1d8ce433c9 Internal X.509/TLSv1: Support SHA-256 in X.509 certificate digest 2008-08-16 11:21:22 +03:00
Jouni Malinen
1c8735848d nl80211: Preliminary code for usermode MLME support
This adds some parts needed to use usermode MLME with the current mac80211
(plus a patch to add a new cfg80211 command; not yet submitted to
wireless-testing). This version creates a monitor interface for management
frames and is able to send Probe Request frames during scan. However, it
looks like management frame reception is not yet working properly. In
addition, mlme_{add,remove}_sta() handlers are still missing.
2008-08-15 22:14:49 +03:00
Jouni Malinen
101533269f Fixed supported rates IE generation for Probe Response frames. 2008-08-15 22:10:41 +03:00
Jouni Malinen
c1e033b0bb IEEE Std 802.11r-2008 has been released, so update references 2008-08-15 11:25:24 +03:00
Jouni Malinen
d48ae45b73 Preparations for 0.6.4 release 2008-08-10 20:33:12 +03:00
Jouni Malinen
6724f4d07a Fixed MinGW build without CONFIG_NDIS_EVENTS_INTEGRATED defined 2008-08-10 18:11:41 +03:00
Jouni Malinen
3ff77e070d Fixed opportunistic key caching (OKC)
wpa_sm_set_config() can be called even if the network block does not
change. However, the previous version ended up calling
pmksa_cache_notify_reconfig() every time and this cleared the network
context from PMKSA cache entries. This prevented OKC from ever being used.

Do not call pmksa_cache_notify_reconfig() if the network context remains
unchanged to allow OKC to be used.
2008-08-03 20:16:59 +03:00
Dan Williams
93ef879f0f wext: fix maxrate calculation
When scan results got moved from wpa_scan_result -> wpa_scan_res, the
'maxrate' member was dropped from wpa_scan_res.  The D-Bus interface
used 'maxrate', which was replaced with wpa_scan_get_max_rate().
Unfortunately, wpa_scan_get_max_rate() returns 802.11 rate values
directly from the IE, where 'maxrate' was the rate in bits/second.  The
supplicant internally fakes an IE for wpa_scan_res from the value of
wpa_scan_result->maxrate, but interprets ->maxrate as an 802.11 rate
index.

As a side-effect, this fixes a soft-break of the D-Bus control API since
the wpa_scan_res change was introduced.
2008-07-15 20:07:50 +03:00
Michael Bernhard
886a807fb5 Make proactive key caching working again
Function 'wpa_sm_set_config' used the argument 'config' as the network
context which is a pointer to a local variable of the function
'wpa_supplicant_rsn_supp_set_config'.

This is one reason why no proactive key was generated. This network
context never matched with the network context saved in the pmksa cache
entries.

The structure 'rsn_supp_config' has already a member 'network_ctx' which
is now filled in by this patch with 'ssid'.

Signed-off-by: Michael Bernhard <michael.bernhard@bfh.ch>
2008-07-06 10:50:53 +03:00
Pavel Polischouk
9d6762cfca man wpa_supplicant: Clearly state which options are given per interface
Documentation appeared a little vague about which options are global and
which are tied to a particular interface. This leads to confusion when
using certain combinations of options, e.g. the command "wpa_supplicant
-c /etc/wpa_supplican.conf -u" will not do what is intuitively expected
from it - it will not read the config file given with -c option because
no -i option was given. This command is still valid because -u option is
used. The wpa_supplicant running like this will also not listen on any
control socket, because the socket file name is usually given in the
config file. This command line also happens to be the default in Fedora 9.
This patch does not try to change any behaviour, but rather document
these nuances clearly.
2008-06-18 11:52:20 +03:00
Jouni Malinen
3e2ad1b932 Fixed race condition between disassociation event and group key handshake
This avoids getting stuck in state where wpa_supplicant has canceled scans,
but the driver is actually in disassociated state. The previously used code
that controlled scan timeout from WPA module is not really needed anymore
(and has not been needed for past four years since authentication timeout
was separated from scan request timeout), so this can simply be removed to
resolved the race condition. As an extra bonus, this simplifies the
interface to WPA module.
[Bug 261]
2008-06-09 16:26:47 +03:00
Jouni Malinen
2eeaa5c9d0 EAP-PEAP: Moved the common peap_prfplus() function into a shared file 2008-06-09 10:32:12 +03:00
Jouni Malinen
3f5285e852 Added a preliminary nl80211/cfg80211 driver interface for wpa_supplicant
driver_nl80211.c is based on driver_wext.c and it is still using Linux
wireless extensions for many functions. Over time, the new driver interface
code should be modified to use nl80211/cfg80211 for everything.
2008-06-06 16:55:42 +03:00
Jouni Malinen
187bc466a3 Removed the 20% estimate on faster bignum routines
This was not accurate since this was mostly based on total runtime of an
eapol_test run. The real improvement in the bignum routines is much larger
(mayby twice as fast as before).
2008-06-06 10:30:43 +03:00
Jouni Malinen
b95394c66f Combined internal LibTomMath configuration into one option
CONFIG_INTERNAL_LIBTOMMATH_FAST=y in .config can now be used to enable all
optimized routines at a cost of about 4 kB. This is small enough increase
in size to justify simplified configuration.
2008-06-06 10:21:28 +03:00
Jouni Malinen
ec0205a87a Added an option to build internal LibTomMath with faster div routine
At the cost of about 1 kB of additional binary size, the internal
LibTomMath can be configured to include faster div routine to speed up DH
and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_DIV=y in
.config.
2008-06-06 10:11:17 +03:00
Jouni Malinen
c5f5c91aeb Add faster, optional sqr routine for internal LibTomMath
At the cost of about 0.5 kB of additional binary size, the internal
LibTomMath can be configured to include faster sqr routine to speed up DH
and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_SQR=y in
.config.
2008-06-05 18:33:46 +03:00
Dan Williams
1d3c75b3b6 Give adhoc associations a bit more time
Depending on how the driver implements IBSS searching and creation, it
may need to perform one or more scans before successfully completing the
association operation.  Therefore, increase the timeout for IBSS
association operations so that the supplicant doesn't interrupt the
driver as much.
2008-06-04 21:00:09 +03:00
Jouni Malinen
8ccc0402b2 Internal LibTomMath: add optional support for Montgomery reduction
Add a cost of about 2.5 kB of additional cost, the internal LibTomMath can
be configured to include fast exptmod routine to speed up DH and RSA.
This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_EXPTMOD=y in
.config.
2008-06-04 11:57:55 +03:00
Jouni Malinen
a8e16edc86 Introduced new helper function is_zero_ether_addr()
Use this inline function to replace os_memcmp(addr,
"\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0.
2008-06-03 18:08:48 +03:00
Dan Williams
7e1488494e Do not continually reschedule specific scans to help finding hidden SSIDs
In situations where the driver does background scanning and sends a
steady stream of scan results, wpa_supplicant would continually
reschedule the scan.  This resulted in specific SSID scans never
happening for a hidden AP, and the supplicant never connecting to the AP
because it never got found.  Instead, if there's an already scheduled
scan, and a request comes in to reschedule it, and there are enabled
scan_ssid=1 network blocks, let the scan happen anyway so the hidden
SSID has a chance to be found.
2008-06-03 11:37:48 +03:00
Jouni Malinen
d952d16df4 Internal TLS: Added support for parsing PKCS #8 formatted private keys
The internal TLS implementation can now use both PKCS #1 RSA private key
and PKCS #8 encapsulated RSA private key. PKCS #8 encrypted private key is
not yet supported.
2008-06-02 19:39:46 +03:00
Jouni Malinen
b5aebee49e Fixed dbus build without OpenSSL. 2008-06-02 18:45:45 +03:00
Jouni Malinen
ec717917e5 Fixed build without CONFIG_IEEE8021X_EAPOL, but with CONFIG_CTRL_IFACE 2008-05-30 18:43:06 +03:00
Jouni Malinen
1b52ea47e4 Added fragmentation support for EAP-TNC 2008-05-26 12:00:18 +03:00
Jouni Malinen
d9521c7438 Example configuration for EAP-TLS authentication using PKCS#11 TPM token 2008-05-23 19:41:05 +03:00
David Smith
61ee0f71bb Add support to wpa_supplicant configuring eap_peer for client cert and CA
cert on smartcard, plus handling phase2 auth with smartcard same as phase1.
2008-05-23 10:55:30 +03:00
David Smith
e403be0b12 Add setSmartcardModules DBus message to set pkcs11 and opensc options
This will be used by most importantly network manager to set smartcard
options at run time.
2008-04-28 17:15:56 +03:00
Henrik Brix Andersen
a6a89fea36 Fix compilation without IEEE8021X_EAPOL defined 2008-04-28 17:06:43 +03:00
Jouni Malinen
fe2b7dda02 Fixed fallback to full handshake when server rejects PAC-Opaque
The TLS client changes in ssl3_get_server_hello() were based on the
pre-RFC 5077 version of OpenSSL and they hardcoded s->hit to 1 in case
PAC-Opaque was used. This prevented fallback to full TLS handshake in case
the server rejected PAC-Opaque in ClientHello. The fixed version simplifies
ssl3_get_server_hello() and uses the new RFC 5077 functionality in OpenSSL
(ssl3_check_finished) to allow the state machine handle start of
abbreviated handshake based on the used ticket.
2008-04-15 17:24:06 +03:00
Jouni Malinen
d6888f9e37 PEAPv0: Added crypto_binding configuration option (part of phase1)
crypto_binding=# in phase1 network parameter can now be used to change the
PEAPv0 cryptobinding behavior (0 = do not use, 1 = optional (default),
2 = required).
2008-04-08 14:57:39 +03:00
Kel Modderman
0e5776f673 Remove the -w option from help output
Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-03-31 11:51:49 +03:00
Kel Modderman
7da6794022 Explain not all driver backends will be compiled into wpa_supplicant binary
Explain that wpa_supplicant supports a variety of drivers, but only a
subset of them are chosen at compile time.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-03-31 11:49:55 +03:00
Tomasz Wolniewicz
c454f57379 eapol_test: Allow client IP address to be specified
Allow the user to set the IP address of the eapol_test client. This if
very useful when you have a machine with many interfaces and want to use a
particular one for testing RADIUS connectivity. For instance when I run the
national eduroam proxy I can only connect to other server from a particular
address, an our machine happens to have several IPs. So if I want to run
connectivity tests, I must make sure that my test uses a particular
interface. The -A option allows one to set this).

(jm: cleaned up to use radius configuration structure instead of global
variable for the address and added IPv6 support)
2008-03-30 18:15:52 +03:00
Tomasz Wolniewicz
1e4b9da10c Chargeable-User-Identity (RFC 4372) in eapol_test
Implements the Chargable-User-Identity (CUI), as defined in RFC 4372.
Option "-i" causes the eapol_test to send a NUL CUI - which is a request to
send a CUI back. Capital "-I" allows to specify the value of the CUI.
This has been defined for cases where the client wants to reauthenticate.
2008-03-30 17:39:19 +03:00