Commit graph

5250 commits

Author SHA1 Message Date
Jouni Malinen
8bd0fc0e0c Force driver to disassociate STA if no room for the STA entry
When hostapd (or wpa_supplicant AP mode) limits the maximum number
of STA entries with a driver that implements SME, the driver needs
to be notified of the failed STA addition. Disassociate the STA if
the driver notifies of an association that would go beyond the
maximum number of STAs.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-27 21:21:37 -07:00
Jouni Malinen
597c7a8dd8 WNM: Fix build without CONFIG_SME=y
Commit b6668734ab missed #ifdef CONFIG_SME
protection around wpa_s->sme access.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-27 18:17:41 -07:00
Jouni Malinen
b6668734ab WNM: Add advertisement of BSS max idle period
If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period
information to the (Re)Association Response frame from the AP and parse
this information on the station. For SME-in-wpa_supplicant case, add a
timer to handle periodic transmission of the keep-alive frame. The
actual request for the driver to transmit a frame is not yet
implemented.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-27 17:35:00 -07:00
Jouni Malinen
b80eb89d8e P2P: Improve handling of p2p_connect-auto fallback
Commit aa9bb7644b improved robustness
of p2p_connect-auto mechanism by using older scan results to help in
determination whether the peer was operating a GO. Improve this by
accepting new GO information from scan-for-WPS-provisioning results
even if the GO is not yet ready for WPS.

In addition, fix an issue where Provision Discovery exchange timeout
could have left offchannel TX operation in progress when the fallback
was used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-14 22:55:43 -04:00
Dmitry Shmidt
dfb42efb34 wpa_supplicant: Make Android makefiles available under the BSD license
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-05-14 20:34:24 -04:00
Jouni Malinen
b5671498bf nl80211: Use wait_time with AP mode driver SME for offchannel
When sending an offchannel frame (mainly, P2P Invitation Request), the
wait_time parameter was hardcoded to 0 for drivers that implement AP
mode SME. This is not correct and can cause problems for drivers that
support offloading of off-channel operations with driver/firmware based
AP SME.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-11 18:24:31 +03:00
Jouni Malinen
2e3e456623 nl80211: Add more debug info on NL80211_CMD_FRAME uses
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-11 18:22:53 +03:00
Jouni Malinen
3bc462cb88 P2P: Add option for Provision Discovery before GO Negotiation
This is a workaround for interoperability issues with some deployed P2P
implementations that require a Provision Discovery exchange to be used
before GO Negotiation. The new provdisc parameter for the p2p_connect
command can be used to request this behavior without having to run a
separate p2p_prov_disc command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-11 16:25:47 +03:00
Jouni Malinen
1cbe86e2d6 Add debug prints of scan result IEs
Excessive debug level can now be used to dump the IEs received in scan
results from both Beacon and Probe Response frames. This makes it easier
to debug issues where the driver (or well, more likely cfg80211) does
not update the IEs based on Beacon frames if even a single Probe
Response frame has been received.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-11 15:30:05 +03:00
Jouni Malinen
f15854d1e1 Fix BSSID enforcement with driver-based BSS selection
Previously, wpa_supplicant did not specify BSSID to any connection
request if the driver indicated that it will take care of BSS selection.
This is fine for most use cases, but can result to issues if the network
block has an explicit bssid parameter to select which BSS is to be used.
Fix this by setting BSSID and channel when the network block includes the
bssid parameter even if the driver indicates support for BSS selection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-05-11 15:27:46 +03:00
Jouni Malinen
2c1e557507 WPS: Fix BSSID filter handling
If WPS commands are used with a specific BSSID instead of wildcard,
the BSSID that was supposed to be used only for the provisioning step
may end up getting copied to the network block that gets provisioned
based on the WPS credentials. Fix this by clearing ssid->bssid_set
when creating the network block by replacing the block used for WPS
provisioning.

This issue could show up with the provisioned network not getting
selected properly with APs that have multiple radios. Depending on
the driver, this could result in only a single one of the available
BSSes being available or the connection failing completely.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-05-11 13:29:43 +03:00
Jouni Malinen
ec4a5d32b1 Add ChangeLog entries from v1.0 release
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-10 22:12:07 +03:00
Jouni Malinen
349493bd0c Validate WEP key lengths based on driver capabilities
The nl80211 driver interface does not allow 128-bit WEP to be used
without a vendor specific cipher suite and no such suite is defined for
this purpose. Do not accept WEP key length 16 for nl80211 driver
interface forn ow. wext-interface can still try to use these for
backwards compatibility.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-10 14:34:46 +03:00
Ben Greear
157cdad59f wpa_supplicant: Fix overlapping memcpy on WPS interface addition
I think this should fix the following valgrind complaint:

==1972== Source and destination overlap in memcpy(0x5181708, 0x5181708, 16)
==1972==    at 0x4A073BA: memcpy (mc_replace_strmem.c:602)
==1972==    by 0x45872B: wpas_wps_set_uuid (wps_supplicant.c:1116)
==1972==    by 0x4599EC: wpas_wps_update_config (wps_supplicant.c:1747)
==1972==    by 0x4C8DB0: wpa_supplicant_update_config (wpa_supplicant.c:3090)
==1972==    by 0x4C3E5E: wpa_supplicant_reload_configuration (wpa_supplicant.c:746)
==1972==    by 0x4B8B37: wpa_supplicant_ctrl_iface_process (ctrl_iface.c:4082)
==1972==    by 0x4BA39C: wpa_supplicant_ctrl_iface_receive (ctrl_iface_unix.c:168)
==1972==    by 0x4114D4: eloop_sock_table_dispatch_table (eloop.c:335)
==1972==    by 0x411541: eloop_sock_table_dispatch (eloop.c:352)
==1972==    by 0x41200D: eloop_run (eloop.c:766)
==1972==    by 0x4C8B43: wpa_supplicant_run (wpa_supplicant.c:3010)
==1972==    by 0x4D44AD: main (main.c:286)

Signed-hostap: Ben Greear <greearb@candelatech.com>
intended-for: hostap-1
2012-05-10 10:57:59 +03:00
Jouni Malinen
ab28911dbf P2P: Deinitialize global P2P context on P2P mgmt interface removal
The P2P implementation assumes that the first wpa_s interface instance
is used to manage P2P operations and the P2P module maintains a pointer
to this interface in msg_ctx. This can result in issues (e.g., use of
freed memory) when the management interface is removed. Fix this by
deinitializing global P2P data if the interface that created it is
removed. This will disable P2P until the next interface is added.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-10 10:49:22 +03:00
Jouni Malinen
2249d7149e HS 2.0: Add Hotspot 2.0 ANQP elements to Interworking queries
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:30:55 +03:00
Jouni Malinen
64855b9682 HS 2.0: Indicate Hotspot 2.0 in BSS table and status
If the AP indicates support for Hotspot 2.0, show this in the
ctrl_iface commands for BSS table and status.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:30:23 +03:00
Jouni Malinen
0b12e96187 HS 2.0: Parse Hotspot 2.0 IE from IE list
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:30:10 +03:00
Jouni Malinen
cb4183249f HS 2.0: Add HS 2.0 Indication element into (Re)Association Request
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:30:04 +03:00
Jay Katabathuni
c923b8a537 HS 2.0: Add Hotspot 2.0 indication into Probe Request
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:29:58 +03:00
Jay Katabathuni
a8918e86b6 HS 2.0: Add Hotspot 2.0 station ctrl_iface
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:29:52 +03:00
Jay Katabathuni
66aadbd7bf HS 2.0: Add runtime configuration of Hotspot 2.0 station
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:29:45 +03:00
Jay Katabathuni
25471fe3b9 HS 2.0: Add Hotspot 2.0 ANQP routines
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:29:40 +03:00
Jay Katabathuni
c8a7f9a7b8 HS 2.0: Define Hotspot 2.0 OUI types and subtype values
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:29:25 +03:00
Jouni Malinen
8d2f05462c Remove scripts and notes related to the Windows binary package
There are no plans to continue making the Windows binary package for
wpa_supplicant for 1.x or newer releases, so remove the scripts and
notes that are related to this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-08 20:49:33 +03:00
Jouni Malinen
051c7bbdd0 P2P: Reject PD Request for unknown group
If PD Request includes P2P Group ID, verify that the specified
group matches with a group we are currently operating. If no match
is found, reject the PD Request for join-a-group case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 17:38:57 +03:00
Jouni Malinen
6f251b6bb5 P2P: Store SSID of the group in p2p_group data
This can be used with P2P management operations that need to verify
whether the local device is operating a specific group based on
P2P Group ID attribute from a peer.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 17:38:57 +03:00
Jouni Malinen
aa9bb7644b P2P: Allow older scan results to improve p2p_connect-auto robustness
Previusly the peer was assumed to not be operating a GO if the BSS entry
for it was not updated in the single scan run started by
p2p_connect-auto. This is not very robust since a scan may miss the peer
if either a Probe Request or Probe Response frame is lost. Improve
robustness by assuming the peer is still operating the GO and starting
the join operation. If the GO is not found during PD-for-join or the
single-channel scans during the join, fall back to GO Negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 17:38:57 +03:00
Jouni Malinen
701fe506c8 P2P: Do not use prov_disc_resp() callback for rejected PD
Commit 349b213cc8 added a separate
callback prov_disc_fail() for indicating PD failures, but it left the
Provision Discovery Response handler to call both callbacks in case the
peer rejected the PD. Commit f65a239ba4
added ctrl_iface event for PD failures. This combination can result in
two ctrl_iface events in the peer rejecting a PD case. Clean this up by
only indicating the failure event.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 17:02:28 +03:00
Jouni Malinen
3fe8b68d63 P2P: Wait 100 ms if driver fails to start listen operation
Some drivers may accept the remain-on-channel command, but instead of
indicating start event for remain-on-channel, just indicate that the
operation has been canceled immediately. This could result in continuous
loop of search/listen states with very limited time to do anything else
in wpa_supplicant if the scan command is also completed quickly (e.g.,
if the driver is unable to scan other channels than the current
operating channel).

As a workaround, do not start the next step (search) in P2P device
discovery if this type of rejection of listen operation is detected.
This gives some more time for wpa_supplicant to handle whatever else
may be needed at to be done at the same time and reduces the amount
of CPU used in a loop that does not really work correctly from the
view point of being discoverable.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-05-08 11:50:03 +03:00
Jouni Malinen
fea7c3a055 Ignore network blocks that have invalid WEP key length
Do not try to associate with a network that has an invalid or incomplete
configuration because the association or at least data connection would
fail anyway. This commits adds a common function for checking whether a
network block is disabled to make it easier to check network blocks
without having to reject them during configuration file parsing (which
would prevent wpa_supplicant from starting). The only additional check
added in this commit is to verify the WEP key length. Similar checks for
other parameters can be added in future commits.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-07 13:39:33 +03:00
Jouni Malinen
d90134e748 Update copyright and license notification in D-Bus interace P2P files
This adds the copyright notice for Intel and moves to the license
notification that uses only the BSD license. The changes were
acknowledged by email ("Berg, Johannes" <johannes.berg@intel.com>,
Mon, 7 May 2012 07:33:53 +0000).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-07 13:07:22 +03:00
Jouni Malinen
b031338cf0 Add preliminary RADIUS dynamic authorization server (RFC 5176)
This adds the basic DAS mechanism to enable hostapd to be configured
to request dynamic authorization requests (Disconnect-Request and
CoA-Request). This commit does not add actual processing of the
requests, i.e., this will only receive and authenticate the requests
and NAK them regardless of what operation is requested.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-06 22:02:42 +03:00
Jouni Malinen
af35e7af7f hostapd: Allow addition of arbitrary RADIUS attributes
New configuration parameters radius_auth_req_attr and
radius_acct_req_attr can now be used to add (or override) RADIUS
attributes in Access-Request and Accounting-Request packets.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 20:19:56 +03:00
Jouni Malinen
86f6053aa2 hostapd: Add optional Chargeable-User-Identity request (RFC 4372)
radius_request_cui=1 configuration parameter can now be used to
configure hostapd to request CUI from the RADIUS server by including
Chargeable-User-Identity attribute into Access-Request packets.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 18:19:54 +03:00
Jouni Malinen
4e132a618e hostapd: Copy Chargeable-User-Identity into accounting (RFC 4372)
If Access-Accept packet includes the Chargeable-User-Identity attribute,
copy this attribute as-is into accounting messages.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 18:05:09 +03:00
Jouni Malinen
4732ee3a87 Add more documentation for IEEE 802.11w/PMF configuration
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 16:48:23 +03:00
Jouni Malinen
3d332fe75e Fix SIM/USIM determination to support EAP-AKA'
Both EAP-AKA and EAP-AKA' use USIM. Without this change, use of real
USIM card for EAP-AKA' was not allowed to proceed, i.e., only the
software simulated USIM operations were supported.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-05 14:19:13 +03:00
Jouni Malinen
5daba48ca7 hlr_auc_gw: Use 5 bit IND for SQN updates
Change the SQN generation mechanism to use not time-based Profile 2
as described in 3GPP TS 33.102 Annex C.3.2. The previous implementation
used void IND (i.e.., all of SQN was SEQ1). The new default uses 5 bits
of SQN as IND. The length of IND can be configured on the command line
with the new -i<IND len in bits> parameter. -i0 would make hlr_auc_gw
behave in the same way as the previous implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 14:12:42 +03:00
Jouni Malinen
5336861301 hlr_auc_gw: Add support for updating Milenage file SQN
If the new command line argument -u is used, hlr_auc_gw will update
the Milenage file SQN numbers when exiting based on what was the last
SQN used during the process runtime.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-03 22:39:49 +03:00
Jouni Malinen
057a92ec5c hlr_auc_gw: Fix CONFIG_WPA_TRACE=y build
Need to initialize tracing code and use correct free() wrapper.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-03 22:05:04 +03:00
Jouni Malinen
f765701faf P2P: Add P2P information for Doxygen docs
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 18:08:23 +03:00
Xi Chen
f2e03085d7 WNM: Define IEEE 802.11v WNM-Sleep elements
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 18:08:19 +03:00
Wei-Jen Lin
1298c14594 Allow pbc_in_m1 workaround to be enabled in wpa_supplicant AP mode
This workaround for Windows 7 WPS probing mechanism was previously
allowed only with hostapd, but the same interoperability issue can
happen with wpa_supplicant AP/GO mode. Allow the workaround to be
enabled in wpa_supplicant configuration for these uses.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 16:51:04 +03:00
Wei-Jen Lin
f571b593ba P2P: Clone max_sta_num parameter for group interfaces
This is needed to allow the max_sta_num parameter set in the main
configuration file to apply to dynamically created P2P group
interfaces.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-05-03 16:41:15 +03:00
Jouni Malinen
6434ad09d6 Scan only 2.4 GHz band for OBSS scans
Since we are reporting 20/40 BSS coex information only for 2.4 GHz band,
there is no need to run the full scan on dualband cards.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 15:55:42 +03:00
Rajkumar Manoharan
c3701c66a5 Add handling of OBSS scan requests and 20/40 BSS coex reports
Add support for HT STA to report 40 MHz intolerance to the associated AP.
A HT station generates a report (20/40 BSS coexistence) of channel list
if it finds a non-HT capable AP or a HT AP which prohibits 40 MHz
transmission (i.e., 40 MHz intolerant bit is set in HT capabilities IE)
from the scan results.

Parse the OBSS scan parameter from Beacon or Probe Response frames and
schedule periodic scan to generate 20/40 coexistence channel report if
requested to do so. This patch decodes Scan Interval alone from the OBSS
Scan Parameters element and triggers scan on timeout.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 15:55:38 +03:00
Rajkumar Manoharan
73cdd917a3 Define 20/40 BSS Coexistence elements
This patch defines 20/40 BSS Intolerant Channel Report element
(IEEE 802.11-2012 8.4.2.60) and 20/40 BSS Coexistence element
(IEEE 802.11-2012 8.4.2.62).

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 15:55:35 +03:00
Jouni Malinen
762e4ce620 EAP-AKA': Update to RFC 5448
There was a technical change between the last IETF draft version
(draft-arkko-eap-aka-kdf-10) and RFC 5448 in the leading characters
used in the username (i.e., use unique characters for EAP-AKA' instead
of reusing the EAP-AKA ones). This commit updates EAP-AKA' server and
peer implementations to use the leading characters based on the final
RFC.

Note: This will make EAP-AKA' not interoperate between the earlier
draft version and the new version.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-02 20:45:01 +03:00
Jouni Malinen
8351998313 EAP-AKA' server: Fix identity for MK derivation
Incorrect identity string could end up being used with EAP-AKA' when
the EAP client is using pseudonym. This code was supposed to use
sm->identity just like the EAP-AKA case.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-02 20:40:11 +03:00