Rework the Acct-Session-Id and Acct-Multi-Session-Id implementation to
give better global and temporal uniqueness. Previously, only 32-bits of
the Acct-Session-Id would contain random data, the other 32-bits would
be incremented. Previously, the Acct-Multi-Session-Id would not use
random data. Switch from two u32 variables to a single u64 for the
Acct-Session-Id and Acct-Multi-Session-Id. Do not increment, this serves
no legitimate purpose. Exclusively use os_get_random() to get quality
random numbers, do not use or mix in the time. Inherently take a
dependency on /dev/urandom working properly therefore. Remove the global
Acct-Session-Id and Acct-Multi-Session-Id values that serve no
legitimate purpose.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
These can get allocated within eapol_auth_alloc(), so it is more logical
to free them in eapol_auth_free() instead of ieee802_1x_free_station()
that ends up calling eapol_auth_free().
Signed-off-by: Jouni Malinen <j@w1.fi>
Need to include these headers in C++ files for adding a binder interface
to wpa_supplicant. So, fix the following C++ compiler errors in them:
1. Add explicit C-style casts in wpa_buf.h header.
2. Move the nested definition of wpa_driver_scan_ssid in driver.h
outside of wpa_driver_scan_params because it is used in another
structure below.
Signed-off-by: Roshan Pius <rpius@google.com>
Event-Timestamp should be sent for all Accounting-Request packets and
only after the system clock has a sane value, not where there's a value
close to the Unix time epoch.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Calculate the required length needed for the extra ANQP elements added
to GAS response buffer instead of using fixed size and truncating the
response if there was not sufficient space.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Fix a possible null pointer dereference in tls_parse_pkcs12() when
loading a PKCS#12 file for the server keys and the file includes extra
certificates.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Need to clear the pac pointer for the first error case to avoid freeing
the previous PAC entry if the following entry has an invalid header.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Acct-Authentic is used to indicate how the user was authenticated and as
such, should not be sent in Accounting-On and Accounting-Off.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Per RFC 2866, 5.10, it is invalid to send Acct-Terminate-Cause in
Accounting-On and Accounting-Off (this is included only when
Acct-Status-Type is set to Stop).
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Ensure that if it is not possible to configure an allowed 20 MHz
channel pair, hostapd falls back to a single 20 MHz channel.
Signed-off-by: Eduardo Abinader <eabinader@ocedo.com>
If an interface is removed, zero the remembered ifindex.
Don't try to set properties on the interface when it is removed.
Signed-off-by: Roy Marples <roy@marples.name>
In the Android-specific case, make ca_cert directive parse a
space-separated list of hex-encoded CA certificate aliases following the
"keystores://" prefix. Server certificate validation should succeed as
long as the chain ends with one of them.
Signed-off-by: Rubin Xu <rubinxu@google.com>
Use the interface index from the correct structure according to the
message instead of assuming rtm_index is correct.
Signed-off-by: Roy Marples <roy@marples.name>
Couple of the image info fields were not printed previously in debug
log. Add those to make this more complete.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to debug AP selection issues in case of a invalid
RSN element or use of customer cipher suites that are not supported by
wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Number of deployed 80 MHz capable VHT stations that do not support 80+80
and 160 MHz bandwidths seem to misbehave when trying to connect to an AP
that advertises 80+80 or 160 MHz channel bandwidth in the VHT Operation
element. To avoid such issues with deployed devices, modify the design
based on newly proposed IEEE 802.11 standard changes.
This allows poorly implemented VHT 80 MHz stations to connect with the
AP in 80 MHz mode. 80+80 and 160 MHz capable stations need to support
the new workaround mechanism to allow full bandwidth to be used.
However, there are more or less no impacted station with 80+80/160
capability deployed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The called function nl80211_ht_vht_overrides() was not freeing "msg"
resource in error cases.
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
The PMKSA caching and RSN pre-authentication components were marked as
conditional on IEEE8021X_EAPOL. However, the empty wrappers are needed
also in a case IEEE8021X_EAPOL is defined with CONFIG_NO_WPA.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to follow a debug log from a hostapd process that
manages multiple interfaces.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The ap_sta_deauth_cb and ap_sta_disassoc_cb eloop timeouts are used to
clear a disconnecting STA from the kernel driver if the STA did not ACK
the Deauthentication/Disassociation frame from the AP within two
seconds. However, it was possible for a STA to not ACK such a frame,
e.g., when the disconnection happened due to hostapd pruning old
associations from other BSSes and the STA was not on the old channel
anymore. If that same STA then started a new authentication/association
with the BSS, the two second timeout could trigger during this new
association and result in the STA entry getting removed from the kernel.
Fix this by canceling these eloop timeouts when receiving an indication
of a new authentication or association.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
clang started warning about the use of || with constants that came from
PCSC_FUNCS not being enabled in the build. It seems to be easier to just
ifdef this block out completely since that has the same outcome for
builds that do not include PC/SC support.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use compatibility wrapper functions to allow a single implementation
based on the latest OpenSSL API to be used to implement these functions
instead of having to maintain two conditional implementation based on
the library version.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use compatibility wrapper functions to allow a single implementation
based on the latest OpenSSL API to be used to implement these functions
instead of having to maintain two conditional implementation based on
the library version.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The changes needed for OpenSSL 1.1.0 had broken this since LibreSSL is
defining OPENSSL_VERSION_NUMBER in a manner that claims it to be newer
than the current OpenSSL version even though it does not support the
current OpenSSL API.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the final Phase 2 message needed fragmentation, EAP method decision
was cleared from UNCOND_SUCC or COND_SUCC to FAIL and that resulted in
the authentication failing when the EAP-Success message from the server
got rejected. Fix this by restoring the EAP method decision after
fragmentation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Now the these functions cannot be made to fail by forcing the memory
allocation fail since the OpenSSL-internal version is used, add
TEST_FAIL check to allow OOM test cases to be converted to use the
TEST_FAIL mechanism without reducing coverage.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The EVP_CIPHER_CTX structure will be made opaque in OpenSSL 1.1.0, so
need to use EVP_CIPHER_CTX_new() with it instead of stack memory. The
design here moves the older OpenSSL versions to use that dynamic
allocation design as well to minimize maintenance effort.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The SSL_CIPHER **cipher argument was marked const in OpenSSL 1.1.0
pre-release 2 similarly to how this is in BoringSSL. Fix build with that
in preparation for supporting OpenSSL 1.1.0.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Free the allocated structure in error cases to remove need for each EAP
method to handle the error cases separately. Each registration function
can simply do "return eap_server_method_register(eap);" in the end of
the function.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Free the allocated structure in error cases to remove need for each EAP
method to handle the error cases separately. Each registration function
can simply do "return eap_peer_method_register(eap);" in the end of the
function.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Create global init to handle socket calls and route messages.
Register each interface inside the global driver so that
routing messages can find the interface based on rtm_ifindex.
Signed-off-by: Roy Marples <roy@marples.name>
We shouldn't use drv->ctx as it always points to the first BSS. When
using FullMAC driver with multi-BSS support it resulted in incorrect
treating nl80211 events. I noticed with with brcmfmac and BCM43602.
Before my change I was getting "disassociated" on a wrong interface:
wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: associated
wlan0-1: STA 78:d6:f0:00:11:22 WPA: pairwise key handshake completed (RSN)
wlan0: STA 78:d6:f0:00:11:22 IEEE 802.11: disassociated
With this patch it works as expected:
wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: associated
wlan0-1: STA 78:d6:f0:00:11:22 WPA: pairwise key handshake completed (RSN)
wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: disassociated
This doesn't apply to hostapd dealing with SoftMAC drivers when handling
AP SME & MLME is done it hostapd not the firmware.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
If wpa_supplicant was first configured with PKCS #12 -based client
certificate chain and then used with another network profile that used a
different certificate chain from a X.509 certificate PEM file instead of
PKCS#12, the extra certificate chain was not reconstructed properly with
older versions of OpenSSL that 1.0.2. This could result in the
authentication failing due to the client certificate chain not being
complete or including incorrect certificates.
Fix this by clearing the extra certificate chain when setting up a new
TLS connection with OpenSSL 1.0.1. This allows OpenSSL to build the
chain using the default mechanism in case the new TLS exchange does not
use PKCS#12.
The following hwsim test case sequence was able to find the issue:
ap_wpa2_eap_tls_pkcs12 ap_wpa2_eap_tls_intermediate_ca_ocsp
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
n_chans can have only values 1, 2, or 4 in this function, so the -1 case
could never be reached. Remove the unreachable case to get rid of static
analyzer warnings.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
chan is set to the result of pointer arithmetic (pointer to an entry in
an array) that can never be NULL. As such, there is no need to check for
it to be non-NULL before deference. Remove this check to avoid
complaints from static analyzers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Offloading of ACS to the driver changed the design a bit in a way that
iface->current_mode could actually be NULL when the offloaded ACS
mechanism supports band selection in addition to channel selection. This
resulted in a combination that is too complex for static analyzers to
notice. While acs_init() can be called with iface->current_mode == NULL
that is only in the case where WPA_DRIVER_FLAGS_ACS_OFFLOAD is in use.
In other words, the actual ACS functions like acs_cleanup() that would
dereference iface->current_mode are not used in such a case.
Get rid of static analyzer warnings by explicitly checking
iface->current_mode in acs_init() for the case where ACS offloading is
not used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to debug issues with old scan results being ignored
during P2P_FIND. A single rx_time would have been fine with
os_gettime(), but with os_get_reltime(), both rx_time and find_start
values are needed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There was a race condition in how the l2_packet sockets got read that
could result in the same socket (e.g., non-bridge) to process both the
EAP-Success and the immediately following EAPOL-Key msg 1/4 instead of
each frame going in alternative order between the bridge and non-bridge
sockets. This could be hit, e.g., if the wpa_supplicant process did not
have enough CPU to process all the incoming frames without them getting
buffered and both sockets reporting frames simultaneously.
This resulted in the duplicated EAP-Success frame getting delivered
twice for processing and likely also the EAPOL-Key msg 1/4 getting
processed twice. While the latter does not do much harm, the former did
clear the EAP authentication state and could result in issues.
Fix this by extended the l2_packet Linux packet socket workaround for
bridge to check for duplicates against the last two received frames
instead of just the last one.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the packet socket on the bridge interface to receive
own transmitted frames between the bridge and non-bridge sockets
receiving the same incoming frame from a foreign host. This resulted in
the hash checksum validation step failing to notice a duplicate RX due
to the own frame updating the store hash value.
The own frame did get dropping in RX EAPOL processing, but that was too
late to address the issue with duplicate RX. Fix this by dropping own
frames already in l2_packet layer before checking and updating the last
RX hash value.
Signed-off-by: Jouni Malinen <j@w1.fi>
This function can fail at least in theory, so check its return value
before proceeding. This is mainly helping automated test case coverage
to reach some more error paths.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was reported to fail with Windows 2012r2 with "Invalid Compound_MAC
in cryptobinding TLV". It turns out that the server decided to go
through inner EAP method (EAP-MSCHAPv2 in the reported case) even when
using PEAP fast-reconnect. This seems to be against the [MS-PEAP]
specification which claims that inner EAP method is not used in such a
case. This resulted in a different CMK being derived by the server (used
the version that used ISK) and wpa_supplicant (used the version where
IPMK|CMK = TK without ISK when using fast-reconnect).
Fix this interop issue by making wpa_supplicant to use the
fast-reconnect version of CMK derivation only when using TLS session
resumption and the server having not initiated inner EAP method before
going through the cryptobinding exchange.
Signed-off-by: Jouni Malinen <j@w1.fi>
Nick Lowe