Commit graph

3187 commits

Author SHA1 Message Date
Jouni Malinen
658d166297 FT: Use correct BSSID when deriving PTK and verifying MIC
The old version was using struct wpa_sm::bssid which is not necessarily
updated to point to the correct target address when doing over-the-air FT
since the address is used before the association has actually been
completed.
2008-03-12 11:20:20 +02:00
Jouni Malinen
58a98fb027 Delete PTK SA on (re)association if this is not part of a Fast BSS
Transition. This fixes a potential issue where an incorrectly behaving AP
could send a group key update using the old (now invalid after reassociate)
PTK. This could also happen if there is a race condition between reporting
received EAPOL frames and association events.
2008-03-12 11:18:57 +02:00
Ryan Hill
748e54937d The attached patch fixes a few build errors when compiling with GCC 4.3,
caused by a few missing header includes. It was done against 0.5.8, but
still applies to 0.5.10.
2008-03-12 09:39:25 +02:00
Jouni Malinen
ccfab35a6a Silence gcc 4.3.0 warnings about invalid array indexes 2008-03-12 09:33:18 +02:00
Jouni Malinen
502a293e30 TNC: Added TNC server support into documentation and ChangeLogs 2008-03-09 12:14:15 +02:00
Jouni Malinen
c80a74d70c TNC: Integrated TNC support into EAP-TTLS server
If TNC is enabled, EAP-TTLS will run a second EAP (TNC) inside the tunnel
after a successful authentication.
2008-03-09 12:05:06 +02:00
Jouni Malinen
35f39ac4c9 TNC: Fixed TNC when using EAP-TTLS with non-EAP Phase 2
Need to process EAP AVP after the non-EAP Phase 2 method. In addition,
EAP-TTLS/MSCHAPv2 needs special code for handling the starting of TNC after
extra roundtrip of MSCHAPv2 success message.
2008-03-09 12:04:10 +02:00
Jouni Malinen
7db0fca522 TNC: Integrated TNC support into EAP-FAST server
Tunneled EAP sequence is now used to perform both the authentication (e.g.,
using EAP-GTC) and TNC validation (EAP-TNC) inside the EAP-FAST tunnel if
TNC has been enabled.
2008-03-09 11:22:17 +02:00
Jouni Malinen
4f1c561725 TNC: Added support for using TNC with EAP-FAST 2008-03-09 11:21:01 +02:00
Jouni Malinen
c3e258ae9f TNC: Provide 'tnc' configuration option for EAP server and methods 2008-03-09 10:42:53 +02:00
Jouni Malinen
da08a7c732 TNC: Added preliminary TNC implementation for hostapd
This adds EAP-TNC method and TNCS (IF-IMV and IF-TNCCS) functionality.
There is no integration with EAP-TTLS and EAP-FAST at this point, so this
version is not yet suitable for real use (i.e., EAP-TNC can only be tested
outside a tunnel which is not an allowed configuration for deployment).
However, the basic TNCS functionality is more or less complete and this
version seems to interoperate with wpa_supplicant.
2008-03-09 10:37:18 +02:00
Jouni Malinen
8e888179e1 Make the "invalid group" error show up with default verbosity level 2008-03-06 22:49:46 +02:00
Dan Williams
d113aa91ca Fix qt3 wpa_gui build
When a WpaMsg item to the QValueList WpaMsgList, there's no constructor
that the QValueList can call.  This is a port of the fix from the stable
branch where it builds fine.
2008-03-05 18:30:01 +02:00
Dan Williams
cf7a576f67 Fix potential use-after-free in dbus byte array demarshaling code
The byte array code should be clearing its own pointer, not the string
array pointer.
2008-03-05 16:15:10 +02:00
Jouni Malinen
9474b3a4e4 Added a missing '#' to indicate a comment. 2008-03-05 16:06:43 +02:00
Jouni Malinen
c673c5fc0f Renamed local DBUS_VERSION define to avoid conflict with dbus 1.1 headers 2008-03-05 16:05:26 +02:00
Jouni Malinen
13b3f33942 EAP-FAST: Verify that identity from PAC-Opaque matches with Phase 2 (GTC) 2008-02-27 18:00:12 -08:00
Jouni Malinen
7914585fe0 EAP-FAST: Cleaned up TLV processing and added support for EAP Sequences
Number of TLVs were processed in groups and these cases were now separated
into more flexible processing of one TLV at the time. wpabuf_concat()
function was added to make it easier to concatenate TLVs. EAP Sequences are
now supported in both server and peer code, but the server side is not
enabled by default.
2008-02-27 17:59:34 -08:00
Jouni Malinen
2bab8ae401 EAP-FAST: Define and use EAP_FAST_CMK_LEN 2008-02-27 17:58:46 -08:00
Jouni Malinen
ed5a02fd94 Removed extra '_' from struct eap_tlv_crypto_binding__tlv name 2008-02-27 17:58:13 -08:00
Jouni Malinen
cdd1bc9288 EAP-FAST: Divided eap_fast_process() into number of helper functions 2008-02-27 17:57:49 -08:00
Jouni Malinen
7f4c1d4300 EAP-FAST: Moved common peer/server functionality into a shared file 2008-02-27 17:57:19 -08:00
Jouni Malinen
a4819630f6 EAP-FAST: Added shared helper functions for building TLVs 2008-02-27 17:56:30 -08:00
Jouni Malinen
829f14be17 EAP-FAST: Add peer identity into EAP-FAST PAC-Opaque
This allows Phase 2 Identity Request to be skipped if the identity is
already known from PAC-Opaque received in TLS handshake in order to save
one roundtrip from normal authentication.
2008-02-27 17:55:40 -08:00
Jouni Malinen
67b941993a Preparations for 0.4.11 release 2008-02-27 17:54:41 -08:00
Jouni Malinen
b0194fe07e Added max_listen_interval configuration option
This allows associations to be denied if the STA tries to use too large
listen interval. The default value is 65535 which matches with the field
size limits.
2008-02-27 17:54:06 -08:00
Jouni Malinen
4d6c3de3df driver_ralink: Make sure assoc_{req,resp}_ies do not get double-freed 2008-02-27 17:53:22 -08:00
Jouni Malinen
5e77500c4f driver_ralink: Use os_strlcpy instead of os_strncpy to ensure null
termination
2008-02-27 17:52:43 -08:00
Jouni Malinen
d04cbdd640 driver_ralink: Fixed couple of memory leaks on error path 2008-02-27 17:52:05 -08:00
Jouni Malinen
a6ee047fcb Verify that os_get_time() does not fail before using the time value when
registering an eloop timeout.
2008-02-27 17:50:36 -08:00
Jouni Malinen
72822e7be4 Fixed base64_decode() reject empty input buffers 2008-02-27 17:49:59 -08:00
Jouni Malinen
380da72b80 Enforce non-zero MPPE key length 2008-02-27 17:49:24 -08:00
Kel Modderman
eff06a7cdb Enhance manpage with use of emphasis instead of strong quote
The Debian package checker "lintian" was making noise about
wpa_supplicant.conf(5). It was caused by a line beginning with ', which is
apparently not liked by man(1).

I suggest the use of <emphasis>word</emphasis> where 'word' is used at the
moment.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-02-27 17:48:23 -08:00
Jouni Malinen
6076f6ce08 Silence SIOCSIWAUTH ioctl failure message.
These are expected in most cases and there is no need to confuse users
with the messages in stderr (perror was used here). These are now only
shown in debug output and EOPNOTSUPP errors are silently ignored.
2008-02-27 17:47:23 -08:00
Jouni Malinen
dc366e8e85 Added listen interval to hostapd sta_add() driver function 2008-02-27 17:45:00 -08:00
Jouni Malinen
3b46a31ec7 Added files that cg-init excluded 2008-02-27 17:36:06 -08:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00