To enable making state change notifications on the WLAN_STA_AUTHORIZED
flag, introduce ap_sta_set_authorized(), and to reduce use of the flag
itself also add a wrapper for testing the flag: ap_sta_is_authorized().
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Previously, both NULL and ff:ff:ff:ff:ff:ff addr were used in various
places to indicate default/broadcast keys. Make this more consistent
and useful by defining NULL to mean default key (i.e., used both for
unicast and broadcast) and ff:ff:ff:ff:ff:ff to indicate broadcast
key (i.e., used only with broadcast).
This is not needed anymore and just makes things more difficult
to understand, so move the remaining function pointers to direct
function calls and get rid of the struct hostapd_driver_ops.
send_eapol, set_key, read_sta_data, sta_clear_stats,
set_radius_acl_auth, set_radius_acl_expire, and set_beacon
to use inline functions instead of extra abstraction.
wlan0: RADIUS No authentication server configured
MEMLEAK[0x999feb8]: len 1040
WPA_TRACE: memleak - START
[3]: ./hostapd(radius_msg_new+0x33) [0x8074f43]
radius_msg_new() ../src/radius/radius.c:117
[4]: ./hostapd() [0x806095e]
ieee802_1x_encapsulate_radius() ../src/ap/ieee802_1x.c:439
ieee802_1x_aaa_send() ../src/ap/ieee802_1x.c:1496
For example, this error occured when I used WPS hostapd without
"eap_server=1" definition in configuration file.
This commit adds a new wrapper, random_get_bytes(), that is currently
defined to use os_get_random() as is. The places using
random_get_bytes() depend on the returned value being strong random
number, i.e., something that is infeasible for external device to
figure out. These values are used either directly as a key or as
nonces/challenges that are used as input for key derivation or
authentication.
The remaining direct uses of os_get_random() do not need as strong
random numbers to function correctly.
Commit c3fc47ea8e fixed EAP passthrough
server to allow Logoff/Re-authentication to be used. However, it
broke EAP standalone server while doing that. Fix this by reverting
the earlier fix and by clearing the EAP Identity information in the
EAP server code whenever an EAPOL-Start or EAPOL-Logoff packet is
received.
If the station does not include WSC IE in Association Request, it
is marked with WLAN_STA_MAYBE_WPS flag. We can update that to
WLAN_STA_WPS if the station uses either of the WPS identity strings.
This enables some workarounds for WPS stations.
Commit c02d52b405 removed direct calls
to the WPA authenticator, but the change here was incorrect.
EAPOL_SM_USES_WPA was supposed to be set based on sta->wpa_sm being
set, i.e., no need to check for PMKSA entries for that.
While this could potentially change EAPOL Key TX state machine behavior,
no clear problems have been identified so far. Anyway, better fix this
to get the correct flags set for EAPOL authenticator state machine.
Doxygen and some build tools may get a bit confused about same file
name being used in different directories. Clean this up a bit by
renaming some of the duplicated file names in src/ap.
This code can be shared by both hostapd and wpa_supplicant and this
is an initial step in getting the generic code moved to be under the
src directories. Couple of generic files still remain under the
hostapd directory due to direct dependencies to files there. Once the
dependencies have been removed, they will also be moved to the src/ap
directory to allow wpa_supplicant to be built without requiring anything
from the hostapd directory.
Jouni Malinen