Commit graph

9272 commits

Author SHA1 Message Date
Jouni Malinen
bbf20ca265 tests: Use TYPE=ONLY scan for scan_for_bss
This avoids unexpected connection attempts in cases a matching network
is enabled and there is no existing connection (e.g., when testing with
ENABLE_NETWORK no-connect option).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-27 16:12:41 +03:00
Jouni Malinen
bf700cc3d2 tests: Skip ap_wpa2_tdls_concurrent_init on failure
A mac80211 TDLS validation change ended up breaking test functionality
that was needed for this test case. Instead of reporting this known
issue as a FAIL every time, mark the test as SKIP since the issues is
known and there are no plans of "fixing" it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-27 11:30:56 +03:00
Jouni Malinen
36e7fbce34 tests: PMKSA_FLUSH
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-27 10:50:19 +03:00
Ahmad Kholaif
79e2b1cc54 Add PMKSA_FLUSH ctrl_iface command
"PMKSA_FLUSH" can now be used to flush PMKSA cache entries over the
control interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-27 10:44:22 +03:00
Jouni Malinen
55c2bfa9eb wpa_cli: Support action scripts with global ctrl_iface
This extends "wpa_cli -a<action script>" functionality to work with the
global wpa_supplicant control interface. The IFNAME=<ifname> prefix is
removed from the event messages and converted to the control interface
name when present. Previously, action scripts could only be used with
the per-interface control interfaces.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-26 15:45:53 +03:00
Jouni Malinen
063f85043d wpa_cli: Increase event buffer size to 4096 bytes
Number of other buffers were already increased to this size, but the
buffer used for receiving unsolicited event messages from wpa_supplicant
(e.g., for wpa_cli action scripts) was still at the older 256 byte size.
This could result in some events getting truncated. Avoid this by using
the same 4096 byte buffer size here as in the other places receiving
messages from wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-26 15:45:53 +03:00
Jouni Malinen
fa0e91767d wpa_cli: Fix PING in interactive mode with ifname_prefix
The ifname_prefix string could change during line editing and the
periodic PING command running in the background ended up getting the
latest snapshot of the command line due to the pointer being left to
point to the edit buffer. This resulted in unexpected prefix strings
getting used with the periodic PING command. Fix this by temporarily
clearing the ifname_prefix whenever running such a periodic PING.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-26 15:45:53 +03:00
Sunil Dutt
c53a9bf818 Check for driver's DFS offload capability before handling DFS
This fixes couple of code paths where the WPA_DRIVER_FLAGS_DFS_OFFLOAD
flag was not checked properly and unexpected DFS operations were
initiated (and failed) in case the driver handles all these steps.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-22 16:50:28 +03:00
Jouni Malinen
068e38771e STA: Update scan results for ap_scan=1 skip-selection case also
The commit 5cd4740580 has rearranged the
update scan results code and hence the IEs were not getting updated
properly for ap_scan=1 case. This can result in a 4-way handshake
failure in the roaming case (IE mismatch in 3/4 EAPOL). Fix this by
updating the scan results even if ap_scan=1 is used and network does not
need to get reselected based on association information.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-13 17:31:58 +03:00
Dan Williams
7a4a93b959 dbus: Add SignalPoll() method to report current signal properties
Analogous to the control interface's SIGNAL_POLL request.

Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-09-13 17:21:54 +03:00
vandwalle
a6ab82d7b4 Android: Add NO_EVENTS parameter to status command
It also allows to use the STATUS command with default behavior,
say for debug, i.e., don't generate a "fake" CONNECTION and
SUPPLICANT_STATE_CHANGE events with the new STATUS-NO_EVENTS case.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-09-13 17:03:16 +03:00
Jouni Malinen
df2508d7a8 P2P: Check os_get_random() return value more consistently
In theory, this call could fail, so check the return value before using
the received data. These specific cases would not really care much about
the failures, but this keeps the code more consistent and keeps static
analyzer warnings more useful. (CID 72678, CID 72679, CID 72680,
CID 72683, CID 72689, CID 72698, CID 72703)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-13 16:27:52 +03:00
Jouni Malinen
54461f3e03 RADIUS server: Remove unreachable code
The previous break will already stop the loop, so this unnecessary check
can be removed (CID 72708).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-13 16:22:16 +03:00
Darshan Paranji Sri
e4474c1c20 FT: Fix hostapd with driver-based SME to authorize the STA
The driver-based SME case did not set STA flags properly to the kernel
in the way that hostapd-SME did in ieee802_11.c. This resulted in the FT
protocol case not marking the STA entry authorized. Fix that by handling
the special WLAN_AUTH_FT case in hostapd_notif_assoc() and also add the
forgotten hostapd_set_sta_flags() call to synchronize these flag to the
driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-12 18:46:56 +03:00
Jouni Malinen
a567aae4a1 tests: Roaming policy change with the bssid parameter
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-11 15:59:42 +03:00
Jouni Malinen
0800f9ee6c nl80211: Add roaming policy update using QCA vendor command
This allows updating roaming policy for drivers that select the BSS
internally so that wpa_supplicant (based on bssid parameter
configuration) and the driver remain in sync.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-11 15:59:42 +03:00
Jouni Malinen
0ef023e478 Add support for driver command to update roaming policy
The network block bssid parameter can be used to force a specific BSS to
be used for a connection. It is also possible to modify this parameter
during an association. Previously, that did not result in any
notification to the driver which was somewhat problematic with drivers
that take care of BSS selection. Add a new mechanism to allow
wpa_supplicant to provide a driver update if the bssid parameter change
for the current connection modifies roaming policy (roaming
allowed/disallowed within ESS).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-11 15:59:42 +03:00
Jouni Malinen
0cd9846c63 nl80211: Print debug info on STA flag changes
This makes it easier to follow how kernel STA flags are managed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-11 11:25:04 +03:00
Jouni Malinen
17e2091279 P2P: Fix radio work issue with wait-for-peer GO Negotiation
If a TX status event and RX event for a GO Negotiation frame gets
delayed long enough to miss the initial wait, it was possible for
reception of a GO Negotiation Response frame with status 1 to try to
initiate a new p2p-listen work item to wait for the peer to become ready
while a previous p2p-listen was already in progress due to that earlier
timeout while waiting for peer. This would result in the new
start_listen request getting rejected ("P2P: Reject start_listen since
p2p_listen_work already exists") and the negotiation not proceeding.

Work around this by using P2P_WAIT_PEER_CONNECT state instead of
P2P_WAIT_PEER_IDLE if P2P_CONNECT_LISTEN state has already been entered
when processing this special GO Negotiation Response status=1 case. This
can avoid double-scheduling of p2p-listen and as such, completion of the
GO negotiation even if the driver event or peer response are not
received in time (the response is supposed to be there within 100 ms per
spec, but there are number of deployed devices that do not really meet
this requirement).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-09 18:00:42 +03:00
Jouni Malinen
76db5b6b12 Work around broken AP PMKSA caching implementation
An interoperability issue with a deployed AP has been identified where
the connection fails due to that AP failing to operate correctly if
PMKID is included in the Association Request frame. To work around this,
allow EAPOL-Start packet to be transmitted on startWhen reaching 0 even
when trying to use PMKSA caching. In practice, this allows fallback to
full EAP authentication if the AP/Authenticator takes more than 1-2
seconds to initiate 4-way handshake for PMKSA caching or full EAP
authentication if there was no PMKSA cache match.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-08 17:18:01 +03:00
Jouni Malinen
b08d5fa793 WPS: Set EAPOL workarounds dynamically based on association
Previously, the shorter startWhen value was used based on build
parameters (i.e., if WPS was enabled). This is not really ideal and the
knowledge of WPS use can be provided to the EAPOL state machine to allow
this (and similar WPS workarounds) to be done only when the association
is for the purpose of WPS.

Reduce the default startWhen value from 3 to 2 seconds for non-WPS case
since WPS builds have likely received most testing for the past years
with the 1 second value and there is no strong justification for forcing
the longer 3 second wait should a frame be lost or something else
require the EAPOL-Start to initiate operation after a connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-08 17:16:04 +03:00
Jouni Malinen
8511a0f67b WPS: Extend internal entropy pool help for key/snonce derivation
The internal entropy pool was previously used to prevent 4-way handshake
in AP mode from completing before sufficient entropy was available to
allow secure keys to be generated. This commit extends that workaround
for boards that do not provide secure OS level PRNG (e.g., /dev/urandom
does not get enough entropy) for the most critical WPS operations by
rejecting AP-as-enrollee case (use of AP PIN to learn/modify AP
configuration) and new PSK/passphrase generation. This does not have any
effect on devices that have an appropriately working OS level PRNG
(e.g., /dev/random and /dev/urandom on Linux).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-08 12:54:18 +03:00
Dmitry Shmidt
abc05534aa Remove WPA_EVENT_SCAN_STARTED message from MSG_INFO log
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-09-07 19:54:39 +03:00
Eduardo Abinader
c45dabb855 P2P: Deauth p2p client just after dbus notify
Currently to signal PropertiesChanged upon group client
removal (group property), wpa_supplicant dbus uses wpa_s
members like go_dev_addr and current_ssid, for instance.
Thus, deferring p2p client deauth to after dbus notify,
but keeping the same order as before, solves the issue,
as wpa_s is not yet completely deinitialized.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-09-07 19:50:32 +03:00
Eduardo Abinader
3ee18569f5 nl80211: Register eloop after hs20 action frame
Even when hs20 action frame is unable to be registered,
for whatever reason, it should be possible to register
event handle for received driver messages. This patch also
avoids a segmentation fault, when p2p and hs20 were enabled
and GO NEG was unable to create p2p iface, the destroy eloop
was crashing by reading an invalid handle.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-09-07 19:22:49 +03:00
Dan Williams
3bd3257a0a dbus: add BSS Age property to indicate last-seen time
"Age" is the age in seconds since the BSS was last seen, and is
emitted as a PropertyChanged signal whenever the BSS is updated
from a scan result. It also returns the correct age when queried
directly.

This property can be used to resolve issues where, if no other
properties of the BSS changed from scan results (for example,
if the BSS always had 100% signal) no D-Bus signals would be
emitted to indicate that the BSS had just been seen in the scan.

Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-09-07 19:18:45 +03:00
Masashi Honma
5c61d214ad openssl: Fix memory leak in openssl ec deinit
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-09-07 19:14:18 +03:00
Jouni Malinen
10e7948f76 Fix hostapd GET_CONFIG wpa_pairwise_cipher value
Copy-paste error ended up getting rsn_pairwise_cipher value for both
rsn_pairwise_cipher and wpa_pairwise_cipher (CID 72693).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-07 18:40:05 +03:00
Jouni Malinen
3a413e0ed8 RADIUS client: Check getsockname() return value
In theory, this function could fail, so check the return value before
printing out the RADIUS local address debug message (CID 72700).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-07 18:35:46 +03:00
Jouni Malinen
9c196f7703 HTTP: Fix OCSP status check
Due to a missing curly brackets, the OCSP status checking was not
working in the expected way. Instead of allowing optional-OCSP
configuration to accept connection when OCSP response was ready, all
such cases were marked as hard failures. In addition, the debug prints
were not necessarily accurate for the mandatory-OCSP-but-no-response
case (CID 72694, CID 72704).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-07 18:30:58 +03:00
Jouni Malinen
cb5ef952c8 SME: Verify that os_get_random() succeeds for SA Query
Be more consistent on checking os_get_random() return value (CID 72706).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-07 18:27:42 +03:00
Jouni Malinen
c9cd78e5a1 RADIUS server: Fix IPv6 radiusAuthClientAddress mask
Incorrect buffer was used when writing the IPv6 mask for RADIUS server
MIB information (CID 72707).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-07 18:25:04 +03:00
Jouni Malinen
5e62cfdf75 P2P: Verify that os_get_random() succeeds
Be more consistent with os_get_random() use (CID 72710).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-07 18:05:53 +03:00
Jouni Malinen
6473e80ea4 EAP-PAX server: Add explicit CID length limit
Instead of using implicit limit based on 16-bit unsigned integer having
a maximum value of 65535, limit the maximum length of a CID explicitly
to 1500 bytes. This will hopefully help in reducing false warnings from
static analyzers (CID 72712).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-07 17:10:33 +03:00
Jouni Malinen
6a6566c7af Remove unnecessarily shadowed local variable
The same local X509 *cert variable can be used for both the X509_dup()
calls.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-07 16:40:33 +03:00
Ashok Kumar Ponnaiah
eb2223e0ec wlantest: Add decryption of CCMP-256, GCMP, GCMP-256
This extends wlantest support for decrypting the new cipher suites.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-03 15:41:35 +03:00
Ashok Kumar Ponnaiah
3a3cb8ee81 wlantest: Indicate if a TKIP/CCMP replay has Retry=1
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-03 15:41:35 +03:00
Ashok Kumar Ponnaiah
fa6fff1893 wlantest: Recognize CCMP-256, GCMP, and GCMP-256 ciphers
This adds support for displaying whether a BSS or STA is using one of
the newer cipher suites.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-03 15:41:35 +03:00
Jouni Malinen
df756b374e hostapd: Remove unused variable assignment
The local bss variable is used only within the while loop, so no need to
assign or even make it visible outside the loop.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-03 15:37:58 +03:00
Sunil Dutt
e47abdb9db TDLS: Decline Setup Request with status code 37 if BSSID does not match
TDLS Setup Request frame has to be rejected with status code 37 ("The
request has been declined"), if the BSSID in the received Link
Identifier does not match the current BSSID per IEEE Std 802.11-2012,
10.22.4 ('TDLS direct-link establishment') step (b). The previously used
status code 7 ('Not in same BSS') is described to used only when
processing TPK Handshake Message 2 in TDLS Setup Response frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-02 18:06:58 +03:00
Mahesh A Saptasagar
ce2002acca TDLS: Add RSN and Timeout interval IEs in TDLS Discovery Response frame
If RSN is enabled, add RSN and Timeout interval elements in TDLS
Discovery Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-02 17:11:42 +03:00
Edhar, Mahesh Kumar
1c2aa04c96 P2P: Do not add P2P IEs on P2P disabled interface
While building Association Request frame IEs we should consider adding
P2P IEs only on interface where P2P functionality is enabled. Consider
per interface p2p_disabled parameter before adding P2P IEs to complete
the checks for this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-02 11:04:26 +03:00
Jouni Malinen
d885a0ba7c tests: P2P GO netdev in a bridge
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-01 16:27:27 +03:00
Jouni Malinen
f2e9083549 nl80211: Add more RTM_NEWLINK/DELLINK debug messages
This makes it easier to figure out what operations are generating each
RTM_DELLINK message.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-01 16:18:01 +03:00
Jouni Malinen
728ff2f469 nl80211: Fix RTM_DELLINK processing for bridge events
When a netdev is removed from a bridge, RTM_DELLINK message is received
with ifname (IFLA_IFNAME) pointing to the main netdev event though that
netdev is not deleted. This was causing issues with P2P GO interface
getting disabled when the netdev was removed from a bridge. Fix this by
filtering RTM_DELLINK events that are related to the bridge when
indicating interface status changes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-01 16:14:07 +03:00
Jouni Malinen
a0fd2ae643 tests: WPS mixed-WPA/WPA2 credential merging
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-08-29 20:25:18 +03:00
Hu Wang
e5a4b85b2f WPS: Merge mixed-WPA/WPA2 credentials if received in same session
Some deployed APs send two credentials when in mixed-WPA/WPA2
configuration; one for the WPA-Personal/TKIP and the other for
WPA2-Personal/CCMP. Previously, this would result in two network blocks
getting added for the single AP. This can be somewhat confusing and
unnecessary, so merge such credentials into a single one that allows
both WPA and WPA2 to be used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-08-29 20:25:18 +03:00
Srinivas Girigowda
db9418bb1b Add printf NULL checks to silence static analyzer
Add NULL checks to take care of issues reported by static analyzer tool
on potentially using NULL with printf format %s (which has undefined
behavior even though many compilers end up printing "(null)").

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-08-28 18:25:32 +03:00
Jouni Malinen
d6df0d7e62 tests: Verify that sec_dev_type gets reported for P2P peer
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-08-27 16:22:53 +03:00
Chandrasekaran, Manishekar
4e5367516b P2P: Overwrite pending interface only after verifying BSS entry
Previously, the P2P Interface Address of the peer gets updated in the
peer table every time based on the scan results.

For example, in a two port concurrency scenario, where the peer device
has two interfaces with unique P2P Interface Addresses and with same P2P
Device Address, based on the Probe Response/Beacon frames from these two
interfaces, their peer table gets updated, but each of these updates
happens in the peer table only based on the P2P Device Address. So, the
same peer's P2P Interface address is updated every time and hence, at
any instant, only one P2P Device Address to P2P Interface Address
mapping entry exist in the peer table for the peer which has two
interfaces.

When we try to join a group operated by the peer, lookup happens in the
peer table and when an interface entry is not available, the pending
interface address gets overwritten with the P2P Device Address and hence
the P2P connection can fail. Since the BSS table is the one that is
up-to-date, this fix will ensure that the interface overwriting will
happen only when there is no BSS entry for the pending P2P Interface
Address as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-08-26 18:58:54 +03:00