Some drivers do not support having two station interfaces, so the fact
that wpa_supplicant always creates a new interface in station mode, even
if it will be used as another type of interface, may prevent
wpa_supplicant from creating new interfaces. Allow setting the interface
type when a new interface is created so that interfaces of supported
types can be created.
Currently supported types are station ("sta") and AP ("ap"). If the
interface type is not specified, a station interface will be created.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
When an AP interface it created, it is also setup and subscribes
for management frames etc. However, when the interface is added by
wpa_supplicant, setting up for AP operations is redundant because
it will be done by wpa_supplicant on wpa_drv_init() when setting
the interface mode to AP.
In addition, it may cause wpa_supplicant to fail initializing the
interface as it will try to subscribe for management frames on this
interface but the interface is already registered.
Change this, so when adding an AP interface, make setting up the AP
optional, and use it only when the interface is added by hostapd but not
when it is added by wpa_supplicant.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
LibreSSL does not yet support the new API, so do not use it
when LIBRESSL_VERSION_NUMBER macro is defined.
Signed-off-by: Marek Behun <kabel@blackhole.sk>
These test cases depend on the HT40 co-ex scans not swapping PRI/SEC
channels. It was possible for a test case to fail, e.g., in the
following sequence: ap_ht40_5ghz_match ap_vht80b.
Signed-off-by: Jouni Malinen <j@w1.fi>
When clearing pending TX action to start a new P2P operation like
P2P_FIND or P2P_LISTEN, wpas_p2p_action_tx_clear() was used to clear
the send action work. However, in cases where the action work has wait
time, it is not cleared immediately but only after the wait time ends.
This may cause delay in starting the P2P operation.
Fix that by always clearing the send action work immediately on these
P2P commands that result in immediate P2P state change and practically
stopping a previous operation, if one was pending.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
When an AP is started on the 5.2 GHz band with 40 MHz bandwidth, a
scan is issued in order to handle 20/40 MHz coexistence. However,
the scan is issued even if iface->conf->no_pri_sec_switch is set,
which is redundant.
Fix this by checking iface->conf->no_pri_sec_switch before starting
the scan.
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
The de-authentication flow in wpa_driver_nl80211_deauthenticate() can
result in a locally generated de-authentication event. To avoid getting
this extra event ignore_next_local_deauth flag is set, and should be
cleared when the next local deauth event is received. However, it is not
cleared when the event shows up after the wpa_supplicant has started a
connection with a new AP, and as a result it might ignore future
deauth event from the driver.
Fix this by clearing the flag if the event is locally generated.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
The authentication flow in wpa_driver_nl80211_authenticate() can
result in a locally generated de-authentication, in which both
next_local_deauth and ignore_next_local_deauth are set.
However, in mlme_event_deauth_disassoc(), when ignore_deauth_event is
set, the flag is cleared, but the flow immediately returns leaving
ignore_next_local_deauth set, which can result in ignoring future deauth
event from the driver, leaving the wpa_supplicant in an inconsistent
state.
Fix this by clearing both flags in case that next_local_deauth is set.
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
This allows offloaded roaming to inform user space of the change in IP
subnet post roaming. The device may have roamed to a network which is in
a different subnet which will result in IP connectivity loss. Indicating
the change in subnet enables the user space to refresh the IP address or
to perform IP subnet validation if unknown status is indicated.
The driver indication is reported with a new event from wpa_supplicant
in the following format:
CTRL-EVENT-SUBNET-STATUS-UPDATE status=<0/1/2>
where
0 = unknown
1 = IP subnet unchanged (can continue to use the old IP address)
2 = IP subnet changed (need to get a new IP address)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that the second SELECT_NETWORK for the same network starts
a new scan immediately if the previous connection attempt is waiting for
the next scan iteration to start.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 2a6f78fbbe ('Do not re-associate on
SELECT_NETWORK to current network') started skipping all SELECT_NETWORK
connection steps if the selected network had already been selected
previously. This happened regardless of whether the connection was
already established. This is not necessarily desirable for all cases
where there is no immediate action to even try to connect (e.g., long
wait for the next scan).
Speed this up by allowing the SELECT_NETWORK operation to get started if
there is no connection or ongoing connection attempt with the selected
network.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The EAP peer state machine moved from IDLE to FAILURE state when the
EAPOL Authenticator triggered reauthentication with an
EAP-Request/Identity in a case where the associated started with FT
protocol or offloaded PMKSA cache use (4-way handshake using a
previously acquired PMK). This happened due to the altSuccess=TRUE
setting being left behind and not cleared when processing the restart of
authentication. Fix this by clearing altAccept and eapSuccess when going
through SUPP_PAE RESTART state.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The EAPOL AUTH_PAE state machine was left in incomplete state at the
completion of FT protocol. Set portValid = TRUE to allow the state
machine to proceed from AUTHENTICATING to AUTHENTICATED state, so that a
new EAPOL reauthentication can be triggered.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This avoids issues with following test cases failing due to unexpected
starting state. This issue showed up with the following hwsim test case
sequence:
fst_setup_mbie_diff fst_dynamic_iface_attach
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Mesh Points themselves have capability to support VHT as long as
hardware supports it. However, supporting VHT in mesh mode was disabled
because no one had clearly tested and confirmed its functionality. Since
VHT80 has now been verified to work with ath10k QCA988X driver and
mac80211_hwsim, enable VHT support in mesh mode.
Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
Set WLAN_STA_WMM flag to Mesh STA by default since Mesh STAs are QoS
STAs. Mesh STA's HT capabilities won't be parsed properly without the
flag.
Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
It was possible for the WPS PBC state to get cached through to the
following test cases and that would trigger false failures. Fix this by
explicitly clearing the scan cache at the end of ap_wps_per_station_psk.
This issue was triggered with the following test case sequence:
ap_wps_per_station_psk autogo_pbc
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If a memory allocation fails while parsing driver capabilities, drop all
mode/channel/rate information instead of returning possibly partial
information.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed since the forced OOM may have forced the cached
information to be invalid or dropped. This issue was hit with the
following hwsim test case sequence:
ap_interworking_scan_filtering fst_sta_config_llt_large dbus_connect_oom
wpas_ctrl_enable_disable_network
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If "STA_AUTOCONNECT 0" has been used to disable automatic connection on
disconnection event and the driver indicates a failure for the data
connection after successful WPS handshake, it is possible to hit a case
where wpa_s->disconnected is set to 1 and further attempts to connect
shall stop.
While "STA_AUTOCONNECT 0" is used to disable automatic reconnection
attempts in general, this specific WPS case can benefit from trying
again even with that configuration for a short period of time. Extend
the wpa_supplicant re-enable-networks-after-WPS 10 second timeout to
apply for ignoring disabled STA_AUTOCONNECT immediately after a WPS
provisioning step.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Free the message after message send in
wpas_dbus_signal_p2p_invitation_received() to avoid leaking memory.
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Now hostapd will use station MAC-based permissions according to the
macaddr_acl policy also for drivers which use AP SME offload, but do not
support NL80211_CMD_SET_MAC_ACL for offloading MAC ACL processing. It
should be noted that in this type of case the association goes through
and the station gets disconnected immediately after that.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_sm_key_mgmt_set_pmk() was checking for proactive_key_caching to be
enabled before setting the PMK to the driver. This check is not required
and would mandate configuration setting of okc or proactive_key_caching
for cases which were not necessary.
Signed-off-by: Amarnath Hullur Subramanyam <amarnath@qca.qualcomm.com>
The new attribute can be used with
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH to indicate whether the IP
subnet was detected to have changed when processing offloaded roam/key
management.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The upstream wpa_supplicant uses the dbus-1 library when it is compiled
with D-Bus support. In Android, we imported the D-Bus shared libraries
under the name "libdbus", so use this shared library instead of dbus-1
when compiling wpa_supplicant with D-Bus support.
Signed-off-by: Samuel Tan <samueltan@google.com>
This is similar to SAVE_CONFIG on control interface, which allow users
to update the configuration file.
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
If the Confirm message is received from the server before the Identity
exchange has been completed, the group has not yet been determined and
data->grp is NULL. The error path in eap_pwd_perform_confirm_exchange()
did not take this corner case into account and could end up
dereferencing a NULL pointer and terminating the process if invalid
message sequence is received. (CVE-2015-5316)
Signed-off-by: Jouni Malinen <j@w1.fi>
All but the last fragment had their length checked against the remaining
room in the reassembly buffer. This allowed a suitably constructed last
fragment frame to try to add extra data that would go beyond the buffer.
The length validation code in wpabuf_put_data() prevents an actual
buffer write overflow from occurring, but this results in process
termination. (CVE-2015-5314)
Signed-off-by: Jouni Malinen <j@w1.fi>
All but the last fragment had their length checked against the remaining
room in the reassembly buffer. This allowed a suitably constructed last
fragment frame to try to add extra data that would go beyond the buffer.
The length validation code in wpabuf_put_data() prevents an actual
buffer write overflow from occurring, but this results in process
termination. (CVE-2015-5315)
Signed-off-by: Jouni Malinen <j@w1.fi>
The AP is not expected to send out a WNM-Sleep Mode Response frame
without the STA trying to use WNM-Sleep Mode. Drop such unexpected
responses to reduce unnecessary processing of the frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
WNM Sleep Mode Response frame is used to update GTK/IGTK only if PMF is
enabled. Verify that PMF is in use before using this field on station
side to avoid accepting unauthenticated key updates. (CVE-2015-5310)
Signed-off-by: Jouni Malinen <j@w1.fi>
Using "STATUS" command triggers CTRL-EVENT-STATE-CHANGE and
CTRL-EVENT-CONNECTED (if connected to some AP) events. These events
cause problems in Android WifiStateMachine in Marshmallow. Due to these
events WifiStateMachine sometimes disconnects the OSU SSID connection,
while hs20-osu-client waits for IP address.
Signed-off-by: Somdas Bandyopadhyay <somdas.bandyopadhyay@intel.com>
