Commit graph

5289 commits

Author SHA1 Message Date
Pontus Fuchs
5079392954 Increase buffer size and prevent write beyond buffer end
wpa_config_write_key_mgmt has a buffer size of 50. This is not enough
to fit the longest case. I used a network with "WPA-PSK WPA-EAP
WPA-NONE" and CONFIG_IEEE80211R=y + CONFIG_IEEE80211W=y to produce
a string longer than 50 chars. Increase the buffer size to 100 to
prevent truncated output.

Truncated output is not the only problem. If the buffer end is
reached when adding certain key mgmt types the function does not
return immediately. This leaves pos > end. When a second os_sprintf
is called the calculation of end - pos yields a large positive
number for buffer size. End result is a write beyond the buffer end.
Fix this by bailing out if buffer end is reached.

Signed-hostap: Pontus Fuchs <pontus.fuchs@gmail.com>
2013-10-14 20:49:26 +03:00
Helmut Schaa
ded22b5390 hostapd: Fix segfault after ACS when flushing STAs
When hostapd receives an auth frame during ACS the transmission of
the according auth response will always fail:

ACS: Automatic channel selection started, this may take a bit
[..]
send_auth_reply: send: Resource temporarily unavailable
[..]

However, a station info entry was created. Once ACS is finished
it will flush all stations even though hapd was not yet fully
initialized. This results in a segfault when trying to access
hapd->radius:

0  0x0042c1c0 in radius_client_flush_auth ()
1  0x00416a94 in ap_free_sta ()
2  0x00416cc0 in hostapd_free_stas ()
3  0x0040bce8 in hostapd_flush_old_stations ()
4  0x0040c790 in hostapd_setup_interface_complete ()
5  0x0046347c in acs_scan_complete ()
6  0x0040f834 in hostapd_wpa_event ()
7  0x0043af08 in send_scan_event.part.46 ()
8  0x00443a64 in send_scan_event ()
9  0x00443c24 in do_process_drv_event ()
10 0x004449e8 in process_global_event ()
11 0x7767d7d0 in ?? ()

Fix this by not presuming anything about the initialization state of
hapd and checking ->radius before accessing.

Signed-off-hostapd: Helmut Schaa <helmut.schaa@googlemail.com>
2013-10-14 20:44:31 +03:00
Jithu Jance
7e910b7b51 WPS NFC: Cancel scheduled scan before attempting a scan
Cancel scheduled scan (if any) before attempting to scan for the newly
received configuration/credential in WPS NFC Config token case.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2013-10-14 20:42:27 +03:00
Dmitry Shmidt
24d110dca3 Replace printf with wpa_printf debug message
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-10-14 20:40:57 +03:00
Jouni Malinen
b72e14e599 P2P: Do not allow P2P client connection without P2P IE from GO
P2P-GROUP-STARTED event depends on having enough information about the
group available. To avoid incomplete information from being delivered to
upper layers, do not accept scan results without P2P IE (e.g., from a
non-P2P scan) for P2P client association process. This can be of use for
some join-a-group cases where non-P2P scans have generated the BSS entry
for the GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-14 19:41:23 +03:00
Jouni Malinen
5df7414b04 P2P: Allow persistent group determination based on Beacon frame
P2P IE may be available from a Beacon frame from a GO even if we have
not yet received a Probe Response frame with P2P IE from that GO. Since
all the needed information for determining the GO's P2P Device Address
and group capabilities are available, use that information instead of
displaying incomplete group information.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-14 19:28:00 +03:00
Jouni Malinen
aaeb9c98e6 P2P: Allow GO to be discovered based on Beacon frame
This fixes some P2P-join-a-group cases where GO may have been discovered
based on passive scan or non-P2P scan. P2P IEs may have been received
from a Beacon frame in such a case and that information can be used to
create a P2P peer entry, e.g., to allow provision discovery exchange to
be completed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-14 19:25:28 +03:00
Jouni Malinen
b16696ff72 P2P: Show p2p flag in debug info for scan results
This makes it easier to confirm that P2P capabilities for a GO has been
discovered properly.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-14 19:23:38 +03:00
Jouni Malinen
bb50ae4396 P2P: Show P2P flag in BSS entries also based on Beacon frames
It is possible that a P2P GO has been discovered through a non-P2P scan
that did not return P2P IE in Probe Response frames. To cover those
cases, check also Beacon frame (if received) for P2P IE.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-14 19:22:09 +03:00
Jouni Malinen
ff57398fca P2P: Do not drop P2P IEs from BSS table on non-P2P scans
This could happen when non-P2P station interface runs a scan without P2P
IE in the Probe Request frame. P2P GO would reply to that with a Probe
Response that does not include P2P IE. Do not update the IEs in this BSS
entry to avoid such loss of information that may be needed for P2P
operations to determine group information.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-14 17:34:41 +03:00
Jouni Malinen
adeb4f59a2 P2P: Make sure wait for the first client gets stopped
If a group was removed before the wait for the first client had timed
out and the client had not yet connected, p2p_go_wait_client could have
been left set and with that, scan operations could be unnecessarily
delayed. This fixes some undesired delays from commit
c1c0b35fea.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-05 22:15:28 -07:00
Dmitry Shmidt
f22f274bbf P2P: Clone 'disable_scan_offload' parameter for p2p group
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-10-05 18:18:20 -07:00
Swaroop Golti
63ce59dea8 P2P: Increase Invitation Request timeouts
In noisy environment peer may take more time to send Invitation
Response so increase Invitation Response timeout to 500 ms in success
case and also increase Invitation Request action wait time to 500 ms.
This makes the Invitation Request case use the same timeout with GO
Negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-05 18:14:33 -07:00
Deepthi Gowri
acdd0fc84f P2P: Clear p2p_group_formation and p2p_in_provisioning on group removal
Commit 41f853235f extends group formation
timeout for the first data connection to complete and resets
p2p_go_group_formation_completed flag due to which p2p_in_provisioning
and p2p_group_formation flags are not cleared when
wpas_group_formation_completed() is called. This can result in both
station scan and p2p_find failures in the case where separate P2P group
interface is not used and the client does not complete 4-way handshake.
Fix this by clearing p2p_group_formation and p2p_in_provisioning when
such a P2P group is deleted.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-05 17:54:52 -07:00
Arif Hussain
8b3b803ab9 Include Extended Capabilities element based on scan results
Add Extended Capabilities element to association request only if the AP
included this element in Beacon/Probe Response frames. This is a
workaround to address interoperability issues with some older APs that
do not seem to be able to handle Extended Capabilities element in
(Re)Association Request frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-02 08:09:05 -07:00
Deepthi Gowri
6903ee6f62 P2P Extend postponing of concurrent scans for persistent GO
Update the p2p_go_wait_client timestamp in p2p_go_configured() to
address the case where the group is set up without the provisioning
step.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-02 07:32:17 -07:00
Sunil Dutt
5bfd7e9168 TDLS: Do not start concurrent TDLS setup
A new TDLS request shall transmit TPK M1 frame with a unique INonce.
Thus a new explicit request would fail an ongoing TDLS negotiation with
the error "TDLS: FTIE SNonce in TPK M3 does not match with FTIE SNonce
used in TPK M1" if the peer happens to receive two M1 frames before an
M3 frame. Check for the ongoing negotiation with the peer and do not
start a new one if we are already in a setup negotiation with the peer.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-30 17:38:41 +03:00
Sunil Dutt
33d85b63b5 TDLS: Use wpa_tdls_disable_peer_link() in TPK M1 processing
This function is used only with external setup, so this can cleaned up
to use simpler design.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-30 17:36:26 +03:00
Sunil Dutt
1a0a2ce39c TDLS: Use wpa_tdls_disable_peer_link() to avoid peer search
There is no need to go through the peer list when we already have a
pointer to the specific peer entry.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-30 17:34:13 +03:00
Sunil Dutt
83d3fdb7c6 TDLS: Use helper function for disable link operation
This is called from number of locations and it is more efficient to use
a new helper function instead of wpa_tdls_disable_link() that would do
peer address search from the list of peers.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-30 17:29:05 +03:00
Sunil Dutt
f130b105ec TDLS: Clean up wpa_tdls_teardown_link() uses
Making this function be used only for external setup case simplifies the
implementation and makes core wpa_supplicant calls in ctrl_iface.c and
events.c consistent.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-30 17:10:18 +03:00
Jouni Malinen
f9174c3b4e tests: Flush stdout after each status line print
This makes it more convenient to follow live test execution status.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 20:42:37 +03:00
Jouni Malinen
9626962d2f tests: Add test cases for WPA2-Enterprise
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 20:35:26 +03:00
Jouni Malinen
479cbb3892 tests: Start RADIUS authentication server
This can be used to run WPA2-Enterprise test cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 19:14:16 +03:00
Jouni Malinen
77e3094bb7 hlr_auc_gw: Fix max_chal value validation
This was supposed to be at maximum EAP_SIM_MAX_CHAL (3).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 18:47:26 +03:00
Jouni Malinen
3e6547b5e8 hlr_auc_gw: Add support for processing command line operations
This allows hlr_auc_gw to be used to run a single operation without
having to use it as a server. This can be useful, e.g., for generating
GSM authentication triplets for external programs. For example:
./hlr_auc_gw -m hlr_auc_gw.milenage_db "SIM-REQ-AUTH 232010000000000"

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 18:42:37 +03:00
Jouni Malinen
2b5b875f34 EAP-AKA server: Fix AUTS processing
Commit 8a9f58f2cc ("EAP-AKA server: Store
permanent username in session data") broke AUTS processing by skipping
new authentication triplet fetch after having reported AUTS. Fix this by
started new full authentication sequence immediately after reporting
AUTS so that the updated parameters are available for the Challenge
message.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 18:39:14 +03:00
Jouni Malinen
9a50ee6d25 hlr_auc_gw: Update file comments to mention Milenage
The notes about using only fixed GSM authentication triplets were not
really up-to-date with the implementation. Milenage and GSM-Milenage
were available for EAP-SIM, EAP-AKA, and EAP-AKA'.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 17:29:44 +03:00
Jouni Malinen
997ebcfa5c tests: Auto detect group name
Some older systems used admin group, but adm group seems to be more
common nowadays, so detect this automatically rather than assume admin
group is used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 16:41:17 +03:00
Jouni Malinen
66767f0f4a tests: Merge start-p2p-concurrent.sh functionality into start.sh
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 16:37:25 +03:00
Jouni Malinen
0d84c400f9 tests: Add mechanism for test cases to indicate a skipped run
This can be used by test cases that depend on some external component
that may not always be available to indicate clearly that a test case
was skipped rather than passed or failed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 16:21:42 +03:00
Jouni Malinen
9b00f24a76 tests: run-tests.py -L to print out list of test cases
This can be used to get a summary of all the available test cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 16:11:48 +03:00
Jouni Malinen
48d8a43a28 tests: Adjust debug verbosity levels to get rid of extra info
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 16:07:01 +03:00
Jouni Malinen
883ab1b9f1 tests: Document automated mac80211_hwsim test setup
This provides guidance on how to build the test setup, how to run the
tests, and how to add new test cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 15:55:43 +03:00
Jouni Malinen
5f3eddac8e tests: Add test cases for P2P service discovery
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 13:15:26 +03:00
Jouni Malinen
7ebf841fc5 tests: Test GO functionality with legacy STAs
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 12:42:05 +03:00
Jouni Malinen
5388dc97e0 Document use of Linux capabilities instead of privileged process
Linux capabilities cap_net_admin and cap_net_raw can be used to replace
need for running wpa_supplicant as a root process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 12:04:40 +03:00
Jouni Malinen
d85bb75d47 tests: Make run-tests.py command argument parser more flexible
This allow -e, -r, and -f arguments to be given in any order.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 18:35:17 +03:00
Jouni Malinen
3b7475d365 tests: Write test case result summary into a file
This can be used to build statistics from test execution without having
to go through number of log files.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 18:31:00 +03:00
Jouni Malinen
1fc114a16a tests: Add test duration and time to PASS/FAIL reports
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 18:20:32 +03:00
Jouni Malinen
8d0825d655 tests: Exit early if startup fails
There is no point trying to go through the tests if hostapd and
wpa_supplicant processes cannot be started properly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 18:19:38 +03:00
Jouni Malinen
6ca3a98bc2 tests: Wait for driver scan state to clear between tests
cfg80211/mac80211 seems to getting stuck with scans every now and then.
Check for this special state and delay return from reset() until the
driver has stopped the scan operation. This reduces likelihood of
failing multiple test cases in a row because of a single error.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 18:18:33 +03:00
Jouni Malinen
a771c07dfc Add driver status information to control interface
STATUS-DRIVER command can now be used to fetch driver interface status
information. This is mainly for exporting low-level driver interface
information for debug purposes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 17:19:30 +03:00
Jouni Malinen
739faee2a9 nl80211: Add some more debug prints for mgmt frame TX
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 12:10:57 +03:00
Jouni Malinen
ef2bd5a344 tests: Add a test case for P2P invitation
test_p2p_go_invite verifies that GO can invite a peer in a case where
the operating channel and peer's listen channel are different.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 12:09:40 +03:00
Jouni Malinen
f78f278520 nl80211: Fix off-channel Action frame TX from GO with use_monitor
TX frequency gets lost when going through the monitor send MLME option
and this resulted in P2P operations like invitation from a GO failing
when the driver needs monitor socket, but would support offchannel TX.
Fix this by using frame_cmd path instead in case the monitor socket
would have been hit for action frame TX.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 12:08:19 +03:00
Jouni Malinen
d3b082371d tests: Speed up stop-wifi.sh
Split the long waits to iterations of shorter waits that can be stopped
based on processes having died.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 11:06:46 +03:00
Jouni Malinen
53b63a0a3f tests: Add support for using Linux kernel tracing functionality
run-all.sh and start.sh scripts can now take 'trace' command line
argument to request Linux tracing information from mac80211, cfg80211,
and wpa_supplicant to be recorded.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 11:06:46 +03:00
Jouni Malinen
298f51857d Get rid of compiler warning in no-CONFIG_CTRL_IFACE builds
no_ctrl_interface parsing was declared within ifdef CONFIG_CTRL_IFACE
block, so the parser function needs to be marked similarly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-27 23:42:37 +03:00
Jouni Malinen
ea61aa1de1 Add no_ctrl_interface config param to clear ctrl_interface
This can be used to override previously set ctrl_interface value in a
way that clears the variable to NULL instead of empty string. The only
real use case for this is to disable per-interface ctrl_interface from
the additional control file (-I<file>) in case ctrl_interface was set in
the main configuration file. It should be noted that zero-length
ctrl_interface parameter can be used to initiate some control interface
backends, so simpler designs were not available for this.

The format of the new parameter is not exactly cleanest due to
configuration file parsing assumptions. For example:

ctrl_interface=....
no_ctrl_interface=

would end up with ctrl_interface=NULL.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-27 23:34:35 +03:00