Commit graph

3128 commits

Author SHA1 Message Date
Jouni Malinen
5cb1440361 Update ChangeLog files for v2.3
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-09 17:41:31 +03:00
Jouni Malinen
c5f258de76 wpa_cli: Use os_exec() for action script execution
Use os_exec() to run the action script operations to avoid undesired
command line processing for control interface event strings. Previously,
it could have been possible for some of the event strings to include
unsanitized data which is not suitable for system() use. (CVE-2014-3686)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-09 17:38:25 +03:00
Dmitry Shmidt
1236eda131 Android: Remove ctrl_interface=wlan0 from config template
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-10-07 00:43:50 +03:00
Dmitry Shmidt
9ffd512924 Android: Set pmf=1 to default template
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-10-07 00:43:50 +03:00
Toby Gray
45d8501555 Fix out of bounds memory access when removing vendor elements
Commit 86bd36f0d5 ("Add generic
mechanism for adding vendor elements into frames") has a minor bug
where it miscalculates the length of memory to move using
os_memmove. If multiple vendor elements are specified then this can
lead to out of bounds memory accesses.

This patch fixes this by calculating the correct length of remaining
data to shift down in the information element.

Signed-off-by: Toby Gray <toby.gray@realvnc.com>
2014-10-07 00:43:47 +03:00
Janusz Dziedzic
dc152f32b4 wpa_supplicant: Enable HT for IBSS
Enable HT20 for IBSS when HT is supported by the driver.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-10-04 18:54:22 +03:00
Janusz Dziedzic
4ec68377ef wpa_supplicant: Use hostapd_freq_params in assoc_params
Use hostapd_freq_params instead of simple frequency parameter for driver
commands. This is preparation for IBSS configuration to allow use of
HT/VHT in IBSS.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-10-04 18:43:42 +03:00
Tomasz Bursztyka
1274ec2329 dbus: Add an interface configuration entry to set the WPS methods
It is thus possible to restrain WPS methods to prefered ones, like PBC
only, etc.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-10-04 18:29:33 +03:00
Jouni Malinen
f1a613118e P2P: Use only the -m config for P2P management device
Previously, the case of non-netdev P2P management device ended up
pulling in both the main interface (e.g., wlan0) and P2P Device
interface (from command line -m argument) as configuration. Similarly,
the main interface ended up included both configuration files. This is
not really helpful for various use cases, e.g., when permanent P2P group
information is stored in the P2P Devince interface, but it gets
duplicated in the main station interface configuration.

Clean this up by changing the -m<file> argument to replace, not
concatenate, configuration information. In other words, the main station
interface will not read this configuration and the P2P Device interface
(non-netdev) does not read parameters from the station interface
configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-03 22:50:21 +03:00
Arik Nemtsov
08d7665c6b TDLS: Use WMM IE for propagating peer WMM capability
Relying on qos qosinfo is not enough, as it can be 0 for WMM enabled
peers that don't support U-APSD. Further, some peers don't even contain
this IE (Google Nexus 5), but do contain the WMM IE during setup.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-10-03 11:52:56 +03:00
Arik Nemtsov
984dadc23a TDLS: Set the initiator during tdls_mgmt operations
Some drivers need to know the initiator of a TDLS connection in order
to generate a correct TDLS mgmt packet. It is used to determine
the link identifier IE. Pass this information to the driver.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-10-03 11:52:21 +03:00
Jouni Malinen
a313d17de9 Extend random MAC address support to allow OUI to be kept
mac_addr=2 and preassoc_mac_addr=2 parameters can now be used to
configure random MAC address to be generated by maintaining the OUI part
of the permanent MAC address (but with locally administered bit set to
1). Other than that, these values result in similar behavior with
mac_addr=1 and preassoc_mac_addr=1, respectively.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-30 00:40:23 +03:00
Ahmad Masri
1595eb93ae P2P: Add support for 60 GHz social channel
Support 60 GHz band in P2P module by selecting random social channel
from all supported social channels in 2.4 GHz and 60 GHz bands.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-29 12:01:46 +03:00
Bojan Prtvar
b6ebdfbedd Extend STATUS command with frequency information
This makes 'wpa_cli status' command more versatile.

Signed-off-by: Bojan Prtvar <bojan.prtvar@rt-rk.com>
2014-09-28 20:47:06 +03:00
Tomasz Bursztyka
6a60488745 dbus: Add a global property to set or unset WFD IEs
This permits to set or unset the WiFi Display subelements from DBus, by
providing the full WFD specific IE frame.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-09-28 20:47:06 +03:00
Tomasz Bursztyka
4bd7e1614f wifi_display: Add a utility function to set WFD subelements from IEs
This will be useful to update the WFD subelements from DBus.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-09-28 20:46:49 +03:00
Tomasz Bursztyka
d4177443d4 wifi_display: Add a utility function to get the sub-elements as IEs
This will be useful for DBus API to expose current WFD configuration.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-09-28 19:22:23 +03:00
Jouni Malinen
6e252b0db3 WPS: Fix WPS-in-search check when STA_AUTOCONNECT is disabled
If "STA_AUTOCONNECT 0" has been used to disable automatic connection on
disconnection event and the driver indicates multiple disconnection
events for the disconnection from the current AP when WPS is started, it
could have been possible to hit a case where wpa_s->disconnected was set
to 1 during WPS processing and the following scan result processing
would stop the operation.

wpa_s->key_mgmt == WPA_KEY_MGMT_WPS check was trying to avoid to skip
autoconnect when WPS was in use, but that does not seem to work anymore.
Fix this by checking through wpas_wps_searching() as well to avoid
setting wpa_s->disconnect = 1 when there is an ongoing WPS operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-28 11:03:48 +03:00
Eduardo Abinader
e5fdc05dce P2P: Remove unecessary sanity check for global p2p
This check is already being done on wpas_p2p_deinit_iface.
Of course, it is assumed wpa_s is not deinit when reaches
that point as a matter of fact.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-09-28 11:03:48 +03:00
Eduardo Abinader
ee285df457 P2P: Flush services based on global p2p init and not p2p ifaces
As P2P service are not necessarily attached to a iface, when
added, proceed with same approach on p2p global deinit. Such
approach solves memory leaks ocurring upon wpa_supplicant
termination, when p2p services were registered previously.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-09-28 11:03:48 +03:00
Jouni Malinen
c267753ba2 Add support for using random local MAC address
This adds experimental support for wpa_supplicant to assign random local
MAC addresses for both pre-association cases (scan, GAS/ANQP) and for
connections. MAC address policy for each part can be controlled
separately and the connection part can be set per network block.

This requires support from the driver to allow local MAC address to be
changed if random address policy is enabled. It should also be noted
that number of drivers would not support concurrent operations (e.g.,
P2P and station association) with random addresses in use for one or
both.

This functionality can be controlled with the global configuration
parameters mac_addr and preassoc_mac_addr which set the default MAC
address policies for connections and pre-association operations (scan
and GAS/ANQP while not connected). The global rand_addr_lifetime
parameter can be used to set the lifetime of a random MAC address in
seconds (default: 60 seconds). This is used to avoid unnecessarily
frequent MAC address changes since those are likely to result in driver
clearing most of its state. It should be noted that the random MAC
address does not expire during an ESS connection, i.e., this lifetime is
only for the case where the device is disconnected.

The mac_addr parameter can also be set in the network blocks to define
different behavior per network. For example, the global mac_addr=1 and
preassoc_mac_addr=1 settings and mac_addr=0 in a home network profile
would result in behavior where all scanning is performed using a random
MAC address while connections to new networks (e.g.,
Interworking/Hotspot 2.0) would use random address and connections to
the home network would use the permanent MAC address.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-27 20:07:19 +03:00
Jouni Malinen
fee354c74d nl80211: Add command for changing local MAC address
This can be used to allow wpa_supplicant to control local MAC address
for connections.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-27 19:11:24 +03:00
Ahmad Kholaif
79e2b1cc54 Add PMKSA_FLUSH ctrl_iface command
"PMKSA_FLUSH" can now be used to flush PMKSA cache entries over the
control interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-27 10:44:22 +03:00
Jouni Malinen
55c2bfa9eb wpa_cli: Support action scripts with global ctrl_iface
This extends "wpa_cli -a<action script>" functionality to work with the
global wpa_supplicant control interface. The IFNAME=<ifname> prefix is
removed from the event messages and converted to the control interface
name when present. Previously, action scripts could only be used with
the per-interface control interfaces.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-26 15:45:53 +03:00
Jouni Malinen
063f85043d wpa_cli: Increase event buffer size to 4096 bytes
Number of other buffers were already increased to this size, but the
buffer used for receiving unsolicited event messages from wpa_supplicant
(e.g., for wpa_cli action scripts) was still at the older 256 byte size.
This could result in some events getting truncated. Avoid this by using
the same 4096 byte buffer size here as in the other places receiving
messages from wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-26 15:45:53 +03:00
Jouni Malinen
fa0e91767d wpa_cli: Fix PING in interactive mode with ifname_prefix
The ifname_prefix string could change during line editing and the
periodic PING command running in the background ended up getting the
latest snapshot of the command line due to the pointer being left to
point to the edit buffer. This resulted in unexpected prefix strings
getting used with the periodic PING command. Fix this by temporarily
clearing the ifname_prefix whenever running such a periodic PING.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-26 15:45:53 +03:00
Jouni Malinen
068e38771e STA: Update scan results for ap_scan=1 skip-selection case also
The commit 5cd4740580 has rearranged the
update scan results code and hence the IEs were not getting updated
properly for ap_scan=1 case. This can result in a 4-way handshake
failure in the roaming case (IE mismatch in 3/4 EAPOL). Fix this by
updating the scan results even if ap_scan=1 is used and network does not
need to get reselected based on association information.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-13 17:31:58 +03:00
Dan Williams
7a4a93b959 dbus: Add SignalPoll() method to report current signal properties
Analogous to the control interface's SIGNAL_POLL request.

Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-09-13 17:21:54 +03:00
vandwalle
a6ab82d7b4 Android: Add NO_EVENTS parameter to status command
It also allows to use the STATUS command with default behavior,
say for debug, i.e., don't generate a "fake" CONNECTION and
SUPPLICANT_STATE_CHANGE events with the new STATUS-NO_EVENTS case.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-09-13 17:03:16 +03:00
Jouni Malinen
df2508d7a8 P2P: Check os_get_random() return value more consistently
In theory, this call could fail, so check the return value before using
the received data. These specific cases would not really care much about
the failures, but this keeps the code more consistent and keeps static
analyzer warnings more useful. (CID 72678, CID 72679, CID 72680,
CID 72683, CID 72689, CID 72698, CID 72703)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-13 16:27:52 +03:00
Jouni Malinen
0ef023e478 Add support for driver command to update roaming policy
The network block bssid parameter can be used to force a specific BSS to
be used for a connection. It is also possible to modify this parameter
during an association. Previously, that did not result in any
notification to the driver which was somewhat problematic with drivers
that take care of BSS selection. Add a new mechanism to allow
wpa_supplicant to provide a driver update if the bssid parameter change
for the current connection modifies roaming policy (roaming
allowed/disallowed within ESS).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-11 15:59:42 +03:00
Jouni Malinen
76db5b6b12 Work around broken AP PMKSA caching implementation
An interoperability issue with a deployed AP has been identified where
the connection fails due to that AP failing to operate correctly if
PMKID is included in the Association Request frame. To work around this,
allow EAPOL-Start packet to be transmitted on startWhen reaching 0 even
when trying to use PMKSA caching. In practice, this allows fallback to
full EAP authentication if the AP/Authenticator takes more than 1-2
seconds to initiate 4-way handshake for PMKSA caching or full EAP
authentication if there was no PMKSA cache match.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-08 17:18:01 +03:00
Jouni Malinen
b08d5fa793 WPS: Set EAPOL workarounds dynamically based on association
Previously, the shorter startWhen value was used based on build
parameters (i.e., if WPS was enabled). This is not really ideal and the
knowledge of WPS use can be provided to the EAPOL state machine to allow
this (and similar WPS workarounds) to be done only when the association
is for the purpose of WPS.

Reduce the default startWhen value from 3 to 2 seconds for non-WPS case
since WPS builds have likely received most testing for the past years
with the 1 second value and there is no strong justification for forcing
the longer 3 second wait should a frame be lost or something else
require the EAPOL-Start to initiate operation after a connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-08 17:16:04 +03:00
Dmitry Shmidt
abc05534aa Remove WPA_EVENT_SCAN_STARTED message from MSG_INFO log
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-09-07 19:54:39 +03:00
Eduardo Abinader
c45dabb855 P2P: Deauth p2p client just after dbus notify
Currently to signal PropertiesChanged upon group client
removal (group property), wpa_supplicant dbus uses wpa_s
members like go_dev_addr and current_ssid, for instance.
Thus, deferring p2p client deauth to after dbus notify,
but keeping the same order as before, solves the issue,
as wpa_s is not yet completely deinitialized.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-09-07 19:50:32 +03:00
Dan Williams
3bd3257a0a dbus: add BSS Age property to indicate last-seen time
"Age" is the age in seconds since the BSS was last seen, and is
emitted as a PropertyChanged signal whenever the BSS is updated
from a scan result. It also returns the correct age when queried
directly.

This property can be used to resolve issues where, if no other
properties of the BSS changed from scan results (for example,
if the BSS always had 100% signal) no D-Bus signals would be
emitted to indicate that the BSS had just been seen in the scan.

Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-09-07 19:18:45 +03:00
Jouni Malinen
cb5ef952c8 SME: Verify that os_get_random() succeeds for SA Query
Be more consistent on checking os_get_random() return value (CID 72706).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-07 18:27:42 +03:00
Jouni Malinen
5e62cfdf75 P2P: Verify that os_get_random() succeeds
Be more consistent with os_get_random() use (CID 72710).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-07 18:05:53 +03:00
Edhar, Mahesh Kumar
1c2aa04c96 P2P: Do not add P2P IEs on P2P disabled interface
While building Association Request frame IEs we should consider adding
P2P IEs only on interface where P2P functionality is enabled. Consider
per interface p2p_disabled parameter before adding P2P IEs to complete
the checks for this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-02 11:04:26 +03:00
Hu Wang
e5a4b85b2f WPS: Merge mixed-WPA/WPA2 credentials if received in same session
Some deployed APs send two credentials when in mixed-WPA/WPA2
configuration; one for the WPA-Personal/TKIP and the other for
WPA2-Personal/CCMP. Previously, this would result in two network blocks
getting added for the single AP. This can be somewhat confusing and
unnecessary, so merge such credentials into a single one that allows
both WPA and WPA2 to be used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-08-29 20:25:18 +03:00
Chandrasekaran, Manishekar
4e5367516b P2P: Overwrite pending interface only after verifying BSS entry
Previously, the P2P Interface Address of the peer gets updated in the
peer table every time based on the scan results.

For example, in a two port concurrency scenario, where the peer device
has two interfaces with unique P2P Interface Addresses and with same P2P
Device Address, based on the Probe Response/Beacon frames from these two
interfaces, their peer table gets updated, but each of these updates
happens in the peer table only based on the P2P Device Address. So, the
same peer's P2P Interface address is updated every time and hence, at
any instant, only one P2P Device Address to P2P Interface Address
mapping entry exist in the peer table for the peer which has two
interfaces.

When we try to join a group operated by the peer, lookup happens in the
peer table and when an interface entry is not available, the pending
interface address gets overwritten with the P2P Device Address and hence
the P2P connection can fail. Since the BSS table is the one that is
up-to-date, this fix will ensure that the interface overwriting will
happen only when there is no BSS entry for the pending P2P Interface
Address as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-08-26 18:58:54 +03:00
Bojan Prtvar
1cc0d6a0eb wpa_supplicant: Use freq_list scan filtar in sched_scan
Global freq_list scan filtar was taken into account only by
req_scan and not by req_sched_scan. We want to allow the user
to limit the channels that wpa_supplicant will scan in req_sched_scan
requests as well.

Signed-off-by: Bojan Prtvar <bojan.prtvar@rt-rk.com>
2014-08-12 16:44:04 +03:00
Eduardo Abinader
4aa9c156e5 dbus: Close dbus dict just after appending data
Before fixing this issue, calling wpas_dbus_getter_p2p_device_config
was causing early termination of dbus connection, due to writing
values to an already closed dict.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-08-10 11:29:49 +03:00
Eduardo Abinader
af65bc36bb P2P: Use ssid instead of wpa_ssid to find GO iface
In order to find a GO interface, there has to be a
comparison among two SSIDs, instead of a wpa_ssid and
a ssid.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-08-10 11:04:08 +03:00
Tomasz Bursztyka
4a0693a4d5 dbus: Declare and implement GroupFinished as for GroupStarted
First for better concistancy but also to tell about the group_object
that is getting removed, thus the client will know about it and will be
able to act accordingly.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-07-31 17:20:56 +03:00
Jithu Jance
2fa980f0f1 P2P: Cancel pending action TX radio work on p2p_cancel
When p2p_cancel is invoked while the GO Negotiation Action TX was
pending, the p2p_send_action_work was not getting cleared.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-07-31 17:13:46 +03:00
Philippe Nunes
8b627b7c47 Fix writing of the wowlan_triggers parameter
The parameter wowlan_triggers is a global string and is not recognised
if it is embraced with double-quotes.

Signed-off-by: Philippe Nunes <philippe.nunes@linux.intel.com>
2014-07-31 17:03:33 +03:00
Jouni Malinen
8b65fefeed Interworking: Remove unnecessary placeholder for PAME-BI
The PAME-BI bit in the Advertisement Protocol element is reserved for
non-AP STA, so this function will never set that bit to one and as such,
there is not much point in maintaining the placeholder dead code for
this either. (CID 68107)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-26 20:28:03 +03:00
Jouni Malinen
52f4abfd06 P2P: Remove PSK/passphrase from P2P-GROUP-STARTED debug log entry
The PSK/passphrase are needed for the control interface events since the
upper layer UI component is required by the specification to be able to
make this available for manual configuration. However, this is not
needed in the INFO verbosity level debug entry, so split the event
generation into two parts.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-26 13:26:59 +03:00
Jouni Malinen
f8723e1e9f P2P: Use a helper function for P2P_EVENT_GROUP_STARTED events
This makes it easier to change the event message message for indication
when P2P group has stated and removes some duplicated code.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-26 13:25:18 +03:00
Jouni Malinen
71a0e395b9 P2P: Make unrecognized vendor elements available in P2P_PEER
This allows external programs to use vendor specific information from
P2P peers without wpa_supplicant having to be able to parse and
understand all such vendor specific elements.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-08 15:57:30 +03:00
Jouni Malinen
86bd36f0d5 Add generic mechanism for adding vendor elements into frames
This adds following new control interface commands to allow arbitrary
vendor elements to be added into number of frames:

VENDOR_ELEM_ADD <frame id> <hexdump of elem(s)>
VENDOR_ELEM_GET <frame id>
VENDOR_ELEM_REMOVE <frame id> <hexdump of elem(s)>
VENDOR_ELEM_REMOVE <frame id> *

The following frames are supported in this commit (additional frames can
be added in the future):

0 = Probe Request frame in P2P device discovery
1 = Probe Response frame from P2P Device role
2 = Probe Response frame from P2P GO
3 = Beacon frame from P2P GO
4 = PD Req
5 = PD Resp
6 = GO Neg Req
7 = GO Neg Resp
8 = GO Neg Conf
9 = Invitation Request
10 = Invitation Response
11 = P2P Association Request
12 = P2P Association Response

One or more vendor element can be added/removed with the commands. The
hexdump of the element(s) needs to contain the full element (id, len,
payload) and the buffer needs to pass IE parsing requirements to be
accepted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-07 12:25:09 +03:00
Dmitry Shmidt
4ed3492206 PNO: Send Probe Request frames only for hidden SSIDs
Previously, offloaded scanning (PNO) on Android was including SSIDs from
all enabled networks regardless of the scan_ssid parameter which
resulted in different behavior for the offloaded case when comparing to
wpa_supplicant initiated scans.

Use the sched_scan match filter to allow broadcast SSID to be used for
scan_ssid=1 networks also with PNO to avoid running active scans for
SSIDs that have not been explicitly marked as requiring an SSID-specific
scan. This reduces exposure of configured network names on the device
when running offloaded scans while the host device is in sleep.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-07-03 16:44:43 +03:00
Jouni Malinen
8931a36ca4 P2P: Add explicit check for ssid->p2p_client_list != NULL
This would not really be needed since these functions check the pointer
above. However, this seems to be too difficult for some static analyzer,
so add the extra check to avoid false reports.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-03 00:53:13 +03:00
Dmitry Shmidt
e376290c66 HS 2.0R2: Add update_identifier field to network
This can be used to configure a Hotspot 2.0 Release 2 network externally
for a case where wpa_supplicant-based Interworking network selection is
not used and the update_identifier cannot be copied directly from a
cred.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-07-02 14:01:01 +03:00
Jouni Malinen
5bc285716e Fix some sparse warnings about u16 vs. le16
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:34:34 +03:00
Jouni Malinen
42619d68a6 Fix CTRL-EVENT-REGDOM-CHANGE event init= value
Incorrect field was used to determine the init=<value> in the regulatory
domain changed control interface event.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:09:00 +03:00
Jouni Malinen
a520bf4aeb Mark function static
This function is not used outside this file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:08:46 +03:00
Jouni Malinen
0cb79d355a dbus: Fix indentation level to match code logic
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:03:45 +03:00
Jouni Malinen
8f03ac9007 Mark functions static
These functions are not used outside this file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:03:22 +03:00
Li Jianyun
6891f0e6f4 Allow SCAN command to specify scan_ssid=1 SSIDs
The new "scan_id=<comma separated list of network ids>" parameter can
now be used to specify a list of network ids that have scan_ssid=1 to
indicate active scanning of the SSID. This adds the listed SSIDs to the
scan command to allow manual scan requests to perform active scans for
hidden SSIDs. For example, "SCAN scan_id=1,7,11" would run a scan with
the SSID fetched from the configured network blocks 1, 7, and 11
(assuming those are set with scan_ssid=1). The SSIDs will be included
even from network blocks that are currently disabled.

The maximum number of SSIDs added to the request is limited by the
driver support. If more than supported values are specified, the command
will fail (returns "FAIL").

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 12:52:08 +03:00
Jouni Malinen
19c48da06b Clear wpa_supplicant configuration keys explicitly
Use an explicit memset call to clear any wpa_supplicant configuration
parameter that contains private information like keys or identity. This
brings in an additional layer of protection by reducing the length of
time this type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
5dbbf36916 Interworking: Remove unnecessary dead increment
build_root_nai() will not be extended to write something after the
domain, so there is no need to update the pos pointer after the final
os_snprintf() call in the function. Remove this to make a static
analyzer happier.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
a1e46f320d Check for no key_mgmt/proto/auth_alg entries in config writer
This is not really necessary check, but it keeps a static analyzer
happier by avoiding dead increment. Doing it this way rather than
removing the increment is less likely to cause problems when new entries
are added here in the future (the "dead" increment would be very much
needed in those cases).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
290ea6a76e Remove unnecessary tracking of first entry
The pointer to the current position is enough to figure out whether the
proto string is the first one in the buffer. Removing the separate
tracking variable cleans up a static analyzer warning on dead
assignment.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
d3fa2bbb02 WFD: Explicit limit for subelement length (CID 68127)
This adds an explicit limit for the maximum Wi-Fi Display subelement
length for ASCII hexdump. This would not really be needed since the
buffer is already limited by maximum frame length. Anyway, since this
can make static analyzers happier and the subelement used with this
function is short, we may as well include an explicit check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
745ef18478 HS 2.0: Verify assoc_req_ie buffer size for indication elements
While the buffer is expected to be large enough for all the IEs, it is
better to check for this explicitly when adding the HS 2.0 Indication
element. (CID 68601)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
010fc5f507 dbus: Clean up array-array-type property getter
The previously used design was a bit too complex for static analyzers
(e.g., CID 68131, CID 68133) to understand which resulted in false
warnings about uninitialized memory. Avoid this by explicitly
initializing the pointer array to NULL and also skipping any invalid
NULL entry in the helper function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-29 18:20:13 +03:00
Tomasz Bursztyka
ea18024d78 dbus: Add PropertiesChanged signal to Peer object
This signal will be thrown when a Peer joins or leaves a group.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:28:14 +03:00
Tomasz Bursztyka
bf035663c9 dbus: Remove GroupMember object type and use Peer instead
GroupMember is unusable in itself and all the necessary informations are
stored in Peer objects, thus replace the use of GroupMember by Peer.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:19:12 +03:00
Tomasz Bursztyka
17a37d7110 dbus: Add a Groups property to a Peer object on which it belongs
If only the Peer is part of one or more group, this property will tell
those via listing their object paths.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:09:32 +03:00
Tomasz Bursztyka
6f04642fe3 P2P: Add utility functions to get GO/client interface
This will be useful for a peer to know if it is part of a group either
as a client of our local GO or as the peer GO.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:00:55 +03:00
Dmitry Shmidt
1de809e152 eapol_test: Fix -R option to not replace -s option value
Commit e9852462d5 ('eapol_test: Add PC/SC
reader and PIN command line arguments') did not add break to the switch
statement for the new -R command line option.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-06-28 10:51:29 +03:00
Johannes Berg
57a8f8af38 nl80211: Use low-priority scan for OBSS scan
Some drivers may support low-priority scans, if they do then
use that for OBSS scanning.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-06-22 00:47:06 +03:00
Jouni Malinen
1b928f96b6 P2P: Allow passphrase length to be configured
Previously, eight character random passphrase was generated
automatically for P2P GO. The new p2p_passphrase_len parameter can be
used to increase this length to generate a stronger passphrase for cases
where practicality of manual configuration of legacy devices is not a
concern.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-22 00:15:53 +03:00
Jouni Malinen
e9852462d5 eapol_test: Add PC/SC reader and PIN command line arguments
The new command line arguments -R<reader> and -P<PIN> can now be used to
specify which PC/SC reader (prefix match) and PIN are to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-21 22:46:28 +03:00
Jouni Malinen
5a620604f8 Use pcsc_reader configuration in one for scard_init() call
This allows PC/SC reader to be identified with the pcsc_reader
configuration parameter.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-21 22:45:31 +03:00
Jouni Malinen
3302b7c29f Rate limit SA Query procedure initiation on unprotected disconnect
There is no need to trigger new SA Query procedure to check the state of
the connection immediately after having performed such a check. Limit
the impact of burst of unprotected Deauth/Disassoc frames by starting a
new SA Query procedure only once at least 10 seconds has passed from the
previous SA Query that was triggered by reception of an unprotected
disconnection. The first SA Query procedure for each association does
not follow this rule to avoid issues with test cases that expect to see
an SA Query every time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-19 20:56:32 +03:00
Arik Nemtsov
38ddccae8f TDLS: Add ctrl_iface option for flushing all TDLS peers
"TDLS_TEARDOWN *" can now be used to tear down the direct links to all
TDLS peers. This is useful for debugging purposes.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-06-16 23:43:46 +03:00
Arik Nemtsov
947f900fb8 TDLS: Handle unreachable link teardown for external setup
If a link is unreachable, the specification mandates we should send a
teardown packet via the AP with a specific teardown reason. Force this
by first disabling the link and only then sending the teardown packet
for the LOW_ACK event.

Rename the TDLS LOW_ACK event handler to better reflect its purpose.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-06-16 23:34:06 +03:00
Jouni Malinen
fa21e6c35b Fix CONFIG_MODULE_TESTS=y build without CONFIG_P2P=y
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-15 19:35:22 +03:00
Jouni Malinen
bd10d93891 P2P: Clean up by moving ifdef CONFIG_P2P to p2p_suppplicant.h
This removes number of unnecessary #ifdef CONFIG_P2P blocks from generic
code by hiding the conditional build into p2p_supplicant.h with empty
inline functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-15 19:31:53 +03:00
Ilan Peer
e3bd6e9dc0 P2P: Use another interface operating channel as listen channel
Performing a P2P Device flow such as p2p_listen or
p2p_find, can degrade the performance of an active interface
connection, if the listen frequency is different than the
frequency used by that interface.

To reduce the effect of P2P Device flows on other interfaces,
try changing the listen channel of the P2P Device to match the
operating channel of one of the other active interfaces. This change
will be possible only in case that the listen channel is not forced
externally, and will be delayed to a point where the P2P Device
state machine is idle.

The optimization can be configured in the configuration file and
is disabled by default.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:46:11 +03:00
Ilan Peer
28812a8983 P2P: Try using one of the social channels for GO
In case there is no preference for the GO operating channel,
try using one of 1, 6, 11 (randomly), and only if the random
selection is not suitable traverse all the channels 1..11.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:33:52 +03:00
Avraham Stern
0a816e8cbf P2P: Remove duplicated code from get_shared_radio_freqs_data()
Remove the seperation between getting the local interface frequency and
other interfaces frequencies since going over all the radio interfaces
includes the local interface.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2014-06-15 00:21:41 +03:00
Jouni Malinen
504df28a1d Remove unused dump_freq_array()
This function is not used anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-15 00:21:41 +03:00
Ilan Peer
a0c90bb073 P2P: Collect and use extended data on used frequencies
When the number of frequencies supported by the kernel is bigger than
one, and there is a need to pick a frequency for a new flow such as P2P
GO Negotiation or P2P Invitation, the flow should be able to pick the
best frequency among all the frequencies currently used by the device.

In order to prioritize between the currently used frequencies, add
the ability to collect additional data about each used frequency
(if the frequency is used by a station interface or P2P Client)
and when needed select the best frequency, where:

1. Infrastructure interfaces have highest priority
2. P2P Client interfaces have higher priority over AP/GO
   interfaces.

The rational is that the frequency of an AP/GO can change while
that of a station interface cannot.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:21:40 +03:00
Avraham Stern
b278f323ed P2P: Remove unused code from get_shared_radio_freqs_data()
Remove the check for get_radio_name support from
get_shared_radio_freqs_data() since get_radio_name is no longer in use
in this function.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2014-06-15 00:21:40 +03:00
Jouni Malinen
25be28a375 dbus: Check return value more consistently (CID 62841)
Most of these calls are checked to return success and there is no reason
why these wouldn't, so be more consistent. This addresses CID 62841,
CID 62840, CID 62839, CID 62838, CID 62837, CID 62836.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-14 12:32:53 +03:00
Jouni Malinen
f62415df8a Note chmod() failure in debug log even in ignore case (CID 62843)
If this chmod() call fails, the global control interface is allowed to
be used since there was no change to its group. Anyway, it can be
helpful to note the error case in debug log instead of silently ignoring
it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-14 12:32:52 +03:00
Jouni Malinen
49d13df63c P2P: Fix wfd_dev_info parsing for P2P-DEVICE-FOUND (CID 68127)
Commit b125c48fce ('P2P: Add wfd_dev_info=
field for device found event') added Wi-Fi Display device info to the
P2P-DEVICE-FOUND events. However, it did not include proper bounds
checking in wifi_display_subelem_hex() and could accept subelements with
invalid length field values. This could result in buffer read overflow
of up to 64 kB and inclusion of heap memory in the local control
interface event and/or process crash due to invalid memory access. Fix
this by checking the validity of the length field before writing a
hexdump of the data.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 15:25:39 +03:00
Jouni Malinen
1851e17a64 dbus: Clean up P2P group vendor ext getter
The vendor_ext[i] = NULL setting did not make any sense since
num_vendor_ext should have been used to index the vendor_ext array. The
old code did not do any harm since i >= num_vendor_ext and none of the
already set entries could have been cleared. Anyway, better clean this
by making it skip the setting to NULL similarly to what was already done
in the P2P peer vendor ext getter.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:48:21 +03:00
Jouni Malinen
137ff332fd HS 2.0R2: Fix OSEN IE parsing for in cipher setup (CID 68132)
The OSEN code path hardcodes number of struct wpa_ie_data items.
However, it did not clear the full structure and some uninitialized
fields could have been used (e.g., ie.mgmt_group_cipher for a debug
print and ie.capabilities for checking MFPC). Fix this by clearing the
ie data before filling in the hardcoded OSEN values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:36:42 +03:00
Jouni Malinen
2703fb4ad9 WNM: Use cleaner way of generating pointer to a field (CID 68100)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
fb5d417178 P2P: Use cleaner way of generating pointer to a field (CID 68096)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
35c03184df P2P: Use cleaner way of generating pointer to a field (CID 68095)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
e987c70c85 dbus: Add explicit break statements to switch-default
There were couple of missing breaks in switch-default (before/after).
While these did not have any noticeable issues due to falling over to
the next step that just exited from the switch statement, it is cleaner
and more robust to have each case use an explicit break.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
6446420b24 dbus: Initialize temporary entry properly (CID 62877)
The tmpentry variable was not initialized and
_wpa_dbus_dict_entry_get_byte_array() does not set tmpentry.type, so it
would have been possible for the error path to end up trying to free
unexpected type of an entry or not free the memory at all.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
70d9537361 Use clearer way of getting pointer to a frame (CID 62835)
This avoids an incorrect ARRAY_VS_SINGLETON report for a case where a
pointer is taken to the specified field in a frame and not to a single
octet. Bounds checking was already handled separately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:11 +03:00
Jouni Malinen
0e87e798b5 Fix HS20_GET_NAI_HOME_REALM_LIST hex length check (CID 68108)
Due to an incorrect operation (MOD vs. AND), the code that was supposed
to return an error if the hex string has odd length was not really
reporting any failures. Instead of reporting an error, the invalid
control interface command would have been truncated. This is not an
issue in practice, but better fix the implementation anyway.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-12 19:45:27 +03:00
Jouni Malinen
beb9e1171e dbus: Avoid theoretical memory leaks with duplicated dict entries
If a dict would include duplicated items, the parsing code here would
have leaked memory by overwriting old os_strdup() result with the new
one. Fix this by explicitly freeing the previous entry. This addresses
CID 62852, CID 62851, CID 62850, CID 62849, CID 62847, CID 62846.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-12 19:45:06 +03:00
Jouni Malinen
ceb4cd89c9 dbus: Fix a potential double-free in on error path (CID 62880)
It would have been at least theoretically possible to hit the first
error in the loop and end up jumping to error handling which would call
os_free(value) without the value having been cleared after the os_free()
call at the end of the previous loop iteration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-12 19:45:02 +03:00
Jouni Malinen
5519241676 GAS: Limit TX wait time based on driver maximum value
The GAS query TX operation used a fixed wait time of 1000 ms for the
reply. However, it would be possible for the driver to not support this
long remain-on-channel maximum. Limit this wait time based on driver
support, if needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-12 10:56:06 +03:00
Nirav Shah
d3b204694a P2P: Make the default p2p_find delay value configurable
This makes the p2p_find default delay value configurable as
p2p_search_delay parameter through the configuration file (and through
control interface "SET p2p_search_delay <value>" on the P2P management
interface.

This parameter controls the number milliseconds of extra delay that is
added between search iterations when there is a concurrent operation in
progress. This can be used, e.g., p2p_search_delay=100 to make p2p_find
friendlier to concurrent operations by avoiding it from taking 100% of
the radio resources. The default value is the previous default, i.e.,
500 ms. Smaller values can be used to find peers more quickly at the
cost of larger effect to concurrent operations while a larger value
leaves more time for the concurrent operations at the cost of making
device discovery take longer time.

The optional p2p_find delay argument can still be used to override the
search delay for each search operation.

Since the P2P_CONCURRENT_SEARCH_DELAY macro is not used anymore, the
driver specific build parameter for bcmdhd from Android.mk is also
removed. Similar configuration can now be achieved with
p2p_search_delay=0 in the p2p0 interface configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-09 19:43:26 +03:00
Jouni Malinen
a01acc50d5 Check for EVENT_ASSOC data to be present for AP mode operation
wpa_supplicant_event() is required to include the event data for AP mode
events. In theory, a non-AP mode event could be sent here from the
driver wrapper, so reject such event.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 19:15:50 +03:00
Jouni Malinen
0bbaa9b93f Validate driver extended capabilities length against buffer length
Prepare for new extended capabilities bits by checking that the local
buffer is large enough to contain all the bits the driver requests. The
existing buffers are large enough to include anything defined until now,
but it would be possible to add more definitions in the future, so
increase them a bit as well to make this more future proof.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 16:35:30 +03:00
Jouni Malinen
9c6c5589e0 Interworking: Reject EAP configuration with unsupported inner method
Instead of allowing the connection attempt to occur with an unsupported
inner method, check for that explicitly at the time the network block is
added and drop the network if the identified inner method is not
supported.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 16:18:30 +03:00
Jouni Malinen
f2ca0e9770 Check eap_get_name() return against NULL to silence static analyzer
This cannot really be NULL in practice since cred->eap_method would
point to a valid EAP method. Anyway, to avoid false positive from
analyzers, check the pointer explicitly before printing it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 15:42:07 +03:00
Jouni Malinen
fb958ea76e Check current_ssid on unexpected association event
This is mainly to keep static analyzers silent since it does not look
like this code path can be reached in practice due to the way
association events are handled and current_ssid is either set before
resched here or the association is rejected. Anyway, if this could be
reached, the wpa_supplicant_set_wpa_none_key() call would end up
dereferencing a NULL pointer, so add an explicit check to make sure that
does not happen.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 13:32:13 +03:00
Jouni Malinen
6a98f67369 ChangeLog entries for v2.2
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-04 16:08:37 +03:00
Jouni Malinen
d4b951f31b Fix offchannel TX not to retransmit pending frame on callback
If the offchannel TX frame command was offloaded to the driver in
offchannel_send_action(), we must not send another copy of the frame if
a remain-on-channel event happens to be delivered between this TX
command and the matching TX status event. It was possible for the
duplicated frame to cause problems, e.g., with P2P invitation exchange
if the same Invitation Request frame got sent twice and only the first
one getting accepted by the peer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-04 16:07:59 +03:00
Jouni Malinen
df48efc5ab Fix external radio work stopping to not read freed memory
The dynamically allocated struct wpa_external_work contains the name of
the radio work in the type field and this is used in a debug print
within radio_work_done(). Re-order radio_work_done() and os_free() calls
on couple of paths where the memory was freed before that final user of
the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-31 22:58:51 +03:00
Amit Khatri
9a17b36e55 tests: Makefile change avoiding compiler error for module test
wpa_supplicant was giving below error when "CONFIG_MODULE_TESTS=y" and
"CONFIG_P2P=y" are in .config file:
"wpas_module_tests.c:84: undefined reference to `wps_module_tests'"

This error is coming because "CONFIG_WPS=y" is commented out in .config
file but CONFIG_WPS is getting enabled by CONFIG_P2P in Makefile.

Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
2014-05-31 13:36:59 +03:00
Mikael Kanstrup
b77aeae732 Interworking: Re-trigger scan if no connect attempt is done
For one specific case when running with Interworking enabled the
re-initialisation of the scan timer is missing. This makes auto connect
to a configured network fail.

The case is:
- Interworking credentials available, but do not match
- Auto interworking is enabled (auto_interworking=1)
- Interworking auto select is disabled (i.e., this is from
  auto_interworking=1, not from INTERWORKING_SELECT auto)
- No configured (enabled and non blacklisted) networks are present
  in scan results list with full match
- Interworking finds matching networks (it does not do full security
  policy match)

This patch covers the case and re-initialises the scan timer to allow
search for a suitable network to continue.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2014-05-31 13:23:00 +03:00
Jouni Malinen
2d2dd488be tests: Add module tests for src/common
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-28 00:56:13 +03:00
Jouni Malinen
829a1b3296 P2P: Clear p2p_auth_invite after each persistent group invitation
This makes the operations more consistent when going through multiple
persistent group re-invocation sequences in a row. Each invitation needs
to be accepted separately if persistent reconnect is not enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 12:09:25 +03:00
Boris Sorochkin
e403ba859e Parse DMG capabilities when reporting to external interfaces
This adds [DMG] and [PBSS] flags for scan results and BSS table entries
using the IEEE Std 802.11ad-2012 updated definition of the Capability
field.

Signed-off-by: Boris Sorochkin <qca_bsoroc@qca.qualcomm.com>
2014-05-26 23:35:52 +03:00
Jouni Malinen
8860e0f47c tests: Add printf encoding/decoding module tests
This replaces tests/test-printf.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
7bb70909a2 Add DRIVER_EVENT AVOID_FREQUENCIES for testing
This can be used to simulate driver events indicating frequencies to
avoid.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Masashi Honma
f0356ec85c eloop: Add epoll option for better performance
This patch adds epoll option for the eloop implementation. This can be
selected with the CONFIG_ELOOP_EPOLL=y build option.

[merit]
See Table1.

Table1. comparison table
+--------+--------+-----------+------------+-------------+
|        | add fd | remove fd | prepare fd | dispatch fd |
+--------+--------+-----------+------------+-------------+
| select | O(1)   | O(1)      | O(N)       | O(N)        |
+--------+--------+-----------+------------+-------------+
| poll   | O(1)   | O(1)      | O(N)       | O(N)        |
+--------+--------+-----------+------------+-------------+
| epoll  | O(1)   | O(1)      | 0          | O(M)        |
+--------+--------+-----------+------------+-------------+
"add fd" is addition of fd by eloop_sock_table_add_sock().
"remove fd" is removal of fd by eloop_sock_table_remove_sock().
"prepare fd" is preparation of fds before wait in eloop_run().
"dispatch fd" is dispatchment of fds by eloop_sock_table_dispatch().
"N" is all watching fds.
"M" is fds which could be dispatched after waiting.

As shown in Table1, epoll option has better performance on "prepare fd" column.
Because select/poll option requires setting fds before every select()/poll().
But epoll_wait() doesn't need it.

And epoll option has also better performance on "dispatch fd" column.
Because select/poll option needs to check all registered fds to find out
dispatchable fds. But epoll option doesn't require checking all registered fds.
Because epoll_wait() returns dispatchable fd set.

So epoll option is effective for GO/AP functionality.

[demerit]
The epoll option requires additional heap memory. In case of P2P GO, it is
about 8K bytes.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-05-16 18:25:51 +03:00
Tomasz Bursztyka
68d270069f dbus: No need to recompute group object path on GroupStarted signal
The group object is already registered on DBus at that point, thus wpa_s
structure holds its path already.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:20:17 +03:00
Tomasz Bursztyka
f3734e2377 dbus: Provide the P2P Device Address from the relevant structure
Fixes a minor mistake: the p2p_info structure should be used here
instead of the peer_handler_args one.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:19:37 +03:00
Tomasz Bursztyka
e956b830fc dbus: Fix interface DeviceFound signal specification
DeviceFound does not provide any properties, just the peer object path.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:19:10 +03:00
Tomasz Bursztyka
fc591a771c dbus: Declare GONegotiation signals properly
These signals delivers an array of key/value pairs, thus declaring those
as it should.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:18:39 +03:00
Dmitry Shmidt
b19c098e75 Send authentication failure reason in wpas_auth_failed()
"WRONG_KEY"   - possibly wrong psk
"AUTH_FAILED" - authentication failure
"CONN_FAILED" - continiuos connection failure

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-05-16 18:08:39 +03:00
Eduardo Abinader
5516ed32c5 WPS: Deinit before wpas_p2p_disconnect()
When there is a pending WPS negotiation for P2P and signal interrupt is
triggered, invalid read occurs in wpas_wps_terminate_pending() if
wpas_p2p_disconnect() removed the interface. Inverting deinit order
solves the issue.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-05-16 01:03:44 +03:00
Jouni Malinen
e9eb648e0e P2P: Reject P2P_FIND and P2P_LISTEN on disabled interface
This makes the P2P operations behave more consistently with the SCAN
command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 21:34:32 +03:00
Jouni Malinen
c71c241674 P2P: Clear P2P state if active interface is disabled
The radio works for the interface get removed if interface is disabled.
This could have left P2P module in invalid state if the interface got
disabled during a p2p_find or p2p_listen operation. Clear the state in
such a case to avoid blocking following operations due to P2P module
assuming it is still in progress of doing something.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 21:32:54 +03:00
Jouni Malinen
ad12f2f422 Add DRIVER_EVENT ctrl_iface command for testing purposes
This new command can be used to simulate driver events without having to
go through the driver wrapper or kernel code for this. This enables more
testing coverage with hwsim.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 21:09:48 +03:00
Jouni Malinen
3e66f78914 P2P: Make sure GO start does not miss connect_without_scan
It looks like there was a possible sequence for wpa_s->scan_req to be
MANUAL_SCAN_REQ at the moment a GO is to be started. This could result
in the "Request scan (that will be skipped) to start GO" to actually not
skip the scan and end up stuck waiting for something external to trigger
a scan before the GO could be started. Fix this by clearing
wpa_s->scan_req when deciding to start the GO.

This issue could be hit at least by first enabling autoscan and then
issuing P2P_GROUP_ADD. Other sequences that set wpa_s->scan_req to
MANUAL_SCAN_REQ without going through wpa_supplicant_scan() to clear it
immediately could also have similar effect (and there is even a small
window for the wpa_supplicant_scan() call to happen only after the
P2P_GROUP_ADD command is processed, so this could potentially have
happened even with SCAN + P2P_GROUP_ADD).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-15 16:56:49 +03:00
Rashmi Ramanna
28fa4eb2b2 P2P: Fix scan optimization for GO during persistent group invocation
Commit 41d5ce9e0b was intended to scan for
GO on the negotiated channel for few iterations, but it did not work
correctly due to incorrect operator being used. Fix this by requiring
both conditions to be met for the single channel scan.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-13 15:49:06 +03:00
Edhar, Mahesh Kumar
7b42862ac8 P2P: Validate GO operating channel on channel list changes
On receiving CHANNEL_LIST_CHANGED event from driver, verify that local
GO (if any) is operating in valid frequency. If not, we should remove
the group and reform on valid frequency. Indicate this similarly to the
avoid-frequency notification (i.e., a control interface message for
upper layers to react to this for now; potentially CSA later).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-12 19:43:59 +03:00
Alexandru Costache
fb2ac53df1 Remove leftover timeouts on cleanup
Signed-off-by: Alexandru Costache <alexandru.costache.100@gmail.com>
2014-05-12 19:43:59 +03:00
Dmitry Shmidt
1c330a2fdc Add 'dup_network <id_s> <id_d> <name>' command
This command allows to copy network variable from one network to
another, e.g., to clone the psk field without having to extract it from
wpa_supplicant.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-05-12 19:43:56 +03:00
Hannu Mallat
316f92cd33 dbus: Reorder deauthentication and cleanup calls when removing a network
Valgrind indicates reference to already freed memory if function
wpa_config_remove_network() is called prior to calling
wpa_supplicant_deauthenticate(), and this can lead to a crash.
Inverting the call order fixes the problem.

Signed-off-by: Hannu Mallat <hannu.mallat@jollamobile.com>
2014-05-12 18:05:38 +03:00
Jouni Malinen
cfdb32e88f eapol_test: Check EAP-Key-Name
The new command line argument -e can be used to request the server to
send EAP-Key-Name in Access-Accept. If both the local EAP peer
implementation and server provide the EAP Session-Id, compare those
values and indicate in debug log whether a match was seen.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 21:22:37 +03:00
Jouni Malinen
270c9a43e6 Interworking: Allow FT to be used for connection
This extends Interworking network selection to enable FT-EAP as an
optional key_mgmt value to allow FT to be used instead of hardcoding
WPA2-Enterprise without FT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 16:15:20 +03:00
Eduardo Abinader
81ed4991ae Remove duplicated ibss_rsn_deinit() call
No need to call ibss_rsn_deinit() again since it is already being called
by wpa_supplicant_mark_disassoc().

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-05-10 13:48:34 +03:00
Sunil Dutt
0f1034e388 P2P: Refrain from performing extended listen during P2P connection
Do not perform extended listen period operations when either a P2P
connection is in progress. This makes the connection more robust should
an extended listen timer trigger during such an operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
dd10abccc8 MACsec: wpa_supplicant integration
Add MACsec to the wpa_supplicant build system and configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
7baec808ef MACsec: Add driver_ops
This defines new driver_ops to be used with MACsec.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Hu Wang
0836c04b30 MACsec: Allow EAPOL version 3 to be configured
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Jouni Malinen
2cebdee66d Fix MinGW build
No need to use ENOBUFS within core wpa_supplicant, so just replace it
with -1 to work arounds MinGW build issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 18:59:12 +03:00
Eliad Peller
e4fa8b120b wpa_supplicant: Add Wake-on-WLAN configuration support
Add a new wowlan_triggers option to wpa_supplicant.conf. The triggers in
this key will be used to configure the kernel wowlan configuration.

For now, support only simple flags. More complex triggers can be added
later on.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-04-29 18:59:12 +03:00
Dmitry Shmidt
959214b260 Android: Use extended P2P functionality (ANDROID_P2P) for all vendors
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-04-29 18:59:12 +03:00
Sreenath Sharma
fa258a3df6 HS 2.0 R2: Fix writing of domain_suffix_match cred parameter
This was supposed to end with a newline character so that parameters are
aligned in configuration file.

Signed-off-by: Sreenath Sharma <sreenats@broadcom.com>
2014-04-29 17:25:19 +03:00
Jouni Malinen
0bceb8d6f4 Make dl_list_first() and dl_list_last() uses easier for static analyzers
The previous check for dl_list_len() or having an entry from the list is
sufficient, but some static analyzers cannot figure out that
dl_list_first() and dl_list_last() will return non-NULL in this type of
cases. Avoid invalid reports by explicitly checking for NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
ece88f7697 Make last_scan_res update easier for static analyzers
The check based on last_scan_res_used is sufficient for making sure that
last_scan_res is allocated. However, it is a bit too complex for static
analyzers to notice, so add an explicit check to avoid bogus reports.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:10 +03:00
Jouni Malinen
b7a6702fd4 Indicate disconnection event on interface disabled
It is possible for the disconnection event from the driver to not get
delivered when interface is disabled. To maintain consistent ctrl_iface
event behavior, indicate CTRL-EVENT-DISCONNECTED in such a case if we
were in connected state.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-28 16:54:09 +03:00
Jouni Malinen
b89962b4b9 Fix wpa_config_read() with existing config block
If two config files are merged together, the ssid and cred blocks may
not have been processed correctly since the tail pointers were not
updated to the last entry from the first configuration file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-28 16:54:09 +03:00
Ilan Peer
d0df643735 wpa_supplicant: Call frequency conflict handling during auth
Previously, the frequency conflict was handled only during the
association flow. However, some drivers, e.g., mac80211 based
drivers, will fail an authentication request in case that there
are no available channels for use (as they might be used by
other interfaces), and thus the frequency conflict resolution
is never called.

Fix this by calling frequency conflict resolution during
authentication (SME-in-wpa_supplicant) as well.

In addition, get the shared radio frequency from the wpa_s context in
both the SME-in-driver and SME-in-wpa_supplicant cases and not from the
driver.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-04-24 12:15:32 +03:00
Luciano Coelho
0cf24fdaed scan: Reset normal scan counter when a connection succeeds
The normal scan counter is used to trigger a few normal scans before a
scheduled scan is issued. The reason for doing this is that we get
results faster and some drivers support more SSIDs per normal scan
than during sched scan. After 2 normal scans, we start using
sched_scan. But the problem is that when a connection succeeds, we do
not reset this counter, so we will keep using sched scans.

To fix this, now we reset the counter when we switch to WPA_COMPLETED
state.

Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
2014-04-24 12:15:32 +03:00
Greg Hackmann
9176ec066e Android: Disable unused parameter warnings
This avoids large number of undesired compiler warnings since Android
build system is added -Wextra.

Signed-off-by: Greg Hackmann <ghackmann@google.com>
2014-04-24 12:15:32 +03:00
Naresh Jayaram
13f6a07efc Add SIM identifier to the network profile and cred block
This allows the specific SIM to be identified for authentication
purposes in multi-SIM devices. This SIM number represents the index of
the SIM slot. This SIM number shall be used for the authentication using
the respective SIM for the Wi-Fi connection to the corresponding
network.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-24 12:15:32 +03:00
Jouni Malinen
d41cc8ccf6 Allow HT 40 MHz intolerant flag to be set for association
This extends HT overrides to allow HT 40 MHz intolerant flag to be set
with ht40_intolerant=1.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-17 17:11:17 +03:00
Jouni Malinen
f777fd127f Fix writing of provisioning_sp cred parameter
This was supposed to be within quotation marks in the configuration
file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-16 01:41:38 +03:00
Jouni Malinen
a7ca6dac44 Fix P2P redirection of global ctrl_iface SET command
The previous version prevented all use of wpas_global_ctrl_iface_set().
That's not desirable since there may be more global parameters added in
the future. Instead, try to use the global version first and redirect to
P2P interface only if the global version returns an error.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-15 13:27:23 +03:00
Jouni Malinen
d6b818efe5 Remove SAVE_CONFIG redirect from global control interface
The P2P redirection for SAVE_CONFIG issued on the global control
interface was preventing wpas_global_ctrl_iface_save_config() from being
reached. The global version of SAVE_CONFIG was supposed to try to save
configuration files for all interface rather than just the P2P
management interface, so fix this by removing the unneeded and undesired
redirection.

Modify the global SAVE_CONFIG handler to return FAIL if no configuration
files were saved. This makes the behavior match with the per-interface
SAVE_CONFIG.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-15 13:26:48 +03:00
Jouni Malinen
128cc37558 eap_proxy: Use unique Makefile names for Android and non-Android
Rename the eap_proxy_*.mk file to eap_proxy_*.mak for non-Android builds
so that the same eap_proxy implementation can be more easily included in
the same directory for both cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-15 13:02:25 +03:00
Jouni Malinen
e83e15ee77 P2P: Fix interface remove to terminate all P2P groups
Previously, it was possible to remove the main interface and leave
behind dynamic P2P group interfaces. This would eventually result in
references freed memory, so it is not really suitable behavior. Instesd,
remove all the dynamic P2P group interfaces that were created through an
interface that is now removed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-15 00:20:17 +03:00
quiche@chromium.org
e9b32dae1a Propagate scan failures over D-Bus
If we receive a scan request via D-Bus and wpa_supplicant_scan_trigger
fails, return the failure to the caller over D-Bus.

Signed-hostap: mukesh agrawal <quiche@chromium.org>
2014-04-13 23:43:04 +03:00
Jouni Malinen
142817b2f9 Add a wpa_supplicant ctrl_iface event for regdom changes
CTRL-EVENT-REGDOM-CHANGE event provides an external notification of
regulatory domain (and any driver channel list) changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 16:32:38 +03:00
Jouni Malinen
150fd0b2b5 WPS: Split eapol_cb reconnect to a separate code path
Use eloop timeout to run the reconnect command after eapol_cb has
returned. This reduces stack use and can simplify the driver
command/event sequence by allowing the disconnection events from the
provisioning step to be processed before starting the actual data
connection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 11:47:03 +03:00
Jouni Malinen
ded4f944df WPS: Close p2p_group and temporary parameters to all network blocks
If a P2P GO issues multiple credentials for some reason, clone the
p2p_group and temporary parameters to all those based on the initial
network block that gets used for the first credential.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 11:44:57 +03:00
Jouni Malinen
e74dd0e55b Add forgotten ampdu_factor into wpa_supplicant.conf
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:53 +03:00
Jouni Malinen
759ff2f075 Re-enable use of wildcard SSID with passphrase
This used to work, but it looks like the disabled-PSK-network check
ended up rejecting confiurations that configured a wildcard SSID with a
passphrase (instead of PSK).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:53 +03:00
Jouni Malinen
023b466da4 Fix a debug print to have a space between words
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:52 +03:00
Jouni Malinen
0cd860284c Add CTRL-EVENT-SIGNAL-CHANGE for bgscan signal update events
This allows external programs to monitor driver signal change events
through wpa_supplicant when bgscan is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:52 +03:00
Jouni Malinen
bd8838a387 Fix ctrl_iface BLACKLIST return value
Adding a new entry was returning FAIL on success due to incorrect
assumption of wpa_blacklist_add() returning 0 on success (it returns the
positive blacklist count).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:51 +03:00
Andres Morales
f3ff948753 P2P: Add NFC_HANDOVER commands to p2p_redir list
These commands can be executed on the P2P interface thus should be
redirected to it when issued to the global control interface.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-04-11 19:22:00 +03:00
Fionn Cleary
481e66b1f8 Fix reassociate dbus method
- Reassociate was only working when there was already a connect in
  place, which is not how the REASSOCIATE command from the ctrl
  interface works.

Signed-off-by: Fionn Cleary <fionn.cleary@streamunlimited.com>
2014-04-11 19:22:00 +03:00
Daichi Ueura
2150c33337 wpa_cli: Fix wrong comparison in wpa_cli_cmd_interface
Signed-off-by: Daichi Ueura <daichi.ueura@gmail.com>
2014-04-11 19:22:00 +03:00
Sunil Dutt
8235f89f3f P2P: Mark the scan in p2p_in_invitation as p2p_probe
Mark the scan performed by the P2P Client in search of the GO
during the persistant reinvocation as a p2p_probe to avoid
unnecessary use of 802.11b rates.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-10 19:54:36 +03:00
Amarnath Hullur Subramanyam
38ce8e2709 Android: Add qca-vendor.h to be exported
Add qca-vendor.h along with wpa_ctrl.h to be exported to
common staged location.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-10 16:34:23 +03:00
Jouni Malinen
897a5ccee8 WNM: Remove unnecessary present flag
The structures are all allocated, so the pointer can be compared to NULL
to determine whether the subelement was present.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:34:17 +03:00
Jouni Malinen
f6ce70dc0d WNM: Fix neighbor report subelement formats
Number of of subelements were using incorrect format definition.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:32:28 +03:00
Jouni Malinen
e9cb7b9275 WNM: Fix neighbor report subelement parser to not leak memory
If a subelement is unexpectedly included multiple times, the parser must
not re-allocate memory for the entry without first freeing the old
allocation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:20:24 +03:00
Jouni Malinen
1aa6f953bb WNM: Fix neighbor report subelement parser
Only the Neighbor Report element should be included here, so verify that
the element id matches. In addition, verify that each subelement has
valid length before using the data.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:01:55 +03:00
Jouni Malinen
f8b10c1770 Fix CONFIG_AP=y build without CONFIG_P2P=y
Commit ca9bc5b566 used P2P functionality
from ap.c without proper ifdef CONFIG_P2P.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 13:40:58 +03:00
Jouni Malinen
f05cee9714 P2P: Clear p2p_in_invitation on cancel
Commit 41d5ce9e0b added scan optimizations
for P2P invitation cases. However, it left a path where the invitation
state was not cleared and as such, introduced potential issues for
following scans that ended up getting incorrectly optimized for a single
channel regardless of parameters. Fix this by clearing p2p_in_invitation
more carefully, especially on p2p_cancel command.

p2p_cancel is now also run from the FLUSH command to avoid issues with
hwsim test cases (e.g., persistent_group_per_sta_psk followed by
ap_open_tdls resulted in an error due to p2p_in_invitation remaining set
after FLUSH).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 13:40:58 +03:00
Jouni Malinen
ec331d09a2 WNM: Fix deinit path to clean neighbor report count
wnm_deallocate_memory() left wnm_num_neighbor_report set while freeing
the allocated buffer of neighbor reports. If this function was called
twice in a row without having went through new neighbor report parsing,
invalid pointers could have been freed resulted in segfault.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 13:40:45 +03:00
Jouni Malinen
679f2e7c5f WPS NFC: Remove NFC_RX_HANDOVER_SEL
The newer NFC_REPORT_HANDOVER command is more general version that
handles the cases where NFC_RX_HANDOVER_SEL could potentially have been
used. In addition, with the new WPS NFC design, it is important to
receive the handover request message that was used in the handover in
addition to the select message, so the NFC_RX_HANDOVER_SEL command on
its own would not be sufficient for this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:56:04 +03:00
Jouni Malinen
dc39004318 WPS: Remove unused WEP related functionality
Now that WPS 2.0 support is enabled unconditionally, WEP and Shared auth
type are not allowed. This made some of the older code unused and that
can now be removed to clean up the implementation. There is still one
place where WEP is allowed for testing purposes: wpa_supplicant as
Registrar trying to configure an AP to use WEP. That is now only allowed
in CONFIG_TESTING_OPTIONS=y builds, though.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 12:31:45 +03:00
Jouni Malinen
9ff4de6de4 Move DROP_SA command to be within ifdef CONFIG_TESTING_OPTIONS
This is a test command and has no use in production builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 23:59:31 +03:00
Jouni Malinen
9a147ba18d WNM: Fix regression in Sleep Mode exit key data parsing
Commit dbfb8e82ff changed the Action frame
RX payload pointer design to point to a different field. WNM Sleep Mode
Response handler updated one of the uses to accommodate this change, but
that commit missed another use for key data length. This resulted in GTK
and IGTK being ignored in many cases when waking up from WNM Sleep Mode
with PMF enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 20:42:13 +03:00
Dmitry Shmidt
204c9ac4ee Extend select_network command with freq= to reduce scan time
This allows a subset of channels to be specified for the scan used to
find the network when the SELECT_NETWORK ctrl_iface command is issued.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-04-04 23:07:17 +03:00
Jouni Malinen
75aea3e704 Interworking: Add writing of forgotten cred parameters into config file
req_conn_capab and required_roaming_consortium parameters were not
written into the cred block when requesting wpa_supplicant to write the
configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-04 22:57:15 +03:00
Jouni Malinen
c880ab87ee Interworking: Add GET_CRED ctrl_iface command
"GET_CRED <id> <field>" can now be used to fetch credential parameters
over the control interface. This does not allow passwords etc. private
material to be retrieved ("*" is returned for those if the value is set
regardless of the value). FAIL is returned if the requested parameter
has not been set. For cred parameters that can have multiple values,
newline separated list of values is returned.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-04 20:13:53 +03:00
Jouni Malinen
1619e9d512 Interworking: Add ctrl_iface events on cred block modifications
Following events are now sent to ctrl_iface monitors to indicate if
credential blocks have been added, modified, or removed:

CRED-ADDED <id>
CRED-MODIFIED <id> <field>
CRED-REMOVE <id>

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-04 19:10:47 +03:00
Pawel Kulakowski
39a5800f7c wpa_supplicant: Allow disabling LDPC
Allows user to disable LDPC coding.
This possibility is useful for testing purpose.

Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
2014-04-01 11:20:48 +03:00
Jean Trivelly
72300408d4 Interworking: Read IMSI if not read at supplicant start
It is required to read IMSI from SIM if it has not already been done
when comparing HS 2.0 AP 3GPP information with the local credentials.

Signed-off-by: Jean Trivelly <jean.trivelly@intel.com>
2014-03-31 23:44:59 +03:00
Jean Trivelly
62f736dd04 Interworking: Init scard when a credential requires SIM access
When an ANQP fetch is triggered and ANQP_3GPP_CELLULAR_NETWORK info is
required, initialize scard to be ready when comparing ANQP and
credentials.

Signed-off-by: Jean Trivelly <jean.trivelly@intel.com>
2014-03-31 23:35:08 +03:00
Jean Trivelly
729897a388 Interworking: Fix incorrect compile PCSC flag
CONFIG_PCSC is used instead of PCSC_FUNCS.

Signed-off-by: Jean Trivelly <jean.trivelly@intel.com>
2014-03-31 23:29:37 +03:00
Avraham Stern
ace0fbdb69 P2P: Fix segfault when PBC overlap is detected
If a separate P2P group interface is used, PBC overlap during group
formation causes the group interface to be removed, which ends up with
the interface context becoming invalid. Fix this by scheduling a timeout
to process the PBC overlap and interface removal instead of removing the
interface directly before the connection operation has returned.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2014-03-28 19:31:26 +02:00
Jouni Malinen
cf15b15cc1 Add writing of network block ocsp parameter
This was forgotten from the per-network ocsp parameter addition. The new
parameter needs to be stored to the configuration file similarly to the
other EAP parameters.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-28 16:56:41 +02:00
Ilan Peer
f1c4dbf5cd wpa_supplicant: Remove pending sme-connect radio work
If a new connection is attempted while there is a pending sme-connection
radio work, cancel the pending radio work and continue with the new
connection attempt. This is preferable over rejecting the new work and
continuing with the pending one, as it is possible that the previous
work is no longer valid.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-03-27 16:45:25 +02:00
Eliad Peller
4f560cdee3 wpa_supplicant: Override HT A-MPDU size if VHT A-MPDU was overridden
According to the standard, if the max A-MPDU VHT cap is <= 3, we
have to adjust the max A-MPDU HT cap to the same value. Otherwise
it should be set to 3.

Take care of it when the max VHT A-MPDU value is overridden.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-03-27 16:45:21 +02:00
Ilan Peer
782e2f785e P2P: Do not initiate scan on P2P Device when enabled
Do not start a scan on a P2P Device interface when processing an
interface enabled event.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-03-27 15:25:12 +02:00
Sunil Dutt
96ecea5eb1 Pass TDLS peer capability information in tdls_mgmt
While framing the TDLS Setup Confirmation frame, the driver needs to
know if the TDLS peer is VHT/HT/WMM capable and thus shall construct the
VHT/HT operation / WMM parameter elements accordingly. Supplicant
determines if the TDLS peer is VHT/HT/WMM capable based on the presence
of the respective IEs in the received TDLS Setup Response frame.

The host driver should not need to parse the received TDLS Response
frame and thus, should be able to rely on the supplicant to indicate
the capability of the peer through additional flags while transmitting
the TDLS Setup Confirmation frame through tdls_mgmt operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-27 15:18:48 +02:00
Dmitry Shmidt
cf28c66bcb HS 2.0: Extend ANQP_GET to accept Hotspot 2.0 subtypes
This allows a single ANQP query to be used to fetch both IEEE 802.11
defined ANQP elements and Hotspot 2.0 vendor specific elements.

ANQP_GET <addr> <info id>[,<info id>]...
[,hs20:<subtype>][...,hs20:<subtype>]

For example:
ANQP_GET 00:11:22:33:44:55:66 258,268,hs20:3,hs20:4

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-25 18:33:21 +02:00
Jouni Malinen
163f801ef2 nl80211: Indicate HS 2.0 OSEN AKM in connect/associate command
This allows drivers that build the WPA/RSN IEs internally to use similar
design for building the OSEN IE.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 18:33:21 +02:00
Jouni Malinen
c201f93a9e WPS: Enable WSC 2.0 support unconditionally
There is not much point in building devices with WPS 1.0 only supported
nowadays. As such, there is not sufficient justification for maintaining
extra complexity for the CONFIG_WPS2 build option either. Remove this by
enabling WSC 2.0 support unconditionally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 18:33:21 +02:00
Sunil Dutt Undekari
91364b7f10 P2P: Set a timeout for a persistent reinvoke on a P2P Client
Use P2P group formation timeout to wait for the 4-way handshake to
complete on a persistent reinvocation on a P2P Client.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 15:38:33 +02:00
Rashmi Ramanna
41d5ce9e0b P2P: Optimize scan for GO during persistent group invocation
Scan for GO on the negotiated operating channel for few iterations
before searching on all the supported channels during persistent group
reinvocation. In addition, use the already known SSID of the group in
the scans. These optimizations reduce group formation time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 15:38:33 +02:00
Jouni Malinen
31ded52e70 SME: Add more debug prints for OBSS scans and 20/40 MHz co-ex report
This makes it easier to debug wpa_supplicant behavior when reporting
20/40 MHz co-ex information based on OBSS scans.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-23 23:56:50 +02:00
Jouni Malinen
7f8eb34dee SME: Fix OBSS scan result processing for 20/40 MHz co-ex report
The 40 MHz intolerant bit needs to be checked before skipping the BSS
based on the channel already being in the lost (which could have
happened due to another BSS that does not indicate 40 MHz intolerant).
This fixed the 20/40 MHz co-ex report to indicate 20 MHz request
properly if there are both 40 MHz tolerant and intolerant BSSes on the
same channel.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-23 23:54:50 +02:00
Dmitry Shmidt
d3c9c35f32 Add freq= parameter to 'set pno' command
This allows channels-to-be-scanned to be specified for PNO similarly to
the scan command.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-21 23:56:46 +02:00
Tomasz Bursztyka
b998236543 dbus: Implement P2P Peers info IEs buffer getter
Since it declares providing such property, let's expose it relevantly.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:49:47 +02:00
Tomasz Bursztyka
c6f356f85b dbus: Export the peer's device address as a property
This could be useful in some cases.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:44:09 +02:00
Tomasz Bursztyka
442adfde3d dbus: Declare properly ServiceDiscoveryRequest method
It does return something: the reference of the request, as an integer,
which can be used then with ServiceDiscoveryCancelRequest to get
canceled.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:36:50 +02:00
Tomasz Bursztyka
890374118f dbus: Cancelling a service request always reply by an error
p2p_sd_cancel_request returns -1 in case of error, so does
wpas_p2p_sd_cancel_request.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:36:49 +02:00
Tomasz Bursztyka
13494c4478 dbus: Remove duplicate signal declaration
ServiceDiscoveryExternal is uselessly declared twice.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:36:49 +02:00
Eduardo Abinader
5eae87a7d6 P2P: Fix GO failed interface init
Whenever an ongoing GO Neg has failed, due to interface init, the P2P
Device should cancel timeouts and issue wpas_p2p_group_formation_failed,
so the other peer detects faster group formation has failed.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-03-21 23:26:16 +02:00
Andrei Otcheretianski
c46235aaf0 wpa_supplicant: Fix radio_remove_interface
Remove pending radio works when an interface is removed from a radio.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-03-21 22:21:37 +02:00
Dmitry Shmidt
2ce7e4fd74 Android: Enable CONFIG_EAP_AKA_PRIME option
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-21 22:21:26 +02:00
Prameela Rani Garnepudi
95bf699f76 Add get_radio_name() driver wrapper for wpa_supplicant
Signed-off-by: Prameela Rani Garnepudi <prameela.g@samsung.com>
2014-03-21 22:20:38 +02:00
Guoqiang Liu
d06ecab344 D-Bus: Make p2p_no_group_iface configurable
Some old device need to set p2p_no_group_iface=1 to set up a P2P
connection, so add a D-Bus interface to configure it.

Signed-off-by: Guoqiang Liu <guoqiang.liu@archermind.com>
2014-03-21 22:17:57 +02:00
Jouni Malinen
1120e45232 Allow config blobs to be set through ctrl_iface
"SET blob <name> <hexdump>" can now be used to set a configuration blob
through the wpa_supplicant control interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 23:51:37 +02:00
Jouni Malinen
6829da39e6 Fix external radio_work deinit path
The radio_work type was stored within the dynamically allocated
wpa_radio_work buffer and that buffer ended up getting freed before the
final use of the type string within radio_work_done(). This resulted in
freed memory being used for a debug print. Avoid this by freeing the
wpa_external_work instance after having completed radio_work_done() for
the related work.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:46 +02:00
Jouni Malinen
8dd9f9cdde Allow management group cipher to be configured
This allows hostapd to set a different management group cipher than the
previously hardcoded default BIP (AES-128-CMAC). The new configuration
file parameter group_mgmt_cipher can be set to BIP-GMAC-128,
BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in
IEEE Std 802.11ac-2013.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:45 +02:00
Manish Bansal
67d39cfb32 P2P: Do not create another group interface on NFC Token enable
If a group interface is present and the command was issued on the group
interface, enable the token for that interface instead of creating a new
one.

Signed-off-by: Manish <manish.bansal@broadcom.com>
2014-03-14 21:58:45 +02:00
Paul Stewart
6aa1cd4e06 wpa_supplicant: Apply VHT_OVERRIDES to wpas_start_assoc_cb()
A previous patch "Support VHT capability overrides" missed one
place where HT overrides were being applied and where it would
also be useful to apply VHT overrides.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2014-03-14 21:50:58 +02:00
Dmitry Shmidt
6e9375e4e1 TDLS: Add get_capability tdls command
Command returns info in format: UNSUPPORTED/INTERNAL/EXTERNAL

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-14 21:40:57 +02:00
Jouni Malinen
9a1a538fa5 wpa_supplicant AP: Allow PMF to be enabled with ieee80211w
The ieee80211w parameter was not previously copied to the hostapd BSS
structure from wpa_supplicant configuration, so PMF was practically
disabled. Allow it to be configured through the wpa_supplicant network
configuration block.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 18:22:25 +02:00
Jouni Malinen
daa70bdf68 Fix CONFIG_NO_SCAN_PROCESSING=y build
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 22:39:11 +02:00
Peter Qiu
0f44ec8eba Add a reattach command for fast reassociate-back-to-same-BSS
Add "reattach" command to perform single-channel single-ssid scan
instead of full scan when trying to reconnect to the currently
"connected" network (assuming old scan results are not current enough to
skip the scan completely). This allows the scan result to come back in
much faster time. In ath9k, the scan took around 12 seconds with full
background scan, and only 0.1 second with the single-channel single-ssid
scan. Thus, take much less time for the client to re-establish
connection with the currently "connected" network.

Signed-hostap: Peter Qiu <zqiu@chromium.org>
2014-03-11 19:38:01 +02:00
Ben Greear
5d0d72a3e5 wpa_supplicant: Put upper bound on initial scan time delay
This makes stations associate much faster when using lots of stations.
In addition, this avoids delaying the initial scan continuously for
dynamic interface removal/addition cases.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2014-03-11 19:23:17 +02:00
Alexander Bondar
5e3ddf4d23 PNO: Change sched_scan_stopped event to handle pending PNO properly
When a sched_scan_stopped event is received and there is a pending PNO,
it used regular scheduled scan parameters instead of PNO specific
parameters. Change it by calling wpas_start_pno().

Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-03-11 19:15:48 +02:00
Alexander Bondar
737e7a08b0 PNO: Move and rename pno_start()/pno_stop()
Move pno_start() and pno_stop() to scan.c as a more relevant location
and rename them to wpas_start_pno()/wpas_stop_pno().

Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-03-11 19:12:57 +02:00
Jouni Malinen
09eef142ea Use internal FIPS 186-2 PRF if needed
Previously, EAP-SIM/AKA/AKA' did not work with number of crypto
libraries (GnuTLS, CryptoAPI, NSS) since the required FIPS 186-2 PRF
function was not implemented. This resulted in somewhat confusing error
messages since the placeholder functions were silently returning an
error. Fix this by using the internal implementation of FIP 186-2 PRF
(including internal SHA-1 implementation) with crypto libraries that do
not implement this in case EAP-SIM/AKA/AKA' is included in the build.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-11 16:44:22 +02:00
Jouni Malinen
60b893dfb3 wpa_supplicant: Allow external management frame processing for testing
This enables more convenient protocol testing of AP and P2P
functionality in various error cases and unexpected sequences without
having to implement each test scenario within wpa_supplicant.
ext_mgmt_frame_handle parameter can be set to 1 to move all management
frame processing into an external program through control interface
events (MGMT-RX and MGMT-TX-STATUS) and command (MGMT_TX). This is
similar to the test interface that was added to hostapd previously, but
allows more control on offchannel operations and more direct integration
with the internal P2P module.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-08 20:21:21 +02:00
Ilan Peer
c16a7590cf wpa_supplicant: Add a configuration file for the P2P_DEVICE parameters
Add an option to specify a configuration file that can be used to hold
the P2P_DEVICE configuration parameters. If this option is not used, the
P2P_DEVICE configuration parameters will be read from interface
configuration file.

Note that it is advised to use this option in some cases such as:

If a P2P_DEVICE is supported by the driver, the wpa_supplicant creates a
dedicated P2P Device interface, where the configuration file used for
the main interface is used. As a consequence, if the configuration file
includes network definition etc., the wpa_supplicant will try to perform
station specific flows on the P2P Device interface which will fail.

If a P2P_DEVICE is supported by the driver and update_config is used,
the P2P Device configuration data will override the main interface
configuration data.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2014-03-07 00:11:04 +02:00
Jouni Malinen
8f05577d11 Configure beacon interval for IBSS command
wpa_supplicant already allowed beacon interval to be configured for AP
mode operations, but this was not passed to the driver for IBSS even
though the same parameter can used for that case. Add this for the
nl80211 driver interface to allow beacon interval to be controlled for
IBSS as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-06 23:09:20 +02:00
Moshe Benji
354c903f8e AP/GO interface teardown optimization
This commit adds an option to optimize AP teardown by leaving the
deletion of keys (including group keys) and stations to the driver.

This optimization option should be used if the driver supports stations
and keys removal when stopping an AP.

For example, the optimization option will always be used for cfg80211
drivers since cfg80211 shall always remove stations and keys when
stopping an AP (in order to support cases where the AP is disabled
without the knowledge of wpa_supplicant/hostapd).

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
2014-03-05 23:57:02 +02:00
Eliad Peller
3a94adbf42 P2P: Do not start scan for P2P Device interfaces at driver init
wpa_supplicant started delayed sched scan also on P2P Device interfaces,
resulting in erroneous scans and connection attempts. Skip that on
driver init when the interface is dedicated only for P2P management
purposes.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-03-04 22:34:00 +02:00
David Spinadel
aa10983004 P2P: Do not initialize bgscan on P2P interfaces
As a P2P group has a unique SSID and one security domain, it does
not make sense to enable background scanning for roaming purposes.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2014-03-04 22:32:24 +02:00
Alexander Bondar
54ac5aa271 config: Add bgscan option when saving global configuration
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
2014-03-04 22:27:39 +02:00
David Spinadel
268043d55f bgscan: Do not initialize bgscan if disabled by user
Do not initialize bgscan if the user explicitly set bgscan to an empty
string. Without this patch wpa_supplicant tries to initialize bgscan to
the first option if the string is empty.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2014-03-04 22:26:19 +02:00
Beni Lev
adef89480d nl80211: Add vendor command support
Add a callback to the driver interface that allows vendor specific
commands to be sent. In addition, a control interface command is added
to expose this new interface outside wpa_supplicant:

Vendor command's format:
VENDOR <vendor id> <sub command id> [<hex formatted data>]

The 3rd argument will be converted to binary data and then passed as
argument to the sub command.

This interface is driver independent, but for now, this is only
implemented for the nl80211 driver interface using the cfg80211 vendor
commands.

Signed-off-by: Beni Lev <beni.lev@intel.com>
2014-03-04 22:24:20 +02:00
Jouni Malinen
508e24c20b dbus: Clean up error reporting for TDLS peer address parsing
Passing a pointer to an error reply message is not very robust since
memory allocation could fail even for that error message. Instead, use a
separate error value as the return value from get_peer_hwaddr_helper()
and return a pointer to the error message through a pointer-to-pointer
so that the error case will always be clear.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
a7c37d92d2 dbus: Remove duplicated variable assignment
This gets rid of a static analyzer warning.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
ea3b8c1d2d Do not use a separate variable for tracking first entry in a list
The pos pointer can be compared to the start of the buffer pointer to
determine whether the entry is the first one in the list. This gets rid
of some static analyzer warnings about unused variable writes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
6ed626df40 Remove unused gid_str pointer update
The group name is not used on these paths, so just remove it from the
directory name without updating gid_str to point to the unused group
name.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
67adcd266c WNM: Check wpa_s->current_bss more consistently
The scan result comparison routine would not make much sense without
current BSS level known, so return from the function without going
through the iteration that could have dereferenced the pointer if
wpa_s->current_bss == NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
2af4d87fc3 GAS: Fix additional comeback delay with status code 95
The special case of non-zero status code used in a GAS Comeback Response
frame to indicate that additional delay is needed before the response is
available was not working properly. This case needs to allow the status
code check to be bypassed for the comeback case prior to having received
any response data.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-01 17:06:20 +02:00
Jouni Malinen
07d462c7b7 Interworking: Remove unused password setting for SIM credential
The simulated SIM/USIM case uses a separate milenage cred parameter, so
this cred password parameter was unused for this credential type.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-01 17:06:20 +02:00
Jouni Malinen
3141b82c16 Add OSEN to proto config field writer
This was forgotten from the OSEN addition where it was parsed, but not
written to a network block.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-01 10:49:18 +02:00
Jouni Malinen
06c7b7f0b5 HS 2.0R2: Fix temporary network disabling in Deauth Req case
Commits 7ef6947993 and
533536d82a added this temporarily
disabling case, but those commits were merged in without having been
converted to the new os_reltime design used for ssid->disabled_until.
Consequently, they ended up disabling the network for 44 years or so too
long time (depending on what values the relative timestamp had
accummulated so far). Fix this by using relative timestamps
consistently.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-28 00:29:34 +02:00
Jouni Malinen
b7fb98f072 Interworking: Fix already-connected check to verify network priority
Commit d28f4e44f1 optimized Interworking
network selection in a case where the operation is run while already
connected to the selected network by skipping the reconnection. However,
this did not take into account that a higher priority network may have
shown up in the new scan results.

Fix this by checking whether network selection based on the latest scan
results (the ones from the interworking_select operation) would result
in a network with higher priority being selected. If so, skip the
optimization and force normal network connection (which will select this
newly found higher priority network). This fixes cases where a
non-Hotspot 2.0 network with higher priority (e.g., home network) shows
up while connected to a Hotspot 2.0 network with lower priority.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-27 14:06:23 +02:00
Jouni Malinen
7c373ac267 Interworking: Fix last-network preference to not override priority
Commit 3d910ef497 tried to make
last-network selection behave more consistently with Interworking
network selection preferences. However, it did not take into account
that other network block may have higher priority. In such cases, the
last added network from Interworking network selection should actually
not be selected for the next connection. Fix this by limiting the
last-network preference to work only within a priority class.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-27 13:47:23 +02:00
Jouni Malinen
f54e92433e HS 2.0R2: Fix req_conn_capab example
Protocol field needs to be separated properly from te port number list.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-27 00:43:58 +02:00
Jouni Malinen
a6739e191e HS 2.0R2: Try to scan multiple times for OSU providers
Scan operation is not that reliable, so try couple of times if no
OSU provider matches are found during fetch_osu command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
cf6d08a63f Interworking: Add OCSP parameter to the cred block
This new parameter can be used to configure credentials to mandate use
of OCSP stapling for AAA server authentication.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
6402f2fe40 Interworking: Add more debug info on roaming partner preferences
This can be useful in debugging selection of roaming partner preference.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
74794891c7 Interworking: Add sp_priority cred parameter
This new priority parameter can be used to specify priorities between
credentials provisioned by the same SP. cred->priority is checked first
and if it is same and the provisioning_sp parameter matches, the new
sp_priority is used to order the credentials. It should be noted that
the order of priorities is different (higher 'priority' value indicates
higher priority of the credential, while higher 'sp_priority' indicates
lower priority of the credential).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
751ac99768 Interworking: Use a helper function to compare cred priority
This makes it easier to extend credential priority comparison beyond a
single priority variable.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
aff419f56a Interworking: Remove separate credential priority tracking
There is no need to keep the separate local variable for tracking the
highest selected priority since we track a pointer to the selected
credential with that information.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
533536d82a HS 2.0R2: Disable full ESS for as a workaround for per-BSS issues
For now, disable full ESS since some drivers may not support disabling
per BSS.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
8a77f1be86 HS 2.0R2: Slow down connection attempts on EAP failures
This is needed to limit the number of consecutive authentication
attempts to no more than 10 within a 10-minute interval to avoid
unnecessary load on the authentication server. In addition, use a random
component in the delay to avoid multiple stations hitting the same
timing in case of simultaneous disconnection from the network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
76a55a8e12 HS 2.0R2: Add more debug to network selection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
8b4b9fb384 HS 2.0R2: Fix bandwidth policy BSS selection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
28f2a7c407 HS 2.0R2: Allow excluded network to be selected based on user override
Move excluded SSID filtering step to the end of credential validation
process and return list of BSSes that would otherwise have matching
credentials, but have an excluded SSID. Automatic network selection will
not select such a network, but interworking_connect command can be used
to pick excluded networks.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
33fb8c526c HS 2.0R2: Add support for Policy/RequiredProtoPortTuple
The new credential parameter req_conn_capab can be used to specify
restrictions on roaming networks providing connectivity for a set of
protocols/ports.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
a45b2dc5dc HS 2.0R2: Add support for Policy/MaximumBSSLoadValue
The new credential parameter max_bss_load can be used to specify
restrictions on BSS Load in the home network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
4cad9df15a HS 2.0R2: Add support for Policy/MinBackhaulThreshold
The new credential parameters min_{dl,ul}_bandwidth_{home,roaming} can
be used to specify restrictions on available backhaul bandwidth.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
aa26ba68b4 HS 2.0R2: Add tracking of provisioning SP
The new provisioning_sp cred field can now be used to track which SP
provisioned the credential. This makes it easier to find the matching
PPS MO from the management tree (./Wi-Fi/<provisioning_sp>).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
8e5fdfabf6 HS 2.0R2: Add WFA server-only EAP-TLS peer method
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
df0f01d91f HS 2.0R2: Add OSEN client implementation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
a5d75636f9 HS 2.0R2: Add common OSEN definitions
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
230e373539 HS 2.0R2: Add GAS operation duration statistics into debug
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
b572df8650 HS 2.0R2: Add routine for fetching OSU provider information
The new wpa_cli fetch_osu command can be used to fetch information about
all OSU providers and write that to a text file with the icons in
separate files. cancel_osu_fetch command can be used to stop ongoing OSU
provider list fetch.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
1d2215fc67 HS 2.0R2: Add OSU Providers list ANQP element
wpa_supplicant can now request OSU Providers list with "hs20_anqp_get
<BSSID> 8".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
184e110caf HS 2.0R2: Add Icon Request and Icon binary File ANQP elements
wpa_supplicant can request OSU icon data with "hs20_icon_request <BSSID>
<icon filename>". This transmits an Icon Request ANQP element and
processes the response in Icon Binary File ANQP elements.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
7ef6947993 HS 2.0R2: Add STA support for Deauthentication Request notification
If requested, disable the network based on the HS 2.0 deauthentication
request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
95a3ea9426 HS 2.0R2: Add WNM-Notification Request for Subscription Remediation
Subscription remediation notification WNM-Notification Request is now
shown in the following way in wpa_supplicant control interface:
<3>HS20-SUBSCRIPTION-REMEDIATION http://example.com/foo/

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
f9cd147d6b HS 2.0R2: Update Indication element to Release 2
The HS 2.0 Indication element from wpa_supplicant now includes the
release number field and wpa_supplicant shows the release number of the
AP in STATUS command (hs20=1 replaced with hs20=<release>).

The new update_identifier field in the cred block can now be used to
configure the PPS MO ID so that wpa_supplicant adds it to the Indication
element in Association Request frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
bc00053c9d Interworking: Allow roaming partner configuration
The new roaming_partner parameter within a cred block can be used to
configure priorities for roaming partners.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
2c49d04cdb Do not clear global pmf setting on FLUSH
This parameter was actually used in some testing cases in a way that did
not really work well with the FLUSH command ending up disabling PMF.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
eef7235da1 Only try fast reconnect if network is not disabled
Previously, it would have been possible for the network to be marked
disabled and that marking to be ignored if a recoverable disconnection
reason event were processed. Avoid this by verifying network status
before trying to reconenct back to the same BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 23:52:09 +02:00
Jouni Malinen
3d910ef497 Interworking: Prefer last added network during network selection
Previously, any network block could be used to select the BSS to connect
to when processing scan results after Interworking network selection.
This can result in somewhat unexpected network selection in cases where
credential preferences indicated that a specific network was selected,
but another network ended up getting used for the connection. While the
older networks continue to be valid, add special processing for this
initial post-interworking-connect case to get more consistent network
selection to match with the Interworking network selection result.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 22:37:57 +02:00
Jouni Malinen
da60d9c1ca tests: Add module tests for blacklist to complete coverage
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 20:16:28 +02:00
Jouni Malinen
2a33687ec7 P2P: Remove unnecessary ifdef CONFIG_NO_CONFIG_WRITE
wpa_config_write() is defined as a dummy function even if actual
operation to write the configuration file are commented out from the
build. This cleans up the code a bit and removed a compiler warning on
set-only variable.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 19:31:16 +02:00
Purushottam Kushwaha
050d8b5cc7 Fix documentation for wpa_supplicant_global_ctrl_iface_process()
This fixes a copy-paste error in the function name in
wpa_supplicant_global_ctrl_iface_process() documentation.

Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
2014-02-25 16:53:57 +02:00
Janusz Dziedzic
4db216fcf7 wpa_supplicant: Add support for IPv6 with UDP ctrl_iface
Add IPv6 support when using udp/udp-remote control interface using the
following new build configuration options:

CONFIG_CTRL_IFACE=udp6
CONFIG_CTRL_IFACE=udp6-remote

This is useful for testing, while we don't need to assign IPv4 address
(static or using DHCP) and can just use auto configured IPv6 addresses
(link local, which is based on the MAC address). Also add scope id
support for link local case.

For example,
./wpa_cli
./wpa_cli -i ::1,9877
./wpa_cli -i fe80::203:7fff:fe05:69%wlan0,9877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-02-25 16:43:01 +02:00
Jouni Malinen
f0e30c8410 Do not start another connect work while one is pending
It was possible for the connect or sme-connect radio work to get
re-scheduled while an earlier request was still pending, e.g.,
select_network is issued at the moment a scan radio work is in progress
and the old scan results are recent enough for starting the connection.
This could result in unexpected attempt to re-associate immediately
after completing the first connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-24 15:22:35 +02:00
Jouni Malinen
3cdcb3a4b3 tests: Add module tests for WPS attribute parsing
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-21 13:41:30 +02:00
Jouni Malinen
ea449b5bfe tests: Add a module test integration to hwsim tests
CONFIG_MODULE_TESTS=y build option can now be used to build in module
tests into hostapd and wpa_supplicant binaries. These test cases will be
used to get better testing coverage for various details that are
difficult to test otherwise through the control interface control. A
single control interface command is used to executed these tests within
the hwsim test framework. This commit adds just the new mechanism, but no
module tests are yet integrated into this mechanism.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-21 13:08:08 +02:00
Jouni Malinen
211d7ab3d8 P2P: Add even more debug prints for Probe Request in non-Listen state
It looks like discovery_dev_id test case can still fail and based on the
previously added debug prints, this is happening since the P2P module
believes it is not in Listen state even when a P2P_LISTEN was issued.
p2p_listen_cb() did not get called on remain-on-channel event for some
reason, so lets add more debug to find out why this can happen.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-20 16:59:29 +02:00
Roger Zanoni
848905b12a Avoid undefined references with CONFIG_WPA_TRACE_BFD=y
libdl, libiberty, and libzlib are dependencies for libbfd.

Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
2014-02-20 16:32:26 +02:00
Jithu Jance
f667e031c9 P2P: Address few issues seen with P2P SD
Suppose we have multiple peers and we have peers advertising SD
capability, but no services registered for advertising. In this case,
even if there are multiple broadcast queries set, we might end up
sending only the lastly added broadcast query to the same device (since
SD_INFO won't get set for the first broadcast query). Add support for
multiple wildcard queries to be tracked to enable this type of use
case.

Some times it is seen that before advancing to next device in the list,
the scan results come and update SD_SCHEDULE flag. This will result in
sending the already sent query to the same device without giving chance
to other devices. This issue again is seen with peer devices advertising
SD capability without any services registered.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-02-20 16:32:12 +02:00
Dmitry Shmidt
e9a6f18385 TLS: Add tls_disable_tlsv1_1 and tls_disable_tlsv1_2 phase1 params
These can be used to disable TLSv1.1 and TLSv1.2 as a workaround for AAA
servers that have issues interoperating with newer TLS versions.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-02-20 15:28:57 +02:00
Dmitry Shmidt
ac494fcce4 Android: Use external libnl 2.0 dynamic library
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-02-19 14:10:12 +02:00
Roger Zanoni
b7cac41254 Fix hostapd and wpa_supplicant build with binutils >= 2.24.x
Using binutils >= 2.24.x and setting
CONFIG_WPA_TRACE/CONFIG_WPA_TRACE_BDF causes both builds to fail with
"#error config.h must be included before this header" message.

Since version 2.24.x, the bfd header checks for PACKAGE and
PACKAGE_VERSION macros.

As suggested in http://sourceware.org/bugzilla/show_bug.cgi?id=14243
projects that use bfd and don't use autotools should define a PACKAGE
macro.

Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
2014-02-19 14:10:12 +02:00
Jouni Malinen
94a3df500f P2P: Enable U-APSD support on GO automatically
Since P2P specification mandates P2P GO to support WMM-PS with legacy
STAs, enable this automatically if the driver indicates support for
U-APSD in AP mode. The "P2P_SET go_apsd 0" command can still be used to
disable this if needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-17 13:15:29 +02:00
Andrei Otcheretianski
b3253ebb73 wpa_supplicant: Complete radio works on disable event
While testing rfkill blocking of a scanning interface, it
was seen that the ongoing scan never completes. This happens
since EVENT_SCAN_RESULTS is discarded on a disabled interface.

Fix this and also other possible radio work completion issues
by removing all the radio works (including started) of the
disabled interface.

To be able to remove already started radio works, make their
callbacks be reentrant with deinit flag (when the work
is started), so each radio work should be able to handle
its own termination.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-02-16 00:06:23 +02:00
Jouni Malinen
2dff9e87b9 Remove unused NFC_RX_HANDOVER_REQ
The more generic NFC_REPORT_HANDOVER is now used to report completed NFC
connection handover operations in either role and NFC_RX_HANDOVER_REQ
did not have any implementation within wpa_supplicant.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 11:22:26 +02:00
Jouni Malinen
7ae7a84eef NFC: Workaround nfcpy message debug exception
The current nfcpy version does not support new WSC connection handover
message format and the handover server fails to process the request due
to a debug print. As a temporary workaround, override
HandoverServer::_process_request() with a version that avoids pretty()
print of the handover messages. This can be removed once nfcpy has been
updated to support the new format.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-13 16:37:43 +02:00
Max Stepanov
cbf21c7cb5 P2P: Avoid compiler warning in p2p_supplicant.c
Initialize flag variable explicitly to avoid [-Wmaybeuninitialized]
compiler warning in wpas_p2p_verify_channel().

Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
2014-02-13 15:46:37 +02:00
Eytan Lifshitz
5e6aa04b09 wpa_supplicant: Fix memory leak in wfd_subelems error path
Memory allocated by calling function ieee802_11_vendor_ie_concat()
was not freed on an error path int ctrl_iface BSS command.

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
2014-02-13 15:41:15 +02:00
Jouni Malinen
88853aedf6 Fix CONFIG_WPS_NFC=y build without CONFIG_P2P=y
Some of the control interface operations for P2P were not properly
protected with #ifdef CONFIG_P2P.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-13 15:29:09 +02:00