Commit graph

8657 commits

Author SHA1 Message Date
Subhani Shaik
715d5c45f1 hs20-osu-client: Ensure NULL checks are done before dereferencing
In some error cases, pointers were dereferenced before NULL check is
done. Fix this by adding checks before the dereference.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-19 13:39:15 +02:00
Jouni Malinen
58d405fcdb Fix OCSP debug messages
These were not supposed to include a newline at the end of the message
text since such formatting gets handled by tls_show_errors(). In
addition, change the message about the issuer's issuer to be more
accurate.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-19 13:33:33 +02:00
Jouni Malinen
710dfb4e32 OpenSSL: Fix OCSP error path
If addition of a peer issuer certificate fails, the certs pointer would
be NULL when being passed to sk_X509_push() for peer issuer's issuer.
Fix this by skipping addition of issuer's issue if issuer addition
fails.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-19 13:32:05 +02:00
Subhani Shaik
bd7bb43784 HTTP: Fix OCSP error path
If addition of a peer issuer certificate fails, the certs pointer would
be NULL when being passed to sk_X509_push() for peer issuer's issuer.
Fix this by skipping addition of issuer's issue if issuer addition
fails.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-19 13:29:55 +02:00
Jouni Malinen
946572ca0e Android: Remove commented out non-Android build parameters
These hs20-osu-client parameters were never applicable for Android
builds and were just copied from the non-Android Makefile as a reminder,
but not removed once rest of the Android build was fixed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-19 12:55:19 +02:00
Jouni Malinen
15ada7f020 Android: Remove libxml2 config defines
These need to be done in the libxml2 build, not in hs20-osu-client. This
workaround was previously used to allow parts of the build to go
through, but that was not a complete fix and resulted in warnings now
that external/libxml2 in Android 5.0 is defining the same parameters.
Remove these from hs20-osu-client Android.mk to avoid that warning.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-19 12:53:03 +02:00
Jouni Malinen
ebe8d3f254 Android: Silence unused function parameter warnings
Numbers of hs20-osu-client functions do not use all of the parameters
currently. This makes the compiler output difficult to read due to
undesired warning messages. Get rid of those specific warnings for now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-19 12:48:51 +02:00
Jouni Malinen
dbd10da810 Android: Fix hs20-osu-client build on Android 5.0
The LOCAL_EXPORT_C_INCLUDE_DIRS from ICU did not seem to fully resolve
the build (e.g., "mm -B" failed to build, but following that with "mm"
allowed the build to complete). For now, add the include directory
manually here for Android 5.0.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-19 12:48:00 +02:00
Neelansh Mittal
a926295a55 HS 2.0R2: Fix permissions for SP/<fqdn> directory on Android
As part of OSU, the AAA TrustRoot cert is downloaded into SP/<fqdn>
directory. On Android, wpa_supplicant runs with Wifi uid privileges, and
hence might not have read access to the AAA TrustRoot present SP/<fqdn>
directory. Hence, make AID_WIFI as the group owner of SP/<fqdn>
directory and allow the members of AID_WIFI group to read files present
in this directory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-19 12:11:36 +02:00
Jouni Malinen
792eafa047 tests: Make wpas_mesh_password_mismatch more robust
It seems to be possible for dev2 (the one with incorrect password) to
stop retries before either dev0 or dev1 reports the authentication
failure event. For now, allow the test case pass if either dev0 or dev1
reports the event rather than requiring both to report this. The
expected behavior can be fine-tuned in the future if the reporting
behavior is modified to be more consistent.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-12 15:50:52 +02:00
Ahmad Kholaif
480994dafb nl80211: Allocate QCA vendor subcmds for DFS radar detected and CAC events
When DFS offloading capability is supported by the driver, the driver
should use these events to indicate when a radar pattern has been
detected, channel availability check (CAC) has been completed, aborted
or finished after the non-occupancy period is over on a DFS channel.

Also, add a new driver.h event to be used by NL80211 to indicate CAC
Started event on a DFS channel.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-11 16:51:33 +02:00
Jouni Malinen
f245b45075 tests: Fix ap_{open,wpa2_psk}_wpas_in_bridge cleanup
Due to a copy-paste error, these test cases left 4addr mode enabled on
wlan5. This resulted in number of connect_cmd_* test cases failing if
executed after the wpas_in_bridge tests.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-11 16:50:06 +02:00
Jouni Malinen
1c9838b388 tests: Remove temporary config file in wpas_config_file
The new wpa_supplicant configuration file writing style leaves behind
the temporary file (<filename>.tmp) if renaming fails. Clean that up in
the test case execution.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-11 14:57:30 +02:00
Jouni Malinen
eb88a5ba74 tests: hostapd and external ifconfig down + up
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-11 10:31:12 +02:00
Jouni Malinen
c165cb400c Drop all hostapd STA entries on interface disabled event
If the driver indicates that the interface has been disabled, assume
that all associations have been lost and remove the hostapd STA entries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-11 10:31:12 +02:00
Jouni Malinen
106fa1e97e nl80211: Indicate interface-down event only for the main netdev
RTM_NEWLINK event without IFF_UP were processed for all related
interfaces (including VLANs and bridge). While these events may need to
be processed for other purposes, they should not end up claiming that
the main interface has been disabled, so indicate
EVENT_INTERFACE_DISABLED only if the ifname matches the first BSS ifname
for the interface. In addition, fix some of the ifup/down checks from
if_indextoname() cases to actually use the resolved ifname (namebuf)
rather than hardcoding the first configured ifname to be used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-11 10:31:12 +02:00
Jouni Malinen
eeb1cb28a2 VLAN: Clean up RTM_NEW/DELLINK processing
This uses couple of additional helper macros and prints more debug
information to make the VLAN events easier to analyze.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-11 10:31:12 +02:00
Peter Oh
47e5fbde44 hostapd: Avoid sending client probe on removed client
Sending client probe on already removed client from kernel driver does
not have any benefit and may lead unintended behavior among variable
drivers (mac80211 has a WARN_ON() that could have been triggered after
ifconfig down+up earlier when hostapd did not re-enable beaconing on
ifup). Skip this step in discussion when the kernel driver reports that
client entry is removed.

Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
2015-02-10 22:21:03 +02:00
Jouni Malinen
34782730c0 Re-configure WPA2 group keys on hostapd interface re-enable
This allows WPA2 mode AP to be re-enabled automatically after external
ifconfig down + up on a netdev used by hostapd.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-10 20:27:00 +02:00
Jouni Malinen
f33c8606f4 Re-enable beaconing on interface disable+enable
This is a step towards enabling hostapd to restart AP mode functionality
if the interface is disabled and re-enabled, e.g., with ifconfig down
and up. This commit takes care of beaconining only which may be
sufficient for open mode connection, but not for WPA2 cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-10 20:27:00 +02:00
Jouni Malinen
fc99fab7e5 nl80211: Print a debug log entry on NL80211_CMD_PROBE_CLIENT failures
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-10 20:27:00 +02:00
Jouni Malinen
380f3a8ba1 tests: Make autogo_join_auto_go_neg more robust
This test cases used to fail if dev1 had seen dev0 as a GO in an earlier
test case, e.g., when running it after autogo_fail. Fix this by clearing
scan results on dev1 at the beginning of the test case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-10 12:09:07 +02:00
Jouni Malinen
0d2f324d67 P2P: Fix send_action_in_progress clearing in corner cases
It is possible for an Action frame TX operation to be stopped in a way
that results in the TX status callback function not being called. This
could happen, e.g., when P2P_STOP_FIND was issued while waiting for PD
Response TX status. This specific case ended in leaving
p2p->send_action_in_progress set to 1 and that ending up stopping a
future TX operation when p2p_send_action_cb() gets called with
p2p->pending_action_state == P2P_NO_PENDING_ACTION.

This could result in reception of a fragmented service discovery
response failing due to the GAS sequence getting stopped when receiving
TX callback for the first GAS comeback request. That sequence could be
hit in mac80211_hwsim tests when p2p_listen_and_offchannel_tx was
followed by p2p_service_discovery_fragmentation (even after a long time
since this was on dev1 and there could be even 10 minutes between these
test cases).

Fix this issue by clearing send_action_in_progress whenever stopping
pending P2P operation with p2p_stop_find (or P2P_FLUSH for that matter).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-10 00:41:27 +02:00
Jouni Malinen
c5b535ed1d tests: hostapd and start_disabled=1
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-09 19:57:46 +02:00
Jouni Malinen
9ff8dda12f Add hostapd UPDATE_BEACON ctrl_iface command
This can be used to ask Beacon frames to be updated explicitly, e.g.,
after a dynamic configuration parameter change. This can also be used to
start beaconing on an interface that was started with start_disabled=1.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-09 19:56:32 +02:00
Ahmad Kholaif
e0761c5b4a nl80211: Allocate QCA vendor subcmd for DFS CAC Start event
When DFS offloading capability is supported by the driver, the driver
should use this event to indicate when channel availability check (CAC)
is started on a DFS channel.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-09 18:48:36 +02:00
Jouni Malinen
1db718b3ce nl80211: Test vendor command and event
This adds testing code (for CONFIG_TESTING_OPTIONS=y builds only) to
send an nl80211 vendor command and report a test vendor event in case
the driver supports this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-09 18:07:29 +02:00
Jouni Malinen
7ebc7e8fa6 tests: wpa_supplicant DUMP/GET global parameter
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 22:49:58 +02:00
Ola Olsson
10263dc2a4 Add control interface commands for fetching wpa_config values
The new "DUMP" and "SET <variable>" control interface commands can be
used to fetch global wpa_supplicant configuration parameters.

Signed-off-by: Ola Olsson <ola.olsson@sonymobile.com>
2015-02-08 22:49:58 +02:00
Jouni Malinen
2265376271 tests: INTERWORKING_ADD_NETWORK
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 22:49:58 +02:00
Jouni Malinen
f91a512f1f Add INTERWORKING_ADD_NETWORK command
This can be used to provide more control to upper layers on network
blocks generated as part of Interworking network selection.
INTERWORKING_ADD_NETWORK behaves otherwise identically to
INTERWORKING_CONNECT, but it does not request a new connection after
having added the network block and it returns the network id of the
added network.

INTERWORKING_ADD_NETWORK followed by REASSOCIATE would behave more or
less identically to INTERWORKING_CONNECT, but this allows the created
network profile to be modified, if desired, and/or stored externally.
SELECT_NETWORK can also be used with the network id returned from
INTERWORKING_ADD_NETWORK to enforce that specific network profile to be
used for the next connection (though, it should be noted that this
behavior may not meet all Hotspot 2.0 requirements if there were other
enabled networks that could have higher priority).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 22:49:58 +02:00
Ilan Peer
c612ae97a4 AP: Do not reply to Probe Request frames with DS Params mismatch
Do not reply to a Probe Request frame with a DSSS Parameter Set element
in which the channel is different than the operating channel of the AP,
as the sending station is not found on the AP's operating channel.

IEEE Std 802.11-2012 describes this as a requirement for an AP with
dot11RadioMeasurementActivated set to true, but strictly speaking does
not allow such ignoring of Probe Request frames if
dot11RadioMeasurementActivated is false. Anyway, this can help reduce
number of unnecessary Probe Response frames for cases where the STA is
less likely to see them (Probe Request frame sent on a neighboring, but
partially overlapping, channel).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-02-08 22:49:41 +02:00
Jouni Malinen
9177b0a8c9 tests: Successful P2P_CONNECT-auto cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 13:59:57 +02:00
Jouni Malinen
5b74e086e6 P2P: Document P2P_CONNECT-auto
Commit b31be3a0fd ('P2P: Add automatic GO
Negotiation vs. join-a-group selection') added this P2P_CONNECT 'auto'
parameter, but did not update any documentation on it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 13:35:50 +02:00
Jouni Malinen
d2b84e430c tests: P2P_CONNECT-auto not finding GO
This is a regression test for an earlier bug that resulted in using
freed memory after a P2P group interface was removed as part of
fallback-to-GO-Negotiation in P2P_CONNECT-auto.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 13:35:49 +02:00
Jouni Malinen
99650cadc9 Add STOP_AP control interface command
This is mainly for testing purposes to allow beaconing to be stopped
without clearing AP state in hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 13:35:49 +02:00
Jouni Malinen
6b00512164 P2P: Add event messages for P2P_CONNECT-fallback-to-GO-Neg
This makes it easier for upper layer programs to follow progress of
P2P_CONNECT-auto operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 13:35:48 +02:00
Jouni Malinen
b0e669beeb P2P: Fix P2P_CONNECT-auto fallback to GO Neg with group interface
If a separate P2P group interface was used, P2P_CONNECT-auto fallback to
GO Negotiation could result in use of freed memory and segmentation
fault. This happened in cases where the peer GO was found in some old
scans, but not in the first scan triggered by the P2P_CONNECT-auto
command ("P2P: Peer was found running GO in older scan -> try to join
the group" shows up in the debug log). In addition, the GO would still
need to reply to PD Request to allow this code path to be triggered.

When five scans for the GO were completed in this sequence, the P2P
group interface was removed as part of falling back to GO Negotiation.
However, that ended up dereferencing the freed wpa_s instance at the end
of scan event processing. Fix this by reordering code a bit and breaking
out from EVENT_SCAN_RESULTS processing if the interface could have been
removed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 13:35:14 +02:00
Jouni Malinen
874057da4e tests: Make wpas_ctrl_many_networks more robust under valgrind
It is possible for a low powered CPU to take excessively long time to
delete 1000 network blocks when running under valgrind. This would have
resulted in the test case failing and the following reset operation
timing out which would then stop the test sequence completely.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 13:25:35 +02:00
Jouni Malinen
f77d6d4bd8 tests: Mesh authentication failure events
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 13:25:35 +02:00
Masashi Honma
bf51f4f82b mesh: Fix remaining BLOCKED state after SAE auth failure
When SAE authentication fails, wpa_supplicant retries four times. If all
the retries result in failure, SAE state machine enters BLOCKED state.
Once it enters this state, wpa_supplicant doesn't retry connection. This
commit allow connection retries even if the state machine entered
BLOCKED state.

There could be an opinion "Is this patch needed? User could know the SAE
state machine is in the BLOCKED mode by MESH-SAE-AUTH-BLOCKED event.
Then user can retry connection. By user action, SAE state machine can
change the state from BLOCKED to another.". Yes, this is a true at the
joining mesh STA. However, a STA that is already a member of existing
mesh BSS should not retry connection because if the joining mesh STA
used wrong password, all the existing STA should do something from UI to
retry connection.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-02-08 12:43:24 +02:00
Masashi Honma
79ddb2062e mesh: Add a monitor event on SAE authentication getting blocked
Send MESH-SAE-AUTH-BLOCKED event if SAE authentication is blocked. The
BLOCK state will finish when a new peer notification event is sent for
the same MAC address.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-02-07 22:33:23 +02:00
Masashi Honma
dd2cbafc89 mesh: Add a monitor event for SAE authentication failure
SAE authentication fails likely with wrong password. This commit adds a
notification of the failure to the upper application (UI) so that the
application can notify suspection of a wrong password to the user. The
control interface monitor even for this is "MESH-SAE-AUTH-FAILURE
addr=<peer>".

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-02-07 22:23:34 +02:00
Masashi Honma
0cb5f8d945 mesh: Fix inactivity timer for 32 bit system
Commit 5a2a6de6a5 ('mesh: Make inactivity
timer configurable') has a problem on 32 bit systems. Setting
NL80211_MESHCONF_PLINK_TIMEOUT to 0xffffffff causes expiration of STA in
a minute by NL80211_CMD_DEL_STATION event. this is the kernel rule for
STA expiration:

(current jiffies) > (frame Rx jiffies + NL80211_MESHCONF_PLINK_TIMEOUT * 250)

On a 32 bit system, the right side could overflow and be unexpected
small value if NL80211_MESHCONF_PLINK_TIMEOUT is sufficiently large. STA
expiration occurs by this reason.

This patch solves the problem by disabling the STA expiration
functionality in mac80211. However, old kernel does not support
disabling it. If so, this patch sets mac80211 inactivity timer 60
seconds into future from the wpa_supplicant inactivity timer.

And I mis-understood that mesh_max_inactivity=0 disables inactivity
timer in wpa_supplicant. This commit fixes it also.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-02-07 22:20:45 +02:00
Jouni Malinen
a0b3f8e2ff tests: Remove forgottend debug print from p2ps_connect_adv_go_persistent
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-07 16:29:22 +02:00
Jouni Malinen
11e2ddbcd7 mesh: Remove duplicated no_auto_peer update
Commit 07cb45ccb2 ('mesh: Add no_auto_peer
config option') added a new struct wpa_ssid argument and added an
unnecessary parsing and setting of the value in
wpa_supplicant_ctrl_iface_update_network(). This is not needed since
wpa_config_set() takes care of parsing the parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-07 16:19:53 +02:00
Jouni Malinen
1e529832a8 D-Bus: Fix network block type change
It is possible for a network profile to change its type from P2P
persistent group to a normal network and back. The D-Bus interface uses
different types of objects for those, so the object needs to
re-registered in case of type change. This fixes issues in leaving
behind an incorrect type of object and leaking memory when freeing such
a network block that has had its disabled parameter changed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-07 16:19:08 +02:00
Jouni Malinen
c62bd5e44d tests: Remove forgotten debug print from grpform_pbc_overlap
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-07 15:38:29 +02:00
Jouni Malinen
4fada1215d Fix HT40 co-ex scanning issue on hostapd error path
If HT40 co-ex scan fails due to the driver rejecting scan triggers
multiple times, it was possible for the ap_ht40_scan_retry() timeout
being left behind and it getting run after hapd->drv_priv has been
cleared. This would result in NULL pointer dereference in
driver_nl80211_scan.c. Fix this by canceling the timeout when disabling
the interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-07 15:37:13 +02:00
Jouni Malinen
23ed011bea Fix Linux packat socket regression work around
Commit e6dd8196e5 ('Work around Linux
packet socket regression') added a mechanism to close the workaround
bridge socket in l2_packet_receive(). However, it did not take into
account the possibility of the l2->rx_callback() closing the l2_packet
socket altogether. This could result in use of freed memory when usin
RSN pre-authentication. Fix this by reordering the calls to clear the
workaround socket before calling the rx_callback.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-07 15:37:13 +02:00