Commit graph

1448 commits

Author SHA1 Message Date
Jouni Malinen
2aa5f84709 nl80211: Use defines for NL80211_KEY_CIPHER values 2009-09-15 11:23:48 +03:00
Jouni Malinen
d723bab4b3 Revert "nl80211: Share the same routine for NL80211_ATTR_KEY_CIPHER setup"
This reverts commit 5aa9cb5cca.

The nested key attribute is using different attribute values
(NL80211_KEY_* vs. NL80211_ATTR_KEY_*), so cannot share the same routine
for these purposes..
2009-09-15 11:21:25 +03:00
Jouni Malinen
5aa9cb5cca nl80211: Share the same routine for NL80211_ATTR_KEY_CIPHER setup 2009-09-15 10:54:41 +03:00
Johannes Berg
0194fedb46 driver_nl80211: Fix MLME key settings for static WEP
Current wpa_supplicant has a bug with WEP keys, it adds a zero-length
sequence counter field to netlink which the kernel doesn't accept.

Additionally, the kernel API slightly changed to accept keys only when
connected, so we need to send it the keys after that. For that to work
with shared key authentication, we also include the default WEP TX key
in the authentication command.

To upload the keys properly _after_ associating, add a new flag
WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE indicating that the driver
needs the keys at that point and not earlier.
2009-09-15 10:48:30 +03:00
Jouni Malinen
60b94c9819 Add preliminary background scan and roaming module design
This allows background scanning and roaming decisions to be contained in
a single place based on a defined set of notification events which will
hopefully make it easier to experiment with roaming improvements. In
addition, this allows multiple intra-ESS roaming policies to be used
(each network configuration block can configure its own bgscan module).

The beacon loss and signal strength notifications are implemented for
the bgscan API, but the actual events are not yet available from the
driver.

The included sample bgscan module ("simple") is an example of what can
be done with the new bgscan mechanism. It requests periodic background
scans when the device remains associated with an ESS and has couple of
notes on what a more advanced bgscan module could do to optimize
background scanning and roaming. The periodic scans will cause the scan
result handler to pick a better AP if one becomes available. This bgscan
module can be taken into use by adding bgscan="simple" (or
bgscan="simple:<bgscan interval in seconds>") into the network
configuration block.
2009-09-15 00:08:24 +03:00
Samuel Ortiz
3180d7a208 Getting back to DISCONNECTED afer SCANNING
After transitioning from DISCONNECTED to SCANNING, we never go back
to DISCONNECTED even though scanning is done or failed.
We're thus stuck in SCANNING while scanning is actually done.
2009-09-14 17:25:03 +03:00
Masashi Honma
f1b0de09d9 WPS: Fix CONFIG_WPS=y compilation of wpa_supplicant
The wpa_supplicant compilation failed with CONFIG_WPS=y option
if CONFIG_CLIENT_MLME and CONFIG_IEEE80211R are not used.
2009-09-14 16:50:53 +03:00
Witold Sowa
3e53b314f5 Share same freeing and error checking code in get_scan_results
Convert wpa_supplicant_get_scan_results_old() to use the same return
style with the other get_scan_results options and clean up the code
by sharing the same scan result freeing and error checking code for
all the options.
2009-09-13 22:21:52 +03:00
Witold Sowa
86b89452f6 Use shared functions for network operations and param changes
Instead of implementing these separately in various control
interface handlers, use shared functions. These add some of the
previously missing notification calls, too, for the affected areas.
2009-09-13 21:16:43 +03:00
Jouni Malinen
8bac466b00 Add wpa_supplicant notification calls
This introduces a new mechanism for collecting notification calls into
a single place (notify.c). As a result of this, most of the
wpa_supplicant code does not need to know about dbus (etc. mechanisms
that could use the notifications). Some empty placeholder functions are
also added in preparation of new dbus code that needs more event
notifications.
2009-09-13 20:53:32 +03:00
Witold Sowa
1bd3f426d3 Remove extra whitespace 2009-09-13 20:27:54 +03:00
Jouni Malinen
614ff64fe0 wpa_gui-qt4: Fix WPS AP detection for peer window 2009-09-11 19:06:38 +03:00
Jouni Malinen
b1078a4bfb wpa_gui-qt4: Add scan results into the peer window
In addition, add a peer entry type for each peer entry. Currently,
this is only stored as an integer and visible in the context menu.
Eventually, different icons should be used based on this type.
2009-09-11 18:37:16 +03:00
Jouni Malinen
acd8ba74c0 wpa_gui-qt4: Handle UNKNOWN COMMAND reply during peer window update
Avoid an infinite loop if wpa_supplicant is not built with AP support.
2009-09-11 17:52:46 +03:00
Jouni Malinen
611ed49118 Add parsed information from WPS IE(s) into scan results
This makes it easier for external programs to show WPS information
since they do not need to parse the WPS IE themselves anymore.
2009-09-11 17:14:49 +03:00
Jouni Malinen
e9a2bca6f5 WPS: Add parsing of AP Setup Locked attribute 2009-09-11 17:13:59 +03:00
Jouni Malinen
6e4f461270 Fix driver_test for hostapd
Commit 0b55b934ee broke this by not
initializing drv->ap = 1 in hostapd case since the mode updating
code ended up unlinking the socket file. Setting drv->ap = 1
removes the mode change and as such, unlinking of the socket file.
2009-09-11 16:45:34 +03:00
Jouni Malinen
abad3ccb1e Convert WPS IE concat routine to a generic helper
This may also be needed in wpa_supplicant and potentially for other
IE types, too.
2009-09-11 16:36:59 +03:00
Jouni Malinen
630a843f59 driver_test: Update BSS data when using wpa_supplicant AP mode 2009-09-11 00:22:35 +03:00
Jouni Malinen
0b55b934ee driver_test: Implement set_mode for wpa_supplicant AP deinit 2009-09-11 00:17:35 +03:00
Jouni Malinen
86e9f093a0 driver_test: Preliminary support for wpa_supplicant AP functionality 2009-09-10 17:41:29 +03:00
Jouni Malinen
5d5b99ecd3 driver_test: Share the same deinit() for hostapd and wpa_supplicant 2009-09-10 17:03:51 +03:00
Jouni Malinen
c6f726748d driver_test: Merge socket_dir into test_dir 2009-09-10 16:52:03 +03:00
Jouni Malinen
5ae8964079 driver_test: Some additional merging of send_mlme 2009-09-10 16:48:10 +03:00
Jouni Malinen
133032e7bd driver_test: Claim AP mode capability for wpa_supplicant 2009-09-10 16:30:35 +03:00
Jouni Malinen
ac48db0f2b driver_test: Build most of code in unconditionally
It is simpler to just build in all the test driver code regardless
of whether this is for hostapd or wpa_supplicant (which will eventually
get AP mode support with driver_test, too).
2009-09-10 16:28:47 +03:00
Jouni Malinen
41aeddf99a driver_test: Merge wpa_supplicant and hostapd data structures
There is no real need to keep these in separate data structures with
different names.
2009-09-10 16:18:04 +03:00
Jouni Malinen
6a88ae863f wpa_gui-qt4: Add context menu for peers dialog
Replace the clicked() event with more appropriate context menu
and add a WPS PIN entry as an example command.
2009-09-10 14:43:08 +03:00
Alex Badea
7598210b79 radius_server: clean up completed sessions sooner
radius_server_encapsulate_eap() resets sess->eap->if->eap{Success,Fail}
to FALSE, such that the completion condition is never true.

The net effect is that completed sessions would linger for
RADIUS_SESSION_TIMEOUT seconds.

Signed-off-by: Alex Badea <vamposdecampos@gmail.com>

Previously, the default settings allowed 100 sessions in 60 seconds.
With this fix, the default limit is now 100 sessions per 10 seconds.
[Bug 329]
2009-09-09 23:54:03 +03:00
Jouni Malinen
e2670b1176 wpa_gui-qt4: Include cstdio to avoid some compiler issues
It looks like some build systems do not find snprintf() here unless
cstdio is included explicitly.
2009-09-09 11:11:42 +03:00
Jouni Malinen
f05c7194cd wpa_gui-qt4: Add a new window for showing peer information
This provides some initial functionality for showing peer information,
i.e., showing information about other devices that has been discovered.
Currently, information is only available in the AP mode (list of
associated stations), but this is expected to increase in the future
(e.g., show the current AP in station mode, other stations in IBSS,
etc.). Furthermore, there will be actions available for doing things
like providing a WPS PIN for a station.
2009-09-08 16:28:41 +03:00
Jouni Malinen
e653b62275 Add station table query to wpa_supplicant AP ctrl_iface
"wpa_cli all_sta" and "wpa_cli sta <addr>" can now be used to fetch
information about stations associated with the
wpa_supplicant-controlled AP.
2009-09-08 12:58:02 +03:00
Jouni Malinen
ded30a6b41 Move STA list ctrl_iface handlers to a separate file
This makes it easier to share the hostapd station table query
functionality with wpa_supplicant AP mode operations.
2009-09-08 12:56:07 +03:00
Jouni Malinen
2678509dec WPS: Store device info and make it available through AP ctrl_iface
Store a copy of device attributes during WPS protocol run and make it
available for external programs via the control interface STA MIB
command for associated stations. This gives access to device name and
type which can be useful when showing user information about associated
stations.
2009-09-07 22:09:13 +03:00
Jouni Malinen
52eb293dd2 WPS: Add support for AP reconfiguration with wps_reg
wpa_supplicant can now reconfigure the AP by acting as an External
Registrar with the wps_reg command. Previously, this was only used
to fetch the current AP settings, but now the wps_reg command has
optional arguments which can be used to provide the new AP
configuration. When the new parameters are set, the WPS protocol run
is allowed to continue through M8 to reconfigure the AP instead of
stopping at M7.
2009-09-06 13:58:15 +03:00
Jouni Malinen
e6965d4e5d Fix WPA reconfiguration to update GTK
The group key state machine needs to be re-initialized with possible
updated GTK length when restarting WPA (e.g., when WPS was used to
reconfigure the AP).
2009-09-06 13:55:01 +03:00
Jouni Malinen
1ff733383f Delay processing of EAPOL frames when not associated
If an EAPOL frame is received while wpa_supplicant thinks the driver is
not associated, queue the frame for processing at the moment when the
association event is received. This is a workaround to a race condition
in receiving data frames and management events from the kernel.

The pending EAPOL frame will not be processed unless an association
event is received within 100 msec for the same BSSID.
2009-09-04 18:04:41 +03:00
Jouni Malinen
7da2c5276d nl80211: Ignore connect/roam/disconnect events when using SME
Getting double association/disassociation events can get core code
confused, so better filter out the extra events.
2009-09-04 16:39:41 +03:00
Zhu Yi
cfaab58007 nl80211: Connect API support
If the driver does not support separate authentication and association
steps, use the connect API instead.
2009-09-03 21:31:29 +03:00
Zhu Yi
da72a1c1ae nl80211: Add connect/disconnect event processing 2009-09-03 20:39:59 +03:00
Zhu Yi
93d1140077 nl80211: Check whether the driver support separate auth/assoc commands
This is an initial step in adding support for the new connect command.
For now, we just add the capability query. The actual use of the new
command will be added separately.
2009-09-03 20:36:09 +03:00
Zhu Yi
8d6ca17813 nl80211: Use defines for cipher suite selectors 2009-09-03 20:21:18 +03:00
Chuck Tuffli
94873e3b84 Fix comment in wpa_supplicant_event_associnfo
Found what I think is a copy/paste error in the comments for the .11r
code.
2009-08-26 23:51:12 +03:00
Masashi Honma
80cc6bf6d0 OpenBSD: wired IEEE 802.1X for OpenBSD
This is a patch for OpenBSD wired IEEE 802.1X. This is only for wired,
not wireless, because OpenBSD uses wpa_supplicant only on wired now.

http://www.openbsd.org/cgi-bin/cvsweb/ports/security/wpa_supplicant/

I have tested with these.
OS : OpenBSD 4.5
EAP : EAP-TLS
Switch : CentreCOM 8724SL
2009-08-26 23:40:51 +03:00
Masashi Honma
fe23eb5696 WPS: Aggregate deinit calls in WPS OOB
In WPS OOB, deinit_func() is called from 3 locations.
This patch aggregates these to one.
2009-08-26 23:34:54 +03:00
Witold Sowa
3a57305f10 Fix a bug with ap_rx_from_unknown_sta() recursion
ap_rx_from_unknown_sta was going into infinite recursion,
or could even crash because of corrupted pointer cast.
2009-08-26 20:18:24 +03:00
Jouni Malinen
335ce76b1c nl80211: Use two sockets to avoid mixing command replies with events
Previously, both the command replies and unsolicited events were
received from the same socket. This could cause problems if an event
message is received between a command and the response to that command.
Using two sockets avoids this issue.
2009-08-26 12:10:50 +03:00
Jouni Malinen
5cd89c26f9 Disable PMTU discovery for RADIUS packets (sent them without DF)
When Linux has Path MTU discovery enabled, it sets by default the DF bit
on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger
than the smallest MTU size to the target, it will be discarded.

This effectively limits RADIUS messages to ~ 1500 Bytes, while they can
be up to 4k according to RFC2865. In practice, this can mean trouble
when doing EAP-TLS with many RADIUS attributes besides the EAP-Message.
[Bug 326]
2009-08-23 21:32:27 +03:00
Stefan Winter
a2fbf12524 Disable PMTU discovery for RADIUS packets (sent them without DF)
When Linux has Path MTU discovery enabled, it sets by default the DF bit
on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger
than the smallest MTU size to the target, it will be discarded.

This effectively limits RADIUS messages to ~ 1500 Bytes, while they can
be up to 4k according to RFC2865. In practice, this can mean trouble
when doing EAP-TLS with many RADIUS attributes besides the EAP-Message.
[Bug 326]
2009-08-23 21:21:25 +03:00
Jouni Malinen
ad469aecc1 Reject X.509 certificate strings with embedded NUL characters
These could, at least in theory, be used to generate unexpected common
name or subject alternative name matches should a CA sign strings with
NUL (C string termination) in them. For now, just reject the certificate
if an embedded NUL is detected. In theory, all the comparison routines
could be made to compare these strings as binary blobs (with additional
X.509 rules to handle some exceptions) and display NUL characters
somehow. Anyway, just rejecting the certificate will get rid of
potential problems with the C string getting terminated and it should
not really be used in certificates, so this should not break valid use
cases.
2009-08-23 21:00:38 +03:00