Commit graph

3492 commits

Author SHA1 Message Date
Masashi Honma
bf51f4f82b mesh: Fix remaining BLOCKED state after SAE auth failure
When SAE authentication fails, wpa_supplicant retries four times. If all
the retries result in failure, SAE state machine enters BLOCKED state.
Once it enters this state, wpa_supplicant doesn't retry connection. This
commit allow connection retries even if the state machine entered
BLOCKED state.

There could be an opinion "Is this patch needed? User could know the SAE
state machine is in the BLOCKED mode by MESH-SAE-AUTH-BLOCKED event.
Then user can retry connection. By user action, SAE state machine can
change the state from BLOCKED to another.". Yes, this is a true at the
joining mesh STA. However, a STA that is already a member of existing
mesh BSS should not retry connection because if the joining mesh STA
used wrong password, all the existing STA should do something from UI to
retry connection.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-02-08 12:43:24 +02:00
Masashi Honma
79ddb2062e mesh: Add a monitor event on SAE authentication getting blocked
Send MESH-SAE-AUTH-BLOCKED event if SAE authentication is blocked. The
BLOCK state will finish when a new peer notification event is sent for
the same MAC address.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-02-07 22:33:23 +02:00
Masashi Honma
dd2cbafc89 mesh: Add a monitor event for SAE authentication failure
SAE authentication fails likely with wrong password. This commit adds a
notification of the failure to the upper application (UI) so that the
application can notify suspection of a wrong password to the user. The
control interface monitor even for this is "MESH-SAE-AUTH-FAILURE
addr=<peer>".

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-02-07 22:23:34 +02:00
Jouni Malinen
11e2ddbcd7 mesh: Remove duplicated no_auto_peer update
Commit 07cb45ccb2 ('mesh: Add no_auto_peer
config option') added a new struct wpa_ssid argument and added an
unnecessary parsing and setting of the value in
wpa_supplicant_ctrl_iface_update_network(). This is not needed since
wpa_config_set() takes care of parsing the parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-07 16:19:53 +02:00
Jouni Malinen
1e529832a8 D-Bus: Fix network block type change
It is possible for a network profile to change its type from P2P
persistent group to a normal network and back. The D-Bus interface uses
different types of objects for those, so the object needs to
re-registered in case of type change. This fixes issues in leaving
behind an incorrect type of object and leaking memory when freeing such
a network block that has had its disabled parameter changed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-07 16:19:08 +02:00
Vinit Deshpande
663ae2f417 Don't write to wpa_supplicant.conf directly
There is a chance that wpa_supplicant may get killed during
the time it is writing config file. If this happens, user
information like SSIDs and passwords can be lost forever.

This change works around that by writing config to a
temporary file and then renaming the file to the correct name.

Signed-off-by: Vinit Deshpande <vinitd@google.com>
2015-02-07 15:37:13 +02:00
Janusz Dziedzic
d9a9bc04b4 IBSS: Do not enable HT with WEP or TKIP
We should not enable HT if WEP or TKIP is configured.
Without the patch and WEP configuration we will get message:
Association request to the driver failed

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-02-06 21:43:35 +02:00
Jouni Malinen
abe96d0605 P2P: Clean up Listen channel optimization debug prints
Do not claim to change the Listen channel in a debug message when
previously configured channel prevents this. In addition, fix a typo in
another related debug print.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 16:13:35 +02:00
Krishna Vamsi
93eca6155b P2PS: Do not remove pending interface on p2p_stop_find
The pending interface created during provision discovery should
not be removed on stopping p2p_find. This pending interface has
to be used after completing GO negotiation. Earlier the pending
interface is created just before GO negotiation so there was no
problem.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
87d5ef5a41 P2PS: Add commands to control interface redir list
This is needed to allow P2PS related new control interface commands to
be redirected for proper context processing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
306aaf49f8 P2PS: Start WPS registrar upon GO formation
If P2PS config method is used for provisioning, upon forming a new GO,
start WPS registrar for the provisioned peer automatically.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
ab8ee776b9 P2PS: Provision Discovery fail event
This extends P2P-PROV-DISC-FAILURE with adv_id and deferred_session_resp
in P2PS cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
1300cc8e8f P2PS: PD Request processing and PD Response building
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
5fefce2747 P2PS: Callback to send P2PS provisioning events
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
9a58e521ac P2PS: Callback to create pending group after sending PD Response
This introduces a P2P module callback function that will be used to
create the pending P2PS group after sending PD Response and receiving
ACK status for it.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
895d94def9 P2PS: Callback to remove stale persistent groups
When the peer device is trying to form a new group despite having
old persistent group with same roles, remove the stale persistent
group.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
f309c18e50 P2PS: ASP provisioning commands to control interface
This adds new wpa_supplicant control interface commands
P2P_ASP_PROVISION and P2P_ASP_PROVISION_RESP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
6d9085145c P2PS: Process P2PS provisioning commands
This extends wpas_p2p_prov_disc() implementation to accept P2PS
parameters. None of the callers are yet using this functionality; the
following commit introduces a user.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
369678ad14 P2PS: Add P2PS attributes into PD Request if requested
This adds a data structure for storing P2PS PD information and code to
add the related attributes into PD Request. The actual operation to
trigger this behavior will be added in a separate commit.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
d4b43b5886 P2PS: Add support to send ASP-RESP events
Send P2P-SERV-ASP-RESP events upon receiving GAS responses with
ASP services.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:06 +02:00
Krishna Vamsi
6df08d0341 P2PS: Logic to parse GAS requests for ASP services
Add support to parse received GAS requests for ASP services and
prepare GAS responses accordingly.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:06 +02:00
Krishna Vamsi
5a4102ce0e P2PS: Add support to send ASP service requests
This extends the P2P_SERV_DISC_REQ control interface command with a new
"asp" service type. This takes service id, service string, and optional
service info as arguments.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:06 +02:00
Brian Gix
095b3c4069 P2PS: Add Application Service Info to device found events
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:06 +02:00
Krishna Vamsi
ae9d45f329 P2PS: Extend add/del services logic to support ASP
In addition, add a new P2P_SERVICE_REP command that can be used to
replace existing ASP advertisements.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:06 +02:00
Brian Gix
4f88fc0464 P2PS: WPS changes needed for P2PS default PIN
This provides additional WPS definitions and rules for negotiating use
of P2PS default PIN configuration method.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-02 16:55:45 +02:00
Brian Gix
5177509657 P2PS: Add option to specify seek strings into P2P_FIND
P2PS seek strings can now be specified in the P2P_FIND control interface
command with one or more optional "seek=<str>" parameters.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-02 16:55:43 +02:00
Jouni Malinen
66eaf8a2c2 Fix driver-offloaded offchannel TX done processing
It was possible for a Action frame sequence completion to stop an
ongoing offchannel remain-on-channel operation unexpectedly in cases
where TX operation was offloaded to the driver and such an operation
happened to occur during a previously started remain-on-channel (e.g.,
for P2P listen state).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-02 14:09:18 +02:00
Jouni Malinen
f2dc06e2bd P2P: Ignore remain-on-channel callback event if not waiting for one
It was possible for the previously requested remain-on-channel for P2P
listen state to get canceled before having received driver event
indicating start of that remain-on-channel operation. In such a case,
the event was able to trigger P2P module to start processing listen
timeout even though there was not supposed to be a following listen
operation anymore. Skip the driver event if we are not waiting for a new
listen state.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-02 14:09:18 +02:00
Mukesh Agrawal
f0d0a5d23b Improve BSS selection with default noise floor values
When noise floor measurements are not available, compute SNR
using default values for the noise floor. This helps steer us
towards 5 GHz BSSes in high signal strength environments.

In more detail...

Existing code prefers a 5 GHz BSS when the 5 GHz BSS's signal
strength is "close" to that of the 2.4 GHz BSS, or when both SNRs
are large. However, the mwifiex driver does not provide noise
floor measurements, so we can't compute SNRs.

Because mwifiex doesn't provide NF measurements, the "large SNR"
code wasn't effective. By using default values for the noise floor,
we can again compute SNRs, and decide that the SNR is high enough
that we shouldn't worry about the exact difference in SNR.

The default noise floor values (one for 2.4 GHz, and one for 5 GHz)
were chosen by measurement in a noisy environment, so they should be
conservative.

Note that while this patch is motivated by mwifiex, it affects
ath9k as well. Although ath9k provides noise floor measurements
in general, it will sometimes fail to provide a measurement for
one or more specific channels.

As a result of this patch, we'll always compare BSSes based on SNR
(either measured or estimated), rather than sometimes comparing
based on signal strength. ("Always" assumes that the
WPA_SCAN_LEVEL_DBM flag is set. It is for mwifiex and ath9k.)

While there:
- fix a whitespace issue (spaces -> tab)
- clean up existing comments
- update dump_scan_res to indicate whether the noise floor is
  measured, or default

Signed-hostap: mukesh agrawal <quiche@chromium.org>
2015-02-01 22:01:18 +02:00
Jouni Malinen
7f7bfba919 Add an option allow canned EAP-Success for wired IEEE 802.1X
For wired IEEE 802.1X authentication, phase1="allow_canned_success=1"
can now be used to configure a mode that allows EAP-Success (and
EAP-Failure) without going through authentication step. Some switches
use such sequence when forcing the port to be authorized/unauthorized or
as a fallback option if the authentication server is unreachable. By
default, wpa_supplicant discards such frames to protect against
potential attacks by rogue devices, but this option can be used to
disable that protection for cases where the server/authenticator does
not need to be authenticated.

When enabled, this mode allows EAP-Success/EAP-Failure as an immediate
response to EAPOL-Start (or even without EAPOL-Start) and EAP-Success is
also allowed immediately after EAP-Identity exchange (fallback case for
authenticator not being able to connect to authentication server).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-01 19:22:54 +02:00
Jouni Malinen
49fcc32e91 EAP-MSCHAPv2 peer: Add option to disable password retry query
wpa_supplicant used to request user to re-enter username/password if the
server indicated that EAP-MSCHAPv2 (e.g., in PEAP Phase 2)
authentication failed (E=691), but retry is allowed (R=1). This is a
reasonable default behavior, but there may be cases where it is more
convenient to close the authentication session immediately rather than
wait for user to do something.

Add a new "mschapv2_retry=0" option to the phase2 field to allow the
retry behavior to be disabled. This will make wpa_supplicant abort
authentication attempt on E=691 regardless of whether the server allows
retry.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-01 17:45:19 +02:00
Ben Greear
99805a0ea1 Interworking: Convert wpa_printf() to wpa_msg()
Also adds a few messages that helped me track down why things
were not working as expected.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2015-02-01 01:32:25 +02:00
Roger Zanoni
b42f539ed2 Add a variable to handle extra CFLAGS values
Some packages don't install its headers in the default directory
(e.g.: In Arch Linux libiberty and libn13 includes are installed)
in their own subdirectory under /usr/include) and the build fails
trying to find the headers.

This patch will allow passing extra CFLAGS values without discarding
the assignments made in the Makefile. The CFLAGS values in the Makefile
are ignored, if defined directly in the make command line.

Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
2015-02-01 00:26:17 +02:00
Jouni Malinen
e6dd8196e5 Work around Linux packet socket regression
Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596 ('bridge:
respect RFC2863 operational state') from 2012 introduced a regression
for using wpa_supplicant with EAPOL frames and a station interface in a
bridge. Since it does not look like this regression is going to get
fixed any time soon (it is already two years from that commit and over
1.5 from a discussion pointing out the regression), add a workaround in
wpa_supplicant to avoid this issue.

The wpa_supplicant workaround uses a secondary packet socket to capture
all frames (ETH_P_ALL) from the netdev that is in a bridge. This is
needed to avoid the kernel regression. However, this comes at the price
of more CPU load. Some of this is avoided with use of Linux socket
filter, but still, this is less efficient than a packet socket bound to
the specific EAPOL ethertype. The workaround gets disabled
automatically, if the main packet socket interface on the bridge
interface turns out to be working for RX (e.g., due to an old kernel
version being used or a new kernel version having a fix for the
regression). In addition, this workaround is only taken into use for the
special case of running wpa_supplicant with an interface in a bridge.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-31 17:21:58 +02:00
Bob Copeland
745d93695b mesh: Create new station entry on popen frames
Currently, there is a race in open mesh networks where mesh STA A
receives a beacon from B and sends a peering open frame to initiate
peering. STA B, having not yet received a beacon from A and thus
created the corresponding station entry, will ignore all such open
frames. If the beacon interval is sufficiently long then peering
will not succeed as a result.

In fact B can simply create the station entry when the popen is
received, as is done in Linux's in-kernel MPM, avoiding the issue.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
2015-01-28 13:09:31 +02:00
Bob Copeland
41bff862d9 mesh: Always free the station if peering failed
Previously, we would only free the station entry if a peering close
frame was received (freeing the station entry causes the kernel to
start sending peer candidate events again when suitable beacons are
received, triggering peering or authentication to restart).

The end result is the same in any case regardless of close reason:
if we leave holding state then peering has started again, so go
ahead and remove the station in all cases.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
2015-01-28 13:09:31 +02:00
Masashi Honma
871ff0b746 mesh: Sync plink state with kernel
The plink_state exists both wpa_supplicant and kernel. Synchronize them
with wpa_mesh_set_plink_state().

Signed-off-by: Kenzoh Nishikawa <Kenzoh.Nishikawa@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
ba4226130e Simplify eapol_sm_notify_pmkid_attempt()
Drop the unneeded 'attempt' argument. This was originally used for
indicating an aborted PMKID caching attempt, but a fix in 2006 removed
the only such user and since that time, only attempt == 1 has been used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-28 13:09:31 +02:00
Jouni Malinen
993a865407 Add eap_session_id to wpa_supplicant STATUS output
This makes the current EAP Session-Id available for external programs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
f19c907822 OpenSSL: Implement aes_wrap() and aes_unwrap()
This replaces the implementation in aes-wrap.c and aes-unwrap.c with
OpenSSL AES_wrap_key() and AES_unwrap_key() functions when building
hostapd or wpa_supplicant with OpenSSL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
983c6a606b OpenSSL: Replace internal HMAC-MD5 implementation
Use OpenSSL HMAC_* functions to implement HMAC-MD5 instead of depending
on the src/crypto/md5.c implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
3f56a2b746 Ignore pmf=1 default if driver does not support PMF
Connection with a PMF enabled AP will fail if we try to negotiate PMF
while the local driver does not support this. Since pmf=1 does not
require PMF for a successful connection, it can be ignored in such a
case to avoid connectivity issues with invalid configuration. This makes
it somewhat easier to allow upper layer programs to use pmf=1 default
regardless of driver capabilities.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 12:38:52 +02:00
Jouni Malinen
937403b581 Update copyright notices for the new year 2015
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:43:55 +02:00
Jouni Malinen
399e61353a Add Suite B AKMs to key_mgmt capability list
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:43:55 +02:00
Jouni Malinen
5e3b5197cc Add Suite B 192-bit AKM
WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into
use as the key management method.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:43:52 +02:00
Jouni Malinen
97ae35a848 Add HMAC-SHA384
For now, this is only implemented with OpenSSL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:26:51 +02:00
Jouni Malinen
98cd3d1c3b Preparations for variable length KCK and KEK
This modifies struct wpa_ptk to allow the length of KCK and KEK to be
stored. This is needed to allow longer keys to be used, e.g., with
Suite B 192-bit level.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:26:49 +02:00
Jouni Malinen
b5f045deee Show supported group_mgmt capabilities
This extends GET_CAPABILITY command to allow the supported group
management frame cipher suites to be listed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-24 19:37:42 +02:00
Ben Greear
893e152e64 Interworking: More debug messages
And convert some wpa_printf to wpa_msg.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2015-01-24 19:37:42 +02:00
Ben Greear
f45bae5b81 Interworking: Add logging to track nai_realm_find_eap failures
There are lots of reasons we can fail to match an EAP credential, so add
logging to help determine why it is happening in various cases.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2015-01-24 19:37:42 +02:00
Jouni Malinen
5a5aab7f40 Interworking: Remove unnecessary NULL check
nai_realm_find_eap() is called only in cases where the cred pointer is
not NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-24 19:37:42 +02:00
Adrian Nowicki
ad905e4a79 wpa_gui: Sort frequency and signal numerically in the scan results dialog
Signal strength was sorted lexically rather than numerically, which
put "-100 dBm" before "-50 dBm" if sorted in descending order.
This change fixes that. It also treats frequency in the same
manner, preparing it for the IEEE 802.11ah.

Signed-off-by: Adrian Nowicki <adinowicki@gmail.com>
2015-01-23 01:24:25 +02:00
Jouni Malinen
c35e35ed81 Add passive_scan configuration parameter
This new wpa_supplicant configuration parameter can be used to force
passive scanning to be used for most scanning cases at the cost of
increased latency and less reliably scans. This may be of use for both
testing purposes and somewhat increased privacy due to no Probe Request
frames with fixed MAC address being sent out.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-22 20:50:01 +02:00
ASHUTOSH NARAYAN
fb09ed3389 Interworking: Notify the ANQP parsing status
The ANQP verification/parsing is done only after the GAS_DONE indication
is sent over the control interface. This means that in case the ANQP
parsing fails there is no indication to the upper layers. Add an
ANQP-QUERY-DONE event that reports the status of the ANQP parsing.

Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
2015-01-20 02:26:21 +02:00
ASHUTOSH NARAYAN
d10b01d299 HS20: Provide appropriate permission to the OSU related files
The icon files and the osu-providers.txt that are generated may not have
proper permission for external programs to access. Set the access
permissions to the same as the permissions for osu_dir.

Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
2015-01-20 02:26:16 +02:00
Ilan Peer
dd09e424c2 Fix memory leak in wpa_supplicant global bgscan configuration
Global bgscan configuration parameter was not freed when config was
freed.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-20 02:10:05 +02:00
Eytan Lifshitz
30f459c098 wpa_cli: Fix NULL dereference on printf string argument
In wpa_cli_cmd_interface(), try_connection(), and main(), ctrl_ifname
may be NULL and could be dereferenced depending on the printf()
implementation.

Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
2015-01-20 02:08:58 +02:00
Ilan Peer
b72b2ad39e P2P: Stop p2p_listen/find on wpas_p2p_invite
Stop any ongoing P2P listen/find flow before starting invitation flow.
This was partially handled in p2p_invite() that called p2p_find(), but
this did not cleanly handle cases such as long_listen.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-20 01:57:59 +02:00
Ilan Peer
7e608d1def P2P: Use the correct wpa_s interface to handle P2P state flush
A control interface call to flush the current state used the
current wpa_s to clear the P2P state even though it might not
be the interface controlling the P2P state.

Fix it by using the correct interface to flush the P2P state.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-20 01:57:59 +02:00
Eyal Shapira
fd83335f29 AP: Enable HT Tx STBC for AP/GO if supported by driver
Publish support for Tx STBC in the HT capabilities of a GO and AP
controlled by wpa_supplicant in case the hardware supports it.

Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
2015-01-20 01:57:59 +02:00
Ben Rosenfeld
d90bfa97f4 Move external_scan_running to wpa_radio
external_scan_running should be common to all interfaces that share a
radio. This fixes a case where external_scan_running was set on a single
interface, but did not block scan on other interfaces.

Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
2015-01-20 01:57:59 +02:00
Ben
0c5f01fdf2 Clear reattach flag in fast associate flow
Clear the reattach flags, in case a connection request did not trigger a
scan. This needs to be done to avoid leaving the reattach flag set for
the next scan operation which may not have anything to do with the
specific request that could have been optimized using the single-channel
single-SSID scan.

Signed-off-by: Ben <ben.rosenfeld@intel.com>
2015-01-20 01:57:59 +02:00
David Spinadel
8ad8bc5c36 NFC: Redirect NFC commands on global control interface
Redirect NFC commands from global control interface to P2P device
interface.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2015-01-20 01:57:59 +02:00
David Spinadel
57ae1f5be9 P2P: Fix P2P invitation with NFC
Use interface's own NFC configuration instead of parent's one
to support a P2P device dedicated interface.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2015-01-20 00:51:36 +02:00
Matti Gottlieb
07565ab0f9 WNM: Fix the length of WNM_BSS_QUERY control interface command
The length should be 14 and not 10.
The current situation causes failure during parsing of the command.

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
2015-01-20 00:47:41 +02:00
Jouni Malinen
2d9c99e37b Retry scan-for-connect if driver trigger fails
This restores some of the pre-radio work behavior for scanning by
retrying scan trigger if the driver rejects it (most likely returning
EBUSY in case of nl80211-drivers). Retry is indicated in the
CTRL-EVENT-SCAN-FAILED event with "retry=1".

For manual scans (e.g., triggered through "SCAN" control interface
command), no additional retries are performed. In other words, if upper
layers want to retry, they can do so based on the CTRL-EVENT-SCAN-FAILED
event.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-19 20:25:20 +02:00
Jouni Malinen
911942ee64 Add a test framework for various wpa_supplicant failure cases
For CONFIG_TESTING_OPTIONS=y builds, add a new test parameter than can
be used to trigger various error cases within wpa_supplicant operations
to make it easier to test error path processing. "SET test_failure
<val>" is used to set which operation fails. For now, 0 = no failures
and 1 = scan trigger fails with EBUSY. More operations can be added in
the future to extend coverage.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-19 19:34:00 +02:00
Janusz Dziedzic
95ff306988 nl80211: Allow HT/VHT to be disabled for IBSS
Allow HT/VHT overrides to be used for IBSS.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-01-19 02:35:43 +02:00
Masashi Honma
5a2a6de6a5 mesh: Make inactivity timer configurable
Current mesh code uses ap_max_inactivity as inactivity timer. This patch
makes it configurable.

There is another mesh inactivity timer in mac80211. The timer works even
if user_mpm=1. So this patch sets the max value to the timer for
workaround.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-01-19 02:35:43 +02:00
Jouni Malinen
0efcad2c30 Print in debug log whether attached monitor is for global interface
It is easier to debug issues related to the wpa_supplicant control
interfaces being left behind in attached state when the debug log file
can be used to determine whether a specific monitor socket was a global
or per-interface one.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 16:23:43 +02:00
Jouni Malinen
8266e6c6b4 HS 2.0: Try to use same BSS entry for storing GAS results
Commit 17b8995cf5 ('Interworking: Try to
use same BSS entry for storing GAS results') added a mechanism to try to
pair GAS request and response to a single BSS entry to cover cases where
multiple BSS entries may exists for the same BSSID. However, that commit
did not cover the Hotspot 2.0 ANQP elements. Extend this mechanism to
all ANQP elements. This can help in cases where information in the
Hotspot 2.0 specific ANQP elements got lost if a hidden SSID or some
other reason of duplicated BSS entries was present while doing ANQP
fetches.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 17:47:32 +02:00
Jouni Malinen
6c69991382 Make wpa_supplicant FLUSH command more likely to clear all BSS entries
Move the wpa_bss_flush() call to the end of the function to allow any
pending user of a BSS entry to be cleared before removing the unused
entries. There were number of cases where BSS entries could have been
left in the list and this resulted in some hwsim test failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 15:39:48 +02:00
Jouni Malinen
2dbe63ad53 Write reason for scan only_new_results into debug log
This can be helpful in figuring out why the driver was requested to
flush its scan results prior to starting a new scan.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 13:54:16 +02:00
Jouni Malinen
242b83a380 eapol_test: Fix cert_cb() function arguments
altsubject[] was added here, but the callback implementation in
eapol_test.c was forgotten from the commit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 02:24:00 +02:00
Jouni Malinen
a8826b1848 Interworking: Avoid busy loop in scan result mismatch corner cases
It was possible for interworking_find_network_match() to find a possible
BSS match in a case where more thorough checks in
wpa_supplicant_select_bss() reject network. This itself is fine, in
general, but when combined with wpa_supplicant_fast_associate()
optimization and auto_interworking=1, this resulted in a busy loop of up
to five seconds and a possible stack overflow due to recursion in that
loop.

Fix this by limiting the Interworking wpa_supplicant_fast_associate()
call to be used only once per scan iteration, so that new scan
operations can be completed before going through the scan results again.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 01:52:07 +02:00
Jouni Malinen
edd5939a26 Interworking: Start ANQP fetch from eloop callback
Reduce maximum stack use by starting next ANQP fetch operation from an
eloop callback rather than calling interworking_next_anqp_fetch()
directly from interworking_start_fetch_anqp(). This avoids issues that
could potentially make the process run out of stack if long loops of
ANQP operations are executed in cases where automatic Interworking
network selection is used and scan results do not have a full match for
a network.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 01:51:47 +02:00
Jouni Malinen
783b2a977f Interworking: Fix INTERWORKING_CONNECT with zero-length SSID BSS entry
For Interworking connection to work, the SSID of the selected BSS needs
to be known to be able to associate with the AP. It was possible for the
scan results to include two BSS entries matching the BSSID when an
earlier scan with that AP has shown a hidden SSID configuration (e.g.,
when running hwsim test cases, but at least in theory, this could happen
with real use cases as well). When that happened, the incorrect BSS
entry may not have included RSN configuration and as such, it would get
rejected for Interworking connection.

Fix this by confirming that the selected BSS entry has a real SSID. If
not, try to find another BSS entry matching the same BSSID and use that,
if found with an SSID.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-15 12:24:18 +02:00
Jouni Malinen
cebee30f31 Add domain_match network profile parameter
This is similar with domain_suffix_match, but required a full match of
the domain name rather than allowing suffix match (subdomains) or
wildcard certificates.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-14 15:45:18 +02:00
Jouni Malinen
d07d3fbda2 Add peer certificate alt subject name information to EAP events
A new "CTRL-EVENT-EAP-PEER-ALT depth=<i> <alt name>" event is now used
to provide information about server certificate chain alternative
subject names for upper layers, e.g., to make it easier to configure
constraints on the server certificate. For example:
CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:server.example.com

Currently, this includes DNS, EMAIL, and URI components from the
certificates. Similar information is priovided to D-Bus Certification
signal in the new altsubject argument which is a string array of these
items.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-14 15:45:18 +02:00
Jouni Malinen
98a4cd447e D-Bus: Clear cached EAP data on network profile changes
This makes D-Bus network profile Set(Properties) clear cached EAP data
similarly to how SET_NETWORK does for control interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-14 13:24:09 +02:00
Jouni Malinen
483dd6a5e0 Include peer certificate always in EAP events
This makes it easier for upper layer applications to get information
regarding the server certificate without having to use a special
certificate probing connection. This provides both the SHA256 hash of
the certificate (to be used with ca_cert="hash://server/sha256/<hash>",
if desired) and the full DER encoded X.509 certificate so that upper
layer applications can parse and display the certificate easily or
extract fields from it for purposes like configuring an altsubject_match
or domain_suffix_match.

The old behavior can be configured by adding cert_in_cb=0 to
wpa_supplicant configuration file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-14 12:24:52 +02:00
Jouni Malinen
d29fa3a767 Extend VENDOR_ELEM parameters to cover non-P2P Association Request
The new VENDOR_ELEM value 13 can now be used to add a vendor element
into all (Re)Association Request frames, not just for P2P use cases like
the previous item was for.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-14 01:12:56 +02:00
Jouni Malinen
cf08e9b1f4 Add MESH to modes capabilities
This makes it easier for upper layer programs to figure out whether the
wpa_supplicant and and the driver supports mesh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
db5adfe777 Add SAE to auth_alg capabilities
This makes it easier for upper layer programs to figure out whether the
wpa_supplicant and and the driver supports SAE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
a16514516b Add "GET tls_library" to provide information on TLS library and version
This new wpa_supplicant and hostapd control interface command can be
used to determine which TLS library is used in the build and what is the
version of that library.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
b09baf37cf Work around Windows build issues
At least MinGW did not have ENOTCONN, EOPNOTSUPP, ECANCELED, so define
these to allow the build to go through.
wpas_rrm_send_neighbor_rep_request() is not really used on Windows, so
the exact error code values do not make any difference here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-11 00:58:10 +02:00
Jouni Malinen
0b402479bf Remove Network Security Service (NSS) support
NSS as a TLS/crypto library alternative was never completed and this
barely functional code does not even build with the current NSS version.
Taken into account that there has not been much interest in working on
this crypto wrapper over the years, it is better to just remove this
code rather than try to get it into somewhat more functional state.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-11 00:58:10 +02:00
Jouni Malinen
e24aef10cf Fix a typo in domain_suffix_match documentation
Spell SubjectName correctly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-11 00:27:01 +02:00
Jouni Malinen
394b54732e Improve subject_match and domain_suffix_match documentation
These were already covered in both README-HS20 for credentials and in
header files for developers' documentation, but the copy in
wpa_supplicant.conf did not include all the details. In addition, add a
clearer note pointing at subject_match not being suitable for suffix
matching domain names; domain_suffix_match must be used for that.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-11 00:27:01 +02:00
Stefan Tomanek
79cd993a62 Add address masks to BSSID lists
In many applications it is useful not just to enumerate a group of well
known access points, but to use a address/mask notation to match an
entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00).

This change expands the data structures used by MAC lists to include a
mask indicating the significant (non-masked) portions of an address and
extends the list parser to recognize mask suffixes.

Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
2015-01-10 17:35:53 +02:00
Stefan Tomanek
b83e455451 Add network specific BSSID black and white lists
This change adds the configuration options "bssid_whitelist" and
"bssid_blacklist" used to limit the AP selection of a network to a
specified (finite) set or discard certain APs.

This can be useful for environments where multiple networks operate
using the same SSID and roaming between those is not desired. It is also
useful to ignore a faulty or otherwise unwanted AP.

Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
2015-01-10 17:35:53 +02:00
Stefan Tomanek
b3d6a0a825 Add generic parser for MAC address lists
This change generalizes the code used for parsing the configuration
option 'p2p_client_list' and makes it suitable to use it in other
contexts.

Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
2015-01-10 17:35:53 +02:00
Jouni Malinen
6dfc55723d Remove mesh_ht_mode network block parameter
There should not be a mesh-specific mechanism for setting up channel
parameters since that will just result in duplicated code. IBSS, mesh,
and AP mode can use the same data structures and parameters for setting
up such parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-10 17:35:53 +02:00
Jouni Malinen
54fe48b9dc mesh: Use the shared function with IBSS to determine channel parameters
Automatically enable HT20, HT40+, HT40-, or VHT, based on driver
capabilities. This obsoletes the mesh_ht_mode network block parameter
that was previously used to configure HT parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-10 17:35:53 +02:00
Jouni Malinen
f7e889fa2d mesh: Convert channel configuration to use common routines
Use struct hostapd_freq_params just like other modes do instead of
mesh-specific freq and ht_mode.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-10 17:35:53 +02:00
Jouni Malinen
6334330ed6 mesh: Use a separate variable to track whether HT is enabled
A network profile parameter should not be used to check whether the
currently operating mesh has HT enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-10 17:35:53 +02:00
Janusz Dziedzic
6b8b07741a ibss/mesh: Enable HT40 if supported
Setup HT40+/HT40- if supported by driver.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-01-10 17:35:53 +02:00
Janusz Dziedzic
269dfe232b Introduce common hw features
Introduce wpa_supplicant/hostapd hw features.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-01-10 17:35:53 +02:00
Janusz Dziedzic
1830817ece IBSS: Add WPA_DRIVER_FLAGS_HT_IBSS
Add WPA_DRIVER_FLAGS_HT_IBSS driver feature flag. Some drivers could not
set this feature and next could fail when we will enable HT support for
IBSS with error message: nl80211: Join IBSS failed: ret=-22 (Invalid
argument).

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-01-10 17:35:53 +02:00
Bob Copeland
a206e2a175 SAE: Centralize function for sending initial COMMIT
When performing SAE authentication in mesh, one station may
initiate authentication by sending a COMMIT as soon as a peer
candidate is discovered. Previously we did this in mesh_rsn.c,
but this left some of the state initialization in a different
part of the code from the rest of the state machine, and we may
need to add other initializations here in the future, so move
that to a more central function.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
2015-01-10 11:43:29 +02:00
Jouni Malinen
a354bcc886 D-Bus: Use NoMemory error message from CreateInterface
Try to be a bit more consistent by using NoMemory instead of InvalidArgs
if os_strdup() fails in the CreateInterface handler.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-09 02:32:15 +02:00
Jouni Malinen
635874b55a Handle interface disabled/enabled more consistently
It was possible for the interface not to be marked in INTERFACE_DISABLED
state in case the event was processed for P2P GO because the wpa_s
instance could have been removed in case of a separate group interface.
Change the state first to avoid leaving different state for the case
where separate group interface is not used.

Mark scan to be a normal scan on INTERFACE_ENABLED so that scanning
rules (e.g., skip scan if no networks enabled) get used consistently.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:48 +02:00
Jouni Malinen
8f2cf37923 P2P: Indicate reason=UNAVAILABLE for group netdev going down
There is a race condition between receiving an AP stopped event and
netdev down event. These resulted in different group removal reasons on
a GO device (UNAVAILABLE for stop AP event coming first and REQUESTED
for netdev event first). Make this more consistent by reporting
UNAVAILABLE for both possible cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:48 +02:00
Jouni Malinen
a156ffda61 Add support for testing memory allocation failures
The new control interface command TEST_ALLOC_FAIL and GET_ALLOC_FAIL can
now be used to trigger memory allocation failures for testing purposes.
TEST_ALLOC_FAIL sets a failure conditions with
<count>:func[;func][;func]... string and GET_ALLOC_FAIL returns the
current state using the same format. Whenever an allocation is made with
a matching backtrace of calling functions, the count is decremented by
one and once zero is reached, the allocation is forced to fail.

Function names can be prefixed with either '=' or '?' to get different
matching behavior. '=' requires this specific function to be the next
one in the backtrace (i.e., do not skip any other functions in the list
which is the default behavior). '?' allows the function to be optionally
present in the backtrace.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:43 +02:00
Jouni Malinen
52b3943c94 D-Bus: Fix interface unregistration on error path
It is possible for this function to get called even if D-Bus
registration had failed, so the path can be NULL here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:01 +02:00
Jouni Malinen
96dc9a6d42 D-Bus (old): Fix interface unregistration on error path
It is possible for this function to be called even if D-Bus interface
registration has failed. Avoid a D-Bus assert in such a case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:01 +02:00
Jouni Malinen
ef0355780a Fix memory leak on wpa_supplicant_init_wpa() error path
If wpa_sm_init() fails, the context data needs to be freed in the
caller.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
f2d57282ad D-Bus: Fix string array dict entry parser in out-of-memory case
entry->strarray_value was left to point to freed memory in case
os_realloc_array() failed. This resulted in the following
wpa_dbus_dict_entry_clear() trying to free an already freed memory area.
In addition, the separately allocated strings in the array would have
been leaked in such a case. Furthermore, wpa_dbus_dict_entry_clear() was
not prepared for the possibility of the initial os_calloc() call failing
and entry->strarray_value being NULL without array_len being cleared to
zero. That would have resulted in reading uninitialized memory and NULL
pointer dereference.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
c61bc23aa2 D-Bus: Fix byte array dict entry parser in out-of-memory case
entry->bytearray_value was left to point to freed memory in case
os_realloc_array() failed. This resulted in the following
wpa_dbus_dict_entry_clear() trying to free an already freed memory area.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
dacf605812 D-Bus: Fix Introspect() in case of os_strdup() failure
add_interface() did not check for os_strdup() return value and could end
up dereferencing a NULL pointer if memory allocation failed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
68a866974b D-Bus (old): Fix wpsReg error message
This was supposed to return WpsRegError, not WpsPbcError.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
f0614bc6c6 D-Bus (old): Fix message handler error paths
The error reply needs to be sent out as a response. The "out" label was
in incorrect place to allow that to happen; instead, it ended up leaking
memory for the generated reply message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
a2af1c70c5 D-Bus (old): Fix memory leak on error path
If setSmartcardModules() fails to allocate memory with os_strdup(), the
allocated items in the dict entry were not freed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-07 13:19:00 +02:00
Jouni Malinen
942b75468d tests: Add module tests for AES-SIV
This moves the AES-SIV test case from tests/test-aes.c to be part of
wpa_supplicant module testing framework with a new
src/crypto/crypto_module_tests.c component. In addition, the second test
vector from RFC 5297 is also included for additional coverage.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 15:50:53 +02:00
Ilan Peer
8b48e32006 wpa_cli: Add MAC address randomization in scan
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 23:06:31 +02:00
Ilan Peer
fb375883f4 ctrl_iface: Add MAC address randomization in scan processing
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 23:06:31 +02:00
Ilan Peer
56c76fa592 scan: Add MAC address randomization in scan handling
1. Supported MAC address randomization for scan.
2. Supported MAC address randomization for scheduled scan.
2. Supported MAC address randomization for pno.
4. Add functions to set and clear the MAC address randomization
   state variables.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 23:06:31 +02:00
Arik Nemtsov
7db53bb8c5 wpa_cli: Implement TDLS start/cancel channel switching commands
For the start operation, this includes appropriate parameters for
specifying channel and peer information. The cancel operation includes
peer information.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2015-01-04 21:46:37 +02:00
Arik Nemtsov
6b90deae4d TDLS: Propagate enable/disable channel-switch commands to driver
The supplicant code does not try to control the actual channel of the
radio at any point. It simply passes the target peer and channel
parameters to the driver. It's the driver's responsibility to
periodically initiate TDLS channel-switch operations when TDLS
channel-switching is enabled.

Allow enable/disable operations to be invoked via the control interface.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2015-01-04 20:30:11 +02:00
Arik Nemtsov
4daa572925 TDLS: Add channel-switch capability flag
Propagate a driver TDLS channel-switch support bit from nl80211 to
TDLS code.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2015-01-04 18:59:31 +02:00
Eliad Peller
8c42b36902 WMM AC: Reconfigure tspecs on reassociation to the same BSS
The specification requires the tspecs to be kept upon reassociation to
the same BSS. Save the last tspecs before such reassociation, and
reconfigure on the association notification.

Note that the current flow is not transparent to the user
(it is notified about deauth/reassoc and tspec removal/addition).

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:41:00 +02:00
Eliad Peller
677e7a9582 WMM AC: Do not fail on unknown IEs in Association Response
Some APs add their custom (vendor-specific) IEs to the Association
Response frame. Fail WMM AC initialization only if Association Response
frame IE parsing actually failed, i.e., ignore all unknown IEs.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:33:29 +02:00
Eliad Peller
fecc2bb5a8 WMM AC: Delete tspecs on roaming
In case of roaming, we don't get disassoc notification, but
still want to remove the existing tspecs.

Move the wmm_ac_notify_disassoc() call to the state change
function, which get called also on roaming.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:32:59 +02:00
Eliad Peller
20fe74561c WMM AC: Print user-priority in wmm_ac_status
The UP is important property of the tspec, so print it as well.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:31:18 +02:00
Jouni Malinen
d118a6b8c8 D-Bus: Fix WPS.Start method in AP/P2P GO mode
Previously, role="enrollee" was required to be used to allow the AP mode
WPS operation to be started. This is incorrect since the AP/GO will
operate in Registrar role. Fix this by ignoring the role parameter when
AP (including P2P GO) mode is enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
bd47d68035 WPS: Reject station-mode WPS operations when AP mode is enabled
Start of station-mode WPS PBC/PIN/Registrar/NFC operation would result
in the AP mode getting disabled. This can be particularly confusing for
the P2P GO case where the group would need to be stopped cleanly. As
such, it is better to reject these invalid operations rather than trying
to handle all corner cases needed to allow this to work robustly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
f47a562c73 D-Bus: Move NetworkRequest signal to correct registration array
This is an interface signal, not a global signal, so move it to the
current array for registering the signal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
afaa6d99a4 D-Bus: Remove registration of P2PStateChanged signal
This signal is not generated anywhere, so there is no point in claiming
it to be available.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
1a4efde5bd D-Bus: Make P2P Group Passphrase property getter available for P2P Client
There is no need to limit this property based on the role of the device
in the group, so return the passphrase if it is available. It will be
available in GO role and it may be available in P2P Client role based on
whether the peer GO provided it during the WPS provisioning step.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
20e1d81e09 D-Bus: Fix P2P Group PSK property getter
This was returning a byte array of the pointer to the PSK, not the
actual PSK, due to incorrect use of
wpas_dbus_simple_array_property_getter(). In addition, there is no need
to limit this property based on the role of the device in the group, so
return the PSK if it is available (which it will be for both GO and P2P
Client roles).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
a0caebf397 D-Bus: Simplify out-of-memory reporting
There is no need to have separate wpa_printf() and different error
message strings for the unlikely out-of-error messages. Use a helper
function, wpas_dbus_error_no_memory(), to get consistent behavior with a
one-line call.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
ff1d8104e2 D-Bus: Remove the obsolete notes from wpas_dbus_error_unknown_error()
Commit 6aeeb6fa21 ('dbus: clean up new
D-Bus interface getters and setters') redesigned the property
getter/setter calls in a way that made the
wpas_dbus_error_unknown_error() note about message being NULL in some
cases obsolete. All the remaining callers are from method handler
functions that must have a valid message. Remove the obsolete notes and
unnecessary messsage == NULL check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
38279bdb35 D-Bus: Coding style cleanup
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
e3c4f0b5d5 D-Bus: Simplify message building error paths
There is no need to have multiple separate return statements for error
cases in a sequence of operations. In addition, there is not much point
in "converting" boolean return values with "if (!res) return FALSE;
return TRUE;" style constructions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
bba40b65b0 D-Bus: Fix GroupAdd, Invite, RemovePersistentGroup path validation
net_id_str can be NULL and that must be checked for to avoid NULL
pointer dereference if an invalid persistent_group_object path is used
with these methods.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
ce82168b55 D-Bus: Fix error message for Listen() failure
DBUS_ERROR_NO_MEMORY does not look like the best option for the failure
reason in case wpas_p2p_listen() fails.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
054dc3136f D-Bus: Clean up wpas_dbus_new_decompose_object_path()
None of the new D-Bus interface cases use the bssid_part in
decompose_object_path (while the old interface ones do). As such, this
is dead code and can be removed. In addition, the P2P addition here was
pretty ugly extension. Replace these with a cleaner way of passing the
separating string (e.g., "Networks") from the caller and returning the
requested item.

In addition, there is no need to allocate the returned item separately,
so use a single allocation and a pointer to that allocated memory. This
will make it easier for callers to have to free only a single
allocation. This is also fixing a memory leak in P2P invitation
persistent group case where the caller had missed the need to free the
returned values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
b76ea413b1 D-Bus: Clean up parse_peer_object_path() uses
This helper function does not modify peer_path, so mark it const. In
addition, there is no point in callers to check separately whether
peer_path is NULL since that is taken care of by this helper function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
509618d35b D-Bus: Remove useless NULL check from static function
The entry argument cannot be NULL in this static function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
1d12c08847 D-Bus: Add debug prints for parsing dict entries
This makes it easier to figure out what happens if there are issues with
processing messages.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
605325fb75 D-Bus: Remove useless wpa_s->conf checks
This cannot be NULL when an interface is in use. There is not much point
in couple of functions checking this while large number of other places
do not.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
88ce7938b0 D-Bus: Write Get/Set property name in debug log
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
5485798f40 D-Bus: Add more debug prints to cover operations
This adds the message signature to the new D-Bus interface message
handler and similar prints to the old interface messages handlers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
7fbe56b018 D-Bus: Fix property change timer update
eloop_is_timeout_registered() was called with incorrect context argument
which meant that the pending timeout would have never been found.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
3a593ff5b2 D-Bus (old): Fix removeNetwork method to not use freed memory
wpa_supplicant_deauthenticate() call needs to happen before
wpa_config_remove_network(). Freed memory could be dereferenced if
removeNetwork method was issued on the currently connected network.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
f11e797d4c D-Bus: Avoid valgrind warning due to compiler optimization
It looks like both gcc and clang optimize the (entry.type != foo ||
entry.array_type != bar) in a way that ends up evaluating the second
condition even when the first one results in 0. While this is not really
what the C language requirements on short-circuit evaluation require,
the compiler likely assumes this can have no side effects and with both
type and array_type being comparable in a single 64-bit operation, this
can clearly be a bit more efficient. While the code behaves same in both
cases, valgrind does warn about use of uninitialized memory when the
second condition is evaluated (entry.array_type is not initialized if
entry.type != DBUS_TYPE_ARRAY).

To keep valgrind logs cleaner, initialize entry.array_type to
DBUS_TYPE_INVALID so that these compiler optimizations do not result in
reading uninitialized memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:26 +02:00
Jouni Malinen
19d4dab759 D-Bus: Avoid compiler warning on sometimes uninitialized variable
The logic in wpas_dbus_signal_p2p_provision_discovery() seemed to imply
that there could be a case where _signal would be used uninitized. While
that is not the case since either (request || !status) or (!request &&
status) would always be true, some compilers do not seem to be clever
enough to figure that out to avoid the warning. Make this easier for
such compilers by removing the (!request && status) condition since it
is identical to !(request || !status).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:48:30 +02:00
Jouni Malinen
bc7baaff24 D-Bus: Make WPAS_DBUS_TYPE_BINARRAY value less confusing
Commit 911e97e400 ('DBus: Refactor array
adding, add binary arrays') introduced WPAS_DBUS_TYPE_BINARRAY as an
internal fake type for array_type. However, it selected this value to be
(DBUS_NUMBER_OF_TYPES + 100) = 116 = 't'. This happens to conflict with
DBUS_TYPE_UINT64 ((int) 't'). While none of the existing array_type use
cases supported UINT64, it is much clearer if WPAS_DBUS_TYPE_BINARRAY
has a value that does not match any existing DBUS_TYPE_* value. Replace
this with '@' (64).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-01 13:51:45 +02:00
Jouni Malinen
5f3682dc6f D-Bus: Fix dict binarray getter to accept empty array of array
This is needed to allow Set(P2PDeviceConfig) to clear the
VendorExtension array (i.e., to remove all configured vendor
extensions). Previously, such an attempt was met with a D-Bus assert and
rejection of the operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-31 13:34:52 +02:00
Jouni Malinen
54e06b4ffb D-Bus: Fix memory leak on P2PDeviceConfig::VendorExtension
The wps_vendor_ext array can be set using D-Bus Set(P2PDeviceConfig)
with the VendorExtension key in the dictionary. However, there was no
code for freeing the allocated memory when the interface is removed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-31 13:07:13 +02:00
Jouni Malinen
68bb007743 D-Bus: Fix GONegotiationSuccess signal passphrase format
Passphrase is a variable length string of (8..63 characters), not a byte
array of fixed 64 octets.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-31 11:44:42 +02:00
Jouni Malinen
3cccf0b870 D-Bus: Make wpas_dbus_error_scan_error() static
This function is not used anywhere outside this file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-31 11:00:54 +02:00
Jouni Malinen
2544394406 D-Bus: Fix ServiceDiscoveryResponse to accept int32 dialog_token
The ServiceDiscoveryRequest signal uses int32 for encoding dialog_token
for some reason (even though this is a u8 field).
ServiceDiscoveryResponse is supposed to accept the values from the
signal as-is, so extend that to accept int32 in addition to the
previously used uint32.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-31 10:47:31 +02:00
Jouni Malinen
9c4694ce7c D-Bus: Fix memory leaks on AddService/DeleteService error paths
The query and service parameters need to be freed on all paths to avoid
memory leaks in error cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-31 01:05:46 +02:00
Jouni Malinen
b07f1ebe0f D-Bus: Fix .Group Set(WPSVendorExtensions) format
The earlier implementation seemed to require a strange extra
encapsulation with a dictionary for setting the WPSVendorExtensions
property while this was defined to have aay signature and the get
operation did indeed return and array of array of bytes without that
dictionary. Fix this to accept aay format for the setter as well. Keep
support for the old dictionary encapsulation format for backwards
compatibility.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-30 22:22:39 +02:00
Jouni Malinen
8509fb5cce D-Bus: Fix memory leak on P2P GO WPSVendorExtensions
It was possible to add WPS vendor extensions through the D-Bus
WPSVendorExtensions setter, but these extensions were not freed when the
P2P GO was stopped or when replacing previously configured extensions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-30 22:22:39 +02:00
Jouni Malinen
4e70bbf1c6 SAE: Clear keys from memory on disassociation
There is no need to keep temporary keys in memory beyond the end of the
association, so explicitly clear any SAE buffers that can contain keys
as soon as such keys are not needed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 20:00:02 +02:00
Jouni Malinen
6df1973988 Clear psk_list while freeing config_ssid instances
Previously, the main PSK entry was cleared explicitly, but psk_list
could include PSKs for some P2P use cases, so clear it as well when
freeing config_ssid instances.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 19:44:51 +02:00
Jouni Malinen
e886c88e95 Explicitly clear the temporary stack-based PSK buffer
There is no need to leave this temporary key in stack memory after
having been configured to the WPA state machine.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 19:44:51 +02:00
Jouni Malinen
658da804e5 Explicitly clear the temporary stack-based key for WPA-None
There is no need to leave this temporary key in stack memory after
having been configured to the driver.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 19:44:51 +02:00
Jouni Malinen
f42df14415 WPS ER: Explicitly clear PSK from stack after use
There is no need to leave the PSK from temporary Credential structure
that was built in stack after that Credential has been passed to the WPS
module.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 19:44:51 +02:00
Jouni Malinen
ce52d031e5 Clear wpa_psk memory when setting up wpa_supplicant AP mode
This is more of a theoretical case since this part is done only during
setup and the structure is not allocated in practice. Anyway,
maintaining more consistent use of bin_clear_free() for structures that
may contain keys is useful.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 19:44:51 +02:00
Jouni Malinen
74df9c1c43 D-Bus(old): Remove duplicated blob->data check
This was already verified to be non-NULL above and there is no point in
having an extra check after the pointer has already been dereferenced.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
8193e01e5b D-Bus(old): Remove unnecessary wpa_supplicant_state_txt() check
This function cannot return NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
62856ad989 D-Bus(old): Fix removeNetwork and selectNetwork error handling
wpas_dbus_decompose_object_path() may leave the network part NULL on
unexpected path. This resulted in NULL pointer dereference when
processing an invalid removeNetwork or selectNetwork call. Fix this by
explicitly verifying that the network part was included in the object
path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
84edd136b5 D-Bus(old): Fix interface to show correct err_msg for blob removal
The "Invalid blob name" string was not shown since the zero-length name
was used regardless of first verifying that it should not be allowed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
91c539c01d D-Bus(old): Fix WPS interface to require BSSID for wpsReg
External WPS Registrar operation requires the BSSID to be specified, so
the old D-Bus interface better apply that requirement as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
dddd870d16 D-Bus(old): Fix WPS interface for PIN from wpa_supplicant case
dbus_message_append_args() needs char** and &npin ended up being char*
and resulted in segmentation fault.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
5f136bc126 D-Bus: Fix P2P persistent group removal from non-D-Bus triggers
It is possible for the persistent group object to be added and removed
by non-D-Bus triggers (e.g., ctrl_iface commands). The add part was
already handled, but removal was not. That resulted in memory leaks when
a P2P persistent group was removed without using an explicit D-Bus
command for this even if the object was added without D-Bus involvement.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
d20be3a739 D-Bus: Fix WPS ConfigMethods getter to handle no value properly
wpas_dbus_simple_property_getter() cannot be used with NULL
DBUS_TYPE_STRING, so replace that with an empty string to handle the
case of no config_methods parameter in the configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
11973b2682 D-Bus: Fix P2P peer joined/disconnected handlers
It is possible for the peer to be a non-P2P device and as such, for
p2p_dev_addr to be NULL. This resulted in NULL pointer dereference if
D-Bus interface was enabled for the interface when a legacy STA joined a
group.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
b8db1dfc5c Clear next_scan_freqs on wpa_supplicant FLUSH command
It was possible for old scan state to remain from a previous test case
when an operation like WNM neighbor scan or another-BSS-in-ESS was
started, but stopped at the end of a test case. This could result in
failures, e.g., when running wnm_bss_tm_req followed by scan_setband.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
f4637fe0fd wpa_supplicant: Set stdout line-buffered
This makes wpa_supplicant debug output in stdout line-buffered to remain
consistent with hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
010fa245bd Add QUIET=1 option for make
This can be used to reduce verbosity for build messages.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
49e3eea8d9 Avoid -Wshadow warnings from older gcc versions
It looks like gcc 4.8.2 would warn about these with -Wshadow, but 4.6.3
did.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-26 13:21:00 +02:00
Jouni Malinen
a193231dfb Clean up debug prints to use wpa_printf()
This converts most of the remaining perror() and printf() calls from
hostapd and wpa_supplicant to use wpa_printf().

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-26 13:20:57 +02:00
Jouni Malinen
36f0cf3774 privsep: Fix compilation due to associate() parameter updates
struct wpa_driver_associate_params moved to using struct
hostapd_freq_params instead of just frequency. Need to update wpa_priv
to do same.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-25 16:37:12 +02:00
Jouni Malinen
4a393fe9f8 WPS: Do not indicate PBC overlap for the same BSS
Even if the UUID would have a mismatch, e.g., due to no UUID known for
the target in a new WPS PBC instance, do not indicate PBC session
overlap if the BSSID is same in the two entries. This should not really
happen in normal use cases, but can happen at least in some test
scenarios where the same BSSID is used in consecutive test cases and the
old BSS entry remains in cfg80211 cache.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-25 16:37:12 +02:00
Jouni Malinen
3a322496f9 mesh: Delay Authentication frame process with no_auto_peer
There is a possible race condition between receiving the
NEW_PEER_CANDIDATE event and the Authentication frame from the peer.
Previously, if the Authentication frame RX event was indicated first,
that frame got dropped silently. Now, this frame is still dropped, but a
copy of it is stored and the frame gets processed on the following
NEW_PEER_CANDIDATE event if that is received for the same peer within
two seconds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-23 13:44:38 +02:00
Jouni Malinen
d97a3c4885 SME: Optimize OBSS scanning
Include only the potentially affected channel range in OBSS scans to
reduce the amount of offchannel time needed for scanning when requested
by the AP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-22 22:07:03 +02:00
Jouni Malinen
267ac3bcd6 Add more debug prints for WPA/RSN selection issues for connection
ap_ft_sae test case managed to hit a somewhat unclear error case which
resulted in "WPA: Failed to select WPA/RSN" print and not enough
information to figure out what exactly had went wrong.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-22 13:49:52 +02:00
Masashi Honma
d5b95325de mesh: Fill Number of Peerings field in Mesh Formation Info
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-12-21 23:59:40 +02:00
Masashi Honma
46e8d90f6a mesh: Add debug message when peering limit is reached
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-12-21 23:55:44 +02:00
Masashi Honma
4b4093686b mesh: Make maximum number of peer links configurable
Maximum number of peer links is maximum number of connecting mesh peers
at the same time. This value is 0..255 based on the
dot11MeshNumberOfPeerings range.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-12-21 23:52:31 +02:00
Masashi Honma
9c58c5f72c mesh: Make beacon interval configurable
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-12-21 23:38:20 +02:00
Masashi Honma
3b797130d7 doc: Remove error on document creation
Unexpected trailing zero causes following error.

wpa_supplicant.sgml:472:53:E: character data is not allowed here

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-12-21 23:36:55 +02:00
Jouni Malinen
422ba11e30 Flush WPS registrar state on wpa_supplicant FLUSH command
This helps hwsim test cases by avoiding undesired state from previously
executed test cases affecting following tests.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-21 17:47:42 +02:00
Jouni Malinen
209702d4c9 Add possibility to set the setband parameter
Commit faf9a8585d added mechanism for
selecting 2.4 or 5 GHz band for scan operation. However, no mechanism
for setting the setband value was added at that time. This commit adds a
new SET ctrl_iface parameter to allow the setband functionality to be
used. "SET setband <AUTO/5G/2G>" can be used to select all bands, 5 GHz
band only, or 2.4 GHz band only.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-19 22:56:41 +02:00
Sunil Dutt
ee82e33d6a Do not trigger the scan during initialization on Android platforms
Android framework maintains a state to process the scan results after
the scan is issued. If wpa_supplicant issues the scan during the
initialization, the one issued by the framework may fail (with EBUSY) if
the host driver is already processing the scan. Thus, the scan results
returned for the first scan triggered by wpa_supplicant are not
processed for getting displayed resulting in delay for the display of
the first scan results after the Wi-Fi subsystem initialization. Thus,
trigger the scan only based on the framework request on Android.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-19 15:24:33 +02:00
Jouni Malinen
e69ae5ff31 Reject new SCAN commands if there is a pending request
FAIL-BUSY was already returned for the case where a scan had been
started, but with the radio work design, it would have been possible to
schedule multiple scan requests if a non-scan radio work was in
progress. Multiple back-to-back scans are not usually very helpful, so
reject this type of cases where the SCAN command would be used to build
such a sequence.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-19 15:14:38 +02:00
Jithu Jance
49e1e9ca88 P2P: Avoid truncation of long listen operation due to offchan tx
On receiving the cancel remain on channel event, the pending_tx
is scheduled immediately and returned. This was preventing
the wpas_p2p_listen_start function from execution thereby resulting
in termination of the long listen operation.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-12-18 16:41:40 +02:00
Jouni Malinen
0855e2e188 Do not allow network block scan_freq override SCAN command frequencies
The manual scan operations with the SCAN command are supposed to have
independent set of scan frequencies, so do not allow scan_freq
parameters to override scanned frequencies for scans that were triggered
with a SCAN command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-15 00:55:56 +02:00
Masashi Honma
5b78493f3b mesh: Add mesh interface creation command for mesh gate
The mesh gate is used to bridge (or route) between mesh network and
another network. For example, mesh gate acts as router between mesh
network and IEEE 802.11 BSS network.

This command makes a virtual mesh interface to be used for mesh gate.

This command expects to be used like this.

wpa_cli -i wlan0 MESH_INTERFACE_ADD ifname=mesh0
wpa_cli -i mesh0 add_network
wpa_cli -i mesh0 set_network 0 ssid '"commell_2X_mmm"'
wpa_cli -i mesh0 set_network 0 mode 5
wpa_cli -i mesh0 set_network 0 frequency 2412
wpa_cli -i mesh0 set_network 0 key_mgmt SAE
wpa_cli -i mesh0 set_network 0 psk '"01234567"'
wpa_cli -i mesh0 mesh_group_add 0
wpa_cli -i wlan0 mesh_group_remove mesh0

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-12-14 23:27:43 +02:00
Jouni Malinen
e77007132e Extend wpa_supplicant STA* ctrl_iface commands for mesh
Since mesh functionality uses struct hostapd_data to maintain peer
state, the existing STA* control interface commands can be used to
display information about the peers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 20:14:30 +02:00
Jouni Malinen
b0f33467a5 Clean up VHT override max A-MPDU override calculation
There is no need to use runtime call to find_first_bit() to determine
shift amount for a constant integer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 18:48:59 +02:00
Led
2797486c4f Fix bashisms in wps-ap-cli script
Option '-p' of 'read' command may be unsupported in some POSIX-complete
shells. So replace 'read -p' with 'echo -n'/'read' pair.

Signed-off-by: Oleksandr Chumachenko <ledest@gmail.com>
2014-12-14 18:27:54 +02:00
Arkadiusz (Arkq) Bokowy
7b244d577a wpa_gui: Quiet mode - disable tray icon messages
If tray icon messages are perceived as disturbing, one can pass `-q`
parameter on the command line to disable them permanently.

Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
2014-12-14 17:26:42 +02:00
Arkadiusz (Arkq) Bokowy
2087b64fef wpa_gui: More informative tray icon tool tip message
Show associated network SSID in the tool tip message of the
application's tray icon. When network is not associated, then simple
"(not-associated)" message is shown.

Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
2014-12-14 17:23:43 +02:00
Jouni Malinen
81648d0041 SAE: Report connection failure if SME cannot build auth frame
Instead of just stopping connection process and network discovery,
report SAE failures to build Authentication frames (e.g., due to missing
password) as a connection failure to get the normal retry mechanism into
use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 16:48:38 +02:00
Jouni Malinen
8e3afd7f6c offchannel: Use wpas_get_tx_interface() src parameter more consistently
Both the wpa_s->pending_action_src and src argument to
wpas_get_tx_interface() were used somewhat randomly. Make this more
consistent since these values are pointing to the same address and the
implementation is easier to understand when it is obvious that there is
only one address being used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 15:47:04 +02:00
Jouni Malinen
568475b70b HS 2.0: Allow CANCEL_FETCH_OSU to stop at scan completion
There is no need to start the GAS/ANQP fetch if the FETCH_OSU operation
has already been canceled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 02:28:03 +02:00
Jouni Malinen
f77cedc11a WPS ER: Remove unnecessary return value
wps_er_deinit() cannot fail and it does not return anything, so neither
should wpas_wps_er_stop().

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 02:28:03 +02:00
Jouni Malinen
5407c69d15 Remove unnecessary STA_AUTOCONNECT handler function
This function could not fail and it can be replaced with a single
line variable update that takes less code than the function call.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-13 19:27:41 +02:00
Jouni Malinen
a1144000cd Remove unnecessary return value
wpa_bss_flush*() cannot fail and as such, there is no need for
wpa_supplicant_ctrl_iface_bss_flush() to return a value either.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-13 19:22:23 +02:00
Jouni Malinen
5ac73acf12 Simplify eapol_sm_get_mib() result handling
This function cannot return negative value, so no need to check for
that. If there is not enough room in the buffer or if something
unexpected happens, 0 is returned.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-13 19:15:38 +02:00
Jouni Malinen
43a66ecba3 Fix SCAN control interface command error cases
Update the scan parameters in wpa_s only in case the scan command is
going to be executed. In other words, do not change the parameters for
an ongoing scan (the SCAN command is rejected with FAIL-BUSY) or if any
of the parameters is invalid.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-12 01:12:15 +02:00
Jouni Malinen
2961bfa8e1 Remove unused send_eapol() driver op
The send_eapol() callback was used by driver_test.c, but with that
removed, there is no remaining users of the alternative EAPOL frame
transmitting mechanism in wpa_supplicant, i.e., all remaining driver
interfaces use l2_packet instead. Remove the send_eapol() to get rid of
unused code.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-11 15:40:07 +02:00
Jouni Malinen
b68d602dc4 Fix ANQP_GET/HS20_GET_ANQP parsing to skip space after address
The space following the BSSID was not skipped properly if the following
parameter started with the "hs20:" prefix. For other cases, atoi() ended
up ignoring the space, but it is cleaner to skip it anyway for all
cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-11 15:18:11 +02:00
Jouni Malinen
42a697256e P2P: Allow cross connection on the parent interface
Previously, any P2P capable interface was skipped in cross connection
uplink consideration. However, this ends up skipping more or less all
nl80211-based driver cases now since they mark the main interface P2P
capable. Relax this rule to allow the parent interface to be used as the
non-P2P station interface for cross connection purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-10 01:54:27 +02:00
Jouni Malinen
97cfe110dc Clear wpa_s->disconnected on ctrl_iface FLUSH
This is needed to get into more consistent state after the FLUSH
command. DISCONNECT followed by FLUSH could result in
wpa_s->disconnected being left to 1 and this resulted in a test failure,
e.g., when running wpas_ctrl_dup_network followed by
wpas_ctrl_enable_disable_network where the latter was expecting
ENABLE_NETWORK on a disabled network to connect automatically and that
does not happen if wpa_s->disconnected == 1.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-08 16:22:13 +02:00
Jouni Malinen
aaadd72733 Check os_snprintf() result more consistently - more checks
Add more os_snprintf() result validation checks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
1d39977136 Check os_snprintf() result more consistently
While these are using practically large enoungh buffer sizes, it is
better to be more consistent with checking os_snprintf() return value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
1f102d3bb0 Check os_snprintf() result more consistently - manual
This converts os_snprintf() result validation cases to use
os_snprintf_error() for cases that were note covered by spatch and
semantic patches.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
eeab4f2fda Check os_snprintf() result more consistently - automatic 3
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the comparison was 'res > size' instead of
'res >= size - 1'. These changes were done automatically with spatch
using the following semantic patch:

@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@

(
  E1 = os_snprintf(E2, E3, ...);
|
  int E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else if (E6)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = 0;
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else if (E6) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	E1 = os_snprintf(E2, E3, ...);
  }
)
? os_free(E4);
- if (E1 < 0 || (size_t) E1 >= E3 - 1)
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
7bdd8981f7 Check os_snprintf() result more consistently - automatic 2
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the comparison was 'res > size' instead of
'res >= size'. These changes were done automatically with spatch using
the following semantic patch:

@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@

(
  E1 = os_snprintf(E2, E3, ...);
|
  int E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else if (E6)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = 0;
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else if (E6) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	E1 = os_snprintf(E2, E3, ...);
  }
)
? os_free(E4);
- if (E1 < 0 || \( E1 > E3 \| (size_t) E1 > E3 \| E1 > (int) E3 \))
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
d85e1fc8a5 Check os_snprintf() result more consistently - automatic 1
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the exact rule used in os_snprintf_error() was
used. These changes were done automatically with spatch using the
following semantic patch:

@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@

(
  E1 = os_snprintf(E2, E3, ...);
|
  int E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else if (E6)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = 0;
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else if (E6) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	E1 = os_snprintf(E2, E3, ...);
  }
)
? os_free(E4);
- if (E1 < 0 || \( E1 >= E3 \| (size_t) E1 >= E3 \| (unsigned int) E1 >= E3 \| E1 >= (int) E3 \))
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
a80ba67a26 Check os_snprintf() result more consistently - success case
This converts os_snprintf() result validation cases to use
os_snprintf_error() in cases where success condition was used to execute
a step. These changes were done automatically with spatch using the
following semantic patch:

@@
expression E1,E2,E3;
statement S1;
@@

  E1 = os_snprintf(E2, E3, ...);
- if (\( E1 >= 0 \| E1 > 0 \) && \( (size_t) E1 < E3 \| E1 < (int) E3 \| E1 < E3 \))
+ if (!os_snprintf_error(E3, E1))
  S1

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
a9aaacbb50 Check os_snprintf() result more consistently - maximum length
This adds verification of os_snprintf() result against the maximum
buffer length. These changes were done automatically with spatch
using the following semantic patch:

@@
expression E1,E2,E3;
statement S1;
@@

  E1 = os_snprintf(E2, E3, ...);
- if (\( E1 < 0 \| E1 <= 0 \))
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
faebdeaa9e Use os_calloc() instead of os_zalloc()
Automatic changes with spatch using the following semantic patch:

@@
constant C;
type T;
@@

- os_zalloc(C*sizeof(T))
+ os_calloc(C,sizeof(T))

@@
expression E;
type T;
@@

- os_zalloc((E)*sizeof(T))
+ os_calloc(E,sizeof(T))

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
c054190603 Fix DUP_NETWORK debug print on error case
Incorrect network id was printed in debug output if DUP_NETWORK
destination network was not found.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
49328f0756 Remove unnecessary ctrl_iface command check
MESH_GROUP_REMOVE always passes in the cmd pointer, so this cannot
really be NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:06 +02:00
Jouni Malinen
d02dcb28bc Remove unnecessary ctrl_iface cmd check
This pointer cannot be NULL sicne it is called only from this file and
with a valid pointer to the received command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:07:56 +02:00
Jouni Malinen
d84416a2af Interworking: Make bounds checking easier for static analyzers
'num * 5 > end - pos' handles bounds checking a bit more efficiently,
but apparently that is not clear enough for all static analyzers.
Replace with 'num > left / 5' to avoid false reports. (CID 68117)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 19:25:14 +02:00
Jouni Malinen
8105821b39 Replace send_ft_action() driver_op with send_action()
This reduced number of unnecessarily duplicated driver interface
callback functions for sending Action frames by using the more generic
send_action() instead of FT specific send_ft_action().

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 18:13:29 +02:00
Jouni Malinen
bc0ba01d70 WFD: Allow WFD_SUBELEM_SET/GET all to be used with full IE buffer
This extends the previously used WFD_SUBELEM_SET/GET <subelem id> design
to allow special "all" value to be used as an id to indicate that all
WFD subelements are to be set/get. This uses similar interface as was
previously added over D-Bus.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 15:22:33 +02:00
Jouni Malinen
f80936094e WMM-AC: Use DEBUG verbosity for ignoring Action frame messages
There is no point in flooding the log with WARNING or ERROR level
messages if WMM-AC related Action frames are ignored in cases where they
were not expected. In addition, WARNING/ERROR should not really be used
in cases an invalid frame is dropped especially if this is not related
to a security setup since external devices could otherwise generate log
entries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 13:17:57 +02:00
Jouni Malinen
0570a3ea7d HS 2.0: Clarify OSU Provider list length validation
The previous version was somewhat too complex for some static analyzers.
Use local variables for the extracted length fields and explicitly
compare these against the remaining buffer length. (CID 68121)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-05 00:56:05 +02:00
Jouni Malinen
65d9a5e254 ERP: Add wpa_supplicant ERP_FLUSH ctrl_iface command
This can be used to flush all the ERP keys.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:16:29 +02:00
Jouni Malinen
02a8d45ace ERP: Add support for ERP on EAP peer
Derive rRK and rIK on EAP peer if ERP is enabled. The new wpa_supplicant
network configuration parameter erp=1 can now be used to configure the
EAP peer to derive EMSK, rRK, and rIK at the successful completion of an
EAP authentication method. This functionality is not included in the
default build and can be enabled with CONFIG_ERP=y.

If EAP authenticator indicates support for re-authentication protocol,
initiate this with EAP-Initiate/Re-auth and complete protocol when
receiving EAP-Finish/Re-auth.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:16:29 +02:00
Dmitry Shmidt
f34891a3af Return only full network line in list_networks
It makes more sense to truncate at line boundary especially with the new
LAST_ID parameter.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-12-03 22:31:53 +02:00
Vinit Deshpande
90903a77ef List all networks despite message limit of 4096 bytes
This change creates 'LIST_NETWORK LAST_ID=x' form to allow
retrieval of all networks saved in the system. Without this form,
only first few (whatever fills in first 4096 bytes) can be
retrieved.

Signed-off-by: Vinit Deshpande <vinitd@google.com>
2014-12-02 23:47:27 +02:00
Jouni Malinen
44177b69e8 Allow a BSS entry with all-zeros BSSID to expire
wpa_bss_in_use() used to determine that a BSS with BSSID of
00:00:00:00:00:00 is in use in almost every case since either
wpa_s->bssid or wpa_s->pending_bssid was likely to be cleared. This
could result in a corner case of a BSS entry remaining in the BSS table
indefinitely if one was added there with a (likely bogus) address of
00:00:00:00:00:00. Fix this by ignore wpa_s->bssid and
wpa_s->pending_bssid if the BSSID in the BSS table entry is
00:00:00:00:00:00.

In theory, that address is a valid BSSID, but it is unlikely to be used
in any production AP, so the potential expiration of a BSS entry with
that address during a connection attempt would not be a concern
(especially when a new scan would be enough to recover from that).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-02 19:46:58 +02:00
Jouni Malinen
e374522827 Do not start new radio work on scan completion during ext work
Externally triggered scan could result in a new radio work item getting
started even when external radio work was in progress. Delay such start
until the external work is completed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-01 20:17:08 +02:00
Jouni Malinen
4f9a5ea5cc WPS: Fix current_ssid clearing on duplicate network removal
It was possible for the current network profile to be deleted when
merging duplicated WPS credentials. However, this did not clear
wpa_s->current_ssid and it was possible for something else to end up
dereferencing that pointer to now freed memory. This could be hit, e.g.,
with ap_wps_mixed_cred. Fix this by clearing current_ssid also in this
code path similarly to other cases of network block getting removed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 15:53:11 +02:00
Jouni Malinen
e4a35f07d9 mesh: Skip fast-association when using connect_without_scan
The mesh group addition was designed to use wpa_s->connect_without_scan
to skip a scan. That path was skipped if wpa_supplicant_fast_associate()
allowed previous scan results to be used. This could result in undesired
double-initialization attempt for the mesh interface. Avoid this by not
using wpa_supplicant_fast_associate() when wpa_s->connect_without_scan
is set.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 15:53:11 +02:00
Jouni Malinen
608b0ff52a mesh: Check for initialization failures
It is possible that these location ended up getting called before mesh
startup operations had been completed and that could result in
dereferencing NULL pointers. Address those error cases by verifying that
the needed parameters are available before using them.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 15:53:11 +02:00
Jouni Malinen
9a700ff9ef Ignore auth/assoc timeout events in mesh configuration
It was possible for auth/assoc timeout/failure event from the driver to
result in unexpected processing during mesh group setup if that
operation was started before the previously started driver operation to
association/connect had completed. Since those events cannot happen in
mesh cases, ignore them to avoid issues due to this corner case.

For example, monitor_iface_unknown_sta followed by wpas_mesh_secure test
case resulted in failure without this change.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 15:53:11 +02:00
Jouni Malinen
763041b2e8 mesh: Avoid a false maybe-uninitialized compiler warning
An earlier check of the action_field value above the switch statement
already took care of all other possible cases, but that was apparently
too difficult for the compiler to notice. Bring back the default case to
avoid incorrect warnings about the event variable being maybe
uninitialized.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 15:53:11 +02:00
Jouni Malinen
c932b43e56 mesh: Add more debug information to MPM Action frame processing
This makes it easier to figure out why a peering message is dropped.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-28 23:02:29 +02:00
Jouni Malinen
fc0ef7c0e7 Add DATA_TEST_FRAME for testing Data frame processing
The new wpa_supplicant control interface command can be used in
automated testing to verify how AP processes Data frames with arbitrary
contents. This is enabled only in builds with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 23:51:46 +02:00
Jouni Malinen
b925506a91 Clear RSN preauth and PMKSA cache state on FLUSH command
There is no need for this state to maintained when the wpa_supplicant
FLUSH ctrl_iface command is used to request flushing of all state.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 19:56:15 +02:00
Jouni Malinen
3882a70841 WMM AC: Fix memory leak on deinit without disassoc event
It was possible for wmm_ac_deinit() not getting called when an interface
was removed in a sequence where disassociation was not reported and
wmm_ac_notify_disassoc() did not get called. This resulted in leaking
whatever memory was allocated for WMM AC parameters. Fix that by calling
wmm_ac_notify_disassoc() from wpa_supplicant_cleanup().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 19:00:02 +02:00
Jouni Malinen
5214f4fafc Clear scan_req to NORMAL_SCAN_REQ for connection attempt
This is needed to fix some sequencies where a real scan in ap_scan=2
case would be issued even when the connection case would expect direct
connection without a scan.

This fixed an issue shown in hwsim test case autoscan_exponential
followed by ibss_open_fixed_bssid.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 17:55:54 +02:00
Jouni Malinen
4e0990dc88 mesh: Send peering close message before leaving mesh
This is needed to allow proper Action frame transmission to work without
having to claim these to be offchannel operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 17:12:47 +02:00
Neelansh Mittal
3a7414b6a6 Do not re-open Android control sockets
On Android, the control socket being used may be the socket that is
created when wpa_supplicant is started as a /init.*.rc service. Such a
socket is maintained as a key-value pair in Android's environment.
Closing this control socket would leave wpa_supplicant in a bad state.
When wpa_supplicant re-opens the ctrl_iface socket, it will query the
Android's environment, and will be returned with the same socket
descriptor that has already been closed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-25 17:16:44 +02:00
Masashi Honma
a959a3b69d SAE: Fix Anti-Clogging Token request frame format
This commit inserts Finite Cyclic Group to Anti-Clogging Token request
frame because IEEE Std 802.11-2012, Table 8-29 says "Finite Cyclic Group
is present if Status is zero or 76".

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-25 16:08:53 +02:00
Jouni Malinen
849367afe9 SME: Fix a sign-compare warning
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-25 01:07:16 +02:00
Jouni Malinen
158211b2db WNM: Use country code, if available, to help in channel mapping
The country code from the current AP needs to be used in
ieee80211_chan_to_freq() to support cases where non-global operating
class table is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-24 10:57:38 +02:00
Jouni Malinen
5d017065a0 GAS: Clean up Query Response length validation
Previous version was correct, but apparently too complex for some static
analyzers. (CID 68119)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
355e17eb1b HS 2.0: Clarify OSU Server URI length validation
The previous version was valid, but apparently too complex for some
static analyzers. Use a local variable for uri_len and explicitly
compare it against the remaining buffer length. (CID 68121)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
5c58c0ce86 HS 2.0: More explicit hs20_osu_icon_fetch() length validation
The previous version was fine, but too much for some static analyzers to
understand as proper bounds checking. (CID 68122)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
fecc09edc3 WNM: Use a clearer validation step for key_len_total
The previous one based on pointer arithmetic was apparently too much for
some static analyzers (CID 68130).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 18:04:02 +02:00
Jouni Malinen
43aee94899 Interworking: Clearer ANQP element length validation
The upper bound for the element length was already verified, but that
was not apparently noticed by a static analyzer (CID 68128).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 17:41:13 +02:00
Jouni Malinen
f5f3728a81 WNM: Print debug message if Action frame sending fails
This makes wpa_drv_send_action() return value checking more consistent
(CID 75390).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 16:13:50 +02:00
Andrei Otcheretianski
70d1e72849 wpa_supplicant: Handle link measurement requests
Send link measurement response when a request is received. Advertise
only RCPI, computing it from the RSSI of the request. The TX power field
is left to be filled by the driver. All other fields are not published.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-11-22 21:45:07 +02:00
Assaf Krauss
66d2143435 wpa_cli: Add optional ssid to neighbor report request
Add optional 'ssid' parameter to command "neighbor_rep_request".

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:37:49 +02:00
Assaf Krauss
4c4b230527 wpa_supplicant: Add an option to specify SSID in neighbor report requests
Allow supplying an SSID for the SSID IE. If not supplied, no SSID IE is
sent, and the request implies the current SSID.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:36:42 +02:00
Assaf Krauss
fad14af93a wpa_cli: Add neighbor_rep_request command
Add neighbor_rep_request command to send a Neighbor Report Request
to the associated AP.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:29:41 +02:00
Assaf Krauss
f4b8bfae15 wpa_supplicant: Add NEIGHBOR_REP_REQUEST command to the control interface
Add NEIGHBOR_REP_REQUEST command to the wpa_supplicant ctrl_iface.
This command triggers the sending of a Neighbor Report Request to the
associated AP.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:28:52 +02:00
Assaf Krauss
d89c0701db wpa_supplicant: Add support for Neighbor Report
Add the ability to send a Neighbor Report Request (part of
RRM). Requester is then notified once the report arrives.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:23:14 +02:00
Assaf Krauss
b361d580ec SME: Add RRM support to association request
In case the AP we are associating with advertises support for RRM,
advertise our own RRM support in the (Re)Association Request frame. This
is done by adding an RRM Capabilities IE. The underlying driver is
expected to further add a Power Capabilities IE to the request, and set
the Radio Measurement flag in the Capability Info field. At this point
the RRM Capabilities IE advertises no measurement support.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:13:45 +02:00
Assaf Krauss
f936b73c4f wpa_supplicant: Store driver's RRM capabilities
Store the RRM capability flags reported by the underlying driver.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:07:56 +02:00
Jouni Malinen
75d65857d5 WNM: Use recent scan results on BSS transition request
If the last scans are recent (for now, less than ten seconds old), use
them instead of triggering a new scan when a BSS Transition Management
Request frame is received. As a fallback, allow a new scan to be
triggered if no matches were found.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 20:17:47 +02:00
Jouni Malinen
e1117c1c01 WNM: Optimize BSS transition management scans
When the list of preferred transition candidates is received, use the
identified channels to optimize the following scan so that no time is
wasted on other channels.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 20:17:47 +02:00
Jouni Malinen
d0b9ab69f6 WNM: Move transition candidate list processing to normal scan
This makes it easier to optimize transition request processing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 18:40:03 +02:00
Jouni Malinen
279b5486a6 WNM: Fix TM candidate freeing if multiple requests are processed
The previously cached candidate list needs to be free properly through a
call to wnm_deallocate_memory() to ensure all subelements gets freed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 18:40:03 +02:00
Jouni Malinen
027454d2e9 WNM: Allow BSS transition request in same ESS even if RSSI is worse
This allows an AP to steer us to another BSS within the ESS even if that
results in reduced signal strength as long as the signal strength with
the target BSS is expected to provide some connectivity.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 18:06:37 +02:00
Jouni Malinen
6900b6d96f WNM: Mark wnm_scan_response() static
This function is not used outside wnm_sta.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 18:06:37 +02:00
Jouni Malinen
ff2c5758bb WNM: Order BSS transmission candidate entries based on preference
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 18:06:37 +02:00
Jouni Malinen
093226783d WNM: Simplify how candidate subelements are stored
There is no need to use a separately allocated data structures for this.
A bitfield indicating which information is present and variables within
struct neighbor_report are simpler to use and more efficient.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 18:06:37 +02:00
Jouni Malinen
8c9af762f3 WNM: Calculate valid-until time for transition candidate list
This is of more use than the raw validity interval (number of beacon
intervals) that was recorded previously.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 18:06:27 +02:00
Jouni Malinen
4c381f0d1c WNM: Convert BSSID Info into a u32
This is more convenient to use than u8 array.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 17:03:15 +02:00
Jouni Malinen
8040dc53c2 WNM: Debug print WNM BSS Transition Candidate List
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 16:34:34 +02:00
Thomas Pedersen
9e5e03d77e Add examples of new mesh options into wpa_supplicant.conf
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
2014-11-20 16:31:09 +02:00
Johannes Berg
83b9d426e0 WMM AC: Notify driver before sending DelTS
Switch the stop and sending DelTS to avoid sending data packets
for the session after the DelTS, which is otherwise possible.

This also helps the mac80211 implementation as it requires stopping the
traffic flow before sending the DelTS as it may modify the AC parameters
for the affected queue, and that may in turn affect management frames.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-11-16 21:40:57 +02:00
Moshe Benji
8506ea6f17 WMM AC: Add wmm_ac_status control interface command
This wmm_ac_status command will show the current status for WMM AC.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 21:40:51 +02:00
Moshe Benji
df9d340c80 wpa_cli: WMM_AC_ADDTS and WMM_AC_DELTS commands
wmm_ac_addts command will add (or update) a traffic stream and
wmm_ac_delts command will delete an existing traffic stream.

Each of the above commands will call its corresponding
ctrl_iface command.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 21:16:03 +02:00
Moshe Benji
eb2f2088aa ctrl_iface: Add wmm_ac_addts and wmm_ac_delts commands
wmm_ac_addts command will add (or update) a traffic stream and
wmm_ac_delts command will delete an existing traffic stream.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 21:13:42 +02:00
Moshe Benji
d1f880013a WMM AC: Handle TSPEC action frames
Add the TSPEC to the driver on successful TSPEC ADDTS response. Delete
the TSPEC when receiving DELTS action.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 21:07:08 +02:00
Eliad Peller
674f6c073f WMM AC: Add basic ADDTS/DELTS sending functions
Add basic implementation for ADDTS and DELTS sending
functions.

wpas_wmm_ac_addts() will send ADDTS request public action,
containing TSPEC (traffic stream specification) with
the given params.

wpas_wmm_ac_delts() will look for the saved tspec with
the given tid, and send DELTS public action for it.

(Handling of ADDTS response and actually configuring the admission
control params will be added in following patches.)

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 21:03:56 +02:00
Moshe Benji
471cd6e10c WMM AC: Add add_tx_ts and del_tx_ts driver ops
Add add_tx_ts() and del_tx_ts() ops to notify the driver about
TSPEC add / delete.

Additionally, add wmm_ac_supported flag to indicate
whether the driver supports WMM AC.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 20:47:36 +02:00
Moshe Benji
a0413b1734 WMM AC: Parse WMM IE on association
Initialize WMM AC data structures upon successful association
with an AP that publishes WMM support, and deinitialize the data
structure when the association is no longer valid.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-11-16 20:47:34 +02:00
Masashi Honma
e609679984 mesh: Make plink params configurable
This patch makes four MIB variables for plink configurable and sets the
correct default values based on IEEE Std 802.11s-2011.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
0c6099f31b mesh: Check mesh key management method
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
44a1662a50 mesh: Add wpa_cli action script processing for mesh events
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
790709060d mesh: Add scan result for mesh network
Android 4.4 uses "BSS" command instead of "SCAN_RESULT" command.
So this patch add the mesh scan result for BSS command.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
2b2bb5a8b9 mesh: Make BSSBasicRateSet configurable
STAs that have different BSSBasicRateSet cannot connect to each other
as per IEEE 802.11s-2011 9.6.0c1:

"A mesh STA shall not establish a mesh peering with a mesh STA using a
different BSSBasicRateSet."

Make BSSBasicRateSet configurable to improve interoperability with other
stations.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Javier Lopez
603a3f34c4 Add mesh_group_{add,remove} control interface commands
Parse MESH_GROUP_ADD/REMOVE commands on ctrl interface and call
wpa_supplicant routines. These commands are used to start or
join and leave a mesh network.

The mesh id is given in the configuration file, therefore there is
no need to scan before joining a mesh network. We reuse the
connect_without_scan construct used by P2P for that same purpose.

Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Javier Lopez <jlopex@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
798b318223 mesh: Reduce none 11N Self-protected Action frame allocation size
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
9204e73831 mesh: Fix 11N capability in Self-protected Action frame
mesh_ht_mode default value is CHAN_UNDEFINED.
So previous code set 11N capability even though 11N is not used.

Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
edfefaed3c mesh: Set driver capability flags to mesh interface
Signed-off-by: Kenzoh Nishikawa <Kenzoh.Nishikawa@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
eac0231642 mesh: Fix segmentation fault by repeating MESH_GROUP_ADD/REMOVE
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Jason Mobarak
5cfb672dde mesh: Enable mesh HT mode
Add a new option "mesh_ht_mode" that specifies the HT mode for the
mesh, with this option on, mesh beacons, actions frames, and probe
responses with include the appropriate HT information elements.

[original implementation by Chun-Yeow Yeoh <yeohchunyeow@gmail.com>]
[some fixes by Masashi Honma <masashi.honma@gmail.com>]
Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
2014-11-16 19:43:11 +02:00
Chun-Yeow Yeoh
c596f3f083 mesh: Add timer for SAE authentication in RSN mesh
Add timer to do SAE re-authentication with number of tries defined
by MESH_AUTH_RETRY and timeout defined by MESH_AUTH_TIMEOUT.

Ignoring the sending of reply message on "SAE confirm before commit"
to avoid "ping-pong" issues with other mesh nodes. This is obvious when
number of mesh nodes in MBSS reaching 6.

Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-11-16 19:43:11 +02:00
Thomas Pedersen
0f950df029 mesh: Add mesh robust security network
This implementation provides:

- Mesh SAE authentication mechanism
- Key management (set/get PSK)
- Cryptographic key establishment
- Enhanced protection mechanisms for robust management frames

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
2014-11-16 19:43:06 +02:00
Dmitry Shmidt
88cb27c7a5 hostapd: Add wowlan_triggers config param
New kernels in wiphy_suspend() will call cfg80211_leave_all() that will
eventually end up in cfg80211_stop_ap() unless wowlan_triggers were set.
For now, use the parameters from the station mode as-is. It may be
desirable to extend (or constraint) this in the future for specific AP
mode needs.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-11-16 17:09:11 +02:00
Jouni Malinen
087a1f4efd Suite B: PMKID derivation for AKM 00-0F-AC:11
The new AKM uses a different mechanism of deriving the PMKID based on
KCK instead of PMK. hostapd was already doing this after the KCK had
been derived, but wpa_supplicant functionality needs to be moved from
processing of EAPOL-Key frame 1/4 to 3/4 to have the KCK available.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 17:09:11 +02:00
Jouni Malinen
666497c8e6 Suite B: Add AKM 00-0F-AC:11
This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The
functionality itself is not yet complete, i.e., this commit only
includes parts to negotiate the new AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 13:20:51 +02:00
Dmitry Shmidt
d10792199e Add CTRL-EVENT-SCAN-FAILED notification in case of scan failure
This is needed since the SCAN command with radio work returns before the
actual driver operation to trigger a scan has been executed and as such,
cannot return result of that operation.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-11-15 11:03:52 +02:00
Jouni Malinen
ee231fdb2b Remove completed to-do items
While this file has not really been updated in years, some of the
completed items can easily be removed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-01 16:24:36 +02:00