Commit graph

793 commits

Author SHA1 Message Date
Baruch Siach
4929898dab hostapd: Remove redundant variable initialization
The 'errors' variable is initialized later anyway.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-16 20:26:51 +03:00
Jouni Malinen
b6668734ab WNM: Add advertisement of BSS max idle period
If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period
information to the (Re)Association Response frame from the AP and parse
this information on the station. For SME-in-wpa_supplicant case, add a
timer to handle periodic transmission of the keep-alive frame. The
actual request for the driver to transmit a frame is not yet
implemented.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-27 17:35:00 -07:00
Dmitry Shmidt
dfb42efb34 wpa_supplicant: Make Android makefiles available under the BSD license
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-05-14 20:34:24 -04:00
Jouni Malinen
ec4a5d32b1 Add ChangeLog entries from v1.0 release
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-10 22:12:07 +03:00
Jouni Malinen
b031338cf0 Add preliminary RADIUS dynamic authorization server (RFC 5176)
This adds the basic DAS mechanism to enable hostapd to be configured
to request dynamic authorization requests (Disconnect-Request and
CoA-Request). This commit does not add actual processing of the
requests, i.e., this will only receive and authenticate the requests
and NAK them regardless of what operation is requested.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-06 22:02:42 +03:00
Jouni Malinen
af35e7af7f hostapd: Allow addition of arbitrary RADIUS attributes
New configuration parameters radius_auth_req_attr and
radius_acct_req_attr can now be used to add (or override) RADIUS
attributes in Access-Request and Accounting-Request packets.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 20:19:56 +03:00
Jouni Malinen
86f6053aa2 hostapd: Add optional Chargeable-User-Identity request (RFC 4372)
radius_request_cui=1 configuration parameter can now be used to
configure hostapd to request CUI from the RADIUS server by including
Chargeable-User-Identity attribute into Access-Request packets.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 18:19:54 +03:00
Jouni Malinen
5daba48ca7 hlr_auc_gw: Use 5 bit IND for SQN updates
Change the SQN generation mechanism to use not time-based Profile 2
as described in 3GPP TS 33.102 Annex C.3.2. The previous implementation
used void IND (i.e.., all of SQN was SEQ1). The new default uses 5 bits
of SQN as IND. The length of IND can be configured on the command line
with the new -i<IND len in bits> parameter. -i0 would make hlr_auc_gw
behave in the same way as the previous implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 14:12:42 +03:00
Jouni Malinen
5336861301 hlr_auc_gw: Add support for updating Milenage file SQN
If the new command line argument -u is used, hlr_auc_gw will update
the Milenage file SQN numbers when exiting based on what was the last
SQN used during the process runtime.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-03 22:39:49 +03:00
Jouni Malinen
057a92ec5c hlr_auc_gw: Fix CONFIG_WPA_TRACE=y build
Need to initialize tracing code and use correct free() wrapper.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-03 22:05:04 +03:00
Jouni Malinen
762e4ce620 EAP-AKA': Update to RFC 5448
There was a technical change between the last IETF draft version
(draft-arkko-eap-aka-kdf-10) and RFC 5448 in the leading characters
used in the username (i.e., use unique characters for EAP-AKA' instead
of reusing the EAP-AKA ones). This commit updates EAP-AKA' server and
peer implementations to use the leading characters based on the final
RFC.

Note: This will make EAP-AKA' not interoperate between the earlier
draft version and the new version.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-02 20:45:01 +03:00
Ben Greear
9d05374796 Make bind failure messages unique
This helps someone know which part of the code is complaining.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-04-06 12:10:36 +03:00
Sujith Manoharan
1ed08baf89 hostapd: Do not allow HT in 11b mode
When the HW mode has been configured as 11b, disable HT
operations.

Signed-hostap: Sujith Manoharan <c_manoha@qca.qualcomm.com>
2012-04-03 12:03:18 +03:00
Anirban Sirkhell
4c374cde2f Add wps_cancel for hostapd_cli
Implement wps_cancel for hostapd similarly to how it was already
supported in wpa_supplicant AP mode.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-03-30 11:11:35 +03:00
Jouni Malinen
648cc711a5 GAS server: Add support for ANQP Venue Name element
The new venue_name configuration parameter can now be used to configure
the ANQP Venue Name values that stations can request through GAS.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-26 22:53:22 +02:00
Jay Katabathuni
dca30c3fb7 Interworking: Add GAS server support for AP mode
This adds GAS/ANQP implementation into hostapd. This commit brings in
the basic GAS/ANQP functionality, but only the ANQP Capability List
element is supported.

For testing purposes, hostapd control interface SET command can be used
to set the gas_frag_limit parameter dynamically.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-26 22:52:53 +02:00
Dmitry Shmidt
1e1411b04f Android: Add PLATFORM_VERSION to VERSION_STR_POSTFIX definition
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-02-25 18:22:38 +02:00
Dmitry Shmidt
5db498920f Android: Add build configuration files
These are from Android wpa_supplicant_8.git initial 0.8.X commit
8d520ff1dc2da35cdca849e982051b86468016d8 with some additional edits and
renaming of .config files to android.config.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-02-25 18:22:34 +02:00
Jithu Jance
e60b295186 Add wpa_supplicant AP mode STA deauthenticate/disassociate commands
Move disassociate and deauthenticate commands to ctrl_iface_ap.c, so
that they ares accessible for wpa_supplicant AP mode and wpa_cli (with
CONFIG_AP option enabled).

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2012-02-25 17:22:48 +02:00
Jouni Malinen
9d23cff598 hostapd: Allow 'none' driver to be started without ifname
Commit 0dcc4dc4b3 made driver
initialization conditional on interface name being configured. This can
break hostapd-as-RADIUS-server use case where this parameter does not
really make any sense. Fix this with a special case for the none driver.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-16 23:11:29 +02:00
Jouni Malinen
07bcdbb150 Move hostapd_for_each_interface() and hapd_interfaces into src/ap
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:46:27 +02:00
Shan Palanisamy
9e7d033ef4 hostapd: Make sure ctrl_iface is not initialized multiple times
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:44:43 +02:00
Shan Palanisamy
0dcc4dc4b3 Do not call driver_init if hostapd interface is not yet configured
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:43:48 +02:00
Shan Palanisamy
c0971c561f Do not call hapd_deinit if driver was not initialized
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:42:29 +02:00
Shan Palanisamy
31b79e1197 hostapd: Allow config parameters to be set through ctrl_iface
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:36:48 +02:00
Jouni Malinen
a7f5b74d43 Split hostapd security parameter updating into a separate function
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:35:54 +02:00
Shan Palanisamy
ef45bc892d hostapd: Split config item parser into a separate function
This makes it easier to use the configuration file parser for updating
the configuration at run time.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:34:21 +02:00
Shan Palanisamy
31b540ebd5 Clear wpa_psk/passphrase when the other option is configured
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:32:48 +02:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
331f89ff5b Select the BSD license terms as the only license alternative
Simplify licensing terms for hostap.git by selecting the BSD license
alternative for any future distribution. This drops the GPL v2
alternative from distribution terms and from contribution requirements.

The BSD license alternative that has been used in hostap.git (the one
with advertisement clause removed) is compatible with GPL and as such
the software in hostap.git can still be used with GPL projects. In
addition, any new contribution to hostap.git is expected to be licensed
under the BSD terms that allow the changes to be merged into older
hostap repositories that still include the GPL v2 alternative.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:31 +02:00
Dan Harkins
27c9d333d4 EAP-pwd: Describe build option for EAP-pwd
Signed-hostap: Dan Harkins <dharkins@lounge.org>
2012-02-11 12:17:58 +02:00
Jouni Malinen
57d38ddf6b Update copyright notices to include year 2012
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-01 18:59:16 +02:00
Yogesh Ashok Powar
ef01fa7bfa hostapd: Make inactivity polling configurable
hostapd uses the poll method to check if the station is alive
after the station has been inactive for ap_max_inactivity seconds.
Make the poll mechanism configurable so that user can choose to
disconnect idle clients.

This can be especially useful when some devices/firmwares have
restrictions on the number of clients that can connect to the AP
and that limit is smaller than the total number of stations trying
to use the AP.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
2011-12-25 20:57:01 +02:00
Michael Braun
05ab9712b9 Allow WPA passphrase to be fetched with RADIUS Tunnel-Password attribute
This allows per-device PSK to be configured for WPA-Personal using a
RADIUS authentication server. This uses RADIUS-based MAC address ACL
(macaddr_acl=2), i.e., Access-Request uses the MAC address of the
station as the User-Name and User-Password. The WPA passphrase is
returned in Tunnel-Password attribute in Access-Accept. This
functionality can be enabled with the new hostapd.conf parameter,
wpa_psk_radius.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2011-12-11 13:01:57 +02:00
Arik Nemtsov
4f73d88afa Maintain internal copy of Probe Response offload capabilities
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-12-10 21:11:32 +02:00
Ben Greear
e04a163180 AP: Convert some wpa_printf to wpa_msg/dbg
This generates better log messages when running multiple
interfaces in one process.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-12-10 16:28:14 +02:00
Jouni Malinen
505a36941e Add MSK dump mechanism into hostapd RADIUS server for testing
Testing code can now be enabled in the hostapd RADIUS server to dump
each derived MSK into a text file (e.g., to be used as an input to
wlantest). This functionality is not included in the default build
and can be enabled by adding the following line to hostapd/.config:
CFLAGS += -DCONFIG_RADIUS_TEST

The MSK dump file is specified with dump_msk_file parameter in
hostapd.conf (path to the dump file). If this variable is not set,
MSK dump mechanism is not enabled at run time.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-09 00:15:04 +02:00
Bharat Chakravarty
8e5f913456 WPS: Allow RF Bands value to be overridden
A new hostapd.conf parameter, wps_rf_bands, can now be used to fix the
RF Bands value in cases where hw_mode is not set or when operating a
dual band dual concurrent AP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-30 17:44:43 +02:00
Jouni Malinen
ca84eed7ad TLS: Add build configuration for TLS v1.2 support
This allows the internal TLS implementation to be built for TLS v1.2
support. In addition to the build option, this changes the TLS PRF
based on the negotiated version number. Though, this commit does not
yet complete support for TLS v1.2.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:45:07 +02:00
Jouni Malinen
8307489840 Add implementation of TLS v1.2 PRF (P_SHA256)
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:10:06 +02:00
Jouni Malinen
90cba4e7ab hostapd: Define CONFIG_SHA256 for SHA256 builds
wpa_supplicant was already doing this and hostapd will need to define
this for future additions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:10:06 +02:00
Jouni Malinen
0bf927a03e Use wpa_key_mgmt_*() helpers
This cleans up the source code and makes it less likely that new AKM
addition misses some needed changes in the future.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-24 22:47:46 +02:00
Dmitry Shmidt
20b2161d5b Android: Move WPA_BUILD check in Android.mk
This is part of commit e61a2d6db6113da5fad91660764afdb0596dbc46 from
Android wpa_supplicant_8.git.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-11-23 17:58:44 +02:00
Jeff Brown
4482f1fbc4 Android: Remove the simulator target from all makefiles
This is commit bbda627478b0e9a312fea4662cd7cd8d6bdf82bf from
Android wpa_supplicant_8.git.
2011-11-23 17:56:41 +02:00
Helmut Schaa
8cfa3527e1 Allow MLME frames to be sent without expecting an ACK (no retries)
In some situations it might be benefical to send a unicast frame without
the need for getting it ACKed (probe responses for example). In order to
achieve this add a new noack parameter to the drivers send_mlme callback
that can be used to advise the driver to not wait for an ACK for this
frame.

Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
2011-11-19 19:02:05 +02:00
Dan Harkins
4301163930 EAP-pwd: Document group configuration for hostapd authentication server 2011-11-19 16:32:21 +02:00
Jouni Malinen
e9447a94c0 Use a single define for maximum number of EAP methods
This cleans up the code a bit by not having to deal with theoretical
possibility of maximum number of EAP methods to be different between
various components in hostapd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-17 20:06:33 +02:00
Jouni Malinen
895c643407 Remove unused header file inclusion
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-17 20:01:19 +02:00
Jouni Malinen
7cb03b0eaf Android: Update libnl use to match with Android ICS
The libnl_2 library uses static linking and different path for
header files in the Android ICS release.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-15 18:37:10 +02:00
Jouni Malinen
e4b8ac129b Android: Fix hostapd_cli build
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-15 18:34:57 +02:00
Jouni Malinen
dd17f3ec4f Android: Fix hostapd build
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-15 18:34:09 +02:00
Jouni Malinen
aea855d752 Move wpa_scan_results_free() into shared C file
Replace the inline helper function with a new C file that can be used
for common driver API related function.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 18:56:26 +02:00
Jouni Malinen
7756114f6a Postpone global_init() call until first driver instance is initialized
This avoids allocating global driver state for driver wrappers that
are built in but not used. This can save some resources and avoids
failures with driver_nl80211.c that is now initializing netlink
connections for nl80211 in global_init().
2011-10-23 13:20:52 +03:00
Jouni Malinen
4b24282a17 hostapd: Call global_init/global_deinit driver_ops
Now both wpa_supplicant and hostapd allow the driver wrappers to use the
global context similarly.
2011-10-22 12:22:59 +03:00
Dmitry Shmidt
8f5b9aa19a Set ANDROID_LOG_NAME depending on application
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-10-21 18:59:42 +03:00
Jouni Malinen
39b97072b2 Add support for Time Advertisement
This adds preliminary support for IEEE 802.11v Time Advertisement
mechanism with UTC TSF offset.
2011-10-18 00:24:16 +03:00
Jouni Malinen
4b2a77aba2 Interworking: Add support for configuring Roaming Consortium List 2011-10-17 23:55:50 +03:00
Jouni Malinen
062390efd4 Start deprecating various AP mode driver_ops
The preferred way of configuring AP mode will be to use set_ap() instead
of number of separate operations hostapd has collected over the years.
2011-10-17 18:35:25 +03:00
Mahesh Palivela
d4370eac2e Move SA Query mechanism into a file that can be shared more easily
This is the first step in allowing SA Query mechanism in hostapd to be
used with drivers that implement authentication and association MLME/SME
(i.e., do not use ieee802_11.c).
2011-10-17 17:33:17 +03:00
Jouni Malinen
71269b3708 WNM: Add BSS Transition Management Request for ESS Disassoc Imminent
"hostapd_cli ess_disassoc (STA addr) (URL)" can now be used to send
an ESS Dissassociation Imminent notification to the STA. This event
is shown in wpa_supplicant ctrl_iface monitors (e.g., wpa_cli):
"WNM: ESS Disassociation Imminent - session_info_url=http://example.com/session/"
2011-10-16 23:55:34 +03:00
Jouni Malinen
b83e3e93c8 IEEE 802.11u: Add configuration and advertisement for Interworking 2011-10-16 23:55:34 +03:00
Mukesh Agrawal
a49214d482 Fix object file list for hlr_auc_gw
If CONFIG_NO_RANDOM_POOL is unset, src/crypto/random.o is linked
into hlr_auc_gw. However, in this configuration, random.o requires
symbols defined in src/utils/eloop.o. So add eloop.o to the object
file list for hlr_auc_gw.
2011-10-15 16:52:51 +03:00
Jouni Malinen
fd2f2d0489 Remove EAP-TTLSv1 and TLS/IA
These protocols seem to be abandoned: latest IETF drafts have expired
years ago and it does not seem likely that EAP-TTLSv1 would be
deployed. The implementation in hostapd/wpa_supplicant was not complete
and not fully tested. In addition, the TLS/IA functionality was only
available when GnuTLS was used. Since GnuTLS removed this functionality
in 3.0.0, there is no available TLS/IA implementation in the latest
version of any supported TLS library.

Remove the EAP-TTLSv1 and TLS/IA implementation to clean up unwanted
complexity from hostapd and wpa_supplicant. In addition, this removes
any potential use of the GnuTLS extra library.
2011-09-25 21:28:32 +03:00
Jouni Malinen
5c47af9a7a TLS: Add support for TLS v1.1 (RFC 4346) with internal TLS
This is disabled by defautl and can be enabled with CONFIG_TLSV11=y
build configuration parameter.
2011-09-25 17:24:46 +03:00
Pavel Roskin
ffbf1eaa26 Fix typos found by codespell
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-09-22 00:43:59 +03:00
Jouni Malinen
697cd03fc2 AP: Set pairwise/group cipher for non-WPA modes
This is needed to avoid confusing configuration in some nl80211
drivers that the new AP mode configuration alternatives for
setting security policy.
2011-09-15 15:02:59 +03:00
Jouni Malinen
531e420dd7 Remove time.h include from utils/includes.h
os_*() wrappers should be used instead of functions from time.h.
Removing the header from includes.h enforces this. os_unix.c can
include this its uses are valid wrapper calls. wps_upnp.c uses
gmtime() for which there is no os_*() wrapper available yet, so
allow it to use time.h, too. Similarly, allow dump_state.c to
use time.h for ctime().
2011-09-12 22:19:26 +03:00
Jouni Malinen
17f6b90056 WPS: Wait for EAPOL-Start unless WPS 2.0 station as workaround
Extend the code that waits for the station to send EAPOL-Start before
initiating EAPOL authenticator operations to cover the case where the
station includes WPS IE in (Re)Association Request frame if that IE
does not include support for WPS 2.0. While this should not really
be needed, this may help with some deployed WPS 1.0 stations that do
not support EAPOL operations correctly and may get confused of the
EAP-Request/Identity packets that would show up twice if EAPOL-Start
is transmitted.
2011-08-28 19:16:59 +03:00
Jouni Malinen
d0df54caa9 Change example hostapd.conf to use 2.4 GHz channel
This is more likely to work if someone tests the example file with
no or minimal changes.
2011-07-31 00:47:49 +03:00
Pavel Roskin
e783c9b0e5 madwifi: Implement set_freq for hostapd, adjust hostapd.conf
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-07-29 20:51:55 +03:00
Vladimir
b5cb528d70 Fix hostapd_cli linking without CONFIG_WPA_TRACE=y 2011-07-19 08:45:33 +03:00
Jouni Malinen
4283805972 hostapd_cli: Start using src/utils/edit*.c
This brings hostapd_cli closer to the design used in wpa_cli
and allows command history and editing mechanisms to be added.
2011-07-16 17:37:18 +03:00
Jouni Malinen
cb465555d4 Allow PMKSA caching to be disabled on Authenticator
A new hostapd configuration parameter, disable_pmksa_caching=1, can now
be used to disable PMKSA caching on the Authenticator. This forces the
stations to complete EAP authentication on every association when WPA2
is being used.
2011-07-05 17:13:04 +03:00
Jouni Malinen
38e24575c1 random: Add support for maintaining internal entropy store over restarts
This can be used to avoid rejection of first two 4-way handshakes every
time hostapd (or wpa_supplicant in AP/IBSS mode) is restarted. A new
command line parameter, -e, can now be used to specify an entropy file
that will be used to maintain the needed state.
2011-05-31 20:07:11 +03:00
Jouni Malinen
fa5165586f WPS: Add a workaround for Windows 7 capability discovery for PBC
Windows 7 uses incorrect way of figuring out AP's WPS capabilities by
acting as a Registrar and using M1 from the AP. The config methods
attribute in that message is supposed to indicate only the configuration
method supported by the AP in Enrollee role, i.e., to add an external
Registrar. For that case, PBC shall not be used and as such, the
PushButton config method is removed from M1 by default. If pbc_in_m1=1
is included in the configuration file, the PushButton config method is
left in M1 (if included in config_methods parameter) to allow Windows 7
to use PBC instead of PIN (e.g., from a label in the AP).
2011-05-17 19:53:02 +03:00
Jouni Malinen
5dcfb6830e Include nl80211 driver wrapper in default configuration for hostapd 2011-05-16 21:07:47 +03:00
Guy Eilam
5b73735ba0 hostapd: Fix interfaces.iface initialization
Set all the interfaces.iface pointers to NULL after the allocation of
that memory block for cases those pointers are accessed during each of
the interfaces initialization process (hostapd_interface_init()). One
example for such case is during WPS initialization when the code tries
to fetch the uuid from each of the interfaces.

Signed-off-by: Guy Eilam <guy@wizery.com>
2011-04-15 18:13:04 +03:00
Jouni Malinen
2fee890af7 Add driver capa flag for EAPOL TX status and store capa in hostapd 2011-03-29 17:36:06 +03:00
Jouni Malinen
d47fa330b8 random: Read /dev/random in the background with eloop read socket
This makes it more likely to be able to fetch the 20 octet seed from
/dev/random in cases where other programs may also be competing for
this.
2011-03-22 23:15:00 +02:00
Jouni Malinen
cd9fc7869a hostapd: Add testing mode for RSN element extensions
CFLAGS += -DCONFIG_RSN_TESTING in .config and rsn_testing=1 in
hostapd.conf can now be used to enable a testing mode that adds
extensions to RSN element. This can be used to check whether
station implementations are incompatible with future extensions
to the RSN element.
2011-03-21 13:59:05 +02:00
Johannes Berg
2f646b6e83 WPS: Store (secondary) device type as binary
Instead of converting back and forth from the string representation,
always use the binary representation internally.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-17 18:50:22 +02:00
Jouni Malinen
586bad514b Make the link process quieter unless V=1 is specified
Hide the long command lines used for linking the binaries in the
default build. "make V=1" can be used to show the actual commands
if needed.
2011-03-17 12:31:38 +02:00
Jouni Malinen
61fbd3df04 Fix couple of typos in comments 2011-03-11 12:12:36 +02:00
Shan Palanisamy
d7956add9c FT: Make FT-over-DS configurable (hostapd.conf ft_over_ds=0/1) 2011-03-06 14:31:42 +02:00
Dmitry Shmidt
9fc6aa9f95 Add Android make files for hostapd and wpa_supplicant 2011-02-27 19:19:43 +02:00
Jouni Malinen
9e0749737c Update copyright notices to include the new year 2011-02-27 12:50:00 +02:00
Jouni Malinen
9d832bd07d Remove obsolete comments about libnl 1.1 being new 2011-02-21 23:41:56 +02:00
Helmut Schaa
f39b07d7ed hostapd: Allow coexistance of HT BSSes with WEP/TKIP BSSes
In multi BSS setups it wasn't possible to set up an HT BSS in
conjunction with a WEP/TKIP BSS. HT needed to be turned off entirely
to allow WEP/TKIP BSSes to be used.

In order to allow HT BSSes to coexist with non-HT WEP/TKIP BSSes add a
new BSS conf attribute "disable_11n" which disables HT capabilities on a
single BSS by suppressing HT IEs in the beacon and probe response
frames. Furthermore, mark all STAs associated to a WEP/TKIP BSS as
non-HT STAs. The disable_11n parameter is used internally; no new entry
is parsed from hostapd.conf.

This allows a non-HT WEP/TKIP BSS to coexist with a HT BSS without
having to disable HT mode entirely. Nevertheless, all STAs associated to
the WEP/TKIP BSS will only be served as if they were non-HT STAs.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2011-02-21 17:27:16 +02:00
Jouni Malinen
2944824315 hostapd: Add require_ht configuration parameter
This can be used to configure hostapd to reject association with
any station that does not support HT PHY.
2011-02-09 15:08:47 +02:00
Jouni Malinen
d601247ca9 P2P: Allow WPS_PBC command on GO to select on P2P Device Address
An optional parameter, p2p_dev_addr, can now be given to WPS_PBC
command on P2P GO to indicate that only the P2P device with the
specified P2P Device Address is allowed to connect using PBC. If
any other device tries to use PBC, a session overlap is indicated
and the negotiation is rejected with M2D. The command format for
specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g.,
WPS_PBC p2p_dev_addr=02:03:04:05:06:07

In addition, show the PBC session overlap indication as a WPS failure
event on an AP/GO interface. This particular new case shows up as
"WPS-FAIL msg=4 config_error=12".
2011-02-07 18:28:36 +02:00
Ben Greear
379ff7b9d4 hostapd: Add iface-name wpa_msg() callback registration
This allows the interface name to be automatically
added to log file lines by the core logging logic.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-06 20:50:32 +02:00
Ben Greear
b41a47c03f hostapd: Allow logging to file
Also supports 'relog' CLI command to re-open the log file.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-06 20:24:16 +02:00
Johannes Berg
6905dcb1e0 AP: Introduce sta authorized wrappers
To enable making state change notifications on the WLAN_STA_AUTHORIZED
flag, introduce ap_sta_set_authorized(), and to reduce use of the flag
itself also add a wrapper for testing the flag: ap_sta_is_authorized().

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 16:52:32 +02:00
Johannes Berg
d2da224948 AP: Enable WMM with default parameters by default for HT
If WMM is not disabled explicitly (wmm_enabled=0 in hostapd.conf),
enable WMM automatically whenever HT (ieee80211n) is enabled. Use
the default WMM parameters for AP TX queues and the EDCA parameters
advertised for stations in WMM IE if no overriding values are
included in the configuration.
2011-02-01 14:34:12 +02:00
Mike Crowe
9669794dc4 hostapd: Ensure that the destination directory exists
Ensure that the destination binary directory exists before installing
into it.

Signed-off-by: Mike Crowe <mac@mcrowe.com>
2011-01-30 21:33:17 +02:00
Mike Crowe
590595edba Use DESTDIR when installing hostapd to support cross-compiling
Signed-off-by: Mike Crowe <mac@mcrowe.com>
2011-01-30 21:32:44 +02:00
Jouni Malinen
1161ff1ef5 hostapd: Allow TDLS use to be prohibited in the BSS
tdls_prohibit=1 and tdls_prohibit_chan_switch=1 and now be used to
disable use of TDLS or TDLS channel switching in the BSS using
extended cabilities IE as defined in IEEE 802.11z.
2011-01-28 19:21:59 +02:00
Johannes Berg
0d7e5a3a29 Allow AP mode to disconnect STAs based on low ACK condition
The nl80211 driver can report low ACK condition (in fact it reports
complete loss right now only). Use that, along with a config option, to
disconnect stations when the data connection is not working properly,
e.g., due to the STA having went outside the range of the AP. This is
disabled by default and can be enabled with disassoc_low_ack=1 in
hostapd or wpa_supplicant configuration file.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-12-28 17:15:01 +02:00
Jouni Malinen
51e2a27a21 hostapd_driver_ops reduction
set_sta_vlan, get_inact_sec, sta_deauth, sta_disassoc, and sta_remove
to use inline functions instead of extra abstraction.
2010-11-24 15:36:02 +02:00
Jouni Malinen
bbb921daaa Maintain internal entropy pool for augmenting random number generation
By default, make hostapd and wpa_supplicant maintain an internal
entropy pool that is fed with following information:

hostapd:
- Probe Request frames (timing, RSSI)
- Association events (timing)
- SNonce from Supplicants

wpa_supplicant:
- Scan results (timing, signal/noise)
- Association events (timing)

The internal pool is used to augment the random numbers generated
with the OS mechanism (os_get_random()). While the internal
implementation is not expected to be very strong due to limited
amount of generic (non-platform specific) information to feed the
pool, this may strengthen key derivation on some devices that are
not configured to provide strong random numbers through
os_get_random() (e.g., /dev/urandom on Linux/BSD).

This new mechanism is not supposed to replace proper OS provided
random number generation mechanism. The OS mechanism needs to be
initialized properly (e.g., hw random number generator,
maintaining entropy pool over reboots, etc.) for any of the
security assumptions to hold.

If the os_get_random() is known to provide strong ramdom data (e.g., on
Linux/BSD, the board in question is known to have reliable source of
random data from /dev/urandom), the internal hostapd random pool can be
disabled. This will save some in binary size and CPU use. However, this
should only be considered for builds that are known to be used on
devices that meet the requirements described above. The internal pool
is disabled by adding CONFIG_NO_RANDOM_POOL=y to the .config file.
2010-11-24 01:29:40 +02:00
Jouni Malinen
e5851439e3 Fix hlr_auc_gw build with CONFIG_WPA_TRACE=y 2010-11-24 01:10:48 +02:00
Jouni Malinen
3642c4313a Annotate places depending on strong random numbers
This commit adds a new wrapper, random_get_bytes(), that is currently
defined to use os_get_random() as is. The places using
random_get_bytes() depend on the returned value being strong random
number, i.e., something that is infeasible for external device to
figure out. These values are used either directly as a key or as
nonces/challenges that are used as input for key derivation or
authentication.

The remaining direct uses of os_get_random() do not need as strong
random numbers to function correctly.
2010-11-24 01:05:20 +02:00
Jouni Malinen
5bf49c346c Drop local stations on broadcast deauth/disassoc request
When hostapd_cli deauth/disassoc is used with ff:ff:ff:ff:ff:ff
address, drop all local STA entries in addition to sending out the
broadcast deauth/disassoc frame.
2010-11-10 17:09:31 +02:00
Jouni Malinen
1b6dbec626 Fix a typo in the comment 2010-11-10 14:23:57 +02:00
Yogesh Ashok Powar
6950b2caa8 hostapd: Prohibit WEP configuration when HT is enabled
WFA 11n testing does not allow WEP when IEEE 802.11n is enabled.
Reject such combination when parsing hostapd configuration file.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
2010-11-09 16:49:03 +02:00
Helmut Schaa
f5798bf36a hostapd: Add comment about CONFIG_FULL_DYNAMIC_VLAN to defconfig
Add comment about CONFIG_FULL_DYNAMIC_VLAN to defconfig. By default
this feature is still disabled.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2010-11-09 16:38:59 +02:00
Felix Fietkau
d3b4286967 Allow client isolation to be configured (ap_isolate=1)
Client isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging is
allowed.
2010-11-09 16:27:15 +02:00
Felix Fietkau
d38ae2ea85 Add bridge handling for WDS STA interfaces
By default, add them to the configured bridge of the AP interface
(if present), but allow the user to specify a separate bridge.
2010-11-09 16:12:42 +02:00
Jouni Malinen
7e3c178142 Remove unused TX queue parameters related to Beacon frames
These are not used by any driver wrapper, i.e., only the four
data queues (BK, BE, VI, VO) are configurable. Better remove these
so that there is no confusion about being able to configure
something additional.
2010-11-05 01:23:17 +02:00
Jouni Malinen
acec8d3203 Add ctrl_iface command 'GET version'
This can be used to fetch the wpa_supplicant/hostapd version
string.
2010-10-31 17:07:31 +02:00
Dmitry Shmidt
ae6e1bee67 Add WPA_IGNORE_CONFIG_ERRORS option to continue in case of bad config
This is an option to continue with wpa_supplicant and hostapd even if
config file has errors. The problem is that these daemons are the best
"candidates" for the config change, so if they can not start because
config file was let's say corrupted, you can not fix it easily.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2010-10-31 12:38:49 +02:00
Jouni Malinen
450eddcfae hostapd: Add wps_config ctrl_interface command for configuring AP
This command can be used to configure the AP using the internal
WPS registrar. It works in the same way as new AP settings received
from an ER.
2010-10-21 16:49:41 +03:00
Jouni Malinen
2c8a4eef41 WPS: Update Beacon/ProbeResp IE on wps_version_number changes
This test command is supposed to change the WPS version number in all
places immediately, so make sure that the IEs used in management
frames get updated immediately.
2010-10-19 19:57:01 +03:00
Jouni Malinen
dce044cce5 P2P: Extend P2P manager functionality to work with driver MLME
Add P2P IE into Beacon, Probe Response, and (Re)Association Request
frames for drivers that generate this frames internally.
2010-10-08 18:16:07 +03:00
Jouni Malinen
088a225586 Fix hostapd_cli get_config not to show key when WPA is disabled
Previously, incorrectly configured passphrase or group cipher type
could be shown even if WPA was disabled.
2010-10-08 17:36:52 +03:00
Jouni Malinen
01cf713e51 Fix .gitignore files to not ignore subdirectory matches
The previous used .gitignore files were mathing some files that
were actually already in the repository (e.g.,
hostapd/logwatch/hostapd). Avoid this by listing the conflicting
entries in the root directory .gitignore with full path.
2010-10-07 11:04:16 +03:00
Jouni Malinen
235f69fcd6 Mark ctrl_iface RX debug for PING commands excessive
This cleans up debug log from unnecessary entries when using
wpa_cli/hostapd_cli or other ctrl_iface monitors that PING
periodically to check connectivity.
2010-09-24 15:50:13 -07:00
Jouni Malinen
f61039c75f WPS 2.0: Disable WPS if ignore_broadcast_ssid or WEP is used
These combinations are disallowed in WPS 2.0 (and do not work well
(or at all) with many deployed WPS 1.0 devices either).
2010-09-24 15:17:03 -07:00
Jouni Malinen
403b96fe4f WPS: Add hostapd_cli get_config command
This can be used by a WPS UI to display the current AP configuration.
2010-09-23 12:02:28 -07:00
Jouni Malinen
3981cb3cb8 WPS: Add wps_check_pin command for processing PIN from user input
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
2010-09-23 10:30:52 -07:00
Jouni Malinen
b4e34f2fdf WPS: Make testing operations configurable at runtime
Instead of build time options (CONFIG_WPS_TESTING_EXTRA_CRED and
CONFIG_WPS_EXTENSIBILITY_TESTING), use a single build option
(CONFIG_WPS_TESTING) and runtime configuration of which testing
operations are enabled. This allows a single binary to be used
for various tests.

The runtime configuration can be done through control interface
with wpa_cli/hostapd_cli commands:
Enable extensibility tests:
set wps_version_number 0x57
Disable extensibility tests (WPS2 build):
set wps_version_number 0x20
Enable extra credential tests:
set wps_testing_dummy_cred 1
Disable extra credential tests:
set wps_testing_dummy_cred 0
2010-09-21 19:51:23 -07:00
Dan Harkins
df684d82ff EAP-pwd: Add support for EAP-pwd server and peer functionality
This adds an initial EAP-pwd (RFC 5931) implementation. For now,
this requires OpenSSL.
2010-09-14 21:51:40 -10:00
Jouni Malinen
31fd64cc2f P2P: Add forgotten allow_cross_connection example 2010-09-09 07:17:20 -07:00
Jouni Malinen
962473c136 P2P: Add preliminary P2P Manager AP support for hostapd 2010-09-09 07:17:18 -07:00
Jouni Malinen
cae67937ca WPS: Fix CONFIG_WPS_STRICT build option
This was not supposed to be depending on CONFIG_WPS_NFC.
2010-09-09 06:07:49 -07:00
Jouni Malinen
53587ec183 WPS 2.0: Make WSC 2.0 support to be build option (CONFIG_WPS2)
For now, the default build will only include WSC 1.0 support.
CONFIG_WPS2=y can be used to add support for WSC 2.0.
2010-09-09 06:07:48 -07:00
Jouni Malinen
54f489be45 WPS 2.0: Validate WPS attributes in management frames and WSC messages
If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and
reject the frames if any of the mandatory attributes is missing or if an
included attribute uses an invalid value. In addition, verify that all
mandatory attributes are included and have valid values in the WSC
messages.
2010-09-09 06:07:48 -07:00
Jouni Malinen
6a857074f4 WPS 2.0: Add virtual/physical display and pushbutton config methods 2010-09-09 06:07:47 -07:00
Jouni Malinen
31fcea931d WPS 2.0: Add support for AuthorizedMACs attribute
Advertize list of authorized enrollee MAC addresses in Beacon and
Probe Response frames and use these when selecting the AP. In order
to provide the list, the enrollee MAC address should be specified
whenever adding a new PIN. In addition, add UUID-R into
SetSelectedRegistrar action to make it potentially easier for an AP
to figure out which ER sent the action should there be multiple ERs
using the same IP address.
2010-09-09 06:07:47 -07:00
Jouni Malinen
b070460b1a Fix hostapd build with CONFIG_IEEE80211N but without NEED_AP_MLME 2010-09-05 12:41:15 +03:00
Jouni Malinen
5a1cc30f1a WPS: Add support for dynamic AP PIN management
A new hostapd_cli command, wps_ap_pin, can now be used to manage
AP PIN at runtime. This can be used to generate a random AP PIN and
to only enable the AP PIN for short period (e.g., based on user
action on the AP device). Use of random AP PIN that is only enabled
for short duration is highly recommended to avoid security issues
with a static AP PIN.
2010-08-24 16:35:37 +03:00
Jouni Malinen
7f6ec672ea EAP server: Add support for configuring fragment size 2010-07-20 22:56:10 -07:00
Jouni Malinen
a33c5f96b8 Fix a typo in Disassociation frame building
This did not really change any behavior since Deauthentication frame
uses the same format.
2010-07-17 20:23:20 -07:00
Jouni Malinen
be48214d2b Preparations for 0.7.2 release 2010-04-18 18:02:34 +03:00
Jouni Malinen
125c74cd80 WPS: Include CONFIG_EAP automatically if WPS is enabled 2010-04-17 22:05:18 +03:00
Masashi Honma
5008cb5e55 Support for Solaris default shell restriction
Some shells (like Solaris default /bin/sh) doesn't allow -e
option for file existence check. Use -f instead.
2010-04-17 17:15:23 +03:00
Jouni Malinen
488d0934ab hostapd_cli: Add deauth/disassoc commands to usage help 2010-04-11 21:00:16 +03:00
Yogesh Ashok Powar
721abef9b3 Allow advertising of U-APSD functionality in Beacon
hostapd does not implement UAPSD functionality. However, if U-APSD
functionality is implemented outside hostapd, add support to advertise
the functionality in beacon.

Signed-off-by: yogeshp@marvell.com
2010-04-11 11:32:15 +03:00
Jouni Malinen
b242d398f8 Use more os.h wrapper functions in hostapd_cli 2010-04-07 11:40:34 +03:00
Gregory Detal
bae9217474 Add support for action scripts in hostapd_cli 2010-04-07 11:14:54 +03:00
Gregory Detal
bb437f282b AP: Add wpa_msg() events for EAP server state machine 2010-04-07 11:13:14 +03:00
Michael Buesch
2c657c8dcd hostapd: Use cp -f in make install
If hostapd is running, a make install fails with
cp: cannot create regular file `/usr/local/bin/hostapd': Text file busy

Use cp -f to avoid this error and force-override the file.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
2010-04-06 17:12:17 +03:00
Jouni Malinen
b91ab76e8c Add test commands for sending deauth/disassoc without dropping state
This can be used to test 802.11w by sending a protected or unprotected
deauth/disassoc frame.

hostapd_cli deauth <dst addr> test=<0/1>
hostapd_cli disassoc <dst addr> test=<0/1>

test=0: unprotected
test=1: protected
2010-03-29 12:01:40 -07:00
Jouni Malinen
90a3206a14 Add deauthenticate/disassociate ctrl_iface commands 2010-03-29 11:14:57 -07:00
Jouni Malinen
921a278604 Fix a typo in r1kh config parameter description
The second item on the line is R1KH-ID, not R0KH-ID.
2010-03-07 21:16:42 +02:00
Jouni Malinen
23e2550c0e Remove unneeded CONFIG_EAP comments
These are not needed for WPS builds since CONFIG_WPS=y enables all
the needed EAP components.
2010-03-06 16:40:53 +02:00
Jouni Malinen
94d9bfd59b Rename EAP server source files to avoid duplicate names
This makes it easier to build both EAP peer and server functionality
into the same project with some toolchains.
2010-02-19 18:54:07 +02:00
Jouni Malinen
dff0f701d0 Preparations for v0.7.1 release 2010-01-16 19:04:38 +02:00
Jouni Malinen
94627f6cc8 hostapd: Detect bridge interface automatically
This makes the bridge parameter unnecessary for cases where the interface
is already in a bridge and sysfs is mounted to /sys so that the detection
code works.

For nl80211, the bridge parameter can be used to request the AP
interface to be added to the bridge automatically (brctl may refuse to
do this before hostapd has been started to change the interface mode).
If needed, the bridge interface is also created.
2010-01-16 15:19:58 +02:00
Jouni Malinen
73b217570c Fix linking of nt_password_hash
Need to use conditional linking of some crypto functionality and add
couple of additional object files. [Bug 343]
2010-01-16 10:38:53 +02:00