Commit graph

257 commits

Author SHA1 Message Date
Jouni Malinen
d27df100b5 Allow driver and ctrl_interface parameters to be overridden
New wpa_supplicant command line options -o<driver> and -O<ctrl> can
now be used to override the parameters received in add interface
command from dbus or global ctrl_interface. This can be used, e.g.,
to enable control interface when using NetworkManager (add
-O/var/run/wpa_supplicant into the Exec parameter in
/usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service).
Similarly, this can be used to use another driver wrapper with
NetworkManager (e.g., -onl80211 to replace WEXT with nl80211).
2009-11-04 20:16:15 +02:00
Witold Sowa
dc461de43e wpa_supplicant and dbus code separation
This patch completely separates supplicant's code from dbus.
It introduces three new notifications which copes with all
remaining dbus stuff.
wpas_notify_unregister_interface() was renamed to
wpas_notify_iface_removed().
2009-10-15 21:15:10 +03:00
Masashi Honma
0e27f655f1 MFP: Clear IGTK
The fourth and fifth keys are used as IGTK for management frame
protection. This patch clears these keys.

I have tested with linux kernel 2.6.31.2.
2009-10-12 07:19:01 +03:00
Johannes Berg
0194fedb46 driver_nl80211: Fix MLME key settings for static WEP
Current wpa_supplicant has a bug with WEP keys, it adds a zero-length
sequence counter field to netlink which the kernel doesn't accept.

Additionally, the kernel API slightly changed to accept keys only when
connected, so we need to send it the keys after that. For that to work
with shared key authentication, we also include the default WEP TX key
in the authentication command.

To upload the keys properly _after_ associating, add a new flag
WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE indicating that the driver
needs the keys at that point and not earlier.
2009-09-15 10:48:30 +03:00
Jouni Malinen
60b94c9819 Add preliminary background scan and roaming module design
This allows background scanning and roaming decisions to be contained in
a single place based on a defined set of notification events which will
hopefully make it easier to experiment with roaming improvements. In
addition, this allows multiple intra-ESS roaming policies to be used
(each network configuration block can configure its own bgscan module).

The beacon loss and signal strength notifications are implemented for
the bgscan API, but the actual events are not yet available from the
driver.

The included sample bgscan module ("simple") is an example of what can
be done with the new bgscan mechanism. It requests periodic background
scans when the device remains associated with an ESS and has couple of
notes on what a more advanced bgscan module could do to optimize
background scanning and roaming. The periodic scans will cause the scan
result handler to pick a better AP if one becomes available. This bgscan
module can be taken into use by adding bgscan="simple" (or
bgscan="simple:<bgscan interval in seconds>") into the network
configuration block.
2009-09-15 00:08:24 +03:00
Witold Sowa
3e53b314f5 Share same freeing and error checking code in get_scan_results
Convert wpa_supplicant_get_scan_results_old() to use the same return
style with the other get_scan_results options and clean up the code
by sharing the same scan result freeing and error checking code for
all the options.
2009-09-13 22:21:52 +03:00
Witold Sowa
86b89452f6 Use shared functions for network operations and param changes
Instead of implementing these separately in various control
interface handlers, use shared functions. These add some of the
previously missing notification calls, too, for the affected areas.
2009-09-13 21:16:43 +03:00
Jouni Malinen
8bac466b00 Add wpa_supplicant notification calls
This introduces a new mechanism for collecting notification calls into
a single place (notify.c). As a result of this, most of the
wpa_supplicant code does not need to know about dbus (etc. mechanisms
that could use the notifications). Some empty placeholder functions are
also added in preparation of new dbus code that needs more event
notifications.
2009-09-13 20:53:32 +03:00
Witold Sowa
1bd3f426d3 Remove extra whitespace 2009-09-13 20:27:54 +03:00
Jouni Malinen
1ff733383f Delay processing of EAPOL frames when not associated
If an EAPOL frame is received while wpa_supplicant thinks the driver is
not associated, queue the frame for processing at the moment when the
association event is received. This is a workaround to a race condition
in receiving data frames and management events from the kernel.

The pending EAPOL frame will not be processed unless an association
event is received within 100 msec for the same BSSID.
2009-09-04 18:04:41 +03:00
Dan Williams
cb8564b1dd dbus: add 'scanning' property
When the supplicant is connected and performs a scan, it doesn't enter
WPA_SCANNING state for various reasons.  However, external programs
still need to know that the supplicant is scanning since they may not
wish to perform certain operations during a scan (as those operations
will likely fail or yield incorrect results).  Add a 'scanning' property
and signal to the supplicant dbus interface to allow clients to
synchronize better with the supplicant when it scans.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2009-05-27 21:06:40 +03:00
Jouni Malinen
3ec97afe57 wpa_supplicant AP: Add preliminary support for WPS Internal Registrar
When in AP mode, wpa_supplicant is now enabling WPS (only Internal
Registrar). wpa_cli wps_pbc and wps_pin commands can be used to initiate
WPS negotiation similarly to how this is done in station mode (though,
the BSSID parameter is ignored).
2009-04-21 16:45:16 +03:00
Jouni Malinen
db149ac949 wpa_supplicant AP: Add EAPOL frame TX and RX
This allows WPA-Personal 4-way handshake to be completed successfully.
2009-04-20 16:27:45 +03:00
Jouni Malinen
c3dc92e85f Make deauthentication and disassociation consistent
This fixes an issue where the station was not marked disassociated
properly with locally requested deauthentication.
2009-04-20 11:36:47 +03:00
Jouni Malinen
c3965310e6 Use common get_hw_feature_data for hostapd and wpa_supplicant
This merges the driver wrapper implementations to use the same
implementation both for hostapd and wpa_supplicant operations to avoid
code duplication.
2009-04-09 14:11:39 +03:00
Jouni Malinen
c51218372f Merge wpa_supplicant and hostapd driver wrapper implementations
This commit merges the driver_ops structures and implementations from
hostapd/driver*.[ch] into src/drivers. This is only an initial step and
there is room for number of cleanups to share code between the hostapd
and wpa_supplicant parts of the wrappers to avoid unnecessary source
code duplication.
2009-04-09 13:40:12 +03:00
Jouni Malinen
6caf9ca68c Share same hw_feature definitions between hostapd and wpa_supplicant 2009-04-03 19:04:20 +03:00
Jouni Malinen
2d5b792d2b Add preliminary hostapd data structure initialization for AP mode
wpa_supplicant can now initialize hostapd data structures when mode=2 is
used to set up an AP. The hostapd configuration is not yet set based on
wpa_supplicant network configuration block. In addition, the glue code
for hostapd driver_ops needs number of functions that will be needed for
AP functionality.
2009-03-26 20:37:05 +02:00
Jouni Malinen
1f1b62a0f0 Move wpa_supplicant_create_ap() into ap.c 2009-03-26 16:08:17 +02:00
Jouni Malinen
1581b38b67 Initial step in adding simple AP mode support into wpa_supplicant
This version is adding the configuration option (mode=2) for this and
driver capability reporting to figure out whether AP mode can be used.
However, this does not actually implement any real functionality yet.
2009-03-25 11:38:47 +02:00
Jouni Malinen
36b15723ca Deprecate set_drop_unencrypted(), set_auth_alg(), and set_mode()
All these driver handlers can be implemented in associate() handler
which gets all the needed information in the parameters structure. The
old functions that provided only a single parameter will be removed
eventually to clean up the driver_ops structure, so driver wrappers
should start using the newer mechanism.
2009-03-24 20:06:02 +02:00
Jouni Malinen
c2a0407851 Add SME support (separate authentication and association)
This can be used, e.g., with mac80211-based Linux drivers with
nl80211. This allows over-the-air FT protocol to be used (IEEE
802.11r).

Since the nl80211 interface needed for this is very recent (added
today  into wireless-testing.git), driver_nl80211.c has backwards
compatibility code that uses WEXT for association if the kernel does
not support the new commands. This compatibility code can be
disabled by defining NO_WEXT_COMPAT. That code will also be removed
at  some point to clean up driver_nl80211.c.
2009-03-20 22:26:41 +02:00
Jouni Malinen
4ef1e644eb Determiner whether driver is wired at runtime based on capabilities
Do not use just the driver name for this since driver_ndis.c supports
both wired and wireless NDIS drivers and needs to indicate the driver
type after initialization.
2009-03-07 22:05:43 +02:00
Sam Leffler
daa70d49de Add support for wpa_supplicant syslog output
Enable for build: CFLAGS += -DCONFIG_DEBUG_SYSLOG in .config
Enable at runtime: -s on command line
2009-03-02 21:40:44 +02:00
Jouni Malinen
ba2a573c5f Rename "broadcast SSID" to "wildcard SSID"
"Wildcard SSID" is the term used in IEEE Std 802.11-2007, so it is a
better name for the zero-length SSID used in Probe Request.
2009-02-14 22:21:17 +02:00
Jouni Malinen
362f781e1c Allow multiple driver wrappers to be specified on command line
For example, -Dnl80211,wext could be used to automatically select
between nl80211 and wext. The first driver wrapper that is able to
initialize the interface will be used.
2009-02-14 16:43:43 +02:00
Jouni Malinen
80bc75f135 New driver capability info: max number of scan SSIDs
The driver wrappers can now inform wpa_supplicant how many SSIDs can
be used in a single scan request (i.e., send multiple Probe Requests
per channel). This value is not yet used, but it can eventually be used
to allow a new scan command to specify multiple SSIDs to speed up
scan_ssid=1 operations. In addition, a warning could be printed if
scan_ssid=1 is used with a driver that does not support it
(max_scan_ssids=0).
2009-02-12 22:05:32 +02:00
Jouni Malinen
073ab58ff5 Fixed a copy-paste error in a function documentation 2009-02-10 11:45:17 +02:00
Helmut Schaa
81e59f1070 Fix a segfault in wpa_supplicant_deinit
If wpa_supplicant is started with -u but the DBus service is already
registered wpa_supplicant will bail out. However, it will segfault
in wpa_supplicant_deinit because global->drv_priv wasn't allocated
yet.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2009-02-04 21:55:12 +02:00
Jouni Malinen
b9a2e577b4 IBSS RSN: Set the PSK based on network configuration 2009-01-17 17:47:25 +02:00
Jouni Malinen
8be1844071 Process received EAPOL frames in IBSS RSN code if in IBSS mode 2009-01-17 17:25:11 +02:00
Jouni Malinen
53895c3b60 Disable per-BSSID authentication for RSN IBSS
RSN IBSS uses authentication per-STA and that is initialized separately,
so there is no need to enable the per-BSS like authentication that is
used with APs.
2009-01-17 16:41:47 +02:00
Jouni Malinen
11ef8d3578 Added initial step for IBSS RSN support
This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used
to enable RSN support for IBSS. This links in RSN Authenticator code
from hostapd and adds code for managing per-peer information for IBSS. A
new wpa_cli command or driver event can be used to request RSN
authentication with an IBSS peer. New RSN Authenticator and Supplicant
will be allocated for each peer.

The basic state machine setup code is included in this commit, but the
state machines are not properly started yet. In addition, some of the
callback functions are not yet complete.
2009-01-15 01:21:55 +02:00
Jouni Malinen
6f78f2fb3b Preparations for 0.6.7 release 2009-01-06 20:11:15 +02:00
Jouni Malinen
7e5ba1b916 Mark functions static if not used elsewhere and use proper prototypes 2009-01-03 20:38:42 +02:00
Jouni Malinen
f90c86d4a3 Added Doxygen documentation for WPS code 2009-01-03 19:50:49 +02:00
Jouni Malinen
243869858a Initialize wpa_ie_len to 0 if WPA IE is not set on all paths
The new WPS code was not setting this in error case.
2009-01-02 21:50:22 +02:00
Jouni Malinen
97d3497e29 MFP: Require MFP is it is enabled and AP scan shows support for it
When using ap_scan=1, we know before the association request that MFP
will be supported, so we can as well require it. This helps mac80211 in
configuring whether to enable MFP.
2008-12-31 17:53:31 +02:00
Andriy Tkachuk
a6f06dabb2 Longer auth_timeout for WPS key_mgmt
It seems that for WPS registration we should use the same authentication
timeout as for ieee8021x, no? (See patch attached.) On slow platforms
public keys computation may take around 4-5 seconds (we actually stuck
on this issue).
2008-12-25 20:26:07 +02:00
Jouni Malinen
ac305589a3 Added support for global driver data (shared by multiple interfaces)
Driver wrappers can now register global_init() and global_deinit()
driver_ops handlers to get a global data structure that can be shared
for all interfaces. This allows driver wrappers to initialize some
functionality (e.g., interface monitoring) before any interfaces have
been initialized.
2008-12-22 22:24:31 +02:00
Jouni Malinen
24c23d1b3c WPS: Added support for wildcard SSID matching in ap_scan=2 mode
Change association behavior to match with ap_scan=1 when WPS is used in
ap_scan=2 mode with wildcard SSID matching. In addition, allow hardcoded
BSSID to be used to select AP even if selected registrar attribute is
not present.
2008-12-20 22:55:02 +02:00
Jouni Malinen
315ce40a00 Renamed the 'alpha2' variable to 'country' to match with config string 2008-12-09 22:15:47 +02:00
Luis R. Rodriguez
6d1584905c wpa_supplicant: Add support for setting of a regulatory domain
This adds support for setting of a regulatory domain to wpa_supplicant
drivers. It also adds regulatory domain setting for the nl80211 driver.
We expect an ISO / IEC 3166 alpha2 in the wpa configuration file as a
global.
2008-12-09 22:11:14 +02:00
Jouni Malinen
0a40ec6a90 Always clear EAP altAccept and altReject variables on new association
Previously, this was only done when the new connection is using
WPA-Personal. However, it looks like it was possible to trigger an
infinite busy loop if altAccept or altReject were left set to true and
an EAPOL frame is received (eapolEap is set to true). Clearing altAccept
and altReject for each association prevents this loop from happening in
the beginning of the next association.
2008-11-30 16:54:16 +02:00
Jouni Malinen
b01c18a8ef WPS: Set Request Type properly into WPS IE in ProbeReq/AssocReq 2008-11-29 13:38:03 +02:00
Jouni Malinen
c0d041d9a7 WPS: Moved ProbeReq/AssocReq WPS IE building into wps_common.c
This code and the related attributes are not specific to Enrollee
functionality, so wps_common.c is the correct location for them.
2008-11-29 12:44:02 +02:00
Jouni Malinen
116654ce24 WPS: Moved wps_context initialization into wps_supplicant.c
The wps_context data is now managed at wpa_supplicant, not EAP-WSC. This
makes wpa_supplicant design for WPS match with hostapd one and also
makes it easier configure whatever parameters and callbacks are needed
for WPS.
2008-11-28 20:32:13 +02:00
Jouni Malinen
ad08c3633c Added preliminary Wi-Fi Protected Setup (WPS) implementation
This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.

Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
2008-11-23 19:34:26 +02:00
Jouke Witteveen
e519314ee9 Add RoboSwitch driver interface for wpa_supplicant
Find attached the patch that creates a new driver: roboswitch. This
driver adds support for wired authentication with a Broadcom
RoboSwitch chipset. For example it is now possible to do wired
authentication with a Linksys WRT54G router running OpenWRT.

LIMITATIONS
- At the moment the driver does not support the BCM5365 series (though
adding it requires just some register tweaks).
- The driver is also limited to Linux (this is a far more technical
restriction).
- In order to compile against a 2.4 series you need to edit
include/linux/mii.h and change all references to "u16" in "__u16". I
have submitted a patch upstream that will fix this in a future version
of the 2.4 kernel. [These modifications (and more) are now included in
the kernel source and can be found in versions 2.4.37-rc2 and up.]

USAGE
- Usage is similar to the wired driver. Choose the interfacename of
the vlan that contains your desired authentication port on the router.
This name must be formatted as <interface>.<vlan>, which is the
default on all systems I know.
2008-11-18 16:30:32 +02:00
Jouni Malinen
91a0548210 FT: Do not call wpa_ft_prepare_auth_request() if FT is not used
This saves some extra processing for the non-FT case if FT is built in, but
not used for the association.
2008-09-29 17:28:10 +03:00
Dan Williams
ec5f180a24 Add an optional set_mode() driver_ops handler for setting mode before keys
A bug just got reported as a result of this for mac80211 drivers.

https://bugzilla.redhat.com/show_bug.cgi?id=459399

The basic problem is that since taking the device down clears the keys
from the driver on many mac80211-based cards, and since the mode gets
set _after_ the keys have been set in the driver, the keys get cleared
on a mode switch and the resulting association is wrong.  The report is
about ad-hoc mode specifically, but this could happen when switching
from adhoc back to managed mode.
2008-09-29 16:45:49 +03:00
Jouni Malinen
c684525947 FT: Fixed FTIE for authentication after a failed association 2008-09-01 11:38:13 +03:00
Jouni Malinen
565861976d Added support for using SHA256-based stronger key derivation for WPA2
IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for
key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new
AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 22:57:28 +03:00
Jouni Malinen
0b60b0aaad Updated MFP defines based on IEEE 802.11w/D6.0 and use new MFPC/MFPR
This adds most of the new frame format and identifier definitions from IEEE
802.11w/D6.0. In addition, the RSN IE capability field values for MFP is
replaced with the new two-bit version with MFPC (capable) and MFPR
(required) processing.
2008-08-30 14:59:39 +03:00
Dan Williams
1d3c75b3b6 Give adhoc associations a bit more time
Depending on how the driver implements IBSS searching and creation, it
may need to perform one or more scans before successfully completing the
association operation.  Therefore, increase the timeout for IBSS
association operations so that the supplicant doesn't interrupt the
driver as much.
2008-06-04 21:00:09 +03:00
Jouni Malinen
a8e16edc86 Introduced new helper function is_zero_ether_addr()
Use this inline function to replace os_memcmp(addr,
"\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0.
2008-06-03 18:08:48 +03:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00