The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled for TLS-based EAP methods when
OpenSSL is used as the TLS library. This parameter can be used both as a
global parameter to set the default for all network blocks and as a
network block parameter to override the default for each network
profile.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use os_exec() to run the action script operations to avoid undesired
command line processing for control interface event strings. Previously,
it could have been possible for some of the event strings to include
unsanitized data which is not suitable for system() use. (CVE-2014-3686)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends "wpa_cli -a<action script>" functionality to work with the
global wpa_supplicant control interface. The IFNAME=<ifname> prefix is
removed from the event messages and converted to the control interface
name when present. Previously, action scripts could only be used with
the per-interface control interfaces.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Number of other buffers were already increased to this size, but the
buffer used for receiving unsolicited event messages from wpa_supplicant
(e.g., for wpa_cli action scripts) was still at the older 256 byte size.
This could result in some events getting truncated. Avoid this by using
the same 4096 byte buffer size here as in the other places receiving
messages from wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The ifname_prefix string could change during line editing and the
periodic PING command running in the background ended up getting the
latest snapshot of the command line due to the pointer being left to
point to the edit buffer. This resulted in unexpected prefix strings
getting used with the periodic PING command. Fix this by temporarily
clearing the ifname_prefix whenever running such a periodic PING.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes the p2p_find default delay value configurable as
p2p_search_delay parameter through the configuration file (and through
control interface "SET p2p_search_delay <value>" on the P2P management
interface.
This parameter controls the number milliseconds of extra delay that is
added between search iterations when there is a concurrent operation in
progress. This can be used, e.g., p2p_search_delay=100 to make p2p_find
friendlier to concurrent operations by avoiding it from taking 100% of
the radio resources. The default value is the previous default, i.e.,
500 ms. Smaller values can be used to find peers more quickly at the
cost of larger effect to concurrent operations while a larger value
leaves more time for the concurrent operations at the cost of making
device discovery take longer time.
The optional p2p_find delay argument can still be used to override the
search delay for each search operation.
Since the P2P_CONCURRENT_SEARCH_DELAY macro is not used anymore, the
driver specific build parameter for bcmdhd from Android.mk is also
removed. Similar configuration can now be achieved with
p2p_search_delay=0 in the p2p0 interface configuration file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This command allows to copy network variable from one network to
another, e.g., to clone the psk field without having to extract it from
wpa_supplicant.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
The newer NFC_REPORT_HANDOVER command is more general version that
handles the cases where NFC_RX_HANDOVER_SEL could potentially have been
used. In addition, with the new WPS NFC design, it is important to
receive the handover request message that was used in the handover in
addition to the select message, so the NFC_RX_HANDOVER_SEL command on
its own would not be sufficient for this.
Signed-off-by: Jouni Malinen <j@w1.fi>
"GET_CRED <id> <field>" can now be used to fetch credential parameters
over the control interface. This does not allow passwords etc. private
material to be retrieved ("*" is returned for those if the value is set
regardless of the value). FAIL is returned if the requested parameter
has not been set. For cred parameters that can have multiple values,
newline separated list of values is returned.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add "reattach" command to perform single-channel single-ssid scan
instead of full scan when trying to reconnect to the currently
"connected" network (assuming old scan results are not current enough to
skip the scan completely). This allows the scan result to come back in
much faster time. In ath9k, the scan took around 12 seconds with full
background scan, and only 0.1 second with the single-channel single-ssid
scan. Thus, take much less time for the client to re-establish
connection with the currently "connected" network.
Signed-hostap: Peter Qiu <zqiu@chromium.org>
Add a callback to the driver interface that allows vendor specific
commands to be sent. In addition, a control interface command is added
to expose this new interface outside wpa_supplicant:
Vendor command's format:
VENDOR <vendor id> <sub command id> [<hex formatted data>]
The 3rd argument will be converted to binary data and then passed as
argument to the sub command.
This interface is driver independent, but for now, this is only
implemented for the nl80211 driver interface using the cfg80211 vendor
commands.
Signed-off-by: Beni Lev <beni.lev@intel.com>
The new wpa_cli fetch_osu command can be used to fetch information about
all OSU providers and write that to a text file with the icons in
separate files. cancel_osu_fetch command can be used to stop ongoing OSU
provider list fetch.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant can request OSU icon data with "hs20_icon_request <BSSID>
<icon filename>". This transmits an Icon Request ANQP element and
processes the response in Icon Binary File ANQP elements.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Subscription remediation notification WNM-Notification Request is now
shown in the following way in wpa_supplicant control interface:
<3>HS20-SUBSCRIPTION-REMEDIATION http://example.com/foo/
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The more generic NFC_REPORT_HANDOVER is now used to report completed NFC
connection handover operations in either role and NFC_RX_HANDOVER_REQ
did not have any implementation within wpa_supplicant.
Signed-off-by: Jouni Malinen <j@w1.fi>
This global configuration parameter was added in commit
800d58721c but the tab completion list for
the wpa_cli SET command in interactive mode was not updated.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is a mechanism used in Android to extend driver interface in vendor
specific ways. This is included only for the purpose of Android
compatibility. Proper interface commands should be used for any new
functionality.
Signed-hostap: Jouni Malinen <j@w1.fi>
Add chan_switch to the control interface of wpa_supplicant and hostapd,
and also to wpa_cli and hostapd_cli.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add the option to ask for VHT operation similarly to the way ht40 is
configured - either by adding 'vht' param to the relevant p2p_*
commands or by configuring p2p_go_vht=1 in the configuration file.
This patch only adds the configuration option (e.g., via control
interface). The actual handling of the VHT parameter (asking the driver
to use VHT, etc.) will be done by the following patch.
Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
The new p2p_no_go_freq frequency range list (comma-separated list of
min-max frequency ranges in MHz) can now be used to configure channels
on which the local device is not allowed to operate as a GO, but on
which that device can be a P2P Client. These channels are left in the
P2P Channel List in GO Negotiation to allow the peer device to select
one of the channels for the cases where the peer becomes the GO. The
local end will remove these channels from consideration if it becomes
the GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new configuration parameter external_sim=<0/1> can now be used to
configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM
authentication for EAP-SIM or UMTS authentication for EAP-AKA). The
requests and responses for such operations are sent over the ctrl_iface
CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing
password query mechanism.
Changes to the EAP methods to use this new mechanism will be added in
separate commits.
Signed-hostap: Jouni Malinen <j@w1.fi>
STATUS-DRIVER command can now be used to fetch driver interface status
information. This is mainly for exporting low-level driver interface
information for debug purposes.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new control interface command P2P_REMOVE_CLIENT <P2P Device
Address|iface=Address> can now be used to remove the specified client
from all groups (ongoing and persistent) in which the local device is a
GO. This will remove any per-client PSK entries and deauthenticate the
device.
Signed-hostap: Jouni Malinen <j@w1.fi>
"wpa_cli p2p_set per_sta_psk <0/1>" can now be used to disable/enable
use of per-device PSKs in P2P groups. This is disabled by default.
When enabled, a default passphrase is still generated by the GO for
legacy stations, but all P2P and non-P2P devices using WPS will get
a unique PSK.
This gives more protection for the P2P group by preventing clients from
being able to derive the unicast keys used by other clients. This is
also a step towards allowing specific clients to be removed from a group
reliably without having to tear down the full group to do so.
Signed-hostap: Jouni Malinen <j@w1.fi>
wpa_cli filters out extra DISCONNECTED events from action scripts. This
ended up filtering out the first real DISCONNECT event in case wpa_cli
was started when wpa_supplicant was in connected state. Change wpa_cli
to allow the first disconnection event to be reported to the action
script in such case.
Signed-hostap: Jouni Malinen <j@w1.fi>
Enable tab completion for the cases where ifname= prefix is used in
interactive mode by skipping over that prefix before running through the
per-command completion routines. The ifname= prefix itself is also
covered by adding the possible interface names to the command list.
Signed-hostap: Jouni Malinen <j@w1.fi>
Strip out the IFNAME=<ifname> prefix from commands before parsing them
through the normal processing and then add the prefix back to the
beginning of the actual control interface command to make per-interface
commands work through the global control interface without having to use
the 'raw' command.
Signed-hostap: Jouni Malinen <j@w1.fi>
Define a proper event prefix and include additional information to allow
ESS Dissassociation Imminent event to be used in a wpa_cli action
script.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The ATTACH/DETACH mechanism to request event messages from
wpa_supplicant can now be used through the global control interface,
too. This results in events from all interfaces being delivered through
a single monitor socket. "IFNAME=<ifname> " prefix is used on events
that are specific to an interface.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is mostly a corner case at this point, but if wpa_cli was started
with global control interface connection (-g) and interactive mode,
per-interface control interface was tried to be opened with the
previously opened global ctrl_iface connection gettign leaked.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new control interface command can be used to send a
BSS Transition Management Query frame to the current AP.
Signed-hostap: Vinayak Kamath <vkamat@codeaurora.org>
This makes tab completion work better in cases where wpa_cli is started
after wpa_supplicant has already discovered BSSes.
Signed-hostap: Jouni Malinen <j@w1.fi>
The old help text did not include most of the parameters and as such,
was not really helpful. Replace it with tab completion function that
includes more or less all available parameters.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, interactive mode could not be used to enter space-separated
lists with the set command. This removes that restriction and allows
such commands to be encoded properly.
Signed-hostap: Jouni Malinen <j@w1.fi>
There are quite a few places in the current implementation where a nul
terminated string is generated from binary data. Add a helper function
to simplify the code a bit.
Signed-hostap: Jouni Malinen <j@w1.fi>
NFC connection handover messages may be longer than 100 octets, so
increase wpa_cli buffer size to allow longer messages to be reported.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add "get_capability freq" command to print a more verbose list of
channels and frequencies in MHz. The tag "NO_IBSS" is added, if IBSS
mode is not allowed on a channel. This allows userspace programs to get
the frequencies and limitations associated with each channel.
This extends the information already provided in "get_capability
channels" but a new interface is chosen because of backwards
compatibility considerations.
Signed-hostap: Bruno Randolf <br1@einfach.org>
This is mainly for testing purposes where it is convenient to have an
easy way of getting wpa_supplicant state cleared between test cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
Add a driver capability flag for drivers which support IBSS mode and set
it for nl80211 drivers which have set the NL80211_IFTYPE_ADHOC.
Add a new option "modes" to "get_capability" which will return "AP" and
"IBSS" if the corresponding capability flags are set.
The idea is that this can be used for UIs to find out if the driver
supports IBSS mode.
Signed-hostap: Bruno Randolf <br1@einfach.org>
wpa_supplicant uses 4096 byte buffer for control interface responses, so
wpa_cli should do the same to avoid truncating responses unnecessarily.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>