Commit graph

7357 commits

Author SHA1 Message Date
Jouni Malinen
31357268e5 Move AP BSS configuration parameters into set_ap()
Remove the separate driver_ops functions set_cts_protect(),
set_preamble(), set_short_slot_time(), and set_ht_params(). These
belong into same set of operations as set_ap(), so there is no need
to maintain separate functions that just make the driver wrapper
more complex.

Since these have only been used with driver_nl80211.c, the driver_ops
can be removed immediately instead of maintaining backwards
compatibility period with the old functions.
2011-10-17 19:31:33 +03:00
Jouni Malinen
fd13a54180 Deprecate set_intra_bss() driver_ops
The AP client isolation parameter is now available through set_ap().
driver_nl80211.c was the only driver wrapper using the set_intra_bss()
call in hostap.git, but some external trees may have used this. Once
those are cleared, the set_infra_bss() driver_ops can be removed
completely. The only remaining use case for it currently is in P2P
GO mode with wpa_supplicant.
2011-10-17 18:58:46 +03:00
Jouni Malinen
5ce0f8b31b Remove unused P2P device discovery hack from Beacon configuration
AP mode operations were used for P2P device discovery Listen state
only during early experiments. This has now been cleaned up and
ieee802_11_set_beacon() is not called for P2P device discovery.
As such, this hack to skip Beacon configuration can be removed.
2011-10-17 18:39:31 +03:00
Jouni Malinen
062390efd4 Start deprecating various AP mode driver_ops
The preferred way of configuring AP mode will be to use set_ap() instead
of number of separate operations hostapd has collected over the years.
2011-10-17 18:35:25 +03:00
Jouni Malinen
9e85b1ed49 atheros: Add debug hexdumps for IE configuration 2011-10-17 17:56:59 +03:00
Mahesh Palivela
d4370eac2e Move SA Query mechanism into a file that can be shared more easily
This is the first step in allowing SA Query mechanism in hostapd to be
used with drivers that implement authentication and association MLME/SME
(i.e., do not use ieee802_11.c).
2011-10-17 17:33:17 +03:00
Jouni Malinen
2a4b98a912 Interworking: Document network selection parameters 2011-10-16 23:55:34 +03:00
Jouni Malinen
3b840b6748 Interworking: Support for using EAP-SIM credentials in network selection
New configuration parameters home_imsi and home_milenage can be used
to configure SIM/USIM simulator parameters for network selection based
on SIM/USIM credentials.

home_imsi=(MCC | MNC | '-' | rest of IMSI)
home_milenage=(Ki):(OPc):(SQN)

For example:
home_imsi=310026-000000000
home_milenage=90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123
2011-10-16 23:55:34 +03:00
Jouni Malinen
67e1b98463 Interworking: Support username/password based network selection
Add support for network selection for username/password credentials with
EAP-TTLS and EAP-PEAP. The new global configuration parameters
home_username, home_password, and home_ca_cert can be used to specify
credentials for network selection.
2011-10-16 23:55:34 +03:00
Jouni Malinen
73c41a8fab Interworking: Parse NAI Realms and match against home realm 2011-10-16 23:55:34 +03:00
Jouni Malinen
b02fe7ff32 Interworking: Add commands for network selection
This adds the basic mechanism for running through network selection:
scan, ANQP fetch, network selection, and connection. Actual rules for
network selection and the creation of the network block are still
missing, but will be added in separate commits.
2011-10-16 23:55:34 +03:00
Jouni Malinen
afc064fe7a Interworking: Add ANQP query requests
Add mechanism for using GAS/ANQP to query Interworking related
information from APs. The received information is stored in the BSS
table and can be viewed with ctrl_iface BSS command.

New ctrl_iface command ANQP_GET can be used to fetch ANQP elements from
a specific AP. Additional commands FETCH_ANQP and STOP_FETCH_ANQP can be
used to initiate and stop an iteration through all APs in the BSS table
that indicate support Interworking to fetch ANQP elements from them.
2011-10-16 23:55:34 +03:00
Jouni Malinen
40eac89023 wpa_cli: Make second argument to set command optional
This can be used to indicate zero length value.
2011-10-16 23:55:34 +03:00
Jouni Malinen
69fbdfe48d GAS: Export gas_build_initial_resp()
This is needed for some GAS error response messages where the ANQP
Advertisement Protocol element is not used.
2011-10-16 23:55:34 +03:00
Jouni Malinen
696be77eee Define new IEEE 802.11u status codes 2011-10-16 23:55:34 +03:00
Jouni Malinen
71269b3708 WNM: Add BSS Transition Management Request for ESS Disassoc Imminent
"hostapd_cli ess_disassoc (STA addr) (URL)" can now be used to send
an ESS Dissassociation Imminent notification to the STA. This event
is shown in wpa_supplicant ctrl_iface monitors (e.g., wpa_cli):
"WNM: ESS Disassociation Imminent - session_info_url=http://example.com/session/"
2011-10-16 23:55:34 +03:00
Jouni Malinen
4fe9fa0d29 nl80211: Register GAS frames for Interworking
The GAS frames are used both with P2P and Interworking, so register
them if CONFIG_INTERWORKING is used without CONFIG_P2P.
2011-10-16 23:55:34 +03:00
Jouni Malinen
92cbcf9128 Add Extended Capability element to AssocReq for Interworking
If Interworking is enabled, add Extended Capability element to
(Re)Association Request frames to indicate support for Interworking.
2011-10-16 23:55:34 +03:00
Jouni Malinen
46ee0427b1 IEEE 802.11u: Allow Interworking and HESSID to be configured
The new wpa_supplicant.conf file global parameters interworking and
hessid can be used to configure wpa_supplicant to include
Interworking element in Probe Request frames.
2011-10-16 23:55:34 +03:00
Jouni Malinen
b83e3e93c8 IEEE 802.11u: Add configuration and advertisement for Interworking 2011-10-16 23:55:34 +03:00
Jouni Malinen
cc81110d55 Fix location of P2P indication flag in BSS ctrl_iface output 2011-10-16 18:25:35 +03:00
Gurumoorthi Gnanasambandhan
783fcb7d03 Allow drivers to indicate WPS push button in station mode
EVENT_WPS_BUTTON_PUSHED wpa_supplicant_event can now be used in
station mode driver_*.c to indicate that a push button has been
pushed. This will activate WPS PBC mode.
2011-10-16 18:05:55 +03:00
Jouni Malinen
08a74e6a61 Use a common error handler in hostapd_notif_assoc() 2011-10-16 17:57:27 +03:00
Jouni Malinen
2bb20281cb Clean up IE processing in hostapd_notif_assoc() 2011-10-16 17:49:02 +03:00
Jouni Malinen
fa15d405c7 WPS: Fix WPS IE processing
Commit 17f6b90056 moved the concatenation
of WPS IEs, but did not include the validation that the IE buffer is not
NULL. In addition, the concatenation needs to be done based on the full
IE buffer instead of the parsed pointer that includes only a single
WPS IE.
2011-10-16 17:10:48 +03:00
Jouni Malinen
1472d32f72 Remove unused function argument 2011-10-16 14:00:30 +03:00
Jouni Malinen
298716b495 Convert signed bit field to unsigned one
It's cleaner to use unsigned bit field with one bit values.
2011-10-16 13:21:54 +03:00
Jouni Malinen
b02897e70b dbus: Fix potential memory leak with unexpected p2p_find calls
Should the RequestedDeviceTypes entry show up multiple times, the
previously allocated buffer would have been leaked.
2011-10-16 13:19:33 +03:00
Jouni Malinen
86c6626c5b Remove unnecessary wpa_s == NULL validation
wpa_s cannot be NULL here (it is already dereferenced above and
all the callers pass a valid pointer anyway).
2011-10-16 13:16:21 +03:00
Jouni Malinen
619e6726ba base64: Stop decoding at the first sequence of pad characters
The base64 encoded data cannot included pad characters in the middle, so
we can stop the loop at the first sequence of pad characters. If the
sequence includes more than two pad characters, the encoding is invalid
and we can indicate failure.
2011-10-16 12:36:21 +03:00
Jouni Malinen
c3b75919fa Fix double free with CONFIG_WPS_STRICT=y
Commit 17f6b90056 extended the use of
the concatenated WPS IE outside the CONFIG_WPS_STRICT block, but
forgot to remove the old wpabuf_free(wps) call.
2011-10-16 12:11:00 +03:00
Luciano Coelho
6a90053cdf Add delayed scheduled scan request
When initializing, the scheduled scan code was being called before
everything is ready. With normal scans, the first scan round is
delayed, so the initialization is finished by the time it really
starts.

Add a function that can be used to request a delayed scheduled scan.
The scan will only start after the specified time has elapsed. Call
this function instead of starting the scheduled scan directly during
driver initialization.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:14 +03:00
Luciano Coelho
bd525934e5 nl80211: Add support for sched_scan filtering
Use the SSID filter list passed in the scheduled scan request down to
the kernel driver, so it can use the list to return only the wanted
SSIDs. Some kernel drivers can use this information to offload the
SSID filter to the hardware, helping with reducing the power
consumption.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:14 +03:00
Luciano Coelho
b59e6f267b Add filter support to scheduled scans
Pass SSIDs to be matched in scheduled scan results. Only the SSIDs
that are included in the match lists will be reported by the driver,
so the filtering can be offloaded to the hardware and the power
consumption can be reduced.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:14 +03:00
Luciano Coelho
35b741fdf7 Increase maximum number of SSIDs per scan
With scheduled scan support, we may need to pass more than 10 SSIDs in
a single scan request. Some drivers (e.g., wl12xx) support up to 16
SSIDs at once.

Change WPAS_MAX_SCAN_SSIDS from 10 to 16.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Luciano Coelho
a4cba8f1e2 Use sched_scan in driver init
This patch uses sched_scan, if available, when the driver is
initialized. It also adds a couple of cancel operations where
appropriate.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Luciano Coelho
d21c63b925 nl80211: Add scheduled scan support
This commit adds scheduled scan support in the nl80211 driver.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Luciano Coelho
cbdf3507e9 Add scheduled scan driver operations
In new Linux kernel versions (>=3.0), nl80211 adds scheduled scan
capability. In order to use this feature to its full extent, we need
to support it in the wpa_supplicant core, so that it can also be used
by other drivers.

This commit adds initial scheduled scan support operations and events.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Luciano Coelho
5f738a21a6 Reorganize P2P and WPS scan code
Move some code to separate functions to reorganize the P2P and WPS
handling during scans. This makes the code a bit cleaner and is
needed for the scheduled scan implementation to avoid duplicated code.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Mukesh Agrawal
a49214d482 Fix object file list for hlr_auc_gw
If CONFIG_NO_RANDOM_POOL is unset, src/crypto/random.o is linked
into hlr_auc_gw. However, in this configuration, random.o requires
symbols defined in src/utils/eloop.o. So add eloop.o to the object
file list for hlr_auc_gw.
2011-10-15 16:52:51 +03:00
Jouni Malinen
1e1a0a4dc9 edit: Fix history prev/next selection
Commit 19ec1f262e tried to fix some
cases for history prev selection, but it broke others. Fix this
properly by using a separate entry for the current edit line that
is not yet in history buffer.
2011-10-15 14:03:35 +03:00
Jouni Malinen
44dc872ee5 nl80211: Add debug print for channel changes 2011-10-15 13:29:56 +03:00
Jouni Malinen
dcd1eb5be5 Fix some forgotten comments in set_beacon to set_ap change 2011-10-15 13:15:24 +03:00
Jithu Jance
6758b1677a nl80211: Use shorter monitor interface name for P2P GO
Currently the P2P Interface name[p2p-%s-%d] is reset when the P2P
Interface name reaches the "IFNAMSIZ" limit. Monitor interface name is
derived from p2p interface name with the addition of few characters
[mon.p2p-%s-%d] and hence Monitor interface name hits IFNAMSIZ limit
before P2P Interface name. Rename the monitor interface name to
mon-%s-%d to reduce the length to same with p2p-%s-%d.
2011-10-15 13:07:30 +03:00
Yogesh Ashok Powar
8666585b9e Disconnect STA when it fails to get added in kernel driver/firmware
Data path for stations that get successfully associated to the
hostapd but fail to get added in the driver/firmware, will not
work. In such cases, hostapd should deauth and disconnect such
stations. In such scenario, hostapd should disconnect the STAs.

Sample output with following patch
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: authenticated
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: associated (aid 1)
wlan0: AP-STA-CONNECTED 0c:74:c2:9a:4c:59
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: Could not add STA to kernel driver
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: deauthenticated due to local deauth request

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
2011-10-15 12:41:28 +03:00
B. J
5dd80dd661 Fix NT-hash password use with integrated authentication server
The password_hash parameter was not copied in case of the integrated
authentication server (but was for RADIUS server). This broke EAP
authentication when the user entry used NT-hash.
2011-10-15 12:13:27 +03:00
Janusz Dziedzic
f1afcb391e P2P: Fix wpabuf reuse on p2p_group_notif_noa()
This currently unused function would have triggered wpabuf overflows
due to incorrect variable being reset to zero in the case the old
NoA wpabuf was large enough for the new data.
2011-10-13 01:06:11 +03:00
Janusz Dziedzic
a7fd39bb5d P2P: Cleanup AP callbacks when removing the group
Clear the P2P GO callback parameters when removing the group to avoid
using these for non-P2P AP mode.

This is a fix for the bug I found in the following scenario:

A) p2p_group_add
A) p2p_group_remove wlan0
A) add_n
A) set_n 0 ssid "testap"
A) set_n 0 key_mgmt NONE
A) set_n 0 mode 2
A) set_n 0 frequency 2412
A) enable_n 0

B) try connect to testap

Authentication request will be always rejected because of
HOSTAPD_ACL_REJECT and not cleaned callbacks when group removed.
2011-10-12 21:06:39 +03:00
Jouni Malinen
fd8e4fda50 EAPOL auth: Disconnect after IEEE 802.1X failure
The EAPOL authenticator was previously forcing disconnection in the WPS
use case. However, this can be benefitial operation with any IEEE 802.1X
authentication mechanism and need not be limited to WPS. This helps some
use cases like EAP-FAST where provisioning may require two
authentication runs if the authentication server does not allow the PAC
provisioning step to be used for normal data connection. While the
station would be free to decide to re-associate in such a case, not all
stations do and as such, it helps if the AP does that instead of leaving
the association up with EAPOL state machine in HELD state for 60
seconds.
2011-10-12 20:07:16 +03:00
Jouni Malinen
88dc899a1b EAP-FAST: Allow unprotected EAP-Failure in provisioning case
While EAP-FAST uses protected success notification, RFC 5422, Section
3.5 points out a possibility of EAP-Failure being sent out even after
protected success notification in case of provisioning. Change the
EAP-FAST peer implementation to accept that exception to the protected
success notification. This allows the station to re-connect more quickly
to complete EAP-FAST connection in the case the server rejects the
initial attempt by only allowing it to use to provision a new PAC.
2011-10-12 20:05:02 +03:00