Commit graph

546 commits

Author SHA1 Message Date
Jouni Malinen
1d8ce433c9 Internal X.509/TLSv1: Support SHA-256 in X.509 certificate digest 2008-08-16 11:21:22 +03:00
Jouni Malinen
c1e033b0bb IEEE Std 802.11r-2008 has been released, so update references 2008-08-15 11:25:24 +03:00
Jouni Malinen
d48ae45b73 Preparations for 0.6.4 release 2008-08-10 20:33:12 +03:00
Jouni Malinen
7b5776834b Fixed a NULL pointer dereference when driver initialization fails 2008-08-08 19:30:58 +03:00
Jouni Malinen
358921edb7 Added support for setting BSS parameters with NL80211_CMD_SET_BSS
This new cfg80211 command is used for setting CTS protect, short preamble,
and short slot time parameters for the BSS. The matching kernel change has
been submitted, but is not yet included in wireless-testing. The code here
used #ifdef to avoid compilation failures before the new command is
available.
2008-08-07 20:09:55 +03:00
Jouni Malinen
bf98f7f3bc Added support for opportunistic key caching (OKC)
This allows hostapd to share the PMKSA caches internally when multiple
BSSes or radios are being controlled by the same hostapd process.
2008-08-03 20:17:58 +03:00
Jouni Malinen
27e120c46d Cleaned up some of invalid documentation related to channel configuration. 2008-07-23 03:51:10 +03:00
Jouni Malinen
b0f23e11ed Fixed NULL pointer dereference on error path [Bug 273] 2008-07-18 05:57:03 +03:00
Jouni Malinen
eb0699b6ba Add IGTK/MFP configuration (disabled by default)
Added code to use suggested nl80211/cfg80211 API for setting MFP related
parameters. This is disabled by default since the API changes has not yet
been approved. The new commands can be enabled by defining
NL80211_MFP_PENDING (this will be removed once the API changes is
approved).
2008-06-18 11:23:59 +03:00
Jouni Malinen
f3f7540edc Added WLAN_STA_MFP flag for driver wrappers so that they can configure the
driver to enable MFP (IEEE 802.11w) processing for the STA.
2008-06-17 11:21:11 +03:00
Jouni Malinen
94e5af7948 Added support for configuring IGTK
This needs changes in kernel code, too, but the cipher suite for IGTK is
defined in IEEE 802.11w, so this code in hostapd side can be added now.
2008-06-16 11:20:01 +03:00
Jouni Malinen
2eeaa5c9d0 EAP-PEAP: Moved the common peap_prfplus() function into a shared file 2008-06-09 10:32:12 +03:00
Jouni Malinen
3f3339dfe7 Fixed a buffer overflow in nla_parse call
The first argument (tb) to nla_parse must have room for maxtype+1, not
maxtype, elements.
2008-06-06 16:51:17 +03:00
Pavel Roskin
f3833aee90 Fix compile warnings on 64-bit systems
Don't cast pointers to int in definitions of PRISM2_HOSTAPD_RID_HDR_LEN
and PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN.  Use size_t instead.  That's
actually what the code needs.
2008-06-06 14:17:03 +03:00
Jouni Malinen
a8e16edc86 Introduced new helper function is_zero_ether_addr()
Use this inline function to replace os_memcmp(addr,
"\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0.
2008-06-03 18:08:48 +03:00
Jouni Malinen
957ed801e9 Fix USE_KERNEL_HEADERS build with compat-wireless
compat-wireless does not include linux/compiler.h to define __user, so
define it in hostapd code before including linux/wireless.h.
2008-06-03 11:57:52 +03:00
Jouni Malinen
8479707beb Include wireless_copy.h instead of linux/wireless.h to avoid conflicts
linux/wireless.h ends up including number of Linux kernel header files and
many of the definitions are conflicting with (or at least duplicating)
definitions in net/if.h.
2008-06-03 11:31:42 +03:00
Jouni Malinen
34f564dbd5 Redesigned EAP-TLS/PEAP/TTLS/FAST fragmentation/reassembly
Fragmentation is now done as a separate step to clean up the design and to
allow the same code to be used in both Phase 1 and Phase 2. This adds
support for fragmenting EAP-PEAP/TTLS/FAST Phase 2 (tunneled) data.
2008-05-28 09:57:17 +03:00
Jouni Malinen
1b52ea47e4 Added fragmentation support for EAP-TNC 2008-05-26 12:00:18 +03:00
Jouni Malinen
29222cd303 Added instructions on how to create the DH parameters files. 2008-05-21 10:53:56 +03:00
Jouni Malinen
dcf9c2bd77 Updated the comment on 'bridge' variable to mention nl80211 which needs
this parameter, too.
2008-05-07 13:51:00 +03:00
Michael Bernhard
b717ee2ab2 Disable functionality in hostapd_deauth_all_stas for hostap driver only
Signed-off-by: Michael Bernhard <michael.bernhard@bfh.ch>
2008-04-16 14:40:32 +03:00
Jouni Malinen
0d58229994 Small whitespace cleanup 2008-04-13 12:48:59 +03:00
Michael Bernhard
4c6122c397 driver_nl80211: Do not send nl80211 message if beacon is not set yet
Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:41:30 +03:00
Michael Bernhard
f4a5a7468d driver_nl80211: Return correct value
Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:40:24 +03:00
Michael Bernhard
a325926a9c driver_nl80211: Initialize local variable
This solves the problem with out-of-sync ACK messages.

Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:39:13 +03:00
Michael Bernhard
99c55ef92f driver_nl80211: Clone netlink callbacks instead of creating new ones
This way the default callbacks are inherited.

Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:37:49 +03:00
Bernhard Michael
f7868b5018 driver_nl80211: Use customizable netlink callbacks
This allows the use of NL_CB_VERBOSE or NL_CB_DEBUG.

Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:36:23 +03:00
Michael Bernhard
7cc92d7275 driver_nl80211: Use the correct nl80211 command to flush all stations
Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:33:59 +03:00
Johannes Berg
dda803699f nl80211 driver: fix beacon interval setting
This removes the hard-coded beacon interval setting.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2008-04-09 10:11:04 +03:00
Artem Antonov
eaaab2bd98 Fix nl80211 driver to receive EAPOL response
This patch fixes nl80211 driver to receive EAPOL response if wlan0 was
added to bridge.
2008-04-08 09:49:06 +03:00
Daniel Wagner
913cf1caec Rename NL80211_[ATTR]_STA_STAT_* to NL80211_[ATTR_]STA_INFO_
adapt to change 72141605e9f9d856418bbed9dc47e5ad42aabb42
nl80211/cfg80211: support for mesh, sta dumping

Signed-off-by: Daniel Wagner <wagi@monom.org>
2008-03-31 12:39:52 +03:00
Jouni Malinen
e7d8003358 EAP-PEAP: Fixed interop issues in key derivation with cryptobinding
It looks like Microsoft implementation does not match with their
specification as far as PRF+ label usage is concerned.. IPMK|CMK is derived
without null termination on the label, but the label for CSK derivation
must be null terminated.

This allows cryptobinding to be used with PEAPv0 in a way that
interoperates with Windows XP SP3 (RC2) and as such, this functionality is
now enabled as an optional addition to PEAPv0.
2008-03-19 16:58:06 +02:00
Jouni Malinen
06726f0bdd EAP-PEAP: Moved EAP-TLV processing into eap_peap.c
EAP-PEAP was the only method that used the external eap_tlv.c server
implementation. This worked fine just for the simple protected result
notification, but extending the TLV support for cryptobinding etc. is not
trivial with such separation. With the TLV processing integrated into
eap_peap.c, all the needed information is now available for using
additional TLVs.
2008-03-18 08:31:04 +02:00
Chris Zimmermann
6affdaee6b Support for RADIUS ACLs with drivers that do not use hostapd MLME
Sam Leffler <sam@errno.com>:
Attached are changes from Chris Zimmerman (cc'd) to allow drivers to handle
radius ACL's.  The patch is against 0.5.10 but I suspect will also apply to
your latest code.  These mods enable radius acl support in freebsd w/ my
vap code.

You may want to do the changes to ieee802_11_auth.c differently as they
currently require all participating drivers to work the same.  You might be
able to check the return value from hostapd_set_radius_acl_auth and use
that to decide whether the alternate code should be run so you can have 1
driver using this stuff while the other does not.

(jm: Added without more dynamic check for now; in addition, none of the
current in-tree driver wrappers actually implement these handlers, so this
is in preparation for future changes)
2008-03-12 11:43:55 +02:00
Chris Zimmermann
b6745143e8 hostapd_allowed_address() is called from hostapd_config_reload_sta() with
session_timeout and acct_interim_interval set to NULL.  Without checking
these before accessing, we'd cause a NULL pointer access in this case.  In
ieee802_11.c calls hostapd_allowed_address() with valid pointers.
2008-03-12 11:39:56 +02:00
Jouni Malinen
502a293e30 TNC: Added TNC server support into documentation and ChangeLogs 2008-03-09 12:14:15 +02:00
Jouni Malinen
c3e258ae9f TNC: Provide 'tnc' configuration option for EAP server and methods 2008-03-09 10:42:53 +02:00
Jouni Malinen
da08a7c732 TNC: Added preliminary TNC implementation for hostapd
This adds EAP-TNC method and TNCS (IF-IMV and IF-TNCCS) functionality.
There is no integration with EAP-TTLS and EAP-FAST at this point, so this
version is not yet suitable for real use (i.e., EAP-TNC can only be tested
outside a tunnel which is not an allowed configuration for deployment).
However, the basic TNCS functionality is more or less complete and this
version seems to interoperate with wpa_supplicant.
2008-03-09 10:37:18 +02:00
Jouni Malinen
7914585fe0 EAP-FAST: Cleaned up TLV processing and added support for EAP Sequences
Number of TLVs were processed in groups and these cases were now separated
into more flexible processing of one TLV at the time. wpabuf_concat()
function was added to make it easier to concatenate TLVs. EAP Sequences are
now supported in both server and peer code, but the server side is not
enabled by default.
2008-02-27 17:59:34 -08:00
Jouni Malinen
a4819630f6 EAP-FAST: Added shared helper functions for building TLVs 2008-02-27 17:56:30 -08:00
Jouni Malinen
829f14be17 EAP-FAST: Add peer identity into EAP-FAST PAC-Opaque
This allows Phase 2 Identity Request to be skipped if the identity is
already known from PAC-Opaque received in TLS handshake in order to save
one roundtrip from normal authentication.
2008-02-27 17:55:40 -08:00
Jouni Malinen
b0194fe07e Added max_listen_interval configuration option
This allows associations to be denied if the STA tries to use too large
listen interval. The default value is 65535 which matches with the field
size limits.
2008-02-27 17:54:06 -08:00
Jouni Malinen
dc366e8e85 Added listen interval to hostapd sta_add() driver function 2008-02-27 17:45:00 -08:00
Jouni Malinen
3b46a31ec7 Added files that cg-init excluded 2008-02-27 17:36:06 -08:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00