This fixes a corner case where a STA that has PMKSA cache entry (or
valid FT keys) could try to use full EAPOL/EAP authentication and fail.
If the STA will then try to use the still valid PMKSA cache entry (or
FT) before the STA entry has been cleared, authFail could have been left
to TRUE. That will make EAPOL authenticator PAE state machine enter HELD
state even though authSuccess was already forced to TRUE. This results
in the STA getting disconnected even though it should be allowed to
continue with 4-way handshake. While this is unlikely to happen in
practice, it is better to get this fixed by clearing authFail when
setting authSuccess.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
The TX status event may be received after a stations has been
disassociated in cases where the disassociation is following a
transmission of a Data frame. Ignore such events if the STA is not
associated at the moment the event is being processed. This avoids
confusing debug entries and rescheduling of the EAPOL TX timeouts for
STAs that are still in the STA table, but are not really in active EAPOL
session.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
While the exponential increase in the lockout period provides an
efficient mitigation mechanism against brute force attacks, this
additional trigger to enter indefinite lockout period (cleared by
restarting hostapd) will limit attacks even further by giving maximum of
10 attempts (without authorized user action) even in a very long term
attack.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This allows HT capabilities overrides on kernels that
support these features.
MCS Rates can be disabled to force to slower speeds when using HT.
Rates cannot be forced higher.
HT can be disabled, forcing an 802.11a/b/g/n station to act like
an 802.11a/b/g station.
HT40 can be disabled.
MAX A-MSDU can be disabled.
A-MPDU Factor and A-MPDU Density can be modified.
Please note that these are suggestions to the kernel. Only mac80211
drivers will work at all. The A-MPDU Factor can only be decreased and
the A-MPDU Density can only be increased currently.
Signed-hostap: Ben Greear <greearb@candelatech.com>
Now that CTRL-EVENT-TERMINATING even is sent at the end of interface
removal in case wpa_supplicant process is going to terminate, there
is no need for this duplicated event in the signal handler.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows TERMINATING ctrl_iface event to be sent at the end of the
deinit sequence to avoid race conditions with new operations that this
event may trigger while wpa_supplicant would still be running through
the deinitialization path.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This avoids issues with some external program starting to use the
interface based on the interface removal event before wpa_supplicant
has completed deinitialization of the driver interface.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This will be needed to be able to move ctrl_iface TERMINATING event to
the end of interface removal.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
When there is not enough entropy and there are two station associating
at the same time, one of the stations will be rejected, but during
that rejection, the "reject_4way_hs_for_entropy" flag gets cleared. This
may allow the second station to avoid rejection and complete a 4-Way
Handshake with a GTK that will be cleared as soon as more entropy is
available and another station connects.
This reworks the logic to ban all 4-way handshakes until enough entropy
is available.
Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
current_bss and pending_bssid weren't cleaned up so BSS
kept appearing in the scan results even when it was actually gone.
Use wpa_supplicant_mark_disassoc() to cleanup the wpa_s context
instead of just dropping wpa_state back to DISCONNECTED.
Reported-by: Vishal Mahaveer <vishalm@ti.com>
Signed-hostap: Eyal Shapira <eyal@wizery.com>
For drivers limited to scan a single SSID at a time, this prevents
waiting too long for a wildcard scan in case there are several
scan_ssid networks in the configuration.
Signed-hostap: Eyal Shapira <eyal@wizery.com>
This changes the install target such that parent directories of
installed paths area created and each path is only installed
on a dependency basis.
Signed-off-by: Grant Erickson <marathon96@gmail.com>
In multiple BSSes scenario for the drivers that do not use
monitor interface and do not implement AP SME, RX MGMT
frame subscription happens only for the default bss (first_bss).
Subscribe for RX MGMT frames for such BSSes.
Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Commit e4fb216769 moved frequency
storage from driver struct to bss struct and is assigned in
wpa_driver_nl80211_set_freq. As this wpa_driver_nl80211_set_freq is
triggered only on the first_bss, bss->freq for other BSSes is never
being set to the correct value. This sends MLME frames on frequency zero
(initialized value of freq) for BSSes other than the first.
To fix this derive frequency value from first_bss.
Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
This is a useful function that simplifies some code and can eventually
be used somewhere else in future.
Signed-hostap: Antonio Quartulli <ordex@autistici.org>
This patch allows to log hexdumps into syslog.
This is useful when testing, as syslog's network logging
helps to collect debug outputs from several machines.
Signed-hostapd: Nicolas Cavallari <cavallar@lri.fr>
The pseudonym identity should use a realm in environments where a realm is
used. Thus, the realm of the permanent identity is added to the pseudonym
username sent by the server.
Signed-hostap: Simon Baatz <gmbnomis@gmail.com>
The pseudonym identity should use a realm in environments where a realm is
used. Thus, the realm of the permanent identity is added to the pseudonym
username sent by the server.
Signed-hostap: Simon Baatz <gmbnomis@gmail.com>
These properties did not work on big endian PowerPC (always 100% for
Signal and 0 for Frequency) due to endianness problem (u32 to u16 data
loss).
Signed-off-by: Sylvestre Gallon <ccna.syl@gmail.com>
Perforce does not like @ in the file name and since these template files
do not really need to have that in the name, make the files in
repository friendlier to Perforce. The generated *.service file will
maintain their old names.
Signed-hostap: Jouni Malinen <j@w1.fi>
When the "bssid=" option is set for an IBSS network and ap_scan = 2,
ask the driver to fix this BSSID, if possible.
Previously, any "bssid=" option were ignored in IBSS mode when ap_scan=2.
Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
Provide a means over DBus to set the conf->fast_reauth
property, which controls whether TLS session resumption
should be attempted for EAP-TLS 802.1X networks.
Signed-off-by: Paul Stewart <pstew@chromium.org>
It looks like Windows 7 WPS implementation does not like multiple
Authentication/Encryption Type bits to be set in M7 AP Settings
attributes, i.e., it refused to add a network profile if the AP
was configured for WPA/WPA2 mixed mode and AP PIN was used to
enroll the network.
Leave only a single bit set in the Authentication/Encryption Type
attributes in M7 when the AP is acting as an Enrollee to avoid this
issue.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpas_wps_in_use() was forcing WPS to be enabled unconditionally if P2P
support was included in the build. This is not really the correct
behavior for the case when P2P has been disabled at runtime. Change the
code here to verify runtime configuration of P2P before forcing WPS to
be enabled. This allows WSC IE to be left out from Probe Request frames
when scanning for APs without P2P or WPS being in use.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
A P2P Action frame may need to be sent on another channel than the GO's
operating channel. This information was lost in
wpa_driver_nl80211_send_action() in the case the interface was in AP
mode. Pass the frequence and related parameters to send_mlme mechanism
to allow the correct frequence to be used with the send frame command in
AP (P2P GO) mode.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Number of places in hostapd use ap_sta_disconnect() instead of
ap_sta_disassociate() or ap_sta_deauthenticate(). There are some
differences between these functions, e.g., in the area how quickly
the EAPOL state machines get deinitialized. This can result in
somewhat unexpected events since the EAPOL/WPA authenticator
state machines could remain running after deauthentication.
Address this by forcing EAPOL/WPA authenticator state machines
to disabled state whenever ap_sta_disconnect() is called instead
of waiting for the deauthentication callback or other timeout
to clear the STA.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Even though we may not update P2P peer entry while connected to the
peer as a P2P client, we should not be expiring a P2P peer entry while
that peer is the GO in a group where we are connected as a P2P client.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Even though we may not receive a Probe Response from the peer during
the connection, we should not be expiring a P2P peer entry while that
peer is connected to a group where we are the GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The cookie value needs to be fetched in GO mode, too, to be able to
indicate TX status callbacks with drivers that handle AP mode SME
functionality internally. This fixes issues with client discoverability
where TX status callback for GO Discoverability Request is needed to
trigger the GO to send Device Discoverability Response.
When a P2P group is removed, we better not leave possibly started
sched_scan running. This could happen when a separate group interface
was not used.
In addition, it looks safer to explicitly stop sched_scan before
starting P2P Listen or Find operations to make sure the offloaded
scanning is not running when doing similar P2P operations.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This patch fixes an issue with roaming for drivers that set
WPA_DRIVER_FLAGS_BSS_SELECTION (currently ath6kl). On moving to an AP
with a different BSSID, an EVENT_ASSOC is received and the subsequent
4-way handshake may fail because of a mismatch between the RSN IE in
message 3/4 and in Beacon/Probe Response. This happens only when the APs
use different RSN IE contents and ap_scan is set to 1, since
wpa_supplicant fails to update its cached IEs.
Initial association may fail, too, in case of multiple APs with
the same SSID, since BSSID selection is done by the driver and again
a mismatch could be seen.
Fix these two issues by clearing and updating the cached IEs on
receiving an Association event from the driver. Also, retrieve the
scan results when the new BSS information is not present locally.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Some SIM cards do not include MNC length with in EF_AD. Try to figure
out the MNC length based on the MCC/MNC values in the beginning of the
IMSI. This covers a prepaid Elisa/Kolumbus card that would have ended
up using incorrect MNC length based on the 3-digit default.
Signed-hostap: Jouni Malinen <j@w1.fi>
The temporary IMSI buffer can be used for this without needing the
extra memory allocation. In addition, the implementation is easier
to understand when the extra identity prefix value for EAP-SIM/AKA
is not included while fetching MCC/MNC from the IMSI.
Signed-hostap: Jouni Malinen <j@w1.fi>
The EF-AD (administrative data) file may contain information about the
length of the MNC (2 or 3 digits) in the IMSI. This can be used to
construct the realm according to 3GPP TS 23.003 during EAP-SIM or
EAP-AKA authentication.
Signed-hostap: Simon Baatz <gmbnomis@gmail.com>
This patch notifies the upper framework that an on-going discovery has
been stopped. This is useful in cases where a p2p_find with a timeout
value initiated by the upper framework has been finished or when the
framework initiated "p2p_find" is stopped by a "p2p_connect".
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Some deployed station implementations seem to send msg 4/4 with
incorrect type value in WPA2 mode. Add a workaround to ignore that issue
so that such stations can interoperate with hostapd authenticator. The
validation checks were added in commit
f8e96eb6fd.
Signed-hostap: Jouni Malinen <j@w1.fi>
The Device ID attribute was already used in Listen state, but it was
ignored in GO role. Verify that there is a match with Device ID in
GO rule, too, before replying to the Probe Request frame.
Signed-hostap: Jouni Malinen <j@w1.fi>
dev_id=<P2P Device Addr> can now be specified as an argument to
p2p_find to request P2P find for a specific P2P device.
Signed-hostap: Jouni Malinen <j@w1.fi>
Some supplicant implementations (e.g., Windows XP WZC) update SNonce for
each EAPOL-Key 2/4. This breaks the workaround on accepting any of the
pending requests, so allow the SNonce to be updated even if we have
already sent out EAPOL-Key 3/4.
While the issue was made less likely to occur when the retransmit
timeout for the initial EAPOL-Key msg 1/4 was increased to 1000 ms,
this fixes the problem even if that timeout is not long enough.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Now that we can use driver_nl80211.c with non-mac80211 drivers that
implement SME/MLME internally, we may not get inactivity time from the
driver. If that is the case, we need to skip disconnection based on
maximum inactivity timeout. This fixes some unexpected disconnection
cases with ath6kl in AP mode.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen