The reverse case (local identifier configured but no identifier
received) was already covered, but PKEX is not going to complete
successfully if there is any difference in identifier configuration, so
ignore this other case as well. This avoids unnecessary responses to
PKEX requests with identifier from a device that is ready for PKEX in
general, but not for that particular request.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that radio measurement capabilities are negotiated
correctly for the reassociation cases with and without FT.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous implementation ended up replacing all pending IEs prepared
for Association Request frame with the FT specific IEs (RSNE, MDE, FTE)
when going through FT protocol reassociation with the wpa_supplicant
SME. This resulted in dropping all other IEs that might have been
prepared for the association (e.g., Extended Capabilities, RM Enabled
Capabilities, Supported Operating Classes, vendor specific additions).
Fix this by replacing only the known FT specific IEs with the
appropriate values for FT protocol while maintaining other already
prepared elements.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no point in building this tarball in /tmp that is on the
ramdisk of the VM since it will go away when the VM exits.
Signed-off-by: Jouni Malinen <j@w1.fi>
Both handle_action() and hostapd_action_rx() are used for processing
received Action frames depending on what type of driver architecture is
used (MLME in hostapd vs. driver) and which build options were used to
build hostapd. These functions had a bit different sequence for checking
the frame and printing debug prints. Make those more consistent by
checking that the frame includes the category-specific action field and
some payload. Add a debug print for both functions to make it easier to
see which path various Action frames use.
Signed-off-by: Jouni Malinen <j@w1.fi>
Avoid smatch warning on this even thought the only caller of the
function uses a non-NULL pointer in all cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The currently unused conf_offset parameter used a mismatching type (enum
vs. unsigned int) compared to the prototype.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Need to handle the little endian 16-bit fields properly when building
and parsing Authentication frames.
Fixes: 5ff39c1380 ("SAE: Support external authentication offload for driver-SME cases")
Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
Instead of going through the configuration exchange, reject invalid
legacy configurator parameters explicitly. Previously, configuring
legacy (psk/sae) parameters without psk/pass resulted in a config object
that used a zero length passphrase. With this change, that config object
is not sent and instead, either the initialization attempts is rejected
or the incoming initialization attempt is ignored.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new conf variable was used only within the CONFIG_TESTING_OPTIONS
block and as such, added a warning about unused variable into
non-testing builds. Fix that by using that variable outside the
conditional block as well.
Fixes: a22e235fd0 ("OWE: Add testing RSNE for OWE assoc response with driver SME/MLME")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit enhances QCA_NL80211_VENDOR_SUBCMD_LINK_PROPERTIES to
also be an event, aimed to notify the link status (EX: connected
stations status on an AP link).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When external authentication is used, a specific netlink socket is used
to send the connect command. If the same socket is not used for
disconnect command, cfg80211 will discard the command. This constraint
was added into the kernel in commit bad292973363 ("nl80211: Reject
disconnect commands except from conn_owner"). That requires an update
for the hostap.git commit 40a68f3384 ("nl80211: Create a netlink
socket handle for the Connect interface").
Add a new flag into struct i802_bss to indicate if the special
nl_connect socket was used for the connect command. When sending
disconnect command this flag is tested to select the correct socket.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
When selecting SSID to start external authentication procedure also
check the key_mgmt field as several network configuration may be defined
for the same SSID/BSSID pair. The external authentication mechanism is
only available for SAE.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
The call to remove_group() may fail, in which case all following
cleanup is skipped. This may result in failing many tests since
cleanup did not complete successfully.
Fix this by calling remove_group() after other cleanup is done so
even it fails it will not affect the following tests.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add documentation to the wpa_signal_info structure.
Add a define for an invalid noise value.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
BSS additional/removal cases were not considered at all in the previous
implementation of hostapd configuration file reloading on SIGHUP. Such
changes resulted in num_bss values getting out of sync in runtime data
and configuration data and likely dereferencing of freed memory (e.g.,
when removing a BSS).
Fix this by forcing a full disable/enable sequence for the interface if
any BSS entry is added/removed or if an interface name changes between
the old and the new configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
Implement ECDSA signing functionality in the Python test script for
generating a valid signedConnector. This allows coverage of DPP config
object testing to be increased more easily.
Signed-off-by: Jouni Malinen <j@w1.fi>
