Commit graph

7798 commits

Author SHA1 Message Date
Jouni Malinen
e1bad1cd7d UPnP: Workaround bogus NewWLANEventMAC in PutWLANResponse
It looks like Intel wsccmd may send a bogus NewWLANEventMAC
(11:22:33:44:55:66) when acting as an wired external Registrar. Work
around this by going through all STAs if the address does not match and
pick the STA that is in an ongoing WPS registration.
2009-02-06 16:39:49 +02:00
Jouni Malinen
b93b6004e4 WPS: Allow minor version differences in Version attribute check
Version attribute processing details are not described in the WPS spec,
but it is safer to allow minor version to change and only refuse to
process the message if major version is different from ours. This
matches with the behavior used in the Intel reference implementation.
2009-02-06 14:19:59 +02:00
Jouni Malinen
f65cbff3a3 WPS: Moved Version attribute validation into a shared function 2009-02-06 14:15:47 +02:00
Jouni Malinen
fda90ab4b7 UPnP: Removed shadowed variable 2009-02-06 14:05:17 +02:00
Andriy Tkachuk
25e31cccbe WPS: Set correct Device Password ID in M2
It looks like we don't set correspondent Device Password ID attribute in
M2 message during PBC registration. Without it TG185n STA was not able
to connect to our AP in PBC mode. Attached patch fixes this.
2009-02-06 14:03:34 +02:00
Jouni Malinen
e1c7954d5d Added CONFIG_WPS_UPNP for wpa_supplicant tests
For now, this is just an undocumented build option to make it possible
to build ../src/wps/*.o in a way that matches with hostapd needs.
2009-02-06 13:52:30 +02:00
Daniel Mierswa
b77eab282a Explicitly link against libdl when including TNC support
If you don't choose OpenSSL as TLS implementation and choose to enable
CONFIG_EAP_TNC you have to link against libdl. The OpenSSL libraries
implicitly link against them, so this might be a reason why it wasn't
noticed yet. I assume the same applies to hostapd.
2009-02-05 19:24:16 +02:00
Masashi Honma
1e2688be3e Setting probe request ie with madwifi driver
The madwifi driver has interface to set probe request ie.
Attached patch will enable the functionality.
I could see probe request includes WSC IE with this patch.
2009-02-05 19:19:19 +02:00
Jouni Malinen
3a19555445 Add crypto_mod_exp() for GnuTLS (libgcrypt)
This allows WPS to be linked with GnuTLS.
2009-02-05 18:57:26 +02:00
Jouni Malinen
a7baefda28 Fixed eapol_test linking with CONFIG_IBSS_RSN=y 2009-02-05 18:20:26 +02:00
Jouni Malinen
5f1f352e6c Cleaned up printf format warnings on 64-bit build 2009-02-05 18:18:31 +02:00
Jouni Malinen
42f1ee7d1f Fixed scan buffer increasing with WEXT
We can now handle up to 65535 byte result buffer which is the maximum
due to WEXT using 16-bit length field. Previously, this was limited to
32768 bytes in practice even through we tried with 65536 and 131072
buffers which we just truncated into 0 in the 16-bit variable.

This more or less doubles the number of BSSes we can received from scan
results.
2009-02-05 12:00:23 +02:00
Jouke Witteveen
94abc2f11b Better support in RoboSwitch driver
I am terribly sorry, but because of a lack of testing equipment the
patch was submitted not properly tested.
Because the chipset documentation is not publicly available all
behaviour has to be found out by experimentation. The other day, I
made some incorrect assumptions based on my findings.

I do believe the attached patch does support the whole RoboSwitch line
(5325, 5350, 5352, 5365 and others). It is a drop-in substitution for
my previous submission.
2009-02-04 22:05:14 +02:00
Helmut Schaa
81e59f1070 Fix a segfault in wpa_supplicant_deinit
If wpa_supplicant is started with -u but the DBus service is already
registered wpa_supplicant will bail out. However, it will segfault
in wpa_supplicant_deinit because global->drv_priv wasn't allocated
yet.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2009-02-04 21:55:12 +02:00
Jouni Malinen
421b4ba50a Add CONFIG_DRIVER_NL80211 and clarify client MLME limitations
This is based on a patch from Pavel Roskin <proski@gnu.org>, but with
the WIRELESS_DEV part removed instead of moved since it does not apply
anymore. Additional note on client MLME limitations was also added.
2009-02-04 21:48:05 +02:00
Pavel Roskin
e7e9c46e55 Use better examples for MadWifi path in defconfig, clarify comments
MadWifi is unlikely to be in ../head relative to hostapd or
wpa_supplicant, as it would be inside the hostap git repository.
MadWifi sources are more likely to be in a directory called "madwifi"
and residing outside the hostap repository.  Using "madwifi" also
demonstrates that the top-level madwifi directory is needed.
2009-02-04 21:45:14 +02:00
Jouni Malinen
5eb4e3d024 802.11n: scan for overlapping BSSes before starting 20/40 MHz channel
Try to match PRI/SEC channel with neighboring 20/40 MHz BSSes per
IEEE 802.11n/D7.0 11.14.3.2. This is not yet complete implementation,
but at least some parts of the 40 MHz coex are improved.

40 MHz operation maybe rejected (i.e., fall back to using 20 MHz) or
pri/sec channels may be switched if needed.
2009-02-04 21:19:54 +02:00
Jouni Malinen
30fd5f1467 Verify that driver supports configured HT capabilities 2009-02-04 12:49:23 +02:00
Jouni Malinen
e80e5163f8 UPnP: Minor coding style cleanup 2009-02-03 13:25:49 +02:00
Jouke Witteveen
c0a0c97aa9 Better support in RoboSwitch driver
The RoboSwitch driver of wpa_supplicant had one shortcoming: not
supporting the 5365 series. I believe the patch attached fixes this
problem.

Furthermore it contains a small readability rewrite. It basically is an
explicit loop-rollout so that the wpa_driver_roboswitch_leave style
matches that of wpa_driver_roboswitch_join.
2009-02-03 13:13:54 +02:00
Jouni Malinen
97642d73ee wpa_gui-qt4: Disable WPS tab in the same way as the menu item
Disable by default and only enable if the running wpa_supplicant has
support for WPS. This is based on a patch from Kel Modderman
<kel@otaku42.de>.
2009-02-01 22:02:32 +02:00
Jouni Malinen
6e488ff03c Remove orphaned wpa_cli control socket on EADDRINUSE
If the bind() on /tmp/wpa_ctrl_<pid>_<in-proc-counter> fails with
EADDRINUSE, there is an existing socket file with the name we are trying
to create. Since getpid() is unique, there cannot be another process
using that socket and we can just unlink the file and try again. This
can speed up client connection if wpa_cli is killed without allowing it
to clean up the socket file. [Bug 288]
2009-01-31 22:22:09 +02:00
Jouni Malinen
1c5aeef0c2 Add comments on the new Broadcom driver not using driver_broadcom.c
The newer Broadcom driver ("hybrid Linux driver") supports Linux
wireless extensions and does not need (or even work) with the old
driver wrapper.
2009-01-30 21:34:40 +02:00
Sebastien Decugis
c9c3eafacb Remove unused variable from struct hostapd_config
I think that the "radius" pointer in the structure hostapd_config is
never used; when the configuration is parsed the related data is stored
in hostapd_bss_config's "radius" var.
2009-01-30 21:21:46 +02:00
Jouni Malinen
6f4071c084 Do not use country_code default (was: US)
If country_code is not included in hostapd.conf, refuse to enable IEEE
802.11d and do not try to set the regulatory domain in kernel.
2009-01-30 12:43:19 +02:00
Jouni Malinen
c5e1522f9a Added notes about WPS UPnP support and external Registrars 2009-01-29 19:19:30 +02:00
Jouni Malinen
f620268f13 WPS: Add support for external Registrars using UPnP transport
This adds mostly feature complete external Registrar support with the
main missing part being proper support for multiple external Registrars
working at the same time and processing of concurrent registrations when
using an external Registrar.

This code is based on Sony/Saice implementation
(https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill
(Atheros) to make it more suitable for hostapd design and embedded
systems. Some of the UPnP code is based on Intel's libupnp. Copyrights
and licensing are explained in src/wps/wps_upnp.c in more detail.
2009-01-29 18:47:02 +02:00
Jouni Malinen
39034ce80f Fixed WPS Authenticator attribute processing after M2D
We must not replace M1 with M2D as the last_msg since we need M1 to
validate a possible M2 after M2D. Since M2D and ACK/NACK replies do not
include Authenticator attribute, we can just ignore M2D as far as
updating last_msg is concerned.
2009-01-28 11:59:29 +02:00
Jouni Malinen
1e14526571 Use Data::Data only with Host AP driver; mac80211 can use Data::Nullfunc
The inactivity poll was originally supposed to use Data::Nullfunc, but
due to Prism2/2.5/3 firmware issues, this was changed to an empty
Data::Data frame. mac80211 does not have such an issue, so change the
inactivity poll frame to be Data::Nullfunc by default and use the
Data::Data workaround only with Host AP driver.
2009-01-27 16:36:27 +02:00
Jouni Malinen
f01a6b1e3e driver_nl80211: Fixed inactivity poll status processing
Previous version was discarding TX status for FromDS data frames, but
those are the exact ones that we need to check for inactivity poll to
work, i.e., they are TX status reports for injected data frames.

In addition, remove the debug printing of TX status for data frame since
that could fill up the debug output if kernel-side filtering cannot be
used with monitor interface.
2009-01-27 16:34:48 +02:00
Johannes Berg
9616af520b driver_nl80211: use Linux socket filter to improve performance
TX status information for all transmitted data frames is not going to
be sent to hostapd anymore, so the CPU load with high traffic load is
going to be significantly reduced.
2009-01-27 12:28:05 +02:00
Jouni Malinen
7ce3304ab3 Do not forget wpa_passphrase so that WPS can use it
Send ASCII passphrase instead of derived PSK if the configuration uses
the passphrase.
2009-01-24 12:51:28 +02:00
Jouni Malinen
1a5a04c3de WPS: Add a workaround for incorrect passphrase encoding in Network Key
External Registrar in Vista may include NULL termination in the Network
Key when encoding an ASCII passphrase for WPA/WPA2-PSK. As a workaround,
remove this extra octet if present.
2009-01-24 12:50:00 +02:00
Jouni Malinen
3b2cf800af WPS: Lock AP Setup on multiple AP PIN validation failures
If a Registrar tries to configure the AP, but fails to validate the
device password (AP PIN), lock the AP setup after four failures. This
protects the AP PIN against brute force guessing attacks.
2009-01-23 21:57:43 +02:00
Jouni Malinen
4c29cae932 Added ap_settings option for overriding WPS AP Settings in M7
This optional configuration parameter can be used to override AP
Settings attributes in M7 similarly to extra_cred option for Credential
attribute(s) in M8.
2009-01-23 21:08:55 +02:00
Jouni Malinen
6296625308 Free extra_cred when freeing configuration 2009-01-23 20:51:26 +02:00
Jouni Malinen
b385188de3 Add an EAPOL payload length workaround for a WPS implementation
Buffalo WHR-G125 Ver.1.47 seems to send EAP-WPS packets with too short
EAPOL header length field (14 octets regardless of EAP frame length).
This is fixed in firmware Ver.1.49, but the broken version is included
in many deployed APs. As a workaround, fix the EAPOL header based on the
correct length in the EAP packet. This workaround can be disabled with
eap_workaround=0 option in the network configuration.
2009-01-23 18:01:03 +02:00
Jouni Malinen
a609915233 Allow WPS APs for PIN enrollment even without Selected Registrar
Some WPS APs do not set Selected Registrar attribute to 1 properly when
using an external Registrar. Allow such an AP to be selected for PIN
registration after couple of scan runs that do not find APs marked with
Selected Registrar = 1. This allows wpa_supplicant to iterate through
all APs that advertise WPS support without delaying connection with
implementations that set Selected Registrar = 1 properly.
2009-01-23 13:10:58 +02:00
Jouni Malinen
401e039633 Allow WPS device strings to be unconfigured
Previous version was causing a NULL pointer dereference if a required
string was not set in configuration. It is better to make these
optional.
2009-01-22 21:26:14 +02:00
Jouni Malinen
b3ddab2122 WPS: Pad DH Public Key and Shared Key to 192 octets
WPS spec is not very specific on the presentation used for the DH
values. The Public Key attribute is described to be 192 octets long, so
that could be interpreted to imply that other places use fixed length
presentation for the DH keys. Change the DH derivation to use fixed
length bufferd by zero padding them from beginning if needed. This can
resolve infrequent (about 1/256 chance for both Public Key and Shared
Key being shorter) interop issues.
2009-01-22 19:32:58 +02:00
Masashi Honma
96fa129da9 Use WPS state Not Configured instead of Configured in Enrollee
This is needed to allow external Registrar (at least the implementation
in Windows Vista) to configure the Enrollee.

With this patch and my previous patch (for wps.c) , I could pass "Wi-Fi
WPS Test Plan Version 1.0 [5.1.4. Add to AP using PIN Config method and
PASS PHRASE through wired external registrar]".
2009-01-22 15:18:03 +02:00
Masashi Honma
e29bcf9eab WPS: Check Device Password ID attribute only if present in AP search
I can't pass the "Wi-Fi WPS Test Plan Version 1.0 [5.1.4. Add to AP
using PIN Config method and PASS PHRASE through wired external
registrar]". The wpa_supplicant-0.6.7 can't recoginize the testbed
AP(BCM94704AGRRev-E.2.4) as WPS PIN AP. Because after PIN entered, the
AP sends Selected Registrar attribute=0 and not send Device Password ID
attribute.

The proposed change as-is removed validation of Selected Registrar
attribute completely. However, that part is not included in this commit
since it can cause problems for environments with multiple WPS-enabled
APs. Another workaround for this will be considered in wpa_supplicant
scanning process (e.g., start trying to use WPS with APs that do not set
Selected Registrar to TRUE after couple of scan runs that do not find
any APs with Selected Registrar TRUE).
2009-01-22 15:12:18 +02:00
Jouni Malinen
695e2b48e2 Documented interface for external WPS credential processing 2009-01-21 16:42:11 +02:00
Jouni Malinen
a60e7213e1 Fixed WPS with open and shared WEP networks
Do not initialize EAPOL state machine for the STA when hostapd is
configured to use WPS with open or shared WEP networks. This allows the
STA to use EAPOL-Start to indicate it wants to start WPS in such a case
and hostapd does not end up running through EAPOL authentication timeout
and disconnecting the STA if WPS is not used.

There was already code for starting EAPOL state machines based on
received EAPOL packets, but that was not working properly since
portEnabled was not set to TRUE on that code path. This is now fixed,
too.
2009-01-21 14:18:14 +02:00
Jouni Malinen
aabe26a136 WPS: Added option to disable AP auto-config on first registration
This operation can now be moved into an external program by configuring
hostapd with wps_cred_processing=1 and skip_cred_build=1. A new
ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will
be used to notify external programs of each successful registration and
that can be used as a tricker to move from unconfigured to configured
state.
2009-01-21 13:48:10 +02:00
Jouni Malinen
d745c7cc1a Added wps_cred_processing configuration option for hostapd
This behaves like the one in wpa_supplicant, i.e., hostapd can be
configured not to process new credentials (AP settings) internally and
instead pass the WPS attributes for an external program to process over
ctrl_iface.
2009-01-21 11:54:12 +02:00
Jouni Malinen
42d16805c9 Enable wpa_msg() for hostapd
Use wpa_msg() like wpa_supplicant in order to avoid having to use direct
hostapd_ctrl_iface_send() calls.
2009-01-21 11:45:56 +02:00
Jouni Malinen
05bf32cc87 Changed Credential MAC Address to be BSSID in AP/Registrar
WPS spec is not very clear on which MAC address is used here, but BSSID
makes more sense than Enrollee MAC address.
2009-01-20 21:28:31 +02:00
Jouni Malinen
790ccdb2b3 Changed the version to 0.7.0 since development branch is now 0.7.x 2009-01-20 21:16:29 +02:00
Jouni Malinen
1cc84c1c6b Increased wpa_cli/hostapd_cli ping interval and made it configurable
The default interval is now 5 seconds (used to be 1 second for
interactive mode and 2 seconds for wpa_cli -a). The interval can be
changed with -G<seconds> command line option.
2009-01-20 21:12:00 +02:00