Commit graph

9891 commits

Author SHA1 Message Date
Haim Dreyfuss
b760e64276 eap_server: Avoid NULL pointer dereference in eap_fast_encrypt_phase2()
If TLS encryption fails, encr may be NULL and that would have resulted
in NULL pointer dereference..

Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
2015-01-20 02:11:59 +02:00
Avraham Stern
948d3a8731 hostapd: Remove unused variable from hostapd_get_hw_features
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-01-20 02:10:33 +02:00
Ilan Peer
dd09e424c2 Fix memory leak in wpa_supplicant global bgscan configuration
Global bgscan configuration parameter was not freed when config was
freed.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-20 02:10:05 +02:00
Eytan Lifshitz
30f459c098 wpa_cli: Fix NULL dereference on printf string argument
In wpa_cli_cmd_interface(), try_connection(), and main(), ctrl_ifname
may be NULL and could be dereferenced depending on the printf()
implementation.

Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
2015-01-20 02:08:58 +02:00
Eytan Lifshitz
414f23d8b9 Avoid NULL string in printf on EAP method names in authenticator
In ieee802_1x_decapsulate_radius(), eap_server_get_name() may return
NULL, and it could be dereferenced depending on printf implementation.
Change it to return "unknown" instead for the case of no matching EAP
method found. This makes it easier for the callers to simply print this
in logs (which is the only use for this function).

Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
2015-01-20 02:07:22 +02:00
Ilan Peer
b72b2ad39e P2P: Stop p2p_listen/find on wpas_p2p_invite
Stop any ongoing P2P listen/find flow before starting invitation flow.
This was partially handled in p2p_invite() that called p2p_find(), but
this did not cleanly handle cases such as long_listen.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-20 01:57:59 +02:00
Luciano Coelho
7b7b4449a9 nl80211: Fix reading of the extended capabilities mask
We were copying the NL80211_ATTR_EXT_CAPA attribute into the
extended_capa_mask element, which is incorrect. Use
NL80211_ATTR_EXT_CAPA_MASK instead.

Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
2015-01-20 01:57:59 +02:00
Ilan Peer
7e608d1def P2P: Use the correct wpa_s interface to handle P2P state flush
A control interface call to flush the current state used the
current wpa_s to clear the P2P state even though it might not
be the interface controlling the P2P state.

Fix it by using the correct interface to flush the P2P state.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-20 01:57:59 +02:00
Eyal Shapira
fd83335f29 AP: Enable HT Tx STBC for AP/GO if supported by driver
Publish support for Tx STBC in the HT capabilities of a GO and AP
controlled by wpa_supplicant in case the hardware supports it.

Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
2015-01-20 01:57:59 +02:00
Ben Rosenfeld
d90bfa97f4 Move external_scan_running to wpa_radio
external_scan_running should be common to all interfaces that share a
radio. This fixes a case where external_scan_running was set on a single
interface, but did not block scan on other interfaces.

Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
2015-01-20 01:57:59 +02:00
Ben
0c5f01fdf2 Clear reattach flag in fast associate flow
Clear the reattach flags, in case a connection request did not trigger a
scan. This needs to be done to avoid leaving the reattach flag set for
the next scan operation which may not have anything to do with the
specific request that could have been optimized using the single-channel
single-SSID scan.

Signed-off-by: Ben <ben.rosenfeld@intel.com>
2015-01-20 01:57:59 +02:00
David Spinadel
8ad8bc5c36 NFC: Redirect NFC commands on global control interface
Redirect NFC commands from global control interface to P2P device
interface.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2015-01-20 01:57:59 +02:00
Jouni Malinen
31b7ecb6c8 tests: P2P NFC invitiation with driver using cfg80211 P2P Device
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-20 01:57:59 +02:00
David Spinadel
57ae1f5be9 P2P: Fix P2P invitation with NFC
Use interface's own NFC configuration instead of parent's one
to support a P2P device dedicated interface.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2015-01-20 00:51:36 +02:00
Matti Gottlieb
07565ab0f9 WNM: Fix the length of WNM_BSS_QUERY control interface command
The length should be 14 and not 10.
The current situation causes failure during parsing of the command.

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
2015-01-20 00:47:41 +02:00
Jouni Malinen
2dc18e9a26 tests: Error handling for scan trigger failure cases
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-19 20:25:22 +02:00
Jouni Malinen
2d9c99e37b Retry scan-for-connect if driver trigger fails
This restores some of the pre-radio work behavior for scanning by
retrying scan trigger if the driver rejects it (most likely returning
EBUSY in case of nl80211-drivers). Retry is indicated in the
CTRL-EVENT-SCAN-FAILED event with "retry=1".

For manual scans (e.g., triggered through "SCAN" control interface
command), no additional retries are performed. In other words, if upper
layers want to retry, they can do so based on the CTRL-EVENT-SCAN-FAILED
event.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-19 20:25:20 +02:00
Jouni Malinen
911942ee64 Add a test framework for various wpa_supplicant failure cases
For CONFIG_TESTING_OPTIONS=y builds, add a new test parameter than can
be used to trigger various error cases within wpa_supplicant operations
to make it easier to test error path processing. "SET test_failure
<val>" is used to set which operation fails. For now, 0 = no failures
and 1 = scan trigger fails with EBUSY. More operations can be added in
the future to extend coverage.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-19 19:34:00 +02:00
Jouni Malinen
e60be3b3d4 tests: WPS registrar learning configuration from WPA+WPA2 AP
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-19 18:39:13 +02:00
Jouni Malinen
6b46bfa751 WPS: Re-fix an interoperability issue with mixed mode and AP Settings
Commit ce7b56afab ('WPS: Fix an
interoperability issue with mixed mode and AP Settings') added code to
filter M7 Authentication/Encryption Type attributes into a single bit
value in mixed mode (WPA+WPA2) cases to work around issues with Windows
7. This workaround was lost in commit
d7a15d5953 ('WPS: Indicate current AP
settings in M7 in unconfigurated state') that fixed unconfigured state
values in AP Settings, but did not take into account the earlier
workaround for mixed mode.

Re-introduce filtering of Authentication/Encryption Type attributes for
M7 based on the current AP configuration. In other words, merge those
two earlier commits together to include both the earlier workaround the
newer fix.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-19 18:35:59 +02:00
Adrien Decostre
1648cc6427 ACS: Allow subset of channels to be configured
Add the possibility to define a subset of channels used by the ACS
engine when not operating on DFS channels.

Signed-off-by: Adrien Decostre <ad.decostre@gmail.com>
2015-01-19 02:35:43 +02:00
Janusz Dziedzic
95ff306988 nl80211: Allow HT/VHT to be disabled for IBSS
Allow HT/VHT overrides to be used for IBSS.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-01-19 02:35:43 +02:00
Masashi Honma
7451a217be mesh: Return negative value on join failed
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-01-19 02:35:43 +02:00
Masashi Honma
5a2a6de6a5 mesh: Make inactivity timer configurable
Current mesh code uses ap_max_inactivity as inactivity timer. This patch
makes it configurable.

There is another mesh inactivity timer in mac80211. The timer works even
if user_mpm=1. So this patch sets the max value to the timer for
workaround.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-01-19 02:35:43 +02:00
Masashi Honma
b9749bac81 AP: Expire STA without entry in kernel
If the inactivity check returns that there is no entry remaining for the
STA in the kernel, drop the STA in hostapd as well.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-01-19 02:35:43 +02:00
Masashi Honma
a114c7235a AP: Remove redundant condition for STA expiration
This condition is always true because of surrounding if.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-01-19 02:35:43 +02:00
Jouni Malinen
059bcc4782 tests: Increase hostapd out-of-memory loop coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-19 02:35:43 +02:00
Jouni Malinen
0d787f0242 Fix RADIUS client with out-of-memory and missing shared secret
It was possible for an out-of-memory code path to trigger NULL pointer
dereference when preparing a RADIUS accounting report.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-19 02:35:43 +02:00
Jouni Malinen
214457de15 tests: WPA + WEP configuration getting rejected
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-19 01:11:36 +02:00
Jouni Malinen
9eadcfbf06 tests: Add step-by-step guide for setting up test framework
This set of notes provides information on how virtual guess OS can be
used to run the mac80211_hwsim test cases under any host OS. The
specific example here uses Ubuntu 14.04.1 server as the starting point
and lists the additional packages that need to be installed and commands
that can be used to fetch and build the test programs.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 18:11:11 +02:00
Jouni Malinen
a66d2248a0 tests: Close wlan5 control interface monitor more explicitly
There were couple of common cases where the control interface for the
dynamic wpa_supplicant instance could have been left in attached state
until Python ends up cleaning up the instance. This could result in
issues if many monitor interface events were queued for that attached
socket. Make this less likely to cause issues by explicitly detaching
and closing control interfaces before moving to the next test case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 17:13:55 +02:00
Jouni Malinen
0efcad2c30 Print in debug log whether attached monitor is for global interface
It is easier to debug issues related to the wpa_supplicant control
interfaces being left behind in attached state when the debug log file
can be used to determine whether a specific monitor socket was a global
or per-interface one.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 16:23:43 +02:00
Jouni Malinen
7f08b2f91d tests: Make WNM Sleep Mode tests more robust
It was possible for the Action frame used for entring WNM Sleep Mode to
get dropped on the AP side due to it arriving prior to having processed
EAPOL-Key message 4/4 due to a race condition between Data and
Management frame processing paths. Avoid this by waiting for
AP-STA-CONNECTED event from hostapd prior to trying to enter WNM Sleep
Mode. In addition, make the check for the STA flag change more robust by
allowing the wait to be a bit longer with a loop that terminates as soon
as the flag has changed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 15:58:05 +02:00
Jouni Malinen
7cc9a81f1e tests: Make PMKSA caching tests more robust
When the STA is forced to disconnect immediately after completion of
4-way handshake, there is a race condition on the AP side between the
reception of EAPOL-Key msg 4/4 and the following Deauthentication frame.
It is possible for the deauthentication notification to be processed
first since that message uses different path from kernel to user space.

If hostapd does not receive EAPOL-Key msg 4/4 prior to deauthentication,
no PMKSA cache entry is added. This race condition was making the test
cases expecting PMKSA caching to work to fail every now and then. Avoid
this issue by waiting for AP-STA-CONNECTED event from hostapd. This
makes sure the PMKSA cache entry gets added on the AP side.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 15:47:56 +02:00
Jouni Malinen
d4155eb78a tests: Add some more time for olbc_ht update in olbc_5ghz
It looks like this test case is failing every now and then, so add some
more time for the olbc_ht value to get updated before reporting a
failure.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 12:55:49 +02:00
Jouni Malinen
b4de353c85 tests: Import gobject in a way that allows failures
It looks like the gobject module does not get installed by default for
Python at least on Ubuntu server, so modify the D-Bus test case files to
import this in a way that allows other test cases to be run even without
gobject module being installed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 12:50:20 +02:00
Jouni Malinen
57f08b3f3a tests: Make ap_anqp_sharing more robust
This test case uses get_bss() with a BSSID to find a BSS entry. That can
result in failures if there are multiple BSS entries in wpa_supplicant
BSS table for the same BSSID, e.g., due to an earlier hidden SSID test
case. Explicitly clear the cfg80211 and wpa_supplicant scan caches at
the beginning of this test case to make it less likely for earlier test
cases to trigger a failure here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 12:50:20 +02:00
Jouni Malinen
296186c006 tests: Make ap_mixed_security more robust
This test case uses get_bss() with a BSSID to find a BSS entry. That can
result in failures if there are multiple BSS entries in wpa_supplicant
BSS table for the same BSSID, e.g., due to an earlier hidden SSID test
case. Explicitly clear the cfg80211 and wpa_supplicant scan caches at
the beginning of this test case to make it less likely for earlier test
cases to trigger a failure here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 12:50:20 +02:00
Jouni Malinen
092ac7bb0e tests: Hotspot 2.0 ANQP fetch with hidden SSID BSS entry
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 12:50:20 +02:00
Jouni Malinen
8266e6c6b4 HS 2.0: Try to use same BSS entry for storing GAS results
Commit 17b8995cf5 ('Interworking: Try to
use same BSS entry for storing GAS results') added a mechanism to try to
pair GAS request and response to a single BSS entry to cover cases where
multiple BSS entries may exists for the same BSSID. However, that commit
did not cover the Hotspot 2.0 ANQP elements. Extend this mechanism to
all ANQP elements. This can help in cases where information in the
Hotspot 2.0 specific ANQP elements got lost if a hidden SSID or some
other reason of duplicated BSS entries was present while doing ANQP
fetches.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 17:47:32 +02:00
Jouni Malinen
3dacd58b0d tests: Write BSS table to debug log in ap_mixed_security
This makes it easier to debug test failures in BSS entry flags field.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 17:22:38 +02:00
Jouni Malinen
7e3a6c9e21 tests: Mark proxyarp_open as skip if traffic test fails
This step requires kernel changes that are not yet in upstream Linux
tree, so mark this as skip rather than failure for now.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 17:15:42 +02:00
Jouni Malinen
0258cf1006 tests: Clean up ap_wpa2_eap_aka_ext
Use a loop over set of test values instead of duplicated functionality
implemented separately for each case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 17:09:46 +02:00
Jouni Malinen
584e4197bd tests: Make ap_wpa2_eap_aka_ext faster and more robust
Use SELECT_NETWORK instead of REASSOCIATE for the first reconnection to
avoid unnecessary long wait for temporary network disabling to be
cleared. In addition, wait for the disconnect event after issuing the
DISCONNECT commands to avoid issues due to any pending events during the
immediately following reconnection attempt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 16:59:40 +02:00
Jouni Malinen
27f527e0e2 tests: ap_hs20_fetch_osu: Print osu-providers.txt in debug log
This makes it easier to figure out what happened if the test case fails
due to not finding all the needed OSU-PROVIDER information.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 16:03:43 +02:00
Jouni Malinen
6c69991382 Make wpa_supplicant FLUSH command more likely to clear all BSS entries
Move the wpa_bss_flush() call to the end of the function to allow any
pending user of a BSS entry to be cleared before removing the unused
entries. There were number of cases where BSS entries could have been
left in the list and this resulted in some hwsim test failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 15:39:48 +02:00
Jouni Malinen
2dbe63ad53 Write reason for scan only_new_results into debug log
This can be helpful in figuring out why the driver was requested to
flush its scan results prior to starting a new scan.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 13:54:16 +02:00
Jouni Malinen
a4a15cf1f9 tests: Skip some scan tests if iw does not support scan flush
The external cfg80211 scan flushing operation requires a relatively
recent iw version and not all distributions include that. Avoid false
failure reports by marking these test cases skipped if the iw command
fails.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 13:05:34 +02:00
Jouni Malinen
e246d7d5b3 tests: Fix test skipping for some DFS/VHT cases
Due to a typo and missing hapd variable initialization, some of the DFS
and VHT test cases were marked as failures even though they were
supposed to be marked as skipped in case the kernel and wireless-regdb
did not have sufficient support for these modes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 13:04:11 +02:00
Jouni Malinen
fb9adae466 tests: Fix dbus_probe_req_reporting_oom if already registered
If dbus_probe_req_reporting was run before dbus_probe_req_reporting_oom,
the SubscribeProbeReq() method succeeded since the memory allocation
that was supposed to fail in the OOM test case was not even tried.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 12:39:00 +02:00