Commit graph

614 commits

Author SHA1 Message Date
Jouni Malinen
289ffc2b61 Add preliminary version of NSS TLS/crypto wrapper for wpa_supplicant
This brings in the first step in adding support for using NSS
(Mozilla Network Security Services) as the crypto and TLS library
with wpa_supplicant. This version is able to run through EAP-PEAP
and EAP-TTLS authentication, but does not yet implement any
certificate/private key configuration. In addition, this does not
implement proper key fetching functions either, so the end result
is not really of much use in real world yet.
2009-09-29 01:21:09 +03:00
Masashi Honma
f335c69e14 DragonFly BSD: Fix wired IEEE 802.1X
On DragonFly BSD, wired IEEE 802.1X fails with this message:
ioctl[SIOC{ADD/DEL}MULTI]: Invalid argument

This patch solves this issue.

I have tested with these:
OS : DragonFly BSD 2.4.0
EAP : EAP-TLS
Switch : Cisco Catalyst 2950
2009-09-28 16:10:02 +03:00
Masashi Honma
40e107c129 Mac OS X: Fix wired IEEE 802.1X 2009-09-26 19:29:03 +03:00
Jouni Malinen
2aa5f84709 nl80211: Use defines for NL80211_KEY_CIPHER values 2009-09-15 11:23:48 +03:00
Jouni Malinen
d723bab4b3 Revert "nl80211: Share the same routine for NL80211_ATTR_KEY_CIPHER setup"
This reverts commit 5aa9cb5cca.

The nested key attribute is using different attribute values
(NL80211_KEY_* vs. NL80211_ATTR_KEY_*), so cannot share the same routine
for these purposes..
2009-09-15 11:21:25 +03:00
Jouni Malinen
5aa9cb5cca nl80211: Share the same routine for NL80211_ATTR_KEY_CIPHER setup 2009-09-15 10:54:41 +03:00
Johannes Berg
0194fedb46 driver_nl80211: Fix MLME key settings for static WEP
Current wpa_supplicant has a bug with WEP keys, it adds a zero-length
sequence counter field to netlink which the kernel doesn't accept.

Additionally, the kernel API slightly changed to accept keys only when
connected, so we need to send it the keys after that. For that to work
with shared key authentication, we also include the default WEP TX key
in the authentication command.

To upload the keys properly _after_ associating, add a new flag
WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE indicating that the driver
needs the keys at that point and not earlier.
2009-09-15 10:48:30 +03:00
Jouni Malinen
611ed49118 Add parsed information from WPS IE(s) into scan results
This makes it easier for external programs to show WPS information
since they do not need to parse the WPS IE themselves anymore.
2009-09-11 17:14:49 +03:00
Jouni Malinen
e9a2bca6f5 WPS: Add parsing of AP Setup Locked attribute 2009-09-11 17:13:59 +03:00
Jouni Malinen
6e4f461270 Fix driver_test for hostapd
Commit 0b55b934ee broke this by not
initializing drv->ap = 1 in hostapd case since the mode updating
code ended up unlinking the socket file. Setting drv->ap = 1
removes the mode change and as such, unlinking of the socket file.
2009-09-11 16:45:34 +03:00
Jouni Malinen
abad3ccb1e Convert WPS IE concat routine to a generic helper
This may also be needed in wpa_supplicant and potentially for other
IE types, too.
2009-09-11 16:36:59 +03:00
Jouni Malinen
630a843f59 driver_test: Update BSS data when using wpa_supplicant AP mode 2009-09-11 00:22:35 +03:00
Jouni Malinen
0b55b934ee driver_test: Implement set_mode for wpa_supplicant AP deinit 2009-09-11 00:17:35 +03:00
Jouni Malinen
86e9f093a0 driver_test: Preliminary support for wpa_supplicant AP functionality 2009-09-10 17:41:29 +03:00
Jouni Malinen
5d5b99ecd3 driver_test: Share the same deinit() for hostapd and wpa_supplicant 2009-09-10 17:03:51 +03:00
Jouni Malinen
c6f726748d driver_test: Merge socket_dir into test_dir 2009-09-10 16:52:03 +03:00
Jouni Malinen
5ae8964079 driver_test: Some additional merging of send_mlme 2009-09-10 16:48:10 +03:00
Jouni Malinen
133032e7bd driver_test: Claim AP mode capability for wpa_supplicant 2009-09-10 16:30:35 +03:00
Jouni Malinen
ac48db0f2b driver_test: Build most of code in unconditionally
It is simpler to just build in all the test driver code regardless
of whether this is for hostapd or wpa_supplicant (which will eventually
get AP mode support with driver_test, too).
2009-09-10 16:28:47 +03:00
Jouni Malinen
41aeddf99a driver_test: Merge wpa_supplicant and hostapd data structures
There is no real need to keep these in separate data structures with
different names.
2009-09-10 16:18:04 +03:00
Alex Badea
7598210b79 radius_server: clean up completed sessions sooner
radius_server_encapsulate_eap() resets sess->eap->if->eap{Success,Fail}
to FALSE, such that the completion condition is never true.

The net effect is that completed sessions would linger for
RADIUS_SESSION_TIMEOUT seconds.

Signed-off-by: Alex Badea <vamposdecampos@gmail.com>

Previously, the default settings allowed 100 sessions in 60 seconds.
With this fix, the default limit is now 100 sessions per 10 seconds.
[Bug 329]
2009-09-09 23:54:03 +03:00
Jouni Malinen
2678509dec WPS: Store device info and make it available through AP ctrl_iface
Store a copy of device attributes during WPS protocol run and make it
available for external programs via the control interface STA MIB
command for associated stations. This gives access to device name and
type which can be useful when showing user information about associated
stations.
2009-09-07 22:09:13 +03:00
Jouni Malinen
52eb293dd2 WPS: Add support for AP reconfiguration with wps_reg
wpa_supplicant can now reconfigure the AP by acting as an External
Registrar with the wps_reg command. Previously, this was only used
to fetch the current AP settings, but now the wps_reg command has
optional arguments which can be used to provide the new AP
configuration. When the new parameters are set, the WPS protocol run
is allowed to continue through M8 to reconfigure the AP instead of
stopping at M7.
2009-09-06 13:58:15 +03:00
Jouni Malinen
7da2c5276d nl80211: Ignore connect/roam/disconnect events when using SME
Getting double association/disassociation events can get core code
confused, so better filter out the extra events.
2009-09-04 16:39:41 +03:00
Zhu Yi
cfaab58007 nl80211: Connect API support
If the driver does not support separate authentication and association
steps, use the connect API instead.
2009-09-03 21:31:29 +03:00
Zhu Yi
da72a1c1ae nl80211: Add connect/disconnect event processing 2009-09-03 20:39:59 +03:00
Zhu Yi
93d1140077 nl80211: Check whether the driver support separate auth/assoc commands
This is an initial step in adding support for the new connect command.
For now, we just add the capability query. The actual use of the new
command will be added separately.
2009-09-03 20:36:09 +03:00
Zhu Yi
8d6ca17813 nl80211: Use defines for cipher suite selectors 2009-09-03 20:21:18 +03:00
Masashi Honma
80cc6bf6d0 OpenBSD: wired IEEE 802.1X for OpenBSD
This is a patch for OpenBSD wired IEEE 802.1X. This is only for wired,
not wireless, because OpenBSD uses wpa_supplicant only on wired now.

http://www.openbsd.org/cgi-bin/cvsweb/ports/security/wpa_supplicant/

I have tested with these.
OS : OpenBSD 4.5
EAP : EAP-TLS
Switch : CentreCOM 8724SL
2009-08-26 23:40:51 +03:00
Masashi Honma
fe23eb5696 WPS: Aggregate deinit calls in WPS OOB
In WPS OOB, deinit_func() is called from 3 locations.
This patch aggregates these to one.
2009-08-26 23:34:54 +03:00
Witold Sowa
3a57305f10 Fix a bug with ap_rx_from_unknown_sta() recursion
ap_rx_from_unknown_sta was going into infinite recursion,
or could even crash because of corrupted pointer cast.
2009-08-26 20:18:24 +03:00
Jouni Malinen
335ce76b1c nl80211: Use two sockets to avoid mixing command replies with events
Previously, both the command replies and unsolicited events were
received from the same socket. This could cause problems if an event
message is received between a command and the response to that command.
Using two sockets avoids this issue.
2009-08-26 12:10:50 +03:00
Jouni Malinen
5cd89c26f9 Disable PMTU discovery for RADIUS packets (sent them without DF)
When Linux has Path MTU discovery enabled, it sets by default the DF bit
on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger
than the smallest MTU size to the target, it will be discarded.

This effectively limits RADIUS messages to ~ 1500 Bytes, while they can
be up to 4k according to RFC2865. In practice, this can mean trouble
when doing EAP-TLS with many RADIUS attributes besides the EAP-Message.
[Bug 326]
2009-08-23 21:32:27 +03:00
Stefan Winter
a2fbf12524 Disable PMTU discovery for RADIUS packets (sent them without DF)
When Linux has Path MTU discovery enabled, it sets by default the DF bit
on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger
than the smallest MTU size to the target, it will be discarded.

This effectively limits RADIUS messages to ~ 1500 Bytes, while they can
be up to 4k according to RFC2865. In practice, this can mean trouble
when doing EAP-TLS with many RADIUS attributes besides the EAP-Message.
[Bug 326]
2009-08-23 21:21:25 +03:00
Jouni Malinen
ad469aecc1 Reject X.509 certificate strings with embedded NUL characters
These could, at least in theory, be used to generate unexpected common
name or subject alternative name matches should a CA sign strings with
NUL (C string termination) in them. For now, just reject the certificate
if an embedded NUL is detected. In theory, all the comparison routines
could be made to compare these strings as binary blobs (with additional
X.509 rules to handle some exceptions) and display NUL characters
somehow. Anyway, just rejecting the certificate will get rid of
potential problems with the C string getting terminated and it should
not really be used in certificates, so this should not break valid use
cases.
2009-08-23 21:00:38 +03:00
Jouni Malinen
9932c17fc8 Sync with linux/nl80211.h from wireless-testing.git 2009-08-18 11:33:40 +03:00
Jouni Malinen
1ba787b954 Remove unneeded aes_i.h inclusion from number of places
The BLOCK_SIZE define can be made more specific by using AES_ prefix and
by moving it to aes.h. After this, most aes-*.c do not really need to
include anything from the internal aes_i.h header file. In other words,
aes_i.h can now be used only for the code that uses the internal AES
block operation implementation and none of the code that can use AES
implementation from an external library do not need to include this
header file.
2009-08-17 20:27:25 +03:00
Jouni Malinen
04b6b3ed51 Verify that EAPOL-Key MIC generation succeeds
This can now fail, e.g., if trying to use TKIP in FIPS mode.
2009-08-16 22:35:15 +03:00
Jouni Malinen
7a215dfc2b Verify that RC4 operation succeeds 2009-08-16 22:28:40 +03:00
Jouni Malinen
108f9dd49b Fix crypto_cipher_init() EVP initialization
Better not specify EVP_CIPHER again for the second init call since that
will override key length with the default value. The previous version
was likely to work since most use cases would be likely to use the
default key length. Anyway, better make this handle variable length
ciphers (mainly, RC4), too, just in case it is needed in the future.
2009-08-16 22:26:59 +03:00
Jouni Malinen
7cba52d852 Use OpenSSL for RC4 instead of internal implementation 2009-08-16 22:26:13 +03:00
Jouni Malinen
ac73690c06 Move RC4 into crypto.h as a replaceable crypto function
This allows crypto library wrappers to override the internal RC4
implementation in the same way as can already be done for other crypto
algorithms.
2009-08-16 20:13:14 +03:00
Jouni Malinen
8ef1683115 Remove rc4() wrapper
This is not really of that much use since rc4_skip() can be used as
easily. In addition, rc4 has caused some symbol conflicts in the past,
so it is easier to live without that as an exported symbol.
2009-08-16 19:57:50 +03:00
Jouni Malinen
1d5ed36e7c Fix build with non-FIPS capable OpenSSL 2009-08-16 19:56:33 +03:00
Jouni Malinen
c5f6ad5766 Verify CHAP/MSCHAPv2 return code
Check the return code in some (but not yet all) places where the
functions from ms_funcs.c are used.
2009-08-16 19:07:57 +03:00
Jouni Malinen
ff916b9df7 Allow non-FIPS MD5 to be used with TLS PRF even in FIPS mode
This is allowed per FIPS1402IG.pdf since the TLS PRF depends fully on
both MD5 and SHA-1.
2009-08-16 18:56:48 +03:00
Jouni Malinen
be299ca4ce Pass digest return value to CHAP/MSCHAPv2 caller 2009-08-16 18:38:35 +03:00
Jouni Malinen
76f04b38b0 Preliminary support for FIPS mode operation with OpenSSL
wpa_supplicant can now be built with FIPS capable OpenSSL for FIPS mode
operation. Currently, this is only enabling the FIPS mode in OpenSSL
without providing any higher level enforcement in wpa_supplicant.
Consequently, invalid configuration will fail during the authentication
run. Proper configuration (e.g., WPA2-Enterprise with EAP-TLS) allows
the connection to be completed.
2009-08-16 14:24:22 +03:00
Jouni Malinen
6d503f67e3 Pass error values from digest calls to ms_funcs callers
These function calls can now fail, so better let the caller know if that
happened.
2009-08-16 14:18:59 +03:00
Jouni Malinen
1430ba9b7e OpenSSL: Use library version of SHA256
There is no need to use the internal SHA256 implementation when using
OpenSSL.
2009-08-16 14:15:36 +03:00
Jouni Malinen
4b77bf2a40 OpenSSL: Use EVP_Digest*() functions
Instead of using low level, digest-specific functions, use the generic
EVP interface for digest functions. In addition, report OpenSSL errors
in more detail.
2009-08-16 14:12:06 +03:00
Jouni Malinen
0a5d68aba5 Make hash functions return error value
Some crypto libraries can return in these functions (e.g., if a specific
hash function is disabled), so we better provide the caller a chance to
check whether the call failed. The return values are not yet used
anywhere, but they will be needed for future changes.
2009-08-16 14:06:00 +03:00
Jouni Malinen
e1ffdfc18b Enable SHA256 digest support in OpenSSL
This is needed to allow X.509 certificates with SHA256 digest to be
used. [Bug 323]
2009-08-16 10:25:13 +03:00
Jouni Malinen
1b8409a0a5 Support PEM format RSA private key with internal TLS implementation 2009-08-16 09:34:21 +03:00
Masashi Honma
d43430d43d NetBSD: Fix wired IEEE 802.1X problem
On NetBSD 5.0, when I use wired 802.1X, "Invalid argument" occurs
on SIOCADDMULTI ioctl and 802.1X fails.

I tried FreeBSD code, but "Address family not supported by protocol family"
occurs on SIOCADDMULTI ioctl and 802.1X fails, too.

This patch solves this issue.

I have tested with these:
OS : NetBSD 5.0
EAP : EAP-MD5
Switch : CentreCOM 8724SL
2009-08-15 20:59:16 +03:00
Jouni Malinen
ba30964b60 Force rebuilding of src/drivers between hostapd and wpa_supplicant
This is a (hopefully) temporary workaround to allow the same source code
tree to be used for building hostapd and wpa_supplicant without having
to manually force recompilation of some files. Currently, some of the
driver wrapper files need to be built separately for hostapd and
wpa_supplicant (#ifdef's in the files based on AP functionality).

This is somewhat racy as far as parallel make execution is concerned,
i.e., it may be necessary to run "make -j#" twice (plain "make" works
fine. Since this is supposed to be a temporary workaround, there is not
much point in trying to fix this with any more complex make processing.
2009-08-14 20:40:37 +03:00
Johannes Berg
e7cd16cac5 Create a common drivers makefile snippet
Instead of having all driver stuff collected across wpa_supplicant
and hostapd, create a common snippet that they both include and
that handles the build configuration.
2009-08-14 19:53:27 +03:00
Jouni Malinen
6b23b70445 Avoid a theoretical integer overflow in base64_encode()
If base64_encode() were to be used with a huge data array, the
previous version could have resulted in overwriting the allocated
buffer due to an integer overflow as pointed out in
http://www.freebsd.org/cgi/query-pr.cgi?pr=137484. However, there
are no know use cases in hostapd or wpa_supplicant that would do that.
Anyway, the recommended change looks reasonable and provides additional
protection should the base64_encode() function be used for something
else in the future.
2009-08-13 16:36:41 +03:00
Johannes Berg
4c9e03e0b2 Crypto build cleanup: remove CONFIG_NO_AES_*
Instead of using a defines and conditional building of AES parts,
move the conditional functionality into separate files.
2009-08-13 11:40:28 +03:00
Johannes Berg
6b5c4c3359 Remove some more crypto ifdef, fix a few small bugs 2009-08-13 11:28:03 +03:00
Johannes Berg
27da6d4a0e Crypto build cleanup: remove CONFIG_NO_AES_ENCRYPT
Instead of using a define and conditional building of AES parts,
move the AES encryption routines into a separate file.
2009-08-13 11:21:32 +03:00
Johannes Berg
381fcbc9f4 Crypto build cleanup: remove CONFIG_NO_AES_DECRYPT
Instead of using a define and conditional building of AES parts,
move the AES decryption routines into a separate file.
2009-08-13 11:16:21 +03:00
Johannes Berg
18abe7acb0 Crypto build cleanup: remove CONFIG_NO_PBKDF2
Instead of using a define and conditional building of sha1.c parts,
move the PBKDF2 implementation into a separate file.
2009-08-11 20:31:39 +03:00
Johannes Berg
d9feab18fc Crypto build cleanup: remove CONFIG_NO_TLS_PRF
Instead of using a define and conditional building of sha1.c parts,
move the TLS PRF implementation into a separate file.
2009-08-11 20:24:06 +03:00
Johannes Berg
6f693b5d0b Crypto build cleanup: remove CONFIG_NO_T_PRF
Instead of using a define and conditional building of sha1.c parts,
move the T-PRF implementation into a separate file.
2009-08-11 20:19:37 +03:00
Johannes Berg
05edfe2994 Crypto build cleanup: remove NEED_FIPS186_2_PRF
Instead of using a define and conditional building of crypto wrapper
parts, move the FIPS 186-2 PRF implementation into separate files.
2009-08-11 20:06:23 +03:00
Johannes Berg
ad01a5315e Crypto build cleanup: remove INTERNAL_MD5
Instead of using a define and conditional building of md5.c parts,
move the internal-MD5 into a separate file.
2009-07-28 21:36:13 +03:00
Johannes Berg
bd4e28950d Crypto build cleanup: remove INTERNAL_MD4
In addition, rename md4.c to md4-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:27:02 +03:00
Johannes Berg
598a792d8c Crypto build cleanup: remove INTERNAL_SHA256
Instead of using a define and conditional building of sha256.c parts,
move the internal-SHA256 into a separate file.
2009-07-28 21:20:04 +03:00
Johannes Berg
246157cba6 Crypto build cleanup: remove INTERNAL_AES
In addition, rename aes.c to aes-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:09:57 +03:00
Johannes Berg
657f038102 Crypto build cleanup: remove INTERNAL_DES
In addition, rename des.c to des-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:00:44 +03:00
Johannes Berg
928a50a355 Crypto build cleanup: remove INTERNAL_SHA1
Instead of using a define and conditional building of sha1.c parts,
move the internal-SHA-1 into a separate file.
2009-07-28 20:47:04 +03:00
Johannes Berg
849ef835a7 nl80211: Fix WEP key configuration
Current wpa_supplicant has a bug with WEP keys, it adds a zero-length
sequence counter field to netlink which the kernel doesn't accept.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2009-07-26 21:22:55 +03:00
Johannes Berg
7a47d567cf hostapd: fix auth encryption
hostapd currently tries to encrypt all auth frames,
except for "OPEN" and "SHARED with transaction 3".
This means that it will send an encrypted "unknown
auth algorithm" reply for all other algorithsm. Fix
this by changing the logic to only encrypt shared
key auth frames with transaction 3.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2009-07-26 21:15:47 +03:00
Jon Loeliger
2e8eac2d67 Allow wpa_supplicant to use libnl-2.0
Change existing CONFIG_LIBNL20 compatibility code in
driver_nl80211.c to be used by both wpa_supplicant
and hostapd, but take care of nl_handle too now.

Propagate CONFIG_LIBNL20 out of .config file and onto
CFLAGS in the Makefile.

Use libnl-gen now too.

Signed-off-by: Jon Loeliger <jdl@bigfootnetworks.com>
---
2009-07-25 17:21:52 +03:00
Ryuji
1c5a1aa51c Fix EAP-TNC peer memory leak on an error path 2009-06-30 19:39:13 +03:00
Jouni Malinen
064bb8232c Add root .gitignore file to cleanup ignore lists
This removes need for local configuration to ignore *.o and *~
and allows the src/*/.gitignore files to be removed (subdirectories
will inherit the rules from the root .gitignore).
2009-06-29 21:47:19 +03:00
Jouni Malinen
f141be0caf EAP-SIM peer: Remove AT_NOTIFICATION from Notification response
This attribute is not supposed to be used in the response frame (i.e.,
it is only in the EAP-Request/SIM-Notification frame) per RFC 4186
chapters 10.1 and 9.9. This is a minor bug since the server is required
to ignore the contents of the EAP-Response/SIM-Notification during
protected result indication per chapter 6.2.

EAP-AKA peer was already following the similar specification in RFC 4187,
but this was somehow missed in the EAP-SIM peer implementation.
2009-06-29 21:42:29 +03:00
Jouni Malinen
2b16c01c4e Rename variable to avoid gcc warning about shadowed names 2009-06-29 21:26:48 +03:00
Jouni Malinen
3fed6f2504 Replace hostapd_wps_probe_req_rx() with more generic ProbeReq notifier
The driver wrappers should not need to include wps_hostapd.h, so let's
make this easier by introducing a driver callback for reporting Probe
Request frames.
2009-06-12 17:31:43 +03:00
Jouni Malinen
efe22727da X.509: Add parsing of alternative name to internal TLS implementation
The alternative name extensions are now parsed, but the actual values
are not yet used for alt. subject name matching.
2009-06-11 23:47:35 +03:00
Jouni Malinen
4625a47f4b WPS: Change wpa_supplicant wps_reg to not send out M8
Since we do not currently support changing the AP settings received
from M7, there is no point in actually sending out the M8 that would
likely trigger the AP to reconfigure itself and potentially reboot.
For now, we just receive the AP settings in M7 and add a local network
configuration block based on those, but NACK the message. This makes
wps_reg work like wps_pin, but by using the AP PIN instead of a client
PIN.
2009-06-10 15:53:35 +03:00
Roy Marples
a5b73cc49d driver_bsd.c: Use new MLME method of association.
Old way does not work with all drivers on NetBSD and FreeBSD are
also using this so should be a safe change. [Bug 312]

Signed-off-by: Roy Marples <roy@marples.name>
2009-05-29 22:41:43 +03:00
Roy Marples
66d4085f0a driver_bsd.c: Reduce code duplication between hostapd and wpa_supplicant
Add generic functions to get/set 80211 vars, set 80211 params and
get/sid ssid.
Change NetBSD defines to match the ioctl used for portability.
Check size we're copying into instead of assuming IFNAMSIZ.

Signed-off-by: Roy Marples <roy@marples.name>
2009-05-29 22:38:55 +03:00
Jouni Malinen
92e63aafdc bsd: Get rid of printf size_t warnings with 64-bit builds 2009-05-29 22:34:07 +03:00
Karl Hiramoto
a35187e71a hostapd: nl80211 retry creating a interface if it fails the first time
If hostapd segfaults, or is killed with -9, or the interface already exists,
when the interface is created, it will fail.

Configuration file: /tmp/hostapd/hostapd.conf
Failed to create interface mon.wlan0_0.
Using interface wlan0_0 with hwaddr 00:13:01:01:08:0a and ssid 'IG_0405_LAN'
Failed to set beacon head/tail or DTIM period
Failed to create interface wlan0_1.

Try to remove the interface and re-create it before aborting.
2009-05-29 21:48:19 +03:00
Dan Williams
2976121955 wext: disconnect at init and deinit
To ensure the supplicant starts and ends with a clean slate (keys are
already cleaned up at init and deinit time), force a null BSSID and
bogus SSID to ensure the driver isn't connected to anything.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2009-05-27 21:01:26 +03:00
Dan Williams
87d01acfeb wext: Fix deauthentication to do IW_MLME_DEAUTH prior to disconnect
4853d5ac84 had a small bug in the order
of these function calls in _wext_deauthenticate() (_disassociate()
did have the correct order). The deauthentication frame is supposed
to go out (if driver supports that) before we disconnect more
forcefully.
2009-05-27 20:57:29 +03:00
Dan Williams
64a04447c3 wext: don't force-disconnect in ad-hoc mode
Otherwise the driver might interpret the request as a request to
create/join a new adhoc network with the bogus SSID.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2009-05-27 20:55:15 +03:00
Jouni Malinen
077a781f7a WPS: Add support for setting timeout for PIN
hostapd_cli wps_pin command can now have an optional timeout
parameter that sets the PIN lifetime in seconds. This can be used
to reduce the likelihood of someone else using the PIN should an
active PIN be left in the Registrar.
2009-05-26 17:44:44 +03:00
Jouni Malinen
b63303b864 hostapd: Fix internal crypto build without TLS 2009-05-26 17:09:04 +03:00
Jouni Malinen
c7be4c2e3e Resolve couple of compiler warnings 2009-05-26 17:08:16 +03:00
Masashi Honma
a65f4a57fd driver_bsd.c: use get_scan_results2
The attached patch will replace get_scan_results with get_scan_results2.
This is a preparation for WPS on BSD.
And I erased "wpa_scan_result_compar". Because scan result
sorting will be done with "wpa_scan_result_compar" on
"scan_helpers.c".

I have done below tests on NetBSD with an atheros card.
- WPA2-PSK(CCMP)
- WPA-PSK(TKIP)
- PEAP(MSCHAPv2)
- EAP-TLS
- EAP-TTLS(MSCHAPv2)
2009-05-21 11:34:54 +03:00
Masashi Honma
131289d88d Fix hostapd and wpa_supplicant comipilation on NetBSD 4.0.1 2009-05-21 11:21:09 +03:00
Jouni Malinen
0165255010 nl80211: Add support for IEEE 802.1X port control in station mode
This adds a cleaner mechanism for protecting against unauthorized
data frames than the previously used drop_unencrypted mechanism
(which is not even available with nl80211 and had to use a WEXT
ioctl.

The old drop_unencrypted code is left in for now as the final
surviving WEXT use in driver_nl80211.c. However, it can be removed
from the build by defining NO_WEXT. It may also be removed
eventually when most users are expected to be using recent enough
kernel version.
2009-05-14 21:54:47 +03:00
Jouni Malinen
7e76ee9c45 nl80211: Add support for NL80211_ATTR_STA_FLAGS2
For now, the old code using NL80211_ATTR_STA_FLAGS is left in for
backwards compatibility with older kernel versions. It may be removed
eventually when most users are expected to be running with new
enough kernel version.
2009-05-14 21:53:21 +03:00
Jouni Malinen
a652fc1a24 Sync with linux/nl80211.h from wireless-testing.git 2009-05-14 21:51:59 +03:00
Jouni Malinen
e572fa331c nl80211: Add MFP flag configuration for station mode
This fixes IEEE 802.11w use with driver_nl80211.c in station mode.
2009-05-12 11:55:18 +03:00
Jouni Malinen
c4e281fd91 Drop unprotected Robust Action frames from MFP STAs
These frames are delivered through mac80211 monitor interface, so we
need to filter them out in hostapd.
2009-05-08 12:51:28 +03:00
Jouni Malinen
4209a95df5 Update SA Query transaction id length based on IEEE 802.11w/D8.0
IEEE 802.11w/D8.0 changed the length of the SA Query transaction
identifier from 16 to 2 octets.
2009-05-06 18:57:17 +03:00