Allow only the expected P2P Interface Address as the BSSID for
the AP to avoid selecting incorrect BSS should there be another
device that is advertising active PBC mode before the target
P2P GO does.
When the P2P state machine requests a remain- on-channel, there's a
potential race where it can then request a stop before the r-o-c has
actually started, in which case the stop will not be processed. Fix
that.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The new DBus API helper function wpas_dbus_error_unknown_error
function can be called as a result of a failure within internal
getter calls, which will call this function with a NULL message
parameter. However, dbus_message_new_error looks very unkindly
(i.e, abort()) on a NULL message, so in this case, we should not
call it.
I've observed this course of events during a call to
wpas_dbus_getter_bss_wpa with a faileld parse of the IE parameter.
We got here through a call to fill_dict_with_properties which
explicitly calls getters with a NULL message parameter. Judging
from the way it is called, this could easily occur if an AP sends
out a malformed (or mis-received) probe response. I usually run
into this problem while driving through San Francisco, so I'm
exposed to any number of base stations along this path.
This patch changes wpa_supplicant policy for handling '' in SSIDs field of
Interface.SSID DBus message. It treats '' (zero-length) SSID as a request
for a broadcast scan, instead of ignoring it.
This patch updates DBus API .Scan() logic per the test cases listed below:
1) Interface.Scan({'Type':'active', 'Channel':(2412, 20)})
Request: Active scan with only '' SSID (1 channel)
Should be: 1 broadcast ProbeRequest on specified channel
Previous: 1 broadcast ProbeRequest on specified channel
This Patch: 1 broadcast ProbeRequest on specified channel
2) Interface.Scan({'Type':'active', 'Channel':(2412, 20), 'SSIDs':['']})
Request: Active scan with only '' SSID (1 channel)
Should be: 1 broadcast ProbeRequest on specified channel
Previous: No ProbeRequests; passive scan results for specified channel
This Patch: FIXED: 1 broadcast ProbeRequest on specified channel
3) Interface.Scan({'Type':'active', 'Channel':(2412, 20), 'SSIDs':['MySSID']})
Request: Active scan with only non-'' SSIDs (1 channel)
Should be: 1 directed ProbeRequest for each SSID on specified channel,
no broadcast ProbeRequest
Previous: 1 directed ProbeRequest for each SSID on specified channel,
no broadcast ProbeRequest
This Patch: 1 directed ProbeRequest for each SSID on specified channel,
no broadcast ProbeRequest
4) Interface.Scan({'Type':'active', 'Channel':(2412, 20), 'SSIDs':['',
'MySSID']})
Request: Active scan with SSIDs, including 1 '' SSID (1 channel)
Should be: 1 broadcast ProbeRequest, 1 directed ProbeRequest for each
non-'' SSID on specified channel
Previous: 1 directed ProbeRequest for each non-'' SSID on specified
channel
This Patch: FIXED: 1 broadcast ProbeRequest, 1 directed ProbeRequest for
each non-'' SSID on specified channel
Currently the DBus Interface.Scan API is counter-intuitive. It issues
ProbeRequests when doing passive scans when channels are specified, and
does not issue ProbeRequests for broadcast active scans.
This patch updates DBus API .Scan() logic per the test cases listed below:
1) Interface.Scan({'Type':'passive'})
Request: Passive scan (all channels)
Should be: No ProbeRequests; Passive Scan results for all channels
Previous: 1 ProbeRequest on all channels for both broadcast SSID and
selected network (scan_ssid=1)
This Patch: --No change--: 1 ProbeRequest on all channels for both
broadcast SSID and selected network (scan_ssid=1)
2) Interface.Scan({'Type':'passive', 'Channel':(2412, 20)})
Request: Passive scan (1 channel)
Should be: No ProbeRequests; Passive Scan results for 1 channel
(plus overlapping channels)
Previous: 1 broadcast ProbeRequest on specified channel
This Patch: --Fixed--: No ProbeRequests; Passive Scan results for 1
channel (plus overlapping channels)
3) Interface.Scan({'Type':'active'})
Request: Active scan with no SSIDs (all channels)
Should be: 1 broadcast ProbeRequest on all channels
Previous: No ProbeRequests; passive scan results for all channels
This Patch: --Fixed--: 1 broadcast ProbeRequest on all channels
4) Interface.Scan({'Type':'active', 'Channel':(2412, 20)})
Request: Active scan with no SSIDs (1 channel)
Should be: 1 broadcast ProbeRequest on specified channel
Previous: No ProbeRequests; Passive scan results for specified
channel (plus overlapping channels)
This Patch: --Fixed--: 1 broadcast ProbeRequest on specified channel
The previous used .gitignore files were mathing some files that
were actually already in the repository (e.g.,
hostapd/logwatch/hostapd). Avoid this by listing the conflicting
entries in the root directory .gitignore with full path.
This cleans up debug log from unnecessary entries when using
wpa_cli/hostapd_cli or other ctrl_iface monitors that PING
periodically to check connectivity.
WPS 2.0 mandates the AP to include WPS IE in (Re)Association Response
if the matching (Re)Association Request included WPS IE. Provide the
needed WPS IE information to the driver_ops API for drivers that
process association frames internally.
Note: This modifies the driver_ops API by adding a new argument to
set_ap_wps_ie().
Instead of build time options (CONFIG_WPS_TESTING_EXTRA_CRED and
CONFIG_WPS_EXTENSIBILITY_TESTING), use a single build option
(CONFIG_WPS_TESTING) and runtime configuration of which testing
operations are enabled. This allows a single binary to be used
for various tests.
The runtime configuration can be done through control interface
with wpa_cli/hostapd_cli commands:
Enable extensibility tests:
set wps_version_number 0x57
Disable extensibility tests (WPS2 build):
set wps_version_number 0x20
Enable extra credential tests:
set wps_testing_dummy_cred 1
Disable extra credential tests:
set wps_testing_dummy_cred 0
Previously, wpa_supplicant remaining in scanning state without
trying to connect, but there is no particular need to do that.
Instead, cancel WPS operation completely whenever PBC session
overlap is detected.
Disconnection event may be received while in associating state.
Previously, wpa_supplicant could get stuck not trying to reconnect
in that case at least with nl80211. Allow scan request in this
state to avoid the issue. This helps especially with APs that do
load balancing by sending Deauthentication frame as a response to
Reassociation Request frame after successful Authentication frame
exchange.
ctrl_interface STA_AUTOCONNECT command can now be used to disable
automatic reconnection on receiving disconnection event. The default
behavior is for wpa_supplicant to try to reconnect automatically, i.e.,
to maintain previous behavior.
The overlap condition cannot disappear before group formation timeout
hits, so there is no point in continuing in this case and failure can
be indicated immediately.
This allows the pending group interface to be removed if we fail
to join a running group. A longer than 15 second timeout is needed
here since the GO may not have authorized our connection yet.
A new ctrl_interface command, WPS_CANCEL, can now be used to cancel
a pending or ongoing WPS operation. For now, this is only available
with wpa_supplicant (either in station or AP mode). Similar
functionality should be added for hostapd, too.
The scan operation before Provision Discovery Request may not include
the GO. However, we are likely to have the GO in our P2P peer table,
so use that information to figure out the operating channel if BSS
table entry is not available.
This is needed to make sure we do not try to accidentally enable GO
in channels that may not be allowed. In addition, this may help with
some driver that do not like channel 14 even as a passive scan
channel.
This command is supposed to return the PIN value that was generated
or passed in as an argument. In the AP case, the entered PIN was not
being returned.
This is needed to be able to change parameters for dynamically
created interfaces between the creation of the interface and
association/start AP commands.
Following ctrl_interface commands can now be used:
P2P_SET client_apsd disable
- disable configuration (i.e., use driver default) in client mode
P2P_SET client_apsd <BE>,<BK>,<VI>,<VO>;<max SP Length>
- enable UASPD with specific trigger configuration (0/1) per AC
(max SP Length is currently ignored)
P2P_SET go_apsd disable
- disable configuration (i.e., use driver default) in AP mode
P2P_SET go_apsd <0/1>
- disable/enable APSD in AP mode
This event indicates the Device Password ID that the peer tried
to use in GO Negotiation. For example:
P2P-GO-NEG-REQUEST 02:40:61:c2:f3:b7 dev_passwd_id=4
If enabled, cross connection allows GO to forward IPv4 packets
using masquerading NAT from the P2P clients in the group to an
uplink WLAN connection. This is disabled by default and can be
enabled with "wpa_cli p2p_set cross_connect 1" on the P2P device
interface.
For now, this applies to the test command that can be used to set
periodic NoA (p2p_set noa). The value are stored and periodic NoA
is enabled whenever there are no non-P2P STAs connected to the GO.
While this is not strictly speaking required by the P2P specification
for a not-P2P Managed Device, this can provide useful information for
the P2P manager AP and may be needed to pass certification tests.
For client-invites-device case, the pre-authorization of an invitation
to running group will need to allow Invitation Request from specified
address, too. This is for testing uses only.
"wpa_cli p2p_set peer_filter <MAC address>" can now be used to
only allow a single P2P Device (based on P2P Device Address) to be
discovered for testing. Setting the address to 00:00:00:00:00:00
disables the filter.
This is mainly designed for testing and allows p2p_connect join auth
to be used to accept a specific invitation to an active group that
may be received in the future.
The driver event for remain-on-channel may be delayed in a way that
allows management-frame-received event to be received before
wpa_supplicant knows that the driver is actually already on the
previously requested channel. We should not request a new
remain-on-channel to send a response to just a frame if we are waiting
for the driver to get to the same channel. Instead, just continue
waiting for the driver event.
When the first wpa_supplicant interface is not the correct one for
transmitting an Action frame (e.g., P2P Presence Request frame
uses a group interface), the code got stuck in an infinite busy
loop. Fix the iteration to go through the interfaces properly.
If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and
reject the frames if any of the mandatory attributes is missing or if an
included attribute uses an invalid value. In addition, verify that all
mandatory attributes are included and have valid values in the WSC
messages.
Advertize list of authorized enrollee MAC addresses in Beacon and
Probe Response frames and use these when selecting the AP. In order
to provide the list, the enrollee MAC address should be specified
whenever adding a new PIN. In addition, add UUID-R into
SetSelectedRegistrar action to make it potentially easier for an AP
to figure out which ER sent the action should there be multiple ERs
using the same IP address.
Verify that the driver wrapper is using a valid deauth/disassoc
event before dereferencing the addr pointer. The address is required
to be set in AP mode, but it is safer to verify this here than to
trust on all driver wrappers doing the correct thing.
Some NDIS drivers require a workaround to allow them to associate
with a WPS AP that is already using protection (Privacy field = 1).
Let driver_ndis.c know if the AP is already using Privacy and if so,
configure a dummy WEP key to force the driver to associate.
Commit d8d940b746 broke the logic on
iterating through all configured network blocks. This was supposed
to continue the loop on mismatch to allow other than the first
configured network to be found.
This patch adds support for wired IEEE 802.1X client on the Solaris.
I have tested with these:
OS : OpenSolaris 2009.06
EAP : EAP-MD5
Switch : Cisco Catalyst 2950
The driver is likely to indicate an immediate signal event when the
threshold value is configured. Since we do this immediately after
association, there is not much point in requesting a new scan to be
started based on this event.
The driver is likely to indicate an immediate signal event when the
threshold value is configured. Since we do this immediately after
association, there is not much point in requesting a new scan to be
started based on this event.
This removes quite a bit of duplicated code and allows network block
priority configuration to be used to prefer unprotected networks and
also allows use on open network with good signal strength even if
scan results show a protected network with marginal signal strength
that does not allow it to be used.
The wpa_supplicant compilation without CONFIG_WPS option results in
messages below.
scan.c: In function 'wpa_supplicant_scan':
scan.c:246: warning: unused variable 'wps'
This trivial patch erases this warning.
This clears up authentication state in the driver and in case of
cfg80211, unlocks the BSS entry for the previously used AP. The
previous commit cf4783e35f changed
only the ctrl_iface DISCONNECT command behavior; this new commit
does the same for D-Bus commands.
wpa_s->bssid is already cleared by mark_disassoc() when we're getting the
disassociation event for the case where wpa_supplicant requested
disassociation. wpa_s->sme.prev_bssid holds the BSSID we need to check
for, so use that instead.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
When passing several authentication algorithms through auth_alg, we
should try all of them when the first one fails. The wext driver goes
through the connect nl80211 command and the retries are then handled by
the kernel. The nl80211 doesn't and we have to handle that from
userspace.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This is needed to avoid trying to reassociate based on new scan
results when using wpa_supplicant to control AP mode. This could
happen if something external triggered the driver to run a scan.
When SME is in wpa_supplicant (mac80211), we need to make sure that
the kernel code has valid BSS entry for the AP. In some cases it
seemed to be possible to end up not having current information in
cfg80211 or mac80211 which can result to association failures. Avoid
this by always running through the scan request before initial
connection attempt.
It is possible that l2_packet is not used with wpa_supplicant
in some cases, so better make sure we do not end up notifying
l2_packet code about authentications unless it was actually
initialized in the first place.
Store list of all discovered BSSes in the ESS and on which frequencies
they have been seen. Use this information to dynamically generated the
list of channels for background scans.
The AP configuration may change after provisioning, so it is better
not to use the current security policy to prioritize results. Instead,
use WPS Selected Registrar attribute as the main sorting key and use
signal strength next without considering security policy or rate sets.
The non-WPS provisioning case remains as-is, i.e., this change applies
only when trying to find an AP for WPS provisioning.
Addition of the background scanning mechanism in commit
60b94c9819 moved the scan trigger
into a new function that was also incrementing the scan_runs
counter, but the removal of the previous scan_runs incrementation
was forgotten from that patch. This counter should only be updated
into a single location, so remove the old one. This improves AP
selection for WPS provisioning by not skipping some of the initial
scans.
wps_er_config can now be used to configure an AP. It is similar to
wps_er_learn, but instead of only learning the current AP settings,
it continues to send M8 with the new settings for the AP.
wps_er_start command now takes an optional parameter that can be used
to configure a filter to only allow UPnP SSDP messages from the
specified IP address. In practice, this limits the WPS ER operations
to a single AP and filters out all other devices in the network.
This avoids an invalid D-Bus call during interface initialization.
The wpa_state change can happen before the D-Bus interface is set up,
so we must be preparted to handle this early event signal. In theory,
it should be possible to reorder initialization code to make sure
D-Bus signals are ready, but that would likely require quite a bit of
code restructuring, so it looks like a safer option for now is to just
skip the early event.
The wpa_supplicant compilation with CONFIG_AP option and without
CONFIG_IEEE80211R, CONFIG_WPS, NEED_SME, CONFIG_CLIENT_MLME options
results in following messages.
../src/ap/drv_callbacks.o: In function `hostapd_notif_assoc':
../src/ap/drv_callbacks.c:59: undefined reference to
`ieee802_11_parse_elems'
gmake: *** [wpa_supplicant] Error 1
Add a new wpa_supplicant state: interface disabled. This can be used
to allow wpa_supplicant to be running with the network interface even
when the driver does not actually allow any radio operations (e.g.,
due to rfkill).
Allow driver_nl80211.c and driver_wext.c to start while rfkill is in
blocked state (i.e., when ifconfig up fails) and process rfkill
events to block/unblock WLAN.
Use regular expression matches to see if input is not the (now translated?)
string "Select any network" and is a "<network id>: <ssid>" string or the
"all" keyword where that is applicable.
Signed-off-by: Kel Modderman <kel@otaku42.de>
This allows wpa_supplicant to be started quickly with an empty
configuration. If an external program wants to fetch scan results
from wpa_supplicant, it will need to request a scan explicitly
in this type of case.
Add "wpa-ft-psk", "wpa-psk-sha256", "wpa-ft-eap" and "wpa-eap-sha256"
possible KeyMgmt values of interface capabilities to fit values in
BSS RSN options dictionary.
This adds more details into the CTRL-EVENT-DISCONNECTED event to
make it easier to figure out which network was disconnected in some
race conditions and to what could have been the reason for
disconnection. The reason code is currently only available with
the nl80211 driver wrapper.
These bursts can result in control interface monitors being detached
even if the external program is still working properly. Use much larger
error threshold for ENOBUFS to avoid this.
There is no absolute requirement for separating address allocation
into separate functions, so simplify the driver wrapper interface
to use just if_add and if_remove instead of adding the new
alloc_interface_addr() and release_interface_addr() functions.
if_add() can now indicate if the driver forced a different interface
name or address on the virtual interface.
Scan only the frequency that was used during provisioning during the
first five scans for the connection. This speeds up connection in the
most likely case where the AP remains on the same channel. If the AP is
not found after these initial scans, all channels will be scanned.
'wpa_cli roam <bssid>' can now be used to test roaming within an ESS
(e.g., for FT over-the-air). This command will bypass a new scan and
will select the BSS based on the specified BSSID. It is responsibility
of the caller to make sure that the target AP is in the BSS table.
This can be done, e.g., by running a scan before the roam command,
if needed.
Instead of parsing the IEs in the callers, use the already existing
parser in wpa_ft.c to handle MDIE and FTIE from initial MD association
response. In addition, this provides more complete access to association
response IEs to FT code which will be needed to fix FT 4-way handshake
message 2/4.
This sets the FT Capability and Policy field in the MDIE to the values
received from the target AP (if available). This fixes the MDIE contents
during FT Protocol, but the correct value may not yet be used in initial
mobility domain association.
When using wpa_supplicant SME (i.e., using nl80211), the rsn_supp
module was not informed of the WPA/RSN IE that was used in
(Re)Association Request frame. This broke roaming between APs that
use different security policy (e.g., changing between WPA/TKIP and
WPA2/CCMP APs) or when using PMKSA caching.
This allows bgscan modules to use more information to decide on when
to perform background scans. bgscan_simple can now change between
short and long background scan intervals based on signal strength
and in addition, it can trigger immediate scans when the signal
strength is detected to be dropping.
bgscan_simple takes following parameters now:
short interval:signal strength threshold:long interval
For example:
bgscan="simple:30:-45:300"
This can be used to limit which frequencies are considered when
selecting a BSS. This is somewhat similar to scan_freq, but will
also affect any scan results regardless of which program triggered
the scan.
Need to kill the monitor process before running detach command on
the monitor connection to avoid race where the monitor process may
end up getting the detach command result.
Previously, this was only done with userspace MLME (i.e., driver_test.c);
now, driver_nl80211.c can deliver the FT Action Response (FT-over-DS)
for processing. The reassociation after successful FT Action frame
exchange is not yet implemented.
Despite comments in the wpa_config_update_prio_list(struct wpa_config
*config) telling that it is called "if priority for a network is
changed", it is apparently not.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This patch allows wpa_supplicant to compile on Debian's kfreebsd
architectures.
Patch by Stefan Lippers-Hollmann based on work done by Petr Salinger
and Emmanuel Bouthenot for 0.6.X (http://bugs.debian.org/480572).
filter_ssids=1 global configuration parameter can now be used to
enable scan result filtering (with -Dnl80211 only for now) based on
the configured SSIDs. In other words, only the scan results that have
an SSID matching with one of the configured networks are included in the
BSS table. This can be used to reduce memory needs in environments that
have huge number of APs.
New global configuration parameter bss_max_count can now be used to
change the maximum BSS table size. The old fixed size limit (200) is
used as the default value for this parameter.
wpa_supplicant can now be notified of suspend/resume events, e.g.,
from pm-action scripts. This allows wpa_supplicant to clear information
that may become invalid during a suspend operation.
This is needed to allow the BSS table entry for the previously used
BSS to be removed. Now wpa_bss_in_use() can return 0 for the last BSS
that was used as soon as deauthentication/disassociation event has been
received.
Some drivers may need to use a specific ifname for the virtual
interface, so allow them to do this with a new parameter passed
to the alloc_interface_addr() handler.
CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config can be used to
configure wpa_cli build to make a version of wpa_cli that forks
a child process to receive event messages. This allows the events
to be shown immediately instead of having to wait for the next
periodic poll with PING.
This allows external programs (e.g., UI) to get more information
about server certificate chain used during TLS handshake. This can
be used both to automatically probe the authentication server to
figure out most likely network configuration and to get information
about reasons for failed authentications.
The follow new control interface events are used for this:
CTRL-EVENT-EAP-PEER-CERT
CTRL-EVENT-EAP-TLS-CERT-ERROR
In addition, there is now an option for matching the server certificate
instead of the full certificate chain for cases where a trusted CA is
not configured or even known. This can be used, e.g., by first probing
the network and learning the server certificate hash based on the new
events and then adding a network configuration with the server
certificate hash after user have accepted it. Future connections will
then be allowed as long as the same server certificate is used.
Authentication server probing can be done, e.g., with following
configuration options:
eap=TTLS PEAP TLS
identity=""
ca_cert="probe://"
Example set of control events for this:
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' hash=5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=8 depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' err='Server certificate chain probe'
CTRL-EVENT-EAP-FAILURE EAP authentication failed
Server certificate matching is configured with ca_cert, e.g.:
ca_cert="hash://server/sha256/5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a"
This functionality is currently available only with OpenSSL. Other
TLS libraries (including internal implementation) may be added in
the future.
When multiple APs are present in scan results with similar signal
strength, wpa_supplicant may end up bounching between them frequently
whenever new scan results are available (e.g., due to periodic scans
requested by NetworkManager). This can result in unnecessary roaming
and in case of the current cfg80211 version, to frequent network
disconnections.
Do not request a roam if the current BSS is still present in the scan
results and the selected BSS is in the same ESS and has only a slighly
stronger signal strength.
Expose RSN and WPA properties for BSS objects containing information
about key management and cipher suites. Get rid of WPA/RSN/WPSIE
byte array properties and add IEs byte array property with all IE data
instead.
This allows the driver wrappers to return two sets of IEs, so that
the BSS code can use information from both Beacon and Probe Response
frames if needed. For example, some Cisco APs seem to include more
information in Wireless Provisioning Services IE when it is in the
Beacon frame.
idx == 0 should be enough to make sure that the addr is set, but
verify that this is indeed the case to avoid any potential issues if
auth_set_key() gets called incorrectly.
There was an extra semicolon that broke the calculation of registered
properties and resulted in obj_desc->prop_changed_flags not being
allocated long enough for all the flags.
The path pointer used as the timeout_ctx was not constant; the path
string itself may have been the same, but the pointer certainly was not
since it was sometimes from stack and sometimes from the dynamically
allocated buffer in obj_desc. This caused some of the eloop timeout
cancellations not to find the timeout. Fix this by using the obj_desc
as the timeout context data.
Instead of sending PropertiesChanged signals for each changed
property separately, mark properties as changed and send aggregated
PropertiesChanged signals for each interface in each object.
Aggregated PropertiesChanged signal is sent
- for all object after responding on DBus call
- for specified object after manual call to
wpa_dbus_flush_object_changed_properties() function
- for each object separately after short timeout (currently 5 ms)
which starts when first property in object is marked changed
The actual supplicant state is exposed via a property on the interface
object. So having a separate signal StateChanged for notifying about
changes is a bad idea. The standard PropertiesChanged signal should be
used for this.
The advantage of StateChanged signal was that it includes the previous
state, but not even NetworkManager is making use of this. And tracking
the old state via the property and this signal is easily possible anyway.
Instead of using some magic integer values that really only mean
something to WPA internal code, just use simple strings. Possible
values are "msgdump", "debug", "info", "warning" and "error" which
map directly to WPA debugging support.
The three existing enums were already depending on using the same
values in couple of places and it is just simpler to standardize on
one of these to avoid need for mapping between different enums for
the exact same thing.
Most of this file was already moved into wpa_supplicant/scan.c and
we can remove the file completely by having couple of small helper
functions copied to the remaining users outside core wpa_supplicant
code.
This fits better in wpa_supplicant/scan.c. Couple of remaining
scan_helpers.c functions are currently used in driver wrappers,
but they can likely be removed in the future.
This adds new commands and events for allowing off-channel Action
frame exchanges to be requested. This functionality is not yet used
and is only fully supported by driver_test.c at this point.
driver_nl80211.c has support for the remain-on-channel commands, but
the Action frame TX/RX part is still pending review for the kernel
code and as such, is not yet included here.
This adds placeholder code for allowing the virtual interfaces to be
pre-allocated a MAC address before the interface type is known with
drivers that do not handle interface type changes.
Get rid of wpa_supplicant_sta_rx() and add a new driver event that is
marked to be used only with driver_test.c. In addition, remove this
functionality from privsep wrapper. This is only use for client mode
MLME testing with driver_test.c.
The wpa_s->bss_id list was being corrupted when the BSS entry needed
to be reallocated due to longer IE data. The entry has to be removed
from all lists before reallocation to avoid this (it was only removed
from the wpa_s->bss list).
There is no need to duplicate the method/signal/property arrays that
were registered for objects. The registration was using static arrays
on methods/signals/properties in all places and we can as well use
those throughout without having to allocate memory and copy all the
entries for every object. This reduces number of allocations and
amount of unnecessary code quite a bit.
Get more information about scans when updating BSS table information.
This allows the missing-from-scans expiration rule to work properly
when only partial set of channels or SSIDs are being scanned.
The perror() calls do not make much sense with libdbus functions and
wpa_printf() would really be used for all error printing anyway. In
addition, many of the error messages on out-of-memory cases are not
really of much use, so they were removed. This is also cleaning up
some of the error path handling to avoid duplicated code.
These cannot be NULL, so there is no point in checking for that. In
addition, the accessor function for this is just making the code harder
to understand.
This callback structure was specific to the new D-Bus API which makes
it more or less pointless. It is just simpler to call the notification
functions directly. More proper design could be to use a generic
mechanism for registering notification callbacks into notify.c, but
that is not yet available and should not be designed just based on a
single user.
These header files are included outside the dbus subdirectory and there
is not really any need to force the libdbus dbus/dbus.h header file to
be included into these files.
There is no need to go through methods, signals, and properties in
two loops and only collect interfaces in the first run. Get rid of
unnecessary CPU use by generating the XML data for interfaces with
a single pass.
The XML used in D-Bus introspection is simple and there is no need to use
libxml2 to generate it. This gets rid of the dependency on the large
library by using internal XML generation.
Simpler to use for loops instead of handling next pointer selection
in all places. In addition, couple of functions could have ended up
in an infinite loop on error path since the pointer update was missed.
In addition, remove Quality and Noise properties since the BSS table
is not the correct place for fetching per-channel information (Noise)
and Quality is not well-defined (nor available from many drivers).
We don't actually need to define separate user_data argument for
each method handler and property getter/setter. Instead, we can define
one argument for the whole object. That will make it easier to register
objects like BSS or Networks which require allocating and freeing
memory for their arguments.
This was mostly identical code that had been copied for the new D-Bus
API implementation and as such, should really have been shared from
the beginning. In addition, the copied code ended up generating
interesting stack traces since the actual D-Bus connection was being
shared even though the pointer to it was stored in two distinct
data structures. The old D-Bus code ended up dispatching some
D-Bus callbacks which ended up running the new D-Bus code.
Since the private context pointers were mostly identical, everything
seemed to more or less work, but this design was just making things
more complex and potentially very easy to break.
Do not try to unregister BSS objects twice (the latter one with invalid
path) and make sure all network objects get added and removed properly
(the ones read from configuration file were not being registered, but
were tried to be unregistered).
This will allow more cleanup to be done for scan results processing
since all code can now be made to depend on the BSS table instead of
the temporary scan results.
Once remaining code has been converted to use the BSS table, the new
scan results can be freed immediately after the BSS table has been
updated. In addition, filtering of BSS information should be added
to better support systems with limited resources. For now, memory
use can be limited by defining WPA_BSS_MAX_COUNT to be smaller.
Anyway, better filtering of results to only the configured networks
should be added to improve this.
Replace the scan results -based implementation with the use of information
from the new BSS table maintained by wpa_supplicant to get a more stable
source of BSS data. Change the use of BSSID as the key for the BSS object
to use the BSS table unique identifier so that multi-SSID APs can be
handled properly.
In addition, provide another option for iterating through the BSS
entries. The old iteration: "BSS 0", "BSS 1", .. with index number.
The new iteration: "BSS FIRST", "BSS NEXT-<prev id>", .. with id
fetched from the previous output (id=<id> line).
This allows the BSS list to be iterated in order of increasing id
to avoid problems with new scans reordering entries. The order on the
wpa_s->bss list changes with most recently updated entries being moved
to the tail of the list while wpa_s->bss_id list maintains its order
with new entries being added to the tail and old entries being removed
when they expire.
This allows the driver interface to be deinitialized before
struct hostapd_data instance gets freed. This needs to be done so
that the driver wrapper does not maintain a context pointer to
freed memory.
Collect information from scan results into a BSS table that will not
expire information as quickly as scan results where every new scan,
no matter for how limited set of channels/SSIDs, clears all old
information.
For now, this is only used for D-Bus BSS added/removed notifications,
but this will likely be extended to be used internally instead of the
scan results to better support partial scans.
This has example code for fetching and interface object and optionally
creating a new interface is one is not found. After that, a scan is
requested and the script continues to listed for signals from
wpa_supplicant and print information about scan results and state
changes.
Must initialize key to be NULL since it can be used in an error
message. If the Scan method did not actually include any dict entries,
the uninitialized pointer was used and this could result in
wpa_supplicant crashing.
Removed the hack that used typecast to get rid of const by using local
variables that are allocated and freed. Fix couple of memory leaks
and check that the required Ifname parameter is included.
Doxygen and some build tools may get a bit confused about same file
name being used in different directories. Clean this up a bit by
renaming some of the duplicated file names in src/ap.
Initialize struct hostapd_data driver context with the same driver
information that was initialized earlier during wpa_supplicant start.
This allows the AP mode operations to be completed directly with the
same calls in AP code without having to maintain a separate translation
layer between the AP and station mode driver context.
This code can be shared by both hostapd and wpa_supplicant and this
is an initial step in getting the generic code moved to be under the
src directories. Couple of generic files still remain under the
hostapd directory due to direct dependencies to files there. Once the
dependencies have been removed, they will also be moved to the src/ap
directory to allow wpa_supplicant to be built without requiring anything
from the hostapd directory.
It would be bettet to avoid including driver_i.h, i.e., direct driver
operation calls from hostapd components. This is an initial step in
that direction for WPS IE updates.
This mode allows associated stations to use 4-address frames to allow
layer 2 bridging to be used. At least for the time being, this is only
supported with driver=nl80211.
This adds config_methods configuration option for wpa_supplicant
following the design used in hostapd. In addition, the string is
now parsed in common code from src/wps/wps_common.c and the list
of configurable methods include all the defined methods from
WPS 1.0h spec.
The D-Bus interface does not really have anything to do with the
wpa_supplicant ctrl_iface interface and as such, this prefix in
dbus files is both confusing and unnecessarily. Make the file names
shorter by removing this prefix.
Instead of forcefully deinitializing ER immediately, give it some
time to complete unsubscription and call eloop_terminate() only once
ER code has completed its work.
WPA_TRACE=y builds will now verify that memory allocation in done
consistently using os_{zalloc,malloc,realloc,strdup,free} (i.e., no
mixing of os_* functions and unwrapper functions). In addition, some
common memory allocation issues (double-free, memory leaks, etc.) are
detected automatically.
WPA_TRACE=y can now be used to enable internal backtrace support that
will provide more details about implementation errors, e.g., when some
resources are not released correctly. In addition, this will print out
a backtrace automatically if SIGSEGV is received.
When setting up an AP with wpa_supplicant, the initial connection was
not necessarily setting oper state from DORMANT to UP which would be
blocking normal data frames. Fix this by initializing new_connection
to 1 so that even the first change to COMPLETED state will end up
setting oper state.
Replace driver wrapper calls to hostapd_tx_status(),
hostapd_rx_from_unknown_sta(), hostapd_mgmt_rx(), and
hostapd_mgmt_tx_cb() with new generic driver events
EVENT_TX_STATUS, EVENT_RX_FROM_UNKNOWN, and EVENT_RX_MGMT.
This cleans up lot of the driver wrapper code to be less dependent
on whether it is being used within wpa_supplicant AP mode or hostapd.
The Prism54.org project seems have been dead for a while and it does not
look like this driver would ever be maintained again. Furthermore, it is
difficult to find a version that would work with the driver_prism54.c
wrapper and there is another driver for these card in the Linux kernel
tree.
The hostapd integration in driver_prism54.c is quite different from the
other driver wrappers and would require major effort to get it cleaned
up. Since there does not seem to be any real users for the cleaned up
version, there does not seem to be justification to spend this effort on
the wrapper. This old code is making it much more difficult to clean up
the driver interface and at this point, the best option seems to be to
remove the driver wrappers. Should someone really still need this, the
old code will continue to be available in hostapd 0.6.x.
Instead of using the latest selected registrar change, collect selected
registrar information separately from all registrars and use the union
of this information when building the WPS IE for Beacon and Probe
Response frames.
Note: SetSelectedRegistrar UPnP action does not include a unique
identifier, so the ER matching routine is based only on the IP address
of the ER. In theory, there could be multiple ERs using the same IP
address (but different port or URL), so there may be some corner cases
that would not always match the correct ER entry at the AP. Anyway, this
is not really expected to occur in normal use cases and even if it did
happen, the selected registrar information is not any worse than it was
before when only the last change from any registrar for being
advertized.
In addition to the bitrate, the only other variable in this structure
is used internally in hostapd. Move this structure into hostapd.h and
make the driver API use simpler data structure (array of bitrates).
The following defines are not really needed in most places, so
remove them to clean up source code and build scripts:
EAP_TLS_FUNCS
EAP_TLS_OPENSSL
EAP_TLS_GNUTLS
CONFIG_TLS_INTERNAL
Wait for connection (IBSS join completed) event before marking state
completed. In addition, do not use the station mode authentication
timeout since that can trigger full disconnection from IBSS when
there is a timeout with just one of the peers.
Initialize the new DBus API before the old one, so new applications
which can use both, the old and the new API will be notified first
that new API is available.
cfg80211/mac80211 can get into somewhat confused state if the AP only
disassociates us and leaves us in authenticated state. For now, force
the state to be cleared with deauthentication to avoid confusing errors
if we try to associate with the AP again. This gets rid of 30 second
delay (scan timeout) in cases where only a disassociation frame is
received from the AP.
8a5ab9f5e5 fixed global driver context
for init2(), but it also broke driver initialization with driver
wrappers that do not use init2().. Fix this by setting wpa_s->global
before it gets dereferenced.
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.
In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
This avoids passing the raw scan results into the RSN code and by
doing so, removes the only dependency on src/drivers from the
src/rsn_supp code (or from any src subdirectory for that matter).
Use shared functions for converting Primary Device Type between binary
and string formats. In addition, use array of eight octets instead of a
specific structure with multiple fields to reduce code complexity.
This gets rid of previously deprecated driver_ops handlers set_wpa,
set_drop_unencrypted, set_auth_alg, set_mode. The same functionality
can be achieved by using the init/deinit/associate handlers.
These driver wrappers should not be used anymore; WEXT should be used
instead. However, there may still be users stuck on older kernel versions
that may require driver specific wrappers, so the source code still
remains in the repository.
Clean up driver interface by merging hostapd and wpa_supplicant
specific set_beacon driver_ops into a single one. In addition,
merge set_beacon_int into to the same operation.
This removes many of the cases where moving to the WPS tab can be
undesired. It is really only useful if we are not currently connected
and there is an AP available that would likely be able to provide us
network connectivity with use of WPS (active PBC more or selected
registrar set).
Clean up the peer dialog information to be more user friendly. Only
show the device type in the tooltip and move the verbose details into
a separate area in a new Properties dialog. The new dialog will also
show some of the standard fields with titles to make them easier to
read.
The Enrollee entry may be deleted while the PIN query dialog is open.
To avoid crashing on using freed entry, copy the needed data into
local variables before and use the local data after the PIN dialog
has been closed.
The peer entries are now using different icons based on their type. As
a starting point, a separate AP and laptop icons are used. More icons may
be added in the future to mark different device types (e.g., based on
primary device type information from WPS).
When using umask 0077, the control interface directory was left without
group read/execute permissions even if the configuration file explicitly
asked for the group to be allowed to access the control interface. Fix
this by adding read/execute permissions for group if a specific group is
defined in the configuration. [Bug 199]
Change the dbus policy file to only allow root applications to receive
signals from wpa_supplicant. This keeps WPS Credentials data secret
from non-root listeners.
When trying to build wpa_gui (Qt4 version) from openembedded it fails
because Qt4 is compiled without session manager and thus wpa_gui fails
to compile.
I attached a patch, that enables compiling without Session Manager (via
preprocessor) if it is not compiled into Qt4; otherwise, it behaves as
it does right now.
I checked to build on my host (Debian unstable, Session Manager
enabled) and openembedded (Session Manager disabled).
This will need some additional code in wps_er_pbc() to handle PBC mode
enabling for a single AP only. For now, this can only be expected to work
when the ER is connected to a single AP.
Clean up registration of large number of dbus method/property/signal
handlers by using arrays containing all the information needed to call
the registration functions.
New PINs can now be added to WPS ER. This results in the ER code
using SetSelectedRegistrar to modify AP state so that Enrollees
will be able to notice the actice registrar more easily.
Smartcard parameter update via DBus ended up re-initializing the EAPOL
state machine without updating the pointer inside WPA state machine.
This can trigger a segfault when EAP layer attempts to use the old
reference. Fix this by re-initializing the pointer inside WPA state
machine.
Better make sure we do not end up writing over the end of the local
registered_sig buffer regardless of how many arguments are used in
dbus method description.
There is no point checking whether wpa_s is not NULL after having
dereferenced it earlier in the function.. Furthermore, there is no
need to use a local variable for wpas_dbus_get_path() result.
The cleanup routine in the end would have dereferenced props pointer
which could be NULL. There is no need to go through that cleanup code
in this case, so just exit from the function with return instead.
ssid could be NULL here at least based on the function documentation,
so better check whether that is the case prior to calling the
notification function.
Commit d3a9822542 broke per-SSID scan
by using the ssid variable for internal loop and by doing so,
overriding the value that was needed below to figure out whether the
scan is for a specific SSID. Fix this by using a temporary variable
instead when looping over network finding which frequencies to scan for.
This was triggering some gcc versions to warn about strict aliasing.
Since the typecast is not really needed here, the cleanest way to get
rid of the warnings is to just use the correct type for the local
variable.
This is like wpa_msg(), but the output is directed only to
ctrl_interface listeners. In other words, the output will not be
shown on stdout or in syslog.
Change scan result reporting to use wpa_msg_ctrl() for
CTRL-EVENT-SCAN-RESULTS message at info level and wpa_printf() at
debug level to avoid showing scan result events in syslog in the
common configuration used with NetworkManager.
This patch implements the new DBus API. Both, the new and the
previous API may work concurrently and may be turned on or off
separately in .config file.
Some features of the new API are:
- more wpa_supplicant's events are signaled with DBus signals,
- introspection data (requires libxml2 and may be disabled),
- CurrentBSS and CurrentNetwork properties,
- PropertyChanged signal for most of properties,
- Relatively easy to extend.
.config options for the new API are: CONFIG_CTRL_IFACE_DBUS_NEW=y and
CONFIG_CTRL_IFACE_DBUS_INTRO=y for introspection.
This commit misses couple of parts from the full implementation
(these are still under review):
- fetching all configuration parameters for learning WPS information
- scan result BSS add/remove notification (register_bss() and
unregister_bss() notification callbacks)
Clean up code so that UPnP implementation does not need to include all
the HTTP functionality. In addition, make it easier to share HTTP server
functionality with other components in the future.
Instead of implementing HTTP client functionality inside
wps_upnp_event.c, use a generic HTTP client module to do this. The HTTP
client code can now be shared more easily for other purposes, too.
This is the first step in adding support for using wpa_supplicant as a
WPS External Registrar to manage APs over UPnP. Only the device
discovery part is implemented in this commit.
New wpa_supplicant command line options -o<driver> and -O<ctrl> can
now be used to override the parameters received in add interface
command from dbus or global ctrl_interface. This can be used, e.g.,
to enable control interface when using NetworkManager (add
-O/var/run/wpa_supplicant into the Exec parameter in
/usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service).
Similarly, this can be used to use another driver wrapper with
NetworkManager (e.g., -onl80211 to replace WEXT with nl80211).
This provides information about PBC mode result from the WPS Registrar
module. This could be used, e.g., to provide a user notification on the
AP UI on PBC failures.
Force deauthentication from the AP to clear mac80211 state (it would get
stuck with future scans if the AP is left in authenticated, but not
associated, state).
Add blacklist entry for the AP to allow other APs with worse signal
strength to be tried (e.g., when APs are trying to do load balancing
with status code 17). Reduce wait for the next scan to speed up
connection in cases where there could be other APs that could accept
association, but which show worse signal strength.
This functionality fits better with src/tls (i.e., internal TLS
implementation), so move it there to make crypto_internal.c more
of a wrapper like other crypto_*.c files.
Previously, APs that were hiding SSID (zero-length SSID IE in
Beacon frames) could have been selected when wildcard SSID matching
was used. This would result in failed association attempt since
the client does not know the correct SSID. This can slow down WPS
which is often using wildcard SSID matching.
Ignore BSSes without known SSID in the scan results when selecting
which BSS to use.
This patch completely separates supplicant's code from dbus.
It introduces three new notifications which copes with all
remaining dbus stuff.
wpas_notify_unregister_interface() was renamed to
wpas_notify_iface_removed().
The hostapd/wpa_supplicant compilation failed with CONFIG_IEEE80211R=y
or CONFIG_IEEE80211W=y option if CONFIG_EAP_PSK and CONFIG_EAP_GPSK are
not used.
mac80211 does not currently allow (re)authentication when we are already
authenticated. In order to work around this, force deauthentication if
nl80211 authentication command fails with EALREADY. Unfortunately, the
workaround code in driver_nl80211.c alone is not enough since the
following disconnection event would clear wpa_supplicant authentication
state. To handle this, add some code to restore authentication state
when using userspace SME.
This workaround will hopefully become unnecessary in some point should
mac80211 start accepting new authentication requests even when in
authenticated state.
Reorganize the TLS/crypto library segments into a single set of blocks
for each library instead of multiple locations handling library-specific
operations. Group crypto functionality together and get wpa_supplicant
and hostapd Makefile closer to eachother in order to make it easier to
eventually move this into a shared makefile.
Crypto library wrappers can now override the internal DH (group 5)
implementation. As a starting point, this is done with OpenSSL. The
new mechanism is currently available only for WPS (i.e., IKEv2 still
depends on the internal DH implementation).
Whenever running wpa_supplicant in AP mode with WPS enabled, the
notifications of missing WPS PIN are now shown on the peer dialog
to make it easier to provide the PIN.
If no BSSes/IBSSes matching the enabled networks are found in the scan
results, IBSS/AP mode network (if configured) can be created in
ap_scan=1 mode instead of requiring ap_scan=2 mode to be used whenever
using IBSS or AP mode.
This brings in the first step in adding support for using NSS
(Mozilla Network Security Services) as the crypto and TLS library
with wpa_supplicant. This version is able to run through EAP-PEAP
and EAP-TTLS authentication, but does not yet implement any
certificate/private key configuration. In addition, this does not
implement proper key fetching functions either, so the end result
is not really of much use in real world yet.
Current wpa_supplicant has a bug with WEP keys, it adds a zero-length
sequence counter field to netlink which the kernel doesn't accept.
Additionally, the kernel API slightly changed to accept keys only when
connected, so we need to send it the keys after that. For that to work
with shared key authentication, we also include the default WEP TX key
in the authentication command.
To upload the keys properly _after_ associating, add a new flag
WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE indicating that the driver
needs the keys at that point and not earlier.
This allows background scanning and roaming decisions to be contained in
a single place based on a defined set of notification events which will
hopefully make it easier to experiment with roaming improvements. In
addition, this allows multiple intra-ESS roaming policies to be used
(each network configuration block can configure its own bgscan module).
The beacon loss and signal strength notifications are implemented for
the bgscan API, but the actual events are not yet available from the
driver.
The included sample bgscan module ("simple") is an example of what can
be done with the new bgscan mechanism. It requests periodic background
scans when the device remains associated with an ESS and has couple of
notes on what a more advanced bgscan module could do to optimize
background scanning and roaming. The periodic scans will cause the scan
result handler to pick a better AP if one becomes available. This bgscan
module can be taken into use by adding bgscan="simple" (or
bgscan="simple:<bgscan interval in seconds>") into the network
configuration block.
After transitioning from DISCONNECTED to SCANNING, we never go back
to DISCONNECTED even though scanning is done or failed.
We're thus stuck in SCANNING while scanning is actually done.
Convert wpa_supplicant_get_scan_results_old() to use the same return
style with the other get_scan_results options and clean up the code
by sharing the same scan result freeing and error checking code for
all the options.
