Jouni Malinen [Sun, 25 Nov 2018 22:51:38 +0000 (00:51 +0200)]
Fix hostapd config file reloading with BSS addition/removal
BSS additional/removal cases were not considered at all in the previous
implementation of hostapd configuration file reloading on SIGHUP. Such
changes resulted in num_bss values getting out of sync in runtime data
and configuration data and likely dereferencing of freed memory (e.g.,
when removing a BSS).
Fix this by forcing a full disable/enable sequence for the interface if
any BSS entry is added/removed or if an interface name changes between
the old and the new configuration.
Jouni Malinen [Sun, 25 Nov 2018 20:01:35 +0000 (22:01 +0200)]
tests: DPP Connector testing with ECDSA signature in Python
Implement ECDSA signing functionality in the Python test script for
generating a valid signedConnector. This allows coverage of DPP config
object testing to be increased more easily.
Jouni Malinen [Sun, 25 Nov 2018 11:51:26 +0000 (13:51 +0200)]
DPP: Fix error path handling for GAS Comeback Response building
A local memory allocation failuring during GAS Comeback Response frame
generation could result in freeing the response context without removing
it from the list. This would result in dereferencing freed memory when
processing the next comeback request.
Jouni Malinen [Sun, 25 Nov 2018 11:49:44 +0000 (13:49 +0200)]
DPP: Fix memory leaks in GAS server error path handling
If local memory allocation for the GAS response failed, couple of error
paths ended up leaking some memory maintaining the state for the
exchange. Fix that by freeing the context properly.
Jouni Malinen [Sun, 25 Nov 2018 11:33:39 +0000 (13:33 +0200)]
DPP: Fix GAS client error case handling
The GAS client processing of the response callback for DPP did not
properly check for GAS query success. This could result in trying to
check the Advertisement Protocol information in failure cases where that
information is not available and that would have resulted in
dereferencing a NULL pointer. Fix this by checking the GAS query result
before processing with processing of the response.
It is basically all wrong. The Pmf property did exist, with a signature of
"s" as documented in doc/dbus.doxygen. It was synthesized from
global_fields[].
The patch added a duplicate one, with a signature of "u", in violation
of D-Bus specification and to bemusement of tools that are careful
enough:
Jouni Malinen [Sat, 24 Nov 2018 11:36:54 +0000 (13:36 +0200)]
mesh: Add Category and Action field to maximum buffer length
Make the buf_len calculation match more closely with the following
wpa_buf*() operations. The extra room from the existing elements was
apparently sufficiently large to cover this, but better add the two
octet header explicitly.
Bob Copeland [Fri, 23 Nov 2018 15:15:42 +0000 (10:15 -0500)]
mesh: Fix off-by-one in buf length calculation
The maximum size of a Mesh Peering Management element in the case
of an AMPE close frame is actually 24 bytes, not 23 bytes, plus the
two bytes of the IE header (IEEE Std 802.11-2016, 9.4.2.102). Found by
inspection.
The other buffer components seem to use large enough extra room in their
allocations to avoid hitting issues with the full buffer size even
without this fix.
tests: Store the correct PID in hostapd-test.pid file
The hwsim's start.sh script spawns hostapd process using "sudo".
Since sudo forks a child process, $! holds the pid of sudo itself.
Fix that by storing the PID of the child process instead.
Since in VM "sudo" is replaced with a dummy script, pass an additional
argument to run-all.sh and start.sh scripts to indicate that they are
running inside a VM.
This is needed to fix ap_config_reload and ap_config_reload_file test
cases on some platforms where sudo is apparently not relaying the
signals properly.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ayala Beker [Tue, 23 Oct 2018 11:23:52 +0000 (14:23 +0300)]
tests: Fix ap_acl_deny test
In ap_acl_deny test, the AP doesn't send probe responses during scan due
to ACL reject. As the result, dev[0] might miss the AP's Beacon frame
because the dwell time is too short. Make the test more robust and
trigger passive scan, and by that increase the probability of hearing
the AP.
Johannes Berg [Fri, 26 Oct 2018 13:50:48 +0000 (15:50 +0200)]
nl80211: Use correct u8 size for NL80211_ATTR_SMPS_MODE
Back in December 2017, Jouni fixed the output side since that was
causing a kernel message to be printed, but the input side should
also be fixed, otherwise it will not work correctly on big-endian
platforms.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Fix dpp_configurator_get_key command name in hostapd_cli
The option to get DPP configurator key in hostapd_cli was named
incorrectly. It was wrongly pointing to dpp_configurator_remove. Fix
this by using the correct name.
Jouni Malinen [Fri, 9 Nov 2018 16:07:16 +0000 (18:07 +0200)]
HS 2.0: Generate AssocReq OSEN IE based on AP advertisement
Parse the OSEN IE from the AP to determine values used in the AssocReq
instead of using hardcoded cipher suites. This is needed to be able to
set the group cipher based on AP advertisement now that two possible
options exists for this (GTK_NOT_USED in separate OSEN BSS; CCMP or
GTK_NOT_USED in shared BSS case). Furthermore, this is a step towards
allowing other ciphers than CCMP to be used with OSEN.
Sachin Ahuja [Mon, 29 Oct 2018 11:31:12 +0000 (17:01 +0530)]
Define new QCA vendor command for coex priority config
Add QCA_NL80211_VENDOR_SUBCMD_COEX_CONFIG vendor command
to set the priorities among different types of traffic of
WLAN/BT/Zigbee during coex scenarios.
vamsi krishna [Wed, 31 Oct 2018 21:50:21 +0000 (03:20 +0530)]
Add QCA vendor event to indicate throughput changes
Add interface for drivers to report changes in TX/RX throughput
dynamically to user space. This information can be used by userspace
tools to tune kernel's TCP parameters in order to achieve peak
throughput. The driver may optionally provide guidance on which TCP
parameters to be configured for optimal performance along with the
values to be configured.
The TCP parameters that need to be tuned for peak performance are not
interface specific. Based on the guidance from the driver and
considering the other interfaces that may be affected with the new
configurations, a userspace tool has to choose the values to be
configured for these parameters to achieve optimal performance across
interfaces.
The throughput levels informed by the driver with this event are only
for providing guidance on TCP parameter tuning from userspace. The
driver may change the thresholds used to decide low or medium or high
throughput levels based on several parameters based on the PHY layer
capacity in the current connection, the number of packets being
dispatched per second, or the number of packets pending in queues, etc.
The throughput levels may not be consistent with the actual throughput
of the link.
Jouni Malinen [Mon, 5 Nov 2018 22:46:23 +0000 (00:46 +0200)]
tests: Use bridge in sigma_dut_ap_eap_osen
This is needed to allow sigma_dut to enable ap_isolate=1. In addition,
verify that the two associated STAs with RSN(EAP) and OSEN cannot
exchange frames between them.
Add test config QCA vendor attribute for action frame Tx in TB PPDU
Add a new wifi test config QCA vendor attribute to configure action
frame transmission in HE trigger based PPDU.
This is used for testbed configuration.
Define test config QCA vendor attribute for HE OM control config
Add a new wifi test config QCA vendor attributes to configure HE
operating mode control field bandwidth, number of spatial streams, and
UL MU disable configuration. Define a new attribute to clear the
previously set HE OM control field configuration. This is used for
testbed configuration.
Jouni Malinen [Tue, 30 Oct 2018 17:15:11 +0000 (19:15 +0200)]
HS 2.0: Fix Terms and Conditions URL handling
Do not try to determine the length of the T&C Server URL before checking
that the URL is available. This got broken in a change to move the
handling to the AS. hostapd could potentially have hit a NULL pointer
dereference if the authentication server sent an unconsistent set of T&C
information.
Fixes: d4e39c51f8bb ("HS 2.0: Move Terms and Conditions Server URL generation from AP to AS") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Ankita Bajaj [Tue, 16 Oct 2018 14:32:19 +0000 (20:02 +0530)]
OCE: Move OCE checks to IE formation from hostapd initialization
Earlier, the OCE flags were checked during hostapd initialization. This
doesn't address few cases like for example when the interface is added
from control interface. Move the OCE flag checks to the functions that
are forming the MBO/OCE IEs to cover all the different paths for
enabling a BSS. Also use macros as appropriate for readability.
Jouni Malinen [Tue, 30 Oct 2018 13:29:12 +0000 (15:29 +0200)]
HS 2.0: Do not require devinfo.xml for all hs20-osu-client operations
hs20-osu-client refused to do anything if it could not find devinfo.xml
from the current working directory. This is a bit excessive since that
file was used in init_ctx() only to fill in ctx->devid which is used
when constructing OMA DM messages.
Move the check for ctx->devid into OMA DM specific code so that other
hs20-osu-client functionality can be used without the devinfo.xml file.
Jouni Malinen [Tue, 30 Oct 2018 12:00:00 +0000 (14:00 +0200)]
WNM: Collocated Interference Reporting
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.
For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".
For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".
This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).
Peng Xu [Thu, 18 Oct 2018 19:03:25 +0000 (12:03 -0700)]
nl80211: Read reg-domain information from a specific wiphy
If driver supports self-managed regulatory domain, read reg-domain
information for that specific wiphy interface instead the global
information which may be different which such drivers. This fixes issues
where a regulatory update with a self-managed regulatory domain driver
ended up building incorrect list of supported channels for upper layer
hostapd/wpa_supplicant operations.
Peng Xu [Thu, 18 Oct 2018 18:17:05 +0000 (11:17 -0700)]
nl80211: Add support for self-managed regulatory device
Add a flag indicating if the device has the self-managed regulatory
support. Set the flag if NL80211_ATTR_WIPHY_SELF_MANAGED_REG attribute
is set when reading wiphy info.
Karol Babioch [Sun, 14 Oct 2018 19:58:58 +0000 (21:58 +0200)]
Enable the close-on-exec flag for the debug log file descriptor
On Linux this flag will make sure that no file descriptor is
accidentally leaked into potential child processes. While this is not a
problem right now, it is considered to be good practice these days when
dealing with file descriptors on Linux.
Karol Babioch [Tue, 16 Oct 2018 15:50:12 +0000 (17:50 +0200)]
Create debug log file with more sane file permissions
Previously the file permissions for the debug log file were not
explicitly set. Instead it was implicitly relying on a secure umask,
which in most cases would result in a file that is world-readable. This
is a violation of good practices, since not every user should have
access to sensitive information that might be contained in the debug log
file.
Explicitly set sane default file permissions in case the file is newly
created.
Unfortunately the fopen(3) function does not provide such a facility, so
the approach needs to be changed in the following way:
1) The file descriptor needs to be created manually using the open(3)
function with the correct flags and the desired mode set.
2) fdopen(3) can then be used on the file descriptor to associate a file
stream with it.
Note: This modification will not change the file permissions of any
already existing debug log files, and only applies to newly created
ones.
P2P related configuration should be done on a global control interface.
This way this test can be reused also when a dedicated P2P device
interface is used.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ilan Peer [Thu, 23 Aug 2018 13:52:33 +0000 (16:52 +0300)]
AP: Place the WPA IE in the correct order
In case the protocol used for the BSS is WPA, the WPA vendor IE should
be placed after all the non vendor IEs. Fix this for Beacon and Probe
Response frames.
Ilan Peer [Thu, 23 Aug 2018 13:52:32 +0000 (16:52 +0300)]
SME: Fix order of WPA IE in association request
In case that the protocol used for association is WPA the WPA IE was
inserted before other (non vendor specific) IEs. This is not in
accordance to the standard that states that vendor IEs should be placed
after all the non vendor IEs are placed. In addition, this would cause
the low layers to fail to properly order information elements.
To fix this, if the protocol used is WPA, store the WPA IE and reinsert
it after all the non vendor specific IEs were placed.
Sriram R [Fri, 14 Sep 2018 11:06:06 +0000 (16:36 +0530)]
hostapd: Reset channel switch parameters on interface disable
Previously, when an AP interface was disabled through a control
interface DISABLE command during a channel switch window, the interface
could not be reenabled due to beacon setup failure (which validates if
CSA is in progress).
Fix this by clearing channel switch parameters while disabling the
hostapd interface.
Jouni Malinen [Fri, 19 Oct 2018 15:07:37 +0000 (18:07 +0300)]
HS 2.0: Rename PPS/Credential1 node to Cred01
This makes it a bit easier to use existing hardcoded PPS MO files for
testing purposes when the subscription remediation and policy update
operations target the same path.
Jouni Malinen [Fri, 19 Oct 2018 14:57:39 +0000 (17:57 +0300)]
HS 2.0: OSU server test functionality for incorrect behavior (policy)
Extend test=<value> special incorrect behavior testing capabilities in
the OSU server to include the fingerprint of the policy update trust
root: test=corrupt_polupd_hash.
Jouni Malinen [Wed, 17 Oct 2018 16:08:12 +0000 (19:08 +0300)]
HS 2.0: OSU server test functionality for incorrect behavior
Add a mechanism to allow special incorrect behavior to be requested from
OSU server by adding an optional parameter test=<value> to the initial
signup URL. This is for protocol testing purposes for the OSU client.
This commit adds two special behavior cases: corrupt_aaa_hash and
corrupt_subrem_hash. These can be used to generate PPS MO with invalid
CertSHA256Fingerprint values for AAAServerTrustRoot and
SubscriptionUpdate nodes.
Jouni Malinen [Wed, 17 Oct 2018 16:03:18 +0000 (19:03 +0300)]
HS 2.0: Reject PPS MO if polupd or AAA trust root is invalid
Previously, this was done only for the subscription remediation/update
trust root. The other downloaded files were also verified, but the OSU
server was not notified if the files were found to be invalid.
Modify hs20-osu-client behavior to explicitly notify the OSU server if
any of the three trust root types cannot be successfully downloaded.
Jouni Malinen [Wed, 17 Oct 2018 09:33:11 +0000 (12:33 +0300)]
tests: Work around tshark bug in wpas_mesh_max_peering
It looks like tshark parser was broken at some point for
wlan.mesh.config.cap which is now (tshark 2.6.3) pointing to incorrect
field (same as wlan.mesh.config.ps_protocol). This used to work with
tshark 2.2.6.
For now, assume the capability field ends up being the last octet of the
frame.
Jouni Malinen [Tue, 16 Oct 2018 15:21:07 +0000 (18:21 +0300)]
tests: Update tshark wlan_mgmt compatibility code for new version
It looks like at least tshark 2.6.3 uses a different error message for
unknown display filter fields:
tshark: Neither "wlan_mgt.fixed.category_code" nor "4" are field or protocol names.
and a different status exit code (2 instead of 1).
Add a new handler for this combination to allow automatic wlan_mgt to
wlan conversion to happen.
tests: Make ap_reconnect_auth_timeout test more robust
This test starts two identical APs and assumes a connection to the first
one, though it is not necessary true. Fix that by starting the second AP
only after the connection is established.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The channel configuration in CHAN_SWITCH command was incorrect. This
resulted in switching to HT40+ channel, while announcing HT40- in the
secondary channel IE. This caused a disconnection after the channel
switch. Fix that.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Nishant Chaprana [Tue, 21 Aug 2018 11:37:51 +0000 (17:07 +0530)]
EAP-pwd peer: Fix memory leak in eap_pwd_perform_confirm_exchange()
hash variable is allocated memory using eap_pwd_h_init(), but there are
couple of error case code paths which skips deallocation of hash. The
memory of hash is deallocated using eap_pwd_h_final(). Fix this by
calling eap_pwd_h_final() at the end of the function if execution got
there through one of those error cases.
Fix 5 GHz to 2.4 GHz channel switch with hostapd through DISABLE/ENABLE
When moving a 5 GHz VHT AP to 2.4 GHz band with VHT disabled through the
hostapd control interface DISABLE/reconfig/ENABLE commands, enabling of
the AP on 2.4 GHz failed due to the previously configured VHT capability
being compared with hardware VHT capability on 2.4 GHz band:
hw vht capab: 0x0, conf vht capab: 0x33800132
Configured VHT capability [VHT_CAP_MAX_MPDU_LENGTH_MASK] exceeds max value supported by the driver (2 > 0)
ap: interface state DISABLED->DISABLED
Since VHT (ieee80211ac) config is already disabled for the 2.4 GHz band,
add fix this by validating vht_capab only when VHT is enabled.
Fixes: c781eb842852 ("hostapd: Verify VHT capabilities are supported by driver") Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
Ashok Kumar [Fri, 12 Oct 2018 04:06:05 +0000 (09:36 +0530)]
PMF: Do not start SA Query procedure if there is no association
Previous implementation ended up triggering PMF check for previous
association and SA Query procedure incorrectly in cases where there is a
STA entry in hostapd, but that STA is not in associated state. This
resulted in undesired temporary rejection of the association with status
code 30.
This ended up breaking OWE group negotiation when PMF is in use since
the check for the OWE group would have happened only after this earlier
PMF check and rejection (i.e., the station got status code 30 instead of
the expected 77).
For example, when the AP is configured with OWE group 21 and a station
tries groups 19, 20, and 21 (in this sequence), the first two
Association Request frames should be rejected with status code 77.
However, only the first one got that status code while the second one
got status code 30 due to that issue with PMF existing association
check.
Furthermore, hostapd was continuing with SA Query procedure with
unencrypted Action frames in this type of case even though there was no
existing association (and obviously, not an encryption key either).
Fix this by checking that the STA entry is in associated state before
initiating SA Query procedure based on the PMF rules.
Hauke Mehrtens [Wed, 10 Oct 2018 21:43:07 +0000 (23:43 +0200)]
SAE: Do not ignore option sae_require_mfp
Without this patch sae_require_mfp is always activate, when ieee80211w
is set to optional all stations negotiating SAEs are being rejected when
they do not support PMF. With this patch hostapd only rejects these
stations in case sae_require_mfp is set to some value and not null.
Fixes ba3d435fe43 ("SAE: Add option to require MFP for SAE associations") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Jouni Malinen [Sun, 14 Oct 2018 17:03:55 +0000 (20:03 +0300)]
Drop logging priority for handle_auth_cb no-STA-match messages
This message was printed and MSG_INFO level which would be more
reasonable for error cases where hostapd has accepted authentication.
However, this is not really an error case for the cases where
authentication was rejected (e.g., due to MAC ACL). Drop this to use
MSG_DEBUG level.
Jouni Malinen [Sun, 14 Oct 2018 16:57:22 +0000 (19:57 +0300)]
Reduce undesired logging of ACL rejection events from AP mode
When Probe Request frame handling was extended to use MAC ACL through
ieee802_11_allowed_address(), the MSG_INFO level log print ("Station
<addr> not allowed to authenticate") from that function ended up getting
printed even for Probe Request frames. That was not by design and it can
result in excessive logging and MSG_INFO level if MAC ACL is used.
Fix this by printing this log entry only for authentication and
association frames. In addition, drop the priority of that log entry to
MSG_DEBUG since this is not really an unexpected behavior in most MAC
ACL use cases.
Ilan Peer [Wed, 22 Aug 2018 16:49:04 +0000 (19:49 +0300)]
OWE: Improve discovery of OWE transition mode AP
An OWE AP device that supports transition mode does not transmit the
SSID of the OWE AP in its Beacon frames and in addition the OWE AP does
not reply to broadcast Probe Request frames. Thus, the scan results
matching relies only on Beacon frames from the OWE open AP which can be
missed in case the AP's frequency is actively scanned.
To improve the discovery of transition mode APs, include their SSID in
the scan command to perform an active scan for the SSIDs learned from
the open mode BSSs.
OWE: Attempt more scans for OWE transition SSID if expected BSS not seen
This commit introduces a threshold for OWE transition BSS selection,
which signifies the maximum number of selection attempts (scans) done
for finding OWE BSS.
This aims to do more scan attempts for OWE BSS and eventually select the
open BSS if the selection/scan attempts for OWE BSS exceed the
configured threshold.
HS 2.0: Use execve() with custom env PATH to launch browser using 'am'
With new restriction in Android, if PATH env variable doesn't have
correct path of 'am' binary, execv() fails to launch wpadebug browser
(am starts, but something seems to fail within its internal processing).
This commit is a workaround to use execve() with custom environment PATH
which includes "/system/bin;/vendor/bin" to handle the cases where
hs20-osu-client fails to launch wpadebug browser through /system/bin/am.
QCA vendor subcommand and attributes to configure capture of CFR data
Add a subcommand for Channel Frequency Response (CFG) Capture
Configuration and define attributes for configuring CFR capture
parameters per peer and enabling/disabling CFR capture.
Jouni Malinen [Mon, 8 Oct 2018 15:07:00 +0000 (18:07 +0300)]
HS 2.0 server: Subscription remediation with user selected new password
Add support for user remediation to request a new password from the user
for username/password credentials that have been configured not use use
machine managed password.
Jouni Malinen [Sun, 7 Oct 2018 13:50:08 +0000 (16:50 +0300)]
RADIUS: Support last_msk with EAP-TLS
This extends the last_msk testing functionality in the RADIUS server to
work with EAP-TLS based on "cert-<serial_num>" form user names in the
database.
Jouni Malinen [Fri, 5 Oct 2018 18:02:29 +0000 (21:02 +0300)]
HS 2.0: Reject OSU connection for Single SSID case without OSU_NAI
The Single SSID case can only use OSEN, so reject the case where OSU_NAI
is not set and open OSU connection would be used since that connection
cannot succeed.
projects / thirdparty / hostap.git / log
