Jouni Malinen [Sat, 21 Nov 2009 18:52:55 +0000 (20:52 +0200)]
wpa_gui: Only move to WPS tab if inactive/disconnect and AP ready
This removes many of the cases where moving to the WPS tab can be
undesired. It is really only useful if we are not currently connected
and there is an AP available that would likely be able to provide us
network connectivity with use of WPS (active PBC more or selected
registrar set).
The current MinGW/w32api versions seem to provide all the needed CryptoAPI
functions, so the code for loading these dynamically from the DLL can be
removed.
Jouni Malinen [Sat, 21 Nov 2009 18:17:24 +0000 (20:17 +0200)]
Fix strict aliasing issue with the internal SHA-1 implementation
Need to define the workspace buffer properly to allow compiler to handle
strict aliasing between the incoming unsigned char[64] buffer as an u32
array. The previous version built with strict aliasing enabled can
result in SHA-1 producing incorrect results and consequently, with
4-way handshake failing.
This is based on a report and patch from Dan Williams <dcbw@redhat.com>
but with a different type (the union) used as a fix to avoid needing
extra type casting.
Jouni Malinen [Sat, 21 Nov 2009 16:15:37 +0000 (18:15 +0200)]
WPS ER: Use random event identifier in event URL
This avoids some issues in cases where the ER has been started and
stopped multiple times on the same address and an AP may have stored
multiple event notification addresses for the same ER. The random
identifier allows the ER to filter out unexpected messages from further
processing.
Jouni Malinen [Sat, 21 Nov 2009 16:06:02 +0000 (18:06 +0200)]
WPS: Cleanup subscription URL list handling
Do not give the allocated memory to the subscription code since it was
not using it as-is anyway. This makes it easier to understand who owns
the allocation an is responsible of freeing it. This may potentially
fix some memory leaks on error paths.
Jouni Malinen [Sat, 21 Nov 2009 13:01:23 +0000 (15:01 +0200)]
wpa_gui: Move peer tooltip into Properties dialog
Clean up the peer dialog information to be more user friendly. Only
show the device type in the tooltip and move the verbose details into
a separate area in a new Properties dialog. The new dialog will also
show some of the standard fields with titles to make them easier to
read.
Jouni Malinen [Thu, 19 Nov 2009 19:12:06 +0000 (21:12 +0200)]
wpa_gui: Avoid using freed item in enter_pin()
The Enrollee entry may be deleted while the PIN query dialog is open.
To avoid crashing on using freed entry, copy the needed data into
local variables before and use the local data after the PIN dialog
has been closed.
Jouni Malinen [Thu, 19 Nov 2009 19:03:25 +0000 (21:03 +0200)]
wpa_gui: Add AP and laptop icons for peer dialog
The peer entries are now using different icons based on their type. As
a starting point, a separate AP and laptop icons are used. More icons may
be added in the future to mark different device types (e.g., based on
primary device type information from WPS).
Jouni Malinen [Wed, 18 Nov 2009 22:31:57 +0000 (00:31 +0200)]
WPS: Fix MAC Address inside Credential be that of Enrollee's
The WPS 1.0h specification is quite unclear on what exactly should be
used as the MAC Address value in the Credential and AP Settings. It
looks like this should after all be the MAC Address of the Enrollee,
so change Registrar implementation to use that address instead of the
AP BSSID.
In addition, add validation code to the Enrollee implementation to
check the MAC Address value inside Credential (and also inside AP Settings)
to make sure it matches with the Enrollee's own address. However, since
there are deployed implementations that do not follow this interpretation
of the spec, only show the mismatch in debug information to avoid breaking
interoperability with existing devices.
wpa_supplicant: Fix ctrl_interface group permissions to allow read/execute
When using umask 0077, the control interface directory was left without
group read/execute permissions even if the configuration file explicitly
asked for the group to be allowed to access the control interface. Fix
this by adding read/execute permissions for group if a specific group is
defined in the configuration. [Bug 199]
Witold Sowa [Mon, 16 Nov 2009 11:25:51 +0000 (13:25 +0200)]
dbus: Allow only root to receive signals
Change the dbus policy file to only allow root applications to receive
signals from wpa_supplicant. This keeps WPS Credentials data secret
from non-root listeners.
Christian Rüb [Mon, 16 Nov 2009 11:20:53 +0000 (13:20 +0200)]
wpa_gui-qt4: Fix build with Session Manager disabled in Qt4
When trying to build wpa_gui (Qt4 version) from openembedded it fails
because Qt4 is compiled without session manager and thus wpa_gui fails
to compile.
I attached a patch, that enables compiling without Session Manager (via
preprocessor) if it is not compiled into Qt4; otherwise, it behaves as
it does right now.
I checked to build on my host (Debian unstable, Session Manager
enabled) and openembedded (Session Manager disabled).
Jouni Malinen [Sun, 15 Nov 2009 16:46:03 +0000 (18:46 +0200)]
WPS ER: Add preliminary PBC support
This will need some additional code in wps_er_pbc() to handle PBC mode
enabling for a single AP only. For now, this can only be expected to work
when the ER is connected to a single AP.
Jouni Malinen [Sat, 14 Nov 2009 23:11:28 +0000 (01:11 +0200)]
WPS: Use a dummy WSC_ACK as WLANEvent as the initial event if needed
UPnP device architecture specification requires all evented variables to
be included in the initial event message after subscription. Since this
can happen before we have seen any events, generated a dummy event
(WSC_ACK with all-zeros nonces) if needed.
Jouni Malinen [Sat, 14 Nov 2009 22:46:58 +0000 (00:46 +0200)]
WPS: Send SSDP byebye notifications when stopping UPnP advertisements
This will notify control points of the services going away and allows
them to notice this without having to wait timeout on the
initial advertisements.
Jouni Malinen [Sat, 14 Nov 2009 16:18:07 +0000 (18:18 +0200)]
dbus: Use method/property/signal handler arrays for registration
Clean up registration of large number of dbus method/property/signal
handlers by using arrays containing all the information needed to call
the registration functions.
Jouni Malinen [Sat, 14 Nov 2009 12:08:58 +0000 (14:08 +0200)]
WPS: Remove unused WFA WLANConfig Service actions
This removes following WFA WLANConfig Service actions and the related
state variables: GetAPSettings, SetAPSettings, DelAPSettings,
GetSTASettings, SetSTASettings, DelSTASettings, RebootAP,
ResetAP, RebootSTA, ResetSTA.
While WFA WLANConfig Service version 1.0 claims that some of these are
mandatory to implement for an AP, there are no known implementations
supporting these actions neither in an AP/proxy or an External Registrar
that would use them. These are unlikely to be supported in the future
either and as such, it is just simpler to get rid of them to clean up
the implementation and reduce code size.
Jouni Malinen [Fri, 13 Nov 2009 20:40:27 +0000 (22:40 +0200)]
WPS ER: Fix Op-Code for WSC_{ACK,NACK,Done}
When using UPnP transport, the Op-Code is not included, but the WPS
frame processing will need this. Generate a matching Op-Code based
on the message type.
Jouni Malinen [Fri, 13 Nov 2009 20:29:31 +0000 (22:29 +0200)]
WPS: Fix OpCode when proxying WSC_ACK or WSC_NACK from ER
Previously, WSC_MSG was hardcoded for every message from ER, but
this needs to be changed based on message type to send a valid
message to the Enrollee via EAP transport.
Jouni Malinen [Fri, 13 Nov 2009 20:07:11 +0000 (22:07 +0200)]
WPS ER: Add PIN configuration and SetSelectedRegistrar call
New PINs can now be added to WPS ER. This results in the ER code
using SetSelectedRegistrar to modify AP state so that Enrollees
will be able to notice the actice registrar more easily.
Jouni Malinen [Wed, 11 Nov 2009 21:50:17 +0000 (23:50 +0200)]
WPS ER: Add STA/Enrollee entries and start processing EAP messages
This keeps STA/Enrollee entries up to date and sets up registration
protocol session. M1 is processed and M2D generated, but the there
is no code yet to transmit the response back to the AP with
PutWLANResponse.
David Smith [Wed, 11 Nov 2009 15:46:15 +0000 (17:46 +0200)]
Reset EAPOL pointer when handling DBus smartcard parameters
Smartcard parameter update via DBus ended up re-initializing the EAPOL
state machine without updating the pointer inside WPA state machine.
This can trigger a segfault when EAP layer attempts to use the old
reference. Fix this by re-initializing the pointer inside WPA state
machine.
Andriy Tkachuk [Wed, 11 Nov 2009 15:33:55 +0000 (17:33 +0200)]
Disassociate STA if it associated with invalid/missing WPA/RSN IE
When using drivers that process management frames internally (e.g.,
madwifi, atheros, bsd), the driver may accept association with IEs
that do not match the security policy. Instead of silently leaving
the station associated, explicitly disassociate it to clear the
driver entry immediately.
Felix Fietkau [Wed, 11 Nov 2009 14:47:01 +0000 (16:47 +0200)]
hostapd: fix AP mode initialization for nl80211
Always bring down the wlan interface, even when not changing the
BSSID, the interface also needs to be down for changing its type
from managed to AP mode.
Jouni Malinen [Tue, 10 Nov 2009 22:23:22 +0000 (00:23 +0200)]
WPS ER: Parse WLANEvent notifications and send HTTP response
The receive Probe Request and EAP-WSC notifications are now parsed
(including the TLVs in them) and contents is shown in the debug log.
Actual processing of the received information is still missing (TODO
comments indicate the needed functionality).
Jouni Malinen [Tue, 10 Nov 2009 16:29:38 +0000 (18:29 +0200)]
dbus: Use snprintf() and bounds checking instead of strcat()
Better make sure we do not end up writing over the end of the local
registered_sig buffer regardless of how many arguments are used in
dbus method description.
Jouni Malinen [Tue, 10 Nov 2009 16:20:12 +0000 (18:20 +0200)]
dbus: Do not dereference wpa_s if explicitly checking it is not NULL
There is no point checking whether wpa_s is not NULL after having
dereferenced it earlier in the function.. Furthermore, there is no
need to use a local variable for wpas_dbus_get_path() result.
Jouni Malinen [Tue, 10 Nov 2009 16:08:55 +0000 (18:08 +0200)]
dbus: Fix a NULL pointer dereference on error path
The cleanup routine in the end would have dereferenced props pointer
which could be NULL. There is no need to go through that cleanup code
in this case, so just exit from the function with return instead.
Jouni Malinen [Tue, 10 Nov 2009 16:06:02 +0000 (18:06 +0200)]
Call wpas_notify_network_selected only if a specific network was selected
ssid could be NULL here at least based on the function documentation,
so better check whether that is the case prior to calling the
notification function.
Jouni Malinen [Tue, 10 Nov 2009 16:00:57 +0000 (18:00 +0200)]
Fix per-SSID scan (scan_ssid=1)
Commit d3a9822542166e7adec16e24622486ba90359ef5 broke per-SSID scan
by using the ssid variable for internal loop and by doing so,
overriding the value that was needed below to figure out whether the
scan is for a specific SSID. Fix this by using a temporary variable
instead when looping over network finding which frequencies to scan for.
Jouni Malinen [Tue, 10 Nov 2009 15:01:26 +0000 (17:01 +0200)]
WPS: Fix credential processing for open network case
There is no point in comparing cred->key == NULL since cred->key is
an array (never NULL). key_len == 0 should be used instead to indicate
that no key was specified.
Jouni Malinen [Tue, 10 Nov 2009 14:51:59 +0000 (16:51 +0200)]
Fix comparison to use correct symbol name (__rand vs. rand)
rand would be the address of rand() function and never NULL. The previous
version could have crashed on invalid AKA-AUTS command. Though, these
commands are only from hostapd which sends valid requests and as such,
the actual issue did not show up.
Jouni Malinen [Tue, 10 Nov 2009 14:48:21 +0000 (16:48 +0200)]
dbus: Remove unneeded typecast
This was triggering some gcc versions to warn about strict aliasing.
Since the typecast is not really needed here, the cleanest way to get
rid of the warnings is to just use the correct type for the local
variable.
Jouni Malinen [Tue, 10 Nov 2009 13:59:41 +0000 (15:59 +0200)]
Add wpa_msg_ctrl() for ctrl_interface-only messages
This is like wpa_msg(), but the output is directed only to
ctrl_interface listeners. In other words, the output will not be
shown on stdout or in syslog.
Change scan result reporting to use wpa_msg_ctrl() for
CTRL-EVENT-SCAN-RESULTS message at info level and wpa_printf() at
debug level to avoid showing scan result events in syslog in the
common configuration used with NetworkManager.
Witold Sowa [Mon, 9 Nov 2009 21:51:59 +0000 (23:51 +0200)]
wpa_supplicant: new DBus API implementation
This patch implements the new DBus API. Both, the new and the
previous API may work concurrently and may be turned on or off
separately in .config file.
Some features of the new API are:
- more wpa_supplicant's events are signaled with DBus signals,
- introspection data (requires libxml2 and may be disabled),
- CurrentBSS and CurrentNetwork properties,
- PropertyChanged signal for most of properties,
- Relatively easy to extend.
.config options for the new API are: CONFIG_CTRL_IFACE_DBUS_NEW=y and
CONFIG_CTRL_IFACE_DBUS_INTRO=y for introspection.
This commit misses couple of parts from the full implementation
(these are still under review):
- fetching all configuration parameters for learning WPS information
- scan result BSS add/remove notification (register_bss() and
unregister_bss() notification callbacks)
Jouni Malinen [Mon, 9 Nov 2009 18:01:50 +0000 (20:01 +0200)]
WPS ER: Subscribe to UPnP events
This adds code to start a HTTP server and to subscribe to UPnP events
from each discovered WPS AP. The event messages are received, but there
is not yet any code to actually parse the contents of the event.
Jouni Malinen [Sun, 8 Nov 2009 15:26:55 +0000 (17:26 +0200)]
WPS: Add HTTP server module
Clean up code so that UPnP implementation does not need to include all
the HTTP functionality. In addition, make it easier to share HTTP server
functionality with other components in the future.
Jouni Malinen [Sun, 8 Nov 2009 10:35:37 +0000 (12:35 +0200)]
WPS: Add HTTP client module to clean up code
Instead of implementing HTTP client functionality inside
wps_upnp_event.c, use a generic HTTP client module to do this. The HTTP
client code can now be shared more easily for other purposes, too.
Jouni Malinen [Sat, 7 Nov 2009 10:41:01 +0000 (12:41 +0200)]
WPS: Add initial part of External Registrar functionality
This is the first step in adding support for using wpa_supplicant as a
WPS External Registrar to manage APs over UPnP. Only the device
discovery part is implemented in this commit.
Jouni Malinen [Thu, 5 Nov 2009 10:11:49 +0000 (12:11 +0200)]
Use type-punning to avoid breaking strict aliasing rules
While the actual use here would be unlikely to be broken by any C
optimization, it is better to use explicit union construction to let
gcc know about the aliasing and avoid warnings from gcc 4.4.
Jouni Malinen [Wed, 4 Nov 2009 18:16:15 +0000 (20:16 +0200)]
Allow driver and ctrl_interface parameters to be overridden
New wpa_supplicant command line options -o<driver> and -O<ctrl> can
now be used to override the parameters received in add interface
command from dbus or global ctrl_interface. This can be used, e.g.,
to enable control interface when using NetworkManager (add
-O/var/run/wpa_supplicant into the Exec parameter in
/usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service).
Similarly, this can be used to use another driver wrapper with
NetworkManager (e.g., -onl80211 to replace WEXT with nl80211).