Avichal Agarwal [Tue, 27 Oct 2015 06:47:15 +0000 (06:47 +0000)]
RSN: Check result of EAPOL-Key frame send request
Provide information on whether EAPOL-Key frame was sent successfully to
kernel for transmittion. wpa_eapol_key_send() will return
>= 0 on success and < 0 on failure. After receiving EAPOL-Key msg 3/4,
wpa_supplicant sends EAPOL-Key msg 4/4 and shows CTRL-EVENT-CONNECTED
only after verifying that the msg 4/4 was sent to kernel for
transmission successfully.
Matthias May [Mon, 26 Oct 2015 08:38:01 +0000 (09:38 +0100)]
Extend the range of values for the RTS threshold
Since we have HT rates the maximum framesize is no longer 2346. The
usual maximum size of an A-MPDU is 65535. To disable RTS, the value -1
is already internally used. Allow it in the configuration parameter.
Signed-off-by: Matthias May <matthias.may@neratec.com>
The previously used invalid values will become allowed with the
following commits, so change the test case to use values that both were
and will continue to be invalid to avoid unnecessary failures.
hostapd: Add feature to start all interfaces at the same time in sync
When multiple interfaces across mutiple radios are started using a
single instance of hostapd, they all come up at different times
depending upon how long the ACS and HT scan take on each radio. This
will result in stations (that already have the AP profile) associating
with the first interfaces that comes up. For example in a dual band
radio case (2G and 5G) with ACS enabled, 2G always comes up first
because the ACS scan takes less time on 2G and this results in all
stations associating with the 2G interface first.
This feature brings up all the interfaces at the same time. The list of
interfaces specified via hostapd.conf files on the command line are all
marked as sync interfaces. All the interfaces are synchronized in
hostapd_setup_interface_complete().
This feature is turned on with '-S' commmand line option.
Hu Wang [Mon, 26 Oct 2015 21:40:59 +0000 (23:40 +0200)]
P2P: Filter control chars in group client device name similarly to peer
P2P device discovery can add peer entries based on a message directly
from a peer and from a Probe Response frame from a GO for all the P2P
Clients in the group. The former case for filtering out control
characters from the device name while the latter was not. Make this
consistent and filter both cases in the same way to avoid confusing
external programs using the device name of a P2P peer.
Sunil Dutt [Tue, 20 Oct 2015 04:20:51 +0000 (09:50 +0530)]
TDLS: Do not send error case of TPK M3 if TX fails
There is no point in sending TPK M3 (TDLS Setup Confirm) with a failure
status if the first transmission attempt fails. Instead, just return a
failure by disabling the link rather than retransmitting the TPK M3
frame with an error status.
Jouni Malinen [Sun, 25 Oct 2015 18:43:15 +0000 (20:43 +0200)]
Do not write ERROR level log entries if debug file is not used
wpa_debug_reopen_file() used to write an error message at MSG_ERROR
level if it was called with last_path == NULL (the last debug log file
path not known). This is not a fatal error, but a normal case if
wpa_debug_open_file() has not been used. Remove the error message and
return success in such case.
l2_packet: Add build option to disable Linux packet socket workaround
Linux packet socket workaround(*) has an impact in performance when the
workaround socket needs to be kept open to receive EAPOL frames. While
this is normally avoided with a kernel that has the issue addressed by
closing the workaround packet socket when detecting a frame through the
main socket, it is possible for that mechanism to not be sufficient,
e.g., when an open network connection (no EAPOL frames) is used.
Add a build option (CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y) to disable the
workaround. This build option is disabled by default and can be enabled
explicitly on distributions which have an older kernel or a fix for the
kernel regression.
Also remove the unused variable num_rx.
(*) Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596
('bridge: respect RFC2863 operational state') from 2012 introduced a
regression for using wpa_supplicant with EAPOL frames and a station
interface in a bridge.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
Jouni Malinen [Sun, 25 Oct 2015 13:12:58 +0000 (15:12 +0200)]
RSN: Do not try to connect if PMF disabled and AP requires it
Instead of trying to associate in configuration that is known to result
in the AP rejecting the association, reject the BSS candidate based on
the MFPR=1 RSN capability when STA configuration has PMF disabled.
Jouni Malinen [Sun, 25 Oct 2015 12:45:09 +0000 (14:45 +0200)]
WNM: Verify WNM Sleep Mode element length
This element is required to have at least four octets of actual payload.
This was not previously verified before use and the extra buffer data
after the IE might have been used instead if a received WNM-Sleep Mode
Response frame was invalid.
Jouni Malinen [Sun, 25 Oct 2015 12:40:35 +0000 (14:40 +0200)]
WNM: Mark set TFS buffer const
This moves the type cast needed for the current driver interface to
ieee802_11_set_tfs_ie() to allow the WNM-Sleep parsing routines to use
const pointers.
Jouni Malinen [Sun, 25 Oct 2015 09:13:32 +0000 (11:13 +0200)]
tests: P2P autonomous GO and no P2P IE in Probe Response scan results
autogo_scan verifies the special case where a Probe Response frame
without P2P IE has been received from a GO (e.g., due to a non-P2P
interface requesting a scan) and P2P information from a Beacon frame
needs to be used instead to determine that the group is persistent.
Jouni Malinen [Sun, 18 Oct 2015 16:08:25 +0000 (19:08 +0300)]
privsep: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 16:08:17 +0000 (19:08 +0300)]
wext: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 16:08:09 +0000 (19:08 +0300)]
nl80211: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 16:07:52 +0000 (19:07 +0300)]
ndis: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 16:07:43 +0000 (19:07 +0300)]
hostap: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 16:07:13 +0000 (19:07 +0300)]
atheros: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 15:51:59 +0000 (18:51 +0300)]
PCSC: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 15:49:56 +0000 (18:49 +0300)]
SAE: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 15:47:55 +0000 (18:47 +0300)]
GAS server: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 15:43:44 +0000 (18:43 +0300)]
RSN auth: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 15:40:41 +0000 (18:40 +0300)]
AP: Avoid undefined behavior in pointer arithmetic in IE parsing
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 14:46:32 +0000 (17:46 +0300)]
RADIUS: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 14:28:35 +0000 (17:28 +0300)]
TLS: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 14:16:39 +0000 (17:16 +0300)]
RSN: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 09:11:45 +0000 (12:11 +0300)]
P2P SD: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 09:04:16 +0000 (12:04 +0300)]
HS 2.0: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 08:52:32 +0000 (11:52 +0300)]
Avoid undefined behavior in pointer arithmetic in scan result IE parsing
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 08:50:07 +0000 (11:50 +0300)]
WNM: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 08:43:24 +0000 (11:43 +0300)]
Avoid undefined behavior in pointer arithmetic in BSS IE parsing
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sat, 17 Oct 2015 22:37:38 +0000 (01:37 +0300)]
Interworking: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 08:25:25 +0000 (11:25 +0300)]
EAP-IKEv2 peer: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 08:23:44 +0000 (11:23 +0300)]
EAP-IKEv2 server: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 08:18:12 +0000 (11:18 +0300)]
EAP-FAST peer: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sun, 18 Oct 2015 08:12:34 +0000 (11:12 +0300)]
EAP-FAST server: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sat, 17 Oct 2015 23:22:34 +0000 (02:22 +0300)]
Avoid undefined behavior in pointer arithmetic in IE parsing
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sat, 17 Oct 2015 23:16:43 +0000 (02:16 +0300)]
FT: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sat, 17 Oct 2015 22:45:22 +0000 (01:45 +0300)]
P2P: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sat, 17 Oct 2015 22:42:03 +0000 (01:42 +0300)]
WPS: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Jouni Malinen [Sat, 17 Oct 2015 17:19:52 +0000 (20:19 +0300)]
EAP-GPSK: Check HMAC-SHA256 result in GKDF and MIC
hmac_sha256() and hmac_sha256_vector() return a result code now, so use
that return value to terminate HMAC-SHA256-based GKDF/MIC similarly to
what was already done with the CMAC-based GKDF/MIC.
Jouni Malinen [Sat, 17 Oct 2015 16:53:29 +0000 (19:53 +0300)]
Add Framed-IP-Address to Accounting-Request if STA address is known
The recently added ProxyARP support (proxy_arp=1) in hostapd allows a
STA IPv4 address to be learned from DHCP or ARP messages. If that
information is available, add it to Account-Request messages in
Framed-IP-Address attribute.
Jouni Malinen [Sat, 17 Oct 2015 16:28:35 +0000 (19:28 +0300)]
Option to reduce Probe Response frame responses during max STA
The new hostapd configuration parameter no_probe_resp_if_max_sta=1 can
be used to request hostapd not to reply to broadcast Probe Request
frames from unassociated STA if there is no room for additional stations
(max_num_sta). This can be used to discourage a STA from trying to
associate with this AP if the association would be rejected due to
maximum STA limit.
Jouni Malinen [Fri, 16 Oct 2015 19:20:55 +0000 (22:20 +0300)]
Add "git describe" based version string postfix
If hostapd or wpa_supplicant is built from a git repository, add a
VERSION_STR postfix from the current git branch state. This is from "git
describe --dirty=+". VERSION_STR will thus look something like
"2.6-devel-hostap_2_5-132-g4363c0d+" for development builds from a
modified repository.
This behavior is enabled automatically if a build within git repository
is detected (based on ../.git existing). This can be disabled with
CONFIG_NO_GITVER=y in wpa_supplicant/.config and hostapd/.config.
Avraham Stern [Wed, 14 Oct 2015 15:43:18 +0000 (18:43 +0300)]
P2P: Add P2P_ASSOC_RESP to P2P vendor elements
Vendor specific IEs added to frame type P2P_ASSOC_RESP are saved in
the interface context, but as they are added as part of the P2P IEs,
they need to be saved in the global P2P context.
Fix this by directing vendor specific IEs added to P2P_ASSOC_RESP
frame type to the P2P context.
Avraham Stern [Wed, 14 Oct 2015 15:43:12 +0000 (18:43 +0300)]
tests: Change wpas_config_file test for dedicated P2P Device case
SAVE_CONFIG command on the global control interface tries to save
the config file on all interfaces. The test disabled updating the
config file only on one interface, thus for configurations that
support a dedicated P2P Device interface, saving the config file
would still have succeeded on the P2P Device interface.
Fix the test by disabling updating the configuration file on the global
control interface (which will, in practice, disable this for the P2P
Device interface) in addition to disabling it on the main interface.
Avraham Stern [Wed, 14 Oct 2015 15:43:10 +0000 (18:43 +0300)]
tests: Set MAC address in wpas_ctrl_interface_add2 test
mac80211_hwsim only supports 2 different MAC addresses.
Configurations that use a dedicated P2P Device interface already
use these 2 addresses, so adding another interface on the same
PHY results in a duplicated MAC address.
Fix this by changing the MAC address of the added interface to make
sure the new interface has a unique MAC address.
Avraham Stern [Wed, 14 Oct 2015 15:43:09 +0000 (18:43 +0300)]
tests: Set bridge ageing in ap_wpa2_bridge_fdb test
Set the bridge ageing to 1 sec to make the bridge clear unused
addresses after this interval. Otherwise the test depends on
the local configuration of brctl.
Avraham Stern [Wed, 14 Oct 2015 15:43:07 +0000 (18:43 +0300)]
tests: Fix ap_cipher_tkip_countermeasures_sta test
Write the main interface address to the tkip_mic_test debugfs file
to generate Michael MIC failure event (which is different than the
p2p_dev_addr when a dedicated P2P Device interface is used).
TDLS: On a TPK timeout, tear down the link before renewal by the initiator
On TPK lifetime expiration, tear down the direct link before renewing
the link in the case of TDLS initiator processing. The expired key
cannot be used anymore, so it is better to explicitly tear down the old
link first.
Jouni Malinen [Thu, 15 Oct 2015 18:31:40 +0000 (21:31 +0300)]
tests: P2P GO Negotiation special cases
These test cases verify behavior with parallel scan operations while
going through GO Negotiation and duplicated GO Negotiation Request frame
RX with not-yet-ready sequence in GO Negotiation.
Jouni Malinen [Thu, 15 Oct 2015 18:21:28 +0000 (21:21 +0300)]
P2P: Do not reply to GO Negotiation Request if peer is waiting for us
This improves robustness of GO Negotiation in special cases where GO
Negotiation Request frames from the peer may end up getting delivered
multiple times, e.g., due to interference and retransmitted frames not
getting properly filtered out in duplicate detection (which is something
that number of drivers do not implement for pre-associated state).
If we have already replied with GO Negotiation Response frame with
Status 1 (not yet ready), do not reply to another GO Negotiation Request
frame from the peer if we have already received authorization from the
user (P2P_CONNECT command) for group formation and have sent out our GO
Negotiation Request frame. This avoids a possible sequence where two
independent GO Negotiation instances could go through in parallel if the
MAC address based rule on avoiding duplicate negotiations is not able to
prevent the case. This can allow GO Negotiation to complete successfully
whereas the previous behavior would have likely resulted in a failure
with neither device sending a GO Negotiation Confirm frame.
nl80211: Disable 11b rates for P2P (additional cases)
Some drivers (like mac80211) do not accept changing the TX bitrate mask
before the network interface is up. Thus, calling
nl80211_disable_11b_rates() before the interface is up fails, and the
P2P network interface continues to use invalid bitrates.
To fix this call nl80211_disable_11b_rates() immediately after the
interface is brought up (and also after rfkill is unblocked).
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Avraham Stern [Wed, 14 Oct 2015 09:26:31 +0000 (12:26 +0300)]
Do not expire scan results based on aborted scan
Do not expire scan results entries based on scan results from a scan
that was aborted. The aborted scan did not scan all the requested
channels or SSIDs, so the fact that a BSS is missing from the scan
results does not mean it is not available.
Avraham Stern [Wed, 14 Oct 2015 09:26:30 +0000 (12:26 +0300)]
P2P: Set CTWindow only for P2P GO
CTWindow was set for all AP interfaces if the driver supports it and
this parameter is set in wpa_supplicant configuration. This results in
failing to start an AP that is not a P2P GO as this setting is rejected
by the driver.
Fix that by setting the CTWindow only for P2P GO interface.
Josh Lehan [Mon, 12 Oct 2015 21:18:35 +0000 (14:18 -0700)]
Escape DEL char (ASCII 127 decimal) in SSIDs
While testing, I noticed that printf_encode() makes control characters
human-readable, with one exemption, the DEL character (ASCII 127).
Assuming this exemption was unintentional, make it appear as an escaped
\x7f instead of a literal DEL character in the output.
Jouni Malinen [Wed, 14 Oct 2015 15:34:26 +0000 (18:34 +0300)]
tests: Fix regulatory domain reset in FST test case failure cases
send_iface_detach_request() can fail and that resulted in skipping a
call to restore_reg_domain() and leaving unexpected country
configuration for following test cases. This could result in failures,
e.g., in this sequence: fst_proto wpas_mesh_open_5ghz
Fix this by ignoring exceptions from send_iface_detach_request() and
continuing to restore regulatory domain.
atheros: Fix hapd_deinit() handler with generic IEs set
atheros_set_opt_ie() needs to be called before freeing drv->wpa_ie to
avoid hitting double-free on the deinit path. Similarly,
drv->wps_beacon_ie and drv->wps_probe_resp_ie could have been used after
being freed. Fix these be moving the atheros_set_opt_ie() call in
atheros_deinit().
Jouni Malinen [Wed, 14 Oct 2015 11:58:07 +0000 (14:58 +0300)]
nl80211: Increase buffer size for reporting scan frequencies
It is possible for a driver to support sufficient number of channels to
hit the previous limit of 200 characters for the "nl80211: Scan included
frequencies:" debug message. Increase the maximum buffer length to 300
characters to allow more complete list of scanned frequencies to be
written into the debug log. This limit is more in line with the
MAX_REPORT_FREQS (50) limit.
Jouni Malinen [Tue, 13 Oct 2015 22:18:11 +0000 (01:18 +0300)]
Fix Suite B 192-bit AKM to use proper PMK length
In addition to the PTK length increasing, the length of the PMK was
increased (from 256 to 384 bits) for the 00-0f-ac:12 AKM. This part was
missing from the initial implementation and a fixed length (256-bit) PMK
was used for all AKMs.
Fix this by adding more complete support for variable length PMK and use
384 bits from MSK instead of 256 bits when using this AKM. This is not
backwards compatible with the earlier implementations.
Jouni Malinen [Tue, 13 Oct 2015 22:12:44 +0000 (01:12 +0300)]
Remove unreachable PMKSA cache entry addition on Access-Accept
The previous implementation used an obsolete sm->eapol_key_crypt pointer
which was not set anywhere (i.e., was always NULL). In addition, the
condition of sm->eap_if->eapKeyAvailable was not valid here since this
is the case of MSK from an external authentication server and not the
internal EAP server. Consequently, the wpa_auth_pmksa_add() call here
was never used.
The PMKSA cache was still added, but it happened at the completion of
the 4-way handshake rather than at the completion of EAP authentication.
That later location looks better, so delete the unreachable code in
Access-Accept handling. In addition, remove the now complete unused
struct eapol_state_machine eapol_key_* variables.
Jouni Malinen [Tue, 13 Oct 2015 20:35:00 +0000 (23:35 +0300)]
hostapd: Fix WPA, IEEE 802.1X, and WPS deinit in cases where init fails
With driver wrappers that implement set_privacy(), set_generic_elem(),
set_ieee8021x(), or set_ap_wps_ie(), it was possible to hit a NULL
pointer dereference in error cases where interface setup failed and
the network configuration used WPA/WPA2, IEEE 802.1X, or WPS.
Fix this by skipping the driver operations in case the driver interface
is not initialized.
Jouni Malinen [Tue, 13 Oct 2015 15:55:48 +0000 (18:55 +0300)]
tests: Fix p2ps_channel_both_connected_same
I modified this test case for commit eabf083984230f7f608f28f61319f8cd67ba19cf ('tests: P2PS channel
handling') to use dev[2] instead of dev[0], but forgot to update the
p2ps_connect_p2ps_method() dev list to match that. Fix this to actually
use a concurrent connection.
Ningyuan Wang [Tue, 29 Sep 2015 21:13:33 +0000 (14:13 -0700)]
D-Bus: Add a dbus handler for expected disconnection
Add a global D-Bus handler ExpectDisconnect for setting
wpa_s->own_disconnect_req flag. This flag will prevent wpa_supplicant
from adding blacklists and requesting incomplete scan upon the incoming
disconnection. This is mainly meant for a case where suspend/resume is
used and some external component knows about that and can provide the
information to wpa_supplicant before the disconnection happens.
Jouni Malinen [Mon, 12 Oct 2015 12:36:46 +0000 (15:36 +0300)]
tests: Fix dbus_interface to restore P2P channel list to default
It was possible for the dbus_interface test case to leave the P2P
channel lists with 5 GHz channels enabled due to the special driver=none
case. This could make the following P2P test case fail due to selecting
an unexpected channel. Fix this by forcing P2P channel list update at
the end of the dbus_interface test case.
This was triggering with the following hwsim test case sequence:
dbus_interface p2ps_connect_adv_go_p2ps_method_group_iface.
Jouni Malinen [Mon, 12 Oct 2015 11:24:06 +0000 (14:24 +0300)]
Clear own_disconnect_req on new connection attempt
It was possible for wpa_s->own_disconnect_req to be left set to 1 from a
disconnection attempt from a prior connection. This could then prevent
proper connection failure processing with the new connection in
wpas_connection_failed(). This was triggered by the following hwsim test
case sequence: wpas_mesh_secure sae_no_ffc_by_default. In this sequence,
the SAE failure due to unsupported group did not result in proper
wpas_connection_failed() processing and retry.
Fix this by clearing wpa_s->own_disconnect_req in
wpa_supplicant_associate() before starting a new connection.
Jouni Malinen [Sun, 11 Oct 2015 17:49:14 +0000 (20:49 +0300)]
tests: Dynamic radio in p2ps_channel_sta_connected_disallow_freq_mcc
Use a dynamic HWSimRadio in p2ps_channel_sta_connected_disallow_freq_mcc
to allow MCC test case to be executed in default setting (MCC disabled
for the default radios).