Jouni Malinen [Thu, 24 Dec 2009 23:29:59 +0000 (01:29 +0200)]
WPS: Fix a memory leak if set_ie_cb() is not set
Skip WPS IE building for Beacon and Probe Response frames is set_ie_cb()
is not set. This fixes a memory leak and optimizes operations by not
allocating memory and building the WPS IEs unnecessarily.
Jouni Malinen [Thu, 24 Dec 2009 23:12:50 +0000 (01:12 +0200)]
Move generic AP functionality implementation into src/ap
This code can be shared by both hostapd and wpa_supplicant and this
is an initial step in getting the generic code moved to be under the
src directories. Couple of generic files still remain under the
hostapd directory due to direct dependencies to files there. Once the
dependencies have been removed, they will also be moved to the src/ap
directory to allow wpa_supplicant to be built without requiring anything
from the hostapd directory.
Jouni Malinen [Thu, 24 Dec 2009 19:05:40 +0000 (21:05 +0200)]
Move hostapd configuration parser into separate file
config.c includes now only the generic helper functions that are needed
both for hostapd and the AP mode operations in wpa_supplicant.
hostapd/config_file.c is only needed for hostapd.
Jouni Malinen [Thu, 24 Dec 2009 17:46:06 +0000 (19:46 +0200)]
Merge driver ops set_wps_beacon_ie and set_wps_probe_resp_ie
set_ap_wps_ie() is not used to set WPS IE for both Beacon and Probe
Response frames with a single call. In addition, struct wpabuf is used
instead of separate u8* and length fields. This avoids duplicated
allocation of the IEs and simplifies code in general.
Jouni Malinen [Thu, 24 Dec 2009 14:15:22 +0000 (16:15 +0200)]
hostapd: Use separate driver operations abstraction
It would be bettet to avoid including driver_i.h, i.e., direct driver
operation calls from hostapd components. This is an initial step in
that direction for WPS IE updates.
Felix Fietkau [Thu, 24 Dec 2009 09:46:22 +0000 (11:46 +0200)]
hostapd: Add WDS (4-address frame) mode with per-station interfaces
This mode allows associated stations to use 4-address frames to allow
layer 2 bridging to be used. At least for the time being, this is only
supported with driver=nl80211.
Jouni Malinen [Mon, 21 Dec 2009 23:11:15 +0000 (01:11 +0200)]
trace: Add active reference tracking
This WPA_TRACE=y additions allows components to register active references
to memory that has been provided to them as a pointer. If such an actively
referenced memory area is freed, tracer will report this as an error and
backtraces of both the invalid free and the location where this pointer
was marked referenced are shown.
Jouni Malinen [Mon, 21 Dec 2009 13:59:25 +0000 (15:59 +0200)]
WPS: Make Config Methods configurable for wpa_supplicant
This adds config_methods configuration option for wpa_supplicant
following the design used in hostapd. In addition, the string is
now parsed in common code from src/wps/wps_common.c and the list
of configurable methods include all the defined methods from
WPS 1.0h spec.
Jouni Malinen [Mon, 21 Dec 2009 10:58:02 +0000 (12:58 +0200)]
WPS: Prefer PSK format if Enrollee does not advertise Display
Since an Enrollee that does not advertise display as one of the
Config Methods is unlikely to be able to show the ASCII passphrase
to the user, prefer PSK format with such an Enrollee to reduce key
derivation time. This can help with some low-powered devices that
would take long time to derive the PSK from the passphrase.
Jouni Malinen [Mon, 21 Dec 2009 10:46:19 +0000 (12:46 +0200)]
WPS: Add option for forcing Registrar to use PSK format in Credential
The use_psk_key parameter can now be used to force the Registrar to
use PSK format instead of ASCII passphrase when building a Credential
for the Enrollee. For now, this is not enabled, but it could be enabled
either based on external (to WPS) configuration or automatically set
based on some WPS attribute values from the Enrollee.
Jouni Malinen [Mon, 21 Dec 2009 10:11:08 +0000 (12:11 +0200)]
AP: Allow both WPA passphrase and PSK to be configured
Instead of dropping the configured PSK and deriving it based on
passphrase, use the provided PSK as-is and also maintain a copy of
the passphrase since it can be of use later. This allows both values
to be configured without havign to derive the PSK every time the
network is initialized.
Jouni Malinen [Sun, 20 Dec 2009 19:11:35 +0000 (21:11 +0200)]
dbus: Remove the confusing "ctrl_iface_" prefix from file names
The D-Bus interface does not really have anything to do with the
wpa_supplicant ctrl_iface interface and as such, this prefix in
dbus files is both confusing and unnecessarily. Make the file names
shorter by removing this prefix.
Jouni Malinen [Sun, 20 Dec 2009 17:28:47 +0000 (19:28 +0200)]
Allow TLS flags to be configured (allow MD5, disable time checks)
Undocumented (at least for the time being) TLS parameters can now
be provided in wpa_supplicant configuration to enable some workarounds
for being able to connect insecurely to some networks. phase1 and
phase2 network parameters can use following options:
tls_allow_md5=1
- allow MD5 signature to be used (disabled by default with GnuTLS)
tls_disable_time_checks=1
- ignore certificate expiration time
For now, only the GnuTLS TLS wrapper implements support for these.
Jouni Malinen [Sun, 20 Dec 2009 17:11:43 +0000 (19:11 +0200)]
Check TLS status on EAP server during handshake
The new TLS wrapper use may end up returning alert data and we need to
make sure here that it does not end up getting interpreted as success
due to non-NULL response.
Jouni Malinen [Sun, 20 Dec 2009 16:17:55 +0000 (18:17 +0200)]
Convert TLS wrapper to use struct wpabuf
This converts tls_connection_handshake(),
tls_connection_server_handshake(), tls_connection_encrypt(), and
tls_connection_decrypt() to use struct wpa_buf to allow higher layer
code to be cleaned up with consistent struct wpabuf use.
Jouni Malinen [Sun, 20 Dec 2009 11:11:31 +0000 (13:11 +0200)]
wpabuf: Add WPA_TRACE code to validate correct freeing of wpabuf
Use an extra header to move the returned pointer to break os_free()
or free() of the returned value and verify that the correct magic
is present when freeing or resizing the wpabuf. Show backtrace on
invalid wpabuf use.
Jouni Malinen [Sun, 20 Dec 2009 09:39:45 +0000 (11:39 +0200)]
EAP-FAST server: Piggyback Phase 2 start with end of Phase 1
If Finished message from peer has been received before the server
Finished message, start Phase 2 with the same message to avoid extra
roundtrip when the peer does not have anything to send after the server
Finished message.
Jouni Malinen [Sat, 19 Dec 2009 21:47:54 +0000 (23:47 +0200)]
WPS ER: Delay wpa_supplicant termination to allow unsubscription
Instead of forcefully deinitializing ER immediately, give it some
time to complete unsubscription and call eloop_terminate() only once
ER code has completed its work.