Sven Eckelmann [Sat, 22 Dec 2012 14:19:52 +0000 (16:19 +0200)]
nl80211: Run TKIP countermeasures in correct hostapd_data context
hostapd can run with different VIF when using nl80211. Events about MIC
failures have to be processed in context of the VIF which received it
and not in context of the primary VIF. Otherwise the station belonging
to this VIF may not be found in the primary VIF station hash and
therefore no countermeasures are started or the countermeasures are
started for the wrong VIF.
Signed-hostap: Sven Eckelmann <sven@open-mesh.com>
Signed-hostap: Simon Wunderlich <simon@open-mesh.com>
The WNM-Sleep Mode handler took over WNM Action frame processing without
addressing the previously implemented WNM handler. Fix this by moving
the BSs Transition Management processing into wnm_sta.c to share a
single handler function for WNM Action frames.
Jouni Malinen [Sat, 22 Dec 2012 09:22:12 +0000 (11:22 +0200)]
Move some P2P offchannel operations to offchannel.c
There is no need for p2p_supplicant.c to access wpa_s->pending_action_tx
so move these references to offchannel.c to get a bit cleaner interface
between the components.
Jouni Malinen [Fri, 21 Dec 2012 19:35:35 +0000 (21:35 +0200)]
Extend EAPOL frames processing workaround for roaming cases
Commit 1ff733383f3d5c73233ef452a738765667021609 added a mechanism to
work around issues due to association events and EAPOL RX events being
getting reordered. However, this applied only for the case where
wpa_supplicant is not in associated state. The same issue can happen in
roaming case with drivers that perform BSS selection internally (or in
firmware). Handle that case similarly by delaying received EAPOL frame
processing if the source address of the EAPOL frame does not match the
current BSSID.
Since wired IEEE 802.1X do not have BSSID, make this additional
workaround conditional on BSSID match having been observed during the
previous association.
This fixes issues where the initial EAPOL frame after reassociation was
either dropped (e.g., due to replay counter not increasing) or replied
to with incorrect destination address (the BSSID of the old AP). This
can result in significantly more robust roaming behavior with drivers
that do not use wpa_supplicant for BSS selection.
Jouni Malinen [Fri, 21 Dec 2012 18:11:26 +0000 (20:11 +0200)]
WPS: Update configuration file after re-enabling networks
Network blocks are disabled during a WPS provisioning step and 10
seconds after this to allow the newly provisioned network to be
selected. The disabled=1 flag gets written to the configuration file
when the credential is added since it happens during this process.
Update the file again after the networks have been re-enabled to avoid
leaving the configuration file into state that is not consistent with
the running configuration.
Sunil Dutt [Fri, 21 Dec 2012 13:30:39 +0000 (15:30 +0200)]
WPS: Optimize post-WPS scan even if EAP-Failure is not received
Commit 17a4734dc4d28ef070dfa227b422ed84794f48c5 shall optimize the
post-WPS scan based on the channel used during the provisioning only
when the EAP-Failure frame is received. In cases where the EAP-Failure
frame is missed, this optimization shall not happen resulting in the
scan in all the channels thus consuming more time for the connection.
This commit enhances this by storing the requisite information after
the M8 frame is received.
Jouni Malinen [Tue, 18 Dec 2012 16:13:31 +0000 (18:13 +0200)]
Add Acct-Session-Id into Access-Request messages
This optional attribute may make it easier to bind together the
Access-Request and Accounting-Request messages. The accounting session
identifier is now generated when the STA associates instead of waiting
for the actual session to start after successfull authentication.
Jouni Malinen [Tue, 18 Dec 2012 08:39:34 +0000 (10:39 +0200)]
P2P: Allow p2p_cancel to be used to stop p2p_connect-join operation
p2p_cancel did not properly cancel a pending p2p_connect-join operation.
Address the different steps in that process: initial scan, Provision
Discovery exchange before connection, and WPS provisioning step
(including the scans before WPS).
Jouni Malinen [Mon, 17 Dec 2012 21:27:15 +0000 (23:27 +0200)]
Interworking: Default to EAP-MSCHAPv2 with EAP-PEAP
If the NAI Realm list indicates that EAP-PEAP is used, use EAP-MSCHAPv2
as the Phase 2 method by default if the NAI Realm list does not specify
the tunneled method.
Sven Eckelmann [Mon, 17 Dec 2012 15:45:26 +0000 (17:45 +0200)]
Fix initialization of ap_table_{max_size,expiration_time}
The config says that the default for ap_table_max_size is 255 and the
default for ap_table_expiration_time is 60. But the code doesn't reflect
the default values mentioned in the sample config file.
These variables completely disable the code for Overlapping Legacy BSS
Condition by default when they are not correctly initialized. WFA
certification requires this feature and therefore an AP would have
failed the certification process unless they were initialized manually
using the configuration file.
Signed-hostap: Sven Eckelmann <sven@open-mesh.com>
Signed-hostap: Simon Wunderlich <simon@open-mesh.com>
wpa_supplicant is started from /init.*.rc on Android and that seems
to be using umask 0077 which would leave the control interface
directory without group access. This breaks things since Wi-Fi
framework assumes that this directory can be accessed by other
applications in the wifi group. Fix this by adding group access even
if umask value would prevent this.
Pontus Fuchs [Mon, 17 Dec 2012 14:27:04 +0000 (16:27 +0200)]
hostapd: Don't chown control interface to root
If ctrl_interface_group in the config file is set hostapd tries to
chown the dir and socket to uid 0. This causes the chown to fail
if hostapd is run as non-root.
Jouni Malinen [Mon, 17 Dec 2012 14:08:23 +0000 (16:08 +0200)]
WPS: Add RF bands attribute conditionally to Probe Response frame
WSC IE in Beacon and Probe Response frames should behave consistently
as far as the RF Bands attribute is concerned. Use the same dualband
condition for adding this into Probe Response frames since the value
is not really needed if the AP is not a dualband AP.
Jouni Malinen [Mon, 17 Dec 2012 14:06:10 +0000 (16:06 +0200)]
WPS: Use wps_rf_bands parameter to determine dualband functionality
If separate hostapd processes are used for different RF bands, the
dualband parameter for WPS was not set correctly. Allow dualband
indication (mainly, addition of RF bands attribute for PBC session
overlap detection) also based on wps_rf_bands value (if set to "ag").
Jouni Malinen [Mon, 17 Dec 2012 10:12:13 +0000 (12:12 +0200)]
HS 2.0: Fix sp_type check in ctrl_iface status command
Commit e99b4f3a14755473d6d0e2413de6d82e785a6a30 added functionality to
check whether the current association is with the home SP. This commit
did not take into account that the domain name ANQP information could be
NULL and that could result to a NULL pointer dereference. Fix that by
validation that domain_names != NULL before calling
domain_name_list_contains().
Jouni Malinen [Sun, 16 Dec 2012 16:22:54 +0000 (18:22 +0200)]
WNM: Use CONFIG_WNM more consistently
Replace CONFIG_IEEE80211V with CONFIG_WNM to get more consistent build
options for WNM-Sleep Mode operations. Previously it was possible to
define CONFIG_IEEE80211V without CONFIG_WNM which would break the build.
In addition, IEEE 802.11v has been merged into IEEE Std 802.11-2012 and
WNM is a better term to use for this new functionality anyway.
Jouni Malinen [Sun, 16 Dec 2012 10:35:07 +0000 (12:35 +0200)]
wlantest: Process TX status frames as RX frames too
This is needed to allow capture files from the mac80211 cooked monitor
mode interface to be processed properly. Without this, the locally
generated frames may not get processed.
Jouni Malinen [Sun, 16 Dec 2012 10:31:16 +0000 (12:31 +0200)]
WNM: Add option for passing TFS request from external programs
The optional tfs_req=<hex dump> parameter can be added for the wnm_sleep
command to specify the TFS request element to use in the WNM-Sleep Mode
Request frame.
Dan Williams [Sun, 25 Nov 2012 19:27:18 +0000 (21:27 +0200)]
PMKSA: Make deauthentication due to cache entry removal more granular
Expiry can always trigger a deauthentication, but otherwise,
deauthentication should only happen when the *current* cache entry is
removed and not being replaced. It should not happen when the current
PMK just happens to match the PMK of the entry being removed, since
multiple entries can have the same PMK when OKC is used and these
entries are often removed at different times.
This fixes an issue where eviction of the oldest inactive entry due to
adding a newer entry to a full cache caused a deauthentication when the
entry being removed had the same PMK as the current entry.
Michael Braun [Sun, 25 Nov 2012 15:49:25 +0000 (17:49 +0200)]
Keep and use list of PSKs per station for RADIUS-based PSK
This adds support for multiple PSKs per station when using a RADIUS
authentication server to fetch the PSKs during MAC address
authentication step. This can be useful if multiple users share a
device but each user has his or her own private passphrase.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
Jouni Malinen [Sun, 25 Nov 2012 14:30:30 +0000 (16:30 +0200)]
Use a shared function for requesting a new connection
Both the ctrl_iface and D-Bus interface use similar functionality to
request a new connection. Combine these to a single function to avoid
need to maintain duplicated implementation.
Jouni Malinen [Sun, 25 Nov 2012 14:20:44 +0000 (16:20 +0200)]
Maintain maximum blacklist count over list clear operations
wpas_connection_failed() uses the blacklist count to figure out a
suitable time to wait for the next scan. This mechanism did not work
properly in cases where the temporary blacklist gets cleared due to no
other BSSes being available. Address this by maintaining an additional
count of blacklisting values over wpa_blacklist_clear() calls. In
addition, add one more step in the count to timeout mapping to go to 10
second interval if more than four failures are seen.
Jouni Malinen [Sun, 25 Nov 2012 10:47:43 +0000 (12:47 +0200)]
P2P: Avoid multi-channel scans when they are not needed
If the driver does not support multi-channel concurrency and a virtual
interface that shares the same radio with the current interface is
operating there may not be need to scan other channels apart from the
current operating channel on the other virtual interface. Filter out
other channels in case we are trying to find a connection for a station
interface when we are not configured to prefer station connection and a
concurrent operation is already in process.
Jouni Malinen [Sat, 24 Nov 2012 20:45:17 +0000 (22:45 +0200)]
Indicate if PMF was negotiated for the connection
Add pmf=1/2 to wpa_supplicant STATUS command output to indicate that PMF
was negotiated for the connect (1 = optional in this BSS, 2 = required
in this BSS).
Jouni Malinen [Sat, 24 Nov 2012 20:31:17 +0000 (22:31 +0200)]
Interworking: Enable key_mgmt WPA-EAP-SHA256 if PMF is enabled
If the global pmf=1/2 parameter is used to enable PMF for Interworking
networks, add WPA-EAP-SHA256 to the temporary network block to allow
connection to PMF required APs.
Jouni Malinen [Sat, 24 Nov 2012 20:21:29 +0000 (22:21 +0200)]
Allow PMF to be enabled by default
Previously, PMF (protected management frames, IEEE 802.11w) could be
enabled only with a per-network parameter (ieee80211w). The new global
parameter (pmf) can now be used to change the default behavior to be PMF
enabled (pmf=1) or required (pmf=2) for network blocks that do not
override this with the ieee80211w parameter.
Johannes Berg [Sat, 24 Nov 2012 16:02:29 +0000 (18:02 +0200)]
hostapd: Add second VHT frequency segment config
Add the configuration option vht_oper_centr_freq_seg1_idx
for the second segment of an 80+80 MHz channel and use it
when building the VHT operation IE.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Pontus Fuchs [Sat, 24 Nov 2012 14:47:20 +0000 (16:47 +0200)]
Do not double free cfg struct if netlink_init() fails
If netlink_init() fails on socket create or bind the cfg struct
provided as parameter is freed by netlink_init(). Callers of
netlink_init() also free this struct on their error paths leading
to double free.
Jouni Malinen [Thu, 22 Nov 2012 18:51:49 +0000 (20:51 +0200)]
HS 2.0: Add Home SP FQDN and roaming/home to status command
This allows the ctrl_iface STATUS information to be used to determine
which Home SP credential (domain in the cred block) was used and whether
the network is operated by the home SP.
Jouni Malinen [Thu, 22 Nov 2012 16:04:57 +0000 (18:04 +0200)]
HS 2.0: Add REMOVE_CRED sp_fqdn=<FQDN> command
This allows credential entries to be removed based on SP FQDN without
having to iterate through the configured entries from an external
program to figure out which credentials should be removed for a specific
SP.
Jouni Malinen [Wed, 21 Nov 2012 22:19:17 +0000 (00:19 +0200)]
HS 2.0: Maintain a copy of HS 2.0 Indication from Association Request
This allows the AP to figure out whether a station is a HS 2.0 STA
during the association and access any information that the STA may have
included in this element.
Jouni Malinen [Fri, 23 Nov 2012 15:05:47 +0000 (17:05 +0200)]
Android: Force group access to ctrl_iface directory
wpa_supplicant is started from /init.*.rc on Android and that seems
to be using umask 0077 which would leave the control interface
directory without group access. This breaks things since Wi-Fi
framework assumes that this directory can be accessed by other
applications in the wifi group. Fix this by adding group access even
if umask value would prevent this.
In most cases, this issue was not hit since the control interface
directory is normally created by that same init.*.rc file with suitable
mode and wpa_supplicant is killed in the way that does not allow it to
remove the file. However, if wpa_supplicant is allowed stop cleanly, it
will remove the directory and the next start could result with the Wi-Fi
framework not being able to use Wi-Fi (and GUI not showing Wi-Fi getting
enabled).
Sunil Dutt [Thu, 22 Nov 2012 22:57:59 +0000 (00:57 +0200)]
P2P: Increase the maximum number of PD Request retries
Change the maximum retry limit from 10 to 120 to match the behavior
used with GO Negotiation Request frames when trying to start GO
Negotiation with a peer that does not acknowledge frames (e.g., due
to being in sleep or on another channel most of the time).
Sunil Dutt [Thu, 22 Nov 2012 23:14:15 +0000 (01:14 +0200)]
P2P: Remove PD-before-join-timeout mechanism
The PD Request retry limit can be used to achieve the same behavior,
so drop this duplicated timeout mechanism and control the timeout
based on MAX_PROV_DISC_REQ_RETRIES.
Jouni Malinen [Thu, 22 Nov 2012 22:53:42 +0000 (00:53 +0200)]
P2P: Retry PD Request in join-a-running-group case
The GO may be in sleep when we send a PD Request frame to indicate that
we are about to join a running group. Previously, this frame was not
retried more than normal low level retries. This can result in the GO
not getting the frame especially in cases where concurrent multi-channel
operations or aggressive sleep schedule is used since most drivers do
not yet synchronize with the GO's NoA before association.
Increase the likelihood of the GO receiving the PD Request frame by
retransmitting it similarly to the PD-for-GO-Negotiation case. Start
the actual join operation only after these retries have failed to get
an acknowledgment from the GO to give the connection attempt a chance
to succeed if the driver implements better NoA synchronization for it.
Sunil Dutt [Thu, 22 Nov 2012 22:48:58 +0000 (00:48 +0200)]
P2P: Set user_initiated_pd separately from the join parameter
p2p_prov_disc_req() used the join parameter to figure out whether the PD
request was a user initiated or not. This does not cover all use cases
of PD, so add a separate parameter to allow caller to indicate whether
the user requested the operation.
../src/ap/ieee802_1x.o: In function `ieee802_1x_get_eap_user':
/../src/ap/ieee802_1x.c:1689: undefined reference to `hostapd_get_eap_user'
collect2: error: ld returned 1 exit status
make: *** [wpa_supplicant] Error 1
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Jouni Malinen [Tue, 20 Nov 2012 22:47:47 +0000 (00:47 +0200)]
Add preliminary support for using SQLite for eap_user database
CONFIG_SQLITE=y option can now be used to allow the eap_user_file text
file to be replaced with a SQLite database
(eap_user_file=sqlite:/path/to/sqlite.db). hostapd.eap_user_sqlite
shows an example of how the database tables can be created for this
purpose. This commit does not yet include full functionality of the
text file format, but at least basic EAP-TTLS/MSCHAPv2 style
authentication mechanisms with plaintext passwords can be used for
tests.
Jouni Malinen [Mon, 19 Nov 2012 15:00:07 +0000 (17:00 +0200)]
nl80211: Add support for TDLS request event from the driver
The NL80211_CMD_TDLS_OPER command can be used as an event based on a
recent cfg80211 commit, so add code to map that to internal
wpa_supplicant event to request TDLS link setup/teardown.
Jouni Malinen [Mon, 19 Nov 2012 12:04:42 +0000 (14:04 +0200)]
wpa_cli: Accept more arguments for set_network
Some network parameters, e.g., auth_alg and eap use a space separated
list of values without quotation marks. To allow these to be entered
from the interactive mode, change set_network command to allow more than
three arguments.
Jouni Malinen [Sun, 18 Nov 2012 11:06:03 +0000 (13:06 +0200)]
hostapd: Fix a regression in TKIP countermeasures processing
Commit 296a34f0c1730416bf2a61ab78690be43d82a3c0 changed hostapd to
remove the internal STA entry at the beginning of TKIP countermeasures.
However, this did not take into account the case where this is triggered
by an EAPOL-Key error report from a station. In such a case, WPA
authenticator state machine may continue processing after having
processed the error report. This could result in use of freed memory.
Fix this by stopping WPA processing if the STA entry got removed.
Jouni Malinen [Thu, 15 Nov 2012 17:59:04 +0000 (19:59 +0200)]
WPS: Add a workaround for PBC session overlap detection
Some deployed station implementations implement WPS incorrectly and
end up causing PBC session overlap issues by indicating active PBC
mode in a scan after the WPS provisioning step. Work around this by
ignoring active PBC indication in a Probe Request from a station that
completed PBC provisioning during the last five seconds.
Jouni Malinen [Wed, 14 Nov 2012 11:05:53 +0000 (13:05 +0200)]
Fix forgotten no-CONFIG_WPS=y wrapper
Commit 620c783753bddd37988269314862dc7e4a62f700 modified
wpas_wps_ssid_wildcard_ok() prototype, but forgot to update the
non-WPS-build wrapper. Fix that to match with the new bss parameter
type and remove the now unused declaration of wpa_scan_res.
Jouni Malinen [Mon, 12 Nov 2012 18:07:53 +0000 (20:07 +0200)]
Allow OKC to be enabled by default
Previously, OKC (opportunistic key caching, a.k.a. proactive key
caching) could be enabled only with a per-network parameter
(proactive_key_caching). The new global parameter (okc) can now be used
to change the default behavior to be OKC enabled (okc=1) for network
blocks that do not override this with the proactive_key_caching
parameter.
Jouni Malinen [Sun, 11 Nov 2012 18:45:27 +0000 (20:45 +0200)]
P2P: Avoid extra group interface creation on GO reinvocation
If separate group interfaces are used, the pending group interface got
removed unnecessarily when stopping find operations when accepting an
invitation to reinvoke the group in GO role. This resulted in the group
interfaces getting created twice. Avoid this unnecessary extra operation
by skipping removal of the pending interface in the reinvocation
sequence.