Jouni Malinen [Tue, 18 Dec 2012 08:39:34 +0000 (10:39 +0200)]
P2P: Allow p2p_cancel to be used to stop p2p_connect-join operation
p2p_cancel did not properly cancel a pending p2p_connect-join operation.
Address the different steps in that process: initial scan, Provision
Discovery exchange before connection, and WPS provisioning step
(including the scans before WPS).
Jouni Malinen [Mon, 17 Dec 2012 21:27:15 +0000 (23:27 +0200)]
Interworking: Default to EAP-MSCHAPv2 with EAP-PEAP
If the NAI Realm list indicates that EAP-PEAP is used, use EAP-MSCHAPv2
as the Phase 2 method by default if the NAI Realm list does not specify
the tunneled method.
Sven Eckelmann [Mon, 17 Dec 2012 15:45:26 +0000 (17:45 +0200)]
Fix initialization of ap_table_{max_size,expiration_time}
The config says that the default for ap_table_max_size is 255 and the
default for ap_table_expiration_time is 60. But the code doesn't reflect
the default values mentioned in the sample config file.
These variables completely disable the code for Overlapping Legacy BSS
Condition by default when they are not correctly initialized. WFA
certification requires this feature and therefore an AP would have
failed the certification process unless they were initialized manually
using the configuration file.
Signed-hostap: Sven Eckelmann <sven@open-mesh.com>
Signed-hostap: Simon Wunderlich <simon@open-mesh.com>
wpa_supplicant is started from /init.*.rc on Android and that seems
to be using umask 0077 which would leave the control interface
directory without group access. This breaks things since Wi-Fi
framework assumes that this directory can be accessed by other
applications in the wifi group. Fix this by adding group access even
if umask value would prevent this.
Pontus Fuchs [Mon, 17 Dec 2012 14:27:04 +0000 (16:27 +0200)]
hostapd: Don't chown control interface to root
If ctrl_interface_group in the config file is set hostapd tries to
chown the dir and socket to uid 0. This causes the chown to fail
if hostapd is run as non-root.
Jouni Malinen [Mon, 17 Dec 2012 14:08:23 +0000 (16:08 +0200)]
WPS: Add RF bands attribute conditionally to Probe Response frame
WSC IE in Beacon and Probe Response frames should behave consistently
as far as the RF Bands attribute is concerned. Use the same dualband
condition for adding this into Probe Response frames since the value
is not really needed if the AP is not a dualband AP.
Jouni Malinen [Mon, 17 Dec 2012 14:06:10 +0000 (16:06 +0200)]
WPS: Use wps_rf_bands parameter to determine dualband functionality
If separate hostapd processes are used for different RF bands, the
dualband parameter for WPS was not set correctly. Allow dualband
indication (mainly, addition of RF bands attribute for PBC session
overlap detection) also based on wps_rf_bands value (if set to "ag").
Jouni Malinen [Mon, 17 Dec 2012 10:12:13 +0000 (12:12 +0200)]
HS 2.0: Fix sp_type check in ctrl_iface status command
Commit e99b4f3a14755473d6d0e2413de6d82e785a6a30 added functionality to
check whether the current association is with the home SP. This commit
did not take into account that the domain name ANQP information could be
NULL and that could result to a NULL pointer dereference. Fix that by
validation that domain_names != NULL before calling
domain_name_list_contains().
Jouni Malinen [Sun, 16 Dec 2012 16:22:54 +0000 (18:22 +0200)]
WNM: Use CONFIG_WNM more consistently
Replace CONFIG_IEEE80211V with CONFIG_WNM to get more consistent build
options for WNM-Sleep Mode operations. Previously it was possible to
define CONFIG_IEEE80211V without CONFIG_WNM which would break the build.
In addition, IEEE 802.11v has been merged into IEEE Std 802.11-2012 and
WNM is a better term to use for this new functionality anyway.
Jouni Malinen [Sun, 16 Dec 2012 10:35:07 +0000 (12:35 +0200)]
wlantest: Process TX status frames as RX frames too
This is needed to allow capture files from the mac80211 cooked monitor
mode interface to be processed properly. Without this, the locally
generated frames may not get processed.
Jouni Malinen [Sun, 16 Dec 2012 10:31:16 +0000 (12:31 +0200)]
WNM: Add option for passing TFS request from external programs
The optional tfs_req=<hex dump> parameter can be added for the wnm_sleep
command to specify the TFS request element to use in the WNM-Sleep Mode
Request frame.
Dan Williams [Sun, 25 Nov 2012 19:27:18 +0000 (21:27 +0200)]
PMKSA: Make deauthentication due to cache entry removal more granular
Expiry can always trigger a deauthentication, but otherwise,
deauthentication should only happen when the *current* cache entry is
removed and not being replaced. It should not happen when the current
PMK just happens to match the PMK of the entry being removed, since
multiple entries can have the same PMK when OKC is used and these
entries are often removed at different times.
This fixes an issue where eviction of the oldest inactive entry due to
adding a newer entry to a full cache caused a deauthentication when the
entry being removed had the same PMK as the current entry.
Michael Braun [Sun, 25 Nov 2012 15:49:25 +0000 (17:49 +0200)]
Keep and use list of PSKs per station for RADIUS-based PSK
This adds support for multiple PSKs per station when using a RADIUS
authentication server to fetch the PSKs during MAC address
authentication step. This can be useful if multiple users share a
device but each user has his or her own private passphrase.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
Jouni Malinen [Sun, 25 Nov 2012 14:30:30 +0000 (16:30 +0200)]
Use a shared function for requesting a new connection
Both the ctrl_iface and D-Bus interface use similar functionality to
request a new connection. Combine these to a single function to avoid
need to maintain duplicated implementation.
Jouni Malinen [Sun, 25 Nov 2012 14:20:44 +0000 (16:20 +0200)]
Maintain maximum blacklist count over list clear operations
wpas_connection_failed() uses the blacklist count to figure out a
suitable time to wait for the next scan. This mechanism did not work
properly in cases where the temporary blacklist gets cleared due to no
other BSSes being available. Address this by maintaining an additional
count of blacklisting values over wpa_blacklist_clear() calls. In
addition, add one more step in the count to timeout mapping to go to 10
second interval if more than four failures are seen.
Jouni Malinen [Sun, 25 Nov 2012 10:47:43 +0000 (12:47 +0200)]
P2P: Avoid multi-channel scans when they are not needed
If the driver does not support multi-channel concurrency and a virtual
interface that shares the same radio with the current interface is
operating there may not be need to scan other channels apart from the
current operating channel on the other virtual interface. Filter out
other channels in case we are trying to find a connection for a station
interface when we are not configured to prefer station connection and a
concurrent operation is already in process.
Jouni Malinen [Sat, 24 Nov 2012 20:45:17 +0000 (22:45 +0200)]
Indicate if PMF was negotiated for the connection
Add pmf=1/2 to wpa_supplicant STATUS command output to indicate that PMF
was negotiated for the connect (1 = optional in this BSS, 2 = required
in this BSS).
Jouni Malinen [Sat, 24 Nov 2012 20:31:17 +0000 (22:31 +0200)]
Interworking: Enable key_mgmt WPA-EAP-SHA256 if PMF is enabled
If the global pmf=1/2 parameter is used to enable PMF for Interworking
networks, add WPA-EAP-SHA256 to the temporary network block to allow
connection to PMF required APs.
Jouni Malinen [Sat, 24 Nov 2012 20:21:29 +0000 (22:21 +0200)]
Allow PMF to be enabled by default
Previously, PMF (protected management frames, IEEE 802.11w) could be
enabled only with a per-network parameter (ieee80211w). The new global
parameter (pmf) can now be used to change the default behavior to be PMF
enabled (pmf=1) or required (pmf=2) for network blocks that do not
override this with the ieee80211w parameter.
Johannes Berg [Sat, 24 Nov 2012 16:02:29 +0000 (18:02 +0200)]
hostapd: Add second VHT frequency segment config
Add the configuration option vht_oper_centr_freq_seg1_idx
for the second segment of an 80+80 MHz channel and use it
when building the VHT operation IE.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Pontus Fuchs [Sat, 24 Nov 2012 14:47:20 +0000 (16:47 +0200)]
Do not double free cfg struct if netlink_init() fails
If netlink_init() fails on socket create or bind the cfg struct
provided as parameter is freed by netlink_init(). Callers of
netlink_init() also free this struct on their error paths leading
to double free.
Jouni Malinen [Thu, 22 Nov 2012 18:51:49 +0000 (20:51 +0200)]
HS 2.0: Add Home SP FQDN and roaming/home to status command
This allows the ctrl_iface STATUS information to be used to determine
which Home SP credential (domain in the cred block) was used and whether
the network is operated by the home SP.
Jouni Malinen [Thu, 22 Nov 2012 16:04:57 +0000 (18:04 +0200)]
HS 2.0: Add REMOVE_CRED sp_fqdn=<FQDN> command
This allows credential entries to be removed based on SP FQDN without
having to iterate through the configured entries from an external
program to figure out which credentials should be removed for a specific
SP.
Jouni Malinen [Wed, 21 Nov 2012 22:19:17 +0000 (00:19 +0200)]
HS 2.0: Maintain a copy of HS 2.0 Indication from Association Request
This allows the AP to figure out whether a station is a HS 2.0 STA
during the association and access any information that the STA may have
included in this element.
Jouni Malinen [Fri, 23 Nov 2012 15:05:47 +0000 (17:05 +0200)]
Android: Force group access to ctrl_iface directory
wpa_supplicant is started from /init.*.rc on Android and that seems
to be using umask 0077 which would leave the control interface
directory without group access. This breaks things since Wi-Fi
framework assumes that this directory can be accessed by other
applications in the wifi group. Fix this by adding group access even
if umask value would prevent this.
In most cases, this issue was not hit since the control interface
directory is normally created by that same init.*.rc file with suitable
mode and wpa_supplicant is killed in the way that does not allow it to
remove the file. However, if wpa_supplicant is allowed stop cleanly, it
will remove the directory and the next start could result with the Wi-Fi
framework not being able to use Wi-Fi (and GUI not showing Wi-Fi getting
enabled).
Sunil Dutt [Thu, 22 Nov 2012 22:57:59 +0000 (00:57 +0200)]
P2P: Increase the maximum number of PD Request retries
Change the maximum retry limit from 10 to 120 to match the behavior
used with GO Negotiation Request frames when trying to start GO
Negotiation with a peer that does not acknowledge frames (e.g., due
to being in sleep or on another channel most of the time).
Sunil Dutt [Thu, 22 Nov 2012 23:14:15 +0000 (01:14 +0200)]
P2P: Remove PD-before-join-timeout mechanism
The PD Request retry limit can be used to achieve the same behavior,
so drop this duplicated timeout mechanism and control the timeout
based on MAX_PROV_DISC_REQ_RETRIES.
Jouni Malinen [Thu, 22 Nov 2012 22:53:42 +0000 (00:53 +0200)]
P2P: Retry PD Request in join-a-running-group case
The GO may be in sleep when we send a PD Request frame to indicate that
we are about to join a running group. Previously, this frame was not
retried more than normal low level retries. This can result in the GO
not getting the frame especially in cases where concurrent multi-channel
operations or aggressive sleep schedule is used since most drivers do
not yet synchronize with the GO's NoA before association.
Increase the likelihood of the GO receiving the PD Request frame by
retransmitting it similarly to the PD-for-GO-Negotiation case. Start
the actual join operation only after these retries have failed to get
an acknowledgment from the GO to give the connection attempt a chance
to succeed if the driver implements better NoA synchronization for it.
Sunil Dutt [Thu, 22 Nov 2012 22:48:58 +0000 (00:48 +0200)]
P2P: Set user_initiated_pd separately from the join parameter
p2p_prov_disc_req() used the join parameter to figure out whether the PD
request was a user initiated or not. This does not cover all use cases
of PD, so add a separate parameter to allow caller to indicate whether
the user requested the operation.
../src/ap/ieee802_1x.o: In function `ieee802_1x_get_eap_user':
/../src/ap/ieee802_1x.c:1689: undefined reference to `hostapd_get_eap_user'
collect2: error: ld returned 1 exit status
make: *** [wpa_supplicant] Error 1
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Jouni Malinen [Tue, 20 Nov 2012 22:47:47 +0000 (00:47 +0200)]
Add preliminary support for using SQLite for eap_user database
CONFIG_SQLITE=y option can now be used to allow the eap_user_file text
file to be replaced with a SQLite database
(eap_user_file=sqlite:/path/to/sqlite.db). hostapd.eap_user_sqlite
shows an example of how the database tables can be created for this
purpose. This commit does not yet include full functionality of the
text file format, but at least basic EAP-TTLS/MSCHAPv2 style
authentication mechanisms with plaintext passwords can be used for
tests.
Jouni Malinen [Mon, 19 Nov 2012 15:00:07 +0000 (17:00 +0200)]
nl80211: Add support for TDLS request event from the driver
The NL80211_CMD_TDLS_OPER command can be used as an event based on a
recent cfg80211 commit, so add code to map that to internal
wpa_supplicant event to request TDLS link setup/teardown.
Jouni Malinen [Mon, 19 Nov 2012 12:04:42 +0000 (14:04 +0200)]
wpa_cli: Accept more arguments for set_network
Some network parameters, e.g., auth_alg and eap use a space separated
list of values without quotation marks. To allow these to be entered
from the interactive mode, change set_network command to allow more than
three arguments.
Jouni Malinen [Sun, 18 Nov 2012 11:06:03 +0000 (13:06 +0200)]
hostapd: Fix a regression in TKIP countermeasures processing
Commit 296a34f0c1730416bf2a61ab78690be43d82a3c0 changed hostapd to
remove the internal STA entry at the beginning of TKIP countermeasures.
However, this did not take into account the case where this is triggered
by an EAPOL-Key error report from a station. In such a case, WPA
authenticator state machine may continue processing after having
processed the error report. This could result in use of freed memory.
Fix this by stopping WPA processing if the STA entry got removed.
Jouni Malinen [Thu, 15 Nov 2012 17:59:04 +0000 (19:59 +0200)]
WPS: Add a workaround for PBC session overlap detection
Some deployed station implementations implement WPS incorrectly and
end up causing PBC session overlap issues by indicating active PBC
mode in a scan after the WPS provisioning step. Work around this by
ignoring active PBC indication in a Probe Request from a station that
completed PBC provisioning during the last five seconds.
Jouni Malinen [Wed, 14 Nov 2012 11:05:53 +0000 (13:05 +0200)]
Fix forgotten no-CONFIG_WPS=y wrapper
Commit 620c783753bddd37988269314862dc7e4a62f700 modified
wpas_wps_ssid_wildcard_ok() prototype, but forgot to update the
non-WPS-build wrapper. Fix that to match with the new bss parameter
type and remove the now unused declaration of wpa_scan_res.
Jouni Malinen [Mon, 12 Nov 2012 18:07:53 +0000 (20:07 +0200)]
Allow OKC to be enabled by default
Previously, OKC (opportunistic key caching, a.k.a. proactive key
caching) could be enabled only with a per-network parameter
(proactive_key_caching). The new global parameter (okc) can now be used
to change the default behavior to be OKC enabled (okc=1) for network
blocks that do not override this with the proactive_key_caching
parameter.
Jouni Malinen [Sun, 11 Nov 2012 18:45:27 +0000 (20:45 +0200)]
P2P: Avoid extra group interface creation on GO reinvocation
If separate group interfaces are used, the pending group interface got
removed unnecessarily when stopping find operations when accepting an
invitation to reinvoke the group in GO role. This resulted in the group
interfaces getting created twice. Avoid this unnecessary extra operation
by skipping removal of the pending interface in the reinvocation
sequence.
Pawel Kulakowski [Sun, 11 Nov 2012 14:26:36 +0000 (16:26 +0200)]
bgscan_learn: Prevent infinite busy looping
In highly congested network (BSSes almost on every channel
within ESS) we have hit a bug when wpa_supplicant become
completly irresponsive, infinite looping on while loop.
When probe_idx was equal 0 and we are not able to probe
new frequency, following condition were never fulfilled:
"if (!in_array(freqs, data->supp_freqs[idx]))"
nl80211: Roam correctly through cfg80211 without SME
Change the nl80211 driver in wpa_supplicant to correctly handle
connecting to a new AP through cfg80211 without SME capability. As
before, the driver will disconnect from the previously associated AP,
but now we attempt to immediately connect to our intended AP. This
prevents us from blacklisting the AP we were trying to connect to
because of a semantic mismatch between cfg80211 and wpa_supplicant. The
disconnect/connect patch generates a local disconnect nl80211 event
which we discard because we're already correctly tracking the pending
association request.
In detail:
cfg80211 does not support connecting to a new BSS while already
connected to another BSS, if the underlying driver doesn't support
separate authenticate and associate commands. wpa_supplicant is written
to expect that this is a supported operation, except for a little error
handling that disconnects from the current BSS when roaming fails and
relies on autoconnect logic to reconnect later. However, this failure to
connect is incorrectly attributed to the new AP we attempted to
associate with, rather than a local condition in cfg80211.
The combined effect of these two conditions is that full-mac drivers
accessible through cfg80211 but without SME capability take a long time
to roam across BSS's because wpa_supplicant will:
1) Fail to associate for local reasons
2) Disconnect and return that the association request failed
3) Blacklist the association target (incorrectly)
4) Do a scan
5) Pick a less desirable AP to associate with
Jouni Malinen [Sun, 11 Nov 2012 11:11:15 +0000 (13:11 +0200)]
Check hapd_iface more consistently in hostapd_disable_iface()
There is no point in the hapd_iface == NULL validate after this pointer
has been dereferences, so move the code dereferencing hapd_iface after
the check.
Jouni Malinen [Sun, 11 Nov 2012 11:01:06 +0000 (13:01 +0200)]
WPS: Remove deprecated UFD config method and OOB ctrl_iface
The UFD (USB flash drive) configuration method was deprecated in WSC
2.0. Since this is not known to be used, remove the UFD implementation
from hostapd and wpa_supplicant to allow the WPS implementation to be
cleaned up. This removes the now unused OOB operations and ctrl_iface
commands that had already been deprecated by the new NFC operations.
Masashi Honma [Sun, 11 Nov 2012 09:39:24 +0000 (11:39 +0200)]
P2P: Reduce redundant PSK generation for GO
The PSK generation done by pbkdf2_sha1() is one of the longest CPU time
users according to our profiling from boot to GO started.
So I have reduced some steps.
I could boot a GO by this command sequence.
-------------
add_net
set_network 0 ssid '"DIRECT-XX"'
set_network 0 psk
'"123456789012345678901234567890123456789012345678901234567890123"'
set_network 0 proto RSN
set_network 0 key_mgmt WPA-PSK
set_network 0 pairwise CCMP
set_network 0 auth_alg OPEN
set_network 0 mode 3
set_network 0 disabled 2
p2p_group_add persistent=0 freq=2412
-------------
By this sequence, pbkdf2_sha1() was called three times and the function
calculates the same value each time. Reduce number of calls to
pbkdf2_sha1() from 3 to 1 by caching the previous result.
Signed-hostap: Masashi Honma <masashi.honma at gmail.com>
Paul Stewart [Sun, 11 Nov 2012 09:18:31 +0000 (11:18 +0200)]
new_dbus_handlers: Clear errno
There are a few instances where dbus handlers test the value
of errno to test whether strtoul completes successfully.
Since strtoul does not clear errno, and there's no strong
reason to suspect that errno is already clear, it is safer
to clear it right before calling strtoul. Also, any failure
in strtoul (setting errno non-zero) should be considered a
failure.
While testing using dbus-send, I found that a malformed
network path can cause a crash due to net_id being left
NULL. We should test for this before calling strtoul
on it.
Jouni Malinen [Mon, 5 Nov 2012 15:05:37 +0000 (17:05 +0200)]
Remove unused wpa_supplicant_disassociate()
This function is now unused after the last couple of commits that
removed the last uses, so remove this to keep code simpler since all
places that disassociate, can use deauthentication instead.
Jouni Malinen [Mon, 5 Nov 2012 15:01:07 +0000 (17:01 +0200)]
Use deauthentication instead of disassociation on RSN element mismatch
Even though the standard currently describes disassociation to be used
for RSN element mismatch between Beacon/Probe Response frames and
EAPOL-Key msg 3/4, this is unnecessary difference from other cases that
deauthenticate. In addition, there is no point in leaving the 802.11
Authentication in place in this case. To keep things simpler, use
deauthentication here to get rid of the only use of
wpa_sm_disassociate().
Jouni Malinen [Mon, 5 Nov 2012 14:55:30 +0000 (16:55 +0200)]
Use deauthentication instead of disassociation if not associated
cfg80211/mac80211 may reject disassociation command if association has
not yet been formed. Use deauthentication in cases where it is possible
that we are associating at the moment the command is issued.
Jouni Malinen [Mon, 5 Nov 2012 14:42:28 +0000 (16:42 +0200)]
Use wpa_drv_{disassociate,deauthenticate} while waiting for connection
wpa_supplicant_{disassociate,deauthenticate}() need to inform the driver
about decision to disconnect even if this happens during the time when
the driver is still trying to complete association. During that time,
wpa_s->bssid is not set, so the code in these functions needs to figure
out the correct BSSID based on that field or wpa_s->pending_bssid. In
addition, it is possible that the BSSID is not even known at
wpa_supplicant at this point in time when using drivers that perform BSS
selection internally. In those cases, the disconnect command needs to be
sent to the driver without the BSSID.
This fixes issues where the driver (or cfg80211 in particular) may be
left in mismatching state with wpa_supplicant when disconnection (e.g.,
due to a ctrl_iface command) happens between connection request and
association event.