Ben Greear [Thu, 26 Mar 2015 21:39:48 +0000 (17:39 -0400)]
HS 2.0R2: Allow custom libcurl linkage for hs20-osu-client
In case someone is compiling their own libcurl and wants to link it
statically, for instance, the new CUST_CURL_LINKAGE parameter can be
used to override the default -lcurl argument.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Jouni Malinen [Sat, 28 Mar 2015 09:05:13 +0000 (11:05 +0200)]
Allow PSK/passphrase to be set only when needed
The new network profile parameter mem_only_psk=1 can be used to specify
that the PSK/passphrase for that network is requested over the control
interface (ctrl_iface or D-Bus) similarly to the EAP network parameter
requests. The PSK/passphrase can then be configured temporarily in a way
that prevents it from getting stored to the configuration file.
For example:
Event:
CTRL-REQ-PSK_PASSPHRASE-0:PSK or passphrase needed for SSID test-wpa2-psk
Response:
CTRL-RSP-PSK_PASSPHRASE-0:"qwertyuiop"
Note: The response value uses the same encoding as the psk network
profile parameter, i.e., passphrase is within double quotation marks.
Jouni Malinen [Sat, 28 Mar 2015 07:43:33 +0000 (09:43 +0200)]
EAP-pwd peer: Add support for hashed password
This extends EAP-pwd peer support to allow NtHash version of password
storage in addition to full plaintext password. In addition, this allows
the server to request hashed version even if the plaintext password is
available on the client. Furthermore, unsupported password preparation
requests are now rejected rather than allowing the authentication
attempt to continue.
Jouni Malinen [Thu, 26 Mar 2015 20:18:54 +0000 (22:18 +0200)]
tests: Make parallel-vm.py FAIL parser more robust
It looks like it was possible to receive an incomplete FAIL line and
break out from test execution due to a parsing error. Handle this more
robustly and log the error.
wpa_gui: Add tray icon based signal strength meter
System tray icon can be set to 5 different pictographs according to the
connection status. One for disconnected state (not associated with the
network, or not connected with the wpa_supplicant service), and four for
connected status (showing the signal strength on the receiver).
By default this functionality is disabled. The reason for this, is the
fact, that the underlaying approach of this functionality is poll based,
which might be considered as a non-efficient one. Update interval has to
be set explicitly by the user with '-m<seconds>' command line argument.
Status icon names are based on various Gnome icon packs (e.g., Faba).
When icon can not be found, default one is shown (wpa_gui logo).
Jouni Malinen [Tue, 24 Mar 2015 18:33:33 +0000 (20:33 +0200)]
tests: Change proxyarp_open LL src MAC check to match requirements
Now that there is a kernel patch for IPv6 ProxyARP that is capable of
using the non-AP STAs MAC address as the link layer source address in
NA, validate that behavior rather than the temporary check for BSSID.
Manikandan Mohan [Wed, 11 Mar 2015 20:03:58 +0000 (13:03 -0700)]
Extend offloaded ACS QCA vendor command to support VHT
Update ACS driver offload feature for VHT configuration. In addition,
this allows the chanlist parameter to be used to specify which channels
are included as options for the offloaded ACS case.
Ilan Peer [Mon, 16 Mar 2015 05:20:48 +0000 (01:20 -0400)]
Add Extended Capabilities element to all Probe Request frames
Always add the Extended Capabilities element to Probe Request frames (in
case it is not all zeros) to publish support for driver advertised
capabilities and wpa_supplicant specific capabilities.
This also fixes the case where Extended Capabilities element was added
for Interworking cases, but did not use the driver advertised ones and
did not handle other capabilities supported by wpa_supplicant.
Avraham Stern [Mon, 16 Mar 2015 05:20:02 +0000 (01:20 -0400)]
Delay AP selection if all networks are temporarily disabled
If all networks are temporarily disabled, delay AP selection until at
least one network is enabled. Running AP selection when all networks are
disabled is useless as wpa_supplicant will not try to connect. In
addition, it will result in needless scan iterations that may delay the
connection when it is needed.
Avraham Stern [Mon, 16 Mar 2015 05:20:01 +0000 (01:20 -0400)]
Don't optimize scan frequencies if selected network has changed
When disconnecting from a BSS, the next scan is optimized to scan only
the channels used by the connected ESS. But when disconnecting because a
new network was selected, this optimization is wrong because
wpa_supplicant is now trying to connect to another ESS. Fix this by not
optimizing the scan frequencies in case the selected network has
changed.
Eliad Peller [Thu, 19 Mar 2015 14:41:42 +0000 (16:41 +0200)]
DFS: Fix range availability check
There's off-by-one in the range availability check - the case of
first_chan_idx + num_chans == num_channels should be allowed (e.g., 0 +
1 == 1, for the case of a single 20 MHz channel).
Eliad Peller [Thu, 19 Mar 2015 14:41:41 +0000 (16:41 +0200)]
DFS: Consider non-contiguous channels
When looking for a new operating channel, consider the case of
non-contiguous channels when checking all the needed channels (e.g., the
driver might support channels 36, 38, 40, so look for channels 36+40
explicitly, instead of failing when encountering channel 38).
The channel list can be changed as a result of arriving beacon hints
during normal scan or as a result of local Reg-Domain change. Some
passive channels can become active and needs to be reconfigured
accordingly for the scheduled scan.
This fixes the connection to hidden SSIDs on 5 GHz band during default
Reg-Domain 00 (world roaming).
Signed-off-by: Victor Goldenshtein <victorg@ti.com> Signed-off-by: Eliad Peller <eliad@wizery.com>
Jouni Malinen [Fri, 20 Mar 2015 12:56:31 +0000 (14:56 +0200)]
Fix hlr_auc_gw build with OpenSSL
Commit 983c6a606bc839248ea0c69090e60c095a655bc6 ('OpenSSL: Replace
internal HMAC-MD5 implementation') forgot to make inclusion of md5.o
conditional for hlr_auc_gw build.
Zefir Kurtisi [Wed, 18 Mar 2015 17:26:59 +0000 (18:26 +0100)]
nl80211: Fix vendor command handling
In wiphy_info_handler(), vendor specific commands were
interpreted as QCA specific without checking for the OUI,
which caused incorrect setting of driver flags with
commands from other vendors. As a result, that could
prevent proper operation (e.g., inability to process CSA).
This patch ensures that QCA vendor specific commands are
checked against QCA OUI before related flags are set.
Neelansh Mittal [Thu, 19 Mar 2015 19:02:44 +0000 (00:32 +0530)]
Interworking: Prevent scan during ANQP fetch and Interworking select
Reject external scan request while either ANQP fetch or Interworking
select is in progress. Not doing so could lead to a situation in which
Interworking automatic network selection does not get triggered because
of a new scan result event forcing the ANQP fetch cycle to be disrupted
and restarted all over again. Interworking automatic network selection
is only triggered when AQNP fetch cycle, that is, ANQP exchange with
every Interworking capable BSS in the current BSS list, is completed.
Jouni Malinen [Thu, 19 Mar 2015 11:14:21 +0000 (13:14 +0200)]
Add a AP mode event message for possible PSK/passphrase mismatch
If the AP/Authenticator receives an EAPOL-Key msg 2/4 for an association
that negotiated use of PSK and the EAPOL-Key MIC does not match, it is
likely that the station is trying to use incorrect PSK/passphrase.
Report this with "AP-STA-POSSIBLE-PSK-MISMATCH <STA addr>" control
interface event.
Jouni Malinen [Wed, 18 Mar 2015 20:31:36 +0000 (22:31 +0200)]
Remove SChannel support
SChannel/CryptoAPI as a TLS/crypto library alternative was never
completed. Critical functionality is missing and there are bugs in this
implementation. Since there are no known plans of completing this
support, it is better to remove this code.
In the commit 77b244d577a7cb5c928478627af6687a0733193d9 ('wpa_gui: Quiet
mode - disable tray icon messages') a new parameter has been introduced,
but it was not documented. This commit fixes this omission.
Mikael Kanstrup [Sat, 14 Mar 2015 23:37:08 +0000 (00:37 +0100)]
wpa_cli: Add missing parameters for "set" command completion routine
Some config parameters were missing in the "set" command completion
routine. Add missing parameters and while at it put the parameters
under compiler switches so only valid ones are shown.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Mikael Kanstrup [Sat, 14 Mar 2015 23:37:06 +0000 (00:37 +0100)]
Add IPv4 support function for "get" control interface command
Add support to retrieve IPv4 config variables with the "get" control
interface command. This allows the ip_addr_* parameters for P2P+NFC
IP address assignment to be fetched from the GO.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Jouni Malinen [Sun, 15 Mar 2015 18:25:48 +0000 (20:25 +0200)]
P2P: Move upper layer SD interaction into a separate file
wpa_supplicant/p2p_supplicant.c has reached almost 10000 lines in length
and was getting a bit inconvenient to edit, so start splitting it into
separate files.
Jouni Malinen [Sat, 14 Mar 2015 11:50:12 +0000 (13:50 +0200)]
Fix bitfield_get_first_zero() to not read beyond buffer
It was possible for bitfield_get_first_zero() to read one octet beyond
the allocated bit buffer in case the first zero bit was not within
size-1 first octets.
Jouni Malinen [Sat, 14 Mar 2015 08:12:33 +0000 (10:12 +0200)]
Indicate AP-DISABLED on main AP mode deinit path
This event was previously used only when disabling AP mode operation
through hostapd control interface. Make this more consistent by
providing same indication when disabling hostapd interface through the
interface deinit path. This adds the event to the case where a full
hostapd radio instance is removed which also applies for the
wpa_supplicant AP mode operations.
Jouni Malinen [Sat, 14 Mar 2015 08:05:05 +0000 (10:05 +0200)]
Send CTRL-EVENT-DISCONNECTED on wpa_supplicant AP deinit
This makes the AP mode more consistent with other modes by providing a
matching pair of CTRL-EVENT-CONNECTED and CTRL-EVENT-DISCONNECTED event
messages.
Jouni Malinen [Sat, 7 Mar 2015 14:23:48 +0000 (16:23 +0200)]
tests: Make ap_acs_40mhz more robust
Explicitly clear cached scan results on the AP interface before starting
ACS. This avoids issues where conflicting BSS entries from previously
executed test cases could affect channel selection.
Jouni Malinen [Sat, 7 Mar 2015 13:34:17 +0000 (15:34 +0200)]
Make rate-not-supported debug print more useful
It looks like "hardware does not support required rate 1.0 Mbps" has
started showing up in some hwsim test cases as a reason for failure.
This should not really occur with mac80211_hwsim, so add more details to
the debug print to make it easier to figure out what exactly happened.
Jouni Malinen [Sat, 7 Mar 2015 10:58:19 +0000 (12:58 +0200)]
Reject Group Key message 1/2 prior to completion of 4-way handshake
Previously, it would have been possible to complete RSN connection by
skipping the msg 3/4 and 4/4 completely. This would have resulted in
pairwise key not being configured. This is obviously not supposed to
happen in practice and could result in unexpected behavior, so reject
group key message before the initial 4-way handshake has been completed.
Jouni Malinen [Fri, 6 Mar 2015 21:47:34 +0000 (23:47 +0200)]
tests: Add --short option for parallel-vm.py
This can be used to filter out test cases that take significantly longer
time to execute (15 seconds or longer). While this reduces testing
coverage, this can be useful to get a pretty quick coverage in
significantly faster time.
Johannes Berg [Tue, 3 Mar 2015 22:08:41 +0000 (23:08 +0100)]
tests: Allow running with arbitrary working directory
It's somewhat annoying that you can only run parallel-vm.py as
./parallel-vm.py, not from elsewhere by giving the full path,
so fix that by resolving the paths correctly in the scripts where
needed.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Fri, 6 Mar 2015 21:22:53 +0000 (23:22 +0200)]
tests: Make ap_remove_during_acs* more robust
These test cases need to use the previous-AP-on-correct-band workaround
similarly to test_ap_acs.py test cases for now to work with
mac80211_hwsim limitations on channel survey.
Jouni Malinen [Fri, 6 Mar 2015 21:17:12 +0000 (23:17 +0200)]
tests: More thorough cache clearing in ap_hs20_hidden_ssid_in_scan_res
It looked like cfg80211 BSS entry for the zero-length SSID could remain
after this test case. Stop the AP and scan twice with flush-cache option
to make this less likely to occur and cause issues to following test
cases.
Sunil Dutt [Fri, 6 Mar 2015 14:47:54 +0000 (20:17 +0530)]
nl80211: Extend NL80211_CMD_TDLS_OPER to support discovery
ML80211_ATTR_TDLS_OPERATION can now set to NL80211_TDLS_DISCOVERY_REQ to
allow the driver to request wpa_supplicant to initiate TDLS Discovery
Request.
Sunil Dutt [Fri, 6 Mar 2015 14:47:29 +0000 (20:17 +0530)]
TDLS: Allow driver to request TDLS Discovery Request initiation
This extends the TDLS operation request mechanism to allow TDLS
Discovery Request to be initiated by the driver similarly to the
existing Setup and Teardown requests.
Jouni Malinen [Fri, 6 Mar 2015 18:58:56 +0000 (20:58 +0200)]
mesh: Leave mesh in driver setup if initialization fails
It was possible to leave the driver in mesh point state if upper layer
mesh initialization failed in wpa_supplicant_mesh_init(). With nl80211,
this results in the vif being left in mesh point mode instead of
restoring it to station mode. That seems to break normal functionality,
e.g., for Public Action frame TX/RX. Fix this by restoring station mode
on mesh failure path.
This error could be triggered, e.g., with the following hwsim test case
sequence: wpas_mesh_secure_sae_missing_password
nfc_p2p_static_handover_tagdev_go_forced_freq
Jouni Malinen [Fri, 6 Mar 2015 16:40:28 +0000 (18:40 +0200)]
Clear RSN timers for preauth and PTK rekeying on disassociation
Previously, it was possible for the wpa_sm_start_preauth() and
wpa_sm_rekey_ptk() eloop callbacks to remain active after disconnection
and potentially continue to be used for the next association. This is
not correct behavior, so explicitly cancel these timeouts to avoid
unexpected attempts to complete RSN preauthentication or to request PTK
to be rekeyed.
It was possible to trigger this issue, e.g., by running the following
hwsim test case sequence: ap_wpa2_ptk_rekey ap_ft_sae_over_ds
Jouni Malinen [Fri, 6 Mar 2015 15:03:06 +0000 (17:03 +0200)]
tests: Make offchannel_tx_roc_gas more robust
It was possible for this test case to fail if cfg80211 BSS cache
included an entry for the same BSSID on another channel from an earlier
test case. Fix this by epxlicitly flushing the cache. In addition, use
scan_for_bss() to make the test less likely to fail in case of heavy CPU
load.
Jouni Malinen [Wed, 4 Mar 2015 21:09:44 +0000 (23:09 +0200)]
nl80211: Use the new bridge port option proxyarp_wifi
The initial IEEE 802.11 ProxyARP functionality in the kernel needed
changes in behavior and that ended up requiring an independent
configuration parameter to be used. Update hostapd to use that new
proxyarp_wifi parameter instead of the earlier proxyarp.
projects / thirdparty / hostap.git / log
