hlr_auc_gw: Add support for processing command line operations
This allows hlr_auc_gw to be used to run a single operation without
having to use it as a server. This can be useful, e.g., for generating
GSM authentication triplets for external programs. For example:
./hlr_auc_gw -m hlr_auc_gw.milenage_db "SIM-REQ-AUTH 232010000000000"
Commit 8a9f58f2cca92e5e362809ae4a531a4676c29888 ("EAP-AKA server: Store
permanent username in session data") broke AUTS processing by skipping
new authentication triplet fetch after having reported AUTS. Fix this by
started new full authentication sequence immediately after reporting
AUTS so that the updated parameters are available for the Challenge
message.
hlr_auc_gw: Update file comments to mention Milenage
The notes about using only fixed GSM authentication triplets were not
really up-to-date with the implementation. Milenage and GSM-Milenage
were available for EAP-SIM, EAP-AKA, and EAP-AKA'.
Some older systems used admin group, but adm group seems to be more
common nowadays, so detect this automatically rather than assume admin
group is used.
tests: Add mechanism for test cases to indicate a skipped run
This can be used by test cases that depend on some external component
that may not always be available to indicate clearly that a test case
was skipped rather than passed or failed.
tests: Wait for driver scan state to clear between tests
cfg80211/mac80211 seems to getting stuck with scans every now and then.
Check for this special state and delay return from reset() until the
driver has stopped the scan operation. This reduces likelihood of
failing multiple test cases in a row because of a single error.
Add driver status information to control interface
STATUS-DRIVER command can now be used to fetch driver interface status
information. This is mainly for exporting low-level driver interface
information for debug purposes.
nl80211: Fix off-channel Action frame TX from GO with use_monitor
TX frequency gets lost when going through the monitor send MLME option
and this resulted in P2P operations like invitation from a GO failing
when the driver needs monitor socket, but would support offchannel TX.
Fix this by using frame_cmd path instead in case the monitor socket
would have been hit for action frame TX.
tests: Add support for using Linux kernel tracing functionality
run-all.sh and start.sh scripts can now take 'trace' command line
argument to request Linux tracing information from mac80211, cfg80211,
and wpa_supplicant to be recorded.
Add no_ctrl_interface config param to clear ctrl_interface
This can be used to override previously set ctrl_interface value in a
way that clears the variable to NULL instead of empty string. The only
real use case for this is to disable per-interface ctrl_interface from
the additional control file (-I<file>) in case ctrl_interface was set in
the main configuration file. It should be noted that zero-length
ctrl_interface parameter can be used to initiate some control interface
backends, so simpler designs were not available for this.
The format of the new parameter is not exactly cleanest due to
configuration file parsing assumptions. For example:
Make sure updated BSS entry does not get added twice to the list
When the BSS table is being updated based on new scan results, a BSS
entry could end up getting added into last_scan_res list multiple times
if the scan results from the driver includes duplicated values. This
should not happen with driver_nl80211.c since it filter outs duplicates,
but in theory, other driver wrappers could indicate such scan results.
Anyway, it is safer to make sure this cannot happen by explicitly
verifying the last_scan_res list before adding an updated BSS entry
there. A duplicated entry in the list could potentially result in freed
memory being used if there is large enough number of BSSes in the scan
results to cause removal of old BSS entries.
Fix possible freed-memory use in BSS table updates
If there are large number of BSSes in the scan results, BSS table update
could have added a BSS entry to the last_scan_res in a case where that
BSS entry got just deleted. This would happen only if there are more
than bss_max_count (by default 200) BSSes and if at least bss_max_count
of those BSSes are known (match a configured network). In such a case,
wpa_bss_add() could end up allocating a new BSS entry and return a
pointer to that entry even if it was the one that ended up getting freed
to keep the BSS table length within the limit. This could result in
freed memory being used and the process crashing (likely with segfault)
when trying to access information from that BSS entry.
Fix the issue by removing the oldest BSS entry before linking the new
entry to the table. This makes sure the newly added entry will never get
picked up as the one to be deleted immediately.
P2P: Use group formation timeout on persistent group GO
Previously, GO considered the group to be fully re-invoked after
starting beaconing on successful invitation exchange. This would leave
the group running until idle timeout (which may not be enabled) or
explicit removal if the client fails to connect for any reason. Since
the client is expected to connect immediately after the invitation
exchange that ends with status=0 (i.e., either client initiated the
exchange or it responded with success), extend group formation timeout
to cover that period until the first successfully completed data
connection. This allows the GO to remove the group automatically if the
client devices does not connect within
P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE (15) seconds.
P2P: Extend group formation timeout on GO to first data connection
Previously, GO considered the group to be fully formed at the completed
of WPS provisioning step. This would leave the group running until idle
timeout (which may not be enabled) or explicit removal if the client
fails to connect for any reason. Since the client is expected to connect
immediately after the WPS provisioning step, extend group formation
timeout to cover that period until the first successfully completed data
connection. This allows the GO to remove the group automatically if the
client devices does not connect within P2P_MAX_INITIAL_CONN_WAIT_GO (10)
seconds.
Killing the wpa_supplicant process or using TERMINATE ctrl_iface command
resulted in the process existing without cleaning up possibly added
dynamic P2P group interfaces. Clean this up by stopping each P2P group
before stopping eloop.
Register wpa_msg callback even if only global ctrl_iface is used
Previously, wpa_msg_register_cb() was called only from successful
completion of per-interface control interface initialization. This would
leave the callback unregistered in case only the global control
interface is used which would result in not delivering control interface
events on the global interface. Fix this by registering the callback
handler also from successful initialization of the global control
interface.
Previously, IBSS mode (NL80211_IFTYPE_ADHOC) was left in drv->nlmode
when leaving IBSS. This causes issues for send_mlme() handler for P2P
Probe Response transmission in Listen state. Fix this by clearing nlmode
back to NL80211_IFTYPE_STATION on leaving IBSS so that following P2P
operations can be executed correctly. Previously, this was fixed only
when the next authentication/association attempt in station mode
occured.
Allow hostapd config file for dynamically added interface
This extends hostapd global control interface command "ADD" to use a
configuration file instead of requiring configuration to be built using
SET command.
The command format is now following:
ADD <ifname> <control path|config=<path to config>>
When using the configuration file option, ctrl_interface parameter in
the file needs to be set to allow ENABLE command to be issued on the new
interface.
Do not clear hostapd configuration parameters on disable-iface
There was a comment about the the cleanup steps being from
hostapd_cleanup_iface(). However, the operations that cleared some
security parameters do not seem to exist elsewhere and do not make sense
here. Remove them to avoid changing configuration with DISABLE followed
by ENABLE.
tests: Clear global monitor interface on dump_monitor()
This avoids some issues with the global control interface socket
getting stuck with send buffer limit reached if test cases did not
use wait_global_event().
Re-open ctrl_iface socket on some failure cases as a workaround
If wpa_supplicant ctrl_iface clients are misbehaving and refusing to
read replies or event messages from wpa_supplicant, the single socket
used in wpa_supplicant to send messages can reach the maximum send
buffer limit. When that happens, no more responses to any client can be
sent. Work around this by closed and reopening the socket in case such a
failure state is detected. This is obviously not desirable since it
breaks existing connected sockets, but is needed to avoid leaving
wpa_supplicant completely unable to respond to any client. Cleaner fix
for this may require more considerable changes in the ctrl_iface design
to move to connection oriented design to allow each client to be handled
separately and unreachability to be detected more reliably.
Kyeyoon Park [Wed, 25 Sep 2013 10:03:16 +0000 (13:03 +0300)]
HS 2.0: Allow printf format parsing with language:name strings
This allows Hotspot 2.0 and Interworking strings that use language:name
string (e.g., venue_name) to be encoded using printf format to enter
special characters like newline.
Kyeyoon Park [Wed, 25 Sep 2013 09:34:35 +0000 (12:34 +0300)]
Fix wpa_config_parse_string() to null terminate printf decoded values
printf_decode() fills in a binary buffer and returns the length of
the written data. This did not use null termination since initial
use cases used the output as a binary value. However, Hotspot 2.0
cred block values are also using this for parsing strings. Those
cases could end up without proper null termination depending on what
os_malloc() ends up getting as the memory buffer. Fix these and make
printf_decode() more convenient by forcing the output buffer to be
null terminated.
Fix language string length validation in parse_lang_string()
The language string length needs to be validated to hit into the
three-octet lang field in struct hostapd_lang_string before copying
this. Invalid configuration entries in hostapd.conf could have resulted
in buffer overflow.
Prepare reply buffer first for all cases and then use a single sendto()
call instead of three calls depending on reply type. This allows simpler
error handling for control interface send operations.
P2P: Prefer 20 MHz operating channels on 5 GHz band over 2.4 GHz
When no other user preference is specified, opt to use an operating
channel that allows 5 GHz band to be used rather than 2.4 GHz.
Previously, this was already done in practice for HT40 channels since no
such channel is enabled for P2P on 2.4 GHz. This commit extends this to
apply 5 GHz preference for 20 MHz channels as well.
Drop EAP packet with code 10 before EAPOL state machine processing
H3C WA2620i-AGN AP may send an EAP packet with an undefined EAP code
10 after successful EAP authentication which restarts the EAPOL
state machine. Drop such frames with this unrecognized code without
advancing the EAPOL supplicant or EAP peer state machines to avoid
interoperability issues with the AP.
Use configured sched_scan interval for the PNO scan
The interval for the PNO scan did not use the configured sched_scan
interval. This commit addresses the same by using the configured value
or the default of 10 seconds if configuration parameter is not used.
TDLS: Do not modify RNonce for an TPK M1 frame with same INonce
There is no point in updating the RNonce for every obtained TPK M1 frame
(e.g., retransmission due to timeout) with the same INonce (SNonce in
FTIE). Update RNonce only if a TPK M1 is received with a different
INonce (new TDLS session) to avoid issues with two setup exchanges
getting mixed and exchange failing due to mismatching nonces ("TDLS:
FTIE ANonce in TPK M3 does not match with FTIE ANonce used in TPK M2").
TDLS: Disable the created link on a failed TDLS handshake
Clear the peer information and disable the created link on a
failed TDLS setup negotiation. This is needed to avoid leaving
TDLS setup pending and to return to the AP path in case anything
goes wrong during the setup attempt.
WPS: Ignore PBC-to-PIN change from M1 to M2 as a workaround
Some APs may incorrectly change Device Password ID from PBC in M1 to
Default PIN in M2 even when they are ready to continue with PBC. This
behavior used to work with earlier implementation in wpa_supplicant, but
commit b4a17a6ea74b2ffba082e05c84730e979513042c started validating this
as part of a change that is needed to support NFC configuration method.
While this kind of AP behavior is against the WSC specification and
there could be potential use cases for moving from PBC to PIN, e.g., in
case of PBC session overlap, it is justifiable to work around this issue
to avoid interoperability issues with deployed APs. There are no known
implementations of PBC-to-PIN change from M1 to M2, so this should not
reduce available functionality in practice.
P2P: Cancel group formation timeout on client connection
It was possiblle for the group formation timeout to be left running even
after the P2P Client connected to the group if the WPS provisioning step
was not completed cleanly (e.g., due to WSC_Done not getting received
from the client). There is no need to remove the group in such case due
to the initial group formation timeout, so work around this by removing
that timeout on data connection.
There was already a CFG_CHANGED_P2P_OPER_CHANNEL handler function, but
this flag was not set when the p2p_oper_reg_class or p2p_oper_channel
parameters were changed.
wpa_supplicant crashes if driver configuration for AP mode interface
configuration fails after group negotiation. This is because of a
regression from commit 1075b2957169d8f9d6dddd7679339c751dc9515b that
ends up freeing the wpa_s instance from within
wpa_supplicant_create_ap() without the caller knowing.
Fix this by using an eloop timeout to free remove the P2P group so that
wpa_supplicant_create_ap() and especially wpa_supplicant_associate()
callers do not need to know about interface getting possibly removed. In
addition, move the P2P specific code into p2p_supplicant.c where it
really belongs. This allows the already existing group formation timeout
to be used by reducing the timeout to zero.
tests: Check wpa_supplicant connection after reset
Some test runs have resulted in wpa_supplicant being unresponsive or
very slow on the control interface. Check for that type of issues as
part of the reset sequence that is done between each test case.
Avoid potential issues with removing a P2P group on PSK failure directly
from the wpa_supplicant_event() call since the caller (in driver_*.c)
may not be prepared for the interface disappearing at that point in
time.
P2P: Add event messages for possible PSK failures on P2P groups
It is possible for the GO of a persistent group to change the PSK or
remove a client when per-client PSKs are used and this can happen
without the SSID changing (i.e., the group is still valid, but just not
for a specific client). If the client side of such persistent group ends
up trying to use an invalidated persistent group information, the
connection will fail in 4-way handshake. A new WPS provisioning step is
needed to recover from this.
Detect this type of case based on two 4-way handshake failures when
acting as a P2P client in a persistent group. A new
"P2P-PERSISTENT-PSK-FAIL id=<persistent group id>" event is used to
indicate when this happens. This makes it easier for upper layers to
remove the persistent group information with "REMOVE_NETWORK <persistent
group id>" if desired (e.g., based on user confirmation).
In addition to indicating the error cases for persistent groups, all
this type of PSK failures end up in the client removing the group with
the new reason=PSK_FAILURE information in the P2P-GROUP-REMOVED event.
P2P: Add a command for removing a client from all groups
The new control interface command P2P_REMOVE_CLIENT <P2P Device
Address|iface=Address> can now be used to remove the specified client
from all groups (ongoing and persistent) in which the local device is a
GO. This will remove any per-client PSK entries and deauthenticate the
device.
P2P: Maintain list of per-client PSKs for persistent groups
Record all generated per-client PSKs in the persistent group network
block and configure these for the GO Authenticator whenever re-starting
the persistent group. This completes per-client PSK support for
persistent groups.
P2P: Select PSK based on Device Address instead of Interface Address
When using per-device PSKs, select the PSK based on the P2P Device
Address of the connecting client if that client is a P2P Device. This
allows the P2P Interface Address to be changed between P2P group
connections which may happen especially when using persistent groups.
P2P: Store P2P Device Address in per-device PSK records
This makes the P2P Device Address of the Enrollee available with the PSK
records to allow P2P Device Address instead of P2P Interface Address to
be used for finding the correct PSK.
"wpa_cli p2p_set per_sta_psk <0/1>" can now be used to disable/enable
use of per-device PSKs in P2P groups. This is disabled by default.
When enabled, a default passphrase is still generated by the GO for
legacy stations, but all P2P and non-P2P devices using WPS will get
a unique PSK.
This gives more protection for the P2P group by preventing clients from
being able to derive the unicast keys used by other clients. This is
also a step towards allowing specific clients to be removed from a group
reliably without having to tear down the full group to do so.
P2P: Stop listen state when listen-only duration is over
Even after listen duration is over, P2P module remained in
P2P_LISTEN_ONLY state, which is blocking station mode scans. Fix this by
stopping P2P listen explicitly to update p2p_state to IDLE when listen
duration expires.
Jouni Malinen [Sat, 31 Aug 2013 14:59:16 +0000 (17:59 +0300)]
tests: Make test_autogo validate group removal event on client
Use test_autogo to verify that P2P client is able to notice explicit
group session termination message from the GO. This would have caught
the regression in processing P2P deauthentication notifications.
Jouni Malinen [Sat, 31 Aug 2013 14:27:20 +0000 (17:27 +0300)]
wpa_cli: Allow first DISCONNECTED event to be reported
wpa_cli filters out extra DISCONNECTED events from action scripts. This
ended up filtering out the first real DISCONNECT event in case wpa_cli
was started when wpa_supplicant was in connected state. Change wpa_cli
to allow the first disconnection event to be reported to the action
script in such case.
Jouni Malinen [Sat, 31 Aug 2013 14:18:45 +0000 (17:18 +0300)]
Disallow WEP configuration in WPA network
Some drivers fail to work if WEP keys are configured in a WPA network.
To avoid potentially confusing error cases, reject hostapd configuration
that enables WPA and includes parameters that would imply that WEP keys
would be set.
Jouni Malinen [Sat, 31 Aug 2013 13:44:42 +0000 (16:44 +0300)]
D-Bus: Do not send network notification for all P2P groups
Previously, network added event was skipping during group formation.
However, this did not necessarily catch all cases of temporary P2P
network blocks. Check ssid->p2p_group to make this behavior more
consistent by avoiding all P2P groups.
Sreenath Sharma [Sat, 31 Aug 2013 08:59:05 +0000 (11:59 +0300)]
P2P: Allow P2P functionality to be disabled per interface
By default, P2P is initialized for all driver interfaces and this makes
P2P getting initialized for non-P2P station interface if the supplicant
is started first on this interface. If an interface is dedicated for
non-P2P station mode, it is now possible to disable P2P initialization
by adding 'p2p_disabled=1' in the configuration file of non-P2P station
interface, irrespective of the order in which supplicant is started.
Jouni Malinen [Sat, 31 Aug 2013 08:54:23 +0000 (11:54 +0300)]
tests: Use longer timeout in test_ap_wps_er_add_enrollee
This is another one of the test cases that can time out frequently
under valgrind during WPS exchange. Increase the timeout to make
false error reports less likely to occur.
Sreenath Sharma [Sat, 31 Aug 2013 08:11:41 +0000 (11:11 +0300)]
P2P: Immediate group removal in GC in case of deauthentication
Right now in case of deauthentication from GO, immediate group removal will
happen in GC only if the deauthentication packet has a valid IE. However,
the IE in deauthentication packet is mandated only for managed P2P group.
So in normal P2P group the group removal is delayed and will happen later
only in group idle timeout.
This fixes a regression from commit d7df0fa727a2a79d7b22df6c68961220349ab2e3 that changed the previous check
for data->deauth_info != NULL to data->deauth_info->ie != NULL.
Swisscom SIM cards do not include MNC length within EF_AD, and end up
using incorrect MNC length based on the 3-digit default. Hardcode MNC
length of 2 for Switzerland, in the same manner as it was done for
Finland.
Signed-hostap: Andrejs Cainikovs <andrejs.cainikovs@sonymobile.com>
Jouni Malinen [Sat, 31 Aug 2013 07:45:03 +0000 (10:45 +0300)]
tests: Increase WPS timeout to 30 seconds
Number of crypto operations seem to take very long time in the valgrind
tests (about five seconds for public key generation for M1 and M2 on a
virtual server) and this is enough to push the test runs to hit the
timeout frequently even when there is no real error. Make this less
frequent by increasing WPS test case timeout from 15 to 30 seconds to
avoid issues based on the test scripts.
Jouni Malinen [Sat, 31 Aug 2013 07:33:44 +0000 (10:33 +0300)]
tests: Increase P2P group formation timeout to 20 seconds
Number of crypto operations seem to take very long time in the valgrind
tests (about five seconds for passphrase to PSK mapping and for public
key generation for M1 and M2 on a virtual server) and this is enough to
push the test runs to hit the timeout frequently even when there is no
real error. Make this less frequent by increasing group formation
timeout from 15 to 20 seconds to avoid issues based on the test scripts
(15 + config time seconds timeout in the protocol may still kick in,
though).
Jouni Malinen [Tue, 27 Aug 2013 13:26:33 +0000 (16:26 +0300)]
IBSS RSN: Add a timeout for Authentication frame exchange
It is possible for the peer device not to support Authentication frame
exchange even though this would be required functionality in the
standard. Furthermore, either Authentication frame may be lost. To
recover from cases where Authentication frame sequence 2 is not
received, start EAPOL Authenticator from one second timeout.
Jouni Malinen [Tue, 27 Aug 2013 13:01:04 +0000 (16:01 +0300)]
tests: Wait for hostapd/wpa_supplicant to reply at start (concurrent)
Instead of waiting for a fixed duration, poll hostapd/wpa_supplicant
through the control interface until they are ready to reply in order to
avoid starting test case execution too early. This is like commit b76579e0c09a1a763b70d63613377b407cbc405f but for the concurrent P2P test
cases that were forgotten from that commit.
Jouni Malinen [Tue, 27 Aug 2013 09:23:10 +0000 (12:23 +0300)]
P2P: Postpone concurrent scans when waiting for first client as GO
Previously, concurrent station mode scans were postponed during an
ongoing P2P group formation up to the point of completed WPS
provisioning step. This would allow a scan to be started before the P2P
client has completed association for the data connection if a scan
request were timed to hit the window between the provisioning step and
the following association. Avoid this by extending P2P-in-progress state
to continue until the first data connection has been completed as part
of group formation. Use a ten second timeout for this to avoid leaving
scans disabled indefinitely if the client fails to connect completely.
Jouni Malinen [Tue, 27 Aug 2013 00:11:02 +0000 (03:11 +0300)]
tests: Detect BSSID mismatch in test_ibss_rsn
It looks like mac80211 does not always manage to join the same IBSS and
this can result in test_ibss_rsn failures. Detect this case and try to
get the IBSSes to merge by running a scan prior to continuing with the
test case.
Jouni Malinen [Mon, 26 Aug 2013 23:54:35 +0000 (02:54 +0300)]
IBSS RSN: Work around Data RX vs. Authentication RX race condition
It is possible for the driver to report EAPOL frame RX before
Authentication frame RX even if the frames arrived in the opposite
order. This can result in issues in cases where both IBSS peers initiate
Authentication frame exchange at about the same time and one of the
EAPOL sessions is started before processing Authentication frame seq=1
RX. Work around this by not re-initializing EAPOL state on
Authentication (SEQ=1) RX if own Authentication frame was transmitted
within last 500 ms.
Jouni Malinen [Mon, 26 Aug 2013 23:00:39 +0000 (02:00 +0300)]
tests: Wait for all 4-way handshake pairs in test_ibss_rsn
The handshake between STA2 and STA1 was not tracked previously. For
completeness, include that in the list of handshakes that are explicitly
waited for to complete prior to starting the connectivity tests. Since
all key setup should be done at this point, remove the extra wait before
the last connectivity test between STA1 and STA2.
It looks like there may not be enough time to complete this test case in
15 seconds under valgrind on a virtual host every time, so increase the
timeout to 30 seconds to get more consistent test results.
Jouni Malinen [Mon, 26 Aug 2013 13:47:15 +0000 (16:47 +0300)]
tests: Wait for hostapd/wpa_supplicant to reply at start
Instead of waiting for a fixed duration, poll hostapd/wpa_supplicant
through the control interface until they are ready to reply in order to
avoid starting test case execution too early.
projects / thirdparty / hostap.git / log
