| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
(cherry picked from commit caf31598317a79debaaf32a698fcb9a94ce72eed)
|
|
|
|
|
|
|
|
|
| |
If session resumption fails for any reason, do not try it again because
that is just likely to fail. Instead, drop back to using full
authentication which may work. This is a workaround for servers that do
not like session resumption, but do not know how to fall back to full
authentication properly.
(cherry picked from commit f2d8fc3d9670ae90a04f38d4344d8dfc0f0929ab)
|
|
|
|
| |
(cherry picked from commit d94d4bafbb43699d323d6f6e3e404000b3f0a7b4)
|
|
|
|
| |
(cherry picked from commit 6301cc5d385ae4e3b4aa74ca863e034b8d91c326)
|
|
|
|
|
|
|
| |
This fixes an issue where two AKA'/Challenge messages are received when
resynchronizing SEQ#. Previously, this used to trigger an authentication
failure since the second Challenge message did not duplicate AT_KDF.
(cherry picked from commit 2cfcd014f4e2c9886af2e7433c40119091ff1535)
|
|
|
|
| |
(cherry picked from commit 3fe430b5d5822bb2b6180bb06967777ae79223f3)
|
|
|
|
|
|
|
| |
This workaround was needed with some drivers that used WEXT, but there
is no known nl80211-enabled driver that would need this, so lets get rid
of the extra delay.
(cherry picked from commit 7d315b7b429d6847de91524150a9ddc2fa6e21e4)
|
|
|
|
|
|
| |
Use the new nl80211 scan event mechanism instead of the WEXT event.
This completes the move from WEXT scanning into nl80211 scanning.
(cherry picked from commit 97865538ba250730841727a42b7beccd9f7af414)
|
|
|
|
|
|
| |
This replaces the WEXT mechanism for fetching scan results with the new
nl80211 mechanism.
(cherry picked from commit b3db1e1cd3ca86aa1ea58bacabec9680bdc96309)
|
|
|
|
|
|
| |
This is the first step in replacing WEXT-based scan with the new
nl80211-based mechanism.
(cherry picked from commit 0e75527f7e040d8bc0b182597b90ff2b4e74c428)
|
|
|
|
| |
(cherry picked from commit b938903e4100d76d9ed4b9277bd41a68414991a8)
|
|
|
|
| |
(cherry picked from commit f6190d376d710b5c60665be5bbfdfed315cfcdd0)
|
|
|
|
|
|
| |
The Test Set 19 from TS 35.208 has an AMF with the separation bit set
and as such, it is suitable for EAP-AKA' testing.
(cherry picked from commit 265ca78917df4d71bd2425f2cd7c18d4a90ef298)
|
|
|
|
| |
(cherry picked from commit 35f30422ecfe1163b6a70c89e1b7b6637b77133f)
|
|
|
|
| |
(cherry picked from commit 4225097c5a22db0223207bb318d93ecbff924a58)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some drivers (for example ipw2100) do not report signal level but only
signal quality. wpa_supplicant already uses the signal quality if no
level is reported and all other comparision parameters are equal to sort
the scan results. However, if two APs have different max rates and the
signal level does not differ much wpa_supplicant chooses the AP with the
higher max rate.
In case of ipw2100 no signal level is reported and thus wpa_supplicant
always takes the AP with higher max rate even if its signal quality is
really low. For example if AP1 (max rate 11Mb/s, 80% signal quality) and
AP2 (max rate 54 Mb/s, 20% signal quality) are found by a scan
wpa_supplicant would choose AP2.
Hence, if no signal level is reported depend on the signal quality if
max rate should be compared. A quality difference of 10% is considered
acceptable in favor of the higher max rate.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
(cherry picked from commit e1b525c3560614cc56c85b7d060f540900c4da34)
|
|
|
|
| |
(cherry picked from commit 073ab58ff5ec83d68099049012a248a84e1eb16a)
|
|
|
|
|
|
| |
Use the same zero-BSSID, random-SSID trick for both disassociate() and
deauthenticate().
(cherry picked from commit 4853d5ac847efbfe54b80eeefabc2932696414c9)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Really disassociate when tearing stuff down; drivers may sometimes
(legally) keep trying to reassociate unless the BSSID is unlocked. If
the SSID is unlocked too, under WEXT drivers are able to pick an SSID to
associate, so kill that behavior by setting a bogus SSID. Unfortunately
WEXT doesn't provide an easy method to say "stop whatever doing and just
idle".
Signed-off-by: Dan Williams <dcbw@redhat.com>
(cherry picked from commit b965fa729404b6ac602c716968179bcb510204ae)
|
|
|
|
|
|
|
|
|
| |
On WPS init/deinit process, the hostapd clears it's own WPS IE
with 0 length WPS IE. But it fails. Because the parameter to
ioctl is too short. Then hostapd prints a below message.
ioctl[IEEE80211_IOCTL_SET_APPIEBUF]: Invalid argument
(cherry picked from commit 34a6c94178a1d0c26d6eaf9e2dc0c848a798afd2)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like GnuTLS (at least newer versions) is using random padding
on the application data and the previously used 100 byte extra buffer
for tls_connection_encrypt() calls was not enough to handle all cases.
This resulted in semi-random authentication failures with EAP-PEAP and
EAP-TTLS during Phase 2.
Increase the extra space for encryption from 100 to 300 bytes and add an
error message into tls_gnutls.c to make it easier to notice this issue
should it ever show up again even with the larger buffer.
(cherry picked from commit edd757e8a3d165cbfc4d1721f30a8aa276f9329b)
|
|
|
|
|
|
|
|
| |
I tried PBC with the hostapd registrar.
I pushed the button with "hostap_cli WPS_PBC".
But hostapd registrar always sends Selected Registrar Config Methods
attribute=0x0000 in beacon/probe response.
(cherry picked from commit 363a9e2434c00e06b76d1ec1add434a4a8fd970f)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
wpa_supplicant should not send a dbus reply as response to a method call
if no reply was requested by the caller. Sending a reply even if not
requested is basically no problem but triggers dbus warnings like the
one below.
Feb 9 07:31:23 linux-gvjr dbus-daemon: Rejected send message, 2 matched
rules; type="error", sender=":1.129" (uid=0 pid=30228
comm="/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wp")
interface="(unset)" member="(unset)" error
name="fi.epitest.hostap.WPASupplicant.InvalidInterface"
requested_reply=0 destination=":1.128" (uid=0 pid=30226
comm="/usr/sbin/NetworkManager "))
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
(cherry picked from commit c3f5b1e16d119392ec30e3b5a0d015ee2aa3d664)
|
|
|
|
|
| |
Using it results in an error at build time. So we replace it.
(cherry picked from commit 02a89365abba33fb462f739c325dc9cc3e847dae)
|
|
|
|
| |
(cherry picked from commit 898d6921b4cfe8b0696d85d756204379f1116182)
|
|
|
|
|
|
| |
In theory, the ifname could be IFNAMSIZ characters long and there would
not be room for null termination.
(cherry picked from commit a3bfd14de1b9e7a89c0b610b0368d2dd7568d315)
|
|
|
|
|
| |
MinGW does not use -ldl so do not add this unconditionally.
(cherry picked from commit 53c256a4766b9e85317fca763c25a3f11c792679)
|
|
|
|
| |
(cherry picked from commit 7818ad2c8fc544016987cf770f1ef99affd08cb6)
|
|
|
|
| |
(cherry picked from commit 23a139246de48ab7cf4bf623563fda7de3a33d76)
|
|
|
|
|
|
| |
Add wpa_supplicant_sta_free_hw_features() and wpa_supplicant_sta_rx()
for driver wrappers in wpa_priv.
(cherry picked from commit 96c7c3072de6699dfbafa81c94af511abb49186a)
|
|
|
|
|
|
| |
If you choose to use CONFIG_PRIVSEP=y, the wpabuf functions seem to
miss. The attached patch is against trunk and should probably fix it.
(cherry picked from commit 716d543d5c1a0ee8cbec6bda6489913cdfa6dbec)
|
|
|
|
| |
(cherry picked from commit 745cb54e86920827e9abfe4fac56f7ae099eb456)
|
|
|
|
|
|
|
| |
Build EAP-WSC dynamically does not make much sense and with the
dependencies to WPS code from number of places resolving this is not
trivial. It is simpler to just remove this option.
(cherry picked from commit 6dbcd00912b3fc3984d1402170340b61ca83f933)
|
|
|
|
|
|
| |
Strip directory name from the target in the pattern rule for dynamic
modules. Remove dynamic modules on "make clean".
(cherry picked from commit 4c2660c2b0a04ebd2eee968f356188ec31f9b635)
|
|
|
|
|
| |
No point in adding extra "event_" to the name.
(cherry picked from commit d0184cb25c30a123bb73492f894840f879764164)
|
|
|
|
|
|
|
| |
Allow more than one pending PutWLANMessage data to be stored (M2/M2D
from multiple external Registrars) and drop pending M2/M2D messages when
the Enrollee replies with M3.
(cherry picked from commit 915c1ba3c575c32b9d31453b1a55b1a966f622bd)
|
|
|
|
|
|
| |
This makes it much easier to debug operations with multiple external
Registrars.
(cherry picked from commit 745f8b664d96cbe27539668a3655bd416e3c964f)
|
|
|
|
|
|
|
|
| |
It looks like Intel wsccmd may send a bogus NewWLANEventMAC
(11:22:33:44:55:66) when acting as an wired external Registrar. Work
around this by going through all STAs if the address does not match and
pick the STA that is in an ongoing WPS registration.
(cherry picked from commit e1bad1cd7d5aefbf0f65067fa7369dd045001a99)
|
|
|
|
|
|
|
|
| |
Version attribute processing details are not described in the WPS spec,
but it is safer to allow minor version to change and only refuse to
process the message if major version is different from ours. This
matches with the behavior used in the Intel reference implementation.
(cherry picked from commit b93b6004e43931c189ce867613ba4237fb7ade2c)
|
|
|
|
| |
(cherry picked from commit f65cbff3a337888cd11a6fc1748709172c98b744)
|
|
|
|
| |
(cherry picked from commit fda90ab4b73b19d4638e8b7cd4c90458e51f9e3e)
|
|
|
|
|
|
|
| |
It looks like we don't set correspondent Device Password ID attribute in
M2 message during PBC registration. Without it TG185n STA was not able
to connect to our AP in PBC mode. Attached patch fixes this.
(cherry picked from commit 25e31cccbe55c2b87d7496326f834e0d0cc0b23d)
|
|
|
|
|
|
| |
For now, this is just an undocumented build option to make it possible
to build ../src/wps/*.o in a way that matches with hostapd needs.
(cherry picked from commit e1c7954d5dc7c1d5a66e04808689fc004da37bad)
|
|
|
|
|
|
|
|
| |
If you don't choose OpenSSL as TLS implementation and choose to enable
CONFIG_EAP_TNC you have to link against libdl. The OpenSSL libraries
implicitly link against them, so this might be a reason why it wasn't
noticed yet. I assume the same applies to hostapd.
(cherry picked from commit b77eab282a2820fd8d67785eb2e045aa59f49b82)
|
|
|
|
|
|
|
| |
The madwifi driver has interface to set probe request ie.
Attached patch will enable the functionality.
I could see probe request includes WSC IE with this patch.
(cherry picked from commit 1e2688be3e1066829d9aa8a9def58a64ba1d0cdf)
|
|
|
|
|
| |
This allows WPS to be linked with GnuTLS.
(cherry picked from commit 3a19555445ea909ea1d26dcd394f365a4990355c)
|
|
|
|
| |
(cherry picked from commit 5f1f352e6cd138a27b094d58527c343316b4796c)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We can now handle up to 65535 byte result buffer which is the maximum
due to WEXT using 16-bit length field. Previously, this was limited to
32768 bytes in practice even through we tried with 65536 and 131072
buffers which we just truncated into 0 in the 16-bit variable.
This more or less doubles the number of BSSes we can received from scan
results.
(cherry picked from commit 42f1ee7d1fae8a67a2a48adfda19f9aafc3fef32)
Conflicts:
hostapd/driver_nl80211.c
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I am terribly sorry, but because of a lack of testing equipment the
patch was submitted not properly tested.
Because the chipset documentation is not publicly available all
behaviour has to be found out by experimentation. The other day, I
made some incorrect assumptions based on my findings.
I do believe the attached patch does support the whole RoboSwitch line
(5325, 5350, 5352, 5365 and others). It is a drop-in substitution for
my previous submission.
(cherry picked from commit 94abc2f11bb13001c0b688af3abda04a57e1fdd4)
|