Commit message (Collapse)AuthorAgeFilesLines
* Preparations for v0.6.8 releasehostap_0_6_8Jouni Malinen2009-02-153-3/+3
* Update nmake.mak to match with current filesJouni Malinen2009-02-151-1/+2
| | | | (cherry picked from commit caf31598317a79debaaf32a698fcb9a94ce72eed)
* Do not try session resumption after EAP failureJouni Malinen2009-02-152-1/+7
| | | | | | | | | If session resumption fails for any reason, do not try it again because that is just likely to fail. Instead, drop back to using full authentication which may work. This is a workaround for servers that do not like session resumption, but do not know how to fall back to full authentication properly. (cherry picked from commit f2d8fc3d9670ae90a04f38d4344d8dfc0f0929ab)
* Improved 'make install' (use BINDIR/LIBDIR, install shared objects)Daniel Mierswa2009-02-1516-2/+54
| | | | (cherry picked from commit d94d4bafbb43699d323d6f6e3e404000b3f0a7b4)
* Allow the privsep driver to pass the set_country to the real driverDaniel Mierswa2009-02-153-2/+30
| | | | (cherry picked from commit 6301cc5d385ae4e3b4aa74ca863e034b8d91c326)
* Check EAP-AKA' AT_KDF duplication only if KDF was negotiatedJouni Malinen2009-02-151-1/+4
| | | | | | | This fixes an issue where two AKA'/Challenge messages are received when resynchronizing SEQ#. Previously, this used to trigger an authentication failure since the second Challenge message did not duplicate AT_KDF. (cherry picked from commit 2cfcd014f4e2c9886af2e7433c40119091ff1535)
* Add debug prints for couple of new EAP-AKA' attributesJouni Malinen2009-02-151-0/+4
| | | | (cherry picked from commit 3fe430b5d5822bb2b6180bb06967777ae79223f3)
* nl80211: Remove one second sleep after iface upJouni Malinen2009-02-151-11/+0
| | | | | | | This workaround was needed with some drivers that used WEXT, but there is no known nl80211-enabled driver that would need this, so lets get rid of the extra delay. (cherry picked from commit 7d315b7b429d6847de91524150a9ddc2fa6e21e4)
* nl80211: Replace WEXT scan event with nl80211Jouni Malinen2009-02-151-15/+155
| | | | | | Use the new nl80211 scan event mechanism instead of the WEXT event. This completes the move from WEXT scanning into nl80211 scanning. (cherry picked from commit 97865538ba250730841727a42b7beccd9f7af414)
* nl80211: Replace SIOCGIWSCAN with NL80211_CMD_GET_SCANJouni Malinen2009-02-151-401/+77
| | | | | | This replaces the WEXT mechanism for fetching scan results with the new nl80211 mechanism. (cherry picked from commit b3db1e1cd3ca86aa1ea58bacabec9680bdc96309)
* nl80211: Replace SIOCSIWSCAN with NL80211_CMD_TRIGGER_SCANJouni Malinen2009-02-151-23/+30
| | | | | | This is the first step in replacing WEXT-based scan with the new nl80211-based mechanism. (cherry picked from commit 0e75527f7e040d8bc0b182597b90ff2b4e74c428)
* Sync nl80211.h with the current wireless-testing versionJouni Malinen2009-02-151-0/+69
| | | | (cherry picked from commit b938903e4100d76d9ed4b9277bd41a68414991a8)
* Removed an obsolete comment about use of external program for EAPJouni Malinen2009-02-151-2/+1
| | | | (cherry picked from commit f6190d376d710b5c60665be5bbfdfed315cfcdd0)
* Add another Milenage test set that is suitable for EAP-AKA'Jouni Malinen2009-02-151-0/+4
| | | | | | The Test Set 19 from TS 35.208 has an AMF with the separation bit set and as such, it is suitable for EAP-AKA' testing. (cherry picked from commit 265ca78917df4d71bd2425f2cd7c18d4a90ef298)
* EAP-AKA': Verify that AMF separation bit is setJouni Malinen2009-02-151-1/+7
| | | | (cherry picked from commit 35f30422ecfe1163b6a70c89e1b7b6637b77133f)
* Fix test-sha256 buildJouni Malinen2009-02-152-2/+3
| | | | (cherry picked from commit 4225097c5a22db0223207bb318d93ecbff924a58)
* Use signal quality if level is not available for comparing max ratesHelmut Schaa2009-02-151-4/+7
| | | | | | | | | | | | | | | | | | | | | | Some drivers (for example ipw2100) do not report signal level but only signal quality. wpa_supplicant already uses the signal quality if no level is reported and all other comparision parameters are equal to sort the scan results. However, if two APs have different max rates and the signal level does not differ much wpa_supplicant chooses the AP with the higher max rate. In case of ipw2100 no signal level is reported and thus wpa_supplicant always takes the AP with higher max rate even if its signal quality is really low. For example if AP1 (max rate 11Mb/s, 80% signal quality) and AP2 (max rate 54 Mb/s, 20% signal quality) are found by a scan wpa_supplicant would choose AP2. Hence, if no signal level is reported depend on the signal quality if max rate should be compared. A quality difference of 10% is considered acceptable in favor of the higher max rate. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> (cherry picked from commit e1b525c3560614cc56c85b7d060f540900c4da34)
* Fixed a copy-paste error in a function documentationJouni Malinen2009-02-151-1/+1
| | | | (cherry picked from commit 073ab58ff5ec83d68099049012a248a84e1eb16a)
* wext: Force disconnect on deauthenticate()Jouni Malinen2009-02-151-13/+26
| | | | | | Use the same zero-BSSID, random-SSID trick for both disassociate() and deauthenticate(). (cherry picked from commit 4853d5ac847efbfe54b80eeefabc2932696414c9)
* wext: really disassociate (set random SSID)Dan Williams2009-02-151-2/+14
| | | | | | | | | | | | Really disassociate when tearing stuff down; drivers may sometimes (legally) keep trying to reassociate unless the BSSID is unlocked. If the SSID is unlocked too, under WEXT drivers are able to pick an SSID to associate, so kill that behavior by setting a bogus SSID. Unfortunately WEXT doesn't provide an easy method to say "stop whatever doing and just idle". Signed-off-by: Dan Williams <dcbw@redhat.com> (cherry picked from commit b965fa729404b6ac602c716968179bcb510204ae)
* WPS: Fix clearing of WPS IE with madwifi driverMasashi Honma2009-02-151-0/+2
| | | | | | | | | On WPS init/deinit process, the hostapd clears it's own WPS IE with 0 length WPS IE. But it fails. Because the parameter to ioctl is too short. Then hostapd prints a below message. ioctl[IEEE80211_IOCTL_SET_APPIEBUF]: Invalid argument (cherry picked from commit 34a6c94178a1d0c26d6eaf9e2dc0c848a798afd2)
* Use larger buffer for TLS encryption to avoid issues with GnuTLSJouni Malinen2009-02-152-1/+9
| | | | | | | | | | | | | It looks like GnuTLS (at least newer versions) is using random padding on the application data and the previously used 100 byte extra buffer for tls_connection_encrypt() calls was not enough to handle all cases. This resulted in semi-random authentication failures with EAP-PEAP and EAP-TTLS during Phase 2. Increase the extra space for encryption from 100 to 300 bytes and add an error message into tls_gnutls.c to make it easier to notice this issue should it ever show up again even with the larger buffer. (cherry picked from commit edd757e8a3d165cbfc4d1721f30a8aa276f9329b)
* WPS: Set correct Selected Registrar Config Methods attributeMasashi Honma2009-02-151-0/+1
| | | | | | | | I tried PBC with the hostapd registrar. I pushed the button with "hostap_cli WPS_PBC". But hostapd registrar always sends Selected Registrar Config Methods attribute=0x0000 in beacon/probe response. (cherry picked from commit 363a9e2434c00e06b76d1ec1add434a4a8fd970f)
* Send a dbus reply only if requested by the callerHelmut Schaa2009-02-151-2/+4
| | | | | | | | | | | | | | | | | | wpa_supplicant should not send a dbus reply as response to a method call if no reply was requested by the caller. Sending a reply even if not requested is basically no problem but triggers dbus warnings like the one below. Feb 9 07:31:23 linux-gvjr dbus-daemon: Rejected send message, 2 matched rules; type="error", sender=":1.129" (uid=0 pid=30228 comm="/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wp") interface="(unset)" member="(unset)" error name="fi.epitest.hostap.WPASupplicant.InvalidInterface" requested_reply=0 destination=":1.128" (uid=0 pid=30226 comm="/usr/sbin/NetworkManager ")) Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> (cherry picked from commit c3f5b1e16d119392ec30e3b5a0d015ee2aa3d664)
* Create os_daemon for OS X, as it's now deprecated (Leopard)Alan T. DeKok2009-02-151-1/+36
| | | | | Using it results in an error at build time. So we replace it. (cherry picked from commit 02a89365abba33fb462f739c325dc9cc3e847dae)
* Allow driver_bsd.c to be built for NetBSDJeremy C. Reed2009-02-151-0/+11
| | | | (cherry picked from commit 898d6921b4cfe8b0696d85d756204379f1116182)
* Use os_strlcpy instead of os_strncpy when copying ifnameJouni Malinen2009-02-151-2/+2
| | | | | | In theory, the ifname could be IFNAMSIZ characters long and there would not be room for null termination. (cherry picked from commit a3bfd14de1b9e7a89c0b610b0368d2dd7568d315)
* Fix MinGW build with CONFIG_EAP_TNC=yJouni Malinen2009-02-081-0/+2
| | | | | MinGW does not use -ldl so do not add this unconditionally. (cherry picked from commit 53c256a4766b9e85317fca763c25a3f11c792679)
* Avoid memory leak on error path in crypto_cipher_init()Jouni Malinen2009-02-081-0/+2
| | | | (cherry picked from commit 7818ad2c8fc544016987cf770f1ef99affd08cb6)
* Add crypto_cipher_{init,encrypt,decrypt,deinit} for GnuTLSJouni Malinen2009-02-081-1/+114
| | | | (cherry picked from commit 23a139246de48ab7cf4bf623563fda7de3a33d76)
* Fix privsep build with CONFIG_CLIENT_MLME=yJouni Malinen2009-02-083-4/+74
| | | | | | Add wpa_supplicant_sta_free_hw_features() and wpa_supplicant_sta_rx() for driver wrappers in wpa_priv. (cherry picked from commit 96c7c3072de6699dfbafa81c94af511abb49186a)
* Include wpabuf.o in wpa_priv buildDaniel Mierswa2009-02-081-0/+1
| | | | | | If you choose to use CONFIG_PRIVSEP=y, the wpabuf functions seem to miss. The attached patch is against trunk and should probably fix it. (cherry picked from commit 716d543d5c1a0ee8cbec6bda6489913cdfa6dbec)
* Removed printf size_t format warning on 64-bitJouni Malinen2009-02-081-2/+2
| | | | (cherry picked from commit 745cb54e86920827e9abfe4fac56f7ae099eb456)
* Removed CONFIG_EAP_WSC=dyn optionJouni Malinen2009-02-081-5/+0
| | | | | | | Build EAP-WSC dynamically does not make much sense and with the dependencies to WPS code from number of places resolving this is not trivial. It is simpler to just remove this option. (cherry picked from commit 6dbcd00912b3fc3984d1402170340b61ca83f933)
* Fix building dynamic EAP peer modulesPavel Roskin2009-02-082-2/+2
| | | | | | Strip directory name from the target in the pattern rule for dynamic modules. Remove dynamic modules on "make clean". (cherry picked from commit 4c2660c2b0a04ebd2eee968f356188ec31f9b635)
* UPnP: Renamed PutWLANResponse callback function to match actionJouni Malinen2009-02-083-8/+7
| | | | | No point in adding extra "event_" to the name. (cherry picked from commit d0184cb25c30a123bb73492f894840f879764164)
* WPS UPnP: Added support for multiple external RegistrarsJouni Malinen2009-02-088-35/+121
| | | | | | | Allow more than one pending PutWLANMessage data to be stored (M2/M2D from multiple external Registrars) and drop pending M2/M2D messages when the Enrollee replies with M3. (cherry picked from commit 915c1ba3c575c32b9d31453b1a55b1a966f622bd)
* WPS UPnP: Add IP address and port details into debug messagesJouni Malinen2009-02-083-16/+28
| | | | | | This makes it much easier to debug operations with multiple external Registrars. (cherry picked from commit 745f8b664d96cbe27539668a3655bd416e3c964f)
* UPnP: Workaround bogus NewWLANEventMAC in PutWLANResponseJouni Malinen2009-02-081-0/+16
| | | | | | | | It looks like Intel wsccmd may send a bogus NewWLANEventMAC (11:22:33:44:55:66) when acting as an wired external Registrar. Work around this by going through all STAs if the address does not match and pick the STA that is in an ongoing WPS registration. (cherry picked from commit e1bad1cd7d5aefbf0f65067fa7369dd045001a99)
* WPS: Allow minor version differences in Version attribute checkJouni Malinen2009-02-081-1/+2
| | | | | | | | Version attribute processing details are not described in the WPS spec, but it is safer to allow minor version to change and only refuse to process the message if major version is different from ours. This matches with the behavior used in the Intel reference implementation. (cherry picked from commit b93b6004e43931c189ce867613ba4237fb7ade2c)
* WPS: Moved Version attribute validation into a shared functionJouni Malinen2009-02-083-11/+19
| | | | (cherry picked from commit f65cbff3a337888cd11a6fc1748709172c98b744)
* UPnP: Removed shadowed variableJouni Malinen2009-02-081-2/+2
| | | | (cherry picked from commit fda90ab4b73b19d4638e8b7cd4c90458e51f9e3e)
* WPS: Set correct Device Password ID in M2Andriy Tkachuk2009-02-081-1/+1
| | | | | | | It looks like we don't set correspondent Device Password ID attribute in M2 message during PBC registration. Without it TG185n STA was not able to connect to our AP in PBC mode. Attached patch fixes this. (cherry picked from commit 25e31cccbe55c2b87d7496326f834e0d0cc0b23d)
* Added CONFIG_WPS_UPNP for wpa_supplicant testsJouni Malinen2009-02-081-0/+10
| | | | | | For now, this is just an undocumented build option to make it possible to build ../src/wps/*.o in a way that matches with hostapd needs. (cherry picked from commit e1c7954d5dc7c1d5a66e04808689fc004da37bad)
* Explicitly link against libdl when including TNC supportDaniel Mierswa2009-02-082-0/+2
| | | | | | | | If you don't choose OpenSSL as TLS implementation and choose to enable CONFIG_EAP_TNC you have to link against libdl. The OpenSSL libraries implicitly link against them, so this might be a reason why it wasn't noticed yet. I assume the same applies to hostapd. (cherry picked from commit b77eab282a2820fd8d67785eb2e045aa59f49b82)
* Setting probe request ie with madwifi driverMasashi Honma2009-02-081-2/+28
| | | | | | | The madwifi driver has interface to set probe request ie. Attached patch will enable the functionality. I could see probe request includes WSC IE with this patch. (cherry picked from commit 1e2688be3e1066829d9aa8a9def58a64ba1d0cdf)
* Add crypto_mod_exp() for GnuTLS (libgcrypt)Jouni Malinen2009-02-081-0/+35
| | | | | This allows WPS to be linked with GnuTLS. (cherry picked from commit 3a19555445ea909ea1d26dcd394f365a4990355c)
* Cleaned up printf format warnings on 64-bit buildJouni Malinen2009-02-081-8/+11
| | | | (cherry picked from commit 5f1f352e6cd138a27b094d58527c343316b4796c)
* Fixed scan buffer increasing with WEXTJouni Malinen2009-02-083-2/+8
| | | | | | | | | | | | | | | We can now handle up to 65535 byte result buffer which is the maximum due to WEXT using 16-bit length field. Previously, this was limited to 32768 bytes in practice even through we tried with 65536 and 131072 buffers which we just truncated into 0 in the 16-bit variable. This more or less doubles the number of BSSes we can received from scan results. (cherry picked from commit 42f1ee7d1fae8a67a2a48adfda19f9aafc3fef32) Conflicts: hostapd/driver_nl80211.c
* Better support in RoboSwitch driverJouke Witteveen2009-02-081-6/+11
| | | | | | | | | | | | | I am terribly sorry, but because of a lack of testing equipment the patch was submitted not properly tested. Because the chipset documentation is not publicly available all behaviour has to be found out by experimentation. The other day, I made some incorrect assumptions based on my findings. I do believe the attached patch does support the whole RoboSwitch line (5325, 5350, 5352, 5365 and others). It is a drop-in substitution for my previous submission. (cherry picked from commit 94abc2f11bb13001c0b688af3abda04a57e1fdd4)