Commit message (Collapse)AuthorAgeFilesLines
* Preparation for 0.6.9 releasehostap_0_6_9Jouni Malinen2009-03-233-3/+3
* Fix FreeBSD buildJouni Malinen2009-03-222-2/+3
* driver_madwifi: Fix build with old driver versionsJouni Malinen2009-03-221-2/+2
| | | | | | Do not reference ie.rsn_ie in wpa_hexdump outside #ifdef MADWIFI_NG. [Bug 302] (cherry picked from commit 5ce2a4649d18c13fe1bd0f40f0ce61e5e984c977)
* Fix UNIX domain socket address handling to be more portableJouni Malinen2009-03-221-8/+19
| | | | | | | Remove all fields before sun_path before printing or comparing sun_path contents. Using offsetof should be portable. In addition, set sun_len for FreeBSD. (cherry picked from commit 75864b7f63e1bee6cea1c078ae767bf633a64496)
* Fix UNIX domain socket address handling to be more portableSam Leffler2009-03-221-6/+18
| | | | | | | Removing just sun_family is not portable since some systems (e.g., FreeBSD) include an additional sun_len field. Using offsetof should be portable. In addition, set sun_ken for FreeBSD. (cherry picked from commit 19b9436c0efe7036d94444e34e27523485c1e314)
* Fix WPS UPnP build for FreeBSDJouni Malinen2009-03-222-0/+57
| | | | (cherry picked from commit 22498d6dc3e9d1001e4523a4dcfa3d4bfcc6ae11)
* Fix FreeBSD build by not adding -ldlJouni Malinen2009-03-222-0/+4
| | | | | Unlike Linux, FreeBSD does not use libdl. (cherry picked from commit 7d737d6bf92b75d8c0a6e52c04115dd8e730c22b)
* Fix doxygen function commentJouni Malinen2009-03-221-1/+0
| | | | (cherry picked from commit 9f98c483154f58d410b53e97a02f84f13f895482)
* Fix IEEE 802.11r key derivation function to match with the standardJouni Malinen2009-03-223-1/+5
| | | | | | | | | | IEEE Std 802.11r-2008, starts the 'i' counter from 1, not 0. Note: this breaks interoperability with previous versions. [Bug 303] (cherry picked from commit 4cb0dcd92d560674865a951010bed5054f3fd26c) Conflicts: wpa_supplicant/ChangeLog
* Detach ctrl_iface monitor if the client socket is removedJouni Malinen2009-03-222-6/+10
| | | | | | No need to wait for 10 errors when using UNIX domain socket; we can detach the client immediately on ENOENT. (cherry picked from commit c5aaa015627daa1e9fba7065e07294f952b295cf)
* TNC: Fix a stray pointer that could cause segfault on error pathMasashi Honma2009-03-221-3/+8
| | | | | | | | On "eap_tnc_process" function error case, data->in_buf keeps reference to a local scope variable. For example this will cause segmentation fault in "eap_tnc_deinit" function "wpabuf_free(data->in_buf)" statement. (cherry picked from commit 294379967825d4c8222e08f2fbed33d43d3aefa3)
* Update draft-cam-winget-eap-fast-provisioning references to RFC 5422Jouni Malinen2009-03-223-16/+8
| | | | (cherry picked from commit c590cb67d47f4eee01fcc080c91101ec15e604c3)
* hostapd: Fix some manual page formattingKel Modderman2009-03-222-2/+2
| | | | | | lintian (Debian package lint tool) found some small deficiencies in hostapd.8 and hostapd_cli.1. (cherry picked from commit bffc384cbf1e0547eeb107e80c7f13d04f94a8aa)
* Fix TNC with EAP-TTLSJouni Malinen2009-03-222-6/+6
| | | | | | | | | | | | | This was broken by 510c02d4a362cd572303fa845b139eacb2dab387 which added validation of eap_ttls_phase2_eap_init() return value. The main problem in the code trying to initialize a new phase 2 EAP method unconditionally; this should only happen if there is a new method in the inner method sequence. (cherry picked from commit 51853c899bcff996dbcfc352010a2157a4dd188b) Conflicts: hostapd/ChangeLog
* Fix segmentation fault on EAP-TTLS phase 2 EAP method init failureJouni Malinen2009-03-221-1/+1
| | | | | | | | This is based on a patch and report by Masashi Honma <honma@ictec.co.jp>. The issue is more generic than just TNC, though, since failure to initialize any phase 2 EAP method can result in NULL dereference. (cherry picked from commit 99bff8430fd59dc77db56642a40ef8e6c430db28)
* TNC: Send EAP-Failure on TNC failureMasashi Honma2009-03-221-1/+1
| | | | | | | | | On PEAP(TNC), hostapd integrated RADIUS server doesn't return EAP-Failure when "Recommendation = none". So, EAP data retransmittion occurs. My co-worker "Ryuji Ohba" made below patch. (cherry picked from commit 0d308bc07433330dfa50b1adcbdac6444c9ac86b)
* Zero struct ifreq data before use in l2_packet_init()Larry Stefani2009-03-221-0/+1
| | | | | [Bug 300] (cherry picked from commit b7d3a95afc001bdf63a35ec494fbd71629196b04)
* driver_prism54: Fix segmentation fault on initializationJouni Malinen2009-03-222-1/+2
| | | | | | This was fixed in development branch as part of bfddd95c9ed6c4398c5c2befe283acf67175104d but since that commit has not been merged into 0.6.x, the fix was missed. [Bug 299]
* Fix driver_atheros.c build for 0.6.xJouni Malinen2009-03-111-0/+119
| | | | | | | This brings in parts of drv_callbacks.c from 0.7.x into driver_atheros.c as a compatibily layer to allow driver_atheros.c to be built for 0.6.x without having to bring in full drv_callbacks.c cleanup into the stable branch.
* Fixed eapol_test build after RADIUS API changes (const)Jouni Malinen2009-03-111-2/+3
| | | | (cherry picked from commit 8383da80092659295af9e8a69bb4276ebbbb0aa7)
* WMM-AC: Fix hostapd processing of ADDTS RequestJouni Malinen2009-03-112-45/+109
| | | | | | | | | | | | | Calculate the estimated medium time using integer variables since there is no real need to use floating point arithmetics here. In addition, make sure there is no division by zero regardless of how invalid the request from the station is. Reject invalid parameters and refuse requests that would take most of the bandwidth by themselves. This is a manual merge of hostapd parts of ed843aaa33f701a3ae6db7889f9d28a671f7a134. In addition, this includes the fixes (but not cleanup) of TSPEC byte order from 3ae0800c5f24e1b62c0e66be9fd487a051a37c62.
* nl80211: Add verbose result debugging for NL80211_CMD_NEW_STATIONJouni Malinen2009-03-111-0/+3
| | | | (cherry picked from commit f72750896c714cb8c06d82f9038f23295b8a30d5)
* Fix UP-to-AC mapping for prio 3 (EE) to be AC_BE, not AC_VIJouni Malinen2009-03-111-2/+2
| | | | (cherry picked from commit d85825e355077f5728526e393aed176bbf3db530)
* FT: Fix status code values to match with IEEE 802.11r-2007Jouni Malinen2009-03-111-4/+3
| | | | | | It looks like couple of status code values were changed during the 802.11r draft process and these were not updated in source code yet. (cherry picked from commit 86f4deb635ab727ba7c2dc11221ff830f20a2771)
* WPS: Add a workaround for static WEP with Windows network probeJouni Malinen2009-03-113-0/+31
| | | | | | | | | | | | | | | Windows XP and Vista clients can get confused about EAP-Identity/Request when they probe the network with EAPOL-Start. In such a case, they may assume the network is using IEEE 802.1X and prompt user for a certificate while the correct (non-WPS) behavior would be to ask for the static WEP key. As a workaround, use Microsoft Provisioning IE to advertise that legacy 802.1X is not supported. This seems to make Windows ask for a static WEP key when adding a new network, but at least Windows XP SP3 was still marking IEEE 802.1X enabled for the network. Anyway, this is better than just leaving the network configured with IEEE 802.1X and automatic WEP key distribution. (cherry picked from commit 143a4bf632e79d7adbe97f23e1b02e9c1d1a5cee)
* Add a workaround for EAP-FAST with Cisco AP local RADIUS serverJouni Malinen2009-03-111-0/+11
| | | | | | | | | | | | | | | | | When using the internal TLS implementation, EAP-FAST unauthenticated provisioning ends up proposing multiple cipher suites. It looks like Cisco AP (at least 350 and 1200 series) local authentication server does not know how to search cipher suites from the list and seem to require that the last entry in the list is the one that it wants to use. However, TLS specification requires the list to be in the client preference order. As a workaround, ass anon-DH AES-128-SHA1 again at the end of the list to allow the Cisco code to find it. This fixed EAP-FAST provisioning with the following IOS version: Cisco IOS Software, C350 Software (C350-K9W7-M), Version 12.3(8)JEA3, RELEASE SOFTWARE (fc2) Compiled Wed 21-Nov-07 14:08 by ccai (cherry picked from commit 9e783041fa3cc13bf940d275e9d26c0dce032df6)
* Fix EAP-FAST only build to include the needed EAPOL implementationJouni Malinen2009-03-111-0/+1
| | | | (cherry picked from commit 58d1f6d189bea3ccb7af8a19c1bbc191cfbabfbd)
* driver_ndis: Add PAE group address to the multicast addressJouni Malinen2009-03-112-6/+23
| | | | | | | | | | | | | | | | This is done with wired interfaces to fix IEEE 802.1X authentication when the authenticator uses the group address (which should be happening with wired Ethernet authentication). This allows wpa_supplicant to complete wired authentication successfully on Vista with a NDIS 6 driver, but the change is likely needed for Windows XP, too. (cherry picked from commit c472ef754d81792959f8d678a71b6f49a5856c2e) Conflicts: src/drivers/driver_ndis.c wpa_supplicant/ChangeLog
* WPS: Add a workaround for TKIP/CCMP mixed mode credentialsJouni Malinen2009-03-111-0/+99
| | | | | | | | | | | | | Many deployed APs do not handle negotiation of security parameters well when both TKIP and CCMP (or both WPA and WPA2) are enabled. The most common end result seems to be ending up with the least secure option.. As a workaround, check whether the AP advertises WPA2/CCMP in Beacon frames and add those options for the credential if needed. This allows the client to select the most secure configuration regardless of how broken the AP's WPS implementation is as far as auth/encr type negotiation is concerned. (cherry picked from commit 7cc1b6c900d79e6051116f4aed55b84d404c49f1)
* Fix non-HT STA additionJouni Malinen2009-03-111-3/+8
| | | | | | | 35463eaed391107dbe4a2dcaeb43aaa20e227a1e broke non-HT STA add by trying to se random HT capabilities to mac80211. Fix that by using NULL ht_cap for non-HT case. (cherry picked from commit 37d8922e5830d83e354d43b8e38c76b1e1c4daf1)
* Pass negotiated ht capability information after the associationvasanth2009-03-111-3/+31
| | | | | | | | | | This patch replaces the station's ht capability information with the negotiated one in NL80211_CMD_NEW_STATION. This negotiated ht capability will be needed for rate control initialization in the driver. Signed-off-by: vasanth <vasanth@atheros.com> (cherry picked from commit 35463eaed391107dbe4a2dcaeb43aaa20e227a1e)
* Fix EAPOL/EAP reauthentication with external RADIUS serverJouni Malinen2009-03-113-2/+15
| | | | | | | | | | | | | The EAP server state machine will need to have special code in getDecision() to avoid starting passthrough operations before having completed Identity round in the beginning of reauthentication. This was broken when moving into using the full authenticator state machine from RFC 4137 in 0.6.x. (cherry picked from commit 1fd4b0db7c1dc82e09234f33d798bd07a69ab0c7) Conflicts: hostapd/ChangeLog
* Fix builds that need SHA256 or mod_exp, but not TLS functionsJouni Malinen2009-03-114-19/+19
| | | | (cherry picked from commit 049a292f8958e18bbf5ce95f6e9c0361c8a3aea3)
* WPS: Convert WEP key to hexJouni Malinen2009-03-111-6/+9
| | | | | | Use of hex is safer since the enrollee may configure AP with 5 or 13 random octets of binary data as the key. (cherry picked from commit 24466b188a473f4a1a593168f0bb486c3e685be2)
* Fix Enrollee WPS state attribute in APMasashi Honma2009-03-111-1/+1
| | | | | Only non-AP Enrollee should hard code the state to be not configured. (cherry picked from commit d7e9a48f66a8128a8c135ea4e04c942e560388de)
* Update EAP-GPSK references from internet draft to RFC 5433Jouni Malinen2009-02-273-3/+3
| | | | (cherry picked from commit 358b98668e0b8bef036be08ca941dc51c1fdcedf)
* Reduce latency on starting WPS negotiation (TX EAPOL-Start earlier)Jouni Malinen2009-02-271-0/+5
| | | | | | | | | Reduce startWhen from 3 to 1 second if WPS is included in the build. While this is done regardless of runtime WPS configuration, it is fine to use a smaller value here in general. This cuts two seconds out from WPS negotiation if the driver does not support addition of WPS IE into the (Re)Association Request frame. (cherry picked from commit b414900a90829d3d3a58a45f29be708a6757b258)
* Allow SHA256-based key handshake to be used without 802.11rJouni Malinen2009-02-272-4/+4
| | | | | | | Previously, both CONFIG_IEEE80211W=y and CONFIG_IEEE80211R=y were needed to enable SHA256-based key handshake (WPA-PSK-SHA256 and WPA-EAP-SHA256). This can now be done with just CONFIG_IEEE80211W=y. (cherry picked from commit a20088e57692777cc5b505c96c3557a50f62380a)
* Add new driver wrapper for the Atheros driverJouni Malinen2009-02-273-0/+1350
| | | | | | | This uses similar, but not identical, interface to madwifi. It is easier to keep this separate to avoid conflicts with potential changes in the driver interfaces. (cherry picked from commit 6d7fb6918d1aa9baad1ab126ff828cea1af41fce)
* WPS: Use WEP key index 1..4 instead of 0..3 when configuring APJouni Malinen2009-02-271-3/+6
| | | | (cherry picked from commit d3cba719ffc4c9e004b9b3b09e3b0f9996573b05)
* WPS: Fix WEP key index to use 1..4 instead of 0..3Andriy Tkachuk2009-02-271-3/+4
| | | | | | | It seems that WFA WPS spec says that default key index should be 1 (not 0). I think this meas that WEP key indexes region is not from 0 to 3, but from 1 to 4 in WPS. At least WRT610N implemented it this way. (cherry picked from commit 522b5b6ed344ae40755f2d4e42fdc0409371884f)
* nl80211: Add TX/RX packet counts into accounting informationJouni Malinen2009-02-271-0/+8
| | | | (cherry picked from commit 8807377fe4846533af65f7706c1f901828d8e952)
* Sync nl80211_copy.h with wireless-testing linux/nl80211.hJouni Malinen2009-02-271-0/+5
| | | | (cherry picked from commit 878ad127ba7c660b8cc551b3dbd1f7ae08129db2)
* WPS: support WEP keys in hex characters format in received credentialsAndriy Tkachuk2009-02-271-5/+28
| | | | | | Attached patch makes wpa_supplicant support WEP keys in hex characters format in received credentials from Registrars (tested with WRT610N). (cherry picked from commit 4b195a1bc9750bbe58c73a9661a74317ce2c18b2)
* WPS: support registration with APs in WEP security modeAndriy Tkachuk2009-02-271-0/+5
| | | | | | Attached patch fixes the issue when supplicant does not select APs in WEP security mode for WPS registration. (cherry picked from commit 0632542b8b640d04780af6ca4c154f520d8214d5)
* driver_nl80211: Fix STA accounting data collectionJouni Malinen2009-02-272-1/+6
| | | | | | | | | | | | TX/RX bytes are now reported correctly (typo ended up leaving TX bytes uninitialized and set RX bytes value to use correct TX bytes). TX/RX packet counts are not yet available from kernel, so we have to clear the values to avoid reporting bogus data. (cherry picked from commit dbdf58b053e4b839ec05ee19d73f96a448f1a863) Conflicts: hostapd/ChangeLog
* Preparations for v0.6.8 releasehostap_0_6_8Jouni Malinen2009-02-153-3/+3
* Update nmake.mak to match with current filesJouni Malinen2009-02-151-1/+2
| | | | (cherry picked from commit caf31598317a79debaaf32a698fcb9a94ce72eed)
* Do not try session resumption after EAP failureJouni Malinen2009-02-152-1/+7
| | | | | | | | | If session resumption fails for any reason, do not try it again because that is just likely to fail. Instead, drop back to using full authentication which may work. This is a workaround for servers that do not like session resumption, but do not know how to fall back to full authentication properly. (cherry picked from commit f2d8fc3d9670ae90a04f38d4344d8dfc0f0929ab)
* Improved 'make install' (use BINDIR/LIBDIR, install shared objects)Daniel Mierswa2009-02-1516-2/+54
| | | | (cherry picked from commit d94d4bafbb43699d323d6f6e3e404000b3f0a7b4)