path: root/src/ap/wpa_auth_glue.c
Commit message (Collapse)AuthorAgeFilesLines
* SAE: Use PMK in 4-way handshakeJouni Malinen2013-01-121-2/+13
| | | | | | | Use the PMK that is derived as part of the SAE authentication in the 4-way handshake instead of the PSK. Signed-hostap: Jouni Malinen <j@w1.fi>
* Keep and use list of PSKs per station for RADIUS-based PSKMichael Braun2012-11-251-3/+11
| | | | | | | | | This adds support for multiple PSKs per station when using a RADIUS authentication server to fetch the PSKs during MAC address authentication step. This can be useful if multiple users share a device but each user has his or her own private passphrase. Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
* hostapd: Fix a regression in TKIP countermeasures processingJouni Malinen2012-11-181-2/+2
| | | | | | | | | | | | Commit 296a34f0c1730416bf2a61ab78690be43d82a3c0 changed hostapd to remove the internal STA entry at the beginning of TKIP countermeasures. However, this did not take into account the case where this is triggered by an EAPOL-Key error report from a station. In such a case, WPA authenticator state machine may continue processing after having processed the error report. This could result in use of freed memory. Fix this by stopping WPA processing if the STA entry got removed. Signed-hostap: Jouni Malinen <j@w1.fi>
* Move hostapd global callback functions into hapd_interfacesJouni Malinen2012-08-251-7/+9
| | | | | | | | These function pointers are going to be the same for each interface so there is no need to keep them in struct hostapd_iface. Moving them to struct hapd_interfaces makes it easier to add interfaces at run time. Signed-hostap: Jouni Malinen <j@w1.fi>
* Fix endless loop in PSK fetching with PSK-from-RADIUSMichael Braun2012-08-041-3/+9
| | | | | | | | | | | | Commit 05ab9712b9977192b713f01f07c3b14ca4d1ba78 added support for fetching WPA PSK from an external RADIUS server and changed hostapd_wpa_auth_get_psk() to always return the RADIUS supplied PSK (if set) and ignore the prev_psk parameter for iteration. Fix this by appending the RADIUS supplied PSK to the list iterated by hostapd_get_psk and thus returning NULL when prev_psk == sta->psk (RADIUS). Signed-hostap: M. Braun <michael-dev@fami-braun.de>
* FT: Add FT AP support for drivers that manage MLME internallyShan Palanisamy2012-08-011-0/+14
| | | | Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0: Add mechanism for disabling DGAFJouni Malinen2012-07-301-0/+3
| | | | | | | | | | | | | | disable_dgaf=1 in hostapd.conf can now be used to disable downstream group-addressed forwarding (DGAF). In this configuration, a unique GTK (and IGTK) is provided to each STA in the BSS to make sure the keys do not match and no STA can forge group-addressed frames. An additional mechanism in the AP needs to be provided to handle some group-addressed frames, e.g., by converting DHCP packets to unicast IEEE 802.11 frames regardless of their destination IP address and by providing Proxy ARP functionality. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove the GPL notification from files contributed by Jouni MalinenJouni Malinen2012-02-111-8/+2
| | | | | | | Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
* Allow WPA passphrase to be fetched with RADIUS Tunnel-Password attributeMichael Braun2011-12-111-0/+3
| | | | | | | | | | | | This allows per-device PSK to be configured for WPA-Personal using a RADIUS authentication server. This uses RADIUS-based MAC address ACL (macaddr_acl=2), i.e., Access-Request uses the MAC address of the station as the User-Name and User-Password. The WPA passphrase is returned in Tunnel-Password attribute in Access-Accept. This functionality can be enabled with the new hostapd.conf parameter, wpa_psk_radius. Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
* Allow MLME frames to be sent without expecting an ACK (no retries)Helmut Schaa2011-11-191-1/+1
| | | | | | | | | | In some situations it might be benefical to send a unicast frame without the need for getting it ACKed (probe responses for example). In order to achieve this add a new noack parameter to the drivers send_mlme callback that can be used to advise the driver to not wait for an ACK for this frame. Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
* Include wpa_auth_glue.h to verify function prototypesJouni Malinen2011-11-181-0/+1
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Fix TKIP countermeasures stopping in deinit pathsJouni Malinen2011-10-301-0/+1
| | | | | | | The eloop timeout to stop TKIP countermeasures has to be canceled on deinit path to avoid leaving bogus timeouts behind. Signed-hostap: Jouni Malinen <j@w1.fi>
* Fix WPA authenticator configuration to not leave uninitialized fieldsJouni Malinen2011-10-281-0/+1
| | | | | | | | hostapd_wpa_auth_conf() is called on uninitialized memory and the conditional blocks in this function may leave some fields into uninitialized state. This can result in unexpected behavior elsewhere since some of the variables may be used without matching #ifdef blocks. Fix this by zeroing the memory.
* Fix hostapd_wpa_auth_send_ether() return valueJouni Malinen2011-10-231-1/+1
| | | | | This was not currently used for anything, but better return the correct value instead of hardcoded -1.
* Allow PMKSA caching to be disabled on AuthenticatorJouni Malinen2011-07-051-0/+1
| | | | | | | A new hostapd configuration parameter, disable_pmksa_caching=1, can now be used to disable PMKSA caching on the Authenticator. This forces the stations to complete EAP authentication on every association when WPA2 is being used.
* nl80211: Send EAPOL frames as QoS data frames for QoS aware clientsFelix Fietkau2011-04-021-1/+8
| | | | | | | | | | | This should fix EAPOL reauthentication and rekeying timeout issues with Intel clients when using WMM (e.g., with IEEE 802.11n). These stations do not seem to be able to handle EAPOL data frames as non-QoS Data frames after the initial setup. This adds STA flags to hapd_send_eapol() driver op to allow driver_nl80211.c to mark the EAPOL frames as QoS Data frame when injecting it through the monitor interface.
* Work around SNonce updates on EAPOL-Key 1/4 retransmissionJouni Malinen2011-03-291-0/+2
| | | | | | | | | | | | | | | | | | | | Some deployed supplicants update their SNonce for every receive EAPOL-Key message 1/4 even when these messages happen during the same 4-way handshake. Furthermore, some of these supplicants fail to use the first SNonce that they sent and derive an incorrect PTK using another SNonce that does not match with what the authenticator is using from the first received message 2/4. This results in failed 4-way handshake whenever the EAPOL-Key 1/4 retransmission timeout is reached. The timeout for the first retry is fixed to 100 ms in the IEEE 802.11 standard and that seems to be short enough to make it difficult for some stations to get the response out before retransmission. Work around this issue by increasing the initial EAPOL-Key 1/4 timeout by 1000 ms (i.e., total timeout of 1100 ms) if the station acknowledges reception of the EAPOL-Key frame. If the driver does not indicate TX status for EAPOL frames, use longer initial timeout (1000 ms) unconditionally.
* FT: Make FT-over-DS configurable (hostapd.conf ft_over_ds=0/1)Shan Palanisamy2011-03-061-0/+1
* FT: Specify source MAC address for RRB messagesJouni Malinen2011-02-201-12/+27
| | | | | | | | Use l2_packet with Ethernet header included so that the source address for RRB packets can be forced to be the local BSSID. This fixes problems where unexpected bridge interface address may end up getting used and the recipient of the frame dropping it as unknown R0KH/R1KH.
* hostapd_driver_ops reductionJouni Malinen2010-11-241-3/+4
| | | | | | send_eapol, set_key, read_sta_data, sta_clear_stats, set_radius_acl_auth, set_radius_acl_expire, and set_beacon to use inline functions instead of extra abstraction.
* hostapd: Start removing struct hostapd_driver_ops abstractionJouni Malinen2010-11-241-1/+1
| | | | | | | | | | | | | | Commit bf65bc638fe438b96f2986580ad167d5e276ef4c started the path to add this new abstraction for driver operations in AP mode to allow wpa_supplicant to control AP mode operations. At that point, the extra abstraction was needed, but it is not needed anymore since hostapd and wpa_supplicant share the same struct wpa_driver_ops. Start removing the unneeded abstraction by converting send_mgmt_frame() to an inline function, hostapd_drv_send_mlme(). This is similar to the design that is used in wpa_supplicant and that was used in hostapd in the past (hostapd_send_mgmt_frame() inline function).
* FT: Send RRB data directly when managed by same hostapd processJouni Malinen2010-07-261-0/+61
| | | | | | This makes it easier (and a bit faster) to handle multiple local radios with FT. There is no need to depend on l2_packet in that case since the frame can be delivered as a direct function call.
* Allow advertising of U-APSD functionality in BeaconYogesh Ashok Powar2010-04-111-0/+1
| | | | | | | | hostapd does not implement UAPSD functionality. However, if U-APSD functionality is implemented outside hostapd, add support to advertise the functionality in beacon. Signed-off-by: yogeshp@marvell.com
* FT: Use bridge interface (if set) for RRB connectionJouni Malinen2010-04-041-1/+3
| | | | This fixes receiving of RRB messages between FT APs
* FT: Set WLAN_AUTH_FT auth_alg on FT-over-DS caseJouni Malinen2010-04-041-1/+3
| | | | | | This is needed to allow reassociation processing to skip 4-way handshake when FT-over-DS is used with an AP that has a previous association state with the STA.
* Fix wpa_auth_iface_iter() to skip BSSes without AuthenticatorJouni Malinen2010-03-271-1/+2
| | | | | This could cause NULL pointer deference if multi-BSS configuration was used with OKC in some cases.
* Get rid of unnecessary typedefs for enums.Jouni Malinen2009-12-261-1/+1
* Replace src/ap/driver_i.h with non-inlined functions in ap_drv_ops.cJouni Malinen2009-12-251-1/+1
* Remove ap_config.h dependency from driver_i.hJouni Malinen2009-12-251-1/+3
| | | | | This adds explicit #include line for ap_config.h into the src/ap/*.c files that actually use the definitions from there.
* Rename some src/ap files to avoid duplicate file namesJouni Malinen2009-12-251-6/+6
| | | | | | Doxygen and some build tools may get a bit confused about same file name being used in different directories. Clean this up a bit by renaming some of the duplicated file names in src/ap.
* Get rid of direct hostapd_for_each_interface() callsJouni Malinen2009-12-251-2/+4
| | | | | | src/ap/*.c must not call functions in hostapd or wpa_supplicant directories directly, so avoid this by using a callback function pointer.
* Move rest of the generic AP mode functionality into src/apJouni Malinen2009-12-251-0/+474