path: root/wpa_supplicant/interworking.c
Commit message (Collapse)AuthorAgeFilesLines
* Interworking: Use SSID from the BSS entryJouni Malinen2013-11-061-22/+11
| | | | | | | There is no need to parse the IE buffer again to find the SSID of the BSS since that information is already stored in struct wpa_bss. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Reject BSS based on disallow_apsJouni Malinen2013-11-061-0/+16
| | | | | | | | | | | If a BSS is disallowed temporarily with disallow_aps, the network connection is going to fail. As such, there is not much point in allowing Interworking network selection to try to connect with such BSS. As such, do not consider disallowed networks for automatic network selection and reject requests to connect to them through INTERWORKING_CONNECT. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Avoid duplicated network blocksJouni Malinen2013-11-061-1/+41
| | | | | | | | | | | | | Do not add multiple network blocks for the same network from a single credential. INTERWORKING_CONNECT used to generate a new network block for each instance regardless of what network blocks have already been configured. While this allows the connection to go through, it is not efficient to leave behind potentially large number of network blocks with the same contents (or worse, changed contents). Address this by removing an older network block for the same credential before adding a new one. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Do not reconnect if already connectedJouni Malinen2013-11-061-0/+39
| | | | | | | | If we are already connected to the selected AP with a network block that was created based on the selected credential, do not force a reconnection or network block update. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* eap_proxy: Re-read IMSI from proxy in Interworking functionalityNaresh Jayaram2013-11-051-0/+18
| | | | | | | Try to read the IMSI values through the eap_proxy layer for Interworking functionality again if the value was not available at startup. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Report STATUS:sp_type even if domain is not configuredJouni Malinen2013-10-291-1/+4
| | | | | | | | This allows sp_type={home,roaming,unknown} to be used to determine network type with SIM-based credentials even if the domain name parameter is not configured explicitly. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Clear known_wps_freq for network selectionJouni Malinen2013-10-271-0/+1
| | | | | | | | This was forgotten from the previous commit which allowed some cases to trigger single-channel scan incorrectly if an optimized WPS scan had not yet been completed at the time network selection was started. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Force normal scan for network selectionJouni Malinen2013-10-271-0/+2
| | | | | | | | | Make sure special optimized scans (like WPS-single-channel or sched_scan) do not get used during the network selection scan. This could have been hit in cases where a previous operation has been stopped in a state where special scan parameters were going to be used. Signed-hostap: Jouni Malinen <j@w1.fi>
* GAS: Delay GAS query Tx while another query is in progressKyeyoon Park2013-10-211-3/+3
| | | | | | | | | It would be possible to issue another GAS query when a previous one is still in progress and this could result in conflicting offchannel operations. Prevent that by delaying GAS query initiation until the previous operation has been completed. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* eap_proxy: Fix IMSI fetch for home vs. visited network determinationJouni Malinen2013-10-201-0/+6
| | | | | | | | Use similar mechanism to CONFIG_PCSC=y case to set the IMSI and MNC length for eap_proxy. This allows automatic 3GPP realm comparison against the domain list. Signed-hostap: Jouni Malinen <j@w1.fi>
* EAP peer: Add framework for external SIM/USIM processingJouni Malinen2013-10-201-1/+2
| | | | | | | | | | | | | | The new configuration parameter external_sim=<0/1> can now be used to configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM authentication for EAP-SIM or UMTS authentication for EAP-AKA). The requests and responses for such operations are sent over the ctrl_iface CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing password query mechanism. Changes to the EAP methods to use this new mechanism will be added in separate commits. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Add required_roaming_consortium parameter for credentialsJouni Malinen2013-10-181-0/+29
| | | | | | | This allows credentials to be limited from being used to connect to a network unless the AP advertises a matching roaming consortium OI. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Add domain_suffix_match for credentialsJouni Malinen2013-10-181-0/+5
| | | | | | | | This allow domain_suffix_match to be specified for a cred block and then get this copied for the network blocks generated from this credential as part of Interworking network selection. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Add support for multiple home FQDNsJouni Malinen2013-10-181-4/+7
| | | | | | | | Credentials can now be configured with more than one FQDN ('domain' field in the cred block) to perform Domain Name List matching against multiple home domains. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Relax 3GPP info PLMN matching for MNCJouni Malinen2013-07-081-11/+40
| | | | | | | | | | | | | | | | | | 3GPP TS 24.232 Annex A.3 allows network operator to advertise only two digits of MNC even if MNC has three digits. Allow such matches in network selection. In addition, allow three digit matches of MNC even if MNC length was assumed to be two to avoid missing networks if MNC length cannot be determined reliably. Remove the '-' separator from simulated SIM/USIM cases to allow the new matching rules to work. Fix the PLMN List information element parsing loop to use the length of the PLMN List instead of the length of the full 3GPP Cellular Info to avoid unexpected matches should a new element ever be added by 3GPP. Finally, add more debug prints from PLMN matching to make the logs easier to understand. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Add support for using eap_proxy offloadJouni Malinen2013-06-191-2/+9
| | | | | | | Fetch IMSI through eap_proxy for Interworking network selection if needed. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Add dup_binstr() to help common binary string tasksJouni Malinen2013-04-271-3/+1
| | | | | | | | There are quite a few places in the current implementation where a nul terminated string is generated from binary data. Add a helper function to simplify the code a bit. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Try to use same BSS entry for storing GAS resultsJouni Malinen2013-04-011-3/+20
| | | | | | | | | | | | There may be cases where multiple BSS entries for a single BSSID are in the table. This is mostly in automated test cases due to the AP configuration changes, but something similar could potentially happen as a corner case in more realistic networks, too, e.g., when an AP changes its operating channel. Make network selection more robust by trying to find the exact BSS entry instead of any BSS entry with a matching BSSID when storing GAS/ANQP response. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Remove unused variable warningsMasashi Honma2013-02-281-2/+3
| | | | | | | | | | This patch removes these warnings. interworking.c: In function 'interworking_credentials_available_3gpp': interworking.c:1330:6: warning: unused variable 'ret' [-Wunused-variable] interworking.c:1329:19: warning: unused variable 'cred' [-Wunused-variable] Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
* Interworking: Select highest priority cred if multiple matchesJouni Malinen2013-02-161-55/+47
| | | | | | | | | | | | | Previously, the credential to use for a connection with a specific BSS was picked arbitrary based on first found match of each matching mechanism. While the credential priorities were used elsewhere, this did not take into account that different mechanisms could find multiple matching credentials. As such, the highest priority credential was not always used in case more than one credential matched with the selected BSS. Fix this by checking credential priorities again during connection request. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Implement fast-associate on SelectNetworkPaul Stewart2013-02-031-10/+2
| | | | | | | | | | If scan results are available when we perform a SelectNetwork, use them to make an associate decision. This can save an entire scan interval-worth of time in situations where something external to wpa_supplicant (like a connection manager) has just previously requested a scan before calling SelectNetwork. Signed-hostap: Paul Stewart <pstew@chromium.org>
* Interworking: Do not schedule new scan if process is terminatingJouni Malinen2013-01-071-1/+1
| | | | | | | | The GAS query compilation callback may happen after the wpa_supplicant process has been requested to terminate. Avoid scheduling a new eloop timeout for a scan in such a case. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Do not share ANQP info if none was receivedJouni Malinen2013-01-071-0/+5
| | | | | | | | | Verify that the other BSS has actually received some valid ANQP information before sharing the results from it. This fixes potential issues with cases where some of the APs with the same HESSID has invalid ANQP configuration. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Continue ANQP fetch after TX failureJouni Malinen2013-01-071-0/+10
| | | | | | | | | | | | | If the driver rejected any of the offchannel Action frame TX requests, the previous implementation terminated ANQP fetch process. While the driver should not really reject the request normally, it is possible that a request gets rejected for some reason. Allow the fetch process to continue with the next AP in such case to avoid breaking networking selection. This could result, e.g., in auto_interworking=1 process failing to connect if any the driver rejects requests to any of the APs in the scan result even if some other APs provided suitable information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Default to EAP-MSCHAPv2 with EAP-PEAPJouni Malinen2012-12-171-4/+12
| | | | | | | | If the NAI Realm list indicates that EAP-PEAP is used, use EAP-MSCHAPv2 as the Phase 2 method by default if the NAI Realm list does not specify the tunneled method. Signed-hostap: Jouni Malinen <j@w1.fi>
* HS 2.0: Fix sp_type check in ctrl_iface status commandJouni Malinen2012-12-171-2/+3
| | | | | | | | | | | Commit e99b4f3a14755473d6d0e2413de6d82e785a6a30 added functionality to check whether the current association is with the home SP. This commit did not take into account that the domain name ANQP information could be NULL and that could result to a NULL pointer dereference. Fix that by validation that domain_names != NULL before calling domain_name_list_contains(). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Allow SSID-based network exclusion for credentialsJouni Malinen2012-12-161-0/+25
| | | | | | | The new excluded_ssid parameter within a cred block can be used to excluded networks from matching with credentials. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Default to TTLS/MSCHAPv2 for NAI Realm list matchingJouni Malinen2012-12-161-1/+7
| | | | | | | If the AP does not advertize EAP parameters, default to TTLS/MSCHAPv2 when using username/password credentials. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Document wpa_s->scan_reqJouni Malinen2012-11-251-1/+1
| | | | | | | Use an enum with documented values to make it easier to understand how wpa_s->scan_req is used. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Enable key_mgmt WPA-EAP-SHA256 if PMF is enabledJouni Malinen2012-11-241-5/+8
| | | | | | | | If the global pmf=1/2 parameter is used to enable PMF for Interworking networks, add WPA-EAP-SHA256 to the temporary network block to allow connection to PMF required APs. Signed-hostap: Jouni Malinen <j@w1.fi>
* HS 2.0: Add Home SP FQDN and roaming/home to status commandJouni Malinen2012-11-241-35/+45
| | | | | | | | This allows the ctrl_iface STATUS information to be used to determine which Home SP credential (domain in the cred block) was used and whether the network is operated by the home SP. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0: Remove temporary network block on cred block removalJouni Malinen2012-11-241-0/+3
| | | | | | | If the credential that was used to create a temporary HS 2.0 network block is removed, remove the network block, too. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Unshare ANQP results on explicit ANQP requestsJouni Malinen2012-10-031-1/+3
| | | | | | | | | When ANQP_GET or HS20_ANQP_GET is used to request ANQP information, unshare the ANQP information (i.e., create a per-BSS copy of it) to make sure the information from the specified BSS is available in case the APs provide different information within HESSID. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Support Android JB keystore with EAP-TLSJouni Malinen2012-09-281-0/+11
| | | | | | | If the keystore:// prefix is used in the private_key entry, convert that to the OpenSSL engine style configuration used for Android JB keystore. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Do not inform other virtual interfaces of scan results in all casesJouni Malinen2012-09-141-1/+1
| | | | | | | | | | | If a connection operation is started on an interface based on scan results, other virtual interfaces should not be information about the results to avoid potential concurrent operations during the association steps. Since the sibling notification of scan results received was added as an optimization, skipping it for this type of cases is the simplest way of avoiding unnecessary concurrent operations. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Share ANQP data within homogenous ESSJouni Malinen2012-09-041-0/+38
| | | | | | | | If two BSS entries have the same HESSID and SSID, share the fetched ANQP information between these BSS entries to save memory and GAS/ANQP operations. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Allow EAP-SIM/AKA/AKA' override in cred blockJouni Malinen2012-09-041-6/+35
| | | | | | | The eap parameter in the cred block can now be used to override automatic EAP-SIM/AKA/AKA' selection. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Move BSS ANQP information into separate structJouni Malinen2012-09-041-33/+46
| | | | | | | | This is an initial step in allowing the ANQP responses to be shared among multiple BSSes if the BSSes are determined to be operating under identical configuration. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Fetch only the needed ANQP informationJouni Malinen2012-09-021-16/+94
| | | | | | | | | Use configured credentials to figure out which ANQP information needs to be fetched and only fetch those when using Interworking network selection. The fetch_anqp command is still fetching all ANQP information. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Skip extra scan after network auto-selectJouni Malinen2012-09-021-0/+12
| | | | | | | | If the scan results from before ANQP fetch are fresh (less than five seconds old), do not run a new scan when selecting the BSS after having used Interworking network selection. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Fix build without CONFIG_PCSC=yJouni Malinen2012-08-291-0/+2
| | | | Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Add optional use of network selection on normal scansJouni Malinen2012-08-281-2/+13
| | | | | | | | | | auto_interworking=1 configuration parameter can be used to request wpa_supplicant to use Interworking network selection automatically as a part of the normal (non-Interworking) network selection if the scan results do not match with enabled networks. This makes scanning work similarly to the "interworking_select auto" command. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Add generic GAS request mechanismJouni Malinen2012-08-271-0/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new gas_request and gas_response_get commands can be used to request arbitary GAS queries to be performed. These can be used with ANQP or with other (including vendor specific) advertisement protocols. gas_request <BSSID> <AdvProtoID> [Query] gas_response_get <addr> <dialog token> [offset,length] For example, ANQP query for Capability list in interactive wpa_cli session: > gas_request 02:00:00:00:01:00 00 000102000101 <3>GAS-RESPONSE-INFO addr=02:00:00:00:01:00 dialog_token=0 status_code=0 resp_len=32 > gas_response_get 02:00:00:00:01:00 00 01011c00010102010501070108010c01dddd0c00506f9a110200020304050607 > gas_response_get 02:00:00:00:01:00 00 0,10 01011c00010102010501 > gas_response_get 02:00:00:00:01:00 00 10,10 070108010c01dddd0c00 > gas_response_get 02:00:00:00:01:00 00 20,10 506f9a11020002030405 > gas_response_get 02:00:00:00:01:00 00 30,2 0607 It should be noted that the maximum length of the response buffer is currently 4096 bytes which allows about 2000 bytes of the response data to be fetched with a single gas_response_get command. If the response is longer, it can be fetched in pieces as shown in the example above. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Fix home SP check with real SIM cardJouni Malinen2012-08-261-7/+20
| | | | | | | | The NAI building routine assumed that the credential included the IMSI, but that is not the case when using a real SIM card. Build the NAI based on the IMSI read for the card in such a case. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Fix PLMN matching with multiple entriesJouni Malinen2012-08-261-0/+1
| | | | | | | | | The pos variable was not advanced when comparing PLMN entries in 3GPP Cellular Network information and as such, only the first entry was really used. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1
* Interworking: Do not match credentials without WPA2-EnterpriseJouni Malinen2012-08-191-0/+20
| | | | | | | | Since we currently support only HS 2.0 networks with Interworking network selection, do not indicate credential match unless the network uses WPA2-Enterprise. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Enforce WPA2-Enterprise/CCMPJouni Malinen2012-08-191-3/+15
| | | | | | | | Since we currently support only HS 2.0 networks with Interworking network selection, enforce that WPA2-Enterprise/CCMP is used on the AP instead of allowing any WPA-Enterprise combination. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Do not reconnect without "auto" parameterJouni Malinen2012-08-191-1/+2
| | | | | | | | | | When there was no credential match, but an enabled network block matched with a scan result, wpa_supplicant reconnected at the end of interworking_select command even if "auto" parameter was not used. Fix this by running the reconnect only if requested to automatically select a network. Signed-hostap: Jouni Malinen <j@w1.fi>
* Convert os_zalloc() for an array to use os_calloc()Jouni Malinen2012-08-131-2/+2
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* EXT PW: Allow Interwork cred block to use external storage for passwordJouni Malinen2012-08-031-3/+9
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>