path: root/wpa_supplicant
Commit message (Collapse)AuthorAgeFilesLines
* P2P: Allow the avoid channels for P2P discovery/negotiationPurushottam Kushwaha2019-01-301-4/+11
| | | | | | | | | | | | | | | The avoid channels are notified through QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY allow minimal traffic, so enhance the P2P behavior accordingly by considering these avoid frequencies for P2P discovery/negotiation as long as they are not in disallowed frequencies list. Additionally, do not return failure when none of social channels are available as operation channel, rather, mark the op_channel/op_reg_class to 0 as this would anyway get selected during the group formation in p2p_prepare_channel. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Use python3 compatible print statementMasashi Honma2019-01-2619-351/+354
| | | | | | | | This patch is made by using 2to3 command. $ find . -name *.py | xargs 2to3 -f print -w -n Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* tests: Use python3 compatible "except" statementMasashi Honma2019-01-2613-39/+39
| | | | | | | | This patch is made by using 2to3 command. $ find . -name *.py | xargs 2to3 -f except -w -n Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Write multi_ap_backhaul_sta to wpa_supplicant configDaniel Golle2019-01-231-0/+1
| | | | | | | | | | The network configration option multi_ap_backhaul_sta was added without adding it to wpa_config_write_network(). Hence the value of this option was not included when writing the configuration file. Fix this by including it in wpa_config_write_network(). Fixes: 5abc7823b ("wpa_supplicant: Add Multi-AP backhaul STA support") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dbus: Document more possible BSS/RSA/KeyMgmt valuesLubomir Rintel2019-01-231-1/+6
| | | | | | | | | | This is probably not ideal, since it would be better if it ended up being autogenerated somehow, but at least it's somewhat of an improvement. Also added a comment that encourages keeping the docs in sync. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* Check supported types in wpas_mac_addr_rand_scan_set()Lior David2019-01-232-13/+17
| | | | | | | | | | | When setting scan with randomized MAC, check the requested scan type against supported types, to ensure callers will not set an unsupported type, since this can cause scan/connect failures later. It is better to do this in wpas_mac_addr_rand_scan_set() instead of control interface specific code to apply the constraint on all possible interfaces using this setting. Signed-off-by: Lior David <liord@codeaurora.org>
* Fix test compilation error related to sme_event_unprot_disconnect()Lior David2019-01-231-0/+2
| | | | | | | | sme_event_unprot_disconnect() is only defined with CONFIG_IEEE80211W, so the CONFIG_TESTING_OPTIONS command UNPROT_DEAUTH can be defined only with builds that enable IEEE 802.11w support. Signed-off-by: Lior David <liord@codeaurora.org>
* FILS: Remove notes about experimental implementationJouni Malinen2019-01-222-4/+0
| | | | | | | | | The standard amendment has been published and there has been sufficient amount of interoperability testing for FILS to expect the protocol not to be changed anymore, so remove the notes claiming this to be experimental and not suitable for production use. Signed-off-by: Jouni Malinen <j@w1.fi>
* dbus: Expose support of SAE key management in BSS propertiesLubomir Rintel2019-01-221-1/+7
| | | | | | This is going to be useful for NetworkManager and likely others. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* Revert "mesh: Apply channel attributes before setup interface"Masashi Honma2019-01-211-8/+3
| | | | | | | | | | | | | | | | | | | | This reverts commit 2564184440d9d6041d11a8c7d50b31368634c3bd. Commit 2564184440d9 ("mesh: Apply channel attributes before setup interface") triggers some channel configurations to result in leaking memory. This seems to be caused by hapd->started not getting set when going through a callback to start hostapd operation (e.g., when using HT40 coex scan) due to hostapd_setup_bss() not getting called. This results in hostapd_free_hapd_data() not clearing allocated hapd->wpa_auth. This can be reproduced with the hwsim test case mesh_secure_ocv_mix_legacy. A more complete cleanup of the pending mesh patch for DFS support seems to be needed to fix this properly, so the best approach for now is to revert this patch and bring it back once rest of the mesh changes are ready to be applied. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* D-Bus: Fix P2P Flush method to clear pending Action framesAmit Khatri2019-01-211-0/+1
| | | | | | | | If we call p2p_flush from ctrl_iface, before calling p2p_flush() it calls wpas_p2p_stop_find(). Add the same call to the matching D-Bus method to clear all pending operations. Signed-off-by: Amit Khatri <amit7861234@gmail.com>
* P2P: support random interface addressJimmy Chen2019-01-124-0/+44
| | | | | | | | | | To enhance privacy, generate a random interface for each group. There are two configurations are introduced: * p2p_interface_random_mac_addr enable interface random MAC address feature, default disable. Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
* P2P: Support random device addressJimmy Chen2019-01-125-0/+97
| | | | | | | | | | | | | | | To enhance privacy, generate a random device address for P2P interface. If there is no saved persistent group, it generate a new random MAC address on bringing up p2p0. If there is saved persistent group, it will use last MAC address to avoid breaking group reinvoke behavior. There are two configurations are introduced: * p2p_device_random_mac_addr enable device random MAC address feature, default disable. * p2p_device_persistent_mac_addr store last used random MAC address. Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
* P2P: Add 802.11ax support for P2P GOPeng Xu2019-01-1211-36/+72
| | | | | | | | An optional parameter "he" is added to p2p_connect, p2p_group_add, and p2p_invite to enable 11ax HE support. The new p2p_go_he=1 configuration parameter can be used to request this to be enabled by default. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* eapol_test: Start the identifier at an initial random valueMartin Stanislav2019-01-081-1/+2
| | | | | | | | Start the (EAP request) identifier at an initial random value as recommended by RFC 3748 in section 4.1 Request and Response on page 21. Signed-off-by: Martin Stanislav <ms@uakom.sk>
* nl80211: Indicate 802.1X 4-way handshake offload in connectArend van Spriel2019-01-071-0/+7
| | | | | | | | Upon issuing a connect request we need to indicate that we want the driver to offload the 802.1X 4-way handshake for us. Indicate it if the driver capability supports the offload. Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
* drivers: Add separate driver flags for 802.1X and PSK 4-way HS offloadsArend van Spriel2019-01-073-6/+6
| | | | | | | | | Allow drivers to indicate support for offloading 4-way handshake for either IEEE 802.1X (WPA2-Enterprise; EAP) and/or WPA/WPA2-PSK (WPA2-Personal) by splitting the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE flag into two separate flags. Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
* Use freq_list to constrain supported operating class informationBen Greear2019-01-071-0/+27
| | | | | | | | If a station is configured to allow only a subset of frequencies for an association, the supported operating classes may need to be more limited than what the hardware supports. Signed-off-by: Ben Greear <greearb@candelatech.com>
* Use disable_ht/vht to constrain supported operating class informationBen Greear2019-01-074-7/+43
| | | | | | | If user has disabled HT or VHT, those related operating classes should not be advertised as supported. Signed-off-by: Ben Greear <greearb@candelatech.com>
* mesh: Implement use of VHT20 config in mesh modePeter Oh2019-01-061-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | Mesh in VHT mode is supposed to be able to use any bandwidth that VHT supports, but there was no way to set VHT20 although there are parameters that are supposed to be used. This commit along then previous commit for VHT_CHANWIDTH_USE_HT makes mesh configuration available to use any bandwidth with combinations of existing parameters like shown below. VHT80: default do not set any parameters VHT40: max_oper_chwidth = 0 VHT20: max_oper_chwidth = 0 disable_ht40 = 1 HT40: disable_vht = 1 HT20: disable_ht40 = 1 disable HT: disable_ht = 1 Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
* mesh: Add VHT_CHANWIDTH_USE_HT to max_oper_chwidthPeter Oh2019-01-065-2/+8
| | | | | | | | | Channel width in VHT mode refers HT capability when the width goes down to below 80 MHz, hence add checking HT channel width to its max operation channel width. So that mesh has capability to select bandwidth below 80 MHz. Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
* wpa_supplicant: Allow disabling VHT SGI capabilityBen Greear2019-01-061-0/+10
| | | | | | | | This provides similar features to what was already available for HT overrides. Probe Request frames look correct, and VHT capabilities shown in debugfs look as expected. Signed-off-by: Ben Greear <greearb@candelatech.com>
* Use lchown() instead of chown() for self-created filesJouni Malinen2019-01-062-7/+7
| | | | | | | | | | | | | | There is no need to allow symlink dereferencing in these cases where a file (including directories and sockets) are created by the same process, so use the safer lchown() variant to avoid leaving potential windows for something external to replace the file before the chown() call. The particular locations used here should not have write permissions enabled for processes with less privileges, so this may not be needed, but anyway, it is better to make these more restrictive should there be cases where directory permissions are not as expected for a good deployment. Signed-off-by: Jouni Malinen <j@w1.fi>
* dbus: Fix build without CONFIG_WNM=yJouni Malinen2019-01-051-0/+4
| | | | | | | | wpa_s->bss_tm_status is within #ifdef CONFIG_WNM, so need to access it through matching condition. Fixes: 80d06d0ca9f3 ("dbus: Export BSS Transition Management status") Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Allow systemwide policies to be overriddenJouni Malinen2019-01-051-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some distributions (e.g., Debian) have started introducting systemwide OpenSSL policies to disable older protocol versions and ciphers throughout all programs using OpenSSL. This can result in significant number of interoperability issues with deployed EAP implementations. Allow explicit wpa_supplicant (EAP peer) and hostapd (EAP server) parameters to be used to request systemwide policies to be overridden if older versions are needed to be able to interoperate with devices that cannot be updated to support the newer protocol versions or keys. The default behavior is not changed here, i.e., the systemwide policies will be followed if no explicit override configuration is used. The overrides should be used only if really needed since they can result in reduced security. In wpa_supplicant, tls_disable_tlsv1_?=0 value in the phase1 network profile parameter can be used to explicitly enable TLS versions that are disabled in the systemwide configuration. For example, phase1="tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=0" would request TLS v1.0 and TLS v1.1 to be enabled even if the systemwide policy enforces TLS v1.2 as the minimum version. Similarly, openssl_ciphers parameter can be used to override systemwide policy, e.g., with openssl_ciphers="DEFAULT@SECLEVEL=1" to drop from security level 2 to 1 in Debian to allow shorter keys to be used. In hostapd, tls_flags parameter can be used to configure similar options. E.g., tls_flags=[ENABLE-TLSv1.0][ENABLE-TLSv1.1] Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Do not try to use FT-over-air if reassociation cannot be usedJouni Malinen2019-01-041-1/+1
| | | | | | | | | There is no point in going through FT authentication if the next step would have to use association exchange which will be rejected by the AP for FT, so only allow FT-over-air if previous BSSID is set, i.e., if reassociation can be used. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2PS: Notify D-Bus about removal of a stale/empty persistent groupJouni Malinen2019-01-041-0/+18
| | | | | | | | During P2PS PD Request processing wpa_supplicant removes stale and empty persistent groups, but it did not notify D-Bus to unregister object. Fix this by adding the missing notifications. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2PS: Notify D-Bus about removal of a stale persistent groupAmit Khatri2019-01-041-0/+4
| | | | | | | | | | | | | During P2PS PD Request processing wpa_supplicant removes stale persistent groups, but it did not notify D-Bus to unregister object. This can result in leaving behind objects pointing to freed memory and memory leaks. Sometime it can cause a crash in wpa_config_get_all() function and DBUS_ERROR_OBJECT_PATH_IN_USE errors. Fix this by adding the missed notification to D-Bus code to unregister the object. Signed-off-by: Amit Khatri <amit7861234@gmail.com>
* mesh: Consider mesh interface on DFS event handlerPeter Oh2019-01-032-16/+40
| | | | | | | | Once mesh starts supporting DFS channels, it has to handle DFS related events from drivers, hence add mesh interface to the check list. Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Reflect country setting to mesh configuration for DFSPeter Oh2019-01-031-0/+10
| | | | | | | | | wpa_supplicant configuration has country parameter that is supposed to be used in AP mode to indicate supporting IEEE 802.11h and 802.11d. Reflect this configuration to Mesh also since Mesh is required to support 802.11h and 802.11d to use DFS channels. Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
* mesh: Apply channel attributes before setup interfacePeter Oh2019-01-031-3/+8
| | | | | | | This helps mesh interface initialization with correct channel parameters. Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
* mesh: Set interface type to mesh before setting interfacePeter Oh2019-01-031-5/+5
| | | | | | | Correct interface type is required to start DFS CAC that can be triggered during interface setup. Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
* mesh: Set mesh VHT center frequencyPeter Oh2019-01-031-0/+1
| | | | | | | VHT center frequency value is required to compose the correct channel info. Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
* mesh: Relocate RSN initializationPeter Oh2019-01-031-3/+8
| | | | | | | | | | RSN initialization should work together with mesh join when it's used. Since mesh join could be called at a different stage if DFS channel is used, relocate the RSN initialization call to mesh join. It is still the same call flow of mesh join before this if non-DFS channels are used, hence no significant side effect will occur. Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
* mesh: Factor out mesh join functionPeter Oh2019-01-032-54/+79
| | | | | | | | | | Mesh join function consists of two parts which are preparing configurations and sending join event to the driver. Since physical mesh join event could happen either right after mesh configuration is done or after CAC is done in case of DFS channel is used, factor out the function into two parts to reduce redundant calls. Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
* mesh: Factor out RSN initializationPeter Oh2019-01-031-35/+40
| | | | | | | | | | | RSN initialization can be used in different phases if mesh initialization and mesh join don't happen in sequence such as DFS CAC is done in between, hence factor it out to help convering the case. This can also get rid of unnecessary indentation by handling the mconf->security != MESH_CONF_SEC_NONE functionality in a helper function. Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
* wpa_cli: Add command for setting PSK_PASSPHRASEHagai Moshe2019-01-021-0/+36
| | | | | | | | | | | | | Setting mem_only_psk=1 in the wpa_supplicant configuration prevents the passphrase from being stored in the configuration file. wpa_supplicant will request the PSK passphrase over the control interface in such case and this new wpa_cli command can be used to set the psk_passphrase. usage: psk_passphrase <network id> <psk_passphrase> Signed-off-by: Hagai Moshe <hagai.moshe@tandemg.com> Signed-off-by: Simon Dinkin <simon.dinkin@tandemg.com>
* dbus: Expose authentication status to D-BusAlex Khouderchah2019-01-028-0/+48
| | | | | | | | | | | wpa_supplicant currently logs CTRL-EVENT-AUTH-FAILED errors when authentication fails, but doesn't expose any property to the D-Bus interface related to this. This change adds the "AuthStatusCode" property to the interface, which contains the IEEE 802.11 status code of the last authentication. Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
* dbus: Export BSS Transition Management statusMatthew Wang2019-01-028-0/+48
| | | | | | | | Add new Interface properties "BSSTMStatus", which carries the status of the most recent BSS Transition Management request. This property will be logged in UMA to measure 802.11v success. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
* dbus: Export roam time, roam complete, and session lengthMatthew Wang2019-01-029-0/+168
| | | | | | | | | | | Add new Interface properties "RoamTime", "RoamComplete", and "SessionLength". "RoamTime" carries the roam time of the most recent roam in milliseconds. "RoamComplete" carries True or False corresponding to the success status of the most recent roam. "SessionLength" carries the number of milliseconds corresponding to how long the connection to the last AP was before a roam or disconnect happened. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
* Use a helper function for checking Extended Capabilities fieldJouni Malinen2019-01-025-13/+15
| | | | | | | | The new ieee802_11_ext_capab() and wpa_bss_ext_capab() functions can be used to check whether a specific extended capability bit is set instead of having to implement bit parsing separately for each need. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add [FST] and [UTF-8] flags to BSS command outputJouni Malinen2019-01-021-0/+16
| | | | | | | These flags were used in SCAN_RESULTS command output, but not BSS. Make these consistent by adding the flags to BSS as well. Signed-off-by: Jouni Malinen <j@w1.fi>
* Show [UTF-8] flag if the SSID is reported as UTF-8Jouke Witteveen2019-01-021-0/+7
| | | | Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com>
* RRM: Support for Last Beacon Report Indication subelementAvraham Stern2019-01-022-5/+76
| | | | | | | | | | | | IEEE P802.11-REVmd/D2.0, (Beacon request) and (Beacon report) add the Last Beacon Report Indication subelement to Beacon Request and Beacon Report elements. Add the Last Beacon Report Indication subelement to all Beacon Report elements if the Beacon Request indicated that this subelement is requested. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* RRM: Add support for beacon report fragmentationAvraham Stern2019-01-021-55/+100
| | | | | | | | | | | | | | | | | | When the frame body subelement would cause the measurement report element to exceed the maximum element size, the frame body subelement used to be truncated. In addition, some elements were always truncated in order to keep the reported frame body short (e.g. RSN IE). Alternatively, IEEE P802.11-REVmd/D2.0, extension to Beacon reporting can be used: The frame body subelement is fragmented across multiple beacon report elements, and the reported frame body fragment ID subelement is added. Use beacon report fragmentation instead of truncating the frame body as this method gives the AP a more complete information about the reported APs. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* dbus: Add vendor specific information element in peer propertiesNishant Chaprana2019-01-023-0/+30
| | | | | | | | Make vendor specific information elements (VSIE) available in peer properties, so that VSIE of a specific peer can be retrieved using peer's object path. Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
* crypto: Add option to use getrandom()Lubomir Rintel2019-01-012-0/+8
| | | | | | | | | | | | | | | | | | | | | According to random(4) manual, /dev/random is essentially deprecated on Linux for quite some time: "The /dev/random interface is considered a legacy interface, and /dev/urandom is preferred and sufficient in all use cases, with the exception of applications which require randomness during early boot time; for these applications, getrandom(2) must be used instead, because it will block until the entropy pool is initialized." An attempt to use it would cause unnecessary blocking on machines without a good hwrng even when it shouldn't be needed. Since Linux 3.17, a getrandom(2) call is available that will block only until the randomness pool has been seeded. It is probably not a good default yet as it requires a fairly recent kernel and glibc (3.17 and 2.25 respectively). Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* Update copyright notices for the new year 2019Jouni Malinen2019-01-0110-13/+13
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* OCE: Add RSSI based association rejection support (STA)Beni Lev2019-01-016-17/+69
| | | | | | | | | | | | | | An AP might refuse to connect a STA if it has a low RSSI. In such case, the AP informs the STA with the desired RSSI delta and a retry timeout. Any subsequent association attempt with that AP (BSS) should be avoided, unless the RSSI level improved by the desired delta or the timeout has expired. Defined in Wi-Fi Alliance Optimized Connectivity Experience technical specification v1.0, section 3.14 (RSSI-based association rejection information). Signed-off-by: Beni Lev <beni.lev@intel.com>
* P2P: Set global->p2p_group_formation in wpas_p2p_join_start() for p2pdevAloni, Adiel2019-01-011-9/+10
| | | | | | | | | | | | | When a dedicated P2P device interface is used, the global->p2p_group_formation was not set in wpas_p2p_join_start() if no separate group interface is used. This would cause that in case of a failure in group formation, the cleaning of p2p_in_provisioning is done on the wrong interface. Furthermore, P2P_CANCEL command could not be used to stop such a group-join operation. Fix this by setting the global->p2p_group_formation correctly in case that the group interface is reusing wpa_s->parent. Signed-off-by: Adiel Aloni <adiel.aloni@intel.com>