Commit message (Collapse)AuthorAgeFilesLines
* wpa_passphrase.exe linking needs -lgdi32 due to some changes in crypto codeHEADhostap_0_6_3masterJouni Malinen2008-02-231-1/+1
* Preparations for 0.6.3 releaseJouni Malinen2008-02-237-14/+15
* Removed couple of forgotten referencesJouni Malinen2008-02-232-3/+1
* Removed forgotten fileJouni Malinen2008-02-231-1/+0
* Removed WPS supportJouni Malinen2008-02-2346-7120/+5
* EAP-IKEv2 specification has been released as RFC 5106Jouni Malinen2008-02-224-4/+4
* Preparations for 0.5.10 releaseJouni Malinen2008-02-204-11/+12
* Use more robust mechanism for determining when group key update is completeJouni Malinen2008-02-192-29/+16
| | | | | | | | | | | GNoStations variable was not always correct as far as number of STAs that could really complete group key update is concerned. Furthermore, the pending counter was decreased for new WPA STAs if they completed their initial group key handshake during a scheduled group rekey. The new mechanism counts the STAs that are marked with GUpdateStationKeys when iterating through the potential STAs. If a STA is not in PTKINITDONE state, group (re-)key handshake will not be started for it.
* Fixed dbus scan result IE handlersDan Williams2008-02-161-21/+8
| | | | | | | | | | | | | | | | | | Note that this issue doesn't affect the stable branch, because there the parameters to wpa_dbus_dict_append_byte_array() are actually _arrays_, not pointers, and therefore the & operator performs as expected. There are two issues here: 1) The comment about D-Bus requiring the address of the variable is wrong, because wpa_dbus_dict_append_byte_array() handles all of that for you 2) Commit 3e4bd73d5382c5942c79df5b71aa0cd3f5b943d8 incorrectly changed the handling of these array values to pointers, keeping the & instead of dropping it when moving from u8[] to u8* Following patch is simpler and removes the erroneous comment.
* Added changelog entry for Windows 2000 WMI fixJouni Malinen2008-02-161-0/+1
* Fix ndis_events.c to use correct string type for some IWbem callsRidouan Agarad2008-02-161-18/+93
| | | | | | | | | | | | wpa_supplicant on Windows 2000 has been failing due to WMI errors. It seems that when COM needs to do marshaling, the failures occurred. Further looking showed that some function calls (such as IWbemServices_ExecQuery) passed L"" strings, while BSTR's needed to passed. Making a wrapper to convert WCHARs to BSTRs solved the problem and the supplicant is now working OK on Windows 2000. Potentially, the same situation could also occur on Windows XP, but for some reason marshaling was not triggered while performing my tests on XP.
* Do not clear AP WPA/RSN IE from AssocInfo event when using ap_scan=2Jouni Malinen2008-02-163-6/+14
| | | | | | | | | | | | | Previous version ended up clearing the AP WPA/RSN IE when processing association event due to there being no scan result available. This is not correct behavior for the case where beacon IEs are received in AssocInfo event. Clearing of the AP IEs is now skipped if beacon IEs were already received in AssocInfo. In practice, this is unlikely to change anything since WPA code already had functionality for figuring out the correct IEs from scan results if the IEs were not available. Anyway, the fixed behavior is more correct and handles the case of scan results not being available at all (should someone have a driver that does not expose scan results for some reason).
* Fixed function documentation (text copied from another function)Jouni Malinen2008-02-161-4/+0
* Fixed EAP-PEAP not to allow server to claim success when Phase 2 EAP methodJouni Malinen2008-02-153-7/+36
| | | | | | | | has been started, but has not yet completed successfully. Server is still allowed to skip Phase 2 EAP completely since that is the standard way of handling fast session resumption. However, if the server starts Phase 2 EAP authentication, this negotiation has to be completed before protected success notification can be used to terminate EAP-PEAP successfully.
* Updated EAP-TLV definitions to use new EAP-PEAP draft version -10Jouni Malinen2008-02-104-14/+17
| | | | | | draft-josefsson-ppext-eap-tls-eap-10.txt removes conflicts with the TLV types defined for EAP-FAST (RFC 4851), so this cleans up some of the definitions.
* Added some preliminary code for PEAPv2 style TLV encapsulationJouni Malinen2008-02-102-6/+236
| | | | | | The Phase 2 EAP messages are now encapsulated in EAP-Payload TLV if PEAPv2 is used. In addition, the EAP-Request/Identity is sent with the Phase 1 Server Finished message.
* wpa_gui-qt4: scroll with events when added to event list view boxKel Modderman2008-02-091-0/+10
| | | | | | | | | If the event history list view box vertical scrollbar is currently at its maximum position, then scroll to the bottom of the list view box as each new event is added. As soon as the scroll bar handle is no longer at its maximum position this behavior is disabled. Signed-off-by: Kel Modderman <kel@otaku42.de>
* wpa_gui-qt4: eventhistory.ui, always show vert scrollbar, better resizingKel Modderman2008-02-091-37/+21
| | | | | | | | | | Always show the vertical scrollbar in the event history list view box. This makes querying scrollbar position one step easier. Use a horizontal spacer in a grid layout to push Close button to bottom right corner and allow larger resizing of event list view box. Signed-off-by: Kel Modderman <kel@otaku42.de>
* wpa_gui-qt4: save eventhistory.ui in qt4-designerKel Modderman2008-02-091-91/+75
| | | | | | | This is the result of saving eventhistory.ui in qt4-designer without any changes. Signed-off-by: Kel Modderman <kel@otaku42.de>
* nl80211 driver: remove bridge packets controlJohannes Berg2008-02-071-45/+1
| | | | | | | | The kernel doesn't currently offer this control and thus it will always fail anyway, make it a stub to be implemented via nl80211. Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
* nl80211 driver: remove ioctl definitionsJohannes Berg2008-02-071-63/+0
| | | | | | | This patch removes a number of definitions for ioctls that are no longer present in the kernel and not used. Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
* Internalize port control into nl80211 driverJohannes Berg2008-02-071-9/+13
| | | | | | | | The kernel no longer keeps track of whether port control is enabled or disabled so hostapd now needs to do that. This patch does that, but this code will not work for multi-BSS so this patch disables that for now. Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
* nl80211 driver: use nl80211 for hw infoJohannes Berg2008-02-071-113/+189
| | | | | | | | This patch changes the nl80211 driver to use the new nl80211 API for obtaining hardware information, rather than try to use the deprecated/unsupported prism2 hostapd ioctl. Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
* nl80211 driver: remove broken ioctlsJohannes Berg2008-02-071-129/+7
| | | | | | | | This patch removes a whole bunch of ioctls that are no longer included in the kernel and therefore always fail. For almost all of these, replacements will have to be implemented. Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
* nl80211 driver: use monitor rather than management interfaceJohannes Berg2008-02-076-318/+814
| | | | | | | | | This patch makes the nl80211 driver use a monitor rather than a management interface for receiving management frames. Monitor interfaces use radiotap so a radiotap parser (thanks to Andy Green) is also included. Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
* Fixed EAPOL not to end up in infinite loop with dynamic WEP keysJouni Malinen2008-02-064-6/+12
| | | | | | | | | | eapol_sm_notify_lower_layer_success() was modified in 0.6.x to call eapol_sm_step(). This was fine for WPA-Enterprise case, but the IEEE 802.1X with dynamic WEP was calling eapol_sm_notify_lower_layer_success() from inside the EAPOL state machine and the extra call to eapol_sm_step() triggered an infinite loop with eapol_sm_processKey(). This is now avoided by telling eapol_sm_notify_lower_layer_success() whether the caller is already in EAPOL state machine loop.
* Replaced BSS first/next commands with BSS idx to avoid infinite loopsJouni Malinen2008-02-064-43/+26
| | | | | | | | | If the scan results included the same BSSID multiple times (e.g., from multi-band APs that do not have a separate BSSID for each band), the scan result iteration with "BSS first" and "BSS next <BSSID>" would end up in an infinite loop. The new mechanism uses a simpler design that iterates through the results using and index number for the BSS in the scan result array.
* wpa_gui-qt4: remove QTimer remains from scanresultsKel Modderman2008-02-041-2/+0
| | | | | | | The scanresults dialog no longer users a QTimer, the include was not removed in the patch that got rid of the update scan results timer. Signed-off-by: Kel Modderman <kel@otaku42.de>
* Fix ctrl_iface.c x86_64 compile warningKel Modderman2008-02-041-1/+2
| | | | Signed-off-by: Kel Modderman <kel@otaku42.de>
* Check for src/ subdirectories on cleanKel Modderman2008-02-041-1/+1
| | | | | | | | | If src/wps/ is to be pruned from the release tarball by build_release, then "make clean" should not fail. Check for existence of each directory in src/ in clean target. Signed-off-by: Kel Modderman <kel@otaku42.de>
* Added hostapd version of eap_testing.txtJouni Malinen2008-02-042-1/+80
* Added more debug to issuer name validation errorJouni Malinen2008-02-041-0/+8
* Extend the identity workaround to remove all trailing null charactersJouni Malinen2008-02-042-2/+2
* EAP-FAST provisioning and authentication works with EAP-MD5 (with hostapd)Jouni Malinen2008-02-031-0/+2
* EAP-TLS works as Phase 2 method with hostapd and so does SIM and AKA.Jouni Malinen2008-02-031-5/+9
* Do not call Phase 2 method buildReq() if initialization failedJouni Malinen2008-02-031-0/+5
| | | | | | EAP-FAST with EAP-SIM as an inner method could tricker a NULL pointer dereference if EAP-SIM DB was not configured. Avoid this by not calling buildReq() for the Phase 2 method if initialization failed.
* EAP-SIM and EAP-AKA can now be used as Phase 2 method with hostapdJouni Malinen2008-02-032-6/+6
* Mark EAP-TTLS Phase 2 successfully completed even in MAY_CONT stateJouni Malinen2008-02-031-2/+2
| | | | | | | This used to require EAP workarounds to be enabled, but EAP-SIM and EAP-AKA can leave Phase 2 in MAY_CONT state if protected result indication is not used. Consequently, EAP-TTLS would be unable to derive keys in such a case even though authentication was completed successfully.
* Added more debug information for EAP keyData retrievalJouni Malinen2008-02-031-3/+13
* Cancel timeout when exiting eapol_test to avoid warningsJouni Malinen2008-02-031-0/+3
* Added support for pending EAP Phase 2 processingJouni Malinen2008-02-034-5/+66
| | | | | | Store and re-use the decrypted Phase 2 data in EAP-{PEAP,TTLS,FAST} if the Phase 2 method enters pending wait state. This allows EAP-SIM and EAP-AKA to be used as the Phase 2 method.
* Allow * wildcard to be used for Phase 2 EAP identitiesJouni Malinen2008-02-032-1/+9
* Fixed EAP-SIM Start/Response message for fast reauthenticationJouni Malinen2008-02-032-8/+12
| | | | | | Do not include AT_NONCE_MT and AT_SELECTED_VERSION attributes in EAP-SIM Start/Response when using fast reauthentication. These attributes are only used for full authentication.
* Fixed EAP-SIM Start response processing for fast reauthentication caseJouni Malinen2008-02-032-14/+16
| | | | | | The AT_NONCE_MT and AT_SELECTED_VERSION attributes are only included in the SIM/Start response when using full authentication. Fixed the code not to require these to be present when fast reauthentication is used.
* EAP-SIM/AKA: Ignore client error when sending success result indicationJouni Malinen2008-02-032-2/+8
| | | | | | RFCs require the EAP-SIM/AKA server to ignore the contents of a response to the protected success indication, so ignore client error in this case and reply with EAP-Success.
* Remove AT_COUNTER from EAP-SIM/AKA result indication in full authenticationJouni Malinen2008-02-033-30/+39
| | | | | | | | Previous version was incorrectly including AT_COUNTER in the Notification message even for full authentication. This caused interoperability issues and was against the RFCs, so AT_COUNTER (and the additional encryption attributes) is now only included in case the notification follows fast reauthentication.
* Include AT_ANY_ID_REQ in EAP-SIM/AKA start/identity per RFC recommendationJouni Malinen2008-02-032-0/+15
| | | | | | | This identity request is not really needed if EAP-Response/Identity already includes the correct identity. However, since the RFC 4186/4187 recommend that the EAP identity is ignored, it is safer to do that here should some peer implementations behave incorrectly.
* EAP-SIM/AKA workaround for incorrect null termination in the usernameJouni Malinen2008-02-034-7/+26
| | | | | | | | It looks like some EAP-SIM/AKA peer implementations include an extra null termination in the end of the identity/username. These implementations do not seem to include these null characters in key derivation and that would result in a key mismatch. As a workaround, drop the possible null characters from the end of the identity/username for key derivation.
* Fixed EAP-SIM/AKA realm processing to allow decorated usernames to be usedJouni Malinen2008-02-032-10/+34
| | | | | | The identity length needs to be compared to IMSI length only after the possible realm has been removed to avoid rejecting decorated usernames (e.g., 1<IMSI>@wlan.mnc###.mcc###.3gppnetwork.org).
* Fixed a crash on no-RADIUS-server-reply timeoutJouni Malinen2008-02-012-0/+8
| | | | | | | | | | Fixed EAPOL state machine to handle a case in which no response is received from the RADIUS authentication server; previous version could have triggered a crash in some cases after a timeout. The aaaEapResp variable may be set (or left) to TRUE even if aaaEapRespData is NULL. This triggered a segmentation fault in wpabuf_head() call when trying to send out the empty buffer.