| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
GNoStations variable was not always correct as far as number of STAs that
could really complete group key update is concerned. Furthermore, the
pending counter was decreased for new WPA STAs if they completed their
initial group key handshake during a scheduled group rekey.
The new mechanism counts the STAs that are marked with GUpdateStationKeys
when iterating through the potential STAs. If a STA is not in PTKINITDONE
state, group (re-)key handshake will not be started for it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note that this issue doesn't affect the stable branch, because there the
parameters to wpa_dbus_dict_append_byte_array() are actually _arrays_,
not pointers, and therefore the & operator performs as expected.
There are two issues here:
1) The comment about D-Bus requiring the address of the variable is
wrong, because wpa_dbus_dict_append_byte_array() handles all of that for
you
2) Commit 3e4bd73d5382c5942c79df5b71aa0cd3f5b943d8 incorrectly changed
the handling of these array values to pointers, keeping the & instead of
dropping it when moving from u8[] to u8*
Following patch is simpler and removes the erroneous comment.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
wpa_supplicant on Windows 2000 has been failing due to WMI errors. It seems
that when COM needs to do marshaling, the failures occurred. Further
looking showed that some function calls (such as IWbemServices_ExecQuery)
passed L"" strings, while BSTR's needed to passed. Making a wrapper to
convert WCHARs to BSTRs solved the problem and the supplicant is now
working OK on Windows 2000.
Potentially, the same situation could also occur on Windows XP, but for
some reason marshaling was not triggered while performing my tests on XP.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Previous version ended up clearing the AP WPA/RSN IE when processing
association event due to there being no scan result available. This is not
correct behavior for the case where beacon IEs are received in AssocInfo
event. Clearing of the AP IEs is now skipped if beacon IEs were already
received in AssocInfo. In practice, this is unlikely to change anything
since WPA code already had functionality for figuring out the correct IEs
from scan results if the IEs were not available. Anyway, the fixed behavior
is more correct and handles the case of scan results not being available
at all (should someone have a driver that does not expose scan results for
some reason).
|
| | |
|
| |
|
|
|
|
|
|
| |
has been started, but has not yet completed successfully. Server is still
allowed to skip Phase 2 EAP completely since that is the standard way of
handling fast session resumption. However, if the server starts Phase 2 EAP
authentication, this negotiation has to be completed before protected
success notification can be used to terminate EAP-PEAP successfully.
|
| |
|
|
|
|
| |
draft-josefsson-ppext-eap-tls-eap-10.txt removes conflicts with the TLV
types defined for EAP-FAST (RFC 4851), so this cleans up some of the
definitions.
|
| |
|
|
|
|
| |
The Phase 2 EAP messages are now encapsulated in EAP-Payload TLV if PEAPv2
is used. In addition, the EAP-Request/Identity is sent with the Phase 1
Server Finished message.
|
| |
|
|
|
|
|
|
|
| |
If the event history list view box vertical scrollbar is currently at its
maximum position, then scroll to the bottom of the list view box as each
new event is added. As soon as the scroll bar handle is no longer at its
maximum position this behavior is disabled.
Signed-off-by: Kel Modderman <kel@otaku42.de>
|
| |
|
|
|
|
|
|
|
|
| |
Always show the vertical scrollbar in the event history list view box. This
makes querying scrollbar position one step easier.
Use a horizontal spacer in a grid layout to push Close button to bottom
right corner and allow larger resizing of event list view box.
Signed-off-by: Kel Modderman <kel@otaku42.de>
|
| |
|
|
|
|
|
| |
This is the result of saving eventhistory.ui in qt4-designer without any
changes.
Signed-off-by: Kel Modderman <kel@otaku42.de>
|
| |
|
|
|
|
|
|
| |
The kernel doesn't currently offer this control and thus
it will always fail anyway, make it a stub to be implemented
via nl80211.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
|
| |
|
|
|
|
|
| |
This patch removes a number of definitions for ioctls
that are no longer present in the kernel and not used.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
|
| |
|
|
|
|
|
|
| |
The kernel no longer keeps track of whether port control is enabled or
disabled so hostapd now needs to do that. This patch does that, but this
code will not work for multi-BSS so this patch disables that for now.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
|
| |
|
|
|
|
|
|
| |
This patch changes the nl80211 driver to use the new nl80211
API for obtaining hardware information, rather than try to
use the deprecated/unsupported prism2 hostapd ioctl.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
|
| |
|
|
|
|
|
|
| |
This patch removes a whole bunch of ioctls that are no longer
included in the kernel and therefore always fail. For almost
all of these, replacements will have to be implemented.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
|
| |
|
|
|
|
|
|
|
| |
This patch makes the nl80211 driver use a monitor rather than a
management interface for receiving management frames. Monitor
interfaces use radiotap so a radiotap parser (thanks to Andy Green)
is also included.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
|
| |
|
|
|
|
|
|
|
|
| |
eapol_sm_notify_lower_layer_success() was modified in 0.6.x to call
eapol_sm_step(). This was fine for WPA-Enterprise case, but the IEEE 802.1X
with dynamic WEP was calling eapol_sm_notify_lower_layer_success() from
inside the EAPOL state machine and the extra call to eapol_sm_step()
triggered an infinite loop with eapol_sm_processKey(). This is now avoided
by telling eapol_sm_notify_lower_layer_success() whether the caller is
already in EAPOL state machine loop.
|
| |
|
|
|
|
|
|
|
| |
If the scan results included the same BSSID multiple times (e.g., from
multi-band APs that do not have a separate BSSID for each band), the scan
result iteration with "BSS first" and "BSS next <BSSID>" would end up in an
infinite loop. The new mechanism uses a simpler design that iterates
through the results using and index number for the BSS in the scan result
array.
|
| |
|
|
|
|
|
| |
The scanresults dialog no longer users a QTimer, the include was not
removed in the patch that got rid of the update scan results timer.
Signed-off-by: Kel Modderman <kel@otaku42.de>
|
| |
|
|
| |
Signed-off-by: Kel Modderman <kel@otaku42.de>
|
| |
|
|
|
|
|
|
|
| |
If src/wps/ is to be pruned from the release tarball by build_release, then
"make clean" should not fail.
Check for existence of each directory in src/ in clean target.
Signed-off-by: Kel Modderman <kel@otaku42.de>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
EAP-FAST with EAP-SIM as an inner method could tricker a NULL pointer
dereference if EAP-SIM DB was not configured. Avoid this by not calling
buildReq() for the Phase 2 method if initialization failed.
|
| | |
|
| |
|
|
|
|
|
| |
This used to require EAP workarounds to be enabled, but EAP-SIM and EAP-AKA
can leave Phase 2 in MAY_CONT state if protected result indication is not
used. Consequently, EAP-TTLS would be unable to derive keys in such a case
even though authentication was completed successfully.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Store and re-use the decrypted Phase 2 data in EAP-{PEAP,TTLS,FAST} if the
Phase 2 method enters pending wait state. This allows EAP-SIM and EAP-AKA
to be used as the Phase 2 method.
|
| | |
|
| |
|
|
|
|
| |
Do not include AT_NONCE_MT and AT_SELECTED_VERSION attributes in EAP-SIM
Start/Response when using fast reauthentication. These attributes are only
used for full authentication.
|
| |
|
|
|
|
| |
The AT_NONCE_MT and AT_SELECTED_VERSION attributes are only included in the
SIM/Start response when using full authentication. Fixed the code not to
require these to be present when fast reauthentication is used.
|
| |
|
|
|
|
| |
RFCs require the EAP-SIM/AKA server to ignore the contents of a response to
the protected success indication, so ignore client error in this case and
reply with EAP-Success.
|
| |
|
|
|
|
|
|
| |
Previous version was incorrectly including AT_COUNTER in the Notification
message even for full authentication. This caused interoperability issues
and was against the RFCs, so AT_COUNTER (and the additional encryption
attributes) is now only included in case the notification follows fast
reauthentication.
|
| |
|
|
|
|
|
| |
This identity request is not really needed if EAP-Response/Identity already
includes the correct identity. However, since the RFC 4186/4187 recommend
that the EAP identity is ignored, it is safer to do that here should some
peer implementations behave incorrectly.
|
| |
|
|
|
|
|
|
| |
It looks like some EAP-SIM/AKA peer implementations include an extra null
termination in the end of the identity/username. These implementations do
not seem to include these null characters in key derivation and that would
result in a key mismatch. As a workaround, drop the possible null
characters from the end of the identity/username for key derivation.
|
| |
|
|
|
|
| |
The identity length needs to be compared to IMSI length only after the
possible realm has been removed to avoid rejecting decorated usernames
(e.g., 1<IMSI>@wlan.mnc###.mcc###.3gppnetwork.org).
|
| |
|
|
|
|
|
|
|
|
| |
Fixed EAPOL state machine to handle a case in which no response is received
from the RADIUS authentication server; previous version could have
triggered a crash in some cases after a timeout.
The aaaEapResp variable may be set (or left) to TRUE even if aaaEapRespData
is NULL. This triggered a segmentation fault in wpabuf_head() call when
trying to send out the empty buffer.
|
