aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
Commit message (Collapse)AuthorAgeFilesLines
* Added support for pending EAP Phase 2 processingJouni Malinen2008-02-031-0/+2
| | | | | | Store and re-use the decrypted Phase 2 data in EAP-{PEAP,TTLS,FAST} if the Phase 2 method enters pending wait state. This allows EAP-SIM and EAP-AKA to be used as the Phase 2 method.
* Allow * wildcard to be used for Phase 2 EAP identitiesJouni Malinen2008-02-032-1/+9
|
* Fixed EAP-SIM Start response processing for fast reauthentication caseJouni Malinen2008-02-031-0/+2
| | | | | | The AT_NONCE_MT and AT_SELECTED_VERSION attributes are only included in the SIM/Start response when using full authentication. Fixed the code not to require these to be present when fast reauthentication is used.
* Remove AT_COUNTER from EAP-SIM/AKA result indication in full authenticationJouni Malinen2008-02-031-0/+3
| | | | | | | | Previous version was incorrectly including AT_COUNTER in the Notification message even for full authentication. This caused interoperability issues and was against the RFCs, so AT_COUNTER (and the additional encryption attributes) is now only included in case the notification follows fast reauthentication.
* EAP-SIM/AKA workaround for incorrect null termination in the usernameJouni Malinen2008-02-031-0/+2
| | | | | | | | It looks like some EAP-SIM/AKA peer implementations include an extra null termination in the end of the identity/username. These implementations do not seem to include these null characters in key derivation and that would result in a key mismatch. As a workaround, drop the possible null characters from the end of the identity/username for key derivation.
* Fixed EAP-SIM/AKA realm processing to allow decorated usernames to be usedJouni Malinen2008-02-031-0/+2
| | | | | | The identity length needs to be compared to IMSI length only after the possible realm has been removed to avoid rejecting decorated usernames (e.g., 1<IMSI>@wlan.mnc###.mcc###.3gppnetwork.org).
* Fixed a crash on no-RADIUS-server-reply timeoutJouni Malinen2008-02-012-0/+8
| | | | | | | | | | Fixed EAPOL state machine to handle a case in which no response is received from the RADIUS authentication server; previous version could have triggered a crash in some cases after a timeout. The aaaEapResp variable may be set (or left) to TRUE even if aaaEapRespData is NULL. This triggered a segmentation fault in wpabuf_head() call when trying to send out the empty buffer.
* RADIUS server: Copy optional Proxy-State attribute(s) into responseJouni Malinen2008-01-241-0/+2
| | | | | RFC 2865 requires that these attributes are copied unmodified and in order into the response packet.
* WPS: Added reference to README-WPS into ChangeLogJouni Malinen2008-01-201-1/+2
|
* WPS: Added a README file describing WPS use with hostapdJouni Malinen2008-01-161-0/+173
|
* WPS: Fixed double-freeing of hostapd configuration entries on exitJouni Malinen2008-01-161-1/+0
|
* WPS: Make sure SHA256 and crypto support gets included in the buildJouni Malinen2008-01-161-0/+2
|
* FT: Use AES-128-CMAC for MIC regardless of pairwise cipher suiteJouni Malinen2008-01-152-8/+7
| | | | | | | | IEEE 802.11r was changed to use AES-128-CMAC for MIC in EAPOL-Key and FT Action frames regardless of the negotiated pairwise cipher suite. This changed couple of drafts back, but the implementation here was still using the old version that had different MIC algorithm for cases when CCMP was not the negotiated cipher suite.
* FT: Use new key name labels from IEEE 802.11r/D9.0Jouni Malinen2008-01-151-0/+1
|
* WPS: Added callbacks to notify hostapd about new AP SettingsJouni Malinen2008-01-141-0/+27
| | | | | | | hostapd_wps_cred_cb() in wps_hostapd.c is now called when a Registrar has configured the AP. This function is currently only showing the new configuration in debug output and sending a notification to ctrl_iface monitors, i.e., the configuration is not yet taken into use or stored.
* WPS: Move device-specific data from Registrar to generic WPS contextJouni Malinen2008-01-146-60/+98
| | | | | | | | | | | | | | This adds a new struct wps_context for device-specific data that fits better for number of variables than struct wps_registrar. This allows AP configuration to be provided to Enrollee code so that M7 can be built with current AP configuration for external Registrar registration. In addition, Network Key is now hex encoded in wps_hostapd.c if needed to use correct fixed-PSK/passphrase setting. It should be noted that the option of using per-device PSK works only when the supplicant is acting as an Enrollee. If the supplicant is acting as a Registrar, generating a new per-device PSK would likely not work since the external Registrar could provision that PSK to other devices.
* WPS: Added initial part for configuring hostapd to act as an EnrolleeJouni Malinen2008-01-133-0/+21
| | | | | The new ap_pin configuration option is used to set the AP PIN for initial setup or for registering a new external Registrar.
* Use clearer title line for Multiple BSSID supportJouni Malinen2008-01-131-1/+1
|
* madwifi: Deliver received Probe Request frames for WPS processingJouni Malinen2008-01-131-2/+54
|
* madwifi: Enable delivery of Probe Request frames to userspaceTed Merrill2008-01-131-1/+27
| | | | (jm: cleaned up version of the patch from Ted)
* madwifi: Add names for new ioctls for debug printsJouni Malinen2008-01-131-4/+4
|
* madwifi: No need to include extra code for figuring out last ioctl numberTed Merrill2008-01-131-3/+1
| | | | | | | | The array index is already verified to be within the bounds of the array, so the extra validation for 'last' was not really needed. Since the last value had not been updated for the old driver version, some of the ioctls were already potentially missed. Better just remove this extra code to get rid of such problems.
* madwifi: Work around bogus IEEE80211_IOCTL_GETWPAIE data if no WPA/RSN IEJouni Malinen2008-01-131-0/+10
| | | | | | | | madwifi driver seems to return some random data if WPA/RSN IE is not set. Assume the IE was not included if the IE type is unknown. This is needed to cleanly handle WPS association that does not include WPA/RSN IE. If the bogus data starts with a matching IE type field, the association is still likely to fail, but at least it is much less likely to happen now.
* WPS: Add WPS to hostapd ChangeLogJouni Malinen2008-01-121-0/+8
| | | | | The current implementation is complete enough to allow a successful configuration of a WPS Enrollee for WPA-PSK.
* WPS: Allow Response Type to be configured (AP vs. Registrar)Jouni Malinen2008-01-121-0/+1
|
* Added support for configuring WPS IE for Host AP driverJouni Malinen2008-01-121-7/+77
|
* WPS: Added more details about the Enrollee into PIN needed notificationsJouni Malinen2008-01-121-9/+16
|
* WPS: Moved common processing of device attributes into wps_dev_attr.cJouni Malinen2008-01-121-0/+1
|
* WPS: Moved device attributes into a common data structureJouni Malinen2008-01-121-6/+30
| | | | | This makes it easier to pass full set of attributes to functions and to share common functions for processing these attributes.
* Fixed printf format for size_t on 64-bit targetsJouni Malinen2008-01-122-2/+4
|
* WPS: Fixed WPS builds to include dh_groups.oJouni Malinen2008-01-121-0/+1
|
* WPS: Allow device information to be configured in hostapd.confJouni Malinen2008-01-114-0/+92
|
* WPS: Added WPS IE handling for Probe Request messagesJouni Malinen2008-01-103-7/+67
| | | | | | | wpa_supplicant is now adding WPS IE to Probe Request messages if WPS is enabled. hostapd delivers concatenated WPS IE Data fields to WPS Registrar code to process to allow detection of overlapping PBC attempts. The actual collection of active PBC sessions list is not yet included in this commit.
* WPS: Added notification for button pushes and ctrl_iface command for thisJouni Malinen2008-01-094-0/+19
| | | | 'hostapd_cli wps_pbc' can now be used to initiate PBC.
* WPS: Notification for Enrollee PIN requestsJouni Malinen2008-01-084-0/+46
| | | | | | | | | | | Send a ctrl_iface monitor event and optionally write an entry to a text file (wps_pin_requests in hostapd.conf) when an Enrollee requests WPS negotiation and no Device Password (PIN) is available for the specified Enrollee UUID. This version is only providing E-UUID in the callback. Additional information about the Enrollee (Manufacturer, device type, etc.) should also be added to the callback (and ctrl_iface/text file logging).
* WPS: Added support for setting AP Setup Locked attributeJouni Malinen2008-01-084-0/+9
| | | | | | | Since hostapd does not yet support external Registrars, this does not really disable such functionality, but in theory, the current functionality looks more or less the same as a locked setup would look like, so setting ap_setup_locked=1 in configuration is reasonable option for the time being.
* madwifi: Allow association without WPA/RSN IE if WPS is enabledJouni Malinen2008-01-081-0/+9
|
* madwifi: Added support for configuring WPS IE for Beacon and Probe RespTed Merrill2008-01-081-0/+41
| | | | | (based on patch from Ted Merrill with some minor cleanup and changes to match with the current driver handler function prototypes)
* Fixed Reassociation Response callback processingJouni Malinen2008-01-082-2/+6
| | | | | | | | | The function was verifying callback buffer length against incorrect frame, (Re)Association Request, when processing (Re)Association Response callback. Since Reassociation Request is longer than Reassociation Response, this prevented Reassociation Response callbacks from being processed and broke re-association. This affected all drivers that use the internal MLME for association (driver_{hostap,nl80211,test}.c).
* WPS: Initialize WPS Registrar before IEEE 802.1X to fix EAPOL ctx pointerJouni Malinen2008-01-071-3/+3
|
* WPS: Allow non-WPA association if WPS is enabled and start EAPOLJouni Malinen2008-01-078-9/+81
| | | | | | | | | | | | | If WPS is enabled, allow non-WPA association even when the BSS is configured to use WPA in order to allow WPS handshake to be used. Start EAPOL handshake in this kind of case even if IEEE 802.1X is disabled for authentication. However, delay sending of EAP-Request/Identity until an EAPOL-Start is received unless the STA included WPS IE in (Re)Association Request (in which case the normal EAPOL processing is started). WPA state machines are not initialized for the STA if WPA/RSN IE is not included in (Re)Association Request, so this special case is used to start EAPOL state machines for EAP-WSC regardless of WPA/EAPOL configuration.
* WPS: Generate WPS IE for Beacon and Probe Response framesJouni Malinen2008-01-076-25/+216
| | | | | | | WPS Registrar code is now generating WPS IEs for Beacon and Probe Response frames. These are passed through a wps_hostapd.c callback to the driver interface (set_wps_{beacon,probe_resp}_ie or set_beacon) and to the hostapd MLME code beacon.c for Probe Request processing.
* Added 2008 to copyright statements in text files.Jouni Malinen2008-01-061-1/+1
|
* Updated the main copyright statements to include 2008.Jouni Malinen2008-01-061-2/+2
|
* WPS: Added support for configuring Device Password using hostapd ctrl_ifaceJouni Malinen2008-01-064-3/+57
| | | | | | | The hardcoded PIN value was replaced with a WPS Registrar function, wps_registrar_add_pin(), and hostapd ctrl_iface was extended with a new WPS_PIN <uuid> <pin> (hostapd_cli wps_pin <uuid> <pin>) command that adds a new UUID,PIN pair to the WPS Registrar.
* Moved hostapd WPS integration code into a new file (wps_hostapd.c)Jouni Malinen2008-01-064-132/+192
|
* WPS: Added Network Key configuration from hostapd to WPSJouni Malinen2008-01-063-2/+65
| | | | | | | If wpa_psk_file is set, a random, per-device PSK is generated by WPS code and this PSK is appended (using a callback function) to the wpa_psk_file. Otherwise, the pre-configured PSK (or in case of WEP, the WEP key) is sent to Enrollees as the Network Key.
* WPS: Set authentication and encryption typesJouni Malinen2008-01-061-0/+42
| | | | | | Configure enabled authentication and encryption types to WPS Registrar and match these with the supported types of the WPS Enrollee to select the best available combination for the Credential data.
* Cleaned up hostapd_setup_bss() a bit by moving larger setup routines intoJouni Malinen2008-01-061-84/+115
| | | | separate functions.
* WPS: Configure SSID from hostapd.conf to WPS RegistrarJouni Malinen2008-01-061-0/+2
|