aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Remove Network Security Service (NSS) supportJouni Malinen2015-01-106-918/+0
| | | | | | | | | | NSS as a TLS/crypto library alternative was never completed and this barely functional code does not even build with the current NSS version. Taken into account that there has not been much interest in working on this crypto wrapper over the years, it is better to just remove this code rather than try to get it into somewhat more functional state. Signed-off-by: Jouni Malinen <j@w1.fi>
* schannel: Reject subject_match, altsubject_match, suffix_matchJouni Malinen2015-01-101-0/+15
| | | | | | | | | Validation of these parameters has not been implemented with schannel. Instead of ignoring them silently, reject the configuration to avoid giving incorrect impression of the parameters being used if wpa_supplicant is built with schannel instead of the default OpenSSL. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Reject subject_match, altsubject_match, suffix_matchJouni Malinen2015-01-101-0/+15
| | | | | | | | | | Validation of these parameters has not been implemented in the internal TLS implementation. Instead of ignoring them silently, reject the configuration to avoid giving incorrect impression of the parameters being used if wpa_supplicant is built with the internal TLS implementation instead of the default OpenSSL. Signed-off-by: Jouni Malinen <j@w1.fi>
* GnuTLS: Reject subject_match, altsubject_match, suffix_matchJouni Malinen2015-01-101-112/+12
| | | | | | | | | Validation of these parameters has not been implemented with GnuTLS. Instead of ignoring them silently, reject the configuration to avoid giving incorrect impression of the parameters being used if wpa_supplicant is built with GnuTLS instead of the default OpenSSL. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix a typo in domain_suffix_match documentationJouni Malinen2015-01-103-3/+3
| | | | | | Spell SubjectName correctly. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Increase altsubject_match testing coverageJouni Malinen2015-01-101-1/+12
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Improve subject_match and domain_suffix_match documentationJouni Malinen2015-01-102-3/+27
| | | | | | | | | | These were already covered in both README-HS20 for credentials and in header files for developers' documentation, but the copy in wpa_supplicant.conf did not include all the details. In addition, add a clearer note pointing at subject_match not being suitable for suffix matching domain names; domain_suffix_match must be used for that. Signed-off-by: Jouni Malinen <j@w1.fi>
* trace: Fix out-of-memory testing logicJouni Malinen2015-01-101-3/+4
| | | | | | | data.function needs to be set for the return value to be of any use and strcmp won't work with NULL pointer either. (CID 99907) Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: bssid_blacklist and bssid_whitelistJouni Malinen2015-01-103-1/+67
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Add address masks to BSSID listsStefan Tomanek2015-01-106-48/+145
| | | | | | | | | | | | In many applications it is useful not just to enumerate a group of well known access points, but to use a address/mask notation to match an entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00). This change expands the data structures used by MAC lists to include a mask indicating the significant (non-masked) portions of an address and extends the list parser to recognize mask suffixes. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
* Add network specific BSSID black and white listsStefan Tomanek2015-01-104-0/+105
| | | | | | | | | | | | This change adds the configuration options "bssid_whitelist" and "bssid_blacklist" used to limit the AP selection of a network to a specified (finite) set or discard certain APs. This can be useful for environments where multiple networks operate using the same SSID and roaming between those is not desired. It is also useful to ignore a faulty or otherwise unwanted AP. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
* Add generic parser for MAC address listsStefan Tomanek2015-01-101-75/+95
| | | | | | | | This change generalizes the code used for parsing the configuration option 'p2p_client_list' and makes it suitable to use it in other contexts. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
* nl80211: Use a helper function to put mesh_idJouni Malinen2015-01-101-12/+16
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Use a helper function for putting beacon intervalJouni Malinen2015-01-101-16/+17
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove mesh_ht_mode network block parameterJouni Malinen2015-01-104-76/+0
| | | | | | | | | There should not be a mesh-specific mechanism for setting up channel parameters since that will just result in duplicated code. IBSS, mesh, and AP mode can use the same data structures and parameters for setting up such parameters. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Use the shared function with IBSS to determine channel parametersJouni Malinen2015-01-103-20/+9
| | | | | | | | Automatically enable HT20, HT40+, HT40-, or VHT, based on driver capabilities. This obsoletes the mesh_ht_mode network block parameter that was previously used to configure HT parameters. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Convert channel configuration to use common routinesJouni Malinen2015-01-103-43/+20
| | | | | | | Use struct hostapd_freq_params just like other modes do instead of mesh-specific freq and ht_mode. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Use a separate variable to track whether HT is enabledJouni Malinen2015-01-103-4/+4
| | | | | | | A network profile parameter should not be used to check whether the currently operating mesh has HT enabled. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Move debug prints into nl80211_put_freq_params()Jouni Malinen2015-01-101-8/+13
| | | | | | This way all callers can get the benefit of the same debug prints. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Add a helper function for putting basic ratesJouni Malinen2015-01-101-34/+23
| | | | | | | There is no need for maintaining two more or less identical copies of this functionality. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Drop mesh_ht_mode parameter from mesh test casesJouni Malinen2015-01-101-11/+8
| | | | | | | | This network profile parameter will be removed with the cleanup that makes mesh use shared functions for setting channel parameters. That will allow HT to be enabled automatically based on driver capabilities. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Mesh in 5 GHz bandJouni Malinen2015-01-101-0/+33
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* ibss/mesh: Enable HT40 if supportedJanusz Dziedzic2015-01-101-1/+102
| | | | | | Setup HT40+/HT40- if supported by driver. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* Make check_40mhz_2g4 commonJanusz Dziedzic2015-01-103-90/+97
| | | | Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* Make check_20mhz_bss commonJanusz Dziedzic2015-01-103-24/+31
| | | | Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* Make check_40mhz_5g commonJanusz Dziedzic2015-01-103-60/+79
| | | | Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* Make get_pri_sec_chan() commonJanusz Dziedzic2015-01-103-19/+28
| | | | Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* Introduce common allowed_ht40_channel_pair()Janusz Dziedzic2015-01-103-55/+68
| | | | | | This can be used from hostapd/wpa_supplicant. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* Use common hw_get_freq/hw_get_chan helpers in hostapdJanusz Dziedzic2015-01-101-26/+3
| | | | Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* Introduce common hw featuresJanusz Dziedzic2015-01-106-0/+109
| | | | | | Introduce wpa_supplicant/hostapd hw features. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* IBSS: Add WPA_DRIVER_FLAGS_HT_IBSSJanusz Dziedzic2015-01-103-17/+38
| | | | | | | | | Add WPA_DRIVER_FLAGS_HT_IBSS driver feature flag. Some drivers could not set this feature and next could fail when we will enable HT support for IBSS with error message: nl80211: Join IBSS failed: ret=-22 (Invalid argument). Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* SAE: Implement retransmission timerBob Copeland2015-01-104-1/+103
| | | | | | | | Add the t0 retransmission timer as specified by IEEE Std 802.11-2012, 11.3.8.4. This makes SAE much more likely to succeed in the case of lost frames. Signed-off-by: Bob Copeland <me@bobcopeland.com>
* SAE: Centralize function for sending initial COMMITBob Copeland2015-01-103-74/+48
| | | | | | | | | | | | When performing SAE authentication in mesh, one station may initiate authentication by sending a COMMIT as soon as a peer candidate is discovered. Previously we did this in mesh_rsn.c, but this left some of the state initialization in a different part of the code from the rest of the state machine, and we may need to add other initializations here in the future, so move that to a more central function. Signed-off-by: Bob Copeland <me@bobcopeland.com>
* bsd: Fix parsing of ieee80211req_scan_result on FreeBSD and DragonFlyImre Vadasz2015-01-101-0/+5
| | | | | | | | | | | On FreeBSD and DragonFly BSD, we additionally need to skip the isr_meshid_len bytes of the MESH ID, to get the correct address for copying the IE data. The isr_meshid_len field was added in the FreeBSD svn revision r195618 in 2009, so I don't think we need to check the FreeBSD version here. Signed-off-by: Imre Vadász <imre@vdsz.com>
* Android: Remove hardcoded ICU include paths from hs20-osu-clientNarayan Kamath2015-01-091-3/+6
| | | | | | ICU exports them using LOCAL_EXPORT_C_INCLUDE_DIRS. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* tests: Refactor tshark runningJohannes Berg2015-01-094-69/+64
| | | | | | | Refactor the code to run tshark into its own submodule. This allows even remembering whether -Y or -R needs to be used for filtering. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* tests: Out-of-memory cases for D-Bus operationsJouni Malinen2015-01-092-2/+602
| | | | | | This increases testing coverage on various error paths. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Additional D-Bus error path coverageJouni Malinen2015-01-092-0/+34
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* D-Bus: Use NoMemory error message from CreateInterfaceJouni Malinen2015-01-091-4/+7
| | | | | | | Try to be a bit more consistent by using NoMemory instead of InvalidArgs if os_strdup() fails in the CreateInterface handler. Signed-off-by: Jouni Malinen <j@w1.fi>
* Handle interface disabled/enabled more consistentlyJouni Malinen2015-01-081-0/+10
| | | | | | | | | | | | | It was possible for the interface not to be marked in INTERFACE_DISABLED state in case the event was processed for P2P GO because the wpa_s instance could have been removed in case of a separate group interface. Change the state first to avoid leaving different state for the case where separate group interface is not used. Mark scan to be a normal scan on INTERFACE_ENABLED so that scanning rules (e.g., skip scan if no networks enabled) get used consistently. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Indicate reason=UNAVAILABLE for group netdev going downJouni Malinen2015-01-081-1/+5
| | | | | | | | | | There is a race condition between receiving an AP stopped event and netdev down event. These resulted in different group removal reasons on a GO device (UNAVAILABLE for stop AP event coming first and REQUESTED for netdev event first). Make this more consistent by reporting UNAVAILABLE for both possible cases. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Add out-of-memory loop tests for hostapd startupJouni Malinen2015-01-081-0/+51
| | | | | | | | | | | These test cases run hostapd interface setup multiple times with TEST_ALLOC_FAIL commands triggering memory allocation failures one by one at each possible location in the setup sequence. Effectively, these test cases will hit most error paths for memory allocation issue cases (i.e., only the cases requiring more than one allocation failure in a sequence are not covered). Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: hostapd BSS addition failuresJouni Malinen2015-01-081-0/+33
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: hostapd interface setup and memory allocation failuresJouni Malinen2015-01-081-0/+37
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Memory allocation failure in wpa_supplicant blacklistJouni Malinen2015-01-082-0/+21
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Convert test skipping to use exceptionJouni Malinen2015-01-0826-321/+164
| | | | | | | Instead of returning "skip" from the test function, raise the new HwsimSkip exception to indicate a test case was skipped. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Use rfkill python moduleJohannes Berg2015-01-082-49/+45
| | | | | | Instead of calling the rfkill binary, use the built-in module. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* tests: Add rfkill moduleJohannes Berg2015-01-081-0/+150
| | | | | | This can be used instead of invoking the rfkill binary. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* Verify that eloop_register_read_sock() succeeds for ctrl_iface setupJouni Malinen2015-01-081-2/+6
| | | | | | | This allows faster detection of a case where a memory allocation fails within eloop. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix a memory leak on WPA authenticator error pathJouni Malinen2015-01-081-0/+2
| | | | | | wpa_auth->group needs to be freed if PMK cache setup fails. Signed-off-by: Jouni Malinen <j@w1.fi>