aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant
Commit message (Collapse)AuthorAgeFilesLines
* WPS: Fix memory leak with wps_ie in wpa_bss_is_wps_candidate()vamsi krishna2016-06-171-0/+1
| | | | | | | | | Fix possible memory leak in case if WPS is not enabled on the interface for connection. This path was missed in commit fae7b3726035b57a78aa552378fc5d15402b9ec1 ('WPS: Do not expire probable BSSes for WPS connection'). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Do not expire probable BSSes for WPS connectionvamsi krishna2016-06-161-1/+43
| | | | | | | | | When the BSS count reaches max_bss_count, the oldest BSS will be removed in order to accommodate a new BSS. Exclude WPS enabled BSSes when going through a WPS connection so that a possible WPS candidate will not be lost. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Update PKCS#11 references in template wpa_supplicant.confDavid Woodhouse2016-06-111-17/+15
| | | | | | | | Ditch the legacy syntax and manual engine mangling and just give an example using simple PKCS#11 URIs that'll work with both GnuTLS and OpenSSL. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
* wpa_supplicant: Make GAS Address3 field selection behavior configurableJouni Malinen2016-06-105-1/+32
| | | | | | | | | | | | | | | | | | | | IEEE Std 802.11-2012, 10.19 (Public Action frame addressing) specifies that the wildcard BSSID value is used in Public Action frames that are transmitted to a STA that is not a member of the same BSS. wpa_supplicant used to use the actual BSSID value for all such frames regardless of whether the destination STA is a member of the BSS. P2P does not follow this rule, so P2P Public Action frame construction must not be changed. However, the cases using GAS/ANQP for non-P2P purposes should follow the standard requirements. Unfortunately, there are deployed AP implementations that do not reply to a GAS request sent using the wildcard BSSID value. The previously used behavior (Address3 = AP BSSID even when not associated) continues to be the default, but the IEEE 802.11 standard compliant addressing behavior can now be configured with gas_address3=1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Remove extra newline from the end of an error messageJouni Malinen2016-06-041-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Allow 160 MHz channel to be configuredJouni Malinen2016-06-041-0/+10
| | | | | | | | This allows minimal testing with 160 MHz channel with country code ZA that happens to be the only one with a non-DFS 160 MHz frequency. DFS with mesh is not yet supported. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Remove unreachable codeJouni Malinen2016-06-041-7/+1
| | | | | | | ssid->frequency cannot be 0 in wpa_supplicant_mesh_init() since wpas_supplicant_join_mesh() rejects such a configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Use extended capabilities per interface typeKanchanapally, Vidyullatha2016-05-315-0/+33
| | | | | | | | | | This adds the necessary changes to support extraction and use of the extended capabilities specified per interface type (a recent cfg80211/nl80211 extension). If that information is available, per-interface values will be used to override the global per-radio value. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Report connection timeouts in CTRL-EVENT-ASSOC-REJECTJouni Malinen2016-05-301-4/+6
| | | | | | | | | Add a new "timeout" argument to the event message if the nl80211 message indicates that the connection failure is not due to an explicit AP rejection message. This makes it easier for external programs to figure out why the connection failed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Fix error path handling for RSN (MGTK init)Jouni Malinen2016-05-301-3/+1
| | | | | | | | | wpa_deinit() got called twice if the random_get_bytes() fails to generate the MGTK. This resulted in double-freeing the rsn->auth pointer. Fix this by allowing mesh_rsn_auth_init() handle freeing for all error cases. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* D-Bus: Remove unused wpas_dbus_signal_p2p_group_started() parameterJouni Malinen2016-05-303-5/+1
| | | | | | The ssid pointer was not used. Signed-off-by: Jouni Malinen <j@w1.fi>
* D-Bus: Indicate whether created group is persistent or notNishant Chaprana2016-05-305-25/+20
| | | | | | | | | This adds an extra parameter in GroupStarted signal to indicate whether the created group is Persistent or not. It is similar to the [PERSISTENT] tag which comes in P2P-GROUP-STARTED over the control interface. Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
* mesh: Fix MESH_INTERFACE_ADD error path cleanupJouni Malinen2016-05-291-1/+1
| | | | | | | If wpa_supplicant_add_iface() fails, we need to remove the added netdev, not the existing wpa_s instance. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove dead code from wpas_sched_scan_plans_set()Jouni Malinen2016-05-281-7/+0
| | | | | | | scan_plan->interval was checked against 0 twice; the latter case cannot happen. Signed-off-by: Jouni Malinen <j@w1.fi>
* Improve reattach scan OOM failure handlingJouni Malinen2016-05-281-5/+3
| | | | | | | | | | Instead of reporting the memory allocation failure and stopping, run the scan even if the frequency list cannot be created due to allocation failure. This allows the wpa_s->reattach flag to be cleared and the scan to be completed even if it takes a bit longer time due to all channels getting scanned. Signed-off-by: Jouni Malinen <j@w1.fi>
* Indicate scan failure event on parameter cloning failureJouni Malinen2016-05-281-4/+2
| | | | | | This is more consistent with the radio_add_work() error case. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_cli: Run action file in case of an AP eventJörg Krause2016-05-231-0/+4
| | | | | | | Run the action script in case of AP events "AP-ENABLED" and "AP-DISABLED". Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
* scan: Fix a memory leak on an error pathJouni Malinen2016-05-231-0/+3
| | | | | | | | | If preassoc_mac_addr is used and updating the MAC address fails in wpas_trigger_scan_cb(), the cloned scan parameters were leaked. Fix that and also send a CTRL-EVENT-SCAN-FAILED event in this and another error case. Signed-off-by: Jouni Malinen <j@w1.fi>
* scan: Clean up code a bit - phase1 is used in all WPS casesJouni Malinen2016-05-221-4/+1
| | | | | | | | There is no need to have a separate if statement to skip the cases where phase1 is not set. Just check it with the strstr comparison since this case is not really used in practice. Signed-off-by: Jouni Malinen <j@w1.fi>
* scan: Clean up code a bit - ssid cannot be NULL hereJouni Malinen2016-05-221-2/+1
| | | | | | | wpa_s->current_ssid is set to a non-NULL ssid pointer value here, so there is no need for the extra if statement. Signed-off-by: Jouni Malinen <j@w1.fi>
* Update ChangeLog files for v2.6Jouni Malinen2016-05-211-0/+125
| | | | | | This adds a summary of changes since the v2.5 release. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix sending non-Public Action frames over P2P Device interfaceLior David2016-05-202-5/+29
| | | | | | | | | | | | | | | | | | | | | | The P2P Device interface can only send Public Action frames. Non-Public Action frames must be sent over a group interface. The previous implementation sometimes tried to send non-Public Action frames such as GO Discoverability over the P2P Device interface, however, the source address of the frame was set to the group interface address so the code in offchannel.c knew to select the correct interface for the TX. The check breaks when the P2P Device and group interfaces have the same MAC address. In this case the frame will be sent over the P2P Device interface and the send will fail. Fix this problem in two places: 1. In offchannel, route non-Public Action frames to the GO interface when the above conditions are met. 2. When a TX_STATUS event arrives on such routed frame, it will arrive on the GO interface but it must be handled by the P2P Device interface since it has the relevant state logic. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* P2PS: Allow P2P_CONNECT command for P2PS connection with/without PINPurushottam Kushwaha2016-05-192-2/+5
| | | | | | | | | | | | | This allows using P2PS config method with or without PIN for connection. wpa_supplicant should internally handle the default PIN "12345670" and shall also allow connection irrespective of PIN used in P2P_CONNECT. For example, 1. P2P_CONNECT 02:2a:fb:22:22:33 p2ps 2. P2P_CONNECT 02:2a:fb:22:22:33 xxxxxxxx p2ps Where the second one is maintained for backwards compatibility. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix external radio work debug printing on removalJouni Malinen2016-05-161-0/+7
| | | | | | | | | | work->type was pointing to the allocated work->ctx buffer and the debug print in radio_work_free() ended up using freed memory if a started external radio work was removed as part of FLUSH command operations. Fix this by updating work->type to point to a constant string in case the dynamic version gets freed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Add wps_disabled parameter to network blockLior David2016-05-146-1/+18
| | | | | | | Add a new parameter wps_disabled to network block (wpa_ssid). This parameter allows WPS functionality to be disabled in AP mode. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* Set wpa_psk_set in wpa_supplicant AP mode is PSK is availableJouni Malinen2016-05-141-0/+1
| | | | | | | While this is unlikely to make any practical difference, it is better to keep consistent with hostapd configuration parser. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix AP mode key_mgmt configuration in wpa_supplicant default caseJouni Malinen2016-05-141-1/+4
| | | | | | | | | If the network profile key_mgmt parameter was not set, wpa_supplicant defaulted to enabling both WPA-PSK and WPA-EAP. This is not correct for AP mode operations, so remove WPA-EAP in such a case to fix WPA-PSK without explicit key_mgmt parameter. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Do not enable P2P group processing for non-P2P AP modeJouni Malinen2016-05-141-1/+2
| | | | | | | | wpa_supplicant was starting P2P group processing for all AP mode interfaces in CONFIG_P2P=y builds. This is unnecessary and such operations should be enabled only for actual GO interfaces. Signed-off-by: Jouni Malinen <j@w1.fi>
* Send CTRL-EVENT-REGDOM-CHANGE event on the parent interfaceIlan Peer2016-05-141-1/+10
| | | | | | | | | | | | | | The NL80211_CMD_WIPHY_REG_CHANGE can be handled by any of the interfaces that are currently controlled by the wpa_supplicant. However, some applications expect the REGDOM_CHANGE event to be sent on the control interface of the initially added interface (and do not expect the event on any of child interfaces). To resolve this, when processing NL80211_CMD_WIPHY_REG_CHANGE, find the highest parent in the chain, and use its control interface to emit the CTRL-EVENT-REGDOM-CHANGE event. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* Add MGMT_RX_PROCESS test command for wpa_supplicantJouni Malinen2016-05-131-0/+73
| | | | | | | | | | This makes it easier to write hwsim test cases to verify management frame processing sequences with dropped or modified frames. When ext_mgmt_frame_handling is used, this new command can be used to request wpa_supplicant to process a received a management frame, e.g., based on information reported in the MGMT-RX events. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Calculate MTK before sending it to MAC in case Open is droppedPeter Oh2016-05-131-0/+2
| | | | | | | | | | | | | | | IEEE Std 802.11-2012 13.5.6.3 State transitions require an action sending SETKEYS primitive to MAC when OPN_ACPT event occurs in CNF_RCVD state in case of AMPE is used, but since MTK calculation is missed in this condition, all zero valued key are passed to MAC and cause unicast packet decryption error. This could happen if the first transmission of plink Open frame is dropped and Confirm frame is processed first followed by retransmitted Open frame. Fix this by calculating the MTK also in this sequence of unexpected messages. Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
* mesh: Add missing action to cancel timerPeter Oh2016-05-131-0/+1
| | | | | | | | | | | | | IEEE Std 802.11-2012 Table 13-2, MPM finite state machine requires to clear retryTimer when CNF_ACPT event occurs in OPN_SNT state which is missing, so add it to comply with the standard. This was found while debugging an MTK issue and this commit fixes a potential issue that mesh sends invalid event (PLINK_OPEN) which will lead another invalid timer register such as MeshConfirm Timer. This behaviour might lead to undefined mesh state. Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
* D-Bus: Check driver capability for IBSS in Modes property of CapabilitiesSaurav Babu2016-05-131-2/+3
| | | | | | | Instead of hardcoding "ad-hoc" in the array of supported capabilities, add this only if the driver indicates support for IBSS. Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
* wpa_supplicant: Fix CONFIG_AP build without CTRL_IFACEJohannes Berg2016-05-131-1/+1
| | | | | | | | wpas_ap_pmksa_cache_list() and wpas_ap_pmksa_cache_flush() should be under the #ifdef since they're only called for the control iface and use functionality that otherwise isn't available. Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
* Skip connection attempt for non-RSN networks if PMF is set to requiredSunil Dutt2016-05-051-0/+8
| | | | | | | | Since ieee80211w=2 is an explicit configuration to wpa_supplicant, the connection attempt for such non-PMF (non-RSN) capable networks should be skipped. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Ignore pmf=1/2 parameter for non-RSN networksJouni Malinen2016-05-053-5/+21
| | | | | | | | | PMF is available only with RSN and pmf=2 could have prevented open network connections. Change the global wpa_supplicant pmf parameter to be interpreted as applying only to RSN cases to allow it to be used with open networks. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Reject SET commands with newline characters in the string valuesJouni Malinen2016-05-021-0/+6
| | | | | | | | | | | | | | | | | | | | | | | Many of the global configuration parameters are written as strings without filtering and if there is an embedded newline character in the value, unexpected configuration file data might be written. This fixes an issue where wpa_supplicant could have updated the configuration file global parameter with arbitrary data from the control interface or D-Bus interface. While those interfaces are supposed to be accessible only for trusted users/applications, it may be possible that an untrusted user has access to a management software component that does not validate the value of a parameter before passing it to wpa_supplicant. This could allow such an untrusted user to inject almost arbitrary data into the configuration file. Such configuration file could result in wpa_supplicant trying to load a library (e.g., opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user controlled location when starting again. This would allow code from that library to be executed under the wpa_supplicant process privileges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Reject SET_CRED commands with newline characters in the string valuesJouni Malinen2016-05-021-1/+8
| | | | | | | | | | | | | | | | | | | | | | | Most of the cred block parameters are written as strings without filtering and if there is an embedded newline character in the value, unexpected configuration file data might be written. This fixes an issue where wpa_supplicant could have updated the configuration file cred parameter with arbitrary data from the control interface or D-Bus interface. While those interfaces are supposed to be accessible only for trusted users/applications, it may be possible that an untrusted user has access to a management software component that does not validate the credential value before passing it to wpa_supplicant. This could allow such an untrusted user to inject almost arbitrary data into the configuration file. Such configuration file could result in wpa_supplicant trying to load a library (e.g., opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user controlled location when starting again. This would allow code from that library to be executed under the wpa_supplicant process privileges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove newlines from wpa_supplicant config network outputPaul Stewart2016-05-021-2/+13
| | | | | | | | | | Spurious newlines output while writing the config file can corrupt the wpa_supplicant configuration. Avoid writing these for the network block parameters. This is a generic filter that cover cases that may not have been explicitly addressed with a more specific commit to avoid control characters in the psk parameter. Signed-off-by: Paul Stewart <pstew@google.com>
* Reject psk parameter set with invalid passphrase characterJouni Malinen2016-05-021-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | WPA/WPA2-Personal passphrase is not allowed to include control characters. Reject a passphrase configuration attempt if that passphrase includes an invalid passphrase. This fixes an issue where wpa_supplicant could have updated the configuration file psk parameter with arbitrary data from the control interface or D-Bus interface. While those interfaces are supposed to be accessible only for trusted users/applications, it may be possible that an untrusted user has access to a management software component that does not validate the passphrase value before passing it to wpa_supplicant. This could allow such an untrusted user to inject up to 63 characters of almost arbitrary data into the configuration file. Such configuration file could result in wpa_supplicant trying to load a library (e.g., opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user controlled location when starting again. This would allow code from that library to be executed under the wpa_supplicant process privileges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Android: Remove EAP-FAST optionDmitry Shmidt2016-04-281-1/+1
| | | | | | Current BoringSSL version is not suitable for EAP-FAST. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* P2P: Copy config from p2pdev when not using dedicated group interfaceAndrei Otcheretianski2016-04-241-21/+12
| | | | | | | | | | | | | | | | | | | | When the P2P Device interface is used and an existing interface is used for P2P GO/Client, the P2P Device configuration was not cloned to the configuration of the existing interface. Thus, configuration parameters such as idle_group_time, etc., were not propagated to the P2P GO/Client interface. Handle this by copying all configuration parameters of the P2P device interface to the reused interface, with the following exceptions: 1. Copy the NFC key data only if it was not set in the configuration file. 2. The WPS string fields are set only if they were not previously set in the configuration of the destination interface (based on the assumption that these fields should be identical among all interfaces). Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* P2P: Fix wpas_p2p_nfc_auth_join()Andrei Otcheretianski2016-04-241-9/+9
| | | | | | | | | Use the p2pdev pointer instead of the parent pointer to comply with the flows when a dedicated P2P Device interface is used and p2p_no_group_iface == 1 (in which case the parent of the reused interface isn't necessary the same as p2pdev). Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* WNM: Fetch scan results before checking transition candidatesKanchanapally, Vidyullatha2016-04-233-26/+151
| | | | | | | | | | | | | On receiving a WNM BSS Transition Management Request frame with a candidate list, fetch the latest scan results from the kernel to see if there are any recent scan results for the candidates and initiate a connection if found. This helps to avoid triggering a new scan in cases where a scan initiated by something else (e.g., an internal beacon measurement report functionality in a driver) has processed Beacon or Probe Response frames without wpa_supplicant having received a notification of such an update yet. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* systemd: Update service files according to D-Bus interface versionMarcin Niestroj2016-04-182-4/+8
| | | | | | | | | | | | | | systemd service files were supplied with old D-Bus bus name. After service activation systemd was waiting for appearance of specified bus name to consider it started successfully. However, if wpa_supplicant was compiled only with the new D-Bus interface name, systemd didn't notice configured (old) D-Bus bus name appearance. In the end, service was considered malfunctioning and it was deactivated. Update systemd service BusName property according to supported D-Bus interface version. Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
* P2P: Add P2P_GROUP_MEMBER command to fetch client interface addressPurushottam Kushwaha2016-04-182-0/+37
| | | | | | | | | | | | | | | This allows local GO to fetch the P2P Interface Address of a P2P Client in the group based on the P2P Device Address for the client. This command should be sent only on a group interface (the same peer may be in multiple concurrent groups). Usage: P2P_GROUP_MEMBER <P2P Device Address> Output: <P2P Interface Address> Signed-off-by: Purushottam Kushwaha <pkushwah@qti.qualcomm.com>
* P2P: Trigger event when invitation is acceptedLior David2016-04-181-0/+19
| | | | | | | | | | Trigger an event when wpa_supplicant accepts an invitation to re-invoke a persistent group. Previously wpa_supplicant entered group formation without triggering any specific events and it could confuse clients, especially when operating with a driver that does not support concurrency between P2P and infrastructure connection. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* RRM: Modify the processing of a received neighbor reportIlan Peer2016-04-171-6/+94
| | | | | | | | | | | | Parse a received neighbor report and report for each neighbor report the data received for it: RRM-NEIGHBOR-REP-RECEIVED bssid=<BSSID> info=0x<hex> op_class=<class> chan=<chan> [lci=hex] [civic=hex] Note that this modifies the previous format that originally reported only the length of the received frame. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* SME: Add support for global RRM flagBeni Lev2016-04-171-3/+4
| | | | | | Add RRM to SME authentication/association if the global RRM flag is set. Signed-off-by: Beni Lev <beni.lev@intel.com>
* wpa_supplicant: Handle LCI requestDavid Spinadel2016-04-175-0/+194
| | | | | | | | | | | | | | Handle radio measurement request that contains LCI request. Send measurement report based on a configurable LCI report element. The LCI report element is configured over the control interface with SET lci <hexdump of the element> and cleared with SET lci "" Signed-off-by: David Spinadel <david.spinadel@intel.com>