aboutsummaryrefslogtreecommitdiffstats
path: root/src/wps
Commit message (Collapse)AuthorAgeFilesLines
* WPS: Fix clearing of SetSelectedRegistrar with multiple interfacesJouni Malinen2012-02-133-9/+15
| | | | | | | | | | | | | | | | | | The SetSelectedRegistrar timeout was registered for each registrar instance, but the only context pointer (struct subscription *) was shared with each registrar which resulted in the timeout getting cancelled for some of the registrar instances before the selected registrar (ER) information was cleared. In addition, when an ER unsubscribed from receiving events, the selected registrar information got cleared only from a single registrar. Fix these issues by registering a pointer to the registrar instance in the timeout and by iterating over all UPnP interfaces when removing a subscription. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove the GPL notification from files contributed by Jouni MalinenJouni Malinen2012-02-1120-160/+40
| | | | | | | Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove the GPL notification from files contributed by AtherosJouni Malinen2012-02-113-24/+6
| | | | | | | Remove the GPL notification text from files that were initially contributed by Atheros Communications or Qualcomm Atheros. Signed-hostap: Jouni Malinen <j@w1.fi>
* WPS: Allow wildcard UUID PIN to be used twiceGanesh Prasadh2012-02-081-3/+11
| | | | | | | | | | | | Previously, PINs that are added with a wildcard UUID were allowed to be used only by a single Enrollee. However, there may be more than one Enrollee trying to connect when an AP indicates that active Registrar is present. As a minimal workaround, allow two Enrollees to try to use the wildcard PIN. More complete extension could use timeout and allow larger set of Enrollees to try to connect (while still keeping in mind PIN disabling requirement after 10 failed attempts). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Disable AP PIN after 10 consecutive failuresJouni Malinen2012-01-302-1/+10
| | | | | | | | | | | While the exponential increase in the lockout period provides an efficient mitigation mechanism against brute force attacks, this additional trigger to enter indefinite lockout period (cleared by restarting hostapd) will limit attacks even further by giving maximum of 10 attempts (without authorized user action) even in a very long term attack. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Fix an interoperability issue with mixed mode and AP SettingsJouni Malinen2012-01-271-4/+31
| | | | | | | | | | | | | | It looks like Windows 7 WPS implementation does not like multiple Authentication/Encryption Type bits to be set in M7 AP Settings attributes, i.e., it refused to add a network profile if the AP was configured for WPA/WPA2 mixed mode and AP PIN was used to enroll the network. Leave only a single bit set in the Authentication/Encryption Type attributes in M7 when the AP is acting as an Enrollee to avoid this issue. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Cancel previous registered wps_registrar_pbc_timeoutSpencer Chang2011-12-291-0/+1
| | | | | | | | Since wps_registrar_pbc_timeout is called to stop PBC, previously registered wps_registrar_pbc_timeout must be canceled when canceling the WPS operation. Signed-off-by: Spencer Chang <jungwalk@gmail.com>
* Skip WPS PBC overlap detection if P2P address is the sameVitaly Wool2011-12-111-4/+9
| | | | | | | | | | | | | | | | WPS overlap detection can detect false overlap if a P2P peer changes UUID while authentication is ongoing. Changing UUID is of course wrong but this is what some popular devices do so we need to work around it in order to keep compatibility with these devices. There already is a mechanism in WPS registrar to skip overlap detection if P2P addresses of two sessions match but it wasn't really triggered because the address wasn't filled in in the caller function. Let's fill in this address and also clean up WPS PBC sessions on WSC process completion if UUID was changed. Signed-hostap: Vitaly Wool<vitalywool@gmail.com>
* WPS: Fix stopping of active WPS operation on dual concurrent APSubrat Dash2011-11-302-0/+13
| | | | | | | | | | When hostapd controls multiple radios, WPS operations are started on all interfaces. However, when the provisioning run had been completed successfully, actiove WPS mode was stopped only a single interface. Fix this to iterate through all interfaces so that this is handled consistently with the starting of WPS operation. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS ER: Fix segfault in some selected registrar change casesJouni Malinen2011-11-303-11/+0
| | | | | | | | | | | | | | | | Commit 628d54639a90f779fd5c98c31e049638de56b17e introduced number of new WPS related ctrl_iface messages to hostapd. Some of these were for ER events which do not make any sense to hostapd that cannot operate as an ER. The WPS_EV_ER_SET_SELECTED_REGISTRAR one from wps_registrar_sel_registrar_changed_event() was especially problematic since it can cause wpa_supplicant ER code segfault due to missing event data. Revert all the ER specific changes from commit 628d54639a90f779fd5c98c31e049638de56b17e to get rid of the segfault and undesired extra code in hostapd. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Use NULL instead of 0 for pointersJouni Malinen2011-11-181-4/+4
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* WPS: Use strdup to initialize dev_password for PBCJouni Malinen2011-11-171-2/+1
| | | | | | | | Some static analyzers complain about memset with '0' value. This was used correctly here, but since use of strdup is about as good an option, use that to silence the invalid warnings. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove unnecessary include file inclusionJouni Malinen2011-11-132-2/+0
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* WPS: Send the credential when learning AP params in registrar roleOlivier Sobrie2011-10-301-0/+43
| | | | | | | | | | | | | When the supplicant acts as a registrar to learn the access point parameters send the credentials to the wpa_cli interface after receiving the 7th message. This is needed for proper behavior with wps_cred_processing set to 1 or 2. Without this patch, after the 7th message you got the WPS-CRED-RECEIVED notification without the credentials. This was because the cred_attr and cred_attr_len were not filled in in the wps structure. Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
* Remove unused variablesJouni Malinen2011-10-231-0/+4
|
* Remove unused variable and functionAndrii Bordunov2011-10-221-12/+0
|
* WPS: Send AP Settings as a wrapped Credential attribute to ctrl_ifaceZhi Chen2011-09-302-0/+22
| | | | | | Wrap self-generated WPS credential for new AP settings and send that to control interface to provide the needed information in WPS-NEW-AP-SETTINGS for external processing.
* Fix typos found by codespellPavel Roskin2011-09-223-4/+4
| | | | Signed-off-by: Pavel Roskin <proski@gnu.org>
* Remove time.h include from utils/includes.hJouni Malinen2011-09-121-1/+1
| | | | | | | | | os_*() wrappers should be used instead of functions from time.h. Removing the header from includes.h enforces this. os_unix.c can include this its uses are valid wrapper calls. wps_upnp.c uses gmtime() for which there is no os_*() wrapper available yet, so allow it to use time.h, too. Similarly, allow dump_state.c to use time.h for ctime().
* WPS: Set Probe Request config methods based on configurationBharat Chakravarty2011-09-012-28/+2
| | | | | | Instead of hardcoding the Config Methods attribute value in Probe Request frames, set this based on the configured parameter config_methods to allow correct set of methods to be advertised.
* WPS ER: Fix UPnP XML Device Description parser to find correct deviceJouni Malinen2011-08-313-3/+50
| | | | | | | | The device description file may include multiple devices. Improve the simplistic parser by first trying to find the WFADevice:1 device before fetching the device parameters. While this is still far from complete XML parsing, this should address the most common root device specifications.
* WPS: Wait for EAPOL-Start unless WPS 2.0 station as workaroundJouni Malinen2011-08-282-0/+14
| | | | | | | | | | | Extend the code that waits for the station to send EAPOL-Start before initiating EAPOL authenticator operations to cover the case where the station includes WPS IE in (Re)Association Request frame if that IE does not include support for WPS 2.0. While this should not really be needed, this may help with some deployed WPS 1.0 stations that do not support EAPOL operations correctly and may get confused of the EAP-Request/Identity packets that would show up twice if EAPOL-Start is transmitted.
* WPS: Fix M2/M2D Config Methods to include PushButton even if PBC not in useJouni Malinen2011-08-111-9/+1
| | | | | | | | The Config Methods attribute in M2 and M2D messages is supposed to indicate which configuration methods are supported by the Registrar. As such, it should not depend on whether PBC mode is currently active or not. That will only affect the Selected Registrar Config Methods and Device Password ID attributes.
* WPS: Fix default virt/phy pushbutton config method settingJouni Malinen2011-08-111-4/+2
| | | | | Instead of always adding PHY PushButton config method, only add this if neither virtual nor physical push button is advertised.
* Dispatch more WPS events through hostapd ctrl_ifaceAnish Nataraj2011-08-043-0/+11
|
* WPS: Add a workaround for Windows 7 capability discovery for PBCJouni Malinen2011-05-174-1/+18
| | | | | | | | | | | | Windows 7 uses incorrect way of figuring out AP's WPS capabilities by acting as a Registrar and using M1 from the AP. The config methods attribute in that message is supposed to indicate only the configuration method supported by the AP in Enrollee role, i.e., to add an external Registrar. For that case, PBC shall not be used and as such, the PushButton config method is removed from M1 by default. If pbc_in_m1=1 is included in the configuration file, the PushButton config method is left in M1 (if included in config_methods parameter) to allow Windows 7 to use PBC instead of PIN (e.g., from a label in the AP).
* WPS: Fix off-by-one check in vendor extension parsingJouni Malinen2011-04-141-1/+1
|
* P2P: Add option for requested device type in P2P search/scanJean-Michel Bachot2011-03-194-2/+34
| | | | | | | With this, p2p_find can be extended to find certain requested device types. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* P2P: Keep track of peer WPS vendor extensionsJean-Michel Bachot2011-03-193-4/+29
| | | | | | | | Make the P2P code keep track of WPS vendor extensions received from peers so they can be exposed via DBus later. Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* WPS: Add support for adding WPS Vendor ExtensionsJean-Michel Bachot2011-03-194-4/+38
| | | | | | | This adds the ability to add WPS vendor extensions to an AP (or GO). They will be added to the WSC IE(s) in Beacon and Probe Response frames. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* WPS: Move P2P extension generation for WSC IE in Beacon framesJouni Malinen2011-03-191-9/+9
| | | | | This cleans up debug log by keeping the WSC IE attributes for Beacon frames before starting to build the Probe Response frame.
* WPS: Add more debug information to PBC session overlap checkJouni Malinen2011-03-171-7/+24
|
* WPS: Fix active PBC session removal to ignore MAC addressJouni Malinen2011-03-171-7/+12
| | | | | | | Use only the UUID-E to remove active PBC session(s) at the completion of successful PBC protocol run. This fixes potential issues with Enrollees that use multiple MAC addresses and as such, can get multiple entries in the PBC session list.
* P2P: Keep track of secondary device types for peersJean-Michel Bachot2011-03-173-0/+13
| | | | | Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* WPS: Add secondary device types into Probe Request framesJean-Michel Bachot2011-03-174-3/+25
| | | | | | | The secondary device type list is an optional attribute in the WSC IE. Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* WPS: Indicate PBC session overlap in wps_pbc return valueChao-Wen Yang2011-03-101-3/+6
| | | | | | | Use a specific return value, WPS-PBC-OVERLAP, to indicate a reason for rejecting a wps_pbc command in wpa_supplicant AP mode if the PBC mode cannot be started due to PBC session overlap having been detected during monitor time.
* WPS: Ignore PBC session overlap if a specific Enrollee is selectedJouni Malinen2011-03-101-8/+31
| | | | | | | This allows the user to complete WPS provisioning using PBC by selected a specific Enrollee even if there are other Enrollees in active PBC mode at the same time. The other Enrollees will be rejected should they try to connect at the same time.
* WPS: Show the received UUID-E from Probe Request in debug logJouni Malinen2011-03-101-0/+2
| | | | This makes it easier to debug PBC session overlap issues.
* WPS: Use only UUID-E in PBC session overlap detection on RegistrarJouni Malinen2011-03-101-3/+10
| | | | | | | | Ignore possible mismatches in the source address of the frame and only use UUID-E to check whether a Probe Request or M1 is from the same Enrollee when figuring out whether there is PBC session overlap. This is needed to avoid potential issues with Enrollee devices that may have multiple interfaces indicating active PBC state.
* P2P: Allow WPS_PBC command on GO to select on P2P Device AddressJouni Malinen2011-02-075-4/+54
| | | | | | | | | | | | | | An optional parameter, p2p_dev_addr, can now be given to WPS_PBC command on P2P GO to indicate that only the P2P device with the specified P2P Device Address is allowed to connect using PBC. If any other device tries to use PBC, a session overlap is indicated and the negotiation is rejected with M2D. The command format for specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g., WPS_PBC p2p_dev_addr=02:03:04:05:06:07 In addition, show the PBC session overlap indication as a WPS failure event on an AP/GO interface. This particular new case shows up as "WPS-FAIL msg=4 config_error=12".
* WPS: Add mechanism for indicating non-standard WPS errorsChao-Wen Yang2011-01-136-16/+45
| | | | | | | | | | | Previously, only the Configuration Error values were indicated in WPS-FAIL events. Since those values are defined in the specification it is not feasible to extend them for indicating other errors. Add a new error indication value that is internal to wpa_supplicant and hostapd to allow other errors to be indicated. Use the new mechanism to indicate if negotiation fails because of WEP or TKIP-only configurations being disallows by WPS 2.0.
* WPS: Include all Config Methods in Probe RequestJouni Malinen2010-12-201-21/+18
| | | | | Do not use active PBC state to figure out which ConfigMethods are included in Probe Request; instead, include all supported ones.
* Annotate places depending on strong random numbersJouni Malinen2010-11-244-9/+14
| | | | | | | | | | | | | This commit adds a new wrapper, random_get_bytes(), that is currently defined to use os_get_random() as is. The places using random_get_bytes() depend on the returned value being strong random number, i.e., something that is infeasible for external device to figure out. These values are used either directly as a key or as nonces/challenges that are used as input for key derivation or authentication. The remaining direct uses of os_get_random() do not need as strong random numbers to function correctly.
* WPS: Add special AP Setup Locked mode to allow read only ERJouni Malinen2010-11-172-2/+22
| | | | | | | | | | | | | | ap_setup_locked=2 can now be used to enable a special mode where WPS ER can learn the current AP settings, but cannot change then. In other words, the protocol is allowed to continue past M2, but is stopped at M7 when AP is in this mode. WPS IE does not advertise AP Setup Locked in this case to avoid interoperability issues. In wpa_supplicant, use ap_setup_locked=2 by default. Since the AP PIN is disabled by default, this does not enable any new functionality automatically. To allow the read-only ER to go through the protocol, wps_ap_pin command needs to be used to enable the AP PIN.
* WPS: Fix UPnP deinit order to avoid using freed memoryJouni Malinen2010-11-111-3/+9
| | | | | | | | | | When multiple wireless interfaces are used with WPS, the UPnP subscriptions need to be removed whenever a matching Registrar instance gets removed. This avoids a segfault due to access to freed memory during hostapd shutdown. In addition, the UPnP interface instance structure needs to be freed to avoid memory leak.
* WPS ER: Fix compiler warning on non-WPS2 buildsJouni Malinen2010-11-111-0/+2
|
* WPS: Change concurrent radio AP to use only one WPS UPnP instanceJouni Malinen2010-11-115-82/+200
| | | | | | | | | | | | | WPS external Registrars can get confused about multiple UPnP instances (one per radio) on a dual-concurrent APs. Simplify the design by sharing a single UPnP state machine for all wireless interfaces controlled by hostapd. This matches with the previous changes that made a single command enable WPS functionality on all interfaces. This is relatively minimal change to address the sharing of the state among multiple struct hostapd_data instances. More cleanup can be done separately to remove unnecessary copies of information.
* WPS: Add wildcard AuthorizedMACs entry for PBCJouni Malinen2010-11-091-0/+4
|
* WPS: Send WSC_NACK if message without Message Type is receivedJouni Malinen2010-11-042-2/+4
|
* WPS: Share common function for building WSC ACK/NACKJouni Malinen2010-11-044-94/+50
| | | | | These are identical functions in Enrollee and Registrar and there is no need to maintain two copies of the same functionality.