[pkg-wpa-devel] r1456 - in /wpasupplicant/trunk: debian/ src/common/ src/crypto/ src/drivers/ src/eap_common/ src/eap_peer/ src/eap_server/ src/eapol_supp/ src/hlr_auc_gw/ src/l2_packet/ src/radius/ src/rsn_supp/ src/tls/ src/utils/ src/wps/ wpa_supplicant/ wpa_supplicant/doc/ wpa_supplicant/doc/docbook/ wpa_supplicant/wpa_gui-qt4/
kelmo-guest at users.alioth.debian.org
kelmo-guest at users.alioth.debian.org
Fri Jan 29 13:29:52 UTC 2010
Author: kelmo-guest
Date: Fri Jan 29 13:29:50 2010
New Revision: 1456
URL: http://svn.debian.org/wsvn/pkg-wpa/?sc=1&rev=1456
Log:
Import new upstream release.
Added:
wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_background.8
wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_cli.8
wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_gui.8
wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_passphrase.8
wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_priv.8
wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_supplicant.8
wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5
Removed:
wpasupplicant/trunk/src/common/.gitignore
wpasupplicant/trunk/src/crypto/.gitignore
wpasupplicant/trunk/src/drivers/.gitignore
wpasupplicant/trunk/src/eap_common/.gitignore
wpasupplicant/trunk/src/eap_peer/.gitignore
wpasupplicant/trunk/src/eap_server/.gitignore
wpasupplicant/trunk/src/eapol_supp/.gitignore
wpasupplicant/trunk/src/hlr_auc_gw/.gitignore
wpasupplicant/trunk/src/l2_packet/.gitignore
wpasupplicant/trunk/src/radius/.gitignore
wpasupplicant/trunk/src/rsn_supp/.gitignore
wpasupplicant/trunk/src/tls/.gitignore
wpasupplicant/trunk/src/utils/.gitignore
wpasupplicant/trunk/src/wps/.gitignore
Modified:
wpasupplicant/trunk/debian/changelog
wpasupplicant/trunk/src/common/ieee802_11_common.c
wpasupplicant/trunk/src/common/ieee802_11_common.h
wpasupplicant/trunk/src/common/ieee802_11_defs.h
wpasupplicant/trunk/src/common/nl80211_copy.h
wpasupplicant/trunk/src/common/version.h
wpasupplicant/trunk/src/crypto/crypto_cryptoapi.c
wpasupplicant/trunk/src/crypto/crypto_internal.c
wpasupplicant/trunk/src/crypto/dh_groups.c
wpasupplicant/trunk/src/crypto/ms_funcs.c
wpasupplicant/trunk/src/crypto/rc4.c
wpasupplicant/trunk/src/crypto/rc4.h
wpasupplicant/trunk/src/crypto/sha1.c
wpasupplicant/trunk/src/crypto/tls.h
wpasupplicant/trunk/src/crypto/tls_gnutls.c
wpasupplicant/trunk/src/crypto/tls_openssl.c
wpasupplicant/trunk/src/drivers/driver.h
wpasupplicant/trunk/src/drivers/driver_bsd.c
wpasupplicant/trunk/src/drivers/driver_madwifi.c
wpasupplicant/trunk/src/drivers/driver_ndiswrapper.c
wpasupplicant/trunk/src/drivers/driver_nl80211.c
wpasupplicant/trunk/src/drivers/driver_roboswitch.c
wpasupplicant/trunk/src/drivers/driver_wext.c
wpasupplicant/trunk/src/drivers/driver_wired.c
wpasupplicant/trunk/src/eap_peer/eap_methods.h
wpasupplicant/trunk/src/eap_peer/eap_sim.c
wpasupplicant/trunk/src/eap_peer/eap_tls_common.c
wpasupplicant/trunk/src/eap_peer/eap_ttls.c
wpasupplicant/trunk/src/eap_peer/eap_wsc.c
wpasupplicant/trunk/src/eap_peer/tncc.c
wpasupplicant/trunk/src/eap_server/eap.c
wpasupplicant/trunk/src/eap_server/eap_fast.c
wpasupplicant/trunk/src/eap_server/eap_tls_common.c
wpasupplicant/trunk/src/eapol_supp/eapol_supp_sm.c
wpasupplicant/trunk/src/hlr_auc_gw/hlr_auc_gw.c
wpasupplicant/trunk/src/l2_packet/l2_packet_linux.c
wpasupplicant/trunk/src/radius/radius_client.c
wpasupplicant/trunk/src/radius/radius_server.c
wpasupplicant/trunk/src/rsn_supp/wpa.c
wpasupplicant/trunk/src/rsn_supp/wpa_ft.c
wpasupplicant/trunk/src/rsn_supp/wpa_i.h
wpasupplicant/trunk/src/tls/rsa.c
wpasupplicant/trunk/src/tls/tlsv1_client.c
wpasupplicant/trunk/src/tls/tlsv1_server_read.c
wpasupplicant/trunk/src/utils/base64.c
wpasupplicant/trunk/src/utils/common.c
wpasupplicant/trunk/src/utils/common.h
wpasupplicant/trunk/src/utils/os_unix.c
wpasupplicant/trunk/src/utils/wpa_debug.c
wpasupplicant/trunk/src/utils/wpa_debug.h
wpasupplicant/trunk/src/utils/wpabuf.c
wpasupplicant/trunk/src/wps/httpread.c
wpasupplicant/trunk/src/wps/wps.h
wpasupplicant/trunk/src/wps/wps_attr_parse.c
wpasupplicant/trunk/src/wps/wps_common.c
wpasupplicant/trunk/src/wps/wps_enrollee.c
wpasupplicant/trunk/src/wps/wps_i.h
wpasupplicant/trunk/src/wps/wps_registrar.c
wpasupplicant/trunk/src/wps/wps_upnp.c
wpasupplicant/trunk/src/wps/wps_upnp_event.c
wpasupplicant/trunk/src/wps/wps_upnp_i.h
wpasupplicant/trunk/src/wps/wps_upnp_ssdp.c
wpasupplicant/trunk/src/wps/wps_upnp_web.c
wpasupplicant/trunk/wpa_supplicant/ChangeLog
wpasupplicant/trunk/wpa_supplicant/Makefile
wpasupplicant/trunk/wpa_supplicant/README
wpasupplicant/trunk/wpa_supplicant/README-WPS
wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus.c
wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus.h
wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus_handlers.c
wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus_handlers.h
wpasupplicant/trunk/wpa_supplicant/ctrl_iface_unix.c
wpasupplicant/trunk/wpa_supplicant/defconfig
wpasupplicant/trunk/wpa_supplicant/doc/porting.doxygen
wpasupplicant/trunk/wpa_supplicant/events.c
wpasupplicant/trunk/wpa_supplicant/mlme.c
wpasupplicant/trunk/wpa_supplicant/scan.c
wpasupplicant/trunk/wpa_supplicant/wpa_gui-qt4/main.cpp
wpasupplicant/trunk/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
wpasupplicant/trunk/wpa_supplicant/wpa_gui-qt4/wpagui.h
wpasupplicant/trunk/wpa_supplicant/wpa_priv.c
wpasupplicant/trunk/wpa_supplicant/wpa_supplicant.c
wpasupplicant/trunk/wpa_supplicant/wpa_supplicant_i.h
wpasupplicant/trunk/wpa_supplicant/wpas_glue.c
wpasupplicant/trunk/wpa_supplicant/wps_supplicant.c
Modified: wpasupplicant/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/debian/changelog?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/debian/changelog (original)
+++ wpasupplicant/trunk/debian/changelog Fri Jan 29 13:29:50 2010
@@ -1,5 +1,6 @@
-wpasupplicant (0.6.9-4) unstable; urgency=low
-
+wpasupplicant (0.6.10-1) UNRELEASED; urgency=low
+
+ * New upstream release
* Backport a series of WEXT driver wrapper enhancements from upstream
development tree. See each patch's header for more details.
- 12_wpa_supplicant_dont_force_disconnect_in_adhoc_mode.patch
Modified: wpasupplicant/trunk/src/common/ieee802_11_common.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/common/ieee802_11_common.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/common/ieee802_11_common.c (original)
+++ wpasupplicant/trunk/src/common/ieee802_11_common.c Fri Jan 29 13:29:50 2010
@@ -49,26 +49,33 @@
elems->wpa_ie = pos;
elems->wpa_ie_len = elen;
break;
- case WME_OUI_TYPE: /* this is a Wi-Fi WME info. element */
+ case WMM_OUI_TYPE:
+ /* WMM information element */
if (elen < 5) {
- wpa_printf(MSG_MSGDUMP, "short WME "
+ wpa_printf(MSG_MSGDUMP, "short WMM "
"information element ignored "
"(len=%lu)",
(unsigned long) elen);
return -1;
}
switch (pos[4]) {
- case WME_OUI_SUBTYPE_INFORMATION_ELEMENT:
- case WME_OUI_SUBTYPE_PARAMETER_ELEMENT:
- elems->wme = pos;
- elems->wme_len = elen;
+ case WMM_OUI_SUBTYPE_INFORMATION_ELEMENT:
+ case WMM_OUI_SUBTYPE_PARAMETER_ELEMENT:
+ /*
+ * Share same pointer since only one of these
+ * is used and they start with same data.
+ * Length field can be used to distinguish the
+ * IEs.
+ */
+ elems->wmm = pos;
+ elems->wmm_len = elen;
break;
- case WME_OUI_SUBTYPE_TSPEC_ELEMENT:
- elems->wme_tspec = pos;
- elems->wme_tspec_len = elen;
+ case WMM_OUI_SUBTYPE_TSPEC_ELEMENT:
+ elems->wmm_tspec = pos;
+ elems->wmm_tspec_len = elen;
break;
default:
- wpa_printf(MSG_MSGDUMP, "unknown WME "
+ wpa_printf(MSG_MSGDUMP, "unknown WMM "
"information element ignored "
"(subtype=%d len=%lu)",
pos[4], (unsigned long) elen);
Modified: wpasupplicant/trunk/src/common/ieee802_11_common.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/common/ieee802_11_common.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/common/ieee802_11_common.h (original)
+++ wpasupplicant/trunk/src/common/ieee802_11_common.h Fri Jan 29 13:29:50 2010
@@ -41,10 +41,10 @@
u8 wpa_ie_len;
u8 *rsn_ie;
u8 rsn_ie_len;
- u8 *wme;
- u8 wme_len;
- u8 *wme_tspec;
- u8 wme_tspec_len;
+ u8 *wmm; /* WMM Information or Parameter Element */
+ u8 wmm_len; /* 7 = WMM Information; 24 = WMM Parameter */
+ u8 *wmm_tspec;
+ u8 wmm_tspec_len;
u8 *wps_ie;
u8 wps_ie_len;
u8 *power_cap;
Modified: wpasupplicant/trunk/src/common/ieee802_11_defs.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/common/ieee802_11_defs.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/common/ieee802_11_defs.h (original)
+++ wpasupplicant/trunk/src/common/ieee802_11_defs.h Fri Jan 29 13:29:50 2010
@@ -210,16 +210,18 @@
#define WLAN_ACTION_QOS 1
#define WLAN_ACTION_DLS 2
#define WLAN_ACTION_BLOCK_ACK 3
+#define WLAN_ACTION_PUBLIC 4
#define WLAN_ACTION_RADIO_MEASUREMENT 5
#define WLAN_ACTION_FT 6
+#define WLAN_ACTION_HT 7
#define WLAN_ACTION_SA_QUERY 8
-#define WLAN_ACTION_WMM 17
-
-/* SA Query Action frame (IEEE 802.11w/D7.0, 7.4.9) */
+#define WLAN_ACTION_WMM 17 /* WMM Specification 1.1 */
+
+/* SA Query Action frame (IEEE 802.11w/D8.0, 7.4.9) */
#define WLAN_SA_QUERY_REQUEST 0
#define WLAN_SA_QUERY_RESPONSE 1
-#define WLAN_SA_QUERY_TR_ID_LEN 16
+#define WLAN_SA_QUERY_TR_ID_LEN 2
/* Timeout Interval Type */
#define WLAN_TIMEOUT_REASSOC_DEADLINE 1
@@ -300,7 +302,7 @@
u8 dialog_token;
u8 status_code;
u8 variable[0];
- } STRUCT_PACKED wme_action;
+ } STRUCT_PACKED wmm_action;
struct{
u8 action_code;
u8 element_id;
@@ -561,23 +563,27 @@
#define OUI_MICROSOFT 0x0050f2 /* Microsoft (also used in Wi-Fi specs)
* 00:50:F2 */
-#define WME_OUI_TYPE 2
-#define WME_OUI_SUBTYPE_INFORMATION_ELEMENT 0
-#define WME_OUI_SUBTYPE_PARAMETER_ELEMENT 1
-#define WME_OUI_SUBTYPE_TSPEC_ELEMENT 2
-#define WME_VERSION 1
-
-#define WME_ACTION_CODE_SETUP_REQUEST 0
-#define WME_ACTION_CODE_SETUP_RESPONSE 1
-#define WME_ACTION_CODE_TEARDOWN 2
-
-#define WME_SETUP_RESPONSE_STATUS_ADMISSION_ACCEPTED 0
-#define WME_SETUP_RESPONSE_STATUS_INVALID_PARAMETERS 1
-#define WME_SETUP_RESPONSE_STATUS_REFUSED 3
-
-#define WME_TSPEC_DIRECTION_UPLINK 0
-#define WME_TSPEC_DIRECTION_DOWNLINK 1
-#define WME_TSPEC_DIRECTION_BI_DIRECTIONAL 3
+#define WMM_OUI_TYPE 2
+#define WMM_OUI_SUBTYPE_INFORMATION_ELEMENT 0
+#define WMM_OUI_SUBTYPE_PARAMETER_ELEMENT 1
+#define WMM_OUI_SUBTYPE_TSPEC_ELEMENT 2
+#define WMM_VERSION 1
+
+#define WMM_ACTION_CODE_ADDTS_REQ 0
+#define WMM_ACTION_CODE_ADDTS_RESP 1
+#define WMM_ACTION_CODE_DELTS 2
+
+#define WMM_ADDTS_STATUS_ADMISSION_ACCEPTED 0
+#define WMM_ADDTS_STATUS_INVALID_PARAMETERS 1
+/* 2 - Reserved */
+#define WMM_ADDTS_STATUS_REFUSED 3
+/* 4-255 - Reserved */
+
+/* WMM TSPEC Direction Field Values */
+#define WMM_TSPEC_DIRECTION_UPLINK 0
+#define WMM_TSPEC_DIRECTION_DOWNLINK 1
+/* 2 - Reserved */
+#define WMM_TSPEC_DIRECTION_BI_DIRECTIONAL 3
#define OUI_BROADCOM 0x00904c /* Broadcom (Epigram) */
Modified: wpasupplicant/trunk/src/common/nl80211_copy.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/common/nl80211_copy.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/common/nl80211_copy.h (original)
+++ wpasupplicant/trunk/src/common/nl80211_copy.h Fri Jan 29 13:29:50 2010
@@ -7,7 +7,7 @@
* Copyright 2008 Michael Wu <flamingice at sourmilk.net>
* Copyright 2008 Luis Carlos Cobo <luisca at cozybit.com>
* Copyright 2008 Michael Buesch <mb at bu3sch.de>
- * Copyright 2008 Luis R. Rodriguez <lrodriguez at atheros.com>
+ * Copyright 2008, 2009 Luis R. Rodriguez <lrodriguez at atheros.com>
* Copyright 2008 Jouni Malinen <jouni.malinen at atheros.com>
* Copyright 2008 Colin McCabe <colin at cozybit.com>
*
@@ -25,6 +25,8 @@
*
*/
+#include <linux/types.h>
+
/**
* DOC: Station handling
*
@@ -46,8 +48,10 @@
* to get a list of all present wiphys.
* @NL80211_CMD_SET_WIPHY: set wiphy parameters, needs %NL80211_ATTR_WIPHY or
* %NL80211_ATTR_IFINDEX; can be used to set %NL80211_ATTR_WIPHY_NAME,
- * %NL80211_ATTR_WIPHY_TXQ_PARAMS, %NL80211_ATTR_WIPHY_FREQ, and/or
- * %NL80211_ATTR_WIPHY_CHANNEL_TYPE.
+ * %NL80211_ATTR_WIPHY_TXQ_PARAMS, %NL80211_ATTR_WIPHY_FREQ,
+ * %NL80211_ATTR_WIPHY_CHANNEL_TYPE, %NL80211_ATTR_WIPHY_RETRY_SHORT,
+ * %NL80211_ATTR_WIPHY_RETRY_LONG, %NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
+ * and/or %NL80211_ATTR_WIPHY_RTS_THRESHOLD.
* @NL80211_CMD_NEW_WIPHY: Newly created wiphy, response to get request
* or rename notification. Has attributes %NL80211_ATTR_WIPHY and
* %NL80211_ATTR_WIPHY_NAME.
@@ -75,8 +79,8 @@
* @NL80211_CMD_SET_KEY: Set key attributes %NL80211_ATTR_KEY_DEFAULT,
* %NL80211_ATTR_KEY_DEFAULT_MGMT, or %NL80211_ATTR_KEY_THRESHOLD.
* @NL80211_CMD_NEW_KEY: add a key with given %NL80211_ATTR_KEY_DATA,
- * %NL80211_ATTR_KEY_IDX, %NL80211_ATTR_MAC and %NL80211_ATTR_KEY_CIPHER
- * attributes.
+ * %NL80211_ATTR_KEY_IDX, %NL80211_ATTR_MAC, %NL80211_ATTR_KEY_CIPHER,
+ * and %NL80211_ATTR_KEY_SEQ attributes.
* @NL80211_CMD_DEL_KEY: delete a key identified by %NL80211_ATTR_KEY_IDX
* or %NL80211_ATTR_MAC.
*
@@ -142,6 +146,12 @@
* %NL80211_ATTR_IE. If the command succeeds, the requested data will be
* added to all specified management frames generated by
* kernel/firmware/driver.
+ * Note: This command has been removed and it is only reserved at this
+ * point to avoid re-using existing command number. The functionality this
+ * command was planned for has been provided with cleaner design with the
+ * option to specify additional IEs in NL80211_CMD_TRIGGER_SCAN,
+ * NL80211_CMD_AUTHENTICATE, NL80211_CMD_ASSOCIATE,
+ * NL80211_CMD_DEAUTHENTICATE, and NL80211_CMD_DISASSOCIATE.
*
* @NL80211_CMD_GET_SCAN: get scan results
* @NL80211_CMD_TRIGGER_SCAN: trigger a new scan with the given parameters
@@ -150,6 +160,116 @@
* @NL80211_CMD_SCAN_ABORTED: scan was aborted, for unspecified reasons,
* partial scan results may be available
*
+ * @NL80211_CMD_GET_SURVEY: get survey resuls, e.g. channel occupation
+ * or noise level
+ * @NL80211_CMD_NEW_SURVEY_RESULTS: survey data notification (as a reply to
+ * NL80211_CMD_GET_SURVEY and on the "scan" multicast group)
+ *
+ * @NL80211_CMD_REG_CHANGE: indicates to userspace the regulatory domain
+ * has been changed and provides details of the request information
+ * that caused the change such as who initiated the regulatory request
+ * (%NL80211_ATTR_REG_INITIATOR), the wiphy_idx
+ * (%NL80211_ATTR_REG_ALPHA2) on which the request was made from if
+ * the initiator was %NL80211_REGDOM_SET_BY_COUNTRY_IE or
+ * %NL80211_REGDOM_SET_BY_DRIVER, the type of regulatory domain
+ * set (%NL80211_ATTR_REG_TYPE), if the type of regulatory domain is
+ * %NL80211_REG_TYPE_COUNTRY the alpha2 to which we have moved on
+ * to (%NL80211_ATTR_REG_ALPHA2).
+ * @NL80211_CMD_REG_BEACON_HINT: indicates to userspace that an AP beacon
+ * has been found while world roaming thus enabling active scan or
+ * any mode of operation that initiates TX (beacons) on a channel
+ * where we would not have been able to do either before. As an example
+ * if you are world roaming (regulatory domain set to world or if your
+ * driver is using a custom world roaming regulatory domain) and while
+ * doing a passive scan on the 5 GHz band you find an AP there (if not
+ * on a DFS channel) you will now be able to actively scan for that AP
+ * or use AP mode on your card on that same channel. Note that this will
+ * never be used for channels 1-11 on the 2 GHz band as they are always
+ * enabled world wide. This beacon hint is only sent if your device had
+ * either disabled active scanning or beaconing on a channel. We send to
+ * userspace the wiphy on which we removed a restriction from
+ * (%NL80211_ATTR_WIPHY) and the channel on which this occurred
+ * before (%NL80211_ATTR_FREQ_BEFORE) and after (%NL80211_ATTR_FREQ_AFTER)
+ * the beacon hint was processed.
+ *
+ * @NL80211_CMD_AUTHENTICATE: authentication request and notification.
+ * This command is used both as a command (request to authenticate) and
+ * as an event on the "mlme" multicast group indicating completion of the
+ * authentication process.
+ * When used as a command, %NL80211_ATTR_IFINDEX is used to identify the
+ * interface. %NL80211_ATTR_MAC is used to specify PeerSTAAddress (and
+ * BSSID in case of station mode). %NL80211_ATTR_SSID is used to specify
+ * the SSID (mainly for association, but is included in authentication
+ * request, too, to help BSS selection. %NL80211_ATTR_WIPHY_FREQ is used
+ * to specify the frequence of the channel in MHz. %NL80211_ATTR_AUTH_TYPE
+ * is used to specify the authentication type. %NL80211_ATTR_IE is used to
+ * define IEs (VendorSpecificInfo, but also including RSN IE and FT IEs)
+ * to be added to the frame.
+ * When used as an event, this reports reception of an Authentication
+ * frame in station and IBSS modes when the local MLME processed the
+ * frame, i.e., it was for the local STA and was received in correct
+ * state. This is similar to MLME-AUTHENTICATE.confirm primitive in the
+ * MLME SAP interface (kernel providing MLME, userspace SME). The
+ * included %NL80211_ATTR_FRAME attribute contains the management frame
+ * (including both the header and frame body, but not FCS). This event is
+ * also used to indicate if the authentication attempt timed out. In that
+ * case the %NL80211_ATTR_FRAME attribute is replaced with a
+ * %NL80211_ATTR_TIMED_OUT flag (and %NL80211_ATTR_MAC to indicate which
+ * pending authentication timed out).
+ * @NL80211_CMD_ASSOCIATE: association request and notification; like
+ * NL80211_CMD_AUTHENTICATE but for Association and Reassociation
+ * (similar to MLME-ASSOCIATE.request, MLME-REASSOCIATE.request,
+ * MLME-ASSOCIATE.confirm or MLME-REASSOCIATE.confirm primitives).
+ * @NL80211_CMD_DEAUTHENTICATE: deauthentication request and notification; like
+ * NL80211_CMD_AUTHENTICATE but for Deauthentication frames (similar to
+ * MLME-DEAUTHENTICATION.request and MLME-DEAUTHENTICATE.indication
+ * primitives).
+ * @NL80211_CMD_DISASSOCIATE: disassociation request and notification; like
+ * NL80211_CMD_AUTHENTICATE but for Disassociation frames (similar to
+ * MLME-DISASSOCIATE.request and MLME-DISASSOCIATE.indication primitives).
+ *
+ * @NL80211_CMD_MICHAEL_MIC_FAILURE: notification of a locally detected Michael
+ * MIC (part of TKIP) failure; sent on the "mlme" multicast group; the
+ * event includes %NL80211_ATTR_MAC to describe the source MAC address of
+ * the frame with invalid MIC, %NL80211_ATTR_KEY_TYPE to show the key
+ * type, %NL80211_ATTR_KEY_IDX to indicate the key identifier, and
+ * %NL80211_ATTR_KEY_SEQ to indicate the TSC value of the frame; this
+ * event matches with MLME-MICHAELMICFAILURE.indication() primitive
+ *
+ * @NL80211_CMD_JOIN_IBSS: Join a new IBSS -- given at least an SSID and a
+ * FREQ attribute (for the initial frequency if no peer can be found)
+ * and optionally a MAC (as BSSID) and FREQ_FIXED attribute if those
+ * should be fixed rather than automatically determined. Can only be
+ * executed on a network interface that is UP, and fixed BSSID/FREQ
+ * may be rejected. Another optional parameter is the beacon interval,
+ * given in the %NL80211_ATTR_BEACON_INTERVAL attribute, which if not
+ * given defaults to 100 TU (102.4ms).
+ * @NL80211_CMD_LEAVE_IBSS: Leave the IBSS -- no special arguments, the IBSS is
+ * determined by the network interface.
+ *
+ * @NL80211_CMD_TESTMODE: testmode command, takes a wiphy (or ifindex) attribute
+ * to identify the device, and the TESTDATA blob attribute to pass through
+ * to the driver.
+ *
+ * @NL80211_CMD_CONNECT: connection request and notification; this command
+ * requests to connect to a specified network but without separating
+ * auth and assoc steps. For this, you need to specify the SSID in a
+ * %NL80211_ATTR_SSID attribute, and can optionally specify the association
+ * IEs in %NL80211_ATTR_IE, %NL80211_ATTR_AUTH_TYPE, %NL80211_ATTR_MAC,
+ * %NL80211_ATTR_WIPHY_FREQ and %NL80211_ATTR_CONTROL_PORT.
+ * It is also sent as an event, with the BSSID and response IEs when the
+ * connection is established or failed to be established. This can be
+ * determined by the STATUS_CODE attribute.
+ * @NL80211_CMD_ROAM: request that the card roam (currently not implemented),
+ * sent as an event when the card/driver roamed by itself.
+ * @NL80211_CMD_DISCONNECT: drop a given connection; also used to notify
+ * userspace that a connection was dropped by the AP or due to other
+ * reasons, for this the %NL80211_ATTR_DISCONNECTED_BY_AP and
+ * %NL80211_ATTR_REASON_CODE attributes are used.
+ *
+ * @NL80211_CMD_SET_WIPHY_NETNS: Set a wiphy's netns. Note that all devices
+ * associated with this wiphy must be down and will follow.
+ *
* @NL80211_CMD_MAX: highest used command number
* @__NL80211_CMD_AFTER_LAST: internal use
*/
@@ -195,7 +315,7 @@
NL80211_CMD_GET_MESH_PARAMS,
NL80211_CMD_SET_MESH_PARAMS,
- NL80211_CMD_SET_MGMT_EXTRA_IE,
+ NL80211_CMD_SET_MGMT_EXTRA_IE /* reserved; not used */,
NL80211_CMD_GET_REG,
@@ -204,6 +324,31 @@
NL80211_CMD_NEW_SCAN_RESULTS,
NL80211_CMD_SCAN_ABORTED,
+ NL80211_CMD_REG_CHANGE,
+
+ NL80211_CMD_AUTHENTICATE,
+ NL80211_CMD_ASSOCIATE,
+ NL80211_CMD_DEAUTHENTICATE,
+ NL80211_CMD_DISASSOCIATE,
+
+ NL80211_CMD_MICHAEL_MIC_FAILURE,
+
+ NL80211_CMD_REG_BEACON_HINT,
+
+ NL80211_CMD_JOIN_IBSS,
+ NL80211_CMD_LEAVE_IBSS,
+
+ NL80211_CMD_TESTMODE,
+
+ NL80211_CMD_CONNECT,
+ NL80211_CMD_ROAM,
+ NL80211_CMD_DISCONNECT,
+
+ NL80211_CMD_SET_WIPHY_NETNS,
+
+ NL80211_CMD_GET_SURVEY,
+ NL80211_CMD_NEW_SURVEY_RESULTS,
+
/* add new commands above here */
/* used to define NL80211_CMD_MAX below */
@@ -217,6 +362,12 @@
*/
#define NL80211_CMD_SET_BSS NL80211_CMD_SET_BSS
#define NL80211_CMD_SET_MGMT_EXTRA_IE NL80211_CMD_SET_MGMT_EXTRA_IE
+#define NL80211_CMD_REG_CHANGE NL80211_CMD_REG_CHANGE
+#define NL80211_CMD_AUTHENTICATE NL80211_CMD_AUTHENTICATE
+#define NL80211_CMD_ASSOCIATE NL80211_CMD_ASSOCIATE
+#define NL80211_CMD_DEAUTHENTICATE NL80211_CMD_DEAUTHENTICATE
+#define NL80211_CMD_DISASSOCIATE NL80211_CMD_DISASSOCIATE
+#define NL80211_CMD_REG_BEACON_HINT NL80211_CMD_REG_BEACON_HINT
/**
* enum nl80211_attrs - nl80211 netlink attributes
@@ -235,6 +386,18 @@
* NL80211_CHAN_HT20 = HT20 only
* NL80211_CHAN_HT40MINUS = secondary channel is below the primary channel
* NL80211_CHAN_HT40PLUS = secondary channel is above the primary channel
+ * @NL80211_ATTR_WIPHY_RETRY_SHORT: TX retry limit for frames whose length is
+ * less than or equal to the RTS threshold; allowed range: 1..255;
+ * dot11ShortRetryLimit; u8
+ * @NL80211_ATTR_WIPHY_RETRY_LONG: TX retry limit for frames whose length is
+ * greater than the RTS threshold; allowed range: 1..255;
+ * dot11ShortLongLimit; u8
+ * @NL80211_ATTR_WIPHY_FRAG_THRESHOLD: fragmentation threshold, i.e., maximum
+ * length in octets for frames; allowed range: 256..8000, disable
+ * fragmentation with (u32)-1; dot11FragmentationThreshold; u32
+ * @NL80211_ATTR_WIPHY_RTS_THRESHOLD: RTS threshold (TX frames with length
+ * larger than or equal to this use RTS/CTS handshake); allowed range:
+ * 0..65536, disable with (u32)-1; dot11RTSThreshold; u32
*
* @NL80211_ATTR_IFINDEX: network interface index of the device to operate on
* @NL80211_ATTR_IFNAME: network interface name
@@ -258,7 +421,7 @@
*
* @NL80211_ATTR_STA_AID: Association ID for the station (u16)
* @NL80211_ATTR_STA_FLAGS: flags, nested element with NLA_FLAG attributes of
- * &enum nl80211_sta_flags.
+ * &enum nl80211_sta_flags (deprecated, use %NL80211_ATTR_STA_FLAGS2)
* @NL80211_ATTR_STA_LISTEN_INTERVAL: listen interval as defined by
* IEEE 802.11 7.3.1.6 (u16).
* @NL80211_ATTR_STA_SUPPORTED_RATES: supported rates, array of supported
@@ -319,15 +482,121 @@
*
* @NL80211_ATTR_MAX_NUM_SCAN_SSIDS: number of SSIDs you can scan with
* a single scan request, a wiphy attribute.
+ * @NL80211_ATTR_MAX_SCAN_IE_LEN: maximum length of information elements
+ * that can be added to a scan request
*
* @NL80211_ATTR_SCAN_FREQUENCIES: nested attribute with frequencies (in MHz)
* @NL80211_ATTR_SCAN_SSIDS: nested attribute with SSIDs, leave out for passive
* scanning and include a zero-length SSID (wildcard) for wildcard scan
- * @NL80211_ATTR_SCAN_GENERATION: the scan generation increases whenever the
- * scan result list changes (BSS expired or added) so that applications
- * can verify that they got a single, consistent snapshot (when all dump
- * messages carried the same generation number)
* @NL80211_ATTR_BSS: scan result BSS
+ *
+ * @NL80211_ATTR_REG_INITIATOR: indicates who requested the regulatory domain
+ * currently in effect. This could be any of the %NL80211_REGDOM_SET_BY_*
+ * @NL80211_ATTR_REG_TYPE: indicates the type of the regulatory domain currently
+ * set. This can be one of the nl80211_reg_type (%NL80211_REGDOM_TYPE_*)
+ *
+ * @NL80211_ATTR_SUPPORTED_COMMANDS: wiphy attribute that specifies
+ * an array of command numbers (i.e. a mapping index to command number)
+ * that the driver for the given wiphy supports.
+ *
+ * @NL80211_ATTR_FRAME: frame data (binary attribute), including frame header
+ * and body, but not FCS; used, e.g., with NL80211_CMD_AUTHENTICATE and
+ * NL80211_CMD_ASSOCIATE events
+ * @NL80211_ATTR_SSID: SSID (binary attribute, 0..32 octets)
+ * @NL80211_ATTR_AUTH_TYPE: AuthenticationType, see &enum nl80211_auth_type,
+ * represented as a u32
+ * @NL80211_ATTR_REASON_CODE: ReasonCode for %NL80211_CMD_DEAUTHENTICATE and
+ * %NL80211_CMD_DISASSOCIATE, u16
+ *
+ * @NL80211_ATTR_KEY_TYPE: Key Type, see &enum nl80211_key_type, represented as
+ * a u32
+ *
+ * @NL80211_ATTR_FREQ_BEFORE: A channel which has suffered a regulatory change
+ * due to considerations from a beacon hint. This attribute reflects
+ * the state of the channel _before_ the beacon hint processing. This
+ * attributes consists of a nested attribute containing
+ * NL80211_FREQUENCY_ATTR_*
+ * @NL80211_ATTR_FREQ_AFTER: A channel which has suffered a regulatory change
+ * due to considerations from a beacon hint. This attribute reflects
+ * the state of the channel _after_ the beacon hint processing. This
+ * attributes consists of a nested attribute containing
+ * NL80211_FREQUENCY_ATTR_*
+ *
+ * @NL80211_ATTR_CIPHER_SUITES: a set of u32 values indicating the supported
+ * cipher suites
+ *
+ * @NL80211_ATTR_FREQ_FIXED: a flag indicating the IBSS should not try to look
+ * for other networks on different channels
+ *
+ * @NL80211_ATTR_TIMED_OUT: a flag indicating than an operation timed out; this
+ * is used, e.g., with %NL80211_CMD_AUTHENTICATE event
+ *
+ * @NL80211_ATTR_USE_MFP: Whether management frame protection (IEEE 802.11w) is
+ * used for the association (&enum nl80211_mfp, represented as a u32);
+ * this attribute can be used
+ * with %NL80211_CMD_ASSOCIATE request
+ *
+ * @NL80211_ATTR_STA_FLAGS2: Attribute containing a
+ * &struct nl80211_sta_flag_update.
+ *
+ * @NL80211_ATTR_CONTROL_PORT: A flag indicating whether user space controls
+ * IEEE 802.1X port, i.e., sets/clears %NL80211_STA_FLAG_AUTHORIZED, in
+ * station mode. If the flag is included in %NL80211_CMD_ASSOCIATE
+ * request, the driver will assume that the port is unauthorized until
+ * authorized by user space. Otherwise, port is marked authorized by
+ * default in station mode.
+ *
+ * @NL80211_ATTR_TESTDATA: Testmode data blob, passed through to the driver.
+ * We recommend using nested, driver-specific attributes within this.
+ *
+ * @NL80211_ATTR_DISCONNECTED_BY_AP: A flag indicating that the DISCONNECT
+ * event was due to the AP disconnecting the station, and not due to
+ * a local disconnect request.
+ * @NL80211_ATTR_STATUS_CODE: StatusCode for the %NL80211_CMD_CONNECT
+ * event (u16)
+ * @NL80211_ATTR_PRIVACY: Flag attribute, used with connect(), indicating
+ * that protected APs should be used.
+ *
+ * @NL80211_ATTR_CIPHERS_PAIRWISE: Used with CONNECT and ASSOCIATE to
+ * indicate which unicast key ciphers will be used with the connection
+ * (an array of u32).
+ * @NL80211_ATTR_CIPHER_GROUP: Used with CONNECT and ASSOCIATE to indicate
+ * which group key cipher will be used with the connection (a u32).
+ * @NL80211_ATTR_WPA_VERSIONS: Used with CONNECT and ASSOCIATE to indicate
+ * which WPA version(s) the AP we want to associate with is using
+ * (a u32 with flags from &enum nl80211_wpa_versions).
+ * @NL80211_ATTR_AKM_SUITES: Used with CONNECT and ASSOCIATE to indicate
+ * which key management algorithm(s) to use (an array of u32).
+ *
+ * @NL80211_ATTR_REQ_IE: (Re)association request information elements as
+ * sent out by the card, for ROAM and successful CONNECT events.
+ * @NL80211_ATTR_RESP_IE: (Re)association response information elements as
+ * sent by peer, for ROAM and successful CONNECT events.
+ *
+ * @NL80211_ATTR_PREV_BSSID: previous BSSID, to be used by in ASSOCIATE
+ * commands to specify using a reassociate frame
+ *
+ * @NL80211_ATTR_KEY: key information in a nested attribute with
+ * %NL80211_KEY_* sub-attributes
+ * @NL80211_ATTR_KEYS: array of keys for static WEP keys for connect()
+ * and join_ibss(), key information is in a nested attribute each
+ * with %NL80211_KEY_* sub-attributes
+ *
+ * @NL80211_ATTR_PID: Process ID of a network namespace.
+ *
+ * @NL80211_ATTR_GENERATION: Used to indicate consistent snapshots for
+ * dumps. This number increases whenever the object list being
+ * dumped changes, and as such userspace can verify that it has
+ * obtained a complete and consistent snapshot by verifying that
+ * all dump messages contain the same generation number. If it
+ * changed then the list changed and the dump should be repeated
+ * completely from scratch.
+ *
+ * @NL80211_ATTR_4ADDR: Use 4-address frames on a virtual interface
+ *
+ * @NL80211_ATTR_SURVEY_INFO: survey information about a channel, part of
+ * the survey response for %NL80211_CMD_GET_SURVEY, nested attribute
+ * containing info as possible, see &enum survey_info.
*
* @NL80211_ATTR_MAX: highest attribute number currently defined
* @__NL80211_ATTR_AFTER_LAST: internal use
@@ -400,19 +669,83 @@
NL80211_ATTR_SCAN_FREQUENCIES,
NL80211_ATTR_SCAN_SSIDS,
- NL80211_ATTR_SCAN_GENERATION,
+ NL80211_ATTR_GENERATION, /* replaces old SCAN_GENERATION */
NL80211_ATTR_BSS,
+
+ NL80211_ATTR_REG_INITIATOR,
+ NL80211_ATTR_REG_TYPE,
+
+ NL80211_ATTR_SUPPORTED_COMMANDS,
+
+ NL80211_ATTR_FRAME,
+ NL80211_ATTR_SSID,
+ NL80211_ATTR_AUTH_TYPE,
+ NL80211_ATTR_REASON_CODE,
+
+ NL80211_ATTR_KEY_TYPE,
+
+ NL80211_ATTR_MAX_SCAN_IE_LEN,
+ NL80211_ATTR_CIPHER_SUITES,
+
+ NL80211_ATTR_FREQ_BEFORE,
+ NL80211_ATTR_FREQ_AFTER,
+
+ NL80211_ATTR_FREQ_FIXED,
+
+
+ NL80211_ATTR_WIPHY_RETRY_SHORT,
+ NL80211_ATTR_WIPHY_RETRY_LONG,
+ NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
+ NL80211_ATTR_WIPHY_RTS_THRESHOLD,
+
+ NL80211_ATTR_TIMED_OUT,
+
+ NL80211_ATTR_USE_MFP,
+
+ NL80211_ATTR_STA_FLAGS2,
+
+ NL80211_ATTR_CONTROL_PORT,
+
+ NL80211_ATTR_TESTDATA,
+
+ NL80211_ATTR_PRIVACY,
+
+ NL80211_ATTR_DISCONNECTED_BY_AP,
+ NL80211_ATTR_STATUS_CODE,
+
+ NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
+ NL80211_ATTR_CIPHER_SUITE_GROUP,
+ NL80211_ATTR_WPA_VERSIONS,
+ NL80211_ATTR_AKM_SUITES,
+
+ NL80211_ATTR_REQ_IE,
+ NL80211_ATTR_RESP_IE,
+
+ NL80211_ATTR_PREV_BSSID,
+
+ NL80211_ATTR_KEY,
+ NL80211_ATTR_KEYS,
+
+ NL80211_ATTR_PID,
+
+ NL80211_ATTR_4ADDR,
+
+ NL80211_ATTR_SURVEY_INFO,
/* add attributes here, update the policy in nl80211.c */
__NL80211_ATTR_AFTER_LAST,
NL80211_ATTR_MAX = __NL80211_ATTR_AFTER_LAST - 1
};
+
+/* source-level API compatibility */
+#define NL80211_ATTR_SCAN_GENERATION NL80211_ATTR_GENERATION
/*
* Allow user space programs to use #ifdef on new attributes by defining them
* here
*/
+#define NL80211_CMD_CONNECT NL80211_CMD_CONNECT
#define NL80211_ATTR_HT_CAPABILITY NL80211_ATTR_HT_CAPABILITY
#define NL80211_ATTR_BSS_BASIC_RATES NL80211_ATTR_BSS_BASIC_RATES
#define NL80211_ATTR_WIPHY_TXQ_PARAMS NL80211_ATTR_WIPHY_TXQ_PARAMS
@@ -420,6 +753,18 @@
#define NL80211_ATTR_WIPHY_CHANNEL_TYPE NL80211_ATTR_WIPHY_CHANNEL_TYPE
#define NL80211_ATTR_MGMT_SUBTYPE NL80211_ATTR_MGMT_SUBTYPE
#define NL80211_ATTR_IE NL80211_ATTR_IE
+#define NL80211_ATTR_REG_INITIATOR NL80211_ATTR_REG_INITIATOR
+#define NL80211_ATTR_REG_TYPE NL80211_ATTR_REG_TYPE
+#define NL80211_ATTR_FRAME NL80211_ATTR_FRAME
+#define NL80211_ATTR_SSID NL80211_ATTR_SSID
+#define NL80211_ATTR_AUTH_TYPE NL80211_ATTR_AUTH_TYPE
+#define NL80211_ATTR_REASON_CODE NL80211_ATTR_REASON_CODE
+#define NL80211_ATTR_CIPHER_SUITES_PAIRWISE NL80211_ATTR_CIPHER_SUITES_PAIRWISE
+#define NL80211_ATTR_CIPHER_SUITE_GROUP NL80211_ATTR_CIPHER_SUITE_GROUP
+#define NL80211_ATTR_WPA_VERSIONS NL80211_ATTR_WPA_VERSIONS
+#define NL80211_ATTR_AKM_SUITES NL80211_ATTR_AKM_SUITES
+#define NL80211_ATTR_KEY NL80211_ATTR_KEY
+#define NL80211_ATTR_KEYS NL80211_ATTR_KEYS
#define NL80211_MAX_SUPP_RATES 32
#define NL80211_MAX_SUPP_REG_RULES 32
@@ -427,6 +772,9 @@
#define NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY 16
#define NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY 24
#define NL80211_HT_CAPABILITY_LEN 26
+
+#define NL80211_MAX_NR_CIPHER_SUITES 5
+#define NL80211_MAX_NR_AKM_SUITES 2
/**
* enum nl80211_iftype - (virtual) interface types
@@ -484,6 +832,18 @@
__NL80211_STA_FLAG_AFTER_LAST,
NL80211_STA_FLAG_MAX = __NL80211_STA_FLAG_AFTER_LAST - 1
};
+
+/**
+ * struct nl80211_sta_flag_update - station flags mask/set
+ * @mask: mask of station flags to set
+ * @set: which values to set them to
+ *
+ * Both mask and set contain bits as per &enum nl80211_sta_flags.
+ */
+struct nl80211_sta_flag_update {
+ __u32 mask;
+ __u32 set;
+} __attribute__((packed));
/**
* enum nl80211_rate_info - bitrate information
@@ -553,14 +913,14 @@
*
* @NL80211_MPATH_FLAG_ACTIVE: the mesh path is active
* @NL80211_MPATH_FLAG_RESOLVING: the mesh path discovery process is running
- * @NL80211_MPATH_FLAG_DSN_VALID: the mesh path contains a valid DSN
+ * @NL80211_MPATH_FLAG_SN_VALID: the mesh path contains a valid SN
* @NL80211_MPATH_FLAG_FIXED: the mesh path has been manually set
* @NL80211_MPATH_FLAG_RESOLVED: the mesh path discovery process succeeded
*/
enum nl80211_mpath_flags {
NL80211_MPATH_FLAG_ACTIVE = 1<<0,
NL80211_MPATH_FLAG_RESOLVING = 1<<1,
- NL80211_MPATH_FLAG_DSN_VALID = 1<<2,
+ NL80211_MPATH_FLAG_SN_VALID = 1<<2,
NL80211_MPATH_FLAG_FIXED = 1<<3,
NL80211_MPATH_FLAG_RESOLVED = 1<<4,
};
@@ -573,7 +933,7 @@
*
* @__NL80211_MPATH_INFO_INVALID: attribute number 0 is reserved
* @NL80211_ATTR_MPATH_FRAME_QLEN: number of queued frames for this destination
- * @NL80211_ATTR_MPATH_DSN: destination sequence number
+ * @NL80211_ATTR_MPATH_SN: destination sequence number
* @NL80211_ATTR_MPATH_METRIC: metric (cost) of this mesh path
* @NL80211_ATTR_MPATH_EXPTIME: expiration time for the path, in msec from now
* @NL80211_ATTR_MPATH_FLAGS: mesh path flags, enumerated in
@@ -584,7 +944,7 @@
enum nl80211_mpath_info {
__NL80211_MPATH_INFO_INVALID,
NL80211_MPATH_INFO_FRAME_QLEN,
- NL80211_MPATH_INFO_DSN,
+ NL80211_MPATH_INFO_SN,
NL80211_MPATH_INFO_METRIC,
NL80211_MPATH_INFO_EXPTIME,
NL80211_MPATH_INFO_FLAGS,
@@ -670,6 +1030,48 @@
/* keep last */
__NL80211_BITRATE_ATTR_AFTER_LAST,
NL80211_BITRATE_ATTR_MAX = __NL80211_BITRATE_ATTR_AFTER_LAST - 1
+};
+
+/**
+ * enum nl80211_initiator - Indicates the initiator of a reg domain request
+ * @NL80211_REGDOM_SET_BY_CORE: Core queried CRDA for a dynamic world
+ * regulatory domain.
+ * @NL80211_REGDOM_SET_BY_USER: User asked the wireless core to set the
+ * regulatory domain.
+ * @NL80211_REGDOM_SET_BY_DRIVER: a wireless drivers has hinted to the
+ * wireless core it thinks its knows the regulatory domain we should be in.
+ * @NL80211_REGDOM_SET_BY_COUNTRY_IE: the wireless core has received an
+ * 802.11 country information element with regulatory information it
+ * thinks we should consider.
+ */
+enum nl80211_reg_initiator {
+ NL80211_REGDOM_SET_BY_CORE,
+ NL80211_REGDOM_SET_BY_USER,
+ NL80211_REGDOM_SET_BY_DRIVER,
+ NL80211_REGDOM_SET_BY_COUNTRY_IE,
+};
+
+/**
+ * enum nl80211_reg_type - specifies the type of regulatory domain
+ * @NL80211_REGDOM_TYPE_COUNTRY: the regulatory domain set is one that pertains
+ * to a specific country. When this is set you can count on the
+ * ISO / IEC 3166 alpha2 country code being valid.
+ * @NL80211_REGDOM_TYPE_WORLD: the regulatory set domain is the world regulatory
+ * domain.
+ * @NL80211_REGDOM_TYPE_CUSTOM_WORLD: the regulatory domain set is a custom
+ * driver specific world regulatory domain. These do not apply system-wide
+ * and are only applicable to the individual devices which have requested
+ * them to be applied.
+ * @NL80211_REGDOM_TYPE_INTERSECTION: the regulatory domain set is the product
+ * of an intersection between two regulatory domains -- the previously
+ * set regulatory domain on the system and the last accepted regulatory
+ * domain request to be processed.
+ */
+enum nl80211_reg_type {
+ NL80211_REGDOM_TYPE_COUNTRY,
+ NL80211_REGDOM_TYPE_WORLD,
+ NL80211_REGDOM_TYPE_CUSTOM_WORLD,
+ NL80211_REGDOM_TYPE_INTERSECTION,
};
/**
@@ -733,6 +1135,26 @@
};
/**
+ * enum nl80211_survey_info - survey information
+ *
+ * These attribute types are used with %NL80211_ATTR_SURVEY_INFO
+ * when getting information about a survey.
+ *
+ * @__NL80211_SURVEY_INFO_INVALID: attribute number 0 is reserved
+ * @NL80211_SURVEY_INFO_FREQUENCY: center frequency of channel
+ * @NL80211_SURVEY_INFO_NOISE: noise level of channel (u8, dBm)
+ */
+enum nl80211_survey_info {
+ __NL80211_SURVEY_INFO_INVALID,
+ NL80211_SURVEY_INFO_FREQUENCY,
+ NL80211_SURVEY_INFO_NOISE,
+
+ /* keep last */
+ __NL80211_SURVEY_INFO_AFTER_LAST,
+ NL80211_SURVEY_INFO_MAX = __NL80211_SURVEY_INFO_AFTER_LAST - 1
+};
+
+/**
* enum nl80211_mntr_flags - monitor configuration flags
*
* Monitor configuration flags.
@@ -811,6 +1233,8 @@
*
* @NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME: The interval of time (in TUs)
* that it takes for an HWMP information element to propagate across the mesh
+ *
+ * @NL80211_MESHCONF_ROOTMODE: whether root mode is enabled or not
*
* @NL80211_MESHCONF_ATTR_MAX: highest possible mesh configuration attribute
*
@@ -831,6 +1255,7 @@
NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
+ NL80211_MESHCONF_HWMP_ROOTMODE,
/* keep last */
__NL80211_MESHCONF_ATTR_AFTER_LAST,
@@ -892,6 +1317,8 @@
* in mBm (100 * dBm) (s32)
* @NL80211_BSS_SIGNAL_UNSPEC: signal strength of the probe response/beacon
* in unspecified units, scaled to 0..100 (u8)
+ * @NL80211_BSS_STATUS: status, if this BSS is "used"
+ * @NL80211_BSS_SEEN_MS_AGO: age of this BSS entry in ms
* @__NL80211_BSS_AFTER_LAST: internal
* @NL80211_BSS_MAX: highest BSS attribute
*/
@@ -905,10 +1332,103 @@
NL80211_BSS_INFORMATION_ELEMENTS,
NL80211_BSS_SIGNAL_MBM,
NL80211_BSS_SIGNAL_UNSPEC,
+ NL80211_BSS_STATUS,
+ NL80211_BSS_SEEN_MS_AGO,
/* keep last */
__NL80211_BSS_AFTER_LAST,
NL80211_BSS_MAX = __NL80211_BSS_AFTER_LAST - 1
};
+/**
+ * enum nl80211_bss_status - BSS "status"
+ */
+enum nl80211_bss_status {
+ NL80211_BSS_STATUS_AUTHENTICATED,
+ NL80211_BSS_STATUS_ASSOCIATED,
+ NL80211_BSS_STATUS_IBSS_JOINED,
+};
+
+/**
+ * enum nl80211_auth_type - AuthenticationType
+ *
+ * @NL80211_AUTHTYPE_OPEN_SYSTEM: Open System authentication
+ * @NL80211_AUTHTYPE_SHARED_KEY: Shared Key authentication (WEP only)
+ * @NL80211_AUTHTYPE_FT: Fast BSS Transition (IEEE 802.11r)
+ * @NL80211_AUTHTYPE_NETWORK_EAP: Network EAP (some Cisco APs and mainly LEAP)
+ * @__NL80211_AUTHTYPE_NUM: internal
+ * @NL80211_AUTHTYPE_MAX: maximum valid auth algorithm
+ * @NL80211_AUTHTYPE_AUTOMATIC: determine automatically (if necessary by
+ * trying multiple times); this is invalid in netlink -- leave out
+ * the attribute for this on CONNECT commands.
+ */
+enum nl80211_auth_type {
+ NL80211_AUTHTYPE_OPEN_SYSTEM,
+ NL80211_AUTHTYPE_SHARED_KEY,
+ NL80211_AUTHTYPE_FT,
+ NL80211_AUTHTYPE_NETWORK_EAP,
+
+ /* keep last */
+ __NL80211_AUTHTYPE_NUM,
+ NL80211_AUTHTYPE_MAX = __NL80211_AUTHTYPE_NUM - 1,
+ NL80211_AUTHTYPE_AUTOMATIC
+};
+
+/**
+ * enum nl80211_key_type - Key Type
+ * @NL80211_KEYTYPE_GROUP: Group (broadcast/multicast) key
+ * @NL80211_KEYTYPE_PAIRWISE: Pairwise (unicast/individual) key
+ * @NL80211_KEYTYPE_PEERKEY: PeerKey (DLS)
+ */
+enum nl80211_key_type {
+ NL80211_KEYTYPE_GROUP,
+ NL80211_KEYTYPE_PAIRWISE,
+ NL80211_KEYTYPE_PEERKEY,
+};
+
+/**
+ * enum nl80211_mfp - Management frame protection state
+ * @NL80211_MFP_NO: Management frame protection not used
+ * @NL80211_MFP_REQUIRED: Management frame protection required
+ */
+enum nl80211_mfp {
+ NL80211_MFP_NO,
+ NL80211_MFP_REQUIRED,
+};
+
+enum nl80211_wpa_versions {
+ NL80211_WPA_VERSION_1 = 1 << 0,
+ NL80211_WPA_VERSION_2 = 1 << 1,
+};
+
+/**
+ * enum nl80211_key_attributes - key attributes
+ * @__NL80211_KEY_INVALID: invalid
+ * @NL80211_KEY_DATA: (temporal) key data; for TKIP this consists of
+ * 16 bytes encryption key followed by 8 bytes each for TX and RX MIC
+ * keys
+ * @NL80211_KEY_IDX: key ID (u8, 0-3)
+ * @NL80211_KEY_CIPHER: key cipher suite (u32, as defined by IEEE 802.11
+ * section 7.3.2.25.1, e.g. 0x000FAC04)
+ * @NL80211_KEY_SEQ: transmit key sequence number (IV/PN) for TKIP and
+ * CCMP keys, each six bytes in little endian
+ * @NL80211_KEY_DEFAULT: flag indicating default key
+ * @NL80211_KEY_DEFAULT_MGMT: flag indicating default management key
+ * @__NL80211_KEY_AFTER_LAST: internal
+ * @NL80211_KEY_MAX: highest key attribute
+ */
+enum nl80211_key_attributes {
+ __NL80211_KEY_INVALID,
+ NL80211_KEY_DATA,
+ NL80211_KEY_IDX,
+ NL80211_KEY_CIPHER,
+ NL80211_KEY_SEQ,
+ NL80211_KEY_DEFAULT,
+ NL80211_KEY_DEFAULT_MGMT,
+
+ /* keep last */
+ __NL80211_KEY_AFTER_LAST,
+ NL80211_KEY_MAX = __NL80211_KEY_AFTER_LAST - 1
+};
+
#endif /* __LINUX_NL80211_H */
Modified: wpasupplicant/trunk/src/common/version.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/common/version.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/common/version.h (original)
+++ wpasupplicant/trunk/src/common/version.h Fri Jan 29 13:29:50 2010
@@ -1,6 +1,6 @@
#ifndef VERSION_H
#define VERSION_H
-#define VERSION_STR "0.6.9"
+#define VERSION_STR "0.6.10"
#endif /* VERSION_H */
Modified: wpasupplicant/trunk/src/crypto/crypto_cryptoapi.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/crypto/crypto_cryptoapi.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/crypto/crypto_cryptoapi.c (original)
+++ wpasupplicant/trunk/src/crypto/crypto_cryptoapi.c Fri Jan 29 13:29:50 2010
@@ -1,6 +1,6 @@
/*
- * WPA Supplicant / Crypto wrapper for Microsoft CryptoAPI
- * Copyright (c) 2005-2006, Jouni Malinen <j at w1.fi>
+ * Crypto wrapper for Microsoft CryptoAPI
+ * Copyright (c) 2005-2009, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -40,12 +40,6 @@
* define here whatever extra is needed.
*/
-static PCCERT_CONTEXT WINAPI
-(*CertCreateCertificateContext)(DWORD dwCertEncodingType,
- const BYTE *pbCertEncoded,
- DWORD cbCertEncoded)
-= NULL; /* to be loaded from crypt32.dll */
-
static BOOL WINAPI
(*CryptImportPublicKeyInfo)(HCRYPTPROV hCryptProv, DWORD dwCertEncodingType,
PCERT_PUBLIC_KEY_INFO pInfo, HCRYPTKEY *phKey)
@@ -59,22 +53,13 @@
/* MinGW does not yet have full CryptoAPI support, so load the needed
* function here. */
- if (CertCreateCertificateContext)
+ if (CryptImportPublicKeyInfo)
return 0;
dll = LoadLibrary("crypt32");
if (dll == NULL) {
wpa_printf(MSG_DEBUG, "CryptoAPI: Could not load crypt32 "
"library");
- return -1;
- }
-
- CertCreateCertificateContext = (void *) GetProcAddress(
- dll, "CertCreateCertificateContext");
- if (CertCreateCertificateContext == NULL) {
- wpa_printf(MSG_DEBUG, "CryptoAPI: Could not get "
- "CertCreateCertificateContext() address from "
- "crypt32 library");
return -1;
}
Modified: wpasupplicant/trunk/src/crypto/crypto_internal.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/crypto/crypto_internal.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/crypto/crypto_internal.c (original)
+++ wpasupplicant/trunk/src/crypto/crypto_internal.c Fri Jan 29 13:29:50 2010
@@ -435,6 +435,7 @@
}
+#ifdef EAP_TLS_FUNCS
static struct crypto_private_key *
crypto_pkcs8_key_import(const u8 *buf, size_t len)
{
@@ -536,6 +537,7 @@
return (struct crypto_private_key *)
crypto_rsa_import_private_key(hdr.payload, hdr.length);
}
+#endif /* EAP_TLS_FUNCS */
struct crypto_private_key * crypto_private_key_import(const u8 *key,
Modified: wpasupplicant/trunk/src/crypto/dh_groups.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/crypto/dh_groups.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/crypto/dh_groups.c (original)
+++ wpasupplicant/trunk/src/crypto/dh_groups.c Fri Jan 29 13:29:50 2010
@@ -19,6 +19,8 @@
#include "dh_groups.h"
+#ifdef ALL_DH_GROUPS
+
/* RFC 4306, B.1. Group 1 - 768 Bit MODP
* Generator: 2
* Prime: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
@@ -62,6 +64,8 @@
0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
+
+#endif /* ALL_DH_GROUPS */
/* RFC 3526, 2. Group 5 - 1536 Bit MODP
* Generator: 2
@@ -94,6 +98,8 @@
0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x23, 0x73, 0x27,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
+
+#ifdef ALL_DH_GROUPS
/* RFC 3526, 3. Group 14 - 2048 Bit MODP
* Generator: 2
@@ -503,6 +509,8 @@
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
+#endif /* ALL_DH_GROUPS */
+
#define DH_GROUP(id) \
{ id, dh_group ## id ## _generator, sizeof(dh_group ## id ## _generator), \
@@ -510,14 +518,16 @@
static struct dh_group dh_groups[] = {
+ DH_GROUP(5),
+#ifdef ALL_DH_GROUPS
DH_GROUP(1),
DH_GROUP(2),
- DH_GROUP(5),
DH_GROUP(14),
DH_GROUP(15),
DH_GROUP(16),
DH_GROUP(17),
DH_GROUP(18)
+#endif /* ALL_DH_GROUPS */
};
#define NUM_DH_GROUPS (sizeof(dh_groups) / sizeof(dh_groups[0]))
Modified: wpasupplicant/trunk/src/crypto/ms_funcs.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/crypto/ms_funcs.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/crypto/ms_funcs.c (original)
+++ wpasupplicant/trunk/src/crypto/ms_funcs.c Fri Jan 29 13:29:50 2010
@@ -379,7 +379,7 @@
*/
pos = &pw_block[2 * 256];
WPA_PUT_LE16(pos, password_len * 2);
- rc4(pw_block, PWBLOCK_LEN, password_hash, 16);
+ rc4_skip(password_hash, 16, 0, pw_block, PWBLOCK_LEN);
return 0;
}
Modified: wpasupplicant/trunk/src/crypto/rc4.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/crypto/rc4.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/crypto/rc4.c (original)
+++ wpasupplicant/trunk/src/crypto/rc4.c Fri Jan 29 13:29:50 2010
@@ -68,19 +68,3 @@
*pos++ ^= S[(S[i] + S[j]) & 0xff];
}
}
-
-
-/**
- * rc4 - XOR RC4 stream to given data
- * @buf: data to be XOR'ed with RC4 stream
- * @len: buf length
- * @key: RC4 key
- * @key_len: RC4 key length
- *
- * Generate RC4 pseudo random stream for the given key and XOR this with the
- * data buffer to perform RC4 encryption/decryption.
- */
-void rc4(u8 *buf, size_t len, const u8 *key, size_t key_len)
-{
- rc4_skip(key, key_len, 0, buf, len);
-}
Modified: wpasupplicant/trunk/src/crypto/rc4.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/crypto/rc4.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/crypto/rc4.h (original)
+++ wpasupplicant/trunk/src/crypto/rc4.h Fri Jan 29 13:29:50 2010
@@ -17,6 +17,5 @@
void rc4_skip(const u8 *key, size_t keylen, size_t skip,
u8 *data, size_t data_len);
-void rc4(u8 *buf, size_t len, const u8 *key, size_t key_len);
#endif /* RC4_H */
Modified: wpasupplicant/trunk/src/crypto/sha1.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/crypto/sha1.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/crypto/sha1.c (original)
+++ wpasupplicant/trunk/src/crypto/sha1.c Fri Jan 29 13:29:50 2010
@@ -606,8 +606,8 @@
} CHAR64LONG16;
CHAR64LONG16* block;
#ifdef SHA1HANDSOFF
- u32 workspace[16];
- block = (CHAR64LONG16 *) workspace;
+ CHAR64LONG16 workspace;
+ block = &workspace;
os_memcpy(block, buffer, 64);
#else
block = (CHAR64LONG16 *) buffer;
Modified: wpasupplicant/trunk/src/crypto/tls.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/crypto/tls.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/crypto/tls.h (original)
+++ wpasupplicant/trunk/src/crypto/tls.h Fri Jan 29 13:29:50 2010
@@ -33,6 +33,9 @@
const char *pkcs11_engine_path;
const char *pkcs11_module_path;
};
+
+#define TLS_CONN_ALLOW_SIGN_RSA_MD5 BIT(0)
+#define TLS_CONN_DISABLE_TIME_CHECKS BIT(1)
/**
* struct tls_connection_params - Parameters for TLS connection
@@ -68,6 +71,7 @@
* @cert_id: the certificate's id when using engine
* @ca_cert_id: the CA certificate's id when using engine
* @tls_ia: Whether to enable TLS/IA (for EAP-TTLSv1)
+ * @flags: Parameter options (TLS_CONN_*)
*
* TLS connection parameters to be configured with tls_connection_set_params()
* and tls_global_set_params().
@@ -103,6 +107,8 @@
const char *key_id;
const char *cert_id;
const char *ca_cert_id;
+
+ unsigned int flags;
};
Modified: wpasupplicant/trunk/src/crypto/tls_gnutls.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/crypto/tls_gnutls.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/crypto/tls_gnutls.c (original)
+++ wpasupplicant/trunk/src/crypto/tls_gnutls.c Fri Jan 29 13:29:50 2010
@@ -35,8 +35,12 @@
#include "tls.h"
+#ifndef TLS_RANDOM_SIZE
#define TLS_RANDOM_SIZE 32
+#endif
+#ifndef TLS_MASTER_SIZE
#define TLS_MASTER_SIZE 48
+#endif
#if LIBGNUTLS_VERSION_NUMBER < 0x010302
@@ -591,6 +595,17 @@
return -1;
}
}
+
+ if (params->flags & TLS_CONN_ALLOW_SIGN_RSA_MD5) {
+ gnutls_certificate_set_verify_flags(
+ conn->xcred, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5);
+ }
+
+ if (params->flags & TLS_CONN_DISABLE_TIME_CHECKS) {
+ gnutls_certificate_set_verify_flags(
+ conn->xcred,
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS);
+ }
}
if (params->client_cert && params->private_key) {
@@ -711,6 +726,18 @@
goto fail;
}
}
+
+ if (params->flags & TLS_CONN_ALLOW_SIGN_RSA_MD5) {
+ gnutls_certificate_set_verify_flags(
+ global->xcred,
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5);
+ }
+
+ if (params->flags & TLS_CONN_DISABLE_TIME_CHECKS) {
+ gnutls_certificate_set_verify_flags(
+ global->xcred,
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS);
+ }
}
if (params->client_cert && params->private_key) {
@@ -843,7 +870,8 @@
}
-static int tls_connection_verify_peer(struct tls_connection *conn)
+static int tls_connection_verify_peer(struct tls_connection *conn,
+ gnutls_alert_description_t *err)
{
unsigned int status, num_certs, i;
struct os_time now;
@@ -853,22 +881,39 @@
if (gnutls_certificate_verify_peers2(conn->session, &status) < 0) {
wpa_printf(MSG_INFO, "TLS: Failed to verify peer "
"certificate chain");
+ *err = GNUTLS_A_INTERNAL_ERROR;
return -1;
}
if (conn->verify_peer && (status & GNUTLS_CERT_INVALID)) {
wpa_printf(MSG_INFO, "TLS: Peer certificate not trusted");
+ if (status & GNUTLS_CERT_INSECURE_ALGORITHM) {
+ wpa_printf(MSG_INFO, "TLS: Certificate uses insecure "
+ "algorithm");
+ *err = GNUTLS_A_INSUFFICIENT_SECURITY;
+ }
+ if (status & GNUTLS_CERT_NOT_ACTIVATED) {
+ wpa_printf(MSG_INFO, "TLS: Certificate not yet "
+ "activated");
+ *err = GNUTLS_A_CERTIFICATE_EXPIRED;
+ }
+ if (status & GNUTLS_CERT_EXPIRED) {
+ wpa_printf(MSG_INFO, "TLS: Certificate expired");
+ *err = GNUTLS_A_CERTIFICATE_EXPIRED;
+ }
return -1;
}
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
wpa_printf(MSG_INFO, "TLS: Peer certificate does not have a "
"known issuer");
+ *err = GNUTLS_A_UNKNOWN_CA;
return -1;
}
if (status & GNUTLS_CERT_REVOKED) {
wpa_printf(MSG_INFO, "TLS: Peer certificate has been revoked");
+ *err = GNUTLS_A_CERTIFICATE_REVOKED;
return -1;
}
@@ -878,6 +923,7 @@
if (certs == NULL) {
wpa_printf(MSG_INFO, "TLS: No peer certificate chain "
"received");
+ *err = GNUTLS_A_UNKNOWN_CA;
return -1;
}
@@ -887,6 +933,7 @@
if (gnutls_x509_crt_init(&cert) < 0) {
wpa_printf(MSG_INFO, "TLS: Certificate initialization "
"failed");
+ *err = GNUTLS_A_BAD_CERTIFICATE;
return -1;
}
@@ -895,6 +942,7 @@
wpa_printf(MSG_INFO, "TLS: Could not parse peer "
"certificate %d/%d", i + 1, num_certs);
gnutls_x509_crt_deinit(cert);
+ *err = GNUTLS_A_BAD_CERTIFICATE;
return -1;
}
@@ -920,6 +968,7 @@
"not valid at this time",
i + 1, num_certs);
gnutls_x509_crt_deinit(cert);
+ *err = GNUTLS_A_CERTIFICATE_EXPIRED;
return -1;
}
@@ -981,12 +1030,15 @@
}
} else {
size_t size;
-
- if (conn->verify_peer && tls_connection_verify_peer(conn)) {
+ gnutls_alert_description_t err;
+
+ if (conn->verify_peer &&
+ tls_connection_verify_peer(conn, &err)) {
wpa_printf(MSG_INFO, "TLS: Peer certificate chain "
"failed validation");
conn->failed++;
- return NULL;
+ gnutls_alert_send(conn->session, GNUTLS_AL_FATAL, err);
+ goto out;
}
#ifdef CONFIG_GNUTLS_EXTRA
@@ -1023,6 +1075,7 @@
}
}
+out:
out_data = conn->push_buf;
*out_len = conn->push_buf_len;
conn->push_buf = NULL;
Modified: wpasupplicant/trunk/src/crypto/tls_openssl.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/crypto/tls_openssl.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/crypto/tls_openssl.c (original)
+++ wpasupplicant/trunk/src/crypto/tls_openssl.c Fri Jan 29 13:29:50 2010
@@ -108,71 +108,9 @@
* MinGW does not yet include all the needed definitions for CryptoAPI, so
* define here whatever extra is needed.
*/
-#define CALG_SSL3_SHAMD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SSL3SHAMD5)
#define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16)
#define CERT_STORE_READONLY_FLAG 0x00008000
#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
-#define CRYPT_ACQUIRE_COMPARE_KEY_FLAG 0x00000004
-
-static BOOL WINAPI
-(*CryptAcquireCertificatePrivateKey)(PCCERT_CONTEXT pCert, DWORD dwFlags,
- void *pvReserved, HCRYPTPROV *phCryptProv,
- DWORD *pdwKeySpec, BOOL *pfCallerFreeProv)
-= NULL; /* to be loaded from crypt32.dll */
-
-#ifdef CONFIG_MINGW32_LOAD_CERTENUM
-static PCCERT_CONTEXT WINAPI
-(*CertEnumCertificatesInStore)(HCERTSTORE hCertStore,
- PCCERT_CONTEXT pPrevCertContext)
-= NULL; /* to be loaded from crypt32.dll */
-#endif /* CONFIG_MINGW32_LOAD_CERTENUM */
-
-static int mingw_load_crypto_func(void)
-{
- HINSTANCE dll;
-
- /* MinGW does not yet have full CryptoAPI support, so load the needed
- * function here. */
-
- if (CryptAcquireCertificatePrivateKey)
- return 0;
-
- dll = LoadLibrary("crypt32");
- if (dll == NULL) {
- wpa_printf(MSG_DEBUG, "CryptoAPI: Could not load crypt32 "
- "library");
- return -1;
- }
-
- CryptAcquireCertificatePrivateKey = GetProcAddress(
- dll, "CryptAcquireCertificatePrivateKey");
- if (CryptAcquireCertificatePrivateKey == NULL) {
- wpa_printf(MSG_DEBUG, "CryptoAPI: Could not get "
- "CryptAcquireCertificatePrivateKey() address from "
- "crypt32 library");
- return -1;
- }
-
-#ifdef CONFIG_MINGW32_LOAD_CERTENUM
- CertEnumCertificatesInStore = (void *) GetProcAddress(
- dll, "CertEnumCertificatesInStore");
- if (CertEnumCertificatesInStore == NULL) {
- wpa_printf(MSG_DEBUG, "CryptoAPI: Could not get "
- "CertEnumCertificatesInStore() address from "
- "crypt32 library");
- return -1;
- }
-#endif /* CONFIG_MINGW32_LOAD_CERTENUM */
-
- return 0;
-}
-
-#else /* __MINGW32_VERSION */
-
-static int mingw_load_crypto_func(void)
-{
- return 0;
-}
#endif /* __MINGW32_VERSION */
@@ -403,9 +341,6 @@
goto err;
}
- if (mingw_load_crypto_func())
- goto err;
-
if (!CryptAcquireCertificatePrivateKey(priv->cert,
CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
NULL, &priv->crypt_prov,
@@ -475,9 +410,6 @@
#ifdef UNICODE
WCHAR *wstore;
#endif /* UNICODE */
-
- if (mingw_load_crypto_func())
- return -1;
if (name == NULL || strncmp(name, "cert_store://", 13) != 0)
return -1;
@@ -735,11 +667,23 @@
if (tls_openssl_ref_count == 0) {
SSL_load_error_strings();
SSL_library_init();
+#ifndef OPENSSL_NO_SHA256
+ EVP_add_digest(EVP_sha256());
+#endif /* OPENSSL_NO_SHA256 */
/* TODO: if /dev/urandom is available, PRNG is seeded
* automatically. If this is not the case, random data should
* be added here. */
#ifdef PKCS12_FUNCS
+#ifndef OPENSSL_NO_RC2
+ /*
+ * 40-bit RC2 is commonly used in PKCS#12 files, so enable it.
+ * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8
+ * versions, but it looks like OpenSSL 1.0.0 does not do that
+ * anymore.
+ */
+ EVP_add_cipher(EVP_rc2_40_cbc());
+#endif /* OPENSSL_NO_RC2 */
PKCS12_PBE_add();
#endif /* PKCS12_FUNCS */
}
@@ -2105,9 +2049,18 @@
if (*appl_data) {
res = SSL_read(conn->ssl, *appl_data, in_len);
if (res < 0) {
- tls_show_errors(MSG_INFO, __func__,
- "Failed to read possible "
- "Application Data");
+ int err = SSL_get_error(conn->ssl, res);
+ if (err == SSL_ERROR_WANT_READ ||
+ err == SSL_ERROR_WANT_WRITE) {
+ wpa_printf(MSG_DEBUG,
+ "SSL: No Application Data "
+ "included");
+ } else {
+ tls_show_errors(MSG_INFO, __func__,
+ "Failed to read "
+ "possible "
+ "Application Data");
+ }
os_free(*appl_data);
*appl_data = NULL;
} else {
Modified: wpasupplicant/trunk/src/drivers/driver.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/drivers/driver.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/drivers/driver.h (original)
+++ wpasupplicant/trunk/src/drivers/driver.h Fri Jan 29 13:29:50 2010
@@ -131,7 +131,7 @@
* @ifname: Interface name that can be used with init() or init2()
* @desc: Human readable adapter description (e.g., vendor/model) or NULL if
* not available
- * @drv_bame: struct wpa_driver_ops::name (note: unlike other strings, this one
+ * @drv_name: struct wpa_driver_ops::name (note: unlike other strings, this one
* is not an allocated copy, i.e., get_interfaces() caller will not free
* this)
*/
@@ -702,7 +702,7 @@
int (*flush_pmkid)(void *priv);
/**
- * flush_pmkid - Flush PMKSA cache
+ * get_capa - Get driver capabilities
* @priv: private driver interface data
*
* Returns: 0 on success, -1 on failure
Modified: wpasupplicant/trunk/src/drivers/driver_bsd.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/drivers/driver_bsd.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/drivers/driver_bsd.c (original)
+++ wpasupplicant/trunk/src/drivers/driver_bsd.c Fri Jan 29 13:29:50 2010
@@ -386,10 +386,6 @@
/* XXX error handling is wrong but unclear what to do... */
if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0)
return -1;
-#ifndef NEW_FREEBSD_MLME_ASSOC
- if (wpa_driver_bsd_set_ssid(drv, params->ssid, params->ssid_len) < 0)
- return -1;
-#endif
privacy = !(params->pairwise_suite == CIPHER_NONE &&
params->group_suite == CIPHER_NONE &&
@@ -407,11 +403,9 @@
os_memset(&mlme, 0, sizeof(mlme));
mlme.im_op = IEEE80211_MLME_ASSOC;
-#ifdef NEW_FREEBSD_MLME_ASSOC
if (params->ssid != NULL)
os_memcpy(mlme.im_ssid, params->ssid, params->ssid_len);
mlme.im_ssid_len = params->ssid_len;
-#endif
if (params->bssid != NULL)
os_memcpy(mlme.im_macaddr, params->bssid, IEEE80211_ADDR_LEN);
if (set80211var(drv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme)) < 0)
Modified: wpasupplicant/trunk/src/drivers/driver_madwifi.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/drivers/driver_madwifi.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/drivers/driver_madwifi.c (original)
+++ wpasupplicant/trunk/src/drivers/driver_madwifi.c Fri Jan 29 13:29:50 2010
@@ -11,6 +11,10 @@
* license.
*
* See README and COPYING for more details.
+ *
+ * Please note that madwifi supports WPA configuration via Linux wireless
+ * extensions and if the kernel includes support for this, driver_wext.c should
+ * be used instead of this driver wrapper.
*/
#include "includes.h"
Modified: wpasupplicant/trunk/src/drivers/driver_ndiswrapper.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/drivers/driver_ndiswrapper.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/drivers/driver_ndiswrapper.c (original)
+++ wpasupplicant/trunk/src/drivers/driver_ndiswrapper.c Fri Jan 29 13:29:50 2010
@@ -11,6 +11,10 @@
* license.
*
* See README and COPYING for more details.
+ *
+ * Please note that ndiswrapper supports WPA configuration via Linux wireless
+ * extensions and if the kernel includes support for this, driver_wext.c should
+ * be used instead of this driver wrapper.
*/
#include "includes.h"
@@ -345,7 +349,7 @@
const struct wpa_driver_ops wpa_driver_ndiswrapper_ops = {
.name = "ndiswrapper",
- .desc = "Linux ndiswrapper",
+ .desc = "Linux ndiswrapper (deprecated; use wext)",
.set_wpa = wpa_ndiswrapper_set_wpa,
.set_key = wpa_ndiswrapper_set_key,
.set_countermeasures = wpa_ndiswrapper_set_countermeasures,
Modified: wpasupplicant/trunk/src/drivers/driver_nl80211.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/drivers/driver_nl80211.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/drivers/driver_nl80211.c (original)
+++ wpasupplicant/trunk/src/drivers/driver_nl80211.c Fri Jan 29 13:29:50 2010
@@ -241,8 +241,9 @@
req.ifinfo.ifi_change = 0;
if (linkmode != -1) {
- rta = (struct rtattr *)
- ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
+ rta = aliasing_hide_typecast(
+ ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len)),
+ struct rtattr);
rta->rta_type = IFLA_LINKMODE;
rta->rta_len = RTA_LENGTH(sizeof(char));
*((char *) RTA_DATA(rta)) = linkmode;
@@ -981,6 +982,9 @@
}
switch (gnlh->cmd) {
+ case NL80211_CMD_TRIGGER_SCAN:
+ wpa_printf(MSG_DEBUG, "nl80211: Scan trigger");
+ break;
case NL80211_CMD_NEW_SCAN_RESULTS:
wpa_printf(MSG_DEBUG, "nl80211: New scan results available");
drv->scan_complete_events = 1;
@@ -1517,6 +1521,12 @@
{
int flags;
+ drv->ifindex = if_nametoindex(drv->ifname);
+
+ if (wpa_driver_nl80211_set_mode(drv, 0) < 0) {
+ printf("Could not configure driver to use managed mode\n");
+ }
+
if (wpa_driver_nl80211_get_ifflags(drv, &flags) != 0)
printf("Could not get interface '%s' flags\n", drv->ifname);
else if (!(flags & IFF_UP)) {
@@ -1531,13 +1541,7 @@
*/
wpa_driver_nl80211_flush_pmkid(drv);
- if (wpa_driver_nl80211_set_mode(drv, 0) < 0) {
- printf("Could not configure driver to use managed mode\n");
- }
-
wpa_driver_nl80211_get_range(drv);
-
- drv->ifindex = if_nametoindex(drv->ifname);
wpa_driver_nl80211_send_oper_ifla(drv, 1, IF_OPER_DORMANT);
}
@@ -1844,6 +1848,9 @@
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
+ drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
+ WPA_DRIVER_AUTH_SHARED |
+ WPA_DRIVER_AUTH_LEAP;
wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x",
drv->capa.key_mgmt, drv->capa.enc);
} else {
@@ -1907,6 +1914,11 @@
case WPA_ALG_CCMP:
NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC04);
break;
+#ifdef CONFIG_IEEE80211W
+ case WPA_ALG_IGTK:
+ NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC06);
+ break;
+#endif /* CONFIG_IEEE80211W */
default:
nlmsg_free(msg);
return -1;
@@ -2252,7 +2264,8 @@
goto try_again;
nla_put_failure:
- wpa_printf(MSG_ERROR, "nl80211: Failed to set interface mode");
+ wpa_printf(MSG_ERROR, "nl80211: Failed to set interface mode: %d (%s)",
+ ret, strerror(-ret));
return -1;
try_again:
@@ -2277,7 +2290,8 @@
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
if (ret) {
wpa_printf(MSG_ERROR, "Failed to set interface %s "
- "mode", drv->ifname);
+ "mode(try_again): %d (%s)",
+ drv->ifname, ret, strerror(-ret));
}
/* Ignore return value of get_ifflags to ensure that the device
@@ -2512,7 +2526,7 @@
/* crude heuristic */
if (mode->channels[idx].freq < 4000) {
- if (mode->channels[idx].freq == 2848)
+ if (mode->channels[idx].freq == 2484)
mode->channels[idx].chan = 14;
else
mode->channels[idx].chan =
Modified: wpasupplicant/trunk/src/drivers/driver_roboswitch.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/drivers/driver_roboswitch.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/drivers/driver_roboswitch.c (original)
+++ wpasupplicant/trunk/src/drivers/driver_roboswitch.c Fri Jan 29 13:29:50 2010
@@ -16,12 +16,18 @@
#include <sys/ioctl.h>
#include <linux/if.h>
#include <linux/sockios.h>
+#include <linux/if_ether.h>
#include <linux/mii.h>
#include "common.h"
#include "driver.h"
-
-#define ROBO_PHY_ADDR 0x1E /* RoboSwitch PHY address */
+#include "l2_packet/l2_packet.h"
+
+#ifndef ETH_P_EAPOL
+#define ETH_P_EAPOL 0x888e
+#endif
+
+#define ROBO_PHY_ADDR 0x1e /* RoboSwitch PHY address */
/* MII access registers */
#define ROBO_MII_PAGE 0x10 /* MII page register */
@@ -46,10 +52,10 @@
#define ROBO_ARLCTRL_VEC_2 0x26 /* Multiport vector 2 */
/* VLAN page registers */
-#define ROBO_VLAN_ACCESS 0x06 /* VLAN table Access register */
-#define ROBO_VLAN_ACCESS_5365 0x08 /* VLAN table Access register (5365) */
-#define ROBO_VLAN_READ 0x0C /* VLAN read register */
-#define ROBO_VLAN_MAX 0xFF /* Maximum number of VLANs */
+#define ROBO_VLAN_ACCESS 0x08 /* VLAN table access register */
+#define ROBO_VLAN_ACCESS_5350 0x06 /* VLAN table access register (5350) */
+#define ROBO_VLAN_READ 0x0c /* VLAN read register */
+#define ROBO_VLAN_MAX 0xff /* Maximum number of VLANs */
static const u8 pae_group_addr[ETH_ALEN] =
@@ -58,9 +64,11 @@
struct wpa_driver_roboswitch_data {
void *ctx;
+ struct l2_packet_data *l2;
char ifname[IFNAMSIZ + 1];
+ u8 own_addr[ETH_ALEN];
struct ifreq ifr;
- int fd;
+ int fd, is_5350;
u16 ports;
};
@@ -69,6 +77,18 @@
static inline struct mii_ioctl_data *if_mii(struct ifreq *rq)
{
return (struct mii_ioctl_data *) &rq->ifr_ifru;
+}
+
+
+/*
+ * RoboSwitch uses 16-bit Big Endian addresses.
+ * The ordering of the words is reversed in the MII registers.
+ */
+static void wpa_driver_roboswitch_addr_be16(const u8 addr[ETH_ALEN], u16 *be)
+{
+ int i;
+ for (i = 0; i < ETH_ALEN; i += 2)
+ be[(ETH_ALEN - i) / 2 - 1] = WPA_GET_BE16(addr + i);
}
@@ -157,6 +177,19 @@
}
+static void wpa_driver_roboswitch_receive(void *priv, const u8 *src_addr,
+ const u8 *buf, size_t len)
+{
+ struct wpa_driver_roboswitch_data *drv = priv;
+
+ if (len > 14 && WPA_GET_BE16(buf + 12) == ETH_P_EAPOL &&
+ os_memcmp(buf, drv->own_addr, ETH_ALEN) == 0) {
+ wpa_supplicant_rx_eapol(drv->ctx, src_addr, buf + 14,
+ len - 14);
+ }
+}
+
+
static int wpa_driver_roboswitch_get_ssid(void *priv, u8 *ssid)
{
ssid[0] = 0;
@@ -172,6 +205,32 @@
}
+static int wpa_driver_roboswitch_set_param(void *priv, const char *param)
+{
+ struct wpa_driver_roboswitch_data *drv = priv;
+ char *sep;
+
+ if (param == NULL || os_strstr(param, "multicast_only=1") == NULL) {
+ sep = drv->ifname + os_strlen(drv->ifname);
+ *sep = '.';
+ drv->l2 = l2_packet_init(drv->ifname, NULL, ETH_P_ALL,
+ wpa_driver_roboswitch_receive, drv,
+ 1);
+ if (drv->l2 == NULL) {
+ wpa_printf(MSG_INFO, "%s: Unable to listen on %s",
+ __func__, drv->ifname);
+ return -1;
+ }
+ *sep = '\0';
+ l2_packet_get_own_addr(drv->l2, drv->own_addr);
+ } else {
+ wpa_printf(MSG_DEBUG, "%s: Ignoring unicast frames", __func__);
+ drv->l2 = NULL;
+ }
+ return 0;
+}
+
+
static const char * wpa_driver_roboswitch_get_ifname(void *priv)
{
struct wpa_driver_roboswitch_data *drv = priv;
@@ -180,137 +239,109 @@
static int wpa_driver_roboswitch_join(struct wpa_driver_roboswitch_data *drv,
- const u8 *addr)
-{
- int i;
- u16 _read, zero = 0;
- /* For reasons of simplicity we assume ETH_ALEN is even. */
- u16 addr_word[ETH_ALEN / 2];
- /* RoboSwitch uses 16-bit Big Endian addresses. */
- /* The ordering of the words is reversed in the MII registers. */
- for (i = 0; i < ETH_ALEN; i += 2)
- addr_word[(ETH_ALEN - i) / 2 - 1] = WPA_GET_BE16(addr + i);
-
- /* check if multiport addresses are not yet enabled */
+ u16 ports, const u8 *addr)
+{
+ u16 read1[3], read2[3], addr_be16[3];
+
+ wpa_driver_roboswitch_addr_be16(addr, addr_be16);
+
if (wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_CONF, &_read, 1) < 0)
+ ROBO_ARLCTRL_CONF, read1, 1) < 0)
return -1;
-
- if (!(_read & (1 << 4))) {
- _read |= 1 << 4;
- wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_ADDR_1, addr_word, 3);
- wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_VEC_1, &drv->ports,
- 1);
- wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_VEC_2, &zero, 1);
- wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_CONF, &_read, 1);
- return 0;
- }
-
- /* check if multiport address 1 is free */
+ if (!(read1[0] & (1 << 4))) {
+ /* multiport addresses are not yet enabled */
+ read1[0] |= 1 << 4;
+ wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_ADDR_1, addr_be16, 3);
+ wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_VEC_1, &ports, 1);
+ wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_ADDR_2, addr_be16, 3);
+ wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_VEC_2, &ports, 1);
+ wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_CONF, read1, 1);
+ } else {
+ /* if both multiport addresses are the same we can add */
+ wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_ADDR_1, read1, 3);
+ wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_ADDR_2, read2, 3);
+ if (os_memcmp(read1, read2, 6) != 0)
+ return -1;
+ wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_VEC_1, read1, 1);
+ wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_VEC_2, read2, 1);
+ if (read1[0] != read2[0])
+ return -1;
+ wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_ADDR_1, addr_be16, 3);
+ wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_VEC_1, &ports, 1);
+ }
+ return 0;
+}
+
+
+static int wpa_driver_roboswitch_leave(struct wpa_driver_roboswitch_data *drv,
+ u16 ports, const u8 *addr)
+{
+ u16 _read, addr_be16[3], addr_read[3], ports_read;
+
+ wpa_driver_roboswitch_addr_be16(addr, addr_be16);
+
+ wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE, ROBO_ARLCTRL_CONF,
+ &_read, 1);
+ /* If ARL control is disabled, there is nothing to leave. */
+ if (!(_read & (1 << 4))) return -1;
+
+ wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_ADDR_1, addr_read, 3);
wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE, ROBO_ARLCTRL_VEC_1,
- &_read, 1);
- if (_read == 0) {
- wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_ADDR_1, addr_word, 3);
- wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_VEC_1, &drv->ports,
- 1);
- return 0;
- }
- /* check if multiport address 2 is free */
- wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE, ROBO_ARLCTRL_VEC_2,
- &_read, 1);
- if (_read == 0) {
- wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_ADDR_2, addr_word, 3);
- wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_VEC_2, &drv->ports,
- 1);
- return 0;
- }
-
- /* out of free multiport addresses */
- return -1;
-}
-
-
-static int wpa_driver_roboswitch_leave(struct wpa_driver_roboswitch_data *drv,
- const u8 *addr)
-{
- int i;
- u16 _read[3], zero = 0;
- u16 addr_word[ETH_ALEN / 2]; /* same as at join */
-
- for (i = 0; i < ETH_ALEN; i += 2)
- addr_word[(ETH_ALEN - i) / 2 - 1] = WPA_GET_BE16(addr + i);
-
- /* check if multiport address 1 was used */
- wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE, ROBO_ARLCTRL_VEC_1,
- _read, 1);
- if (_read[0] == drv->ports) {
- wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_ADDR_1, _read, 3);
- if (os_memcmp(_read, addr_word, 6) == 0) {
+ &ports_read, 1);
+ /* check if we occupy multiport address 1 */
+ if (os_memcmp(addr_read, addr_be16, 6) == 0 && ports_read == ports) {
+ wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_ADDR_2, addr_read, 3);
+ wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_VEC_2, &ports_read, 1);
+ /* and multiport address 2 */
+ if (os_memcmp(addr_read, addr_be16, 6) == 0 &&
+ ports_read == ports) {
+ _read &= ~(1 << 4);
wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_VEC_1, &zero,
- 1);
- goto clean_up;
- }
- }
-
- /* check if multiport address 2 was used */
- wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE, ROBO_ARLCTRL_VEC_2,
- _read, 1);
- if (_read[0] == drv->ports) {
- wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_ADDR_2, _read, 3);
- if (os_memcmp(_read, addr_word, 6) == 0) {
- wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_VEC_2, &zero,
- 1);
- goto clean_up;
- }
- }
-
- /* used multiport address not found */
- return -1;
-
-clean_up:
- /* leave the multiport registers in a sane state */
- wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE, ROBO_ARLCTRL_VEC_1,
- _read, 1);
- if (_read[0] == 0) {
- wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_VEC_2, _read, 1);
- if (_read[0] == 0) {
- wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_CONF, _read,
- 1);
- _read[0] &= ~(1 << 4);
- wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_CONF, _read,
+ ROBO_ARLCTRL_CONF, &_read,
1);
} else {
wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_ADDR_2, _read,
- 3);
+ ROBO_ARLCTRL_ADDR_1,
+ addr_read, 3);
+ wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_VEC_1,
+ &ports_read, 1);
wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_ADDR_1, _read,
- 3);
- wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_VEC_2, _read,
- 1);
+ ROBO_ARLCTRL_ADDR_2,
+ addr_read, 3);
wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_VEC_1, _read,
- 1);
+ ROBO_ARLCTRL_VEC_2,
+ &ports_read, 1);
+ }
+ } else {
+ wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_ADDR_2, addr_read, 3);
+ wpa_driver_roboswitch_read(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_VEC_2, &ports_read, 1);
+ /* or multiport address 2 */
+ if (os_memcmp(addr_read, addr_be16, 6) == 0 &&
+ ports_read == ports) {
wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
- ROBO_ARLCTRL_VEC_2, &zero,
- 1);
- }
+ ROBO_ARLCTRL_ADDR_1,
+ addr_read, 3);
+ wpa_driver_roboswitch_write(drv, ROBO_ARLCTRL_PAGE,
+ ROBO_ARLCTRL_VEC_1,
+ &ports_read, 1);
+ } else return -1;
}
return 0;
}
@@ -319,40 +350,35 @@
static void * wpa_driver_roboswitch_init(void *ctx, const char *ifname)
{
struct wpa_driver_roboswitch_data *drv;
- int len = -1, sep = -1;
- u16 vlan_max = ROBO_VLAN_MAX, vlan = 0, vlan_read[2];
+ char *sep;
+ u16 vlan = 0, _read[2];
drv = os_zalloc(sizeof(*drv));
if (drv == NULL) return NULL;
drv->ctx = ctx;
-
- while (ifname[++len]) {
- if (ifname[len] == '.')
- sep = len;
- }
- if (sep < 0 || sep >= len - 1) {
+ drv->own_addr[0] = '\0';
+
+ /* copy ifname and take a pointer to the second to last character */
+ sep = drv->ifname +
+ os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname)) - 2;
+ /* find the '.' seperating <interface> and <vlan> */
+ while (sep > drv->ifname && *sep != '.') sep--;
+ if (sep <= drv->ifname) {
wpa_printf(MSG_INFO, "%s: No <interface>.<vlan> pair in "
- "interface name %s", __func__, ifname);
- os_free(drv);
- return NULL;
- }
- if (sep > IFNAMSIZ) {
- wpa_printf(MSG_INFO, "%s: Interface name %s is too long",
- __func__, ifname);
- os_free(drv);
- return NULL;
- }
- os_memcpy(drv->ifname, ifname, sep);
- drv->ifname[sep] = '\0';
- while (++sep < len) {
- if (ifname[sep] < '0' || ifname[sep] > '9') {
+ "interface name %s", __func__, drv->ifname);
+ os_free(drv);
+ return NULL;
+ }
+ *sep = '\0';
+ while (*++sep) {
+ if (*sep < '0' || *sep > '9') {
wpa_printf(MSG_INFO, "%s: Invalid vlan specification "
"in interface name %s", __func__, ifname);
os_free(drv);
return NULL;
}
vlan *= 10;
- vlan += ifname[sep] - '0';
+ vlan += *sep - '0';
if (vlan > ROBO_VLAN_MAX) {
wpa_printf(MSG_INFO, "%s: VLAN out of range in "
"interface name %s", __func__, ifname);
@@ -382,31 +408,32 @@
return NULL;
}
+ /* set and read back to see if the register can be used */
+ _read[0] = ROBO_VLAN_MAX;
+ wpa_driver_roboswitch_write(drv, ROBO_VLAN_PAGE, ROBO_VLAN_ACCESS_5350,
+ _read, 1);
+ wpa_driver_roboswitch_read(drv, ROBO_VLAN_PAGE, ROBO_VLAN_ACCESS_5350,
+ _read + 1, 1);
+ drv->is_5350 = _read[0] == _read[1];
+
/* set the read bit */
vlan |= 1 << 13;
- /* set and read back to see if the register can be used */
- wpa_driver_roboswitch_write(drv, ROBO_VLAN_PAGE, ROBO_VLAN_ACCESS,
- &vlan_max, 1);
- wpa_driver_roboswitch_read(drv, ROBO_VLAN_PAGE, ROBO_VLAN_ACCESS,
- &vlan_max, 1);
- if (vlan_max == ROBO_VLAN_MAX) /* pre-5365 */
- wpa_driver_roboswitch_write(drv, ROBO_VLAN_PAGE,
- ROBO_VLAN_ACCESS, &vlan, 1);
- else /* 5365 uses a different register */
- wpa_driver_roboswitch_write(drv, ROBO_VLAN_PAGE,
- ROBO_VLAN_ACCESS_5365, &vlan, 1);
- wpa_driver_roboswitch_read(drv, ROBO_VLAN_PAGE, ROBO_VLAN_READ,
- vlan_read, 2);
- if (!(vlan_read[1] & (1 << 4))) {
+ wpa_driver_roboswitch_write(drv, ROBO_VLAN_PAGE,
+ drv->is_5350 ? ROBO_VLAN_ACCESS_5350
+ : ROBO_VLAN_ACCESS,
+ &vlan, 1);
+ wpa_driver_roboswitch_read(drv, ROBO_VLAN_PAGE, ROBO_VLAN_READ, _read,
+ drv->is_5350 ? 2 : 1);
+ if (!(drv->is_5350 ? _read[1] & (1 << 4) : _read[0] & (1 << 14))) {
wpa_printf(MSG_INFO, "%s: Could not get port information for "
"VLAN %d", __func__, vlan & ~(1 << 13));
os_free(drv);
return NULL;
}
- drv->ports = vlan_read[0] & 0x001F;
+ drv->ports = _read[0] & 0x001F;
/* add the MII port */
drv->ports |= 1 << 8;
- if (wpa_driver_roboswitch_join(drv, pae_group_addr) < 0) {
+ if (wpa_driver_roboswitch_join(drv, drv->ports, pae_group_addr) < 0) {
wpa_printf(MSG_INFO, "%s: Unable to join PAE group", __func__);
os_free(drv);
return NULL;
@@ -423,7 +450,11 @@
{
struct wpa_driver_roboswitch_data *drv = priv;
- if (wpa_driver_roboswitch_leave(drv, pae_group_addr) < 0) {
+ if (drv->l2) {
+ l2_packet_deinit(drv->l2);
+ drv->l2 = NULL;
+ }
+ if (wpa_driver_roboswitch_leave(drv, drv->ports, pae_group_addr) < 0) {
wpa_printf(MSG_DEBUG, "%s: Unable to leave PAE group",
__func__);
}
@@ -440,5 +471,6 @@
.get_bssid = wpa_driver_roboswitch_get_bssid,
.init = wpa_driver_roboswitch_init,
.deinit = wpa_driver_roboswitch_deinit,
+ .set_param = wpa_driver_roboswitch_set_param,
.get_ifname = wpa_driver_roboswitch_get_ifname,
};
Modified: wpasupplicant/trunk/src/drivers/driver_wext.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/drivers/driver_wext.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/drivers/driver_wext.c (original)
+++ wpasupplicant/trunk/src/drivers/driver_wext.c Fri Jan 29 13:29:50 2010
@@ -35,6 +35,7 @@
static int wpa_driver_wext_flush_pmkid(void *priv);
static int wpa_driver_wext_get_range(void *priv);
static void wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv);
+static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv);
static int wpa_driver_wext_send_oper_ifla(struct wpa_driver_wext_data *drv,
@@ -64,8 +65,9 @@
req.ifinfo.ifi_change = 0;
if (linkmode != -1) {
- rta = (struct rtattr *)
- ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
+ rta = aliasing_hide_typecast(
+ ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len)),
+ struct rtattr);
rta->rta_type = IFLA_LINKMODE;
rta->rta_len = RTA_LENGTH(sizeof(char));
*((char *) RTA_DATA(rta)) = linkmode;
@@ -982,6 +984,13 @@
wpa_driver_wext_get_range(drv);
+ /*
+ * Unlock the driver's BSSID and force to a random SSID to clear any
+ * previous association the driver might have when the supplicant
+ * starts up.
+ */
+ wpa_driver_wext_disconnect(drv);
+
drv->ifindex = if_nametoindex(drv->ifname);
if (os_strncmp(drv->ifname, "wlan", 4) == 0) {
@@ -1021,8 +1030,7 @@
* Clear possibly configured driver parameters in order to make it
* easier to use the driver after wpa_supplicant has been terminated.
*/
- (void) wpa_driver_wext_set_bssid(drv,
- (u8 *) "\x00\x00\x00\x00\x00\x00");
+ wpa_driver_wext_disconnect(drv);
wpa_driver_wext_send_oper_ifla(priv, 0, IF_OPER_UP);
@@ -1608,6 +1616,9 @@
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE)
drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
+ drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
+ WPA_DRIVER_AUTH_SHARED |
+ WPA_DRIVER_AUTH_LEAP;
wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x "
"flags 0x%x",
@@ -1900,21 +1911,36 @@
static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv)
{
+ struct iwreq iwr;
const u8 null_bssid[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 };
u8 ssid[32];
int i;
/*
- * Clear the BSSID selection and set a random SSID to make sure the
- * driver will not be trying to associate with something even if it
- * does not understand SIOCSIWMLME commands (or tries to associate
- * automatically after deauth/disassoc).
+ * Only force-disconnect when the card is in infrastructure mode,
+ * otherwise the driver might interpret the cleared BSSID and random
+ * SSID as an attempt to create a new ad-hoc network.
*/
- wpa_driver_wext_set_bssid(drv, null_bssid);
-
- for (i = 0; i < 32; i++)
- ssid[i] = rand() & 0xFF;
- wpa_driver_wext_set_ssid(drv, ssid, 32);
+ os_memset(&iwr, 0, sizeof(iwr));
+ os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
+ if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
+ perror("ioctl[SIOCGIWMODE]");
+ iwr.u.mode = IW_MODE_INFRA;
+ }
+
+ if (iwr.u.mode == IW_MODE_INFRA) {
+ /*
+ * Clear the BSSID selection and set a random SSID to make sure
+ * the driver will not be trying to associate with something
+ * even if it does not understand SIOCSIWMLME commands (or
+ * tries to associate automatically after deauth/disassoc).
+ */
+ wpa_driver_wext_set_bssid(drv, null_bssid);
+
+ for (i = 0; i < 32; i++)
+ ssid[i] = rand() & 0xFF;
+ wpa_driver_wext_set_ssid(drv, ssid, 32);
+ }
}
@@ -1924,8 +1950,8 @@
struct wpa_driver_wext_data *drv = priv;
int ret;
wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
+ ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
wpa_driver_wext_disconnect(drv);
- ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
return ret;
}
Modified: wpasupplicant/trunk/src/drivers/driver_wired.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/drivers/driver_wired.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/drivers/driver_wired.c (original)
+++ wpasupplicant/trunk/src/drivers/driver_wired.c Fri Jan 29 13:29:50 2010
@@ -18,9 +18,9 @@
#ifdef __linux__
#include <netpacket/packet.h>
#endif /* __linux__ */
-#ifdef __FreeBSD__
+#if defined(__FreeBSD__) || defined(__DragonFly__)
#include <net/if_dl.h>
-#endif /* __FreeBSD__ */
+#endif /* defined(__FreeBSD__) || defined(__DragonFly__) */
#include "common.h"
#include "driver.h"
@@ -118,7 +118,7 @@
ifr.ifr_hwaddr.sa_family = AF_UNSPEC;
os_memcpy(ifr.ifr_hwaddr.sa_data, addr, ETH_ALEN);
#endif /* __linux__ */
-#ifdef __FreeBSD__
+#if defined(__FreeBSD__) || defined(__DragonFly__)
{
struct sockaddr_dl *dlp;
dlp = (struct sockaddr_dl *) &ifr.ifr_addr;
@@ -130,7 +130,16 @@
dlp->sdl_slen = 0;
os_memcpy(LLADDR(dlp), addr, ETH_ALEN);
}
-#endif /* __FreeBSD__ */
+#endif /* defined(__FreeBSD__) || defined(__DragonFly__) */
+#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__APPLE__)
+ {
+ struct sockaddr *sap;
+ sap = (struct sockaddr *) &ifr.ifr_addr;
+ sap->sa_len = sizeof(struct sockaddr);
+ sap->sa_family = AF_UNSPEC;
+ os_memcpy(sap->sa_data, addr, ETH_ALEN);
+ }
+#endif /* defined(__NetBSD__) || defined(__OpenBSD__) || defined(__APPLE__) */
if (ioctl(s, add ? SIOCADDMULTI : SIOCDELMULTI, (caddr_t) &ifr) < 0) {
perror("ioctl[SIOC{ADD/DEL}MULTI]");
Modified: wpasupplicant/trunk/src/eap_peer/eap_methods.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_peer/eap_methods.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_peer/eap_methods.h (original)
+++ wpasupplicant/trunk/src/eap_peer/eap_methods.h Fri Jan 29 13:29:50 2010
@@ -62,6 +62,11 @@
{
}
+static inline char ** eap_get_names_as_string_array(size_t *num)
+{
+ return NULL;
+}
+
#endif /* IEEE8021X_EAPOL */
Modified: wpasupplicant/trunk/src/eap_peer/eap_sim.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_peer/eap_sim.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_peer/eap_sim.c (original)
+++ wpasupplicant/trunk/src/eap_peer/eap_sim.c Fri Jan 29 13:29:50 2010
@@ -468,8 +468,6 @@
wpa_printf(MSG_DEBUG, "Generating EAP-SIM Notification (id=%d)", id);
msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id,
EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION);
- wpa_printf(MSG_DEBUG, " AT_NOTIFICATION");
- eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, notification, NULL, 0);
if (k_aut && data->reauth) {
wpa_printf(MSG_DEBUG, " AT_IV");
wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
Modified: wpasupplicant/trunk/src/eap_peer/eap_tls_common.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_peer/eap_tls_common.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_peer/eap_tls_common.c (original)
+++ wpasupplicant/trunk/src/eap_peer/eap_tls_common.c Fri Jan 29 13:29:50 2010
@@ -42,6 +42,18 @@
*data_len = blob->len;
return 0;
+}
+
+
+static void eap_tls_params_flags(struct tls_connection_params *params,
+ const char *txt)
+{
+ if (txt == NULL)
+ return;
+ if (os_strstr(txt, "tls_allow_md5=1"))
+ params->flags |= TLS_CONN_ALLOW_SIGN_RSA_MD5;
+ if (os_strstr(txt, "tls_disable_time_checks=1"))
+ params->flags |= TLS_CONN_DISABLE_TIME_CHECKS;
}
@@ -62,6 +74,7 @@
params->key_id = config->key_id;
params->cert_id = config->cert_id;
params->ca_cert_id = config->ca_cert_id;
+ eap_tls_params_flags(params, config->phase1);
}
@@ -82,6 +95,7 @@
params->key_id = config->key2_id;
params->cert_id = config->cert2_id;
params->ca_cert_id = config->ca_cert2_id;
+ eap_tls_params_flags(params, config->phase2);
}
Modified: wpasupplicant/trunk/src/eap_peer/eap_ttls.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_peer/eap_ttls.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_peer/eap_ttls.c (original)
+++ wpasupplicant/trunk/src/eap_peer/eap_ttls.c Fri Jan 29 13:29:50 2010
@@ -842,7 +842,7 @@
/* User-Password; in RADIUS, this is encrypted, but EAP-TTLS encrypts
* the data, so no separate encryption is used in the AVP itself.
* However, the password is padded to obfuscate its length. */
- pad = (16 - (password_len & 15)) & 15;
+ pad = password_len == 0 ? 16 : (16 - (password_len & 15)) & 15;
pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_USER_PASSWORD, 0, 1,
password_len + pad);
os_memcpy(pos, password, password_len);
Modified: wpasupplicant/trunk/src/eap_peer/eap_wsc.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_peer/eap_wsc.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_peer/eap_wsc.c (original)
+++ wpasupplicant/trunk/src/eap_peer/eap_wsc.c Fri Jan 29 13:29:50 2010
@@ -144,7 +144,7 @@
if (registrar && cfg.pin) {
wps_registrar_add_pin(data->wps_ctx->registrar, NULL,
- cfg.pin, cfg.pin_len);
+ cfg.pin, cfg.pin_len, 0);
}
return data;
Modified: wpasupplicant/trunk/src/eap_peer/tncc.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_peer/tncc.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_peer/tncc.c (original)
+++ wpasupplicant/trunk/src/eap_peer/tncc.c Fri Jan 29 13:29:50 2010
@@ -1106,6 +1106,7 @@
if (pos >= end || *pos != ' ') {
wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
"(no space after name)", start);
+ os_free(imc->name);
os_free(imc);
return NULL;
}
Modified: wpasupplicant/trunk/src/eap_server/eap.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_server/eap.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_server/eap.c (original)
+++ wpasupplicant/trunk/src/eap_server/eap.c Fri Jan 29 13:29:50 2010
@@ -1261,7 +1261,7 @@
sm->m->reset(sm, sm->eap_method_priv);
wpabuf_free(sm->eap_if.eapReqData);
os_free(sm->eap_if.eapKeyData);
- os_free(sm->lastReqData);
+ wpabuf_free(sm->lastReqData);
wpabuf_free(sm->eap_if.eapRespData);
os_free(sm->identity);
os_free(sm->pac_opaque_encr_key);
Modified: wpasupplicant/trunk/src/eap_server/eap_fast.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_server/eap_fast.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_server/eap_fast.c (original)
+++ wpasupplicant/trunk/src/eap_server/eap_fast.c Fri Jan 29 13:29:50 2010
@@ -71,6 +71,10 @@
int pac_key_lifetime;
int pac_key_refresh_time;
};
+
+
+static int eap_fast_process_phase2_start(struct eap_sm *sm,
+ struct eap_fast_data *data);
static const char * eap_fast_state_txt(int state)
@@ -804,11 +808,48 @@
}
+static int eap_fast_encrypt_phase2(struct eap_sm *sm,
+ struct eap_fast_data *data,
+ struct wpabuf *plain, int piggyback)
+{
+ struct wpabuf *encr;
+
+ wpa_hexdump_buf_key(MSG_DEBUG, "EAP-FAST: Encrypting Phase 2 TLVs",
+ plain);
+ encr = eap_server_tls_encrypt(sm, &data->ssl, wpabuf_mhead(plain),
+ wpabuf_len(plain));
+ wpabuf_free(plain);
+
+ if (data->ssl.out_buf && piggyback) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Piggyback Phase 2 data "
+ "(len=%d) with last Phase 1 Message (len=%d "
+ "used=%d)",
+ (int) wpabuf_len(encr),
+ (int) wpabuf_len(data->ssl.out_buf),
+ (int) data->ssl.out_used);
+ if (wpabuf_resize(&data->ssl.out_buf, wpabuf_len(encr)) < 0) {
+ wpa_printf(MSG_WARNING, "EAP-FAST: Failed to resize "
+ "output buffer");
+ wpabuf_free(encr);
+ return -1;
+ }
+ wpabuf_put_buf(data->ssl.out_buf, encr);
+ wpabuf_free(encr);
+ } else {
+ wpabuf_free(data->ssl.out_buf);
+ data->ssl.out_used = 0;
+ data->ssl.out_buf = encr;
+ }
+
+ return 0;
+}
+
+
static struct wpabuf * eap_fast_buildReq(struct eap_sm *sm, void *priv, u8 id)
{
struct eap_fast_data *data = priv;
struct wpabuf *req = NULL;
- struct wpabuf *encr;
+ int piggyback = 0;
if (data->ssl.state == FRAG_ACK) {
return eap_server_tls_build_ack(id, EAP_TYPE_FAST,
@@ -827,6 +868,19 @@
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
if (eap_fast_phase1_done(sm, data) < 0)
return NULL;
+ if (data->state == PHASE2_START) {
+ /*
+ * Try to generate Phase 2 data to piggyback
+ * with the end of Phase 1 to avoid extra
+ * roundtrip.
+ */
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Try to start "
+ "Phase 2");
+ if (eap_fast_process_phase2_start(sm, data))
+ break;
+ req = eap_fast_build_phase2_req(sm, data, id);
+ piggyback = 1;
+ }
}
break;
case PHASE2_ID:
@@ -856,18 +910,9 @@
return NULL;
}
- if (req) {
- wpa_hexdump_buf_key(MSG_DEBUG, "EAP-FAST: Encrypting Phase 2 "
- "TLVs", req);
- encr = eap_server_tls_encrypt(sm, &data->ssl,
- wpabuf_mhead(req),
- wpabuf_len(req));
- wpabuf_free(req);
-
- wpabuf_free(data->ssl.out_buf);
- data->ssl.out_used = 0;
- data->ssl.out_buf = encr;
- }
+ if (req &&
+ eap_fast_encrypt_phase2(sm, data, req, piggyback) < 0)
+ return NULL;
return eap_server_tls_build_msg(&data->ssl, EAP_TYPE_FAST,
data->fast_version, id);
@@ -1443,8 +1488,8 @@
}
-static void eap_fast_process_phase2_start(struct eap_sm *sm,
- struct eap_fast_data *data)
+static int eap_fast_process_phase2_start(struct eap_sm *sm,
+ struct eap_fast_data *data)
{
u8 next_type;
@@ -1474,7 +1519,7 @@
next_type = EAP_TYPE_IDENTITY;
}
- eap_fast_phase2_init(sm, data, next_type);
+ return eap_fast_phase2_init(sm, data, next_type);
}
Modified: wpasupplicant/trunk/src/eap_server/eap_tls_common.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_server/eap_tls_common.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_server/eap_tls_common.c (original)
+++ wpasupplicant/trunk/src/eap_server/eap_tls_common.c Fri Jan 29 13:29:50 2010
@@ -344,7 +344,7 @@
size_t buf_len;
/* reserve some extra room for encryption overhead */
- buf_len = plain_len + 200;
+ buf_len = plain_len + 300;
buf = wpabuf_alloc(buf_len);
if (buf == NULL)
return NULL;
Modified: wpasupplicant/trunk/src/eapol_supp/eapol_supp_sm.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eapol_supp/eapol_supp_sm.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eapol_supp/eapol_supp_sm.c (original)
+++ wpasupplicant/trunk/src/eapol_supp/eapol_supp_sm.c Fri Jan 29 13:29:50 2010
@@ -742,8 +742,8 @@
os_memcpy(ekey + IEEE8021X_KEY_IV_LEN, keydata.encr_key,
encr_key_len);
os_memcpy(datakey, key + 1, key_len);
- rc4(datakey, key_len, ekey,
- IEEE8021X_KEY_IV_LEN + encr_key_len);
+ rc4_skip(ekey, IEEE8021X_KEY_IV_LEN + encr_key_len, 0,
+ datakey, key_len);
wpa_hexdump_key(MSG_DEBUG, "EAPOL: Decrypted(RC4) key",
datakey, key_len);
} else if (key_len == 0) {
Modified: wpasupplicant/trunk/src/hlr_auc_gw/hlr_auc_gw.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/hlr_auc_gw/hlr_auc_gw.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/hlr_auc_gw/hlr_auc_gw.c (original)
+++ wpasupplicant/trunk/src/hlr_auc_gw/hlr_auc_gw.c Fri Jan 29 13:29:50 2010
@@ -532,7 +532,7 @@
static void aka_auts(int s, struct sockaddr_un *from, socklen_t fromlen,
char *imsi)
{
- char *auts, *rand;
+ char *auts, *__rand;
u8 _auts[EAP_AKA_AUTS_LEN], _rand[EAP_AKA_RAND_LEN], sqn[6];
struct milenage_parameters *m;
@@ -543,14 +543,14 @@
return;
*auts++ = '\0';
- rand = strchr(auts, ' ');
- if (rand == NULL)
+ __rand = strchr(auts, ' ');
+ if (__rand == NULL)
return;
- *rand++ = '\0';
-
- printf("AKA-AUTS: IMSI=%s AUTS=%s RAND=%s\n", imsi, auts, rand);
+ *__rand++ = '\0';
+
+ printf("AKA-AUTS: IMSI=%s AUTS=%s RAND=%s\n", imsi, auts, __rand);
if (hexstr2bin(auts, _auts, EAP_AKA_AUTS_LEN) ||
- hexstr2bin(rand, _rand, EAP_AKA_RAND_LEN)) {
+ hexstr2bin(__rand, _rand, EAP_AKA_RAND_LEN)) {
printf("Could not parse AUTS/RAND\n");
return;
}
Modified: wpasupplicant/trunk/src/l2_packet/l2_packet_linux.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/l2_packet/l2_packet_linux.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/l2_packet/l2_packet_linux.c (original)
+++ wpasupplicant/trunk/src/l2_packet/l2_packet_linux.c Fri Jan 29 13:29:50 2010
@@ -185,7 +185,7 @@
return -1;
}
close(s);
- saddr = (struct sockaddr_in *) &ifr.ifr_addr;
+ saddr = aliasing_hide_typecast(&ifr.ifr_addr, struct sockaddr_in);
if (saddr->sin_family != AF_INET)
return -1;
res = os_strlcpy(buf, inet_ntoa(saddr->sin_addr), len);
Modified: wpasupplicant/trunk/src/radius/radius_client.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/radius/radius_client.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/radius/radius_client.c (original)
+++ wpasupplicant/trunk/src/radius/radius_client.c Fri Jan 29 13:29:50 2010
@@ -917,6 +917,22 @@
}
+static int radius_client_disable_pmtu_discovery(int s)
+{
+ int r = -1;
+#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+ /* Turn off Path MTU discovery on IPv4/UDP sockets. */
+ int action = IP_PMTUDISC_DONT;
+ r = setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, &action,
+ sizeof(action));
+ if (r == -1)
+ wpa_printf(MSG_ERROR, "Failed to set IP_MTU_DISCOVER: "
+ "%s", strerror(errno));
+#endif
+ return r;
+}
+
+
static int radius_client_init_auth(struct radius_client_data *radius)
{
struct hostapd_radius_servers *conf = radius->conf;
@@ -925,8 +941,10 @@
radius->auth_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
if (radius->auth_serv_sock < 0)
perror("socket[PF_INET,SOCK_DGRAM]");
- else
+ else {
+ radius_client_disable_pmtu_discovery(radius->auth_serv_sock);
ok++;
+ }
#ifdef CONFIG_IPV6
radius->auth_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);
@@ -975,8 +993,10 @@
radius->acct_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
if (radius->acct_serv_sock < 0)
perror("socket[PF_INET,SOCK_DGRAM]");
- else
+ else {
+ radius_client_disable_pmtu_discovery(radius->acct_serv_sock);
ok++;
+ }
#ifdef CONFIG_IPV6
radius->acct_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);
@@ -1060,6 +1080,12 @@
eloop_unregister_read_sock(radius->auth_serv_sock);
if (radius->acct_serv_sock >= 0)
eloop_unregister_read_sock(radius->acct_serv_sock);
+#ifdef CONFIG_IPV6
+ if (radius->auth_serv_sock6 >= 0)
+ eloop_unregister_read_sock(radius->auth_serv_sock6);
+ if (radius->acct_serv_sock6 >= 0)
+ eloop_unregister_read_sock(radius->acct_serv_sock6);
+#endif /* CONFIG_IPV6 */
eloop_cancel_timeout(radius_retry_primary_timer, radius, NULL);
Modified: wpasupplicant/trunk/src/radius/radius_server.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/radius/radius_server.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/radius/radius_server.c (original)
+++ wpasupplicant/trunk/src/radius/radius_server.c Fri Jan 29 13:29:50 2010
@@ -117,7 +117,8 @@
static void radius_server_session_timeout(void *eloop_ctx, void *timeout_ctx);
-
+static void radius_server_session_remove_timeout(void *eloop_ctx,
+ void *timeout_ctx);
static struct radius_client *
@@ -179,6 +180,7 @@
struct radius_session *sess)
{
eloop_cancel_timeout(radius_server_session_timeout, data, sess);
+ eloop_cancel_timeout(radius_server_session_remove_timeout, data, sess);
eap_server_sm_deinit(sess->eap);
if (sess->last_msg) {
radius_msg_free(sess->last_msg);
@@ -193,9 +195,6 @@
data->num_sess--;
}
-
-static void radius_server_session_remove_timeout(void *eloop_ctx,
- void *timeout_ctx);
static void radius_server_session_remove(struct radius_server_data *data,
struct radius_session *sess)
@@ -493,6 +492,7 @@
unsigned int state;
struct radius_session *sess;
struct radius_msg *reply;
+ int is_complete = 0;
if (force_sess)
sess = force_sess;
@@ -603,6 +603,9 @@
return -1;
}
+ if (sess->eap_if->eapSuccess || sess->eap_if->eapFail)
+ is_complete = 1;
+
reply = radius_server_encapsulate_eap(data, client, sess, msg);
if (reply) {
@@ -644,7 +647,7 @@
client->counters.packets_dropped++;
}
- if (sess->eap_if->eapSuccess || sess->eap_if->eapFail) {
+ if (is_complete) {
RADIUS_DEBUG("Removing completed session 0x%x after timeout",
sess->sess_id);
eloop_cancel_timeout(radius_server_session_remove_timeout,
@@ -663,7 +666,13 @@
{
struct radius_server_data *data = eloop_ctx;
u8 *buf = NULL;
- struct sockaddr_storage from;
+ union {
+ struct sockaddr_storage ss;
+ struct sockaddr_in sin;
+#ifdef CONFIG_IPV6
+ struct sockaddr_in6 sin6;
+#endif /* CONFIG_IPV6 */
+ } from;
socklen_t fromlen;
int len;
struct radius_client *client = NULL;
@@ -678,7 +687,7 @@
fromlen = sizeof(from);
len = recvfrom(sock, buf, RADIUS_MAX_MSG_LEN, 0,
- (struct sockaddr *) &from, &fromlen);
+ (struct sockaddr *) &from.ss, &fromlen);
if (len < 0) {
perror("recvfrom[radius_server]");
goto fail;
@@ -686,28 +695,26 @@
#ifdef CONFIG_IPV6
if (data->ipv6) {
- struct sockaddr_in6 *from6 = (struct sockaddr_in6 *) &from;
- if (inet_ntop(AF_INET6, &from6->sin6_addr, abuf, sizeof(abuf))
- == NULL)
+ if (inet_ntop(AF_INET6, &from.sin6.sin6_addr, abuf,
+ sizeof(abuf)) == NULL)
abuf[0] = '\0';
- from_port = ntohs(from6->sin6_port);
+ from_port = ntohs(from.sin6.sin6_port);
RADIUS_DEBUG("Received %d bytes from %s:%d",
len, abuf, from_port);
client = radius_server_get_client(data,
(struct in_addr *)
- &from6->sin6_addr, 1);
+ &from.sin6.sin6_addr, 1);
}
#endif /* CONFIG_IPV6 */
if (!data->ipv6) {
- struct sockaddr_in *from4 = (struct sockaddr_in *) &from;
- os_strlcpy(abuf, inet_ntoa(from4->sin_addr), sizeof(abuf));
- from_port = ntohs(from4->sin_port);
+ os_strlcpy(abuf, inet_ntoa(from.sin.sin_addr), sizeof(abuf));
+ from_port = ntohs(from.sin.sin_port);
RADIUS_DEBUG("Received %d bytes from %s:%d",
len, abuf, from_port);
- client = radius_server_get_client(data, &from4->sin_addr, 0);
+ client = radius_server_get_client(data, &from.sin.sin_addr, 0);
}
RADIUS_DUMP("Received data", buf, len);
@@ -765,6 +772,22 @@
}
+static int radius_server_disable_pmtu_discovery(int s)
+{
+ int r = -1;
+#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+ /* Turn off Path MTU discovery on IPv4/UDP sockets. */
+ int action = IP_PMTUDISC_DONT;
+ r = setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, &action,
+ sizeof(action));
+ if (r == -1)
+ wpa_printf(MSG_ERROR, "Failed to set IP_MTU_DISCOVER: "
+ "%s", strerror(errno));
+#endif
+ return r;
+}
+
+
static int radius_server_open_socket(int port)
{
int s;
@@ -775,6 +798,8 @@
perror("socket");
return -1;
}
+
+ radius_server_disable_pmtu_discovery(s);
os_memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
Modified: wpasupplicant/trunk/src/rsn_supp/wpa.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/rsn_supp/wpa.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/rsn_supp/wpa.c (original)
+++ wpasupplicant/trunk/src/rsn_supp/wpa.c Fri Jan 29 13:29:50 2010
@@ -358,14 +358,15 @@
const struct wpa_eapol_key *key,
struct wpa_ptk *ptk)
{
+ size_t ptk_len = sm->pairwise_cipher == WPA_CIPHER_CCMP ? 48 : 64;
#ifdef CONFIG_IEEE80211R
if (wpa_key_mgmt_ft(sm->key_mgmt))
- return wpa_derive_ptk_ft(sm, src_addr, key, ptk);
+ return wpa_derive_ptk_ft(sm, src_addr, key, ptk, ptk_len);
#endif /* CONFIG_IEEE80211R */
wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
sm->own_addr, sm->bssid, sm->snonce, key->key_nonce,
- (u8 *) ptk, sizeof(*ptk),
+ (u8 *) ptk, ptk_len,
wpa_key_mgmt_sha256(sm->key_mgmt));
return 0;
}
@@ -407,13 +408,13 @@
#endif /* CONFIG_NO_WPA2 */
if (wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid))
- return;
+ goto failed;
if (sm->renew_snonce) {
if (os_get_random(sm->snonce, WPA_NONCE_LEN)) {
wpa_msg(sm->ctx->ctx, MSG_WARNING,
"WPA: Failed to get random data for SNonce");
- return;
+ goto failed;
}
sm->renew_snonce = 0;
wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
@@ -433,9 +434,13 @@
if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
sm->assoc_wpa_ie, sm->assoc_wpa_ie_len,
ptk))
- return;
+ goto failed;
os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
+ return;
+
+failed:
+ wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
}
@@ -537,7 +542,8 @@
if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
(u8 *) sm->ptk.tk1, keylen) < 0) {
wpa_printf(MSG_WARNING, "WPA: Failed to set PTK to the "
- "driver.");
+ "driver (alg=%d keylen=%d bssid=" MACSTR ")",
+ alg, keylen, MAC2STR(sm->bssid));
return -1;
}
@@ -647,7 +653,8 @@
gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
_gtk, gd->gtk_len) < 0) {
wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to "
- "the driver.");
+ "the driver (alg=%d keylen=%d keyidx=%d)",
+ gd->alg, gd->gtk_len, gd->keyidx);
return -1;
}
@@ -944,30 +951,30 @@
wpa_supplicant_parse_ies(pos, len, &ie);
if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data");
- return;
+ goto failed;
}
#ifdef CONFIG_IEEE80211W
if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
wpa_printf(MSG_WARNING, "WPA: IGTK KDE in unencrypted key "
"data");
- return;
+ goto failed;
}
if (ie.igtk && ie.igtk_len != sizeof(struct wpa_igtk_kde)) {
wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KDE length %lu",
(unsigned long) ie.igtk_len);
- return;
+ goto failed;
}
#endif /* CONFIG_IEEE80211W */
if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
- return;
+ goto failed;
if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
wpa_printf(MSG_WARNING, "WPA: ANonce from message 1 of 4-Way "
"Handshake differs from 3 of 4-Way Handshake - drop"
" packet (src=" MACSTR ")", MAC2STR(sm->bssid));
- return;
+ goto failed;
}
keylen = WPA_GET_BE16(key->key_length);
@@ -977,7 +984,7 @@
wpa_printf(MSG_WARNING, "WPA: Invalid CCMP key length "
"%d (src=" MACSTR ")",
keylen, MAC2STR(sm->bssid));
- return;
+ goto failed;
}
break;
case WPA_CIPHER_TKIP:
@@ -985,14 +992,15 @@
wpa_printf(MSG_WARNING, "WPA: Invalid TKIP key length "
"%d (src=" MACSTR ")",
keylen, MAC2STR(sm->bssid));
- return;
+ goto failed;
}
break;
}
if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
- NULL, 0, &sm->ptk))
- return;
+ NULL, 0, &sm->ptk)) {
+ goto failed;
+ }
/* SNonce was successfully used in msg 3/4, so mark it to be renewed
* for the next 4-Way Handshake. If msg 3 is received again, the old
@@ -1000,7 +1008,8 @@
sm->renew_snonce = 1;
if (key_info & WPA_KEY_INFO_INSTALL) {
- wpa_supplicant_install_ptk(sm, key);
+ if (wpa_supplicant_install_ptk(sm, key))
+ goto failed;
}
if (key_info & WPA_KEY_INFO_SECURE) {
@@ -1015,10 +1024,18 @@
wpa_supplicant_pairwise_gtk(sm, key,
ie.gtk, ie.gtk_len, key_info) < 0) {
wpa_printf(MSG_INFO, "RSN: Failed to configure GTK");
- }
-
- if (ieee80211w_set_keys(sm, &ie) < 0)
+ goto failed;
+ }
+
+ if (ieee80211w_set_keys(sm, &ie) < 0) {
wpa_printf(MSG_INFO, "RSN: Failed to configure IGTK");
+ goto failed;
+ }
+
+ return;
+
+failed:
+ wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
}
@@ -1209,11 +1226,11 @@
wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
if (ret)
- return;
+ goto failed;
if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
- return;
+ goto failed;
if (rekey) {
wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Group rekeying "
@@ -1226,6 +1243,10 @@
key_info &
WPA_KEY_INFO_SECURE);
}
+ return;
+
+failed:
+ wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
}
Modified: wpasupplicant/trunk/src/rsn_supp/wpa_ft.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/rsn_supp/wpa_ft.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/rsn_supp/wpa_ft.c (original)
+++ wpasupplicant/trunk/src/rsn_supp/wpa_ft.c Fri Jan 29 13:29:50 2010
@@ -25,7 +25,7 @@
int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
const struct wpa_eapol_key *key,
- struct wpa_ptk *ptk)
+ struct wpa_ptk *ptk, size_t ptk_len)
{
u8 pmk_r1_name[WPA_PMK_NAME_LEN];
u8 ptk_name[WPA_PMK_NAME_LEN];
@@ -50,8 +50,8 @@
wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN);
wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->snonce, anonce, sm->own_addr,
sm->bssid, pmk_r1_name,
- (u8 *) ptk, sizeof(*ptk), ptk_name);
- wpa_hexdump_key(MSG_DEBUG, "FT: PTK", (u8 *) ptk, sizeof(*ptk));
+ (u8 *) ptk, ptk_len, ptk_name);
+ wpa_hexdump_key(MSG_DEBUG, "FT: PTK", (u8 *) ptk, ptk_len);
wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN);
return 0;
@@ -455,7 +455,7 @@
int ft_action, const u8 *target_ap)
{
u8 *ft_ies;
- size_t ft_ies_len;
+ size_t ft_ies_len, ptk_len;
struct wpa_ft_ies parse;
struct rsn_mdie *mdie;
struct rsn_ftie *ftie;
@@ -545,11 +545,12 @@
sm->pmk_r1_name, WPA_PMK_NAME_LEN);
bssid = target_ap;
+ ptk_len = sm->pairwise_cipher == WPA_CIPHER_CCMP ? 48 : 64;
wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->snonce, ftie->anonce, sm->own_addr,
bssid, sm->pmk_r1_name,
- (u8 *) &sm->ptk, sizeof(sm->ptk), ptk_name);
+ (u8 *) &sm->ptk, ptk_len, ptk_name);
wpa_hexdump_key(MSG_DEBUG, "FT: PTK",
- (u8 *) &sm->ptk, sizeof(sm->ptk));
+ (u8 *) &sm->ptk, ptk_len);
wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN);
ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, ftie->anonce,
Modified: wpasupplicant/trunk/src/rsn_supp/wpa_i.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/rsn_supp/wpa_i.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/rsn_supp/wpa_i.h (original)
+++ wpasupplicant/trunk/src/rsn_supp/wpa_i.h Fri Jan 29 13:29:50 2010
@@ -240,6 +240,6 @@
int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
const struct wpa_eapol_key *key,
- struct wpa_ptk *ptk);
+ struct wpa_ptk *ptk, size_t ptk_len);
#endif /* WPA_I_H */
Modified: wpasupplicant/trunk/src/tls/rsa.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/tls/rsa.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/tls/rsa.c (original)
+++ wpasupplicant/trunk/src/tls/rsa.c Fri Jan 29 13:29:50 2010
@@ -35,6 +35,7 @@
};
+#ifdef EAP_TLS_FUNCS
static const u8 * crypto_rsa_parse_integer(const u8 *pos, const u8 *end,
struct bignum *num)
{
@@ -223,6 +224,7 @@
crypto_rsa_free(key);
return NULL;
}
+#endif /* EAP_TLS_FUNCS */
/**
Modified: wpasupplicant/trunk/src/tls/tlsv1_client.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/tls/tlsv1_client.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/tls/tlsv1_client.c (original)
+++ wpasupplicant/trunk/src/tls/tlsv1_client.c Fri Jan 29 13:29:50 2010
@@ -627,7 +627,7 @@
* list and seem to require that the last entry in the list is
* the one that it wants to use. However, TLS specification
* requires the list to be in the client preference order. As a
- * workaround, ass anon-DH AES-128-SHA1 again at the end of the
+ * workaround, add anon-DH AES-128-SHA1 again at the end of the
* list to allow the Cisco code to find it.
*/
suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
Modified: wpasupplicant/trunk/src/tls/tlsv1_server_read.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/tls/tlsv1_server_read.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/tls/tlsv1_server_read.c (original)
+++ wpasupplicant/trunk/src/tls/tlsv1_server_read.c Fri Jan 29 13:29:50 2010
@@ -40,6 +40,7 @@
u16 cipher_suite;
u16 num_suites;
int compr_null_found;
+ u16 ext_type, ext_len;
if (ct != TLS_CONTENT_TYPE_HANDSHAKE) {
wpa_printf(MSG_DEBUG, "TLSv1: Expected Handshake; "
@@ -183,10 +184,7 @@
}
if (end - pos >= 2) {
- u16 ext_len;
-
/* Extension client_hello_extension_list<0..2^16-1> */
-
ext_len = WPA_GET_BE16(pos);
pos += 2;
@@ -195,7 +193,7 @@
if (end - pos != ext_len) {
wpa_printf(MSG_DEBUG, "TLSv1: Invalid ClientHello "
"extension list length %u (expected %u)",
- ext_len, end - pos);
+ ext_len, (unsigned int) (end - pos));
goto decode_error;
}
@@ -207,8 +205,6 @@
*/
while (pos < end) {
- u16 ext_type, ext_len;
-
if (end - pos < 2) {
wpa_printf(MSG_DEBUG, "TLSv1: Invalid "
"extension_type field");
@@ -520,7 +516,7 @@
out, &outlen) < 0) {
wpa_printf(MSG_DEBUG, "TLSv1: Failed to decrypt "
"PreMasterSecret (encr_len=%d outlen=%lu)",
- end - pos, (unsigned long) outlen);
+ (int) (end - pos), (unsigned long) outlen);
use_random = 1;
}
Modified: wpasupplicant/trunk/src/utils/base64.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/utils/base64.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/utils/base64.c (original)
+++ wpasupplicant/trunk/src/utils/base64.c Fri Jan 29 13:29:50 2010
@@ -43,6 +43,8 @@
olen = len * 4 / 3 + 4; /* 3-byte blocks to 4-byte */
olen += olen / 72; /* line feeds */
olen++; /* nul termination */
+ if (olen < len)
+ return NULL; /* integer overflow */
out = os_malloc(olen);
if (out == NULL)
return NULL;
Modified: wpasupplicant/trunk/src/utils/common.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/utils/common.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/utils/common.c (original)
+++ wpasupplicant/trunk/src/utils/common.c Fri Jan 29 13:29:50 2010
@@ -325,3 +325,9 @@
}
return ssid_txt;
}
+
+
+void * __hide_aliasing_typecast(void *foo)
+{
+ return foo;
+}
Modified: wpasupplicant/trunk/src/utils/common.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/utils/common.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/utils/common.h (original)
+++ wpasupplicant/trunk/src/utils/common.h Fri Jan 29 13:29:50 2010
@@ -22,17 +22,24 @@
#include <byteswap.h>
#endif /* __linux__ */
-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) || \
+ defined(__OpenBSD__)
#include <sys/types.h>
#include <sys/endian.h>
#define __BYTE_ORDER _BYTE_ORDER
#define __LITTLE_ENDIAN _LITTLE_ENDIAN
#define __BIG_ENDIAN _BIG_ENDIAN
+#ifdef __OpenBSD__
+#define bswap_16 swap16
+#define bswap_32 swap32
+#define bswap_64 swap64
+#else /* __OpenBSD__ */
#define bswap_16 bswap16
#define bswap_32 bswap32
#define bswap_64 bswap64
+#endif /* __OpenBSD__ */
#endif /* defined(__FreeBSD__) || defined(__NetBSD__) ||
- * defined(__DragonFly__) */
+ * defined(__DragonFly__) || defined(__OpenBSD__) */
#ifdef __APPLE__
#include <sys/types.h>
@@ -435,4 +442,17 @@
#include "wpa_debug.h"
+
+/*
+ * gcc 4.4 ends up generating strict-aliasing warnings about some very common
+ * networking socket uses that do not really result in a real problem and
+ * cannot be easily avoided with union-based type-punning due to struct
+ * definitions including another struct in system header files. To avoid having
+ * to fully disable strict-aliasing warnings, provide a mechanism to hide the
+ * typecast from aliasing for now. A cleaner solution will hopefully be found
+ * in the future to handle these cases.
+ */
+void * __hide_aliasing_typecast(void *foo);
+#define aliasing_hide_typecast(a,t) (t *) __hide_aliasing_typecast((a))
+
#endif /* COMMON_H */
Modified: wpasupplicant/trunk/src/utils/os_unix.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/utils/os_unix.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/utils/os_unix.c (original)
+++ wpasupplicant/trunk/src/utils/os_unix.c Fri Jan 29 13:29:50 2010
@@ -227,7 +227,8 @@
int os_unsetenv(const char *name)
{
-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__APPLE__)
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__APPLE__) || \
+ defined(__OpenBSD__)
unsetenv(name);
return 0;
#else
Modified: wpasupplicant/trunk/src/utils/wpa_debug.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/utils/wpa_debug.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/utils/wpa_debug.c (original)
+++ wpasupplicant/trunk/src/utils/wpa_debug.c Fri Jan 29 13:29:50 2010
@@ -56,7 +56,7 @@
*
* Note: New line '\n' is added to the end of the text when printing to stdout.
*/
-void wpa_printf(int level, char *fmt, ...)
+void wpa_printf(int level, const char *fmt, ...)
{
va_list ap;
@@ -267,7 +267,7 @@
}
-void wpa_msg(void *ctx, int level, char *fmt, ...)
+void wpa_msg(void *ctx, int level, const char *fmt, ...)
{
va_list ap;
char *buf;
@@ -286,6 +286,30 @@
wpa_printf(level, "%s", buf);
if (wpa_msg_cb)
wpa_msg_cb(ctx, level, buf, len);
+ os_free(buf);
+}
+
+
+void wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
+{
+ va_list ap;
+ char *buf;
+ const int buflen = 2048;
+ int len;
+
+ if (!wpa_msg_cb)
+ return;
+
+ buf = os_malloc(buflen);
+ if (buf == NULL) {
+ wpa_printf(MSG_ERROR, "wpa_msg_ctrl: Failed to allocate "
+ "message buffer");
+ return;
+ }
+ va_start(ap, fmt);
+ len = vsnprintf(buf, buflen, fmt, ap);
+ va_end(ap);
+ wpa_msg_cb(ctx, level, buf, len);
os_free(buf);
}
#endif /* CONFIG_NO_WPA_MSG */
Modified: wpasupplicant/trunk/src/utils/wpa_debug.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/utils/wpa_debug.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/utils/wpa_debug.h (original)
+++ wpasupplicant/trunk/src/utils/wpa_debug.h Fri Jan 29 13:29:50 2010
@@ -60,7 +60,7 @@
*
* Note: New line '\n' is added to the end of the text when printing to stdout.
*/
-void wpa_printf(int level, char *fmt, ...)
+void wpa_printf(int level, const char *fmt, ...)
PRINTF_FORMAT(2, 3);
/**
@@ -141,6 +141,7 @@
#ifdef CONFIG_NO_WPA_MSG
#define wpa_msg(args...) do { } while (0)
+#define wpa_msg_ctrl(args...) do { } while (0)
#define wpa_msg_register_cb(f) do { } while (0)
#else /* CONFIG_NO_WPA_MSG */
/**
@@ -157,7 +158,22 @@
*
* Note: New line '\n' is added to the end of the text when printing to stdout.
*/
-void wpa_msg(void *ctx, int level, char *fmt, ...) PRINTF_FORMAT(3, 4);
+void wpa_msg(void *ctx, int level, const char *fmt, ...) PRINTF_FORMAT(3, 4);
+
+/**
+ * wpa_msg_ctrl - Conditional printf for ctrl_iface monitors
+ * @ctx: Pointer to context data; this is the ctx variable registered
+ * with struct wpa_driver_ops::init()
+ * @level: priority level (MSG_*) of the message
+ * @fmt: printf format string, followed by optional arguments
+ *
+ * This function is used to print conditional debugging and error messages.
+ * This function is like wpa_msg(), but it sends the output only to the
+ * attached ctrl_iface monitors. In other words, it can be used for frequent
+ * events that do not need to be sent to syslog.
+ */
+void wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
+PRINTF_FORMAT(3, 4);
typedef void (*wpa_msg_cb_func)(void *ctx, int level, const char *txt,
size_t len);
Modified: wpasupplicant/trunk/src/utils/wpabuf.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/utils/wpabuf.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/utils/wpabuf.c (original)
+++ wpasupplicant/trunk/src/utils/wpabuf.c Fri Jan 29 13:29:50 2010
@@ -29,6 +29,10 @@
int wpabuf_resize(struct wpabuf **_buf, size_t add_len)
{
struct wpabuf *buf = *_buf;
+ if (buf == NULL) {
+ *_buf = wpabuf_alloc(add_len);
+ return *_buf == NULL ? -1 : 0;
+ }
if (buf->used + add_len > buf->size) {
unsigned char *nbuf;
if (buf->ext_data) {
Modified: wpasupplicant/trunk/src/wps/httpread.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/httpread.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/httpread.c (original)
+++ wpasupplicant/trunk/src/wps/httpread.c Fri Jan 29 13:29:50 2010
@@ -206,7 +206,8 @@
h->got_content_length = 1;
return 0;
}
- if (word_eq(hbp, "TRANSFER_ENCODING:")) {
+ if (word_eq(hbp, "TRANSFER_ENCODING:") ||
+ word_eq(hbp, "TRANSFER-ENCODING:")) {
while (isgraph(*hbp))
hbp++;
while (*hbp == ' ' || *hbp == '\t')
@@ -214,7 +215,7 @@
/* There should (?) be no encodings of interest
* other than chunked...
*/
- if (os_strncmp(hbp, "CHUNKED", 7)) {
+ if (word_eq(hbp, "CHUNKED")) {
h->chunked = 1;
h->in_chunk_data = 0;
/* ignore possible ;<parameters> */
@@ -513,6 +514,8 @@
* consists of chunks each with a header, ending with
* an ending header.
*/
+ if (nread == 0)
+ goto get_more;
if (!h->got_body) {
/* Here to get (more of) body */
/* ensure we have enough room for worst case for body
Modified: wpasupplicant/trunk/src/wps/wps.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps.h (original)
+++ wpasupplicant/trunk/src/wps/wps.h Fri Jan 29 13:29:50 2010
@@ -42,7 +42,7 @@
* @key_idx: Key index
* @key: Key
* @key_len: Key length in octets
- * @mac_addr: MAC address of the peer
+ * @mac_addr: MAC address of the Credential receiver
* @cred_attr: Unparsed Credential attribute data (used only in cred_cb());
* this may be %NULL, if not used
* @cred_attr_len: Length of cred_attr in octets
@@ -296,7 +296,17 @@
/**
* WPS_EV_PWD_AUTH_FAIL - Password authentication failed
*/
- WPS_EV_PWD_AUTH_FAIL
+ WPS_EV_PWD_AUTH_FAIL,
+
+ /**
+ * WPS_EV_PBC_OVERLAP - PBC session overlap detected
+ */
+ WPS_EV_PBC_OVERLAP,
+
+ /**
+ * WPS_EV_PBC_TIMEOUT - PBC walktime expired before protocol run start
+ */
+ WPS_EV_PBC_TIMEOUT
};
/**
@@ -505,7 +515,7 @@
const struct wps_registrar_config *cfg);
void wps_registrar_deinit(struct wps_registrar *reg);
int wps_registrar_add_pin(struct wps_registrar *reg, const u8 *uuid,
- const u8 *pin, size_t pin_len);
+ const u8 *pin, size_t pin_len, int timeout);
int wps_registrar_invalidate_pin(struct wps_registrar *reg, const u8 *uuid);
int wps_registrar_unlock_pin(struct wps_registrar *reg, const u8 *uuid);
int wps_registrar_button_pushed(struct wps_registrar *reg);
Modified: wpasupplicant/trunk/src/wps/wps_attr_parse.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps_attr_parse.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps_attr_parse.c (original)
+++ wpasupplicant/trunk/src/wps/wps_attr_parse.c Fri Jan 29 13:29:50 2010
@@ -381,6 +381,14 @@
attr->eap_identity = pos;
attr->eap_identity_len = len;
break;
+ case ATTR_AP_SETUP_LOCKED:
+ if (len != 1) {
+ wpa_printf(MSG_DEBUG, "WPS: Invalid AP Setup Locked "
+ "length %u", len);
+ return -1;
+ }
+ attr->ap_setup_locked = pos;
+ break;
default:
wpa_printf(MSG_DEBUG, "WPS: Unsupported attribute type 0x%x "
"len=%u", type, len);
Modified: wpasupplicant/trunk/src/wps/wps_common.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps_common.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps_common.c (original)
+++ wpasupplicant/trunk/src/wps/wps_common.c Fri Jan 29 13:29:50 2010
@@ -128,56 +128,6 @@
}
-int wps_derive_mgmt_keys(struct wps_data *wps)
-{
- u8 nonces[2 * WPS_NONCE_LEN];
- u8 keys[WPS_MGMTAUTHKEY_LEN + WPS_MGMTENCKEY_LEN];
- u8 hash[SHA256_MAC_LEN];
- const u8 *addr[2];
- size_t len[2];
- const char *auth_label = "WFA-WLAN-Management-MgmtAuthKey";
- const char *enc_label = "WFA-WLAN-Management-MgmtEncKey";
-
- /* MgmtAuthKey || MgmtEncKey =
- * kdf(EMSK, N1 || N2 || "WFA-WLAN-Management-Keys", 384) */
- os_memcpy(nonces, wps->nonce_e, WPS_NONCE_LEN);
- os_memcpy(nonces + WPS_NONCE_LEN, wps->nonce_r, WPS_NONCE_LEN);
- wps_kdf(wps->emsk, nonces, sizeof(nonces), "WFA-WLAN-Management-Keys",
- keys, sizeof(keys));
- os_memcpy(wps->mgmt_auth_key, keys, WPS_MGMTAUTHKEY_LEN);
- os_memcpy(wps->mgmt_enc_key, keys + WPS_MGMTAUTHKEY_LEN,
- WPS_MGMTENCKEY_LEN);
-
- addr[0] = nonces;
- len[0] = sizeof(nonces);
-
- /* MgmtEncKeyID = first 128 bits of
- * SHA-256(N1 || N2 || "WFA-WLAN-Management-MgmtAuthKey") */
- addr[1] = (const u8 *) auth_label;
- len[1] = os_strlen(auth_label);
- sha256_vector(2, addr, len, hash);
- os_memcpy(wps->mgmt_auth_key_id, hash, WPS_MGMT_KEY_ID_LEN);
-
- /* MgmtEncKeyID = first 128 bits of
- * SHA-256(N1 || N2 || "WFA-WLAN-Management-MgmtEncKey") */
- addr[1] = (const u8 *) enc_label;
- len[1] = os_strlen(enc_label);
- sha256_vector(2, addr, len, hash);
- os_memcpy(wps->mgmt_enc_key_id, hash, WPS_MGMT_KEY_ID_LEN);
-
- wpa_hexdump_key(MSG_DEBUG, "WPS: MgmtAuthKey",
- wps->mgmt_auth_key, WPS_MGMTAUTHKEY_LEN);
- wpa_hexdump(MSG_DEBUG, "WPS: MgmtAuthKeyID",
- wps->mgmt_auth_key_id, WPS_MGMT_KEY_ID_LEN);
- wpa_hexdump_key(MSG_DEBUG, "WPS: MgmtEncKey",
- wps->mgmt_enc_key, WPS_MGMTENCKEY_LEN);
- wpa_hexdump(MSG_DEBUG, "WPS: MgmtEncKeyID",
- wps->mgmt_enc_key_id, WPS_MGMT_KEY_ID_LEN);
-
- return 0;
-}
-
-
void wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
size_t dev_passwd_len)
{
@@ -335,3 +285,21 @@
data.pwd_auth_fail.part = part;
wps->event_cb(wps->cb_ctx, WPS_EV_PWD_AUTH_FAIL, &data);
}
+
+
+void wps_pbc_overlap_event(struct wps_context *wps)
+{
+ if (wps->event_cb == NULL)
+ return;
+
+ wps->event_cb(wps->cb_ctx, WPS_EV_PBC_OVERLAP, NULL);
+}
+
+
+void wps_pbc_timeout_event(struct wps_context *wps)
+{
+ if (wps->event_cb == NULL)
+ return;
+
+ wps->event_cb(wps->cb_ctx, WPS_EV_PBC_TIMEOUT, NULL);
+}
Modified: wpasupplicant/trunk/src/wps/wps_enrollee.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps_enrollee.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps_enrollee.c (original)
+++ wpasupplicant/trunk/src/wps/wps_enrollee.c Fri Jan 29 13:29:50 2010
@@ -521,10 +521,6 @@
if (wps_derive_keys(wps) < 0)
return -1;
- if (wps->request_type == WPS_REQ_WLAN_MANAGER_REGISTRAR &&
- wps_derive_mgmt_keys(wps) < 0)
- return -1;
-
return 0;
}
@@ -650,6 +646,21 @@
wps_process_cred(&attr, &wps->cred))
return -1;
+ if (os_memcmp(wps->cred.mac_addr, wps->wps->dev.mac_addr, ETH_ALEN) !=
+ 0) {
+ wpa_printf(MSG_DEBUG, "WPS: MAC Address in the Credential ("
+ MACSTR ") does not match with own address (" MACSTR
+ ")", MAC2STR(wps->cred.mac_addr),
+ MAC2STR(wps->wps->dev.mac_addr));
+ /*
+ * In theory, this could be consider fatal error, but there are
+ * number of deployed implementations using other address here
+ * due to unclarity in the specification. For interoperability
+ * reasons, allow this to be processed since we do not really
+ * use the MAC Address information for anything.
+ */
+ }
+
if (wps->wps->cred_cb) {
wps->cred.cred_attr = cred - 4;
wps->cred.cred_attr_len = cred_len + 4;
@@ -699,6 +710,21 @@
wpa_printf(MSG_INFO, "WPS: Received new AP configuration from "
"Registrar");
+
+ if (os_memcmp(cred.mac_addr, wps->wps->dev.mac_addr, ETH_ALEN) !=
+ 0) {
+ wpa_printf(MSG_DEBUG, "WPS: MAC Address in the AP Settings ("
+ MACSTR ") does not match with own address (" MACSTR
+ ")", MAC2STR(cred.mac_addr),
+ MAC2STR(wps->wps->dev.mac_addr));
+ /*
+ * In theory, this could be consider fatal error, but there are
+ * number of deployed implementations using other address here
+ * due to unclarity in the specification. For interoperability
+ * reasons, allow this to be processed since we do not really
+ * use the MAC Address information for anything.
+ */
+ }
if (wps->wps->cred_cb) {
cred.cred_attr = wpabuf_head(attrs);
@@ -1159,6 +1185,17 @@
"op_code=%d)",
(unsigned long) wpabuf_len(msg), op_code);
+ if (op_code == WSC_UPnP) {
+ /* Determine the OpCode based on message type attribute */
+ struct wps_parse_attr attr;
+ if (wps_parse_msg(msg, &attr) == 0 && attr.msg_type) {
+ if (*attr.msg_type == WPS_WSC_ACK)
+ op_code = WSC_ACK;
+ else if (*attr.msg_type == WPS_WSC_NACK)
+ op_code = WSC_NACK;
+ }
+ }
+
switch (op_code) {
case WSC_MSG:
case WSC_UPnP:
Modified: wpasupplicant/trunk/src/wps/wps_i.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps_i.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps_i.h (original)
+++ wpasupplicant/trunk/src/wps/wps_i.h Fri Jan 29 13:29:50 2010
@@ -62,10 +62,6 @@
u8 authkey[WPS_AUTHKEY_LEN];
u8 keywrapkey[WPS_KEYWRAPKEY_LEN];
u8 emsk[WPS_EMSK_LEN];
- u8 mgmt_auth_key[WPS_MGMTAUTHKEY_LEN];
- u8 mgmt_auth_key_id[WPS_MGMT_KEY_ID_LEN];
- u8 mgmt_enc_key[WPS_MGMTENCKEY_LEN];
- u8 mgmt_enc_key_id[WPS_MGMT_KEY_ID_LEN];
struct wpabuf *last_msg;
@@ -146,6 +142,7 @@
const u8 *selected_registrar; /* 1 octet (Bool) */
const u8 *request_type; /* 1 octet */
const u8 *response_type; /* 1 octet */
+ const u8 *ap_setup_locked; /* 1 octet */
/* variable length fields */
const u8 *manufacturer;
@@ -182,7 +179,6 @@
void wps_kdf(const u8 *key, const u8 *label_prefix, size_t label_prefix_len,
const char *label, u8 *res, size_t res_len);
int wps_derive_keys(struct wps_data *wps);
-int wps_derive_mgmt_keys(struct wps_data *wps);
void wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
size_t dev_passwd_len);
struct wpabuf * wps_decrypt_encr_settings(struct wps_data *wps, const u8 *encr,
@@ -190,6 +186,8 @@
void wps_fail_event(struct wps_context *wps, enum wps_msg_type msg);
void wps_success_event(struct wps_context *wps);
void wps_pwd_auth_fail_event(struct wps_context *wps, int enrollee, int part);
+void wps_pbc_overlap_event(struct wps_context *wps);
+void wps_pbc_timeout_event(struct wps_context *wps);
/* wps_attr_parse.c */
int wps_parse_msg(const struct wpabuf *msg, struct wps_parse_attr *attr);
Modified: wpasupplicant/trunk/src/wps/wps_registrar.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps_registrar.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps_registrar.c (original)
+++ wpasupplicant/trunk/src/wps/wps_registrar.c Fri Jan 29 13:29:50 2010
@@ -23,6 +23,7 @@
#include "wps_dev_attr.h"
#include "wps_upnp.h"
+#define WPS_WORKAROUNDS
struct wps_uuid_pin {
struct wps_uuid_pin *next;
@@ -30,7 +31,10 @@
int wildcard_uuid;
u8 *pin;
size_t pin_len;
- int locked;
+#define PIN_LOCKED BIT(0)
+#define PIN_EXPIRES BIT(1)
+ int flags;
+ struct os_time expiration;
};
@@ -99,6 +103,8 @@
int sel_reg_dev_password_id_override;
int sel_reg_config_methods_override;
int static_wep_only;
+
+ int force_pbc_overlap;
};
@@ -411,10 +417,11 @@
* @uuid: UUID-E or %NULL for wildcard (any UUID)
* @pin: PIN (Device Password)
* @pin_len: Length of pin in octets
+ * @timeout: Time (in seconds) when the PIN will be invalidated; 0 = no timeout
* Returns: 0 on success, -1 on failure
*/
int wps_registrar_add_pin(struct wps_registrar *reg, const u8 *uuid,
- const u8 *pin, size_t pin_len)
+ const u8 *pin, size_t pin_len, int timeout)
{
struct wps_uuid_pin *p;
@@ -433,17 +440,56 @@
os_memcpy(p->pin, pin, pin_len);
p->pin_len = pin_len;
+ if (timeout) {
+ p->flags |= PIN_EXPIRES;
+ os_get_time(&p->expiration);
+ p->expiration.sec += timeout;
+ }
+
p->next = reg->pins;
reg->pins = p;
- wpa_printf(MSG_DEBUG, "WPS: A new PIN configured");
+ wpa_printf(MSG_DEBUG, "WPS: A new PIN configured (timeout=%d)",
+ timeout);
wpa_hexdump(MSG_DEBUG, "WPS: UUID", uuid, WPS_UUID_LEN);
wpa_hexdump_ascii_key(MSG_DEBUG, "WPS: PIN", pin, pin_len);
reg->selected_registrar = 1;
reg->pbc = 0;
wps_set_ie(reg);
-
- return 0;
+ eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
+ eloop_register_timeout(WPS_PBC_WALK_TIME, 0,
+ wps_registrar_set_selected_timeout,
+ reg, NULL);
+
+ return 0;
+}
+
+
+static void wps_registrar_expire_pins(struct wps_registrar *reg)
+{
+ struct wps_uuid_pin *pin, *prev, *del;
+ struct os_time now;
+
+ os_get_time(&now);
+ prev = NULL;
+ pin = reg->pins;
+ while (pin) {
+ if ((pin->flags & PIN_EXPIRES) &&
+ os_time_before(&pin->expiration, &now)) {
+ if (prev == NULL)
+ reg->pins = pin->next;
+ else
+ prev->next = pin->next;
+ del = pin;
+ pin = pin->next;
+ wpa_hexdump(MSG_DEBUG, "WPS: Expired PIN for UUID",
+ del->uuid, WPS_UUID_LEN);
+ wps_free_pin(del);
+ continue;
+ }
+ prev = pin;
+ pin = pin->next;
+ }
}
@@ -483,6 +529,8 @@
{
struct wps_uuid_pin *pin;
+ wps_registrar_expire_pins(reg);
+
pin = reg->pins;
while (pin) {
if (!pin->wildcard_uuid &&
@@ -514,13 +562,13 @@
* Lock the PIN to avoid attacks based on concurrent re-use of the PIN
* that could otherwise avoid PIN invalidations.
*/
- if (pin->locked) {
+ if (pin->flags & PIN_LOCKED) {
wpa_printf(MSG_DEBUG, "WPS: Selected PIN locked - do not "
"allow concurrent re-use");
return NULL;
}
*pin_len = pin->pin_len;
- pin->locked = 1;
+ pin->flags |= PIN_LOCKED;
return pin->pin;
}
@@ -547,7 +595,7 @@
"wildcard PIN");
return wps_registrar_invalidate_pin(reg, uuid);
}
- pin->locked = 0;
+ pin->flags &= ~PIN_LOCKED;
return 0;
}
pin = pin->next;
@@ -570,6 +618,7 @@
struct wps_registrar *reg = eloop_ctx;
wpa_printf(MSG_DEBUG, "WPS: PBC timed out - disable PBC mode");
+ wps_pbc_timeout_event(reg->wps);
wps_registrar_stop_pbc(reg);
}
@@ -588,9 +637,11 @@
if (wps_registrar_pbc_overlap(reg, NULL, NULL)) {
wpa_printf(MSG_DEBUG, "WPS: PBC overlap - do not start PBC "
"mode");
+ wps_pbc_overlap_event(reg->wps);
return -1;
}
wpa_printf(MSG_DEBUG, "WPS: Button pushed - PBC mode started");
+ reg->force_pbc_overlap = 0;
reg->selected_registrar = 1;
reg->pbc = 1;
wps_set_ie(reg);
@@ -607,6 +658,14 @@
wpa_printf(MSG_DEBUG, "WPS: PBC completed - stopping PBC mode");
eloop_cancel_timeout(wps_registrar_pbc_timeout, reg, NULL);
wps_registrar_stop_pbc(reg);
+}
+
+static void wps_registrar_pin_completed(struct wps_registrar *reg)
+{
+ wpa_printf(MSG_DEBUG, "WPS: PIN completed using internal Registrar");
+ eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
+ reg->selected_registrar = 0;
+ wps_set_ie(reg);
}
@@ -650,8 +709,18 @@
wpa_printf(MSG_DEBUG, "WPS: Probe Request for PBC received from "
MACSTR, MAC2STR(addr));
+ if (attr.uuid_e == NULL) {
+ wpa_printf(MSG_DEBUG, "WPS: Invalid Probe Request WPS IE: No "
+ "UUID-E included");
+ return;
+ }
wps_registrar_add_pbc_session(reg, addr, attr.uuid_e);
+ if (wps_registrar_pbc_overlap(reg, addr, attr.uuid_e)) {
+ wpa_printf(MSG_DEBUG, "WPS: PBC session overlap detected");
+ reg->force_pbc_overlap = 1;
+ wps_pbc_overlap_event(reg->wps);
+ }
}
@@ -1057,8 +1126,10 @@
}
}
wps->cred.encr_type = wps->encr_type;
- /* Set MAC address in the Credential to be the AP's address (BSSID) */
- os_memcpy(wps->cred.mac_addr, wps->wps->dev.mac_addr, ETH_ALEN);
+ /*
+ * Set MAC address in the Credential to be the Enrollee's MAC address
+ */
+ os_memcpy(wps->cred.mac_addr, wps->mac_addr_e, ETH_ALEN);
if (wps->wps->wps_state == WPS_STATE_NOT_CONFIGURED && wps->wps->ap &&
!wps->wps->registrar->disable_auto_conf) {
@@ -1183,14 +1254,15 @@
static struct wpabuf * wps_build_m2d(struct wps_data *wps)
{
struct wpabuf *msg;
- u16 err = WPS_CFG_NO_ERROR;
+ u16 err = wps->config_error;
wpa_printf(MSG_DEBUG, "WPS: Building Message M2D");
msg = wpabuf_alloc(1000);
if (msg == NULL)
return NULL;
- if (wps->wps->ap && wps->wps->ap_setup_locked)
+ if (wps->wps->ap && wps->wps->ap_setup_locked &&
+ err == WPS_CFG_NO_ERROR)
err = WPS_CFG_SETUP_LOCKED;
if (wps_build_version(msg) ||
@@ -1392,8 +1464,18 @@
else
wps->wps->upnp_msgs = NULL;
msg = p->msg;
+ switch (p->type) {
+ case WPS_WSC_ACK:
+ *op_code = WSC_ACK;
+ break;
+ case WPS_WSC_NACK:
+ *op_code = WSC_NACK;
+ break;
+ default:
+ *op_code = WSC_MSG;
+ break;
+ }
os_free(p);
- *op_code = WSC_MSG;
if (wps->ext_reg == 0)
wps->ext_reg = 1;
return msg;
@@ -1678,7 +1760,21 @@
wpa_printf(MSG_DEBUG, "WPS: No match in supported "
"authentication types (own 0x%x Enrollee 0x%x)",
wps->wps->auth_types, auth_types);
- return -1;
+#ifdef WPS_WORKAROUNDS
+ /*
+ * Some deployed implementations seem to advertise incorrect
+ * information in this attribute. For example, Linksys WRT350N
+ * seems to have a byteorder bug that breaks this negotiation.
+ * In order to interoperate with existing implementations,
+ * assume that the Enrollee supports everything we do.
+ */
+ wpa_printf(MSG_DEBUG, "WPS: Workaround - assume Enrollee "
+ "does not advertise supported authentication types "
+ "correctly");
+ wps->auth_type = wps->wps->auth_types;
+#else /* WPS_WORKAROUNDS */
+ return -1;
+#endif /* WPS_WORKAROUNDS */
}
return 0;
@@ -1702,8 +1798,23 @@
wps->encr_type = wps->wps->encr_types & encr_types;
if (wps->encr_type == 0) {
wpa_printf(MSG_DEBUG, "WPS: No match in supported "
- "encryption types");
- return -1;
+ "encryption types (own 0x%x Enrollee 0x%x)",
+ wps->wps->encr_types, encr_types);
+#ifdef WPS_WORKAROUNDS
+ /*
+ * Some deployed implementations seem to advertise incorrect
+ * information in this attribute. For example, Linksys WRT350N
+ * seems to have a byteorder bug that breaks this negotiation.
+ * In order to interoperate with existing implementations,
+ * assume that the Enrollee supports everything we do.
+ */
+ wpa_printf(MSG_DEBUG, "WPS: Workaround - assume Enrollee "
+ "does not advertise supported encryption types "
+ "correctly");
+ wps->encr_type = wps->wps->encr_types;
+#else /* WPS_WORKAROUNDS */
+ return -1;
+#endif /* WPS_WORKAROUNDS */
}
return 0;
@@ -1830,11 +1941,15 @@
}
if (wps->dev_pw_id == DEV_PW_PUSHBUTTON) {
- if (wps_registrar_pbc_overlap(wps->wps->registrar,
+ if (wps->wps->registrar->force_pbc_overlap ||
+ wps_registrar_pbc_overlap(wps->wps->registrar,
wps->mac_addr_e, wps->uuid_e)) {
wpa_printf(MSG_DEBUG, "WPS: PBC overlap - deny PBC "
"negotiation");
wps->state = SEND_M2D;
+ wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
+ wps_pbc_overlap_event(wps->wps);
+ wps->wps->registrar->force_pbc_overlap = 1;
return WPS_CONTINUE;
}
wps_registrar_add_pbc_session(wps->wps->registrar,
@@ -1857,6 +1972,14 @@
wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
"receiving M3", wps->state);
wps->state = SEND_WSC_NACK;
+ return WPS_CONTINUE;
+ }
+
+ if (wps->pbc && wps->wps->registrar->force_pbc_overlap) {
+ wpa_printf(MSG_DEBUG, "WPS: Reject negotiation due to PBC "
+ "session overlap");
+ wps->state = SEND_WSC_NACK;
+ wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
return WPS_CONTINUE;
}
@@ -1886,6 +2009,14 @@
wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
"receiving M5", wps->state);
wps->state = SEND_WSC_NACK;
+ return WPS_CONTINUE;
+ }
+
+ if (wps->pbc && wps->wps->registrar->force_pbc_overlap) {
+ wpa_printf(MSG_DEBUG, "WPS: Reject negotiation due to PBC "
+ "session overlap");
+ wps->state = SEND_WSC_NACK;
+ wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
return WPS_CONTINUE;
}
@@ -1920,6 +2051,28 @@
}
+static void wps_sta_cred_cb(struct wps_data *wps)
+{
+ /*
+ * Update credential to only include a single authentication and
+ * encryption type in case the AP configuration includes more than one
+ * option.
+ */
+ if (wps->cred.auth_type & WPS_AUTH_WPA2PSK)
+ wps->cred.auth_type = WPS_AUTH_WPA2PSK;
+ else if (wps->cred.auth_type & WPS_AUTH_WPAPSK)
+ wps->cred.auth_type = WPS_AUTH_WPAPSK;
+ if (wps->cred.encr_type & WPS_ENCR_AES)
+ wps->cred.encr_type = WPS_ENCR_AES;
+ else if (wps->cred.encr_type & WPS_ENCR_TKIP)
+ wps->cred.encr_type = WPS_ENCR_TKIP;
+ wpa_printf(MSG_DEBUG, "WPS: Update local configuration based on the "
+ "AP configuration");
+ if (wps->wps->cred_cb)
+ wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred);
+}
+
+
static int wps_process_ap_settings_r(struct wps_data *wps,
struct wps_parse_attr *attr)
{
@@ -1932,12 +2085,21 @@
wpa_printf(MSG_INFO, "WPS: Received old AP configuration from AP");
+#if 0
/*
* TODO: Provide access to AP settings and allow changes before sending
* out M8. For now, just copy the settings unchanged into M8.
*/
return 0;
+#else
+ /*
+ * For now, use the AP PIN only to receive the current AP settings,
+ * not to reconfigure the AP.
+ */
+ wps_sta_cred_cb(wps);
+ return 1;
+#endif
}
@@ -1954,6 +2116,14 @@
wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
"receiving M7", wps->state);
wps->state = SEND_WSC_NACK;
+ return WPS_CONTINUE;
+ }
+
+ if (wps->pbc && wps->wps->registrar->force_pbc_overlap) {
+ wpa_printf(MSG_DEBUG, "WPS: Reject negotiation due to PBC "
+ "session overlap");
+ wps->state = SEND_WSC_NACK;
+ wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
return WPS_CONTINUE;
}
@@ -2305,12 +2475,8 @@
wps->new_psk = NULL;
}
- if (!wps->wps->ap) {
- wpa_printf(MSG_DEBUG, "WPS: Update local configuration based "
- "on the modified AP configuration");
- if (wps->wps->cred_cb)
- wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred);
- }
+ if (!wps->wps->ap)
+ wps_sta_cred_cb(wps);
if (wps->new_psk) {
if (wps_cb_new_psk(wps->wps->registrar, wps->mac_addr_e,
@@ -2328,6 +2494,8 @@
wps_registrar_remove_pbc_session(wps->wps->registrar,
wps->mac_addr_e, wps->uuid_e);
wps_registrar_pbc_completed(wps->wps->registrar);
+ } else {
+ wps_registrar_pin_completed(wps->wps->registrar);
}
wps_success_event(wps->wps);
@@ -2357,7 +2525,8 @@
wps_registrar_free_pending_m2(wps->wps);
if (wps->wps->wps_upnp && wps->ext_reg &&
wps->wps->upnp_msgs == NULL &&
- (op_code == WSC_MSG || op_code == WSC_Done)) {
+ (op_code == WSC_MSG || op_code == WSC_Done || op_code == WSC_NACK))
+ {
struct wps_parse_attr attr;
int type;
if (wps_parse_msg(msg, &attr) < 0 || attr.msg_type == NULL)
Modified: wpasupplicant/trunk/src/wps/wps_upnp.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps_upnp.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps_upnp.c (original)
+++ wpasupplicant/trunk/src/wps/wps_upnp.c Fri Jan 29 13:29:50 2010
@@ -47,9 +47,6 @@
* -- Needs renaming with module prefix to avoid polluting the debugger
* namespace and causing possible collisions with other static fncs
* and structure declarations when using the debugger.
- * -- Just what should be in the first event message sent after subscription
- * for the WLANEvent field? If i pass it empty, Vista replies with OK
- * but apparently barfs on the message.
* -- The http error code generation is pretty bogus, hopefully noone cares.
*
* Author: Ted Merrill, Atheros Communications, based upon earlier work
@@ -641,6 +638,27 @@
}
+static struct wpabuf * build_fake_wsc_ack(void)
+{
+ struct wpabuf *msg = wpabuf_alloc(100);
+ if (msg == NULL)
+ return NULL;
+ wpabuf_put_u8(msg, UPNP_WPS_WLANEVENT_TYPE_EAP);
+ wpabuf_put_str(msg, "00:00:00:00:00:00");
+ wps_build_version(msg);
+ wps_build_msg_type(msg, WPS_WSC_ACK);
+ /* Enrollee Nonce */
+ wpabuf_put_be16(msg, ATTR_ENROLLEE_NONCE);
+ wpabuf_put_be16(msg, WPS_NONCE_LEN);
+ wpabuf_put(msg, WPS_NONCE_LEN);
+ /* Registrar Nonce */
+ wpabuf_put_be16(msg, ATTR_REGISTRAR_NONCE);
+ wpabuf_put_be16(msg, WPS_NONCE_LEN);
+ wpabuf_put(msg, WPS_NONCE_LEN);
+ return msg;
+}
+
+
/* subscription_first_event -- send format/queue event that is automatically
* sent on a new subscription.
*/
@@ -665,6 +683,28 @@
const char *tail = "</e:propertyset>\n";
char txt[10];
+ if (s->sm->wlanevent == NULL) {
+ /*
+ * There has been no events before the subscription. However,
+ * UPnP device architecture specification requires all the
+ * evented variables to be included, so generate a dummy event
+ * for this particular case using a WSC_ACK and all-zeros
+ * nonces. The ER (UPnP control point) will ignore this, but at
+ * least it will learn that WLANEvent variable will be used in
+ * event notifications in the future.
+ */
+ struct wpabuf *msg;
+ wpa_printf(MSG_DEBUG, "WPS UPnP: Use a fake WSC_ACK as the "
+ "initial WLANEvent");
+ msg = build_fake_wsc_ack();
+ if (msg) {
+ s->sm->wlanevent = (char *)
+ base64_encode(wpabuf_head(msg),
+ wpabuf_len(msg), NULL);
+ wpabuf_free(msg);
+ }
+ }
+
wlan_event = s->sm->wlanevent;
if (wlan_event == NULL || *wlan_event == '\0') {
wpa_printf(MSG_DEBUG, "WPS UPnP: WLANEvent not known for "
@@ -694,13 +734,13 @@
/**
- * subscription_start - Rremember a UPnP control point to send events to.
+ * subscription_start - Remember a UPnP control point to send events to.
* @sm: WPS UPnP state machine from upnp_wps_device_init()
- * @callback_urls: malloc' mem given to the subscription
+ * @callback_urls: Callback URLs
* Returns: %NULL on error, or pointer to new subscription structure.
*/
struct subscription * subscription_start(struct upnp_wps_device_sm *sm,
- char *callback_urls)
+ const char *callback_urls)
{
struct subscription *s;
time_t now = time(NULL);
@@ -740,7 +780,6 @@
}
wpa_printf(MSG_DEBUG, "WPS UPnP: Subscription %p started with %s",
s, callback_urls);
- os_free(callback_urls);
/* Schedule sending this */
event_send_all_later(sm);
return s;
@@ -967,8 +1006,7 @@
subscription_destroy(s);
}
- advertisement_state_machine_stop(sm);
- /* TODO: send byebye notifications */
+ advertisement_state_machine_stop(sm, 1);
event_send_stop_all(sm);
os_free(sm->wlanevent);
Modified: wpasupplicant/trunk/src/wps/wps_upnp_event.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps_upnp_event.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps_upnp_event.c (original)
+++ wpasupplicant/trunk/src/wps/wps_upnp_event.c Fri Jan 29 13:29:50 2010
@@ -89,7 +89,7 @@
/* event_delete -- delete single unqueued event
* (be sure to dequeue first if need be)
*/
-void event_delete(struct wps_event_ *e)
+static void event_delete(struct wps_event_ *e)
{
event_clean(e);
wpabuf_free(e->data);
@@ -432,7 +432,7 @@
/* event_send_all_later_handler -- actually send events as needed */
-void event_send_all_later_handler(void *eloop_data, void *user_ctx)
+static void event_send_all_later_handler(void *eloop_data, void *user_ctx)
{
struct upnp_wps_device_sm *sm = user_ctx;
struct subscription *s;
Modified: wpasupplicant/trunk/src/wps/wps_upnp_i.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps_upnp_i.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps_upnp_i.h (original)
+++ wpasupplicant/trunk/src/wps/wps_upnp_i.h Fri Jan 29 13:29:50 2010
@@ -160,7 +160,7 @@
/* wps_upnp.c */
void format_date(struct wpabuf *buf);
struct subscription * subscription_start(struct upnp_wps_device_sm *sm,
- char *callback_urls);
+ const char *callback_urls);
struct subscription * subscription_renew(struct upnp_wps_device_sm *sm,
const u8 uuid[UUID_LEN]);
void subscription_unlink(struct subscription *s);
@@ -172,7 +172,8 @@
/* wps_upnp_ssdp.c */
void msearchreply_state_machine_stop(struct advertisement_state_machine *a);
int advertisement_state_machine_start(struct upnp_wps_device_sm *sm);
-void advertisement_state_machine_stop(struct upnp_wps_device_sm *sm);
+void advertisement_state_machine_stop(struct upnp_wps_device_sm *sm,
+ int send_byebye);
void ssdp_listener_stop(struct upnp_wps_device_sm *sm);
int ssdp_listener_start(struct upnp_wps_device_sm *sm);
int add_ssdp_network(char *net_if);
@@ -185,7 +186,6 @@
/* wps_upnp_event.c */
int event_add(struct subscription *s, const struct wpabuf *data);
-void event_delete(struct wps_event_ *e);
void event_delete_all(struct subscription *s);
void event_send_all_later(struct upnp_wps_device_sm *sm);
void event_send_stop_all(struct upnp_wps_device_sm *sm);
Modified: wpasupplicant/trunk/src/wps/wps_upnp_ssdp.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps_upnp_ssdp.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps_upnp_ssdp.c (original)
+++ wpasupplicant/trunk/src/wps/wps_upnp_ssdp.c Fri Jan 29 13:29:50 2010
@@ -229,10 +229,41 @@
/**
* advertisement_state_machine_stop - Stop SSDP advertisements
* @sm: WPS UPnP state machine from upnp_wps_device_init()
- */
-void advertisement_state_machine_stop(struct upnp_wps_device_sm *sm)
-{
+ * @send_byebye: Send byebye advertisement messages immediately
+ */
+void advertisement_state_machine_stop(struct upnp_wps_device_sm *sm,
+ int send_byebye)
+{
+ struct advertisement_state_machine *a = &sm->advertisement;
+ int islast = 0;
+ struct wpabuf *msg;
+ struct sockaddr_in dest;
+
eloop_cancel_timeout(advertisement_state_machine_handler, NULL, sm);
+ if (!send_byebye || sm->multicast_sd < 0)
+ return;
+
+ a->type = ADVERTISE_DOWN;
+ a->state = 0;
+ a->sm = sm;
+
+ os_memset(&dest, 0, sizeof(dest));
+ dest.sin_family = AF_INET;
+ dest.sin_addr.s_addr = inet_addr(UPNP_MULTICAST_ADDRESS);
+ dest.sin_port = htons(UPNP_MULTICAST_PORT);
+
+ while (!islast) {
+ msg = next_advertisement(a, &islast);
+ if (msg == NULL)
+ break;
+ if (sendto(sm->multicast_sd, wpabuf_head(msg), wpabuf_len(msg),
+ 0, (struct sockaddr *) &dest, sizeof(dest)) < 0) {
+ wpa_printf(MSG_INFO, "WPS UPnP: Advertisement sendto "
+ "failed: %d (%s)", errno, strerror(errno));
+ }
+ wpabuf_free(msg);
+ a->state++;
+ }
}
@@ -318,7 +349,7 @@
struct advertisement_state_machine *a = &sm->advertisement;
int next_timeout_msec;
- advertisement_state_machine_stop(sm);
+ advertisement_state_machine_stop(sm, 0);
/*
* Start out advertising down, this automatically switches
@@ -461,7 +492,7 @@
a->type = MSEARCH_REPLY;
a->state = 0;
a->sm = sm;
- os_memcpy(&a->client, client, sizeof(client));
+ os_memcpy(&a->client, client, sizeof(*client));
/* Wait time depending on MX value */
next_timeout_msec = (1000 * mx * (os_random() & 0xFF)) >> 8;
next_timeout_sec = next_timeout_msec / 1000;
@@ -799,11 +830,11 @@
goto fail;
rt.rt_dev = net_if;
- sin = (struct sockaddr_in *) &rt.rt_dst;
+ sin = aliasing_hide_typecast(&rt.rt_dst, struct sockaddr_in);
sin->sin_family = AF_INET;
sin->sin_port = 0;
sin->sin_addr.s_addr = inet_addr(SSDP_TARGET);
- sin = (struct sockaddr_in *) &rt.rt_genmask;
+ sin = aliasing_hide_typecast(&rt.rt_genmask, struct sockaddr_in);
sin->sin_family = AF_INET;
sin->sin_port = 0;
sin->sin_addr.s_addr = inet_addr(SSDP_NETMASK);
Modified: wpasupplicant/trunk/src/wps/wps_upnp_web.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps_upnp_web.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps_upnp_web.c (original)
+++ wpasupplicant/trunk/src/wps/wps_upnp_web.c Fri Jan 29 13:29:50 2010
@@ -1578,7 +1578,6 @@
ret = HTTP_INTERNAL_SERVER_ERROR;
goto error;
}
- callback_urls = NULL; /* is now owned by subscription */
} else {
ret = HTTP_PRECONDITION_FAILED;
goto error;
@@ -1630,6 +1629,7 @@
http_put_empty(buf, ret);
send_wpabuf(c->sd, buf);
wpabuf_free(buf);
+ os_free(callback_urls);
}
Modified: wpasupplicant/trunk/wpa_supplicant/ChangeLog
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/ChangeLog?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/ChangeLog (original)
+++ wpasupplicant/trunk/wpa_supplicant/ChangeLog Fri Jan 29 13:29:50 2010
@@ -1,4 +1,21 @@
ChangeLog for wpa_supplicant
+
+2010-01-12 - v0.6.10
+ * fixed SHA-256 based key derivation function to match with the
+ standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
+ (note: this breaks interoperability with previous version) [Bug 307]
+ * changed driver_wext to disconnect at init/deinit to clear state
+ * added explicit disconnect on 4-way handshake failures
+ * added WPS workarounds for known interoperability issues with broken,
+ deployed implementation
+ * update IEEE 802.11w implementation to match with the published
+ standard
+ * do not send WPS M8 message when learning current AP configuration as
+ an external Registrar
+ * added a workaround for race condition between receive EAPOL frames
+ and association events
+ * fixed compilation with newer GnuTLS versions
+ * fixed PKCS#12 use with OpenSSL 1.0.0
2009-03-23 - v0.6.9
* driver_ndis: add PAE group address to the multicast address list to
Modified: wpasupplicant/trunk/wpa_supplicant/Makefile
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/Makefile?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/Makefile (original)
+++ wpasupplicant/trunk/wpa_supplicant/Makefile Fri Jan 29 13:29:50 2010
@@ -35,7 +35,6 @@
fi
echo CONFIG_DRIVER_HOSTAP=y >> .config
echo CONFIG_DRIVER_WEXT=y >> .config
- echo CONFIG_WIRELESS_EXTENSION=y >> .config
install: all
mkdir -p $(DESTDIR)$(BINDIR)
@@ -528,6 +527,7 @@
NEED_SHA256=y
NEED_BASE64=y
NEED_CRYPTO=y
+NEED_80211_COMMON=y
ifdef CONFIG_WPS_UPNP
CFLAGS += -DCONFIG_WPS_UPNP
@@ -555,6 +555,7 @@
endif
CONFIG_IEEE8021X_EAPOL=y
NEED_DH_GROUPS=y
+NEED_DH_GROUPS_ALL=y
endif
ifdef CONFIG_EAP_VENDOR_TEST
@@ -858,7 +859,6 @@
endif
ifdef CONFIG_WIRELESS_EXTENSION
-CFLAGS += -DCONFIG_WIRELESS_EXTENSION
OBJS_d += ../src/drivers/driver_wext.o
endif
@@ -977,6 +977,9 @@
ifdef NEED_DH_GROUPS
OBJS += ../src/crypto/dh_groups.o
+ifdef NEED_DH_GROUPS_ALL
+CFLAGS += -DALL_DH_GROUPS
+endif
endif
ifndef NEED_FIPS186_2_PRF
@@ -1002,6 +1005,10 @@
ifndef CONFIG_MAIN
CONFIG_MAIN=main
+endif
+
+ifdef CONFIG_DEBUG_SYSLOG
+CFLAGS += -DCONFIG_DEBUG_SYSLOG
endif
ifdef CONFIG_DEBUG_FILE
@@ -1145,6 +1152,16 @@
$(CC) -o $@ $(CFLAGS) -shared -rdynamic -fPIC $< \
-D$(*F:eap_%=eap_peer_%)_register=eap_peer_method_dynamic_init
+Q=@
+E=echo
+ifeq ($(V), 1)
+Q=
+E=true
+endif
+
+%.o: %.c
+ $(Q)$(CC) -c -o $@ $(CFLAGS) $<
+ @$(E) " CC " $<
wpa_supplicant.exe: wpa_supplicant
mv -f $< $@
@@ -1224,7 +1241,8 @@
clean:
$(MAKE) -C ../src clean
- rm -f core *~ *.o *.d eap_*.so $(ALL) $(WINALL)
+ rm -f core *~ *.o *.d eap_*.so $(ALL) $(WINALL) eapol_test preauth_test
+ rm -f wpa_priv
%.eps: %.fig
fig2dev -L eps $*.fig $*.eps
Modified: wpasupplicant/trunk/wpa_supplicant/README
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/README?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/README (original)
+++ wpasupplicant/trunk/wpa_supplicant/README Fri Jan 29 13:29:50 2010
@@ -397,10 +397,8 @@
Following options can be added to .config to select which driver
interfaces are included. Hermes driver interface needs to be downloaded
-from Agere (see above). CONFIG_WIRELESS_EXTENSION will be used
-automatically if any of the selected drivers need it.
-
-CONFIG_WIRELESS_EXTENSION=y
+from Agere (see above).
+
CONFIG_DRIVER_HOSTAP=y
CONFIG_DRIVER_HERMES=y
CONFIG_DRIVER_MADWIFI=y
@@ -426,7 +424,6 @@
CONFIG_DRIVER_IPW=y
CONFIG_DRIVER_BSD=y
CONFIG_DRIVER_NDIS=y
-CONFIG_WIRELESS_EXTENSION=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_EAP_MD5=y
CONFIG_EAP_MSCHAPV2=y
@@ -520,11 +517,11 @@
hostap = Host AP driver (Intersil Prism2/2.5/3) [default]
(this can also be used with Linuxant DriverLoader)
hermes = Agere Systems Inc. driver (Hermes-I/Hermes-II)
- madwifi = MADWIFI 802.11 support (Atheros, etc.)
+ madwifi = MADWIFI 802.11 support (Atheros, etc.) (deprecated; use wext)
atmel = ATMEL AT76C5XXx (USB, PCMCIA)
wext = Linux wireless extensions (generic)
ralink = Ralink Client driver
- ndiswrapper = Linux ndiswrapper
+ ndiswrapper = Linux ndiswrapper (deprecated; use wext)
broadcom = Broadcom wl.o driver
ipw = Intel ipw2100/2200 driver (old; use wext with Linux 2.6.13 or newer)
wired = wpa_supplicant wired Ethernet driver
Modified: wpasupplicant/trunk/wpa_supplicant/README-WPS
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/README-WPS?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/README-WPS (original)
+++ wpasupplicant/trunk/wpa_supplicant/README-WPS Fri Jan 29 13:29:50 2010
@@ -131,12 +131,17 @@
PIN method described above.
-If the client wants to operation in the Registrar role to configure an
+If the client wants to operate in the Registrar role to configure an
AP, wpa_supplicant is notified over the control interface, e.g., with
wpa_cli:
wpa_cli wps_reg <AP BSSID> <AP PIN>
(example: wpa_cli wps_reg 02:34:56:78:9a:bc 12345670)
+
+This is currently only used to fetch the current AP settings instead
+of actually changing them. The main difference with the wps_pin
+command is that wps_reg uses the AP PIN (e.g., from a label on the AP)
+instead of a PIN generated at the client.
Scanning
Modified: wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus.c (original)
+++ wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus.c Fri Jan 29 13:29:50 2010
@@ -540,6 +540,8 @@
wpa_s);
else if (!strcmp(method, "state"))
reply = wpas_dbus_iface_get_state(message, wpa_s);
+ else if (!strcmp(method, "scanning"))
+ reply = wpas_dbus_iface_get_scanning(message, wpa_s);
else if (!strcmp(method, "setBlobs"))
reply = wpas_dbus_iface_set_blobs(message, wpa_s);
else if (!strcmp(method, "removeBlobs"))
@@ -603,6 +605,9 @@
} else if (!strcmp(method, "getInterface")) {
reply = wpas_dbus_global_get_interface(
message, ctrl_iface->global);
+ } else if (!strcmp(method, "setDebugParams")) {
+ reply = wpas_dbus_global_set_debugparams(
+ message, ctrl_iface->global);
}
}
@@ -741,6 +746,58 @@
}
+/**
+ * wpa_supplicant_dbus_notify_scanning - send scanning status
+ * @wpa_s: %wpa_supplicant network interface data
+ * Returns: 0 on success, -1 on failure
+ *
+ * Notify listeners of interface scanning state changes
+ */
+void wpa_supplicant_dbus_notify_scanning(struct wpa_supplicant *wpa_s)
+{
+ struct ctrl_iface_dbus_priv *iface = wpa_s->global->dbus_ctrl_iface;
+ DBusMessage *_signal;
+ const char *path;
+ dbus_bool_t scanning = wpa_s->scanning ? TRUE : FALSE;
+
+ /* Do nothing if the control interface is not turned on */
+ if (iface == NULL)
+ return;
+
+ path = wpa_supplicant_get_dbus_path(wpa_s);
+ if (path == NULL) {
+ perror("wpa_supplicant_dbus_notify_scanning[dbus]: interface "
+ "didn't have a dbus path");
+ wpa_printf(MSG_ERROR,
+ "%s[dbus]: interface didn't have a dbus path; "
+ "can't send scanning signal.", __FUNCTION__);
+ return;
+ }
+ _signal = dbus_message_new_signal(path, WPAS_DBUS_IFACE_INTERFACE,
+ "Scanning");
+ if (_signal == NULL) {
+ perror("wpa_supplicant_dbus_notify_scanning[dbus]: couldn't "
+ "create dbus signal; likely out of memory");
+ wpa_printf(MSG_ERROR, "%s[dbus]: dbus control interface: not "
+ "enough memory to send scan results signal.",
+ __FUNCTION__);
+ return;
+ }
+
+ if (dbus_message_append_args(_signal,
+ DBUS_TYPE_BOOLEAN, &scanning,
+ DBUS_TYPE_INVALID)) {
+ dbus_connection_send(iface->con, _signal, NULL);
+ } else {
+ perror("wpa_supplicant_dbus_notify_scanning[dbus]: not enough "
+ "memory to construct signal.");
+ wpa_printf(MSG_ERROR, "%s[dbus]: not enough memory to "
+ "construct signal.", __FUNCTION__);
+ }
+ dbus_message_unref(_signal);
+}
+
+
#ifdef CONFIG_WPS
void wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s,
const struct wps_credential *cred)
@@ -794,6 +851,11 @@
out:
dbus_message_unref(_signal);
+}
+#else /* CONFIG_WPS */
+void wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s,
+ const struct wps_credential *cred)
+{
}
#endif /* CONFIG_WPS */
Modified: wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus.h (original)
+++ wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus.h Fri Jan 29 13:29:50 2010
@@ -83,6 +83,7 @@
wpa_supplicant_dbus_ctrl_iface_init(struct wpa_global *global);
void wpa_supplicant_dbus_ctrl_iface_deinit(struct ctrl_iface_dbus_priv *iface);
void wpa_supplicant_dbus_notify_scan_results(struct wpa_supplicant *wpa_s);
+void wpa_supplicant_dbus_notify_scanning(struct wpa_supplicant *wpa_s);
void wpa_supplicant_dbus_notify_state_change(struct wpa_supplicant *wpa_s,
wpa_states new_state,
wpa_states old_state);
@@ -127,6 +128,11 @@
}
static inline void
+wpa_supplicant_dbus_notify_scanning(struct wpa_supplicant *wpa_s)
+{
+}
+
+static inline void
wpa_supplicant_dbus_notify_state_change(struct wpa_supplicant *wpa_s,
wpa_states new_state,
wpa_states old_state)
Modified: wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus_handlers.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus_handlers.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus_handlers.c (original)
+++ wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus_handlers.c Fri Jan 29 13:29:50 2010
@@ -24,7 +24,11 @@
#include "ieee802_11_defs.h"
#include "wpas_glue.h"
#include "eapol_supp/eapol_supp_sm.h"
-
+#include "wpa.h"
+
+extern int wpa_debug_level;
+extern int wpa_debug_show_keys;
+extern int wpa_debug_timestamp;
/**
* wpas_dbus_new_invalid_opts_error - Return a new invalid options error message
@@ -277,6 +281,51 @@
return reply;
}
+/**
+ * wpas_dbus_global_set_debugparams- Set the debug params
+ * @message: Pointer to incoming dbus message
+ * @global: %wpa_supplicant global data structure
+ * Returns: a dbus message containing a UINT32 indicating success (1) or
+ * failure (0), or returns a dbus error message with more information
+ *
+ * Handler function for "setDebugParams" method call. Handles requests
+ * by dbus clients for the object path of an specific network interface.
+ */
+DBusMessage * wpas_dbus_global_set_debugparams(DBusMessage *message,
+ struct wpa_global *global)
+{
+ DBusMessage *reply = NULL;
+ int debug_level;
+ dbus_bool_t debug_timestamp;
+ dbus_bool_t debug_show_keys;
+
+ if (!dbus_message_get_args(message, NULL,
+ DBUS_TYPE_INT32, &debug_level,
+ DBUS_TYPE_BOOLEAN, &debug_timestamp,
+ DBUS_TYPE_BOOLEAN, &debug_show_keys,
+ DBUS_TYPE_INVALID)) {
+ reply = wpas_dbus_new_invalid_opts_error(message, NULL);
+ goto out;
+ }
+
+ /* check for allowed debuglevels */
+ if (debug_level != MSG_MSGDUMP &&
+ debug_level != MSG_DEBUG &&
+ debug_level != MSG_INFO &&
+ debug_level != MSG_WARNING &&
+ debug_level != MSG_ERROR) {
+ reply = wpas_dbus_new_invalid_opts_error(message, NULL);
+ goto out;
+ }
+
+ wpa_debug_level = debug_level;
+ wpa_debug_timestamp = debug_timestamp ? 1 : 0;
+ wpa_debug_show_keys = debug_show_keys ? 1 : 0;
+ reply = wpas_dbus_new_success_reply(message);
+
+out:
+ return reply;
+}
/**
* wpas_dbus_iface_scan - Request a wireless scan on an interface
@@ -1246,8 +1295,11 @@
wpa_s->conf->pkcs11_module_path = pkcs11_module_path;
#endif /* EAP_TLS_OPENSSL */
+ wpa_sm_set_eapol(wpa_s->wpa, NULL);
eapol_sm_deinit(wpa_s->eapol);
+ wpa_s->eapol = NULL;
wpa_supplicant_init_eapol(wpa_s);
+ wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
return wpas_dbus_new_success_reply(message);
@@ -1278,6 +1330,35 @@
str_state = wpa_supplicant_state_txt(wpa_s->wpa_state);
dbus_message_append_args(reply, DBUS_TYPE_STRING, &str_state,
DBUS_TYPE_INVALID);
+ }
+
+ return reply;
+}
+
+
+/**
+ * wpas_dbus_iface_get_scanning - Get interface scanning state
+ * @message: Pointer to incoming dbus message
+ * @wpa_s: wpa_supplicant structure for a network interface
+ * Returns: A dbus message containing whether the interface is scanning
+ *
+ * Handler function for "scanning" method call.
+ */
+DBusMessage * wpas_dbus_iface_get_scanning(DBusMessage *message,
+ struct wpa_supplicant *wpa_s)
+{
+ DBusMessage *reply = NULL;
+ dbus_bool_t scanning = wpa_s->scanning ? TRUE : FALSE;
+
+ reply = dbus_message_new_method_return(message);
+ if (reply != NULL) {
+ dbus_message_append_args(reply, DBUS_TYPE_BOOLEAN, &scanning,
+ DBUS_TYPE_INVALID);
+ } else {
+ perror("wpas_dbus_iface_get_scanning[dbus]: out of "
+ "memory.");
+ wpa_printf(MSG_ERROR, "dbus control interface: not enough "
+ "memory to return scanning state.");
}
return reply;
Modified: wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus_handlers.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus_handlers.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus_handlers.h (original)
+++ wpasupplicant/trunk/wpa_supplicant/ctrl_iface_dbus_handlers.h Fri Jan 29 13:29:50 2010
@@ -27,6 +27,9 @@
DBusMessage * wpas_dbus_global_get_interface(DBusMessage *message,
struct wpa_global *global);
+
+DBusMessage * wpas_dbus_global_set_debugparams(DBusMessage *message,
+ struct wpa_global *global);
DBusMessage * wpas_dbus_iface_scan(DBusMessage *message,
struct wpa_supplicant *wpa_s);
@@ -74,6 +77,9 @@
DBusMessage * wpas_dbus_iface_get_state(DBusMessage *message,
struct wpa_supplicant *wpa_s);
+DBusMessage * wpas_dbus_iface_get_scanning(DBusMessage *message,
+ struct wpa_supplicant *wpa_s);
+
DBusMessage * wpas_dbus_iface_set_blobs(DBusMessage *message,
struct wpa_supplicant *wpa_s);
Modified: wpasupplicant/trunk/wpa_supplicant/ctrl_iface_unix.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/ctrl_iface_unix.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/ctrl_iface_unix.c (original)
+++ wpasupplicant/trunk/wpa_supplicant/ctrl_iface_unix.c Fri Jan 29 13:29:50 2010
@@ -329,6 +329,14 @@
if (gid_set && chown(dir, -1, gid) < 0) {
perror("chown[ctrl_interface]");
+ goto fail;
+ }
+
+ /* Make sure the group can enter and read the directory */
+ if (gid_set &&
+ chmod(dir, S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP) < 0) {
+ wpa_printf(MSG_ERROR, "CTRL: chmod[ctrl_interface]: %s",
+ strerror(errno));
goto fail;
}
Modified: wpasupplicant/trunk/wpa_supplicant/defconfig
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/defconfig?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/defconfig (original)
+++ wpasupplicant/trunk/wpa_supplicant/defconfig Fri Jan 29 13:29:50 2010
@@ -50,6 +50,7 @@
#CFLAGS += -I../../include/wireless
# Driver interface for madwifi driver
+# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
#CONFIG_DRIVER_MADWIFI=y
# Set include directory to the madwifi source tree
#CFLAGS += -I../../madwifi
@@ -60,6 +61,7 @@
#CONFIG_DRIVER_PRISM54=y
# Driver interface for ndiswrapper
+# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
#CONFIG_DRIVER_NDISWRAPPER=y
# Driver interface for Atmel driver
@@ -74,6 +76,7 @@
#CFLAGS += -I/opt/WRT54GS/release/src/include
# Driver interface for Intel ipw2100/2200 driver
+# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
#CONFIG_DRIVER_IPW=y
# Driver interface for Ralink driver
Added: wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_background.8
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_background.8?rev=1456&op=file
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_background.8 (added)
+++ wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_background.8 Fri Jan 29 13:29:50 2010
@@ -1,0 +1,84 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_BACKGROUND" "8" "12 January 2010" "" ""
+
+.SH NAME
+wpa_background \- Background information on Wi-Fi Protected Access and IEEE 802.11i
+.SH "WPA"
+.PP
+The original security mechanism of IEEE 802.11 standard was
+not designed to be strong and has proven to be insufficient for
+most networks that require some kind of security. Task group I
+(Security) of IEEE 802.11 working group
+(http://www.ieee802.org/11/) has worked to address the flaws of
+the base standard and has in practice completed its work in May
+2004. The IEEE 802.11i amendment to the IEEE 802.11 standard was
+approved in June 2004 and published in July 2004.
+.PP
+Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version
+of the IEEE 802.11i work (draft 3.0) to define a subset of the
+security enhancements that can be implemented with existing wlan
+hardware. This is called Wi-Fi Protected Access<TM> (WPA). This
+has now become a mandatory component of interoperability testing
+and certification done by Wi-Fi Alliance. Wi-Fi provides
+information about WPA at its web site
+(http://www.wi-fi.org/OpenSection/protected_access.asp).
+.PP
+IEEE 802.11 standard defined wired equivalent privacy (WEP)
+algorithm for protecting wireless networks. WEP uses RC4 with
+40-bit keys, 24-bit initialization vector (IV), and CRC32 to
+protect against packet forgery. All these choices have proven to
+be insufficient: key space is too small against current attacks,
+RC4 key scheduling is insufficient (beginning of the pseudorandom
+stream should be skipped), IV space is too small and IV reuse
+makes attacks easier, there is no replay protection, and non-keyed
+authentication does not protect against bit flipping packet
+data.
+.PP
+WPA is an intermediate solution for the security issues. It
+uses Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP
+is a compromise on strong security and possibility to use existing
+hardware. It still uses RC4 for the encryption like WEP, but with
+per-packet RC4 keys. In addition, it implements replay protection,
+keyed packet authentication mechanism (Michael MIC).
+.PP
+Keys can be managed using two different mechanisms. WPA can
+either use an external authentication server (e.g., RADIUS) and
+EAP just like IEEE 802.1X is using or pre-shared keys without need
+for additional servers. Wi-Fi calls these "WPA-Enterprise" and
+"WPA-Personal", respectively. Both mechanisms will generate a
+master session key for the Authenticator (AP) and Supplicant
+(client station).
+.PP
+WPA implements a new key handshake (4-Way Handshake and
+Group Key Handshake) for generating and exchanging data encryption
+keys between the Authenticator and Supplicant. This handshake is
+also used to verify that both Authenticator and Supplicant know
+the master session key. These handshakes are identical regardless
+of the selected key management mechanism (only the method for
+generating master session key changes).
+.SH "IEEE 802.11I / WPA2"
+.PP
+The design for parts of IEEE 802.11i that were not included
+in WPA has finished (May 2004) and this amendment to IEEE 802.11
+was approved in June 2004. Wi-Fi Alliance is using the final IEEE
+802.11i as a new version of WPA called WPA2. This includes, e.g.,
+support for more robust encryption algorithm (CCMP: AES in Counter
+mode with CBC-MAC) to replace TKIP and optimizations for handoff
+(reduced number of messages in initial key handshake,
+pre-authentication, and PMKSA caching).
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_cli.8
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_cli.8?rev=1456&op=file
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_cli.8 (added)
+++ wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_cli.8 Fri Jan 29 13:29:50 2010
@@ -1,0 +1,210 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_CLI" "8" "12 January 2010" "" ""
+
+.SH NAME
+wpa_cli \- WPA command line client
+.SH SYNOPSIS
+
+\fBwpa_cli\fR [ \fB-p \fIpath to ctrl sockets\fB\fR ] [ \fB-i \fIifname\fB\fR ] [ \fB-hvB\fR ] [ \fB-a \fIaction file\fB\fR ] [ \fB-P \fIpid file\fB\fR ] [ \fB\fIcommand ...\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+wpa_cli is a text-based frontend program for interacting
+with wpa_supplicant. It is used to query current status, change
+configuration, trigger events, and request interactive user
+input.
+.PP
+wpa_cli can show the current authentication status, selected
+security mode, dot11 and dot1x MIBs, etc. In addition, it can
+configure some variables like EAPOL state machine parameters and
+trigger events like reassociation and IEEE 802.1X
+logoff/logon. wpa_cli provides a user interface to request
+authentication information, like username and password, if these
+are not included in the configuration. This can be used to
+implement, e.g., one-time-passwords or generic token card
+authentication where the authentication is based on a
+challenge-response that uses an external device for generating the
+response.
+.PP
+The control interface of wpa_supplicant can be configured to
+allow non-root user access (ctrl_interface GROUP= parameter in the
+configuration file). This makes it possible to run wpa_cli with a
+normal user account.
+.PP
+wpa_cli supports two modes: interactive and command
+line. Both modes share the same command set and the main
+difference is in interactive mode providing access to unsolicited
+messages (event messages, username/password requests).
+.PP
+Interactive mode is started when wpa_cli is executed without
+including the command as a command line parameter. Commands are
+then entered on the wpa_cli prompt. In command line mode, the same
+commands are entered as command line arguments for wpa_cli.
+.SH "INTERACTIVE AUTHENTICATION PARAMETERS REQUEST"
+.PP
+When wpa_supplicant need authentication parameters, like
+username and password, which are not present in the configuration
+file, it sends a request message to all attached frontend programs,
+e.g., wpa_cli in interactive mode. wpa_cli shows these requests
+with "CTRL-REQ-<type>-<id>:<text>"
+prefix. <type> is IDENTITY, PASSWORD, or OTP
+(one-time-password). <id> is a unique identifier for the
+current network. <text> is description of the request. In
+case of OTP request, it includes the challenge from the
+authentication server.
+.PP
+The reply to these requests can be given with
+\fBidentity\fR, \fBpassword\fR, and
+\fBotp\fR commands. <id> needs to be copied from
+the matching request. \fBpassword\fR and
+\fBotp\fR commands can be used regardless of whether
+the request was for PASSWORD or OTP. The main difference between these
+two commands is that values given with \fBpassword\fR are
+remembered as long as wpa_supplicant is running whereas values given
+with \fBotp\fR are used only once and then forgotten,
+i.e., wpa_supplicant will ask frontend for a new value for every use.
+This can be used to implement one-time-password lists and generic token
+card -based authentication.
+.PP
+Example request for password and a matching reply:
+.sp
+.RS
+
+.nf
+CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
+> password 1 mysecretpassword
+.fi
+.RE
+.PP
+Example request for generic token card challenge-response:
+.sp
+.RS
+
+.nf
+CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
+> otp 2 9876
+.fi
+.RE
+.SH "COMMAND ARGUMENTS"
+.TP
+\fB-p path\fR
+Change the path where control sockets should
+be found.
+.TP
+\fB-i ifname\fR
+Specify the interface that is being
+configured. By default, choose the first interface found with
+a control socket in the socket path.
+.TP
+\fB-h\fR
+Help. Show a usage message.
+.TP
+\fB-v\fR
+Show version information.
+.TP
+\fB-B\fR
+Run as a daemon in the background.
+.TP
+\fB-a file\fR
+Run in daemon mode executing the action file
+based on events from wpa_supplicant. The specified file will
+be executed with the first argument set to interface name and
+second to "CONNECTED" or "DISCONNECTED" depending on the event.
+This can be used to execute networking tools required to configure
+the interface.
+
+Additionally, three environmental variables are available to
+the file: WPA_CTRL_DIR, WPA_ID, and WPA_ID_STR. WPA_CTRL_DIR
+contains the absolute path to the ctrl_interface socket. WPA_ID
+contains the unique network_id identifier assigned to the active
+network, and WPA_ID_STR contains the content of the id_str option.
+.TP
+\fB-P file\fR
+Set the location of the PID
+file.
+.TP
+\fBcommand\fR
+Run a command. The available commands are
+listed in the next section.
+.SH "COMMANDS"
+.PP
+The following commands are available:
+.TP
+\fBstatus\fR
+get current WPA/EAPOL/EAP status
+.TP
+\fBmib\fR
+get MIB variables (dot1x, dot11)
+.TP
+\fBhelp\fR
+show this usage help
+.TP
+\fBinterface [ifname]\fR
+show interfaces/select interface
+.TP
+\fBlevel <debug level>\fR
+change debug level
+.TP
+\fBlicense\fR
+show full wpa_cli license
+.TP
+\fBlogoff\fR
+IEEE 802.1X EAPOL state machine logoff
+.TP
+\fBlogon\fR
+IEEE 802.1X EAPOL state machine logon
+.TP
+\fBset\fR
+set variables (shows list of variables when run without arguments)
+.TP
+\fBpmksa\fR
+show PMKSA cache
+.TP
+\fBreassociate\fR
+force reassociation
+.TP
+\fBreconfigure\fR
+force wpa_supplicant to re-read its configuration file
+.TP
+\fBpreauthenticate <BSSID>\fR
+force preauthentication
+.TP
+\fBidentity <network id> <identity>\fR
+configure identity for an SSID
+.TP
+\fBpassword <network id> <password>\fR
+configure password for an SSID
+.TP
+\fBpin <network id> <pin>\fR
+configure pin for an SSID
+.TP
+\fBotp <network id> <password>\fR
+configure one-time-password for an SSID
+.TP
+\fBbssid <network id> <BSSID>\fR
+set preferred BSSID for an SSID
+.TP
+\fBlist_networks\fR
+list configured networks
+.TP
+\fBterminate\fR
+terminate \fBwpa_supplicant\fR
+.TP
+\fBquit\fR
+exit wpa_cli
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_gui.8
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_gui.8?rev=1456&op=file
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_gui.8 (added)
+++ wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_gui.8 Fri Jan 29 13:29:50 2010
@@ -1,0 +1,51 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_GUI" "8" "12 January 2010" "" ""
+
+.SH NAME
+wpa_gui \- WPA Graphical User Interface
+.SH SYNOPSIS
+
+\fBwpa_gui\fR [ \fB-p \fIpath to ctrl sockets\fB\fR ] [ \fB-i \fIifname\fB\fR ] [ \fB-t\fR ]
+
+.SH "OVERVIEW"
+.PP
+wpa_gui is a QT graphical frontend program for interacting
+with wpa_supplicant. It is used to query current status, change
+configuration and request interactive user input.
+.PP
+wpa_gui supports (almost) all of the interactive status and
+configuration features of the command line client, wpa_cli. Refer
+to the wpa_cli manpage for a comprehensive list of the
+interactive mode features.
+.SH "COMMAND ARGUMENTS"
+.TP
+\fB-p path\fR
+Change the path where control sockets should
+be found.
+.TP
+\fB-i ifname\fR
+Specify the interface that is being
+configured. By default, choose the first interface found with
+a control socket in the socket path.
+.TP
+\fB-t\fR
+Start program in the system tray only (if the window
+manager supports it). By default the main status window is
+shown.
+.SH "SEE ALSO"
+.PP
+\fBwpa_cli\fR(8)
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_passphrase.8
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_passphrase.8?rev=1456&op=file
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_passphrase.8 (added)
+++ wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_passphrase.8 Fri Jan 29 13:29:50 2010
@@ -1,0 +1,40 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_PASSPHRASE" "8" "12 January 2010" "" ""
+
+.SH NAME
+wpa_passphrase \- Generate a WPA PSK from an ASCII passphrase for a SSID
+.SH SYNOPSIS
+
+\fBwpa_passphrase\fR [ \fB\fIssid\fB\fR ] [ \fB\fIpassphrase\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+\fBwpa_passphrase\fR pre-computes PSK entries for
+network configuration blocks of a
+\fIwpa_supplicant.conf\fR file. An ASCII passphrase
+and SSID are used to generate a 256-bit PSK.
+.SH "OPTIONS"
+.TP
+\fBssid\fR
+The SSID whose passphrase should be derived.
+.TP
+\fBpassphrase\fR
+The passphrase to use. If not included on the command line,
+passphrase will be read from standard input.
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant.conf\fR(5)
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_priv.8
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_priv.8?rev=1456&op=file
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_priv.8 (added)
+++ wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_priv.8 Fri Jan 29 13:29:50 2010
@@ -1,0 +1,120 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_PRIV" "8" "12 January 2010" "" ""
+
+.SH NAME
+wpa_priv \- wpa_supplicant privilege separation helper
+.SH SYNOPSIS
+
+\fBwpa_priv\fR [ \fB-c \fIctrl path\fB\fR ] [ \fB-Bdd\fR ] [ \fB-P \fIpid file\fB\fR ] [ \fBdriver:ifname \fI[driver:ifname ...]\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+\fBwpa_priv\fR is a privilege separation helper that
+minimizes the size of \fBwpa_supplicant\fR code that needs
+to be run with root privileges.
+.PP
+If enabled, privileged operations are done in the wpa_priv process
+while leaving rest of the code (e.g., EAP authentication and WPA
+handshakes) to operate in an unprivileged process (wpa_supplicant) that
+can be run as non-root user. Privilege separation restricts the effects
+of potential software errors by containing the majority of the code in an
+unprivileged process to avoid the possibility of a full system
+compromise.
+.PP
+\fBwpa_priv\fR needs to be run with network admin
+privileges (usually, root user). It opens a UNIX domain socket for each
+interface that is included on the command line; any other interface will
+be off limits for \fBwpa_supplicant\fR in this kind of
+configuration. After this, \fBwpa_supplicant\fR can be run as
+a non-root user (e.g., all standard users on a laptop or as a special
+non-privileged user account created just for this purpose to limit access
+to user files even further).
+.SH "EXAMPLE CONFIGURATION"
+.PP
+The following steps are an example of how to configure
+\fBwpa_priv\fR to allow users in the
+\fBwpapriv\fR group to communicate with
+\fBwpa_supplicant\fR with privilege separation:
+.PP
+Create user group (e.g., wpapriv) and assign users that
+should be able to use wpa_supplicant into that group.
+.PP
+Create /var/run/wpa_priv directory for UNIX domain sockets and
+control user access by setting it accessible only for the wpapriv
+group:
+.sp
+.RS
+
+.nf
+mkdir /var/run/wpa_priv
+chown root:wpapriv /var/run/wpa_priv
+chmod 0750 /var/run/wpa_priv
+.fi
+.RE
+.PP
+Start \fBwpa_priv\fR as root (e.g., from system
+startup scripts) with the enabled interfaces configured on the
+command line:
+.sp
+.RS
+
+.nf
+wpa_priv -B -c /var/run/wpa_priv -P /var/run/wpa_priv.pid wext:wlan0
+.fi
+.RE
+.PP
+Run \fBwpa_supplicant\fR as non-root with a user
+that is in the wpapriv group:
+.sp
+.RS
+
+.nf
+wpa_supplicant -i ath0 -c wpa_supplicant.conf
+.fi
+.RE
+.SH "COMMAND ARGUMENTS"
+.TP
+\fB-c ctrl path\fR
+Specify the path to wpa_priv control directory
+(Default: /var/run/wpa_priv/).
+.TP
+\fB-B\fR
+Run as a daemon in the background.
+.TP
+\fB-P file\fR
+Set the location of the PID
+file.
+.TP
+\fBdriver:ifname [driver:ifname ...]\fR
+The <driver> string dictates which of the
+supported \fBwpa_supplicant\fR driver backends is to be
+used. To get a list of supported driver types see wpa_supplicant help
+(e.g, wpa_supplicant -h). The driver backend supported by most good
+drivers is \fBwext\fR\&.
+
+The <ifname> string specifies which network
+interface is to be managed by \fBwpa_supplicant\fR
+(e.g., wlan0 or ath0).
+
+\fBwpa_priv\fR does not use the network interface
+before \fBwpa_supplicant\fR is started, so it is fine to
+include network interfaces that are not available at the time wpa_priv
+is started. wpa_priv can control multiple interfaces with one process,
+but it is also possible to run multiple \fBwpa_priv\fR
+processes at the same time, if desired.
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_supplicant.8
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_supplicant.8?rev=1456&op=file
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_supplicant.8 (added)
+++ wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_supplicant.8 Fri Jan 29 13:29:50 2010
@@ -1,0 +1,571 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_SUPPLICANT" "8" "12 January 2010" "" ""
+
+.SH NAME
+wpa_supplicant \- Wi-Fi Protected Access client and IEEE 802.1X supplicant
+.SH SYNOPSIS
+
+\fBwpa_supplicant\fR [ \fB-BddfhKLqqtuvW\fR ] [ \fB-i\fIifname\fB\fR ] [ \fB-c\fIconfig file\fB\fR ] [ \fB-D\fIdriver\fB\fR ] [ \fB-P\fIPID_file\fB\fR ] [ \fB-f\fIoutput file\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+Wireless networks do not require physical access to the network equipment
+in the same way as wired networks. This makes it easier for unauthorized
+users to passively monitor a network and capture all transmitted frames.
+In addition, unauthorized use of the network is much easier. In many cases,
+this can happen even without user's explicit knowledge since the wireless
+LAN adapter may have been configured to automatically join any available
+network.
+.PP
+Link-layer encryption can be used to provide a layer of security for
+wireless networks. The original wireless LAN standard, IEEE 802.11,
+included a simple encryption mechanism, WEP. However, that proved to
+be flawed in many areas and network protected with WEP cannot be consider
+secure. IEEE 802.1X authentication and frequently changed dynamic WEP keys
+can be used to improve the network security, but even that has inherited
+security issues due to the use of WEP for encryption. Wi-Fi Protected
+Access and IEEE 802.11i amendment to the wireless LAN standard introduce
+a much improvement mechanism for securing wireless networks. IEEE 802.11i
+enabled networks that are using CCMP (encryption mechanism based on strong
+cryptographic algorithm AES) can finally be called secure used for
+applications which require efficient protection against unauthorized
+access.
+.PP
+\fBwpa_supplicant\fR is an implementation of
+the WPA Supplicant component, i.e., the part that runs in the
+client stations. It implements WPA key negotiation with a WPA
+Authenticator and EAP authentication with Authentication
+Server. In addition, it controls the roaming and IEEE 802.11
+authentication/association of the wireless LAN driver.
+.PP
+\fBwpa_supplicant\fR is designed to be a
+"daemon" program that runs in the background and acts as the
+backend component controlling the wireless
+connection. \fBwpa_supplicant\fR supports separate
+frontend programs and an example text-based frontend,
+\fBwpa_cli\fR, is included with
+wpa_supplicant.
+.PP
+Before wpa_supplicant can do its work, the network interface
+must be available. That means that the physical device must be
+present and enabled, and the driver for the device must be
+loaded. The daemon will exit immediately if the device is not already
+available.
+.PP
+After \fBwpa_supplicant\fR has configured the
+network device, higher level configuration such as DHCP may
+proceed. There are a variety of ways to integrate wpa_supplicant
+into a machine's networking scripts, a few of which are described
+in sections below.
+.PP
+The following steps are used when associating with an AP
+using WPA:
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR requests the kernel
+driver to scan neighboring BSSes
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR selects a BSS based on
+its configuration
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR requests the kernel
+driver to associate with the chosen BSS
+.TP 0.2i
+\(bu
+If WPA-EAP: integrated IEEE 802.1X Supplicant
+completes EAP authentication with the
+authentication server (proxied by the Authenticator in the
+AP)
+.TP 0.2i
+\(bu
+If WPA-EAP: master key is received from the IEEE 802.1X
+Supplicant
+.TP 0.2i
+\(bu
+If WPA-PSK: \fBwpa_supplicant\fR uses PSK
+as the master session key
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR completes WPA 4-Way
+Handshake and Group Key Handshake with the Authenticator
+(AP)
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR configures encryption
+keys for unicast and broadcast
+.TP 0.2i
+\(bu
+normal data packets can be transmitted and received
+.SH "SUPPORTED FEATURES"
+.PP
+Supported WPA/IEEE 802.11i features:
+.TP 0.2i
+\(bu
+WPA-PSK ("WPA-Personal")
+.TP 0.2i
+\(bu
+WPA with EAP (e.g., with RADIUS authentication server)
+("WPA-Enterprise") Following authentication methods are
+supported with an integrate IEEE 802.1X Supplicant:
+.RS
+.TP 0.2i
+\(bu
+EAP-TLS
+.RE
+.RS
+.TP 0.2i
+\(bu
+EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/OTP (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-MD5-Challenge
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-GTC
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-OTP
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-MSCHAPv2
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-TLS
+.TP 0.2i
+\(bu
+EAP-TTLS/MSCHAPv2
+.TP 0.2i
+\(bu
+EAP-TTLS/MSCHAP
+.TP 0.2i
+\(bu
+EAP-TTLS/PAP
+.TP 0.2i
+\(bu
+EAP-TTLS/CHAP
+.TP 0.2i
+\(bu
+EAP-SIM
+.TP 0.2i
+\(bu
+EAP-AKA
+.TP 0.2i
+\(bu
+EAP-PSK
+.TP 0.2i
+\(bu
+EAP-PAX
+.TP 0.2i
+\(bu
+LEAP (note: requires special support from
+the driver for IEEE 802.11 authentication)
+.TP 0.2i
+\(bu
+(following methods are supported, but since
+they do not generate keying material, they cannot be used
+with WPA or IEEE 802.1X WEP keying)
+.TP 0.2i
+\(bu
+EAP-MD5-Challenge
+.TP 0.2i
+\(bu
+EAP-MSCHAPv2
+.TP 0.2i
+\(bu
+EAP-GTC
+.TP 0.2i
+\(bu
+EAP-OTP
+.RE
+.TP 0.2i
+\(bu
+key management for CCMP, TKIP, WEP104, WEP40
+.TP 0.2i
+\(bu
+RSN/WPA2 (IEEE 802.11i)
+.RS
+.TP 0.2i
+\(bu
+pre-authentication
+.TP 0.2i
+\(bu
+PMKSA caching
+.RE
+.SH "AVAILABLE DRIVERS"
+.PP
+A summary of available driver backends is below. Support for each
+of the driver backends is chosen at wpa_supplicant compile time. For a
+list of supported driver backends that may be used with the -D option on
+your system, refer to the help output of wpa_supplicant
+(\fBwpa_supplicant -h\fR).
+.TP
+\fBhostap\fR
+(default) Host AP driver (Intersil Prism2/2.5/3).
+(this can also be used with Linuxant DriverLoader).
+.TP
+\fBhermes\fR
+Agere Systems Inc. driver (Hermes-I/Hermes-II).
+.TP
+\fBmadwifi\fR
+MADWIFI 802.11 support (Atheros, etc.).
+.TP
+\fBatmel\fR
+ATMEL AT76C5XXx (USB, PCMCIA).
+.TP
+\fBwext\fR
+Linux wireless extensions (generic).
+.TP
+\fBndiswrapper\fR
+Linux ndiswrapper.
+.TP
+\fBbroadcom\fR
+Broadcom wl.o driver.
+.TP
+\fBipw\fR
+Intel ipw2100/2200 driver.
+.TP
+\fBwired\fR
+wpa_supplicant wired Ethernet driver
+.TP
+\fBroboswitch\fR
+wpa_supplicant Broadcom switch driver
+.TP
+\fBbsd\fR
+BSD 802.11 support (Atheros, etc.).
+.TP
+\fBndis\fR
+Windows NDIS driver.
+.SH "COMMAND LINE OPTIONS"
+.PP
+Most command line options have global scope. Some are given per
+interface, and are only valid if at least one \fB-i\fR option
+is specified, otherwise they're ignored. Option groups for different
+interfaces must be separated by \fB-N\fR option.
+.TP
+\fB-b br_ifname\fR
+Optional bridge interface name. (Per interface)
+.TP
+\fB-B\fR
+Run daemon in the background.
+.TP
+\fB-c filename\fR
+Path to configuration file. (Per interface)
+.TP
+\fB-C ctrl_interface\fR
+Path to ctrl_interface socket (Per interface. Only used if
+\fB-c\fR is not).
+.TP
+\fB-i ifname\fR
+Interface to listen on. Multiple instances of this option can
+be present, one per interface, separated by \fB-N\fR
+option (see below).
+.TP
+\fB-d\fR
+Increase debugging verbosity (\fB-dd\fR even
+more).
+.TP
+\fB-D driver\fR
+Driver to use. (Per interface, see the available options
+below.)
+.TP
+\fB-f output file\fR
+Log output to specified file instead of stdout.
+.TP
+\fB-g global ctrl_interface\fR
+Path to global ctrl_interface socket. If specified, interface
+definitions may be omitted.
+.TP
+\fB-K\fR
+Include keys (passwords, etc.) in debug output.
+.TP
+\fB-t\fR
+Include timestamp in debug messages.
+.TP
+\fB-h\fR
+Help. Show a usage message.
+.TP
+\fB-L\fR
+Show license (GPL and BSD).
+.TP
+\fB-p\fR
+Driver parameters. (Per interface)
+.TP
+\fB-P PID_file\fR
+Path to PID file.
+.TP
+\fB-q\fR
+Decrease debugging verbosity (\fB-qq\fR even
+less).
+.TP
+\fB-u\fR
+Enabled DBus control interface. If enabled, interface
+definitions may be omitted.
+.TP
+\fB-v\fR
+Show version.
+.TP
+\fB-W\fR
+Wait for a control interface monitor before starting.
+.TP
+\fB-N\fR
+Start describing new interface.
+.SH "EXAMPLES"
+.PP
+In most common cases, \fBwpa_supplicant\fR is
+started with:
+.sp
+.RS
+
+.nf
+wpa_supplicant -B -c/etc/wpa_supplicant.conf -iwlan0
+.fi
+.RE
+.PP
+This makes the process fork into background.
+.PP
+The easiest way to debug problems, and to get debug log for
+bug reports, is to start \fBwpa_supplicant\fR on
+foreground with debugging enabled:
+.sp
+.RS
+
+.nf
+wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d
+.fi
+.RE
+.PP
+\fBwpa_supplicant\fR can control multiple
+interfaces (radios) either by running one process for each
+interface separately or by running just one process and list of
+options at command line. Each interface is separated with -N
+argument. As an example, following command would start
+wpa_supplicant for two interfaces:
+.sp
+.RS
+
+.nf
+wpa_supplicant \\
+ -c wpa1.conf -i wlan0 -D hostap -N \\
+ -c wpa2.conf -i ath0 -D madwifi
+.fi
+.RE
+.SH "OS REQUIREMENTS"
+.PP
+Current hardware/software requirements:
+.TP 0.2i
+\(bu
+Linux kernel 2.4.x or 2.6.x with Linux Wireless
+Extensions v15 or newer
+.TP 0.2i
+\(bu
+FreeBSD 6-CURRENT
+.TP 0.2i
+\(bu
+Microsoft Windows with WinPcap (at least WinXP, may work
+with other versions)
+.SH "SUPPORTED DRIVERS"
+.TP
+\fBHost AP driver for Prism2/2.5/3 (development snapshot/v0.2.x)\fR
+(http://hostap.epitest.fi/) Driver needs to be set in
+Managed mode (\fBiwconfig wlan0 mode managed\fR).
+Please note that station firmware version needs to be 1.7.0 or
+newer to work in WPA mode.
+.TP
+\fBLinuxant DriverLoader\fR
+(http://www.linuxant.com/driverloader/)
+with Windows NDIS driver for your wlan card supporting WPA.
+.TP
+\fBAgere Systems Inc. Linux Driver\fR
+(http://www.agere.com/support/drivers/) Please note
+that the driver interface file (driver_hermes.c) and hardware
+specific include files are not included in the wpa_supplicant
+distribution. You will need to copy these from the source
+package of the Agere driver.
+.TP
+\fBmadwifi driver for cards based on Atheros chip set (ar521x)\fR
+(http://sourceforge.net/projects/madwifi/) Please
+note that you will need to modify the wpa_supplicant .config
+file to use the correct path for the madwifi driver root
+directory (CFLAGS += -I../madwifi/wpa line in example
+defconfig).
+.TP
+\fBATMEL AT76C5XXx driver for USB and PCMCIA cards\fR
+(http://atmelwlandriver.sourceforge.net/).
+.TP
+\fBLinux ndiswrapper\fR
+(http://ndiswrapper.sourceforge.net/) with Windows
+NDIS driver.
+.TP
+\fBBroadcom wl.o driver\fR
+This is a generic Linux driver for Broadcom IEEE
+802.11a/g cards. However, it is proprietary driver that is
+not publicly available except for couple of exceptions, mainly
+Broadcom-based APs/wireless routers that use Linux. The driver
+binary can be downloaded, e.g., from Linksys support site
+(http://www.linksys.com/support/gpl.asp) for Linksys
+WRT54G. The GPL tarball includes cross-compiler and the needed
+header file, wlioctl.h, for compiling wpa_supplicant. This
+driver support in wpa_supplicant is expected to work also with
+other devices based on Broadcom driver (assuming the driver
+includes client mode support).
+.TP
+\fB Intel ipw2100 driver\fR
+(http://sourceforge.net/projects/ipw2100/)
+.TP
+\fBIntel ipw2200 driver\fR
+(http://sourceforge.net/projects/ipw2200/)
+.TP
+\fBLinux wireless extensions\fR
+In theory, any driver that supports Linux wireless
+extensions can be used with IEEE 802.1X (i.e., not WPA) when
+using ap_scan=0 option in configuration file.
+.TP
+\fBWired Ethernet drivers\fR
+Use ap_scan=0.
+.TP
+\fBBSD net80211 layer (e.g., Atheros driver)\fR
+At the moment, this is for FreeBSD 6-CURRENT branch.
+.TP
+\fBWindows NDIS\fR
+The current Windows port requires WinPcap
+(http://winpcap.polito.it/). See README-Windows.txt for more
+information.
+.PP
+wpa_supplicant was designed to be portable for different
+drivers and operating systems. Hopefully, support for more wlan
+cards and OSes will be added in the future. See developer.txt for
+more information about the design of wpa_supplicant and porting to
+other drivers. One main goal is to add full WPA/WPA2 support to
+Linux wireless extensions to allow new drivers to be supported
+without having to implement new driver-specific interface code in
+wpa_supplicant.
+.SH "ARCHITECTURE"
+.PP
+The
+\fBwpa_supplicant\fR system consists of the following
+components:
+.TP
+\fB\fIwpa_supplicant.conf\fB \fR
+the configuration file describing all networks that the
+user wants the computer to connect to.
+.TP
+\fBwpa_supplicant\fR
+the program that directly interacts with the
+network interface.
+.TP
+\fBwpa_cli\fR
+the
+client program that provides a high-level interface to the
+functionality of the daemon.
+.TP
+\fBwpa_passphrase\fR
+a utility needed to construct
+\fIwpa_supplicant.conf\fR files that include
+encrypted passwords.
+.SH "QUICK START"
+.PP
+First, make a configuration file, e.g.
+\fI/etc/wpa_supplicant.conf\fR, that describes the networks
+you are interested in. See \fBwpa_supplicant.conf\fR(5)
+for details.
+.PP
+Once the configuration is ready, you can test whether the
+configuration works by running \fBwpa_supplicant\fR
+with following command to start it on foreground with debugging
+enabled:
+.sp
+.RS
+
+.nf
+wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d
+
+.fi
+.RE
+.PP
+Assuming everything goes fine, you can start using following
+command to start \fBwpa_supplicant\fR on background
+without debugging:
+.sp
+.RS
+
+.nf
+wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B
+
+.fi
+.RE
+.PP
+Please note that if you included more than one driver
+interface in the build time configuration (.config), you may need
+to specify which interface to use by including -D<driver
+name> option on the command line.
+.SH "INTERFACE TO PCMCIA-CS/CARDMRG"
+.PP
+For example, following small changes to pcmcia-cs scripts
+can be used to enable WPA support:
+.PP
+Add MODE="Managed" and WPA="y" to the network scheme in
+\fI/etc/pcmcia/wireless.opts\fR\&.
+.PP
+Add the following block to the end of \fBstart\fR
+action handler in \fI/etc/pcmcia/wireless\fR:
+.sp
+.RS
+
+.nf
+if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
+ /usr/local/bin/wpa_supplicant -B -c/etc/wpa_supplicant.conf -i$DEVICE
+fi
+
+.fi
+.RE
+.PP
+Add the following block to the end of \fBstop\fR
+action handler (may need to be separated from other actions) in
+\fI/etc/pcmcia/wireless\fR:
+.sp
+.RS
+
+.nf
+if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
+ killall wpa_supplicant
+fi
+
+.fi
+.RE
+.PP
+This will make \fBcardmgr\fR start
+\fBwpa_supplicant\fR when the card is plugged
+in.
+.SH "SEE ALSO"
+.PP
+\fBwpa_background\fR(8)
+\fBwpa_supplicant.conf\fR(5)
+\fBwpa_cli\fR(8)
+\fBwpa_passphrase\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5?rev=1456&op=file
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 (added)
+++ wpasupplicant/trunk/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 Fri Jan 29 13:29:50 2010
@@ -1,0 +1,225 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_SUPPLICANT.CONF" "5" "12 January 2010" "" ""
+
+.SH NAME
+wpa_supplicant.conf \- configuration file for wpa_supplicant
+.SH "OVERVIEW"
+.PP
+\fBwpa_supplicant\fR is configured using a text
+file that lists all accepted networks and security policies,
+including pre-shared keys. See the example configuration file,
+probably in \fB/usr/share/doc/wpa_supplicant/\fR, for
+detailed information about the configuration format and supported
+fields.
+.PP
+All file paths in this configuration file should use full
+(absolute, not relative to working directory) path in order to allow
+working directory to be changed. This can happen if wpa_supplicant is
+run in the background.
+.PP
+Changes to configuration file can be reloaded be sending
+SIGHUP signal to \fBwpa_supplicant\fR ('killall -HUP
+wpa_supplicant'). Similarly, reloading can be triggered with
+the \fBwpa_cli reconfigure\fR command.
+.PP
+Configuration file can include one or more network blocks,
+e.g., one for each used SSID. wpa_supplicant will automatically
+select the best network based on the order of network blocks in
+the configuration file, network security level (WPA/WPA2 is
+preferred), and signal strength.
+.SH "QUICK EXAMPLES"
+.TP 3
+1.
+WPA-Personal (PSK) as home network and WPA-Enterprise with
+EAP-TLS as work network.
+.sp
+.RS
+
+.nf
+# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+#
+# home network; allow all valid ciphers
+network={
+ ssid="home"
+ scan_ssid=1
+ key_mgmt=WPA-PSK
+ psk="very secret passphrase"
+}
+#
+# work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers
+network={
+ ssid="work"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ pairwise=CCMP TKIP
+ group=CCMP TKIP
+ eap=TLS
+ identity="user at example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+}
+.fi
+.RE
+.TP 3
+2.
+WPA-RADIUS/EAP-PEAP/MSCHAPv2 with RADIUS servers that
+use old peaplabel (e.g., Funk Odyssey and SBR, Meetinghouse
+Aegis, Interlink RAD-Series)
+.sp
+.RS
+
+.nf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=PEAP
+ identity="user at example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase1="peaplabel=0"
+ phase2="auth=MSCHAPV2"
+}
+.fi
+.RE
+.TP 3
+3.
+EAP-TTLS/EAP-MD5-Challenge configuration with anonymous
+identity for the unencrypted use. Real identity is sent only
+within an encrypted TLS tunnel.
+.sp
+.RS
+
+.nf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="user at example.com"
+ anonymous_identity="anonymous at example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase2="auth=MD5"
+}
+.fi
+.RE
+.TP 3
+4.
+IEEE 802.1X (i.e., no WPA) with dynamic WEP keys
+(require both unicast and broadcast); use EAP-TLS for
+authentication
+.sp
+.RS
+
+.nf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+network={
+ ssid="1x-test"
+ scan_ssid=1
+ key_mgmt=IEEE8021X
+ eap=TLS
+ identity="user at example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ eapol_flags=3
+}
+.fi
+.RE
+.TP 3
+5.
+Catch all example that allows more or less all
+configuration modes. The configuration options are used based
+on what security policy is used in the selected SSID. This is
+mostly for testing and is not recommended for normal
+use.
+.sp
+.RS
+
+.nf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
+ pairwise=CCMP TKIP
+ group=CCMP TKIP WEP104 WEP40
+ psk="very secret passphrase"
+ eap=TTLS PEAP TLS
+ identity="user at example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ phase1="peaplabel=0"
+ ca_cert2="/etc/cert/ca2.pem"
+ client_cert2="/etc/cer/user.pem"
+ private_key2="/etc/cer/user.prv"
+ private_key2_passwd="password"
+}
+.fi
+.RE
+.TP 3
+6.
+Authentication for wired Ethernet. This can be used with
+\fBwired\fR or \fBroboswitch\fR interface
+(-Dwired or -Droboswitch on command line).
+.sp
+.RS
+
+.nf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+ap_scan=0
+network={
+ key_mgmt=IEEE8021X
+ eap=MD5
+ identity="user"
+ password="password"
+ eapol_flags=0
+}
+.fi
+.RE
+.SH "CERTIFICATES"
+.PP
+Some EAP authentication methods require use of
+certificates. EAP-TLS uses both server side and client
+certificates whereas EAP-PEAP and EAP-TTLS only require the server
+side certificate. When client certificate is used, a matching
+private key file has to also be included in configuration. If the
+private key uses a passphrase, this has to be configured in
+wpa_supplicant.conf ("private_key_passwd").
+.PP
+wpa_supplicant supports X.509 certificates in PEM and DER
+formats. User certificate and private key can be included in the
+same file.
+.PP
+If the user certificate and private key is received in
+PKCS#12/PFX format, they need to be converted to suitable PEM/DER
+format for wpa_supplicant. This can be done, e.g., with following
+commands:
+.sp
+.RS
+
+.nf
+# convert client certificate and private key to PEM format
+openssl pkcs12 -in example.pfx -out user.pem -clcerts
+# convert CA certificate (if included in PFX file) to PEM format
+openssl pkcs12 -in example.pfx -out ca.pem -cacerts -nokeys
+.fi
+.RE
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant\fR(8)
+\fBopenssl\fR(1)
Modified: wpasupplicant/trunk/wpa_supplicant/doc/porting.doxygen
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/doc/porting.doxygen?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/doc/porting.doxygen (original)
+++ wpasupplicant/trunk/wpa_supplicant/doc/porting.doxygen Fri Jan 29 13:29:50 2010
@@ -5,9 +5,9 @@
hardware (board, CPU) and software (OS, drivers) targets. It is
already used with number of operating systems and numerous wireless
card models and drivers. The main %wpa_supplicant repository includes
-support for Linux, FreeBSD, and Windows. In addition, at least VxWorks,
-PalmOS, Windows CE, and Windows Mobile are supported in separate
-repositories. On the hardware
+support for Linux, FreeBSD, and Windows. In addition, the code has been
+ported to number of other operating systems like VxWorks, PalmOS,
+Windows CE, and Windows Mobile. On the hardware
side, %wpa_supplicant is used on various systems: desktops, laptops,
PDAs, and embedded devices with CPUs including x86, PowerPC,
arm/xscale, and MIPS. Both big and little endian configurations are
Modified: wpasupplicant/trunk/wpa_supplicant/events.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/events.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/events.c (original)
+++ wpasupplicant/trunk/wpa_supplicant/events.c Fri Jan 29 13:29:50 2010
@@ -415,6 +415,11 @@
continue;
}
+ if (ssid_len == 0) {
+ wpa_printf(MSG_DEBUG, " skip - SSID not known");
+ continue;
+ }
+
if (wpa_ie_len == 0 && rsn_ie_len == 0) {
wpa_printf(MSG_DEBUG, " skip - no WPA/RSN IE");
continue;
@@ -502,6 +507,11 @@
e = wpa_blacklist_get(wpa_s, bss->bssid);
if (e && e->count > 1) {
wpa_printf(MSG_DEBUG, " skip - blacklisted");
+ continue;
+ }
+
+ if (ssid_len == 0) {
+ wpa_printf(MSG_DEBUG, " skip - SSID not known");
continue;
}
@@ -541,7 +551,7 @@
"BSSID mismatch");
continue;
}
-
+
if (!(ssid->key_mgmt & WPA_KEY_MGMT_NONE) &&
!(ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
!(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA))
@@ -551,7 +561,7 @@
continue;
}
- if ((ssid->key_mgmt &
+ if ((ssid->key_mgmt &
(WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK |
WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_FT_PSK |
WPA_KEY_MGMT_IEEE8021X_SHA256 |
@@ -612,6 +622,8 @@
int prio, timeout;
struct wpa_scan_res *selected = NULL;
struct wpa_ssid *ssid = NULL;
+
+ wpa_supplicant_notify_scanning(wpa_s, 0);
if (wpa_supplicant_get_scan_results(wpa_s) < 0) {
if (wpa_s->conf->ap_scan == 2)
@@ -631,14 +643,19 @@
wpa_msg(wpa_s, MSG_DEBUG, "Cached scan results are "
"empty - not posting");
} else {
- wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
+ wpa_printf(MSG_DEBUG, "New scan results available");
+ wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
wpa_supplicant_dbus_notify_scan_results(wpa_s);
wpas_wps_notify_scan_results(wpa_s);
}
- if ((wpa_s->conf->ap_scan == 2 && !wpas_wps_searching(wpa_s)) ||
- wpa_s->disconnected)
+ if ((wpa_s->conf->ap_scan == 2 && !wpas_wps_searching(wpa_s)))
return;
+
+ if (wpa_s->disconnected) {
+ wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
+ return;
+ }
while (selected == NULL) {
for (prio = 0; prio < wpa_s->conf->num_prio; prio++) {
@@ -701,6 +718,14 @@
*/
wpa_s->scan_res_tried++;
timeout = 0;
+ } else if (!wpa_supplicant_enabled_networks(wpa_s->conf)) {
+ /*
+ * No networks are enabled; short-circuit request so
+ * we don't wait timeout seconds before transitioning
+ * to INACTIVE state.
+ */
+ wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
+ return;
}
wpa_supplicant_req_scan(wpa_s, timeout, 0);
}
@@ -868,6 +893,25 @@
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
+ }
+
+ if (wpa_s->pending_eapol_rx) {
+ struct os_time now, age;
+ os_get_time(&now);
+ os_time_sub(&now, &wpa_s->pending_eapol_rx_time, &age);
+ if (age.sec == 0 && age.usec < 100000 &&
+ os_memcmp(wpa_s->pending_eapol_rx_src, bssid, ETH_ALEN) ==
+ 0) {
+ wpa_printf(MSG_DEBUG, "Process pending EAPOL frame "
+ "that was received just before association "
+ "notification");
+ wpa_supplicant_rx_eapol(
+ wpa_s, wpa_s->pending_eapol_rx_src,
+ wpabuf_head(wpa_s->pending_eapol_rx),
+ wpabuf_len(wpa_s->pending_eapol_rx));
+ }
+ wpabuf_free(wpa_s->pending_eapol_rx);
+ wpa_s->pending_eapol_rx = NULL;
}
}
Modified: wpasupplicant/trunk/wpa_supplicant/mlme.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/mlme.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/mlme.c (original)
+++ wpasupplicant/trunk/wpa_supplicant/mlme.c Fri Jan 29 13:29:50 2010
@@ -459,9 +459,9 @@
*pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
*pos++ = 0x50;
*pos++ = 0xf2;
- *pos++ = 2; /* WME */
- *pos++ = 0; /* WME info */
- *pos++ = 1; /* WME ver */
+ *pos++ = 2; /* WMM */
+ *pos++ = 0; /* WMM info */
+ *pos++ = 1; /* WMM ver */
*pos++ = 0;
}
@@ -1175,9 +1175,9 @@
#if 0 /* FIX? */
sta->assoc_ap = 1;
- if (elems.wme && wpa_s->mlme.wmm_enabled) {
- sta->flags |= WLAN_STA_WME;
- ieee80211_sta_wmm_params(wpa_s, elems.wme, elems.wme_len);
+ if (elems.wmm && wpa_s->mlme.wmm_enabled) {
+ sta->flags |= WLAN_STA_WMM;
+ ieee80211_sta_wmm_params(wpa_s, elems.wmm, elems.wmm_len);
}
#endif
@@ -1488,18 +1488,18 @@
bss->rsn_ie_len = 0;
}
- if (elems.wme &&
- (bss->wmm_ie == NULL || bss->wmm_ie_len != elems.wme_len ||
- os_memcmp(bss->wmm_ie, elems.wme, elems.wme_len))) {
+ if (elems.wmm &&
+ (bss->wmm_ie == NULL || bss->wmm_ie_len != elems.wmm_len ||
+ os_memcmp(bss->wmm_ie, elems.wmm, elems.wmm_len))) {
os_free(bss->wmm_ie);
- bss->wmm_ie = os_malloc(elems.wme_len + 2);
+ bss->wmm_ie = os_malloc(elems.wmm_len + 2);
if (bss->wmm_ie) {
- os_memcpy(bss->wmm_ie, elems.wme - 2,
- elems.wme_len + 2);
- bss->wmm_ie_len = elems.wme_len + 2;
+ os_memcpy(bss->wmm_ie, elems.wmm - 2,
+ elems.wmm_len + 2);
+ bss->wmm_ie_len = elems.wmm_len + 2;
} else
bss->wmm_ie_len = 0;
- } else if (!elems.wme && bss->wmm_ie) {
+ } else if (!elems.wmm && bss->wmm_ie) {
os_free(bss->wmm_ie);
bss->wmm_ie = NULL;
bss->wmm_ie_len = 0;
@@ -1595,9 +1595,9 @@
wpa_s->mlme.cts_protect_erp_frames = use_protection;
}
- if (elems.wme && wpa_s->mlme.wmm_enabled) {
- ieee80211_sta_wmm_params(wpa_s, elems.wme,
- elems.wme_len);
+ if (elems.wmm && wpa_s->mlme.wmm_enabled) {
+ ieee80211_sta_wmm_params(wpa_s, elems.wmm,
+ elems.wmm_len);
}
}
@@ -1709,7 +1709,6 @@
wpa_printf(MSG_DEBUG, "MLME: Foreign STA Address " MACSTR
" in FT Action Response", MAC2STR(sta_addr));
return;
-
}
if (status) {
Modified: wpasupplicant/trunk/wpa_supplicant/scan.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/scan.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/scan.c (original)
+++ wpasupplicant/trunk/wpa_supplicant/scan.c Fri Jan 29 13:29:50 2010
@@ -20,6 +20,7 @@
#include "wpa_supplicant_i.h"
#include "mlme.h"
#include "wps_supplicant.h"
+#include "ctrl_iface_dbus.h"
static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s)
@@ -65,11 +66,24 @@
}
#endif /* CONFIG_WPS */
+
+int wpa_supplicant_enabled_networks(struct wpa_config *conf)
+{
+ struct wpa_ssid *ssid = conf->ssid;
+ while (ssid) {
+ if (!ssid->disabled)
+ return 1;
+ ssid = ssid->next;
+ }
+ return 0;
+}
+
+
static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
{
struct wpa_supplicant *wpa_s = eloop_ctx;
struct wpa_ssid *ssid;
- int enabled, scan_req = 0, ret;
+ int scan_req = 0, ret;
struct wpabuf *wps_ie = NULL;
const u8 *extra_ie = NULL;
size_t extra_ie_len = 0;
@@ -78,19 +92,13 @@
enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO;
#endif /* CONFIG_WPS */
- if (wpa_s->disconnected && !wpa_s->scan_req)
- return;
-
- enabled = 0;
- ssid = wpa_s->conf->ssid;
- while (ssid) {
- if (!ssid->disabled) {
- enabled++;
- break;
- }
- ssid = ssid->next;
- }
- if (!enabled && !wpa_s->scan_req) {
+ if (wpa_s->disconnected && !wpa_s->scan_req) {
+ wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
+ return;
+ }
+
+ if (!wpa_supplicant_enabled_networks(wpa_s->conf) &&
+ !wpa_s->scan_req) {
wpa_printf(MSG_DEBUG, "No enabled networks - do not scan");
wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
return;
@@ -189,6 +197,8 @@
}
#endif /* CONFIG_WPS */
+ wpa_supplicant_notify_scanning(wpa_s, 1);
+
if (wpa_s->use_client_mlme) {
ieee80211_sta_set_probe_req_ie(wpa_s, extra_ie, extra_ie_len);
ret = ieee80211_sta_req_scan(wpa_s, ssid ? ssid->ssid : NULL,
@@ -203,6 +213,7 @@
if (ret) {
wpa_printf(MSG_WARNING, "Failed to initiate AP scan.");
+ wpa_supplicant_notify_scanning(wpa_s, 0);
wpa_supplicant_req_scan(wpa_s, 10, 0);
} else
wpa_s->scan_runs++;
@@ -261,3 +272,14 @@
wpa_msg(wpa_s, MSG_DEBUG, "Cancelling scan request");
eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
}
+
+
+void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s,
+ int scanning)
+{
+ if (wpa_s->scanning != scanning) {
+ wpa_s->scanning = scanning;
+ wpa_supplicant_dbus_notify_scanning(wpa_s);
+ }
+}
+
Modified: wpasupplicant/trunk/wpa_supplicant/wpa_gui-qt4/main.cpp
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/wpa_gui-qt4/main.cpp?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/wpa_gui-qt4/main.cpp (original)
+++ wpasupplicant/trunk/wpa_supplicant/wpa_gui-qt4/main.cpp Fri Jan 29 13:29:50 2010
@@ -24,7 +24,9 @@
public:
WpaGuiApp(int &argc, char **argv);
+#ifndef QT_NO_SESSIONMANAGER
virtual void saveState(QSessionManager &manager);
+#endif
WpaGui *w;
};
@@ -33,11 +35,13 @@
{
}
+#ifndef QT_NO_SESSIONMANAGER
void WpaGuiApp::saveState(QSessionManager &manager)
{
QApplication::saveState(manager);
w->saveState();
}
+#endif
int main(int argc, char *argv[])
Modified: wpasupplicant/trunk/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/wpa_gui-qt4/wpagui.cpp?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/wpa_gui-qt4/wpagui.cpp (original)
+++ wpasupplicant/trunk/wpa_supplicant/wpa_gui-qt4/wpagui.cpp Fri Jan 29 13:29:50 2010
@@ -145,6 +145,7 @@
parse_argv();
+#ifndef QT_NO_SESSIONMANAGER
if (app->isSessionRestored()) {
QSettings settings("wpa_supplicant", "wpa_gui");
settings.beginGroup("state");
@@ -153,6 +154,7 @@
startInTray = settings.value("in_tray").toBool();
settings.endGroup();
}
+#endif
if (QSystemTrayIcon::isSystemTrayAvailable())
createTrayIcon(startInTray);
@@ -857,7 +859,9 @@
"Wi-Fi Protected Setup (WPS) AP\n"
"in active PBC mode found.");
wpsStatusText->setText("WPS AP in active PBC mode found");
- wpaguiTab->setCurrentWidget(wpsTab);
+ if (textStatus->text() == "INACTIVE" ||
+ textStatus->text() == "DISCONNECTED")
+ wpaguiTab->setCurrentWidget(wpsTab);
wpsInstructions->setText("Press the PBC button on the screen "
"to start registration");
} else if (str_match(pos, WPS_EVENT_AP_AVAILABLE_PIN)) {
@@ -866,13 +870,14 @@
" in active PIN mode found.");
wpsStatusText->setText("WPS AP with recently selected "
"registrar");
- wpaguiTab->setCurrentWidget(wpsTab);
+ if (textStatus->text() == "INACTIVE" ||
+ textStatus->text() == "DISCONNECTED")
+ wpaguiTab->setCurrentWidget(wpsTab);
} else if (str_match(pos, WPS_EVENT_AP_AVAILABLE)) {
showTrayMessage(QSystemTrayIcon::Information, 3,
"Wi-Fi Protected Setup (WPS)\n"
"AP detected.");
wpsStatusText->setText("WPS AP detected");
- wpaguiTab->setCurrentWidget(wpsTab);
} else if (str_match(pos, WPS_EVENT_OVERLAP)) {
showTrayMessage(QSystemTrayIcon::Information, 3,
"Wi-Fi Protected Setup (WPS)\n"
@@ -1689,6 +1694,7 @@
}
+#ifndef QT_NO_SESSIONMANAGER
void WpaGui::saveState()
{
QSettings settings("wpa_supplicant", "wpa_gui");
@@ -1697,3 +1703,4 @@
settings.setValue("in_tray", inTray);
settings.endGroup();
}
+#endif
Modified: wpasupplicant/trunk/wpa_supplicant/wpa_gui-qt4/wpagui.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/wpa_gui-qt4/wpagui.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/wpa_gui-qt4/wpagui.h (original)
+++ wpasupplicant/trunk/wpa_supplicant/wpa_gui-qt4/wpagui.h Fri Jan 29 13:29:50 2010
@@ -40,7 +40,9 @@
virtual void disableNetwork(const QString &sel);
virtual int getNetworkDisabled(const QString &sel);
void setBssFromScan(const QString &bssid);
+#ifndef QT_NO_SESSIONMANAGER
void saveState();
+#endif
public slots:
virtual void parse_argv();
Modified: wpasupplicant/trunk/wpa_supplicant/wpa_priv.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/wpa_priv.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/wpa_priv.c (original)
+++ wpasupplicant/trunk/wpa_supplicant/wpa_priv.c Fri Jan 29 13:29:50 2010
@@ -172,12 +172,12 @@
sizeof(*from));
os_free(buf);
- os_free(res);
+ wpa_scan_results_free(res);
return;
fail:
os_free(buf);
- os_free(res);
+ wpa_scan_results_free(res);
sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, sizeof(*from));
}
Modified: wpasupplicant/trunk/wpa_supplicant/wpa_supplicant.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/wpa_supplicant.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/wpa_supplicant.c (original)
+++ wpasupplicant/trunk/wpa_supplicant/wpa_supplicant.c Fri Jan 29 13:29:50 2010
@@ -385,6 +385,9 @@
ieee80211_sta_deinit(wpa_s);
wpas_wps_deinit(wpa_s);
+
+ wpabuf_free(wpa_s->pending_eapol_rx);
+ wpa_s->pending_eapol_rx = NULL;
}
@@ -418,6 +421,10 @@
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
+#ifdef CONFIG_IEEE80211W
+ wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 4, 0, NULL, 0, NULL, 0);
+ wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 5, 0, NULL, 0, NULL, 0);
+#endif /* CONFIG_IEEE80211W */
if (addr) {
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
0);
@@ -474,6 +481,9 @@
wpa_printf(MSG_DEBUG, "State: %s -> %s",
wpa_supplicant_state_txt(wpa_s->wpa_state),
wpa_supplicant_state_txt(state));
+
+ if (state != WPA_SCANNING)
+ wpa_supplicant_notify_scanning(wpa_s, 0);
wpa_supplicant_dbus_notify_state_change(wpa_s, state,
wpa_s->wpa_state);
@@ -1226,7 +1236,6 @@
int reason_code)
{
u8 *addr = NULL;
- wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
if (!is_zero_ether_addr(wpa_s->bssid)) {
if (wpa_s->use_client_mlme)
ieee80211_sta_deauthenticate(wpa_s, reason_code);
@@ -1236,11 +1245,10 @@
addr = wpa_s->bssid;
}
wpa_clear_keys(wpa_s, addr);
+ wpa_supplicant_mark_disassoc(wpa_s);
wpa_s->current_ssid = NULL;
wpa_sm_set_config(wpa_s->wpa, NULL);
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
- eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
- eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
}
@@ -1471,12 +1479,14 @@
if (name == NULL) {
/* default to first driver in the list */
wpa_s->driver = wpa_supplicant_drivers[0];
+ wpa_s->global_drv_priv = wpa_s->global->drv_priv[0];
return 0;
}
for (i = 0; wpa_supplicant_drivers[i]; i++) {
if (os_strcmp(name, wpa_supplicant_drivers[i]->name) == 0) {
wpa_s->driver = wpa_supplicant_drivers[i];
+ wpa_s->global_drv_priv = wpa_s->global->drv_priv[i];
return 0;
}
}
@@ -1493,6 +1503,27 @@
wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
+
+ if (wpa_s->wpa_state < WPA_ASSOCIATED) {
+ /*
+ * There is possible race condition between receiving the
+ * association event and the EAPOL frame since they are coming
+ * through different paths from the driver. In order to avoid
+ * issues in trying to process the EAPOL frame before receiving
+ * association information, lets queue it for processing until
+ * the association event is received.
+ */
+ wpa_printf(MSG_DEBUG, "Not associated - Delay processing of "
+ "received EAPOL frame");
+ wpabuf_free(wpa_s->pending_eapol_rx);
+ wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
+ if (wpa_s->pending_eapol_rx) {
+ os_get_time(&wpa_s->pending_eapol_rx_time);
+ os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
+ ETH_ALEN);
+ }
+ return;
+ }
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
@@ -1915,6 +1946,8 @@
if (wpa_s == NULL)
return NULL;
+ wpa_s->global = global;
+
if (wpa_supplicant_init_iface(wpa_s, iface) ||
wpa_supplicant_init_iface2(wpa_s)) {
wpa_printf(MSG_DEBUG, "Failed to add interface %s",
@@ -1924,15 +1957,13 @@
return NULL;
}
- wpa_s->global = global;
-
/* Register the interface with the dbus control interface */
if (wpas_dbus_register_iface(wpa_s)) {
wpa_supplicant_deinit_iface(wpa_s);
os_free(wpa_s);
return NULL;
}
-
+
wpa_s->next = global->ifaces;
global->ifaces = wpa_s;
Modified: wpasupplicant/trunk/wpa_supplicant/wpa_supplicant_i.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/wpa_supplicant_i.h?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/wpa_supplicant_i.h (original)
+++ wpasupplicant/trunk/wpa_supplicant/wpa_supplicant_i.h Fri Jan 29 13:29:50 2010
@@ -305,6 +305,7 @@
int mgmt_group_cipher;
void *drv_priv; /* private data used by driver_ops */
+ void *global_drv_priv;
struct wpa_ssid *prev_scan_ssid; /* previously scanned SSID;
* NULL = not yet initialized (start
@@ -325,6 +326,7 @@
struct ctrl_iface_priv *ctrl_iface;
wpa_states wpa_state;
+ int scanning;
int new_connection;
int reassociated_connection;
@@ -358,6 +360,10 @@
struct wps_context *wps;
int wps_success; /* WPS success event received */
int blacklist_cleared;
+
+ struct wpabuf *pending_eapol_rx;
+ struct os_time pending_eapol_rx_time;
+ u8 pending_eapol_rx_src[ETH_ALEN];
};
@@ -404,8 +410,11 @@
struct wpa_ssid *ssid);
/* scan.c */
+int wpa_supplicant_enabled_networks(struct wpa_config *conf);
void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec);
void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s);
+void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s,
+ int scanning);
/* events.c */
void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s);
@@ -415,7 +424,8 @@
const char *ifname)
{
if (wpa_s->driver->init2)
- return wpa_s->driver->init2(wpa_s, ifname, wpa_s->global);
+ return wpa_s->driver->init2(wpa_s, ifname,
+ wpa_s->global_drv_priv);
if (wpa_s->driver->init) {
return wpa_s->driver->init(wpa_s, ifname);
}
Modified: wpasupplicant/trunk/wpa_supplicant/wpas_glue.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/wpas_glue.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/wpas_glue.c (original)
+++ wpasupplicant/trunk/wpa_supplicant/wpas_glue.c Fri Jan 29 13:29:50 2010
@@ -402,7 +402,7 @@
{
wpa_supplicant_disassociate(wpa_s, reason_code);
/* Schedule a scan to make sure we continue looking for networks */
- wpa_supplicant_req_scan(wpa_s, 0, 0);
+ wpa_supplicant_req_scan(wpa_s, 5, 0);
}
@@ -410,7 +410,7 @@
{
wpa_supplicant_deauthenticate(wpa_s, reason_code);
/* Schedule a scan to make sure we continue looking for networks */
- wpa_supplicant_req_scan(wpa_s, 0, 0);
+ wpa_supplicant_req_scan(wpa_s, 5, 0);
}
Modified: wpasupplicant/trunk/wpa_supplicant/wps_supplicant.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/wps_supplicant.c?rev=1456&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/wps_supplicant.c (original)
+++ wpasupplicant/trunk/wpa_supplicant/wps_supplicant.c Fri Jan 29 13:29:50 2010
@@ -29,6 +29,7 @@
#include "wpa.h"
#include "wps_supplicant.h"
+
#define WPS_PIN_SCAN_IGNORE_SEL_REG 3
static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx);
@@ -186,6 +187,7 @@
struct wpa_supplicant *wpa_s = ctx;
struct wpa_ssid *ssid = wpa_s->current_ssid;
u8 key_idx = 0;
+ u16 auth_type;
if ((wpa_s->conf->wps_cred_processing == 1 ||
wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
@@ -208,13 +210,30 @@
if (wpa_s->conf->wps_cred_processing == 1)
return 0;
- if (cred->auth_type != WPS_AUTH_OPEN &&
- cred->auth_type != WPS_AUTH_SHARED &&
- cred->auth_type != WPS_AUTH_WPAPSK &&
- cred->auth_type != WPS_AUTH_WPA2PSK) {
+ wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len);
+ wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
+ cred->auth_type);
+ wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
+ wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
+ wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
+ cred->key, cred->key_len);
+ wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
+ MAC2STR(cred->mac_addr));
+
+ auth_type = cred->auth_type;
+ if (auth_type == (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) {
+ wpa_printf(MSG_DEBUG, "WPS: Workaround - convert mixed-mode "
+ "auth_type into WPA2PSK");
+ auth_type = WPS_AUTH_WPA2PSK;
+ }
+
+ if (auth_type != WPS_AUTH_OPEN &&
+ auth_type != WPS_AUTH_SHARED &&
+ auth_type != WPS_AUTH_WPAPSK &&
+ auth_type != WPS_AUTH_WPA2PSK) {
wpa_printf(MSG_DEBUG, "WPS: Ignored credentials for "
- "unsupported authentication type %d",
- cred->auth_type);
+ "unsupported authentication type 0x%x",
+ auth_type);
return 0;
}
@@ -288,7 +307,7 @@
break;
}
- switch (cred->auth_type) {
+ switch (auth_type) {
case WPS_AUTH_OPEN:
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
ssid->key_mgmt = WPA_KEY_MGMT_NONE;
@@ -400,6 +419,10 @@
break;
case WPS_EV_PWD_AUTH_FAIL:
break;
+ case WPS_EV_PBC_OVERLAP:
+ break;
+ case WPS_EV_PBC_TIMEOUT:
+ break;
}
}
@@ -466,7 +489,7 @@
if (bssid) {
size_t i;
- struct wpa_scan_res *res;
+ int count = 0;
os_memcpy(ssid->bssid, bssid, ETH_ALEN);
ssid->bssid_set = 1;
@@ -478,6 +501,7 @@
for (i = 0; i < wpa_s->scan_res->num; i++) {
const u8 *ie;
+ struct wpa_scan_res *res;
res = wpa_s->scan_res->res[i];
if (os_memcmp(bssid, res->bssid, ETH_ALEN) != 0)
@@ -492,7 +516,18 @@
break;
os_memcpy(ssid->ssid, ie + 2, ie[1]);
ssid->ssid_len = ie[1];
- break;
+ wpa_hexdump_ascii(MSG_DEBUG, "WPS: Picked SSID from "
+ "scan results",
+ ssid->ssid, ssid->ssid_len);
+ count++;
+ }
+
+ if (count > 1) {
+ wpa_printf(MSG_DEBUG, "WPS: More than one SSID found "
+ "for the AP; use wildcard");
+ os_free(ssid->ssid);
+ ssid->ssid = NULL;
+ ssid->ssid_len = 0;
}
}
More information about the Pkg-wpa-devel
mailing list