Date: Wed, 14 Oct 2015 04:30:18 +0000 (UTC) From: Rui Paulo <rpaulo@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r289284 - in vendor/wpa/dist: hostapd hs20/client patches src src/ap src/common src/crypto src/drivers src/eap_common src/eap_peer src/eap_server src/eapol_auth src/eapol_supp src/fst s... Message-ID: <201510140430.t9E4UINX000738@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rpaulo Date: Wed Oct 14 04:30:17 2015 New Revision: 289284 URL: https://svnweb.freebsd.org/changeset/base/289284 Log: Import wpa_supplicant/hostapd 2.5. Major changes: bunch of CVEs fixed, tab completion for wpa_cli and misc bug fixes. Added: vendor/wpa/dist/patches/openssl-0.9.8zf-tls-extensions.patch vendor/wpa/dist/src/crypto/sha384-prf.c (contents, props changed) vendor/wpa/dist/src/fst/ vendor/wpa/dist/src/fst/Makefile (contents, props changed) vendor/wpa/dist/src/fst/fst.c (contents, props changed) vendor/wpa/dist/src/fst/fst.h (contents, props changed) vendor/wpa/dist/src/fst/fst_ctrl_aux.c (contents, props changed) vendor/wpa/dist/src/fst/fst_ctrl_aux.h (contents, props changed) vendor/wpa/dist/src/fst/fst_ctrl_defs.h (contents, props changed) vendor/wpa/dist/src/fst/fst_ctrl_iface.c (contents, props changed) vendor/wpa/dist/src/fst/fst_ctrl_iface.h (contents, props changed) vendor/wpa/dist/src/fst/fst_defs.h (contents, props changed) vendor/wpa/dist/src/fst/fst_group.c (contents, props changed) vendor/wpa/dist/src/fst/fst_group.h (contents, props changed) vendor/wpa/dist/src/fst/fst_iface.c (contents, props changed) vendor/wpa/dist/src/fst/fst_iface.h (contents, props changed) vendor/wpa/dist/src/fst/fst_internal.h (contents, props changed) vendor/wpa/dist/src/fst/fst_session.c (contents, props changed) vendor/wpa/dist/src/fst/fst_session.h (contents, props changed) vendor/wpa/dist/wpa_supplicant/eapol_test.py (contents, props changed) vendor/wpa/dist/wpa_supplicant/p2p_supplicant_sd.c (contents, props changed) Deleted: vendor/wpa/dist/src/crypto/crypto_cryptoapi.c vendor/wpa/dist/src/crypto/tls_schannel.c Modified: vendor/wpa/dist/hostapd/ChangeLog vendor/wpa/dist/hostapd/Makefile vendor/wpa/dist/hostapd/config_file.c vendor/wpa/dist/hostapd/config_file.h vendor/wpa/dist/hostapd/ctrl_iface.c vendor/wpa/dist/hostapd/defconfig vendor/wpa/dist/hostapd/hlr_auc_gw.c vendor/wpa/dist/hostapd/hlr_auc_gw.milenage_db vendor/wpa/dist/hostapd/hostapd.conf vendor/wpa/dist/hostapd/hostapd_cli.c vendor/wpa/dist/hostapd/main.c vendor/wpa/dist/hs20/client/Makefile vendor/wpa/dist/hs20/client/osu_client.c vendor/wpa/dist/hs20/client/spp_client.c vendor/wpa/dist/src/Makefile vendor/wpa/dist/src/ap/Makefile vendor/wpa/dist/src/ap/accounting.c vendor/wpa/dist/src/ap/acs.c vendor/wpa/dist/src/ap/ap_config.c vendor/wpa/dist/src/ap/ap_config.h vendor/wpa/dist/src/ap/ap_drv_ops.c vendor/wpa/dist/src/ap/ap_drv_ops.h vendor/wpa/dist/src/ap/ap_list.c vendor/wpa/dist/src/ap/ap_list.h vendor/wpa/dist/src/ap/authsrv.c vendor/wpa/dist/src/ap/beacon.c vendor/wpa/dist/src/ap/beacon.h vendor/wpa/dist/src/ap/ctrl_iface_ap.c vendor/wpa/dist/src/ap/dfs.c vendor/wpa/dist/src/ap/drv_callbacks.c vendor/wpa/dist/src/ap/eap_user_db.c vendor/wpa/dist/src/ap/hostapd.c vendor/wpa/dist/src/ap/hostapd.h vendor/wpa/dist/src/ap/hw_features.c vendor/wpa/dist/src/ap/hw_features.h vendor/wpa/dist/src/ap/ieee802_11.c vendor/wpa/dist/src/ap/ieee802_11.h vendor/wpa/dist/src/ap/ieee802_11_auth.c vendor/wpa/dist/src/ap/ieee802_11_auth.h vendor/wpa/dist/src/ap/ieee802_11_ht.c vendor/wpa/dist/src/ap/ieee802_11_vht.c vendor/wpa/dist/src/ap/ieee802_1x.c vendor/wpa/dist/src/ap/ieee802_1x.h vendor/wpa/dist/src/ap/ndisc_snoop.c vendor/wpa/dist/src/ap/sta_info.c vendor/wpa/dist/src/ap/sta_info.h vendor/wpa/dist/src/ap/utils.c vendor/wpa/dist/src/ap/vlan_init.c vendor/wpa/dist/src/ap/vlan_init.h vendor/wpa/dist/src/ap/vlan_util.c vendor/wpa/dist/src/ap/wmm.c vendor/wpa/dist/src/ap/wpa_auth.c vendor/wpa/dist/src/ap/wpa_auth.h vendor/wpa/dist/src/ap/wpa_auth_ft.c vendor/wpa/dist/src/ap/wpa_auth_glue.c vendor/wpa/dist/src/ap/wpa_auth_i.h vendor/wpa/dist/src/ap/wpa_auth_ie.c vendor/wpa/dist/src/ap/wps_hostapd.c vendor/wpa/dist/src/ap/x_snoop.c vendor/wpa/dist/src/common/Makefile vendor/wpa/dist/src/common/common_module_tests.c vendor/wpa/dist/src/common/defs.h vendor/wpa/dist/src/common/hw_features_common.c vendor/wpa/dist/src/common/hw_features_common.h vendor/wpa/dist/src/common/ieee802_11_common.c vendor/wpa/dist/src/common/ieee802_11_common.h vendor/wpa/dist/src/common/ieee802_11_defs.h vendor/wpa/dist/src/common/privsep_commands.h vendor/wpa/dist/src/common/qca-vendor.h vendor/wpa/dist/src/common/sae.c vendor/wpa/dist/src/common/sae.h vendor/wpa/dist/src/common/version.h vendor/wpa/dist/src/common/wpa_common.c vendor/wpa/dist/src/common/wpa_common.h vendor/wpa/dist/src/common/wpa_ctrl.c vendor/wpa/dist/src/common/wpa_ctrl.h vendor/wpa/dist/src/crypto/crypto.h vendor/wpa/dist/src/crypto/crypto_module_tests.c vendor/wpa/dist/src/crypto/crypto_openssl.c vendor/wpa/dist/src/crypto/dh_groups.c vendor/wpa/dist/src/crypto/fips_prf_openssl.c vendor/wpa/dist/src/crypto/ms_funcs.c vendor/wpa/dist/src/crypto/ms_funcs.h vendor/wpa/dist/src/crypto/random.c vendor/wpa/dist/src/crypto/sha1-tlsprf.c vendor/wpa/dist/src/crypto/sha1-tprf.c vendor/wpa/dist/src/crypto/sha256-kdf.c vendor/wpa/dist/src/crypto/sha384.h vendor/wpa/dist/src/crypto/tls.h vendor/wpa/dist/src/crypto/tls_gnutls.c vendor/wpa/dist/src/crypto/tls_internal.c vendor/wpa/dist/src/crypto/tls_none.c vendor/wpa/dist/src/crypto/tls_openssl.c vendor/wpa/dist/src/drivers/driver.h vendor/wpa/dist/src/drivers/driver_atheros.c vendor/wpa/dist/src/drivers/driver_bsd.c vendor/wpa/dist/src/drivers/driver_hostap.c vendor/wpa/dist/src/drivers/driver_hostap.h vendor/wpa/dist/src/drivers/driver_ndis.c vendor/wpa/dist/src/drivers/driver_nl80211.c vendor/wpa/dist/src/drivers/driver_nl80211.h vendor/wpa/dist/src/drivers/driver_nl80211_android.c vendor/wpa/dist/src/drivers/driver_nl80211_capa.c vendor/wpa/dist/src/drivers/driver_nl80211_event.c vendor/wpa/dist/src/drivers/driver_nl80211_scan.c vendor/wpa/dist/src/drivers/driver_privsep.c vendor/wpa/dist/src/drivers/driver_wext.c vendor/wpa/dist/src/drivers/drivers.c vendor/wpa/dist/src/drivers/drivers.mak vendor/wpa/dist/src/drivers/linux_ioctl.c vendor/wpa/dist/src/drivers/linux_ioctl.h vendor/wpa/dist/src/drivers/nl80211_copy.h vendor/wpa/dist/src/eap_common/Makefile vendor/wpa/dist/src/eap_common/eap_common.c vendor/wpa/dist/src/eap_common/eap_fast_common.c vendor/wpa/dist/src/eap_common/eap_pwd_common.c vendor/wpa/dist/src/eap_common/eap_pwd_common.h vendor/wpa/dist/src/eap_common/eap_sake_common.c vendor/wpa/dist/src/eap_common/ikev2_common.c vendor/wpa/dist/src/eap_peer/Makefile vendor/wpa/dist/src/eap_peer/eap.c vendor/wpa/dist/src/eap_peer/eap.h vendor/wpa/dist/src/eap_peer/eap_aka.c vendor/wpa/dist/src/eap_peer/eap_eke.c vendor/wpa/dist/src/eap_peer/eap_fast.c vendor/wpa/dist/src/eap_peer/eap_gpsk.c vendor/wpa/dist/src/eap_peer/eap_i.h vendor/wpa/dist/src/eap_peer/eap_mschapv2.c vendor/wpa/dist/src/eap_peer/eap_pax.c vendor/wpa/dist/src/eap_peer/eap_peap.c vendor/wpa/dist/src/eap_peer/eap_pwd.c vendor/wpa/dist/src/eap_peer/eap_sake.c vendor/wpa/dist/src/eap_peer/eap_sim.c vendor/wpa/dist/src/eap_peer/eap_tls.c vendor/wpa/dist/src/eap_peer/eap_tls_common.c vendor/wpa/dist/src/eap_peer/eap_tls_common.h vendor/wpa/dist/src/eap_peer/eap_ttls.c vendor/wpa/dist/src/eap_peer/eap_wsc.c vendor/wpa/dist/src/eap_server/Makefile vendor/wpa/dist/src/eap_server/eap.h vendor/wpa/dist/src/eap_server/eap_i.h vendor/wpa/dist/src/eap_server/eap_server.c vendor/wpa/dist/src/eap_server/eap_server_eke.c vendor/wpa/dist/src/eap_server/eap_server_fast.c vendor/wpa/dist/src/eap_server/eap_server_mschapv2.c vendor/wpa/dist/src/eap_server/eap_server_peap.c vendor/wpa/dist/src/eap_server/eap_server_pwd.c vendor/wpa/dist/src/eap_server/eap_server_tls.c vendor/wpa/dist/src/eap_server/eap_server_tls_common.c vendor/wpa/dist/src/eap_server/eap_server_ttls.c vendor/wpa/dist/src/eap_server/eap_tls_common.h vendor/wpa/dist/src/eapol_auth/Makefile vendor/wpa/dist/src/eapol_auth/eapol_auth_sm.c vendor/wpa/dist/src/eapol_auth/eapol_auth_sm.h vendor/wpa/dist/src/eapol_supp/Makefile vendor/wpa/dist/src/eapol_supp/eapol_supp_sm.c vendor/wpa/dist/src/l2_packet/Makefile vendor/wpa/dist/src/p2p/Makefile vendor/wpa/dist/src/p2p/p2p.c vendor/wpa/dist/src/p2p/p2p.h vendor/wpa/dist/src/p2p/p2p_build.c vendor/wpa/dist/src/p2p/p2p_dev_disc.c vendor/wpa/dist/src/p2p/p2p_go_neg.c vendor/wpa/dist/src/p2p/p2p_group.c vendor/wpa/dist/src/p2p/p2p_i.h vendor/wpa/dist/src/p2p/p2p_invitation.c vendor/wpa/dist/src/p2p/p2p_parse.c vendor/wpa/dist/src/p2p/p2p_pd.c vendor/wpa/dist/src/p2p/p2p_utils.c vendor/wpa/dist/src/radius/Makefile vendor/wpa/dist/src/radius/radius.c vendor/wpa/dist/src/radius/radius_das.c vendor/wpa/dist/src/radius/radius_server.c vendor/wpa/dist/src/radius/radius_server.h vendor/wpa/dist/src/rsn_supp/Makefile vendor/wpa/dist/src/rsn_supp/tdls.c vendor/wpa/dist/src/rsn_supp/wpa.c vendor/wpa/dist/src/rsn_supp/wpa_ft.c vendor/wpa/dist/src/rsn_supp/wpa_ie.c vendor/wpa/dist/src/rsn_supp/wpa_ie.h vendor/wpa/dist/src/tls/libtommath.c vendor/wpa/dist/src/tls/tlsv1_client.c vendor/wpa/dist/src/tls/tlsv1_client.h vendor/wpa/dist/src/tls/tlsv1_server.c vendor/wpa/dist/src/tls/tlsv1_server.h vendor/wpa/dist/src/tls/x509v3.c vendor/wpa/dist/src/utils/browser-wpadebug.c vendor/wpa/dist/src/utils/common.c vendor/wpa/dist/src/utils/common.h vendor/wpa/dist/src/utils/eloop.c vendor/wpa/dist/src/utils/http_curl.c vendor/wpa/dist/src/utils/includes.h vendor/wpa/dist/src/utils/os.h vendor/wpa/dist/src/utils/os_internal.c vendor/wpa/dist/src/utils/os_none.c vendor/wpa/dist/src/utils/os_unix.c vendor/wpa/dist/src/utils/os_win32.c vendor/wpa/dist/src/utils/radiotap.c vendor/wpa/dist/src/utils/utils_module_tests.c vendor/wpa/dist/src/utils/wpa_debug.c vendor/wpa/dist/src/utils/wpa_debug.h vendor/wpa/dist/src/utils/wpabuf.c vendor/wpa/dist/src/wps/Makefile vendor/wpa/dist/src/wps/http_client.c vendor/wpa/dist/src/wps/http_server.c vendor/wpa/dist/src/wps/httpread.c vendor/wpa/dist/src/wps/ndef.c vendor/wpa/dist/src/wps/wps.c vendor/wpa/dist/src/wps/wps.h vendor/wpa/dist/src/wps/wps_attr_parse.c vendor/wpa/dist/src/wps/wps_attr_parse.h vendor/wpa/dist/src/wps/wps_common.c vendor/wpa/dist/src/wps/wps_defs.h vendor/wpa/dist/src/wps/wps_enrollee.c vendor/wpa/dist/src/wps/wps_er.c vendor/wpa/dist/src/wps/wps_er_ssdp.c vendor/wpa/dist/src/wps/wps_module_tests.c vendor/wpa/dist/src/wps/wps_registrar.c vendor/wpa/dist/src/wps/wps_upnp.c vendor/wpa/dist/src/wps/wps_upnp_ap.c vendor/wpa/dist/src/wps/wps_upnp_event.c vendor/wpa/dist/src/wps/wps_upnp_ssdp.c vendor/wpa/dist/src/wps/wps_upnp_web.c vendor/wpa/dist/src/wps/wps_validate.c vendor/wpa/dist/wpa_supplicant/ChangeLog vendor/wpa/dist/wpa_supplicant/Makefile vendor/wpa/dist/wpa_supplicant/ap.c vendor/wpa/dist/wpa_supplicant/ap.h vendor/wpa/dist/wpa_supplicant/bss.c vendor/wpa/dist/wpa_supplicant/bss.h vendor/wpa/dist/wpa_supplicant/config.c vendor/wpa/dist/wpa_supplicant/config.h vendor/wpa/dist/wpa_supplicant/config_file.c vendor/wpa/dist/wpa_supplicant/config_ssid.h vendor/wpa/dist/wpa_supplicant/ctrl_iface.c vendor/wpa/dist/wpa_supplicant/ctrl_iface_named_pipe.c vendor/wpa/dist/wpa_supplicant/ctrl_iface_udp.c vendor/wpa/dist/wpa_supplicant/ctrl_iface_unix.c vendor/wpa/dist/wpa_supplicant/dbus/dbus_new.c vendor/wpa/dist/wpa_supplicant/dbus/dbus_new.h vendor/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers.c vendor/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers.h vendor/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers_p2p.c vendor/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers_p2p.h vendor/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers_wps.c vendor/wpa/dist/wpa_supplicant/dbus/dbus_new_helpers.c vendor/wpa/dist/wpa_supplicant/dbus/dbus_new_introspect.c vendor/wpa/dist/wpa_supplicant/dbus/dbus_old.c vendor/wpa/dist/wpa_supplicant/dbus/dbus_old_handlers.c vendor/wpa/dist/wpa_supplicant/defconfig vendor/wpa/dist/wpa_supplicant/doc/docbook/eapol_test.8 vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_background.8 vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_cli.8 vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_gui.8 vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_gui.sgml vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_passphrase.8 vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_priv.8 vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_supplicant.8 vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 vendor/wpa/dist/wpa_supplicant/driver_i.h vendor/wpa/dist/wpa_supplicant/eapol_test.c vendor/wpa/dist/wpa_supplicant/events.c vendor/wpa/dist/wpa_supplicant/hs20_supplicant.c vendor/wpa/dist/wpa_supplicant/ibss_rsn.c vendor/wpa/dist/wpa_supplicant/interworking.c vendor/wpa/dist/wpa_supplicant/main.c vendor/wpa/dist/wpa_supplicant/mesh.c vendor/wpa/dist/wpa_supplicant/mesh_mpm.c vendor/wpa/dist/wpa_supplicant/mesh_rsn.c vendor/wpa/dist/wpa_supplicant/notify.c vendor/wpa/dist/wpa_supplicant/notify.h vendor/wpa/dist/wpa_supplicant/p2p_supplicant.c vendor/wpa/dist/wpa_supplicant/p2p_supplicant.h vendor/wpa/dist/wpa_supplicant/preauth_test.c vendor/wpa/dist/wpa_supplicant/scan.c vendor/wpa/dist/wpa_supplicant/sme.c vendor/wpa/dist/wpa_supplicant/wpa_cli.c vendor/wpa/dist/wpa_supplicant/wpa_priv.c vendor/wpa/dist/wpa_supplicant/wpa_supplicant.c vendor/wpa/dist/wpa_supplicant/wpa_supplicant.conf vendor/wpa/dist/wpa_supplicant/wpa_supplicant_i.h vendor/wpa/dist/wpa_supplicant/wpas_glue.c vendor/wpa/dist/wpa_supplicant/wpas_glue.h vendor/wpa/dist/wpa_supplicant/wps_supplicant.c vendor/wpa/dist/wpa_supplicant/wps_supplicant.h Modified: vendor/wpa/dist/hostapd/ChangeLog ============================================================================== --- vendor/wpa/dist/hostapd/ChangeLog Wed Oct 14 02:43:04 2015 (r289283) +++ vendor/wpa/dist/hostapd/ChangeLog Wed Oct 14 04:30:17 2015 (r289284) @@ -1,5 +1,41 @@ ChangeLog for hostapd +2015-09-27 - v2.5 + * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding + [http://w1.fi/security/2015-2/] (CVE-2015-4141) + * fixed WMM Action frame parser + [http://w1.fi/security/2015-3/] (CVE-2015-4142) + * fixed EAP-pwd server missing payload length validation + [http://w1.fi/security/2015-4/] + (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145) + * fixed validation of WPS and P2P NFC NDEF record payload length + [http://w1.fi/security/2015-5/] + * nl80211: + - fixed vendor command handling to check OUI properly + * fixed hlr_auc_gw build with OpenSSL + * hlr_auc_gw: allow Milenage RES length to be reduced + * disable HT for a station that does not support WMM/QoS + * added support for hashed password (NtHash) in EAP-pwd server + * fixed and extended dynamic VLAN cases + * added EAP-EKE server support for deriving Session-Id + * set Acct-Session-Id to a random value to make it more likely to be + unique even if the device does not have a proper clock + * added more 2.4 GHz channels for 20/40 MHz HT co-ex scan + * modified SAE routines to be more robust and PWE generation to be + stronger against timing attacks + * added support for Brainpool Elliptic Curves with SAE + * increases maximum value accepted for cwmin/cwmax + * added support for CCMP-256 and GCMP-256 as group ciphers with FT + * added Fast Session Transfer (FST) module + * removed optional fields from RSNE when using FT with PMF + (workaround for interoperability issues with iOS 8.4) + * added EAP server support for TLS session resumption + * fixed key derivation for Suite B 192-bit AKM (this breaks + compatibility with the earlier version) + * added mechanism to track unconnected stations and do minimal band + steering + * number of small fixes + 2015-03-15 - v2.4 * allow OpenSSL cipher configuration to be set for internal EAP server (openssl_ciphers parameter) Modified: vendor/wpa/dist/hostapd/Makefile ============================================================================== --- vendor/wpa/dist/hostapd/Makefile Wed Oct 14 02:43:04 2015 (r289283) +++ vendor/wpa/dist/hostapd/Makefile Wed Oct 14 04:30:17 2015 (r289284) @@ -107,7 +107,16 @@ LIBS_h += -lrt LIBS_n += -lrt endif +ifdef CONFIG_ELOOP_POLL +CFLAGS += -DCONFIG_ELOOP_POLL +endif + +ifdef CONFIG_ELOOP_EPOLL +CFLAGS += -DCONFIG_ELOOP_EPOLL +endif + OBJS += ../src/utils/common.o +OBJS_c += ../src/utils/common.o OBJS += ../src/utils/wpa_debug.o OBJS_c += ../src/utils/wpa_debug.o OBJS += ../src/utils/wpabuf.o @@ -227,6 +236,7 @@ CFLAGS += -DCONFIG_SAE OBJS += ../src/common/sae.o NEED_ECC=y NEED_DH_GROUPS=y +NEED_AP_MLME=y endif ifdef CONFIG_WNM @@ -531,8 +541,14 @@ HOBJS += ../src/crypto/crypto_openssl.o ifdef NEED_FIPS186_2_PRF OBJS += ../src/crypto/fips_prf_openssl.o endif +NEED_SHA256=y +NEED_TLS_PRF_SHA256=y LIBS += -lcrypto LIBS_h += -lcrypto +ifdef CONFIG_TLS_ADD_DL +LIBS += -ldl +LIBS_h += -ldl +endif endif ifeq ($(CONFIG_TLS), gnutls) @@ -553,17 +569,6 @@ CONFIG_INTERNAL_RC4=y CONFIG_INTERNAL_DH_GROUP5=y endif -ifeq ($(CONFIG_TLS), schannel) -ifdef TLS_FUNCS -OBJS += ../src/crypto/tls_schannel.o -endif -OBJS += ../src/crypto/crypto_cryptoapi.o -OBJS_p += ../src/crypto/crypto_cryptoapi.o -CONFIG_INTERNAL_SHA256=y -CONFIG_INTERNAL_RC4=y -CONFIG_INTERNAL_DH_GROUP5=y -endif - ifeq ($(CONFIG_TLS), internal) ifndef CONFIG_CRYPTO CONFIG_CRYPTO=internal @@ -694,8 +699,10 @@ endif endif ifdef NEED_AES_CBC NEED_AES_DEC=y +ifneq ($(CONFIG_TLS), openssl) AESOBJS += ../src/crypto/aes-cbc.o endif +endif ifdef NEED_AES_DEC ifdef CONFIG_INTERNAL_AES AESOBJS += ../src/crypto/aes-internal-dec.o @@ -754,11 +761,17 @@ OBJS += ../src/crypto/des-internal.o endif endif +ifdef CONFIG_NO_RC4 +CFLAGS += -DCONFIG_NO_RC4 +endif + ifdef NEED_RC4 ifdef CONFIG_INTERNAL_RC4 +ifndef CONFIG_NO_RC4 OBJS += ../src/crypto/rc4.o endif endif +endif ifdef NEED_SHA256 CFLAGS += -DCONFIG_SHA256 @@ -778,6 +791,7 @@ endif endif ifdef NEED_SHA384 CFLAGS += -DCONFIG_SHA384 +OBJS += ../src/crypto/sha384-prf.o endif ifdef NEED_DH_GROUPS @@ -803,8 +817,10 @@ OBJS += ../src/crypto/random.o HOBJS += ../src/crypto/random.o HOBJS += ../src/utils/eloop.o HOBJS += $(SHA1OBJS) +ifneq ($(CONFIG_TLS), openssl) HOBJS += ../src/crypto/md5.o endif +endif ifdef CONFIG_RADIUS_SERVER CFLAGS += -DRADIUS_SERVER @@ -903,6 +919,21 @@ LIBS += -lsqlite3 LIBS_h += -lsqlite3 endif +ifdef CONFIG_FST +CFLAGS += -DCONFIG_FST +OBJS += ../src/fst/fst.o +OBJS += ../src/fst/fst_group.o +OBJS += ../src/fst/fst_iface.o +OBJS += ../src/fst/fst_session.o +OBJS += ../src/fst/fst_ctrl_aux.o +ifdef CONFIG_FST_TEST +CFLAGS += -DCONFIG_FST_TEST +endif +ifndef CONFIG_NO_CTRL_IFACE +OBJS += ../src/fst/fst_ctrl_iface.o +endif +endif + ALL=hostapd hostapd_cli all: verify_config $(ALL) @@ -965,9 +996,11 @@ NOBJS = nt_password_hash.o ../src/crypto NOBJS += ../src/utils/common.o ifdef NEED_RC4 ifdef CONFIG_INTERNAL_RC4 +ifndef CONFIG_NO_RC4 NOBJS += ../src/crypto/rc4.o endif endif +endif ifdef CONFIG_INTERNAL_MD5 NOBJS += ../src/crypto/md5-internal.o endif Modified: vendor/wpa/dist/hostapd/config_file.c ============================================================================== --- vendor/wpa/dist/hostapd/config_file.c Wed Oct 14 02:43:04 2015 (r289283) +++ vendor/wpa/dist/hostapd/config_file.c Wed Oct 14 04:30:17 2015 (r289284) @@ -222,9 +222,15 @@ static int hostapd_config_read_eap_user( return 0; if (os_strncmp(fname, "sqlite:", 7) == 0) { +#ifdef CONFIG_SQLITE os_free(conf->eap_user_sqlite); conf->eap_user_sqlite = os_strdup(fname + 7); return 0; +#else /* CONFIG_SQLITE */ + wpa_printf(MSG_ERROR, + "EAP user file in SQLite DB, but CONFIG_SQLITE was not enabled in the build."); + return -1; +#endif /* CONFIG_SQLITE */ } f = fopen(fname, "r"); @@ -775,6 +781,24 @@ static int hostapd_config_read_wep(struc } +static int hostapd_parse_chanlist(struct hostapd_config *conf, char *val) +{ + char *pos; + + /* for backwards compatibility, translate ' ' in conf str to ',' */ + pos = val; + while (pos) { + pos = os_strchr(pos, ' '); + if (pos) + *pos++ = ','; + } + if (freq_range_list_parse(&conf->acs_ch_list, val)) + return -1; + + return 0; +} + + static int hostapd_parse_intlist(int **int_list, char *val) { int *list; @@ -875,7 +899,9 @@ static int hostapd_config_read_int10(con static int valid_cw(int cw) { return (cw == 1 || cw == 3 || cw == 7 || cw == 15 || cw == 31 || - cw == 63 || cw == 127 || cw == 255 || cw == 511 || cw == 1023); + cw == 63 || cw == 127 || cw == 255 || cw == 511 || cw == 1023 || + cw == 2047 || cw == 4095 || cw == 8191 || cw == 16383 || + cw == 32767); } @@ -886,11 +912,11 @@ enum { IEEE80211_TX_QUEUE_DATA3 = 3 /* used for EDCA AC_BK data */ }; -static int hostapd_config_tx_queue(struct hostapd_config *conf, char *name, - char *val) +static int hostapd_config_tx_queue(struct hostapd_config *conf, + const char *name, const char *val) { int num; - char *pos; + const char *pos; struct hostapd_tx_queue_params *queue; /* skip 'tx_queue_' prefix */ @@ -1134,13 +1160,23 @@ static int hostapd_config_vht_capab(stru if (os_strstr(capab, "[BF-ANTENNA-2]") && (conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE)) conf->vht_capab |= (1 << VHT_CAP_BEAMFORMEE_STS_OFFSET); + if (os_strstr(capab, "[BF-ANTENNA-3]") && + (conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE)) + conf->vht_capab |= (2 << VHT_CAP_BEAMFORMEE_STS_OFFSET); + if (os_strstr(capab, "[BF-ANTENNA-4]") && + (conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE)) + conf->vht_capab |= (3 << VHT_CAP_BEAMFORMEE_STS_OFFSET); if (os_strstr(capab, "[SOUNDING-DIMENSION-2]") && (conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE)) conf->vht_capab |= (1 << VHT_CAP_SOUNDING_DIMENSION_OFFSET); + if (os_strstr(capab, "[SOUNDING-DIMENSION-3]") && + (conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE)) + conf->vht_capab |= (2 << VHT_CAP_SOUNDING_DIMENSION_OFFSET); + if (os_strstr(capab, "[SOUNDING-DIMENSION-4]") && + (conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE)) + conf->vht_capab |= (3 << VHT_CAP_SOUNDING_DIMENSION_OFFSET); if (os_strstr(capab, "[MU-BEAMFORMER]")) conf->vht_capab |= VHT_CAP_MU_BEAMFORMER_CAPABLE; - if (os_strstr(capab, "[MU-BEAMFORMEE]")) - conf->vht_capab |= VHT_CAP_MU_BEAMFORMEE_CAPABLE; if (os_strstr(capab, "[VHT-TXOP-PS]")) conf->vht_capab |= VHT_CAP_VHT_TXOP_PS; if (os_strstr(capab, "[HTC-VHT]")) @@ -1699,7 +1735,7 @@ static int hs20_parse_osu_ssid(struct ho char *str; str = wpa_config_parse_string(pos, &slen); - if (str == NULL || slen < 1 || slen > HOSTAPD_MAX_SSID_LEN) { + if (str == NULL || slen < 1 || slen > SSID_MAX_LEN) { wpa_printf(MSG_ERROR, "Line %d: Invalid SSID '%s'", line, pos); os_free(str); return -1; @@ -1900,7 +1936,7 @@ fail: static int hostapd_config_fill(struct hostapd_config *conf, struct hostapd_bss_config *bss, - char *buf, char *pos, int line) + const char *buf, char *pos, int line) { if (os_strcmp(buf, "interface") == 0) { os_strlcpy(conf->bss[0]->iface, pos, @@ -1946,7 +1982,7 @@ static int hostapd_config_fill(struct ho line); } else if (os_strcmp(buf, "ssid") == 0) { bss->ssid.ssid_len = os_strlen(pos); - if (bss->ssid.ssid_len > HOSTAPD_MAX_SSID_LEN || + if (bss->ssid.ssid_len > SSID_MAX_LEN || bss->ssid.ssid_len < 1) { wpa_printf(MSG_ERROR, "Line %d: invalid SSID '%s'", line, pos); @@ -1957,7 +1993,7 @@ static int hostapd_config_fill(struct ho } else if (os_strcmp(buf, "ssid2") == 0) { size_t slen; char *str = wpa_config_parse_string(pos, &slen); - if (str == NULL || slen < 1 || slen > HOSTAPD_MAX_SSID_LEN) { + if (str == NULL || slen < 1 || slen > SSID_MAX_LEN) { wpa_printf(MSG_ERROR, "Line %d: invalid SSID '%s'", line, pos); os_free(str); @@ -2043,6 +2079,8 @@ static int hostapd_config_fill(struct ho bss->private_key_passwd = os_strdup(pos); } else if (os_strcmp(buf, "check_crl") == 0) { bss->check_crl = atoi(pos); + } else if (os_strcmp(buf, "tls_session_lifetime") == 0) { + bss->tls_session_lifetime = atoi(pos); } else if (os_strcmp(buf, "ocsp_stapling_response") == 0) { os_free(bss->ocsp_stapling_response); bss->ocsp_stapling_response = os_strdup(pos); @@ -2515,13 +2553,17 @@ static int hostapd_config_fill(struct ho conf->hw_mode = HOSTAPD_MODE_IEEE80211G; else if (os_strcmp(pos, "ad") == 0) conf->hw_mode = HOSTAPD_MODE_IEEE80211AD; + else if (os_strcmp(pos, "any") == 0) + conf->hw_mode = HOSTAPD_MODE_IEEE80211ANY; else { wpa_printf(MSG_ERROR, "Line %d: unknown hw_mode '%s'", line, pos); return 1; } } else if (os_strcmp(buf, "wps_rf_bands") == 0) { - if (os_strcmp(pos, "a") == 0) + if (os_strcmp(pos, "ad") == 0) + bss->wps_rf_bands = WPS_RF_60GHZ; + else if (os_strcmp(pos, "a") == 0) bss->wps_rf_bands = WPS_RF_50GHZ; else if (os_strcmp(pos, "g") == 0 || os_strcmp(pos, "b") == 0) @@ -2542,12 +2584,15 @@ static int hostapd_config_fill(struct ho line); return 1; #else /* CONFIG_ACS */ + conf->acs = 1; conf->channel = 0; #endif /* CONFIG_ACS */ - } else + } else { conf->channel = atoi(pos); + conf->acs = conf->channel == 0; + } } else if (os_strcmp(buf, "chanlist") == 0) { - if (hostapd_parse_intlist(&conf->chanlist, pos)) { + if (hostapd_parse_chanlist(conf, pos)) { wpa_printf(MSG_ERROR, "Line %d: invalid channel list", line); return 1; @@ -2810,7 +2855,7 @@ static int hostapd_config_fill(struct ho os_free(bss->wps_pin_requests); bss->wps_pin_requests = os_strdup(pos); } else if (os_strcmp(buf, "device_name") == 0) { - if (os_strlen(pos) > 32) { + if (os_strlen(pos) > WPS_DEV_NAME_MAX_LEN) { wpa_printf(MSG_ERROR, "Line %d: Too long " "device_name", line); return 1; @@ -3111,6 +3156,8 @@ static int hostapd_config_fill(struct ho bss->disable_dgaf = atoi(pos); } else if (os_strcmp(buf, "proxy_arp") == 0) { bss->proxy_arp = atoi(pos); + } else if (os_strcmp(buf, "na_mcast_to_ucast") == 0) { + bss->na_mcast_to_ucast = atoi(pos); } else if (os_strcmp(buf, "osen") == 0) { bss->osen = atoi(pos); } else if (os_strcmp(buf, "anqp_domain_id") == 0) { @@ -3223,6 +3270,24 @@ static int hostapd_config_fill(struct ho bss->bss_load_test_set = 1; } else if (os_strcmp(buf, "radio_measurements") == 0) { bss->radio_measurements = atoi(pos); + } else if (os_strcmp(buf, "own_ie_override") == 0) { + struct wpabuf *tmp; + size_t len = os_strlen(pos) / 2; + + tmp = wpabuf_alloc(len); + if (!tmp) + return 1; + + if (hexstr2bin(pos, wpabuf_put(tmp, len), len)) { + wpabuf_free(tmp); + wpa_printf(MSG_ERROR, + "Line %d: Invalid own_ie_override '%s'", + line, pos); + return 1; + } + + wpabuf_free(bss->own_ie_override); + bss->own_ie_override = tmp; #endif /* CONFIG_TESTING_OPTIONS */ } else if (os_strcmp(buf, "vendor_elements") == 0) { struct wpabuf *elems; @@ -3276,6 +3341,74 @@ static int hostapd_config_fill(struct ho } else if (os_strcmp(buf, "wowlan_triggers") == 0) { os_free(bss->wowlan_triggers); bss->wowlan_triggers = os_strdup(pos); +#ifdef CONFIG_FST + } else if (os_strcmp(buf, "fst_group_id") == 0) { + size_t len = os_strlen(pos); + + if (!len || len >= sizeof(conf->fst_cfg.group_id)) { + wpa_printf(MSG_ERROR, + "Line %d: Invalid fst_group_id value '%s'", + line, pos); + return 1; + } + + if (conf->fst_cfg.group_id[0]) { + wpa_printf(MSG_ERROR, + "Line %d: Duplicate fst_group value '%s'", + line, pos); + return 1; + } + + os_strlcpy(conf->fst_cfg.group_id, pos, + sizeof(conf->fst_cfg.group_id)); + } else if (os_strcmp(buf, "fst_priority") == 0) { + char *endp; + long int val; + + if (!*pos) { + wpa_printf(MSG_ERROR, + "Line %d: fst_priority value not supplied (expected 1..%u)", + line, FST_MAX_PRIO_VALUE); + return -1; + } + + val = strtol(pos, &endp, 0); + if (*endp || val < 1 || val > FST_MAX_PRIO_VALUE) { + wpa_printf(MSG_ERROR, + "Line %d: Invalid fst_priority %ld (%s) (expected 1..%u)", + line, val, pos, FST_MAX_PRIO_VALUE); + return 1; + } + conf->fst_cfg.priority = (u8) val; + } else if (os_strcmp(buf, "fst_llt") == 0) { + char *endp; + long int val; + + if (!*pos) { + wpa_printf(MSG_ERROR, + "Line %d: fst_llt value not supplied (expected 1..%u)", + line, FST_MAX_LLT_MS); + return -1; + } + val = strtol(pos, &endp, 0); + if (*endp || val < 1 || val > FST_MAX_LLT_MS) { + wpa_printf(MSG_ERROR, + "Line %d: Invalid fst_llt %ld (%s) (expected 1..%u)", + line, val, pos, FST_MAX_LLT_MS); + return 1; + } + conf->fst_cfg.llt = (u32) val; +#endif /* CONFIG_FST */ + } else if (os_strcmp(buf, "track_sta_max_num") == 0) { + conf->track_sta_max_num = atoi(pos); + } else if (os_strcmp(buf, "track_sta_max_age") == 0) { + conf->track_sta_max_age = atoi(pos); + } else if (os_strcmp(buf, "no_probe_resp_if_seen_on") == 0) { + os_free(bss->no_probe_resp_if_seen_on); + bss->no_probe_resp_if_seen_on = os_strdup(pos); + } else if (os_strcmp(buf, "no_auth_if_seen_on") == 0) { + os_free(bss->no_auth_if_seen_on); + bss->no_auth_if_seen_on = os_strdup(pos); } else { wpa_printf(MSG_ERROR, "Line %d: unknown configuration item '%s'", @@ -3378,7 +3511,8 @@ struct hostapd_config * hostapd_config_r int hostapd_set_iface(struct hostapd_config *conf, - struct hostapd_bss_config *bss, char *field, char *value) + struct hostapd_bss_config *bss, const char *field, + char *value) { int errors; size_t i; Modified: vendor/wpa/dist/hostapd/config_file.h ============================================================================== --- vendor/wpa/dist/hostapd/config_file.h Wed Oct 14 02:43:04 2015 (r289283) +++ vendor/wpa/dist/hostapd/config_file.h Wed Oct 14 04:30:17 2015 (r289284) @@ -11,7 +11,7 @@ struct hostapd_config * hostapd_config_read(const char *fname); int hostapd_set_iface(struct hostapd_config *conf, - struct hostapd_bss_config *bss, char *field, + struct hostapd_bss_config *bss, const char *field, char *value); #endif /* CONFIG_FILE_H */ Modified: vendor/wpa/dist/hostapd/ctrl_iface.c ============================================================================== --- vendor/wpa/dist/hostapd/ctrl_iface.c Wed Oct 14 02:43:04 2015 (r289283) +++ vendor/wpa/dist/hostapd/ctrl_iface.c Wed Oct 14 04:30:17 2015 (r289284) @@ -25,6 +25,7 @@ #include "common/ieee802_11_defs.h" #include "crypto/tls.h" #include "drivers/driver.h" +#include "eapol_auth/eapol_auth_sm.h" #include "radius/radius_client.h" #include "radius/radius_server.h" #include "l2_packet/l2_packet.h" @@ -43,10 +44,13 @@ #include "ap/beacon.h" #include "wps/wps_defs.h" #include "wps/wps.h" +#include "fst/fst_ctrl_iface.h" #include "config_file.h" #include "ctrl_iface.h" +#define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256 + struct wpa_ctrl_dst { struct wpa_ctrl_dst *next; struct sockaddr_un addr; @@ -57,6 +61,7 @@ struct wpa_ctrl_dst { static void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level, + enum wpa_msg_type type, const char *buf, size_t len); @@ -1055,6 +1060,97 @@ static int hostapd_ctrl_iface_bss_tm_req #endif /* CONFIG_WNM */ +static int hostapd_ctrl_iface_get_key_mgmt(struct hostapd_data *hapd, + char *buf, size_t buflen) +{ + int ret = 0; + char *pos, *end; + + pos = buf; + end = buf + buflen; + + WPA_ASSERT(hapd->conf->wpa_key_mgmt); + + if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) { + ret = os_snprintf(pos, end - pos, "WPA-PSK "); + if (os_snprintf_error(end - pos, ret)) + return pos - buf; + pos += ret; + } + if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) { + ret = os_snprintf(pos, end - pos, "WPA-EAP "); + if (os_snprintf_error(end - pos, ret)) + return pos - buf; + pos += ret; + } +#ifdef CONFIG_IEEE80211R + if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) { + ret = os_snprintf(pos, end - pos, "FT-PSK "); + if (os_snprintf_error(end - pos, ret)) + return pos - buf; + pos += ret; + } + if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) { + ret = os_snprintf(pos, end - pos, "FT-EAP "); + if (os_snprintf_error(end - pos, ret)) + return pos - buf; + pos += ret; + } +#ifdef CONFIG_SAE + if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) { + ret = os_snprintf(pos, end - pos, "FT-SAE "); + if (os_snprintf_error(end - pos, ret)) + return pos - buf; + pos += ret; + } +#endif /* CONFIG_SAE */ +#endif /* CONFIG_IEEE80211R */ +#ifdef CONFIG_IEEE80211W + if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) { + ret = os_snprintf(pos, end - pos, "WPA-PSK-SHA256 "); + if (os_snprintf_error(end - pos, ret)) + return pos - buf; + pos += ret; + } + if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) { + ret = os_snprintf(pos, end - pos, "WPA-EAP-SHA256 "); + if (os_snprintf_error(end - pos, ret)) + return pos - buf; + pos += ret; + } +#endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_SAE + if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) { + ret = os_snprintf(pos, end - pos, "SAE "); + if (os_snprintf_error(end - pos, ret)) + return pos - buf; + pos += ret; + } +#endif /* CONFIG_SAE */ + if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) { + ret = os_snprintf(pos, end - pos, "WPA-EAP-SUITE-B "); + if (os_snprintf_error(end - pos, ret)) + return pos - buf; + pos += ret; + } + if (hapd->conf->wpa_key_mgmt & + WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) { + ret = os_snprintf(pos, end - pos, + "WPA-EAP-SUITE-B-192 "); + if (os_snprintf_error(end - pos, ret)) + return pos - buf; + pos += ret; + } + + if (pos > buf && *(pos - 1) == ' ') { + *(pos - 1) = '\0'; + pos--; + } + + return pos - buf; +} + + static int hostapd_ctrl_iface_get_config(struct hostapd_data *hapd, char *buf, size_t buflen) { @@ -1104,82 +1200,20 @@ static int hostapd_ctrl_iface_get_config } #endif /* CONFIG_WPS */ + if (hapd->conf->wpa) { + ret = os_snprintf(pos, end - pos, "wpa=%d\n", hapd->conf->wpa); + if (os_snprintf_error(end - pos, ret)) + return pos - buf; + pos += ret; + } + if (hapd->conf->wpa && hapd->conf->wpa_key_mgmt) { ret = os_snprintf(pos, end - pos, "key_mgmt="); if (os_snprintf_error(end - pos, ret)) return pos - buf; pos += ret; - if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) { - ret = os_snprintf(pos, end - pos, "WPA-PSK "); - if (os_snprintf_error(end - pos, ret)) - return pos - buf; - pos += ret; - } - if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) { - ret = os_snprintf(pos, end - pos, "WPA-EAP "); - if (os_snprintf_error(end - pos, ret)) - return pos - buf; - pos += ret; - } -#ifdef CONFIG_IEEE80211R - if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) { - ret = os_snprintf(pos, end - pos, "FT-PSK "); - if (os_snprintf_error(end - pos, ret)) - return pos - buf; - pos += ret; - } - if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) { - ret = os_snprintf(pos, end - pos, "FT-EAP "); - if (os_snprintf_error(end - pos, ret)) - return pos - buf; - pos += ret; - } -#ifdef CONFIG_SAE - if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) { - ret = os_snprintf(pos, end - pos, "FT-SAE "); - if (os_snprintf_error(end - pos, ret)) - return pos - buf; - pos += ret; - } -#endif /* CONFIG_SAE */ -#endif /* CONFIG_IEEE80211R */ -#ifdef CONFIG_IEEE80211W - if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) { - ret = os_snprintf(pos, end - pos, "WPA-PSK-SHA256 "); - if (os_snprintf_error(end - pos, ret)) - return pos - buf; - pos += ret; - } - if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) { - ret = os_snprintf(pos, end - pos, "WPA-EAP-SHA256 "); - if (os_snprintf_error(end - pos, ret)) - return pos - buf; - pos += ret; - } -#endif /* CONFIG_IEEE80211W */ -#ifdef CONFIG_SAE - if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) { - ret = os_snprintf(pos, end - pos, "SAE "); - if (os_snprintf_error(end - pos, ret)) - return pos - buf; - pos += ret; - } -#endif /* CONFIG_SAE */ - if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) { - ret = os_snprintf(pos, end - pos, "WPA-EAP-SUITE-B "); - if (os_snprintf_error(end - pos, ret)) - return pos - buf; - pos += ret; - } - if (hapd->conf->wpa_key_mgmt & - WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) { - ret = os_snprintf(pos, end - pos, - "WPA-EAP-SUITE-B-192 "); - if (os_snprintf_error(end - pos, ret)) - return pos - buf; - pos += ret; - } + pos += hostapd_ctrl_iface_get_key_mgmt(hapd, pos, end - pos); ret = os_snprintf(pos, end - pos, "\n"); if (os_snprintf_error(end - pos, ret)) @@ -1528,7 +1562,7 @@ void hostapd_data_test_rx(void *ctx, con { struct hostapd_data *hapd = ctx; const struct ether_header *eth; - const struct iphdr *ip; + struct iphdr ip; const u8 *pos; unsigned int i; @@ -1536,14 +1570,14 @@ void hostapd_data_test_rx(void *ctx, con return; eth = (const struct ether_header *) buf; - ip = (const struct iphdr *) (eth + 1); - pos = (const u8 *) (ip + 1); + os_memcpy(&ip, eth + 1, sizeof(ip)); + pos = &buf[sizeof(*eth) + sizeof(ip)]; - if (ip->ihl != 5 || ip->version != 4 || - ntohs(ip->tot_len) != HWSIM_IP_LEN) + if (ip.ihl != 5 || ip.version != 4 || + ntohs(ip.tot_len) != HWSIM_IP_LEN) return; - for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++) { + for (i = 0; i < HWSIM_IP_LEN - sizeof(ip); i++) { if (*pos != (u8) i) return; pos++; @@ -1599,7 +1633,7 @@ static int hostapd_ctrl_iface_data_test_ int used; long int val; u8 tos; - u8 buf[HWSIM_PACKETLEN]; + u8 buf[2 + HWSIM_PACKETLEN]; struct ether_header *eth; struct iphdr *ip; u8 *dpos; @@ -1627,7 +1661,7 @@ static int hostapd_ctrl_iface_data_test_ return -1; tos = val; - eth = (struct ether_header *) buf; + eth = (struct ether_header *) &buf[2]; os_memcpy(eth->ether_dhost, dst, ETH_ALEN); os_memcpy(eth->ether_shost, src, ETH_ALEN); eth->ether_type = htons(ETHERTYPE_IP); @@ -1639,14 +1673,14 @@ static int hostapd_ctrl_iface_data_test_ ip->tos = tos; ip->tot_len = htons(HWSIM_IP_LEN); ip->protocol = 1; - ip->saddr = htonl(192 << 24 | 168 << 16 | 1 << 8 | 1); - ip->daddr = htonl(192 << 24 | 168 << 16 | 1 << 8 | 2); + ip->saddr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 1); + ip->daddr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 2); ip->check = ipv4_hdr_checksum(ip, sizeof(*ip)); dpos = (u8 *) (ip + 1); for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++) *dpos++ = i; - if (l2_packet_send(hapd->l2_test, dst, ETHERTYPE_IP, buf, + if (l2_packet_send(hapd->l2_test, dst, ETHERTYPE_IP, &buf[2], HWSIM_PACKETLEN) < 0) return -1; @@ -1746,6 +1780,45 @@ static int hostapd_ctrl_get_alloc_fail(s #endif /* WPA_TRACE_BFD */ } + +static int hostapd_ctrl_test_fail(struct hostapd_data *hapd, char *cmd) +{ +#ifdef WPA_TRACE_BFD + extern char wpa_trace_test_fail_func[256]; + extern unsigned int wpa_trace_test_fail_after; + char *pos; + + wpa_trace_test_fail_after = atoi(cmd); + pos = os_strchr(cmd, ':'); + if (pos) { + pos++; + os_strlcpy(wpa_trace_test_fail_func, pos, + sizeof(wpa_trace_test_fail_func)); + } else { + wpa_trace_test_fail_after = 0; + } + + return 0; +#else /* WPA_TRACE_BFD */ + return -1; +#endif /* WPA_TRACE_BFD */ +} + + +static int hostapd_ctrl_get_fail(struct hostapd_data *hapd, + char *buf, size_t buflen) +{ +#ifdef WPA_TRACE_BFD + extern char wpa_trace_test_fail_func[256]; + extern unsigned int wpa_trace_test_fail_after; + + return os_snprintf(buf, buflen, "%u:%s", wpa_trace_test_fail_after, + wpa_trace_test_fail_func); +#else /* WPA_TRACE_BFD */ + return -1; +#endif /* WPA_TRACE_BFD */ +} + #endif /* CONFIG_TESTING_OPTIONS */ @@ -1847,41 +1920,134 @@ static int hostapd_ctrl_iface_vendor(str } -static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx, - void *sock_ctx) +static int hostapd_ctrl_iface_eapol_reauth(struct hostapd_data *hapd, + const char *cmd) { - struct hostapd_data *hapd = eloop_ctx; - char buf[4096]; - int res; - struct sockaddr_un from; - socklen_t fromlen = sizeof(from); - char *reply; - const int reply_size = 4096; - int reply_len; - int level = MSG_DEBUG; + u8 addr[ETH_ALEN]; + struct sta_info *sta; - res = recvfrom(sock, buf, sizeof(buf) - 1, 0, - (struct sockaddr *) &from, &fromlen); - if (res < 0) { - wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s", - strerror(errno)); - return; + if (hwaddr_aton(cmd, addr)) + return -1; + + sta = ap_get_sta(hapd, addr); + if (!sta || !sta->eapol_sm) + return -1; + + eapol_auth_reauthenticate(sta->eapol_sm); + return 0; +} + + +static int hostapd_ctrl_iface_eapol_set(struct hostapd_data *hapd, char *cmd) +{ + u8 addr[ETH_ALEN]; + struct sta_info *sta; + char *pos = cmd, *param; + + if (hwaddr_aton(pos, addr) || pos[17] != ' ') + return -1; + pos += 18; + param = pos; + pos = os_strchr(pos, ' '); + if (!pos) + return -1; + *pos++ = '\0'; + + sta = ap_get_sta(hapd, addr); + if (!sta || !sta->eapol_sm) + return -1; + + return eapol_auth_set_conf(sta->eapol_sm, param, pos); +} + + +static int hostapd_ctrl_iface_log_level(struct hostapd_data *hapd, char *cmd, + char *buf, size_t buflen) +{ + char *pos, *end, *stamp; + int ret; + + /* cmd: "LOG_LEVEL [<level>]" */ + if (*cmd == '\0') { + pos = buf; + end = buf + buflen; + ret = os_snprintf(pos, end - pos, "Current level: %s\n" + "Timestamp: %d\n", + debug_level_str(wpa_debug_level), + wpa_debug_timestamp); + if (os_snprintf_error(end - pos, ret)) + ret = 0; + + return ret; } - buf[res] = '\0'; - if (os_strcmp(buf, "PING") == 0) - level = MSG_EXCESSIVE; - wpa_hexdump_ascii(level, "RX ctrl_iface", (u8 *) buf, res); - reply = os_malloc(reply_size); - if (reply == NULL) { - if (sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from, - fromlen) < 0) { - wpa_printf(MSG_DEBUG, "CTRL: sendto failed: %s", - strerror(errno)); + while (*cmd == ' ') + cmd++; + + stamp = os_strchr(cmd, ' '); + if (stamp) { + *stamp++ = '\0'; + while (*stamp == ' ') { + stamp++; } - return; } + if (os_strlen(cmd)) { + int level = str_to_debug_level(cmd); + if (level < 0) + return -1; + wpa_debug_level = level; + } + + if (stamp && os_strlen(stamp)) + wpa_debug_timestamp = atoi(stamp); + + os_memcpy(buf, "OK\n", 3); + return 3; +} + + +#ifdef NEED_AP_MLME +static int hostapd_ctrl_iface_track_sta_list(struct hostapd_data *hapd, + char *buf, size_t buflen) +{ + struct hostapd_iface *iface = hapd->iface; + char *pos, *end; + struct hostapd_sta_info *info; + struct os_reltime now; + + sta_track_expire(iface, 0); + + pos = buf; + end = buf + buflen; + + os_get_reltime(&now); + dl_list_for_each_reverse(info, &iface->sta_seen, + struct hostapd_sta_info, list) { + struct os_reltime age; + int ret; + + os_reltime_sub(&now, &info->last_seen, &age); + ret = os_snprintf(pos, end - pos, MACSTR " %u\n", + MAC2STR(info->addr), (unsigned int) age.sec); + if (os_snprintf_error(end - pos, ret)) + break; + pos += ret; + } + + return pos - buf; +} +#endif /* NEED_AP_MLME */ + + +static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd, + char *buf, char *reply, + int reply_size, + struct sockaddr_un *from, + socklen_t fromlen) +{ + int reply_len, res; + os_memcpy(reply, "OK\n", 3); reply_len = 3; @@ -1938,13 +2104,13 @@ static void hostapd_ctrl_iface_receive(i reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply, reply_size); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201510140430.t9E4UINX000738>