From 22188e6ab4f02f981de3b9f228a40b1e8f98e6a1 Mon Sep 17 00:00:00 2001 From: Sam Leffler Date: Thu, 15 Jan 2009 04:25:21 +0000 Subject: vendor import of 0.5.11 --- ChangeLog | 26 +++++++++ Makefile | 9 ++-- base64.c | 2 +- common.c | 47 ---------------- ctrl_iface.c | 4 ++ ctrl_iface_dbus.c | 4 +- ctrl_iface_unix.c | 2 +- dbus_dict_helpers.c | 102 +++++++++++++++++++++-------------- defconfig | 3 -- doc/docbook/wpa_background.8 | 2 +- doc/docbook/wpa_cli.8 | 25 ++++----- doc/docbook/wpa_cli.sgml | 23 ++++---- doc/docbook/wpa_passphrase.8 | 2 +- doc/docbook/wpa_supplicant.8 | 55 +++++++++++++------ doc/docbook/wpa_supplicant.conf.5 | 6 +-- doc/docbook/wpa_supplicant.conf.sgml | 4 +- doc/docbook/wpa_supplicant.sgml | 61 +++++++++++++++------ driver_hostap.h | 4 +- driver_ndis.c | 2 + eap.c | 16 +++++- eap_aka.c | 2 +- eap_gpsk.c | 14 +++-- eap_gpsk_common.c | 4 +- eap_ttls.c | 8 +-- eloop.c | 24 ++++++++- eloop.h | 13 +++++ eloop_none.c | 20 +++++++ eloop_win.c | 19 +++++++ main.c | 12 +---- mlme.c | 3 +- os_unix.c | 7 ++- preauth_test.c | 7 --- radius.c | 3 +- sha1.c | 4 ++ tls_openssl.c | 10 ++-- version.h | 2 +- wpa.c | 8 +-- wpa.h | 1 - wpa_cli.c | 6 ++- wpa_gui-qt4/networkconfig.cpp | 1 + wpa_gui-qt4/scanresults.cpp | 2 + wpa_gui-qt4/wpagui.cpp | 1 + wpa_gui/networkconfig.ui.h | 1 + wpa_gui/userdatarequest.ui.h | 2 + wpa_gui/wpagui.ui.h | 1 + wpa_i.h | 5 -- wpa_supplicant.c | 54 ++++++++++++------- wpa_supplicant_i.h | 5 -- 48 files changed, 401 insertions(+), 237 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1ba2e1c8b2e2..10b1aca4a2a6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,31 @@ ChangeLog for wpa_supplicant +2008-11-28 - v0.5.11 + * fixed race condition between disassociation event and group key + handshake to avoid getting stuck in incorrect state [Bug 261] + * updated D-Bus usage to avoid deprecated functions + * silence SIOCSIWAUTH ioctl failure message (these can be ignored in + most cases and are now only shown in debug output) + * increase timeout for IBSS connection + * driver_wext: do not overwrite BSS frequency if channel was already + received + * driver_wext: set interface down for mode switches, if needed (e.g., + for mac80211) + * driver_wext: fixed re-initialization of a removed and re-inserted + interface (e.g., USB dongle or on resume if driver was unloaded for + suspend) + * improve per-SSID scanning for drivers that report background scan + results frequently + * fixed scanning behavior after a failed initial association + * driver_wext: fixed processing of invalid event messages from kernel + not to crash wpa_supplicant (this could happen when using 64-bit + kernel with 32-bit userspace) + * fixed EAP-AKA to use RES Length field in AT_RES as length in bits, + not bytes + * fixed canceling of PMKSA caching when using drivers that generate + RSN IE and refuse to drop PMKIDs that wpa_supplicant does not know + about + 2008-02-19 - v0.5.10 * added support for Makefile builds to include debug-log-to-a-file functionality (CONFIG_DEBUG_FILE=y and -f on command line) diff --git a/Makefile b/Makefile index 9bcdd83047a4..1e7e383adfc1 100644 --- a/Makefile +++ b/Makefile @@ -149,7 +149,10 @@ endif ifdef CONFIG_DRIVER_NDIS CFLAGS += -DCONFIG_DRIVER_NDIS -OBJS_d += driver_ndis.o driver_ndis_.o +OBJS_d += driver_ndis.o +ifdef CONFIG_NDIS_EVENTS_INTEGRATED +OBJS_d += driver_ndis_.o +endif ifndef CONFIG_L2_PACKET CONFIG_L2_PACKET=pcap endif @@ -745,10 +748,6 @@ ifdef CONFIG_DEBUG_FILE CFLAGS += -DCONFIG_DEBUG_FILE endif -ifdef CONFIG_DEBUG_SYSLOG -CFLAGS += -DCONFIG_DEBUG_SYSLOG -endif - OBJS += wpa_supplicant.o events.o OBJS_t := $(OBJS) eapol_test.o radius.o radius_client.o OBJS_t2 := $(OBJS) preauth_test.o diff --git a/base64.c b/base64.c index 0c33e5881b64..8b1da25dbde6 100644 --- a/base64.c +++ b/base64.c @@ -115,7 +115,7 @@ unsigned char * base64_decode(const unsigned char *src, size_t len, count++; } - if (count % 4) + if (count == 0 || count % 4) return NULL; olen = count / 4 * 3; diff --git a/common.c b/common.c index d0233d88f5d1..f226c68631b8 100644 --- a/common.c +++ b/common.c @@ -16,10 +16,6 @@ #include "common.h" -#ifdef CONFIG_DEBUG_SYSLOG -#include -#endif /* CONFIG_DEBUG_SYSLOG */ - #ifdef CONFIG_DEBUG_FILE static FILE *out_file = NULL; @@ -27,7 +23,6 @@ static FILE *out_file = NULL; int wpa_debug_level = MSG_INFO; int wpa_debug_show_keys = 0; int wpa_debug_timestamp = 0; -int wpa_debug_syslog = 0; static int hex2num(char c) @@ -166,40 +161,6 @@ void wpa_debug_print_timestamp(void) printf("%ld.%06u: ", (long) tv.sec, (unsigned int) tv.usec); } -void wpa_debug_open_syslog(void) -{ -#ifdef CONFIG_DEBUG_SYSLOG - openlog("wpa_supplicant", LOG_PID | LOG_NDELAY, LOG_DAEMON); - wpa_debug_syslog++; -#endif -} - -void wpa_debug_close_syslog(void) -{ -#ifdef CONFIG_DEBUG_SYSLOG - if (wpa_debug_syslog) - closelog(); -#endif -} - -#ifdef CONFIG_DEBUG_SYSLOG -static int syslog_priority(int level) -{ - switch (level) { - case MSG_MSGDUMP: - case MSG_DEBUG: - return LOG_DEBUG; - case MSG_INFO: - return LOG_NOTICE; - case MSG_WARNING: - return LOG_WARNING; - case MSG_ERROR: - return LOG_ERR; - } - return LOG_INFO; -} -#endif /* CONFIG_DEBUG_SYSLOG */ - /** * wpa_printf - conditional printf @@ -218,11 +179,6 @@ void wpa_printf(int level, char *fmt, ...) va_start(ap, fmt); if (level >= wpa_debug_level) { -#ifdef CONFIG_DEBUG_SYSLOG - if (wpa_debug_syslog) { - vsyslog(syslog_priority(level), fmt, ap); - } else { -#endif /* CONFIG_DEBUG_SYSLOG */ wpa_debug_print_timestamp(); #ifdef CONFIG_DEBUG_FILE if (out_file) { @@ -235,9 +191,6 @@ void wpa_printf(int level, char *fmt, ...) #ifdef CONFIG_DEBUG_FILE } #endif /* CONFIG_DEBUG_FILE */ -#ifdef CONFIG_DEBUG_SYSLOG - } -#endif /* CONFIG_DEBUG_SYSLOG */ } va_end(ap); } diff --git a/ctrl_iface.c b/ctrl_iface.c index c84a9f9d75aa..52d5bd90732c 100644 --- a/ctrl_iface.c +++ b/ctrl_iface.c @@ -76,6 +76,7 @@ static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s, } +#ifdef IEEE8021X_EAPOL static int wpa_supplicant_ctrl_iface_preauth(struct wpa_supplicant *wpa_s, char *addr) { @@ -94,6 +95,7 @@ static int wpa_supplicant_ctrl_iface_preauth(struct wpa_supplicant *wpa_s, return 0; } +#endif /* IEEE8021X_EAPOL */ #ifdef CONFIG_PEERKEY @@ -1126,9 +1128,11 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s, wpa_s->reassociate = 1; wpa_supplicant_req_scan(wpa_s, 0, 0); } +#ifdef IEEE8021X_EAPOL } else if (os_strncmp(buf, "PREAUTH ", 8) == 0) { if (wpa_supplicant_ctrl_iface_preauth(wpa_s, buf + 8)) reply_len = -1; +#endif /* IEEE8021X_EAPOL */ #ifdef CONFIG_PEERKEY } else if (os_strncmp(buf, "STKSTART ", 9) == 0) { if (wpa_supplicant_ctrl_iface_stkstart(wpa_s, buf + 9)) diff --git a/ctrl_iface_dbus.c b/ctrl_iface_dbus.c index ba7851694ba4..7475aa42cda0 100644 --- a/ctrl_iface_dbus.c +++ b/ctrl_iface_dbus.c @@ -30,10 +30,10 @@ #include "wpa_ctrl.h" #include "eap.h" -#define DBUS_VERSION (DBUS_VERSION_MAJOR << 8 | DBUS_VERSION_MINOR) +#define _DBUS_VERSION (DBUS_VERSION_MAJOR << 8 | DBUS_VERSION_MINOR) #define DBUS_VER(major, minor) ((major) << 8 | (minor)) -#if DBUS_VERSION < DBUS_VER(1,1) +#if _DBUS_VERSION < DBUS_VER(1,1) #define dbus_watch_get_unix_fd dbus_watch_get_fd #endif diff --git a/ctrl_iface_unix.c b/ctrl_iface_unix.c index 9e4f85fabaad..6c03d464e6b3 100644 --- a/ctrl_iface_unix.c +++ b/ctrl_iface_unix.c @@ -305,7 +305,7 @@ wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s) /* Group name not found - try to parse this as gid */ gid = strtol(gid_str, &endp, 10); if (*gid_str == '\0' || *endp != '\0') { - wpa_printf(MSG_DEBUG, "CTRL: Invalid group " + wpa_printf(MSG_ERROR, "CTRL: Invalid group " "'%s'", gid_str); goto fail; } diff --git a/dbus_dict_helpers.c b/dbus_dict_helpers.c index 2852ed522cd4..b6ea55644335 100644 --- a/dbus_dict_helpers.c +++ b/dbus_dict_helpers.c @@ -629,36 +629,56 @@ dbus_bool_t wpa_dbus_dict_open_read(DBusMessageIter *iter, } +#define BYTE_ARRAY_CHUNK_SIZE 34 +#define BYTE_ARRAY_ITEM_SIZE (sizeof (char)) + static dbus_bool_t _wpa_dbus_dict_entry_get_byte_array( - DBusMessageIter *iter, int array_len, int array_type, + DBusMessageIter *iter, int array_type, struct wpa_dbus_dict_entry *entry) { - dbus_uint32_t i = 0; + dbus_uint32_t count = 0; dbus_bool_t success = FALSE; - char byte; + char *buffer; - /* Zero-length arrays are valid. */ - if (array_len == 0) { - entry->bytearray_value = NULL; - entry->array_type = DBUS_TYPE_BYTE; - success = TRUE; - goto done; - } + entry->bytearray_value = NULL; + entry->array_type = DBUS_TYPE_BYTE; - entry->bytearray_value = wpa_zalloc(array_len * sizeof(char)); - if (!entry->bytearray_value) { + buffer = wpa_zalloc(BYTE_ARRAY_ITEM_SIZE * BYTE_ARRAY_CHUNK_SIZE); + if (!buffer) { perror("_wpa_dbus_dict_entry_get_byte_array[dbus]: out of " "memory"); goto done; } - entry->array_type = DBUS_TYPE_BYTE; - entry->array_len = array_len; + entry->bytearray_value = buffer; + entry->array_len = 0; while (dbus_message_iter_get_arg_type(iter) == DBUS_TYPE_BYTE) { + char byte; + + if ((count % BYTE_ARRAY_CHUNK_SIZE) == 0 && count != 0) { + buffer = realloc(buffer, BYTE_ARRAY_ITEM_SIZE * + (count + BYTE_ARRAY_CHUNK_SIZE)); + if (buffer == NULL) { + perror("_wpa_dbus_dict_entry_get_byte_array[" + "dbus] out of memory trying to " + "retrieve the string array"); + goto done; + } + } + entry->bytearray_value = buffer; + dbus_message_iter_get_basic(iter, &byte); - entry->bytearray_value[i++] = byte; + entry->bytearray_value[count] = byte; + entry->array_len = ++count; dbus_message_iter_next(iter); } + + /* Zero-length arrays are valid. */ + if (entry->array_len == 0) { + free(entry->bytearray_value); + entry->bytearray_value = NULL; + } + success = TRUE; done: @@ -666,8 +686,11 @@ done: } +#define STR_ARRAY_CHUNK_SIZE 8 +#define STR_ARRAY_ITEM_SIZE (sizeof (char *)) + static dbus_bool_t _wpa_dbus_dict_entry_get_string_array( - DBusMessageIter *iter, int array_len, int array_type, + DBusMessageIter *iter, int array_type, struct wpa_dbus_dict_entry *entry) { dbus_uint32_t count = 0; @@ -677,13 +700,7 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_string_array( entry->strarray_value = NULL; entry->array_type = DBUS_TYPE_STRING; - /* Zero-length arrays are valid. */ - if (array_len == 0) { - success = TRUE; - goto done; - } - - buffer = wpa_zalloc(sizeof (char *) * 8); + buffer = wpa_zalloc(STR_ARRAY_ITEM_SIZE * STR_ARRAY_CHUNK_SIZE); if (buffer == NULL) { perror("_wpa_dbus_dict_entry_get_string_array[dbus] out of " "memory trying to retrieve a string array"); @@ -696,18 +713,15 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_string_array( const char *value; char *str; - if ((count % 8) == 0 && count != 0) { - char **tmp; - tmp = realloc(buffer, sizeof(char *) * (count + 8)); - if (tmp == NULL) { + if ((count % STR_ARRAY_CHUNK_SIZE) == 0 && count != 0) { + buffer = realloc(buffer, STR_ARRAY_ITEM_SIZE * + (count + STR_ARRAY_CHUNK_SIZE)); + if (buffer == NULL) { perror("_wpa_dbus_dict_entry_get_string_array[" "dbus] out of memory trying to " "retrieve the string array"); - free(buffer); - buffer = NULL; goto done; } - buffer = tmp; } entry->strarray_value = buffer; @@ -723,6 +737,13 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_string_array( entry->array_len = ++count; dbus_message_iter_next(iter); } + + /* Zero-length arrays are valid. */ + if (entry->array_len == 0) { + free(entry->strarray_value); + entry->strarray_value = NULL; + } + success = TRUE; done: @@ -734,7 +755,6 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_array( DBusMessageIter *iter_dict_val, struct wpa_dbus_dict_entry *entry) { int array_type = dbus_message_iter_get_element_type(iter_dict_val); - int array_len; dbus_bool_t success = FALSE; DBusMessageIter iter_array; @@ -743,20 +763,14 @@ static dbus_bool_t _wpa_dbus_dict_entry_get_array( dbus_message_iter_recurse(iter_dict_val, &iter_array); - array_len = dbus_message_iter_get_array_len(&iter_array); - if (array_len < 0) - return FALSE; - switch (array_type) { case DBUS_TYPE_BYTE: success = _wpa_dbus_dict_entry_get_byte_array(&iter_array, - array_len, array_type, entry); break; case DBUS_TYPE_STRING: success = _wpa_dbus_dict_entry_get_string_array(&iter_array, - array_len, array_type, entry); break; @@ -946,9 +960,17 @@ void wpa_dbus_dict_entry_clear(struct wpa_dbus_dict_entry *entry) break; case DBUS_TYPE_ARRAY: switch (entry->array_type) { - case DBUS_TYPE_BYTE: - free(entry->bytearray_value); - break; + case DBUS_TYPE_BYTE: { + free(entry->bytearray_value); + break; + } + case DBUS_TYPE_STRING: { + unsigned int i; + for (i = 0; i < entry->array_len; i++) + free(entry->strarray_value[i]); + free(entry->strarray_value); + break; + } } break; } diff --git a/defconfig b/defconfig index 73e5da555915..52165988a883 100644 --- a/defconfig +++ b/defconfig @@ -321,6 +321,3 @@ CONFIG_PEERKEY=y # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) #CONFIG_DEBUG_FILE=y - -# Add support for logging via syslog -#CONFIG_DEBUG_SYSLOG=y diff --git a/doc/docbook/wpa_background.8 b/doc/docbook/wpa_background.8 index 6244529e69a9..c62f5e067ae2 100644 --- a/doc/docbook/wpa_background.8 +++ b/doc/docbook/wpa_background.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "WPA_BACKGROUND" "8" "19 February 2008" "" "" +.TH "WPA_BACKGROUND" "8" "28 November 2008" "" "" .SH NAME wpa_background \- Background information on Wi-Fi Protected Access and IEEE 802.11i diff --git a/doc/docbook/wpa_cli.8 b/doc/docbook/wpa_cli.8 index 0865264a69a2..43cc43d72910 100644 --- a/doc/docbook/wpa_cli.8 +++ b/doc/docbook/wpa_cli.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "WPA_CLI" "8" "19 February 2008" "" "" +.TH "WPA_CLI" "8" "28 November 2008" "" "" .SH NAME wpa_cli \- WPA command line client @@ -57,17 +57,18 @@ current network. is description of the request. In case of OTP request, it includes the challenge from the authentication server. .PP -The reply to these requests can be given with 'identity', -'password', and 'otp' commands. needs to be copied from the -the matching request. 'password' and 'otp' commands can be used -regardless of whether the request was for PASSWORD or OTP. The -main difference between these two commands is that values given -with 'password' are remembered as long as wpa_supplicant is -running whereas values given with 'otp' are used only once and -then forgotten, i.e., wpa_supplicant will ask frontend for a new -value for every use. This can be used to implement -one-time-password lists and generic token card -based -authentication. +The reply to these requests can be given with +\fBidentity\fR, \fBpassword\fR, and +\fBotp\fR commands. needs to be copied from +the matching request. \fBpassword\fR and +\fBotp\fR commands can be used regardless of whether +the request was for PASSWORD or OTP. The main difference between these +two commands is that values given with \fBpassword\fR are +remembered as long as wpa_supplicant is running whereas values given +with \fBotp\fR are used only once and then forgotten, +i.e., wpa_supplicant will ask frontend for a new value for every use. +This can be used to implement one-time-password lists and generic token +card -based authentication. .PP Example request for password and a matching reply: .sp diff --git a/doc/docbook/wpa_cli.sgml b/doc/docbook/wpa_cli.sgml index 8430599efb73..ade036210e4c 100644 --- a/doc/docbook/wpa_cli.sgml +++ b/doc/docbook/wpa_cli.sgml @@ -72,17 +72,18 @@ case of OTP request, it includes the challenge from the authentication server. - The reply to these requests can be given with 'identity', - 'password', and 'otp' commands. <id> needs to be copied from the - the matching request. 'password' and 'otp' commands can be used - regardless of whether the request was for PASSWORD or OTP. The - main difference between these two commands is that values given - with 'password' are remembered as long as wpa_supplicant is - running whereas values given with 'otp' are used only once and - then forgotten, i.e., wpa_supplicant will ask frontend for a new - value for every use. This can be used to implement - one-time-password lists and generic token card -based - authentication. + The reply to these requests can be given with + identity, password, and + otp commands. <id> needs to be copied from + the matching request. password and + otp commands can be used regardless of whether + the request was for PASSWORD or OTP. The main difference between these + two commands is that values given with password are + remembered as long as wpa_supplicant is running whereas values given + with otp are used only once and then forgotten, + i.e., wpa_supplicant will ask frontend for a new value for every use. + This can be used to implement one-time-password lists and generic token + card -based authentication. Example request for password and a matching reply: diff --git a/doc/docbook/wpa_passphrase.8 b/doc/docbook/wpa_passphrase.8 index a0f5c7039863..52faebba5666 100644 --- a/doc/docbook/wpa_passphrase.8 +++ b/doc/docbook/wpa_passphrase.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "WPA_PASSPHRASE" "8" "19 February 2008" "" "" +.TH "WPA_PASSPHRASE" "8" "28 November 2008" "" "" .SH NAME wpa_passphrase \- Generate a WPA PSK from an ASCII passphrase for a SSID diff --git a/doc/docbook/wpa_supplicant.8 b/doc/docbook/wpa_supplicant.8 index 1a5697d84229..e7d8406413bb 100644 --- a/doc/docbook/wpa_supplicant.8 +++ b/doc/docbook/wpa_supplicant.8 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "WPA_SUPPLICANT" "8" "19 February 2008" "" "" +.TH "WPA_SUPPLICANT" "8" "28 November 2008" "" "" .SH NAME wpa_supplicant \- Wi-Fi Protected Access client and IEEE 802.1X supplicant @@ -214,7 +214,11 @@ PMKSA caching .RE .SH "AVAILABLE DRIVERS" .PP -The available drivers to specify with the -D option are: +A summary of available driver backends is below. Support for each +of the driver backends is chosen at wpa_supplicant compile time. For a +list of supported driver backends that may be used with the -D option on +your system, refer to the help output of wpa_supplicant +(\fBwpa_supplicant -h\fR). .TP \fBhostap\fR (default) Host AP driver (Intersil Prism2/2.5/3). @@ -250,33 +254,47 @@ BSD 802.11 support (Atheros, etc.). \fBndis\fR Windows NDIS driver. .SH "COMMAND LINE OPTIONS" +.PP +Most command line options have global scope. Some are given per +interface, and are only valid if at least one \fB-i\fR option +is specified, otherwise they're ignored. Option groups for different +interfaces must be separated by \fB-N\fR option. +.TP +\fB-b br_ifname\fR +Optional bridge interface name. (Per interface) .TP \fB-B\fR Run daemon in the background. .TP \fB-i ifname\fR -Interface to listen on. +Interface to listen on. Multiple instances of this option can +be present, one per interface, separated by \fB-N\fR +option (see below). .TP \fB-c filename\fR -Path to configuration file. +Path to configuration file. (Per interface) .TP \fB-P PID_file\fR Path to PID file. .TP \fB-C ctrl_interface\fR -Path to ctrl_interface socket (only used if -c is not). +Path to ctrl_interface socket (Per interface. Only used if +\fB-c\fR is not). .TP \fB-g global ctrl_interface\fR -Path to global ctrl_interface socket. +Path to global ctrl_interface socket. If specified, interface +definitions may be omitted. .TP \fB-D driver\fR -Driver to use. See the available options below. +Driver to use. (Per interface, see the available options +below.) .TP \fB-f output file\fR Log output to specified file instead of stdout. .TP \fB-d\fR -Increase debugging verbosity (-dd even more). +Increase debugging verbosity (\fB-dd\fR even +more). .TP \fB-K\fR Include keys (passwords, etc.) in debug output. @@ -296,7 +314,12 @@ Help. Show a usage message. Show license (GPL and BSD). .TP \fB-q\fR -Decrease debugging verbosity (-qq even less). +Decrease debugging verbosity (\fB-qq\fR even +less). +.TP +\fB-u\fR +Enabled DBus control interface. If enabled, interface +definitions may be omitted. .TP \fB-v\fR Show version. @@ -367,9 +390,9 @@ with other versions) .TP \fBHost AP driver for Prism2/2.5/3 (development snapshot/v0.2.x)\fR (http://hostap.epitest.fi/) Driver needs to be set in -Managed mode ('iwconfig wlan0 mode managed'). Please note -that station firmware version needs to be 1.7.0 or newer to -work in WPA mode. +Managed mode (\fBiwconfig wlan0 mode managed\fR). +Please note that station firmware version needs to be 1.7.0 or +newer to work in WPA mode. .TP \fBLinuxant DriverLoader\fR (http://www.linuxant.com/driverloader/) @@ -506,8 +529,8 @@ can be used to enable WPA support: Add MODE="Managed" and WPA="y" to the network scheme in \fI/etc/pcmcia/wireless.opts\fR\&. .PP -Add the following block to the end of 'start' action handler -in \fI/etc/pcmcia/wireless\fR: +Add the following block to the end of \fBstart\fR +action handler in \fI/etc/pcmcia/wireless\fR: .sp .RS @@ -519,8 +542,8 @@ fi .fi .RE .PP -Add the following block to the end of 'stop' action handler -(may need to be separated from other actions) in +Add the following block to the end of \fBstop\fR +action handler (may need to be separated from other actions) in \fI/etc/pcmcia/wireless\fR: .sp .RS diff --git a/doc/docbook/wpa_supplicant.conf.5 b/doc/docbook/wpa_supplicant.conf.5 index efe17cc8762b..494b8a21d1e5 100644 --- a/doc/docbook/wpa_supplicant.conf.5 +++ b/doc/docbook/wpa_supplicant.conf.5 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "WPA_SUPPLICANT.CONF" "5" "19 February 2008" "" "" +.TH "WPA_SUPPLICANT.CONF" "5" "28 November 2008" "" "" .SH NAME wpa_supplicant.conf \- configuration file for wpa_supplicant @@ -24,7 +24,7 @@ run in the background. Changes to configuration file can be reloaded be sending SIGHUP signal to \fBwpa_supplicant\fR ('killall -HUP wpa_supplicant'). Similarly, reloading can be triggered with -the 'wpa_cli reconfigure' command. +the \fBwpa_cli reconfigure\fR command. .PP Configuration file can include one or more network blocks, e.g., one for each used SSID. wpa_supplicant will automatically @@ -179,7 +179,7 @@ network={ .TP 3 6. Authentication for wired Ethernet. This can be used with -'wired' interface (-Dwired on command line). +\fBwired\fR interface (-Dwired on command line). .sp .RS diff --git a/doc/docbook/wpa_supplicant.conf.sgml b/doc/docbook/wpa_supplicant.conf.sgml index 082509cc77aa..063e88298af5 100644 --- a/doc/docbook/wpa_supplicant.conf.sgml +++ b/doc/docbook/wpa_supplicant.conf.sgml @@ -26,7 +26,7 @@ Changes to configuration file can be reloaded be sending SIGHUP signal to wpa_supplicant ('killall -HUP wpa_supplicant'). Similarly, reloading can be triggered with - the 'wpa_cli reconfigure' command. + the wpa_cli reconfigure command. Configuration file can include one or more network blocks, e.g., one for each used SSID. wpa_supplicant will automatically @@ -179,7 +179,7 @@ network={ Authentication for wired Ethernet. This can be used with - 'wired' interface (-Dwired on command line). + wired interface (-Dwired on command line).
ctrl_interface=/var/run/wpa_supplicant diff --git a/doc/docbook/wpa_supplicant.sgml b/doc/docbook/wpa_supplicant.sgml index b46d13c1f9ef..ad570badd198 100644 --- a/doc/docbook/wpa_supplicant.sgml +++ b/doc/docbook/wpa_supplicant.sgml @@ -241,7 +241,11 @@ Available Drivers - The available drivers to specify with the -D option are: + A summary of available driver backends is below. Support for each + of the driver backends is chosen at wpa_supplicant compile time. For a + list of supported driver backends that may be used with the -D option on + your system, refer to the help output of wpa_supplicant + (wpa_supplicant -h). @@ -326,7 +330,18 @@ Command Line Options + Most command line options have global scope. Some are given per + interface, and are only valid if at least one option + is specified, otherwise they're ignored. Option groups for different + interfaces must be separated by option. + + -b br_ifname + + Optional bridge interface name. (Per interface) + + + -B @@ -337,14 +352,16 @@ -i ifname - Interface to listen on. + Interface to listen on. Multiple instances of this option can + be present, one per interface, separated by + option (see below). -c filename - Path to configuration file. + Path to configuration file. (Per interface) @@ -358,21 +375,24 @@ -C ctrl_interface - Path to ctrl_interface socket (only used if -c is not). + Path to ctrl_interface socket (Per interface. Only used if + is not). -g global ctrl_interface - Path to global ctrl_interface socket. + Path to global ctrl_interface socket. If specified, interface + definitions may be omitted. -D driver - Driver to use. See the available options below. + Driver to use. (Per interface, see the available options + below.) @@ -386,7 +406,8 @@ -d - Increase debugging verbosity (-dd even more). + Increase debugging verbosity ( even + more). @@ -430,9 +451,19 @@ -q - Decrease debugging verbosity (-qq even less). + Decrease debugging verbosity ( even + less). + + + -u + + Enabled DBus control interface. If enabled, interface + definitions may be omitted. + + + -v @@ -523,9 +554,9 @@ wpa_supplicant \ snapshot/v0.2.x) (http://hostap.epitest.fi/) Driver needs to be set in - Managed mode ('iwconfig wlan0 mode managed'). Please note - that station firmware version needs to be 1.7.0 or newer to - work in WPA mode. + Managed mode (iwconfig wlan0 mode managed). + Please note that station firmware version needs to be 1.7.0 or + newer to work in WPA mode. @@ -729,8 +760,8 @@ wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B Add MODE="Managed" and WPA="y" to the network scheme in /etc/pcmcia/wireless.opts. - Add the following block to the end of 'start' action handler - in /etc/pcmcia/wireless: + Add the following block to the end of start + action handler in /etc/pcmcia/wireless:
if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then @@ -739,8 +770,8 @@ fi
- Add the following block to the end of 'stop' action handler - (may need to be separated from other actions) in + Add the following block to the end of stop + action handler (may need to be separated from other actions) in /etc/pcmcia/wireless:
diff --git a/driver_hostap.h b/driver_hostap.h index a83322f7e237..a2508ed924f6 100644 --- a/driver_hostap.h +++ b/driver_hostap.h @@ -84,9 +84,9 @@ enum { #define PRISM2_HOSTAPD_MAX_BUF_SIZE 1024 #define PRISM2_HOSTAPD_RID_HDR_LEN \ -((int) (&((struct prism2_hostapd_param *) 0)->u.rid.data)) +((size_t) (&((struct prism2_hostapd_param *) 0)->u.rid.data)) #define PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN \ -((int) (&((struct prism2_hostapd_param *) 0)->u.generic_elem.data)) +((size_t) (&((struct prism2_hostapd_param *) 0)->u.generic_elem.data)) /* Maximum length for algorithm names (-1 for nul termination) used in ioctl() */ diff --git a/driver_ndis.c b/driver_ndis.c index 570b4ca1a183..de3430631177 100644 --- a/driver_ndis.c +++ b/driver_ndis.c @@ -42,7 +42,9 @@ int close(int fd); #include "driver_ndis.h" int wpa_driver_register_event_cb(struct wpa_driver_ndis_data *drv); +#ifdef CONFIG_NDIS_EVENTS_INTEGRATED void wpa_driver_ndis_event_pipe_cb(void *eloop_data, void *user_data); +#endif /* CONFIG_NDIS_EVENTS_INTEGRATED */ static void wpa_driver_ndis_deinit(void *priv); static void wpa_driver_ndis_poll(void *drv); diff --git a/eap.c b/eap.c index a5cd9824fc62..8021e80ff120 100644 --- a/eap.c +++ b/eap.c @@ -892,7 +892,7 @@ static int eap_sm_imsi_identity(struct eap_sm *sm, struct wpa_ssid *ssid) #endif /* PCSC_FUNCS */ -static int eap_sm_get_scard_identity(struct eap_sm *sm, struct wpa_ssid *ssid) +static int eap_sm_set_scard_pin(struct eap_sm *sm, struct wpa_ssid *ssid) { #ifdef PCSC_FUNCS if (scard_set_pin(sm->scard_ctx, ssid->pin)) { @@ -907,6 +907,17 @@ static int eap_sm_get_scard_identity(struct eap_sm *sm, struct wpa_ssid *ssid) eap_sm_request_pin(sm); return -1; } + return 0; +#else /* PCSC_FUNCS */ + return -1; +#endif /* PCSC_FUNCS */ +} + +static int eap_sm_get_scard_identity(struct eap_sm *sm, struct wpa_ssid *ssid) +{ +#ifdef PCSC_FUNCS + if (eap_sm_set_scard_pin(sm, ssid)) + return -1; return eap_sm_imsi_identity(sm, ssid); #else /* PCSC_FUNCS */ @@ -973,6 +984,9 @@ u8 * eap_sm_buildIdentity(struct eap_sm *sm, int id, size_t *len, eap_sm_request_identity(sm); return NULL; } + } else if (config->pcsc) { + if (eap_sm_set_scard_pin(sm, config) < 0) + return NULL; } *len = sizeof(struct eap_hdr) + 1 + identity_len; diff --git a/eap_aka.c b/eap_aka.c index a8b56ca67302..daf7722f124f 100644 --- a/eap_aka.c +++ b/eap_aka.c @@ -292,7 +292,7 @@ static u8 * eap_aka_response_challenge(struct eap_aka_data *data, msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier, EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE); wpa_printf(MSG_DEBUG, " AT_RES"); - eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len, + eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len * 8, data->res, data->res_len); wpa_printf(MSG_DEBUG, " AT_MAC"); eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC); diff --git a/eap_gpsk.c b/eap_gpsk.c index 81b03ede5991..a9af85ca8dff 100644 --- a/eap_gpsk.c +++ b/eap_gpsk.c @@ -240,8 +240,8 @@ const u8 * eap_gpsk_process_csuite_list(struct eap_sm *sm, return NULL; } if (*list_len == 0 || (*list_len % sizeof(struct eap_gpsk_csuite))) { - wpa_printf(MSG_DEBUG, "EAP-GPSK: Invalid CSuite_List len %d", - *list_len); + wpa_printf(MSG_DEBUG, "EAP-GPSK: Invalid CSuite_List len %lu", + (unsigned long) *list_len); return NULL; } *list = pos; @@ -460,6 +460,7 @@ const u8 * eap_gpsk_validate_id_server(struct eap_gpsk_data *data, data->id_server, data->id_server_len); wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Server in GPSK-3", pos, len); + return NULL; } pos += len; @@ -537,7 +538,9 @@ const u8 * eap_gpsk_validate_gpsk_3_mic(struct eap_gpsk_data *data, miclen = eap_gpsk_mic_len(data->vendor, data->specifier); if (end - pos < (int) miclen) { wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for MIC " - "(left=%d miclen=%d)", end - pos, miclen); + "(left=%lu miclen=%lu)", + (unsigned long) (end - pos), + (unsigned long) miclen); return NULL; } if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor, @@ -589,8 +592,9 @@ static u8 * eap_gpsk_process_gpsk_3(struct eap_sm *sm, return NULL; } if (pos != end) { - wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %d bytes of extra " - "data in the end of GPSK-2", end - pos); + wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %lu bytes of extra " + "data in the end of GPSK-2", + (unsigned long) (end - pos)); } req = (const struct eap_hdr *) reqData; diff --git a/eap_gpsk_common.c b/eap_gpsk_common.c index 7422fa6c48f9..ec97a56f0b44 100644 --- a/eap_gpsk_common.c +++ b/eap_gpsk_common.c @@ -376,8 +376,8 @@ static int eap_gpsk_compute_mic_aes(const u8 *sk, size_t sk_len, const u8 *data, size_t len, u8 *mic) { if (sk_len != 16) { - wpa_printf(MSG_DEBUG, "EAP-GPSK: Invalid SK length %d for " - "AES-CMAC MIC", sk_len); + wpa_printf(MSG_DEBUG, "EAP-GPSK: Invalid SK length %lu for " + "AES-CMAC MIC", (unsigned long) sk_len); return -1; } diff --git a/eap_ttls.c b/eap_ttls.c index ca0069439ac4..bdffed41740b 100644 --- a/eap_ttls.c +++ b/eap_ttls.c @@ -673,7 +673,7 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm, /* MS-CHAP-Challenge */ challenge = eap_ttls_implicit_challenge( - sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN * 2 + 1); + sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1); if (challenge == NULL) { os_free(buf); wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive " @@ -777,7 +777,8 @@ static int eap_ttls_phase2_request_mschap(struct eap_sm *sm, config->identity, config->identity_len); /* MS-CHAP-Challenge */ - challenge = eap_ttls_implicit_challenge(sm, data, EAP_TLS_KEY_LEN); + challenge = eap_ttls_implicit_challenge( + sm, data, EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1); if (challenge == NULL) { os_free(buf); wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAP: Failed to derive " @@ -907,7 +908,8 @@ static int eap_ttls_phase2_request_chap(struct eap_sm *sm, config->identity, config->identity_len); /* CHAP-Challenge */ - challenge = eap_ttls_implicit_challenge(sm, data, EAP_TLS_KEY_LEN); + challenge = eap_ttls_implicit_challenge( + sm, data, EAP_TTLS_CHAP_CHALLENGE_LEN + 1); if (challenge == NULL) { os_free(buf); wpa_printf(MSG_ERROR, "EAP-TTLS/CHAP: Failed to derive " diff --git a/eloop.c b/eloop.c index 232e7533cab2..9cac792615bb 100644 --- a/eloop.c +++ b/eloop.c @@ -232,7 +232,10 @@ int eloop_register_timeout(unsigned int secs, unsigned int usecs, timeout = os_malloc(sizeof(*timeout)); if (timeout == NULL) return -1; - os_get_time(&timeout->time); + if (os_get_time(&timeout->time) < 0) { + os_free(timeout); + return -1; + } timeout->time.sec += secs; timeout->time.usec += usecs; while (timeout->time.usec >= 1000000) { @@ -302,6 +305,25 @@ int eloop_cancel_timeout(eloop_timeout_handler handler, } +int eloop_is_timeout_registered(eloop_timeout_handler handler, + void *eloop_data, void *user_data) +{ + struct eloop_timeout *tmp; + + tmp = eloop.timeout; + while (tmp != NULL) { + if (tmp->handler == handler && + tmp->eloop_data == eloop_data && + tmp->user_data == user_data) + return 1; + + tmp = tmp->next; + } + + return 0; +} + + #ifndef CONFIG_NATIVE_WINDOWS static void eloop_handle_alarm(int sig) { diff --git a/eloop.h b/eloop.h index 4dd2871760df..cf83f3836555 100644 --- a/eloop.h +++ b/eloop.h @@ -206,6 +206,19 @@ int eloop_register_timeout(unsigned int secs, unsigned int usecs, int eloop_cancel_timeout(eloop_timeout_handler handler, void *eloop_data, void *user_data); +/** + * eloop_is_timeout_registered - Check if a timeout is already registered + * @handler: Matching callback function + * @eloop_data: Matching eloop_data + * @user_data: Matching user_data + * Returns: 1 if the timeout is registered, 0 if the timeout is not registered + * + * Determine if a matching timeout is registered + * with eloop_register_timeout(). + */ +int eloop_is_timeout_registered(eloop_timeout_handler handler, + void *eloop_data, void *user_data); + /** * eloop_register_signal - Register handler for signals * @sig: Signal number (e.g., SIGHUP) diff --git a/eloop_none.c b/eloop_none.c index 6943109d955f..215030b2135f 100644 --- a/eloop_none.c +++ b/eloop_none.c @@ -197,6 +197,26 @@ int eloop_cancel_timeout(void (*handler)(void *eloop_ctx, void *sock_ctx), } +int eloop_is_timeout_registered(void (*handler)(void *eloop_ctx, + void *timeout_ctx), + void *eloop_data, void *user_data) +{ + struct eloop_timeout *tmp; + + tmp = eloop.timeout; + while (tmp != NULL) { + if (tmp->handler == handler && + tmp->eloop_data == eloop_data && + tmp->user_data == user_data) + return 1; + + tmp = tmp->next; + } + + return 0; +} + + /* TODO: replace with suitable signal handler */ #if 0 static void eloop_handle_signal(int sig) diff --git a/eloop_win.c b/eloop_win.c index 73f0eafeeb8b..a1ccd94a3d71 100644 --- a/eloop_win.c +++ b/eloop_win.c @@ -320,6 +320,25 @@ int eloop_cancel_timeout(eloop_timeout_handler handler, } +int eloop_is_timeout_registered(eloop_timeout_handler handler, + void *eloop_data, void *user_data) +{ + struct eloop_timeout *tmp; + + tmp = eloop.timeout; + while (tmp != NULL) { + if (tmp->handler == handler && + tmp->eloop_data == eloop_data && + tmp->user_data == user_data) + return 1; + + tmp = tmp->next; + } + + return 0; +} + + /* TODO: replace with suitable signal handler */ #if 0 static void eloop_handle_signal(int sig) diff --git a/main.c b/main.c index 5fe4e7bdba18..f371561cde66 100644 --- a/main.c +++ b/main.c @@ -39,7 +39,7 @@ static void usage(void) int i; printf("%s\n\n%s\n" "usage:\n" - " wpa_supplicant [-BddhKLqqstuvwW] [-P] " + " wpa_supplicant [-BddhKLqqtuvwW] [-P] " "[-g] \\\n" " -i -c [-C] [-D] " "[-p] \\\n" @@ -77,9 +77,6 @@ static void usage(void) printf(" -p = driver parameters\n" " -P = PID file\n" " -q = decrease debugging verbosity (-qq even less)\n" -#ifdef CONFIG_DEBUG_SYSLOG - " -s = log output to syslog instead of stdout\n" -#endif /* CONFIG_DEBUG_SYSLOG */ #ifdef CONFIG_CTRL_IFACE_DBUS " -u = enable DBus control interface\n" #endif /* CONFIG_CTRL_IFACE_DBUS */ @@ -150,7 +147,7 @@ int main(int argc, char *argv[]) wpa_supplicant_fd_workaround(); for (;;) { - c = getopt(argc, argv, "b:Bc:C:D:df:g:hi:KLNp:P:qstuvwW"); + c = getopt(argc, argv, "b:Bc:C:D:df:g:hi:KLNp:P:qtuvwW"); if (c < 0) break; switch (c) { @@ -211,11 +208,6 @@ int main(int argc, char *argv[]) case 'q': params.wpa_debug_level++; break; -#ifdef CONFIG_DEBUG_SYSLOG - case 's': - params.wpa_debug_syslog++; - break; -#endif /* CONFIG_DEBUG_SYSLOG */ case 't': params.wpa_debug_timestamp++; break; diff --git a/mlme.c b/mlme.c index 92b59598b50e..e618e2abb7bd 100644 --- a/mlme.c +++ b/mlme.c @@ -985,8 +985,6 @@ static void ieee80211_send_probe_req(struct wpa_supplicant *wpa_s, supp_rates[1] = 0; for (i = 0; i < wpa_s->mlme.num_curr_rates; i++) { struct wpa_rate_data *rate = &wpa_s->mlme.curr_rates[i]; - if (!(rate->flags & WPA_RATE_SUPPORTED)) - continue; if (esupp_rates) { pos = buf + len; len++; @@ -996,6 +994,7 @@ static void ieee80211_send_probe_req(struct wpa_supplicant *wpa_s, esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES; esupp_rates[1] = 1; pos = &esupp_rates[2]; + len += 3; } else { pos = buf + len; len++; diff --git a/os_unix.c b/os_unix.c index 69ba25a3e856..7e3ab4adb4a5 100644 --- a/os_unix.c +++ b/os_unix.c @@ -216,7 +216,12 @@ char * os_readfile(const char *name, size_t *len) return NULL; } - fread(buf, 1, *len, f); + if (fread(buf, 1, *len, f) != *len) { + fclose(f); + free(buf); + return NULL; + } + fclose(f); return buf; diff --git a/preauth_test.c b/preauth_test.c index bd31d8b443e9..6758d9e90c2f 100644 --- a/preauth_test.c +++ b/preauth_test.c @@ -44,12 +44,6 @@ struct preauth_test_data { }; -static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec) -{ - wpa_supplicant_req_scan(wpa_s, sec, usec); -} - - static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code) { wpa_supplicant_disassociate(wpa_s, reason_code); @@ -254,7 +248,6 @@ static void wpa_init_conf(struct wpa_supplicant *wpa_s, const char *ifname) ctx->ctx = wpa_s; ctx->set_state = _wpa_supplicant_set_state; ctx->get_state = _wpa_supplicant_get_state; - ctx->req_scan = _wpa_supplicant_req_scan; ctx->deauthenticate = _wpa_supplicant_deauthenticate; ctx->disassociate = _wpa_supplicant_disassociate; ctx->set_key = wpa_supplicant_set_key; diff --git a/radius.c b/radius.c index 743f3400f1de..afa4f933ee98 100644 --- a/radius.c +++ b/radius.c @@ -801,6 +801,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len, ppos = plain = os_malloc(plen); if (plain == NULL) return NULL; + plain[0] = 0; while (left > 0) { /* b(1) = MD5(Secret + Request-Authenticator + Salt) @@ -825,7 +826,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len, left -= MD5_MAC_LEN; } - if (plain[0] > plen - 1) { + if (plain[0] == 0 || plain[0] > plen - 1) { printf("Failed to decrypt MPPE key\n"); os_free(plain); return NULL; diff --git a/sha1.c b/sha1.c index 194db1601d1e..e53c8452ddd8 100644 --- a/sha1.c +++ b/sha1.c @@ -265,6 +265,10 @@ int tls_prf(const u8 *secret, size_t secret_len, const char *label, L_S1 = L_S2 = (secret_len + 1) / 2; S1 = secret; S2 = secret + L_S1; + if (secret_len & 1) { + /* The last byte of S1 will be shared with S2 */ + S2--; + } hmac_md5_vector(S1, L_S1, 2, &MD5_addr[1], &MD5_len[1], A_MD5); hmac_sha1_vector(S2, L_S2, 2, &SHA1_addr[1], &SHA1_len[1], A_SHA1); diff --git a/tls_openssl.c b/tls_openssl.c index d5aafaaa89d4..cb6b97434e46 100644 --- a/tls_openssl.c +++ b/tls_openssl.c @@ -871,6 +871,7 @@ struct tls_connection * tls_connection_init(void *ssl_ctx) { SSL_CTX *ssl = ssl_ctx; struct tls_connection *conn; + long options; conn = os_zalloc(sizeof(*conn)); if (conn == NULL) @@ -884,9 +885,12 @@ struct tls_connection * tls_connection_init(void *ssl_ctx) } SSL_set_app_data(conn->ssl, conn); - SSL_set_options(conn->ssl, - SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | - SSL_OP_SINGLE_DH_USE); + options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | + SSL_OP_SINGLE_DH_USE; +#ifdef SSL_OP_NO_COMPRESSION + options |= SSL_OP_NO_COMPRESSION; +#endif /* SSL_OP_NO_COMPRESSION */ + SSL_set_options(conn->ssl, options); conn->ssl_in = BIO_new(BIO_s_mem()); if (!conn->ssl_in) { diff --git a/version.h b/version.h index 364d8aea9657..fa00fcca0f7d 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ #ifndef VERSION_H #define VERSION_H -#define VERSION_STR "0.5.10" +#define VERSION_STR "0.5.11" #endif /* VERSION_H */ diff --git a/wpa.c b/wpa.c index 5669e6a330e5..7ef746a95acc 100644 --- a/wpa.c +++ b/wpa.c @@ -65,8 +65,7 @@ static const u8 WPA_CIPHER_SUITE_WEP104[] = { 0x00, 0x50, 0xf2, 5 }; struct wpa_ie_hdr { u8 elem_id; u8 len; - u8 oui[3]; - u8 oui_type; + u8 oui[4]; /* 24-bit OUI followed by 8-bit OUI type */ u8 version[2]; } STRUCT_PACKED; @@ -1406,7 +1405,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm, "caching attempt"); sm->cur_pmksa = NULL; abort_cached = 1; - } else { + } else if (!abort_cached) { return -1; } } @@ -1567,7 +1566,6 @@ static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm, MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr), wpa_cipher_txt(sm->pairwise_cipher), wpa_cipher_txt(sm->group_cipher)); - eloop_cancel_timeout(sm->ctx->scan, sm->ctx->ctx, NULL); wpa_sm_cancel_auth_timeout(sm); wpa_sm_set_state(sm, WPA_COMPLETED); @@ -1904,7 +1902,6 @@ static void wpa_report_ie_mismatch(struct wpa_sm *sm, } wpa_sm_disassociate(sm, REASON_IE_IN_4WAY_DIFFERS); - wpa_sm_req_scan(sm, 0, 0); } @@ -3798,7 +3795,6 @@ static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, os_memset(sm->pmk, 0, sizeof(sm->pmk)); wpa_sm_deauthenticate(sm, REASON_UNSPECIFIED); - wpa_sm_req_scan(sm, 0, 0); } } diff --git a/wpa.h b/wpa.h index df075c35d101..8a9ae7694ad6 100644 --- a/wpa.h +++ b/wpa.h @@ -59,7 +59,6 @@ struct wpa_sm_ctx { void (*set_state)(void *ctx, wpa_states state); wpa_states (*get_state)(void *ctx); - void (*req_scan)(void *ctx, int sec, int usec); void (*deauthenticate)(void * ctx, int reason_code); void (*disassociate)(void *ctx, int reason_code); int (*set_key)(void *ctx, wpa_alg alg, diff --git a/wpa_cli.c b/wpa_cli.c index 7176c956af67..6c3a8818245a 100644 --- a/wpa_cli.c +++ b/wpa_cli.c @@ -1081,6 +1081,7 @@ static int wpa_cli_exec(const char *program, const char *arg1, { char *cmd; size_t len; + int ret = 0; len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3; cmd = os_malloc(len); @@ -1089,11 +1090,12 @@ static int wpa_cli_exec(const char *program, const char *arg1, os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2); cmd[len - 1] = '\0'; #ifndef _WIN32_WCE - system(cmd); + if (system(cmd) < 0) + ret = -1; #endif /* _WIN32_WCE */ os_free(cmd); - return 0; + return ret; } diff --git a/wpa_gui-qt4/networkconfig.cpp b/wpa_gui-qt4/networkconfig.cpp index 6ea35e0a259a..b8e17ac29403 100644 --- a/wpa_gui-qt4/networkconfig.cpp +++ b/wpa_gui-qt4/networkconfig.cpp @@ -12,6 +12,7 @@ * See README and COPYING for more details. */ +#include #include #include "networkconfig.h" diff --git a/wpa_gui-qt4/scanresults.cpp b/wpa_gui-qt4/scanresults.cpp index 57cf71637ce9..75d1c5146bfd 100644 --- a/wpa_gui-qt4/scanresults.cpp +++ b/wpa_gui-qt4/scanresults.cpp @@ -14,6 +14,8 @@ #include +#include + #include "scanresults.h" #include "wpagui.h" #include "networkconfig.h" diff --git a/wpa_gui-qt4/wpagui.cpp b/wpa_gui-qt4/wpagui.cpp index 31cb38c4c0fd..798786b68645 100644 --- a/wpa_gui-qt4/wpagui.cpp +++ b/wpa_gui-qt4/wpagui.cpp @@ -17,6 +17,7 @@ #include #endif +#include #include #include "wpagui.h" diff --git a/wpa_gui/networkconfig.ui.h b/wpa_gui/networkconfig.ui.h index a3cd733d06c2..22afed9b316c 100644 --- a/wpa_gui/networkconfig.ui.h +++ b/wpa_gui/networkconfig.ui.h @@ -10,6 +10,7 @@ ** destructor. *****************************************************************************/ +#include enum { AUTH_NONE = 0, diff --git a/wpa_gui/userdatarequest.ui.h b/wpa_gui/userdatarequest.ui.h index 4b47ccdbad0d..66d4478d23e2 100644 --- a/wpa_gui/userdatarequest.ui.h +++ b/wpa_gui/userdatarequest.ui.h @@ -10,6 +10,8 @@ ** destructor. *****************************************************************************/ +#include + int UserDataRequest::setParams(WpaGui *_wpagui, const char *reqMsg) { char *tmp, *pos, *pos2; diff --git a/wpa_gui/wpagui.ui.h b/wpa_gui/wpagui.ui.h index 6db886243fa6..3f86c169a73f 100644 --- a/wpa_gui/wpagui.ui.h +++ b/wpa_gui/wpagui.ui.h @@ -16,6 +16,7 @@ #include #endif +#include void WpaGui::init() { diff --git a/wpa_i.h b/wpa_i.h index b5adb5e2c0d7..d1cab4bbf945 100644 --- a/wpa_i.h +++ b/wpa_i.h @@ -146,11 +146,6 @@ static inline wpa_states wpa_sm_get_state(struct wpa_sm *sm) return sm->ctx->get_state(sm->ctx->ctx); } -static inline void wpa_sm_req_scan(struct wpa_sm *sm, int sec, int usec) -{ - sm->ctx->req_scan(sm->ctx->ctx, sec, usec); -} - static inline void wpa_sm_deauthenticate(struct wpa_sm *sm, int reason_code) { sm->ctx->deauthenticate(sm->ctx->ctx, reason_code); diff --git a/wpa_supplicant.c b/wpa_supplicant.c index b7d3066d63fc..94a5c8adeec9 100644 --- a/wpa_supplicant.c +++ b/wpa_supplicant.c @@ -362,7 +362,6 @@ static void wpa_supplicant_notify_eapol_done(void *ctx) if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X) { wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE); } else { - eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); wpa_supplicant_cancel_auth_timeout(wpa_s); wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); } @@ -490,6 +489,28 @@ void wpa_blacklist_clear(struct wpa_supplicant *wpa_s) */ void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) { + /* If there's at least one network that should be specifically scanned + * then don't cancel the scan and reschedule. Some drivers do + * background scanning which generates frequent scan results, and that + * causes the specific SSID scan to get continually pushed back and + * never happen, which causes hidden APs to never get probe-scanned. + */ + if (eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL) && + wpa_s->conf->ap_scan == 1) { + struct wpa_ssid *ssid = wpa_s->conf->ssid; + + while (ssid) { + if (!ssid->disabled && ssid->scan_ssid) + break; + ssid = ssid->next; + } + if (ssid) { + wpa_msg(wpa_s, MSG_DEBUG, "Not rescheduling scan to " + "ensure that specific SSID scans occur"); + return; + } + } + wpa_msg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec", sec, usec); eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); @@ -1049,6 +1070,7 @@ static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx) if (wpa_s->scan_res_tried == 0 && wpa_s->conf->ap_scan == 1) { wpa_s->scan_res_tried++; + wpa_s->scan_req = scan_req; wpa_printf(MSG_DEBUG, "Trying to get current scan results " "first without requesting a new scan to speed up " "initial association"); @@ -1519,13 +1541,15 @@ void wpa_supplicant_associate(struct wpa_supplicant *wpa_s, wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); } else { /* Timeout for IEEE 802.11 authentication and association */ - int timeout; - if (assoc_failed) - timeout = 5; - else if (wpa_s->conf->ap_scan == 1) - timeout = 10; - else - timeout = 60; + int timeout = 60; + + if (assoc_failed) { + /* give IBSS a bit more time */ + timeout = ssid->mode ? 10 : 5; + } else if (wpa_s->conf->ap_scan == 1) { + /* give IBSS a bit more time */ + timeout = ssid->mode ? 20 : 10; + } wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0); } @@ -1795,12 +1819,6 @@ static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto, } -static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec) -{ - wpa_supplicant_req_scan(wpa_s, sec, usec); -} - - static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s) { wpa_supplicant_cancel_auth_timeout(wpa_s); @@ -1822,12 +1840,16 @@ static wpa_states _wpa_supplicant_get_state(void *wpa_s) static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code) { wpa_supplicant_disassociate(wpa_s, reason_code); + /* Schedule a scan to make sure we continue looking for networks */ + wpa_supplicant_req_scan(wpa_s, 0, 0); } static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code) { wpa_supplicant_deauthenticate(wpa_s, reason_code); + /* Schedule a scan to make sure we continue looking for networks */ + wpa_supplicant_req_scan(wpa_s, 0, 0); } @@ -2205,7 +2227,6 @@ static int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s) ctx->ctx = wpa_s; ctx->set_state = _wpa_supplicant_set_state; ctx->get_state = _wpa_supplicant_get_state; - ctx->req_scan = _wpa_supplicant_req_scan; ctx->deauthenticate = _wpa_supplicant_deauthenticate; ctx->disassociate = _wpa_supplicant_disassociate; ctx->set_key = wpa_supplicant_set_key; @@ -2488,8 +2509,6 @@ struct wpa_global * wpa_supplicant_init(struct wpa_params *params) return NULL; wpa_debug_open_file(params->wpa_debug_file_path); - if (params->wpa_debug_syslog) - wpa_debug_open_syslog(); ret = eap_peer_register_methods(); if (ret) { @@ -2614,6 +2633,5 @@ void wpa_supplicant_deinit(struct wpa_global *global) os_free(global->params.ctrl_interface); os_free(global); - wpa_debug_close_syslog(); wpa_debug_close_file(); } diff --git a/wpa_supplicant_i.h b/wpa_supplicant_i.h index 95d171c0a23f..0d6f24a938df 100644 --- a/wpa_supplicant_i.h +++ b/wpa_supplicant_i.h @@ -161,11 +161,6 @@ struct wpa_params { * wpa_debug_file_path - Path of debug file or %NULL to use stdout */ const char *wpa_debug_file_path; - - /** - * wpa_debug_syslog - Enable log output through syslog - */ - const char *wpa_debug_syslog; }; /** -- cgit v1.2.3