Cumulative patch from commit fb09ed338919db09f3990196171fa73b37e7a17f (DO NOT MERGE)
fb09ed3 Interworking: Notify the ANQP parsing status
d10b01d HS20: Provide appropriate permission to the OSU related files
73f1ee0 HS20: Fix TrustRoot path for PolicyUpdate node in PPS MO
54a0ac0 HS20: Return result of cmd_sub_rem in hs20-osu-client
b62b0cb WNM: Fix possible memory leak by free buf
9bd0273 EAP: Fix possible memory leak in eap_ttls_process_decrypted()
b760e64 eap_server: Avoid NULL pointer dereference in eap_fast_encrypt_phase2()
948d3a8 hostapd: Remove unused variable from hostapd_get_hw_features
dd09e42 Fix memory leak in wpa_supplicant global bgscan configuration
30f459c wpa_cli: Fix NULL dereference on printf string argument
414f23d Avoid NULL string in printf on EAP method names in authenticator
b72b2ad P2P: Stop p2p_listen/find on wpas_p2p_invite
7b7b444 nl80211: Fix reading of the extended capabilities mask
7e608d1 P2P: Use the correct wpa_s interface to handle P2P state flush
fd83335 AP: Enable HT Tx STBC for AP/GO if supported by driver
d90bfa9 Move external_scan_running to wpa_radio
0c5f01f Clear reattach flag in fast associate flow
8ad8bc5 NFC: Redirect NFC commands on global control interface
57ae1f5 P2P: Fix P2P invitation with NFC
07565ab WNM: Fix the length of WNM_BSS_QUERY control interface command
2d9c99e Retry scan-for-connect if driver trigger fails
911942e Add a test framework for various wpa_supplicant failure cases
6b46bfa WPS: Re-fix an interoperability issue with mixed mode and AP Settings
1648cc6 ACS: Allow subset of channels to be configured
95ff306 nl80211: Allow HT/VHT to be disabled for IBSS
7451a21 mesh: Return negative value on join failed
5a2a6de mesh: Make inactivity timer configurable
b9749ba AP: Expire STA without entry in kernel
a114c72 AP: Remove redundant condition for STA expiration
0d787f0 Fix RADIUS client with out-of-memory and missing shared secret
0efcad2 Print in debug log whether attached monitor is for global interface
8266e6c HS 2.0: Try to use same BSS entry for storing GAS results
6c69991 Make wpa_supplicant FLUSH command more likely to clear all BSS entries
2dbe63a Write reason for scan only_new_results into debug log
242b83a eapol_test: Fix cert_cb() function arguments
a8826b1 Interworking: Avoid busy loop in scan result mismatch corner cases
edd5939 Interworking: Start ANQP fetch from eloop callback
cbc210d RADIUS DAS: Allow PMKSA cache entry to be removed without association
4e871ed RADIUS DAS: Support Acct-Multi-Session-Id as a session identifier
b52c0d4 Add authMultiSessionId into hostapd STA info
861beb7 RADIUS DAS: Check for single session match for Disconnect-Request
783b2a9 Interworking: Fix INTERWORKING_CONNECT with zero-length SSID BSS entry
1fef85c nl80211: Fix AP-scan-in-STA-mode error path behavior
cebee30 Add domain_match network profile parameter
d07d3fb Add peer certificate alt subject name information to EAP events
98a4cd4 D-Bus: Clear cached EAP data on network profile changes
483dd6a Include peer certificate always in EAP events
dd5f902 Get rid of a compiler warning
d29fa3a Extend VENDOR_ELEM parameters to cover non-P2P Association Request
e7d0e97 hostapd: Add vendor specific VHT extension for the 2.4 GHz band
Change-Id: I45436c49986cd6bddbd869db3f474871a29ce1dc
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index 2ebc7f6..65532e3 100644
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -132,6 +132,7 @@
HT_CAP_INFO_SHORT_GI20MHZ |
HT_CAP_INFO_SHORT_GI40MHZ |
HT_CAP_INFO_RX_STBC_MASK |
+ HT_CAP_INFO_TX_STBC |
HT_CAP_INFO_MAX_AMSDU_SIZE);
if (mode->vht_capab && ssid->vht) {
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index a810632..5d7a063 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -1818,6 +1818,7 @@
{ STRe(subject_match) },
{ STRe(altsubject_match) },
{ STRe(domain_suffix_match) },
+ { STRe(domain_match) },
{ STRe(ca_cert2) },
{ STRe(ca_path2) },
{ STRe(client_cert2) },
@@ -1827,6 +1828,7 @@
{ STRe(subject_match2) },
{ STRe(altsubject_match2) },
{ STRe(domain_suffix_match2) },
+ { STRe(domain_match2) },
{ STRe(phase1) },
{ STRe(phase2) },
{ STRe(pcsc) },
@@ -2052,6 +2054,7 @@
os_free(eap->subject_match);
os_free(eap->altsubject_match);
os_free(eap->domain_suffix_match);
+ os_free(eap->domain_match);
os_free(eap->ca_cert2);
os_free(eap->ca_path2);
os_free(eap->client_cert2);
@@ -2061,6 +2064,7 @@
os_free(eap->subject_match2);
os_free(eap->altsubject_match2);
os_free(eap->domain_suffix_match2);
+ os_free(eap->domain_match2);
os_free(eap->phase1);
os_free(eap->phase2);
os_free(eap->pcsc);
@@ -2230,6 +2234,7 @@
os_free(config->sae_groups);
wpabuf_free(config->ap_vendor_elements);
os_free(config->osu_dir);
+ os_free(config->bgscan);
os_free(config->wowlan_triggers);
os_free(config);
}
@@ -3472,6 +3477,7 @@
config->ap_scan = DEFAULT_AP_SCAN;
config->user_mpm = DEFAULT_USER_MPM;
config->max_peer_links = DEFAULT_MAX_PEER_LINKS;
+ config->mesh_max_inactivity = DEFAULT_MESH_MAX_INACTIVITY;
config->fast_reauth = DEFAULT_FAST_REAUTH;
config->p2p_go_intent = DEFAULT_P2P_GO_INTENT;
config->p2p_intra_bss = DEFAULT_P2P_INTRA_BSS;
@@ -3490,6 +3496,7 @@
config->p2p_search_delay = DEFAULT_P2P_SEARCH_DELAY;
config->rand_addr_lifetime = DEFAULT_RAND_ADDR_LIFETIME;
config->key_mgmt_offload = DEFAULT_KEY_MGMT_OFFLOAD;
+ config->cert_in_cb = DEFAULT_CERT_IN_CB;
if (ctrl_interface)
config->ctrl_interface = os_strdup(ctrl_interface);
@@ -4021,6 +4028,7 @@
#ifdef CONFIG_MESH
{ INT(user_mpm), 0 },
{ INT_RANGE(max_peer_links, 0, 255), 0 },
+ { INT(mesh_max_inactivity), 0 },
#endif /* CONFIG_MESH */
{ INT(disable_scan_offload), 0 },
{ INT(fast_reauth), 0 },
diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h
index dca17c2..eeb4ba7 100644
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@@ -17,6 +17,7 @@
#endif /* CONFIG_NO_SCAN_PROCESSING */
#define DEFAULT_USER_MPM 1
#define DEFAULT_MAX_PEER_LINKS 99
+#define DEFAULT_MESH_MAX_INACTIVITY 300
#define DEFAULT_FAST_REAUTH 1
#define DEFAULT_P2P_GO_INTENT 7
#define DEFAULT_P2P_INTRA_BSS 1
@@ -31,6 +32,7 @@
#define DEFAULT_P2P_SEARCH_DELAY 500
#define DEFAULT_RAND_ADDR_LIFETIME 60
#define DEFAULT_KEY_MGMT_OFFLOAD 1
+#define DEFAULT_CERT_IN_CB 1
#include "config_ssid.h"
#include "wps/wps.h"
@@ -1119,6 +1121,22 @@
* Maximum number of mesh peering currently maintained by the STA.
*/
int max_peer_links;
+
+ /**
+ * cert_in_cb - Whether to include a peer certificate dump in events
+ *
+ * This controls whether peer certificates for authentication server and
+ * its certificate chain are included in EAP peer certificate events.
+ */
+ int cert_in_cb;
+
+ /**
+ * mesh_max_inactivity - Timeout in seconds to detect STA inactivity
+ *
+ * This timeout value is used in mesh STA to clean up inactive stations.
+ * By default: 300 seconds.
+ */
+ int mesh_max_inactivity;
};
diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index d8cbe8b..9c9685a 100644
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -691,6 +691,7 @@
STR(subject_match);
STR(altsubject_match);
STR(domain_suffix_match);
+ STR(domain_match);
STR(ca_cert2);
STR(ca_path2);
STR(client_cert2);
@@ -700,6 +701,7 @@
STR(subject_match2);
STR(altsubject_match2);
STR(domain_suffix_match2);
+ STR(domain_match2);
STR(phase1);
STR(phase2);
STR(pcsc);
@@ -1218,6 +1220,13 @@
if (config->max_peer_links != DEFAULT_MAX_PEER_LINKS)
fprintf(f, "max_peer_links=%d\n", config->max_peer_links);
+
+ if (config->cert_in_cb != DEFAULT_CERT_IN_CB)
+ fprintf(f, "cert_in_cb=%d\n", config->cert_in_cb);
+
+ if (config->mesh_max_inactivity != DEFAULT_MESH_MAX_INACTIVITY)
+ fprintf(f, "mesh_max_inactivity=%d\n",
+ config->mesh_max_inactivity);
}
#endif /* CONFIG_NO_CONFIG_WRITE */
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 9c3f93d..8e71727 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -437,6 +437,8 @@
#endif /* CONFIG_AP */
} else if (os_strcasecmp(cmd, "extra_roc_dur") == 0) {
wpa_s->extra_roc_dur = atoi(value);
+ } else if (os_strcasecmp(cmd, "test_failure") == 0) {
+ wpa_s->test_failure = atoi(value);
#endif /* CONFIG_TESTING_OPTIONS */
#ifndef CONFIG_NO_CONFIG_BLOBS
} else if (os_strcmp(cmd, "blob") == 0) {
@@ -5526,6 +5528,27 @@
return -1;
}
+ if (bss->ssid_len == 0) {
+ int found = 0;
+
+ wpa_printf(MSG_DEBUG, "Selected BSS entry for " MACSTR
+ " does not have SSID information", MAC2STR(bssid));
+
+ dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss,
+ list) {
+ if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
+ bss->ssid_len > 0) {
+ found = 1;
+ break;
+ }
+ }
+
+ if (!found)
+ return -1;
+ wpa_printf(MSG_DEBUG,
+ "Found another matching BSS entry with SSID");
+ }
+
return interworking_connect(wpa_s, bss);
}
@@ -6091,20 +6114,24 @@
static void wpa_supplicant_ctrl_iface_flush(struct wpa_supplicant *wpa_s)
{
+#ifdef CONFIG_P2P
+ struct wpa_supplicant *p2p_wpa_s = wpa_s->global->p2p_init_wpa_s ?
+ wpa_s->global->p2p_init_wpa_s : wpa_s;
+#endif /* CONFIG_P2P */
+
wpa_dbg(wpa_s, MSG_DEBUG, "Flush all wpa_supplicant state");
#ifdef CONFIG_P2P
- wpas_p2p_cancel(wpa_s);
- wpas_p2p_stop_find(wpa_s);
- p2p_ctrl_flush(wpa_s);
- wpas_p2p_group_remove(wpa_s, "*");
- wpas_p2p_service_flush(wpa_s);
- wpa_s->global->p2p_disabled = 0;
- wpa_s->global->p2p_per_sta_psk = 0;
- wpa_s->conf->num_sec_device_types = 0;
- wpa_s->p2p_disable_ip_addr_req = 0;
- os_free(wpa_s->global->p2p_go_avoid_freq.range);
- wpa_s->global->p2p_go_avoid_freq.range = NULL;
+ wpas_p2p_cancel(p2p_wpa_s);
+ p2p_ctrl_flush(p2p_wpa_s);
+ wpas_p2p_group_remove(p2p_wpa_s, "*");
+ wpas_p2p_service_flush(p2p_wpa_s);
+ p2p_wpa_s->global->p2p_disabled = 0;
+ p2p_wpa_s->global->p2p_per_sta_psk = 0;
+ p2p_wpa_s->conf->num_sec_device_types = 0;
+ p2p_wpa_s->p2p_disable_ip_addr_req = 0;
+ os_free(p2p_wpa_s->global->p2p_go_avoid_freq.range);
+ p2p_wpa_s->global->p2p_go_avoid_freq.range = NULL;
#endif /* CONFIG_P2P */
#ifdef CONFIG_WPS_TESTING
@@ -6145,8 +6172,6 @@
wpa_s->sta_uapsd = 0;
wpa_drv_radio_disable(wpa_s, 0);
-
- wpa_bss_flush(wpa_s);
wpa_blacklist_clear(wpa_s);
wpa_s->extra_blacklist_count = 0;
wpa_supplicant_ctrl_iface_remove_network(wpa_s, "all");
@@ -6176,11 +6201,22 @@
wpa_s->ext_eapol_frame_io = 0;
#ifdef CONFIG_TESTING_OPTIONS
wpa_s->extra_roc_dur = 0;
+ wpa_s->test_failure = WPAS_TEST_FAILURE_NONE;
#endif /* CONFIG_TESTING_OPTIONS */
wpa_s->disconnected = 0;
os_free(wpa_s->next_scan_freqs);
wpa_s->next_scan_freqs = NULL;
+
+ wpa_bss_flush(wpa_s);
+ if (!dl_list_empty(&wpa_s->bss)) {
+ wpa_printf(MSG_DEBUG,
+ "BSS table not empty after flush: %u entries, current_bss=%p bssid="
+ MACSTR " pending_bssid=" MACSTR,
+ dl_list_len(&wpa_s->bss), wpa_s->current_bss,
+ MAC2STR(wpa_s->bssid),
+ MAC2STR(wpa_s->pending_bssid));
+ }
}
@@ -7873,8 +7909,8 @@
} else if (os_strncmp(buf, "WNM_SLEEP ", 10) == 0) {
if (wpas_ctrl_iface_wnm_sleep(wpa_s, buf + 10))
reply_len = -1;
- } else if (os_strncmp(buf, "WNM_BSS_QUERY ", 10) == 0) {
- if (wpas_ctrl_iface_wnm_bss_query(wpa_s, buf + 10))
+ } else if (os_strncmp(buf, "WNM_BSS_QUERY ", 14) == 0) {
+ if (wpas_ctrl_iface_wnm_bss_query(wpa_s, buf + 14))
reply_len = -1;
#endif /* CONFIG_WNM */
} else if (os_strcmp(buf, "FLUSH") == 0) {
@@ -8182,6 +8218,8 @@
"P2P_PRESENCE_REQ ",
"P2P_EXT_LISTEN ",
"P2P_REMOVE_CLIENT ",
+ "WPS_NFC_TOKEN ",
+ "WPS_NFC_TAG_READ ",
"NFC_GET_HANDOVER_SEL ",
"NFC_GET_HANDOVER_REQ ",
"NFC_REPORT_HANDOVER ",
diff --git a/wpa_supplicant/ctrl_iface_unix.c b/wpa_supplicant/ctrl_iface_unix.c
index 2c1c6a0..b1ac766 100644
--- a/wpa_supplicant/ctrl_iface_unix.c
+++ b/wpa_supplicant/ctrl_iface_unix.c
@@ -74,7 +74,7 @@
static int wpa_supplicant_ctrl_iface_attach(struct dl_list *ctrl_dst,
struct sockaddr_un *from,
- socklen_t fromlen)
+ socklen_t fromlen, int global)
{
struct wpa_ctrl_dst *dst;
char addr_txt[200];
@@ -89,7 +89,8 @@
printf_encode(addr_txt, sizeof(addr_txt),
(u8 *) from->sun_path,
fromlen - offsetof(struct sockaddr_un, sun_path));
- wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s", addr_txt);
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE %smonitor attached %s",
+ global ? "global " : "", addr_txt);
return 0;
}
@@ -174,7 +175,7 @@
if (os_strcmp(buf, "ATTACH") == 0) {
if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst, &from,
- fromlen))
+ fromlen, 0))
reply_len = 1;
else {
new_attached = 1;
@@ -775,7 +776,8 @@
if (os_strcmp(buf, "ATTACH") == 0) {
/* handle ATTACH signal of first monitor interface */
if (!wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst,
- &from, fromlen)) {
+ &from, fromlen,
+ 0)) {
if (sendto(priv->sock, "OK\n", 3, 0,
(struct sockaddr *) &from, fromlen) <
0) {
@@ -830,7 +832,7 @@
if (os_strcmp(buf, "ATTACH") == 0) {
if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst, &from,
- fromlen))
+ fromlen, 1))
reply_len = 1;
else
reply_len = 2;
diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
index b30cc38..30ef03a 100644
--- a/wpa_supplicant/dbus/dbus_new.c
+++ b/wpa_supplicant/dbus/dbus_new.c
@@ -748,6 +748,8 @@
void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
int depth, const char *subject,
+ const char *altsubject[],
+ int num_altsubject,
const char *cert_hash,
const struct wpabuf *cert)
{
@@ -771,6 +773,9 @@
if (!wpa_dbus_dict_open_write(&iter, &dict_iter) ||
!wpa_dbus_dict_append_uint32(&dict_iter, "depth", depth) ||
!wpa_dbus_dict_append_string(&dict_iter, "subject", subject) ||
+ (altsubject && num_altsubject &&
+ !wpa_dbus_dict_append_string_array(&dict_iter, "altsubject",
+ altsubject, num_altsubject)) ||
(cert_hash &&
!wpa_dbus_dict_append_string(&dict_iter, "cert_hash",
cert_hash)) ||
diff --git a/wpa_supplicant/dbus/dbus_new.h b/wpa_supplicant/dbus/dbus_new.h
index 5f32bbf..d162d2b 100644
--- a/wpa_supplicant/dbus/dbus_new.h
+++ b/wpa_supplicant/dbus/dbus_new.h
@@ -215,6 +215,8 @@
struct wps_event_fail *fail);
void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
int depth, const char *subject,
+ const char *altsubject[],
+ int num_altsubject,
const char *cert_hash,
const struct wpabuf *cert);
void wpas_dbus_signal_preq(struct wpa_supplicant *wpa_s,
@@ -484,6 +486,8 @@
static inline void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
int depth,
const char *subject,
+ const char *altsubject[],
+ int num_altsubject,
const char *cert_hash,
const struct wpabuf *cert)
{
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
index 9aff2c1..0b02920 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
@@ -254,6 +254,19 @@
if (wpa_config_set(ssid, entry.key, value, 0) < 0)
goto error;
+ if (os_strcmp(entry.key, "bssid") != 0 &&
+ os_strcmp(entry.key, "priority") != 0)
+ wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
+
+ if (wpa_s->current_ssid == ssid ||
+ wpa_s->current_ssid == NULL) {
+ /*
+ * Invalidate the EAP session cache if anything in the
+ * current or previously used configuration changes.
+ */
+ eapol_sm_invalidate_cached_session(wpa_s->eapol);
+ }
+
if ((os_strcmp(entry.key, "psk") == 0 &&
value[0] == '"' && ssid->ssid_len) ||
(os_strcmp(entry.key, "ssid") == 0 && ssid->passphrase))
diff --git a/wpa_supplicant/driver_i.h b/wpa_supplicant/driver_i.h
index 8dc48d3..9debcf8 100644
--- a/wpa_supplicant/driver_i.h
+++ b/wpa_supplicant/driver_i.h
@@ -90,6 +90,10 @@
static inline int wpa_drv_scan(struct wpa_supplicant *wpa_s,
struct wpa_driver_scan_params *params)
{
+#ifdef CONFIG_TESTING_OPTIONS
+ if (wpa_s->test_failure == WPAS_TEST_FAILURE_SCAN_TRIGGER)
+ return -EBUSY;
+#endif /* CONFIG_TESTING_OPTIONS */
if (wpa_s->driver->scan2)
return wpa_s->driver->scan2(wpa_s->drv_priv, params);
return -1;
diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c
index aa9ab50..9b7af30 100644
--- a/wpa_supplicant/eapol_test.c
+++ b/wpa_supplicant/eapol_test.c
@@ -480,6 +480,7 @@
static void eapol_test_cert_cb(void *ctx, int depth, const char *subject,
+ const char *altsubject[], int num_altsubject,
const char *cert_hash,
const struct wpabuf *cert)
{
@@ -509,6 +510,14 @@
eapol_test_write_cert(e->server_cert_file,
subject, cert);
}
+
+ if (altsubject) {
+ int i;
+
+ for (i = 0; i < num_altsubject; i++)
+ wpa_msg(e->wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_ALT
+ "depth=%d %s", depth, altsubject[i]);
+ }
}
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index afda42a..a89ab29 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -1313,7 +1313,7 @@
#endif /* CONFIG_NO_RANDOM_POOL */
if (own_request && wpa_s->scan_res_handler &&
- (wpa_s->own_scan_running || !wpa_s->external_scan_running)) {
+ (wpa_s->own_scan_running || !wpa_s->radio->external_scan_running)) {
void (*scan_res_handler)(struct wpa_supplicant *wpa_s,
struct wpa_scan_results *scan_res);
@@ -1334,7 +1334,7 @@
}
wpa_dbg(wpa_s, MSG_DEBUG, "New scan results available (own=%u ext=%u)",
- wpa_s->own_scan_running, wpa_s->external_scan_running);
+ wpa_s->own_scan_running, wpa_s->radio->external_scan_running);
if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
wpa_s->manual_scan_use_id && wpa_s->own_scan_running) {
wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u",
@@ -1347,7 +1347,7 @@
wpas_notify_scan_done(wpa_s, 1);
- if (!wpa_s->own_scan_running && wpa_s->external_scan_running) {
+ if (!wpa_s->own_scan_running && wpa_s->radio->external_scan_running) {
wpa_dbg(wpa_s, MSG_DEBUG, "Do not use results from externally requested scan operation for network selection");
wpa_scan_results_free(scan_res);
return 0;
@@ -3077,7 +3077,7 @@
}
} else {
wpa_dbg(wpa_s, MSG_DEBUG, "External program started a scan");
- wpa_s->external_scan_running = 1;
+ wpa_s->radio->external_scan_running = 1;
wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_STARTED);
}
break;
@@ -3093,7 +3093,7 @@
}
wpa_supplicant_event_scan_results(wpa_s, data);
wpa_s->own_scan_running = 0;
- wpa_s->external_scan_running = 0;
+ wpa_s->radio->external_scan_running = 0;
radio_work_check_next(wpa_s);
break;
#endif /* CONFIG_NO_SCAN_PROCESSING */
diff --git a/wpa_supplicant/hs20_supplicant.c b/wpa_supplicant/hs20_supplicant.c
index 9eb5064..eb18ed2 100644
--- a/wpa_supplicant/hs20_supplicant.c
+++ b/wpa_supplicant/hs20_supplicant.c
@@ -7,6 +7,7 @@
*/
#include "includes.h"
+#include <sys/stat.h>
#include "common.h"
#include "eloop.h"
@@ -216,6 +217,30 @@
}
+static void hs20_set_osu_access_permission(const char *osu_dir,
+ const char *fname)
+{
+ struct stat statbuf;
+
+ /* Get OSU directory information */
+ if (stat(osu_dir, &statbuf) < 0) {
+ wpa_printf(MSG_WARNING, "Cannot stat the OSU directory %s",
+ osu_dir);
+ return;
+ }
+
+ if (chmod(fname, statbuf.st_mode) < 0) {
+ wpa_printf(MSG_WARNING,
+ "Cannot change the permissions for %s", fname);
+ return;
+ }
+
+ if (chown(fname, statbuf.st_uid, statbuf.st_gid) < 0) {
+ wpa_printf(MSG_WARNING, "Cannot change the ownership for %s",
+ fname);
+ }
+}
+
static int hs20_process_icon_binary_file(struct wpa_supplicant *wpa_s,
const u8 *sa, const u8 *pos,
size_t slen)
@@ -278,6 +303,9 @@
f = fopen(fname, "wb");
if (f == NULL)
return -1;
+
+ hs20_set_osu_access_permission(wpa_s->conf->osu_dir, fname);
+
if (fwrite(pos, slen, 1, f) != 1) {
fclose(f);
unlink(fname);
@@ -327,11 +355,11 @@
void hs20_parse_rx_hs20_anqp_resp(struct wpa_supplicant *wpa_s,
- const u8 *sa, const u8 *data, size_t slen)
+ struct wpa_bss *bss, const u8 *sa,
+ const u8 *data, size_t slen)
{
const u8 *pos = data;
u8 subtype;
- struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, sa);
struct wpa_bss_anqp *anqp = NULL;
int ret;
@@ -479,6 +507,9 @@
hs20_free_osu_prov(wpa_s);
return;
}
+
+ hs20_set_osu_access_permission(wpa_s->conf->osu_dir, fname);
+
for (i = 0; i < wpa_s->osu_prov_count; i++) {
struct osu_provider *osu = &wpa_s->osu_prov[i];
if (i > 0)
diff --git a/wpa_supplicant/hs20_supplicant.h b/wpa_supplicant/hs20_supplicant.h
index 06739f5..85b5120 100644
--- a/wpa_supplicant/hs20_supplicant.h
+++ b/wpa_supplicant/hs20_supplicant.h
@@ -17,7 +17,8 @@
void hs20_put_anqp_req(u32 stypes, const u8 *payload, size_t payload_len,
struct wpabuf *buf);
void hs20_parse_rx_hs20_anqp_resp(struct wpa_supplicant *wpa_s,
- const u8 *sa, const u8 *data, size_t slen);
+ struct wpa_bss *bss, const u8 *sa,
+ const u8 *data, size_t slen);
int is_hs20_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
struct wpa_bss *bss);
int hs20_get_pps_mo_id(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid);
diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
index 116df05..3e919bd 100644
--- a/wpa_supplicant/interworking.c
+++ b/wpa_supplicant/interworking.c
@@ -73,6 +73,8 @@
static void interworking_reconnect(struct wpa_supplicant *wpa_s)
{
+ unsigned int tried;
+
if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
wpa_supplicant_cancel_sched_scan(wpa_s);
wpa_supplicant_deauthenticate(wpa_s,
@@ -80,10 +82,13 @@
}
wpa_s->disconnected = 0;
wpa_s->reassociate = 1;
+ tried = wpa_s->interworking_fast_assoc_tried;
+ wpa_s->interworking_fast_assoc_tried = 1;
- if (wpa_supplicant_fast_associate(wpa_s) >= 0)
+ if (!tried && wpa_supplicant_fast_associate(wpa_s) >= 0)
return;
+ wpa_s->interworking_fast_assoc_tried = 0;
wpa_supplicant_req_scan(wpa_s, 0, 0);
}
@@ -2556,7 +2561,12 @@
bss->flags &= ~WPA_BSS_ANQP_FETCH_TRIED;
wpa_s->fetch_anqp_in_progress = 1;
- interworking_next_anqp_fetch(wpa_s);
+
+ /*
+ * Start actual ANQP operation from eloop call to make sure the loop
+ * does not end up using excessive recursion.
+ */
+ eloop_register_timeout(0, 0, interworking_continue_anqp, wpa_s, NULL);
}
@@ -2739,8 +2749,8 @@
switch (type) {
case HS20_ANQP_OUI_TYPE:
- hs20_parse_rx_hs20_anqp_resp(wpa_s, sa, pos,
- slen);
+ hs20_parse_rx_hs20_anqp_resp(wpa_s, bss, sa,
+ pos, slen);
break;
default:
wpa_printf(MSG_DEBUG, "HS20: Unsupported ANQP "
@@ -2775,6 +2785,7 @@
u16 info_id;
u16 slen;
struct wpa_bss *bss = NULL, *tmp;
+ const char *anqp_result = "SUCCESS";
wpa_printf(MSG_DEBUG, "Interworking: anqp_resp_cb dst=" MACSTR
" dialog_token=%u result=%d status_code=%u",
@@ -2782,7 +2793,8 @@
if (result != GAS_QUERY_SUCCESS) {
if (wpa_s->fetch_osu_icon_in_progress)
hs20_icon_fetch_failed(wpa_s);
- return;
+ anqp_result = "FAILURE";
+ goto out;
}
pos = wpabuf_head(adv_proto);
@@ -2792,7 +2804,8 @@
"Protocol in response");
if (wpa_s->fetch_osu_icon_in_progress)
hs20_icon_fetch_failed(wpa_s);
- return;
+ anqp_result = "INVALID_FRAME";
+ goto out;
}
/*
@@ -2818,7 +2831,8 @@
if (left < 4) {
wpa_printf(MSG_DEBUG, "ANQP: Invalid element");
- break;
+ anqp_result = "INVALID_FRAME";
+ goto out_parse_done;
}
info_id = WPA_GET_LE16(pos);
pos += 2;
@@ -2828,14 +2842,19 @@
if (left < slen) {
wpa_printf(MSG_DEBUG, "ANQP: Invalid element length "
"for Info ID %u", info_id);
- break;
+ anqp_result = "INVALID_FRAME";
+ goto out_parse_done;
}
interworking_parse_rx_anqp_resp(wpa_s, bss, dst, info_id, pos,
slen);
pos += slen;
}
+out_parse_done:
hs20_notify_parse_done(wpa_s);
+out:
+ wpa_msg(wpa_s, MSG_INFO, ANQP_QUERY_DONE "addr=" MACSTR " result=%s",
+ MAC2STR(dst), anqp_result);
}
diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c
index 5fdf4e0..32506b6 100644
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -166,6 +166,7 @@
bss->conf = *conf->bss;
bss->conf->start_disabled = 1;
bss->conf->mesh = MESH_ENABLED;
+ bss->conf->ap_max_inactivity = wpa_s->conf->mesh_max_inactivity;
bss->iconf = conf;
ifmsh->conf = conf;
@@ -339,6 +340,7 @@
params.flags |= WPA_DRIVER_MESH_FLAG_DRIVER_MPM;
params.conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_AUTO_PLINKS;
}
+ params.conf.peer_link_timeout = wpa_s->conf->mesh_max_inactivity;
if (wpa_supplicant_mesh_init(wpa_s, ssid)) {
wpa_msg(wpa_s, MSG_ERROR, "Failed to init mesh");
diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c
index df1ce9e..bf1836a 100644
--- a/wpa_supplicant/notify.c
+++ b/wpa_supplicant/notify.c
@@ -690,13 +690,13 @@
void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth,
- const char *subject, const char *cert_hash,
+ const char *subject, const char *altsubject[],
+ int num_altsubject, const char *cert_hash,
const struct wpabuf *cert)
{
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT
"depth=%d subject='%s'%s%s",
- depth, subject,
- cert_hash ? " hash=" : "",
+ depth, subject, cert_hash ? " hash=" : "",
cert_hash ? cert_hash : "");
if (cert) {
@@ -714,11 +714,20 @@
}
}
+ if (altsubject) {
+ int i;
+
+ for (i = 0; i < num_altsubject; i++)
+ wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_ALT
+ "depth=%d %s", depth, altsubject[i]);
+ }
+
/* notify the old DBus API */
wpa_supplicant_dbus_notify_certification(wpa_s, depth, subject,
cert_hash, cert);
/* notify the new DBus API */
- wpas_dbus_signal_certification(wpa_s, depth, subject, cert_hash, cert);
+ wpas_dbus_signal_certification(wpa_s, depth, subject, altsubject,
+ num_altsubject, cert_hash, cert);
}
diff --git a/wpa_supplicant/notify.h b/wpa_supplicant/notify.h
index 7feb530..7fb1f58 100644
--- a/wpa_supplicant/notify.h
+++ b/wpa_supplicant/notify.h
@@ -121,7 +121,8 @@
struct wps_event_fail *fail);
void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth,
- const char *subject, const char *cert_hash,
+ const char *subject, const char *altsubject[],
+ int num_altsubject, const char *cert_hash,
const struct wpabuf *cert);
void wpas_notify_preq(struct wpa_supplicant *wpa_s,
const u8 *addr, const u8 *dst, const u8 *bssid,
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index 59f95c3..4364a06 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -3158,14 +3158,14 @@
}
#ifdef CONFIG_WPS_NFC
- if (dev_pw_id >= 0 && wpa_s->parent->p2p_nfc_tag_enabled &&
- dev_pw_id == wpa_s->parent->p2p_oob_dev_pw_id) {
+ if (dev_pw_id >= 0 && wpa_s->p2p_nfc_tag_enabled &&
+ dev_pw_id == wpa_s->p2p_oob_dev_pw_id) {
wpa_printf(MSG_DEBUG, "P2P: Accept invitation based on local enabled NFC Tag");
- wpa_s->parent->p2p_wps_method = WPS_NFC;
- wpa_s->parent->pending_join_wps_method = WPS_NFC;
- os_memcpy(wpa_s->parent->pending_join_dev_addr,
+ wpa_s->p2p_wps_method = WPS_NFC;
+ wpa_s->pending_join_wps_method = WPS_NFC;
+ os_memcpy(wpa_s->pending_join_dev_addr,
go_dev_addr, ETH_ALEN);
- os_memcpy(wpa_s->parent->pending_join_iface_addr,
+ os_memcpy(wpa_s->pending_join_iface_addr,
bssid, ETH_ALEN);
goto accept_inv;
}
@@ -6177,6 +6177,12 @@
pref_freq = 0;
}
+ /*
+ * Stop any find/listen operations before invitation and possibly
+ * connection establishment.
+ */
+ wpas_p2p_stop_find_oper(wpa_s);
+
return p2p_invite(wpa_s->global->p2p, peer_addr, role, bssid,
ssid->ssid, ssid->ssid_len, force_freq, go_dev_addr,
1, pref_freq, -1);
diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index cb2c8d6..08af9fb 100644
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -168,17 +168,34 @@
wpa_supplicant_notify_scanning(wpa_s, 1);
- if (wpa_s->clear_driver_scan_cache)
+ if (wpa_s->clear_driver_scan_cache) {
+ wpa_printf(MSG_DEBUG,
+ "Request driver to clear scan cache due to local BSS flush");
params->only_new_results = 1;
+ }
ret = wpa_drv_scan(wpa_s, params);
wpa_scan_free_params(params);
work->ctx = NULL;
if (ret) {
+ int retry = wpa_s->last_scan_req != MANUAL_SCAN_REQ;
+
+ if (wpa_s->disconnected)
+ retry = 0;
+
wpa_supplicant_notify_scanning(wpa_s, 0);
wpas_notify_scan_done(wpa_s, 0);
- wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=%d",
- ret);
+ if (wpa_s->wpa_state == WPA_SCANNING)
+ wpa_supplicant_set_state(wpa_s,
+ wpa_s->scan_prev_wpa_state);
+ wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=%d%s",
+ ret, retry ? " retry=1" : "");
radio_work_done(work);
+
+ if (retry) {
+ /* Restore scan_req since we will try to scan again */
+ wpa_s->scan_req = wpa_s->last_scan_req;
+ wpa_supplicant_req_scan(wpa_s, 1, 0);
+ }
return;
}
@@ -610,7 +627,6 @@
struct wpa_driver_scan_params params;
struct wpa_driver_scan_params *scan_params;
size_t max_ssids;
- enum wpa_states prev_state;
if (wpa_s->pno || wpa_s->pno_sched_pending) {
wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - PNO is in progress");
@@ -678,7 +694,7 @@
os_memset(¶ms, 0, sizeof(params));
- prev_state = wpa_s->wpa_state;
+ wpa_s->scan_prev_wpa_state = wpa_s->wpa_state;
if (wpa_s->wpa_state == WPA_DISCONNECTED ||
wpa_s->wpa_state == WPA_INACTIVE)
wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
@@ -876,8 +892,11 @@
extra_ie = wpa_supplicant_extra_ies(wpa_s);
if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
- wpa_s->manual_scan_only_new)
+ wpa_s->manual_scan_only_new) {
+ wpa_printf(MSG_DEBUG,
+ "Request driver to clear scan cache due to manual only_new=1 scan");
params.only_new_results = 1;
+ }
if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs == NULL &&
wpa_s->manual_scan_freqs) {
@@ -995,13 +1014,17 @@
if (ret) {
wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan");
- if (prev_state != wpa_s->wpa_state)
- wpa_supplicant_set_state(wpa_s, prev_state);
+ if (wpa_s->scan_prev_wpa_state != wpa_s->wpa_state)
+ wpa_supplicant_set_state(wpa_s,
+ wpa_s->scan_prev_wpa_state);
/* Restore scan_req since we will try to scan again */
wpa_s->scan_req = wpa_s->last_scan_req;
wpa_supplicant_req_scan(wpa_s, 1, 0);
} else {
wpa_s->scan_for_connection = 0;
+#ifdef CONFIG_INTERWORKING
+ wpa_s->interworking_fast_assoc_tried = 0;
+#endif /* CONFIG_INTERWORKING */
}
}
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 80c280a..d34668a 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -449,6 +449,20 @@
os_memcpy(pos, ext_capab, ext_capab_len);
}
+ if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
+ struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
+ size_t len;
+
+ len = sizeof(wpa_s->sme.assoc_req_ie) -
+ wpa_s->sme.assoc_req_ie_len;
+ if (wpabuf_len(buf) <= len) {
+ os_memcpy(wpa_s->sme.assoc_req_ie +
+ wpa_s->sme.assoc_req_ie_len,
+ wpabuf_head(buf), wpabuf_len(buf));
+ wpa_s->sme.assoc_req_ie_len += wpabuf_len(buf);
+ }
+ }
+
sme_auth_handle_rrm(wpa_s, bss);
#ifdef CONFIG_SAE
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index d2face0..79619f2 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -1577,6 +1577,10 @@
wpa_cli_close_connection();
os_free(ctrl_ifname);
ctrl_ifname = os_strdup(argv[0]);
+ if (!ctrl_ifname) {
+ printf("Failed to allocate memory\n");
+ return 0;
+ }
if (wpa_cli_open_connection(ctrl_ifname, 1) == 0) {
printf("Connected to interface '%s.\n", ctrl_ifname);
@@ -3743,7 +3747,8 @@
if (!wpa_cli_open_connection(ctrl_ifname, 1) == 0) {
if (!warning_displayed) {
printf("Could not connect to wpa_supplicant: "
- "%s - re-trying\n", ctrl_ifname);
+ "%s - re-trying\n",
+ ctrl_ifname ? ctrl_ifname : "(nil)");
warning_displayed = 1;
}
eloop_register_timeout(1, 0, try_connection, NULL, NULL);
@@ -4004,7 +4009,8 @@
wpa_cli_open_connection(ctrl_ifname, 0) < 0) {
fprintf(stderr, "Failed to connect to non-global "
"ctrl_ifname: %s error: %s\n",
- ctrl_ifname, strerror(errno));
+ ctrl_ifname ? ctrl_ifname : "(nil)",
+ strerror(errno));
return -1;
}
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 9994a7a..47243a3 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2029,6 +2029,18 @@
}
}
+ if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
+ struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
+ size_t len;
+
+ len = sizeof(wpa_ie) - wpa_ie_len;
+ if (wpabuf_len(buf) <= len) {
+ os_memcpy(wpa_ie + wpa_ie_len,
+ wpabuf_head(buf), wpabuf_len(buf));
+ wpa_ie_len += wpabuf_len(buf);
+ }
+ }
+
wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
use_crypt = 1;
cipher_pairwise = wpa_s->pairwise_cipher;
@@ -2184,7 +2196,7 @@
os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
params.vhtcaps = &vhtcaps;
params.vhtcaps_mask = &vhtcaps_mask;
- wpa_supplicant_apply_vht_overrides(wpa_s, wpa_s->current_ssid, ¶ms);
+ wpa_supplicant_apply_vht_overrides(wpa_s, ssid, ¶ms);
#endif /* CONFIG_VHT_OVERRIDES */
#ifdef CONFIG_P2P
@@ -3599,7 +3611,7 @@
wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
radio_list);
- if (wpa_s && wpa_s->external_scan_running) {
+ if (wpa_s && wpa_s->radio->external_scan_running) {
wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
return;
}
@@ -5020,6 +5032,8 @@
if (wpa_supplicant_fast_associate(wpa_s) != 1)
wpa_supplicant_req_scan(wpa_s, 0, 0);
+ else
+ wpa_s->reattach = 0;
}
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 7d189c7..23c2299 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -127,6 +127,17 @@
# Maximum number of mesh peering currently maintained by the STA.
#max_peer_links=99
+# Timeout in seconds to detect STA inactivity (default: 300 seconds)
+#
+# This timeout value is used in mesh STA to clean up inactive stations.
+#mesh_max_inactivity=300
+
+# cert_in_cb - Whether to include a peer certificate dump in events
+# This controls whether peer certificates for authentication server and
+# its certificate chain are included in EAP peer certificate events. This is
+# enabled by default.
+#cert_in_cb=1
+
# EAP fast re-authentication
# By default, fast re-authentication is enabled for all EAP methods that
# support it. This variable can be used to disable fast re-authentication.
@@ -867,7 +878,8 @@
# /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com
# Note: Since this is a substring match, this cannot be used securily to
# do a suffix match against a possible domain name in the CN entry. For
-# such a use case, domain_suffix_match should be used instead.
+# such a use case, domain_suffix_match or domain_match should be used
+# instead.
# altsubject_match: Semicolon separated string of entries to be matched against
# the alternative subject name of the authentication server certificate.
# If this string is set, the server sertificate is only accepted if it
@@ -890,6 +902,16 @@
#
# For example, domain_suffix_match=example.com would match
# test.example.com but would not match test-example.com.
+# domain_match: Constraint for server domain name
+# If set, this FQDN is used as a full match requirement for the
+# server certificate in SubjectAltName dNSName element(s). If a
+# matching dNSName is found, this constraint is met. If no dNSName
+# values are present, this constraint is matched against SubjectName CN
+# using same full match comparison. This behavior is similar to
+# domain_suffix_match, but has the requirement of a full match, i.e.,
+# no subdomains or wildcard matches are allowed. Case-insensitive
+# comparison is used, so "Example.com" matches "example.com", but would
+# not match "test.Example.com".
# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters
# (string with field-value pairs, e.g., "peapver=0" or
# "peapver=1 peaplabel=1")
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index e396a5d..d1938fa 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -296,6 +296,7 @@
struct wpa_radio {
char name[16]; /* from driver_ops get_radio_name() or empty if not
* available */
+ unsigned int external_scan_running:1;
struct dl_list ifaces; /* struct wpa_supplicant::radio_list entries */
struct dl_list work; /* struct wpa_radio_work::list entries */
};
@@ -403,6 +404,11 @@
u8 next_neighbor_rep_token;
};
+enum wpa_supplicant_test_failure {
+ WPAS_TEST_FAILURE_NONE,
+ WPAS_TEST_FAILURE_SCAN_TRIGGER,
+};
+
/**
* struct wpa_supplicant - Internal data for wpa_supplicant interface
*
@@ -580,6 +586,7 @@
*/
MANUAL_SCAN_REQ
} scan_req, last_scan_req;
+ enum wpa_states scan_prev_wpa_state;
struct os_reltime scan_trigger_time, scan_start_time;
int scan_runs; /* number of scan runs since WPS was started */
int *next_scan_freqs;
@@ -590,7 +597,6 @@
unsigned int manual_scan_only_new:1;
unsigned int own_scan_requested:1;
unsigned int own_scan_running:1;
- unsigned int external_scan_running:1;
unsigned int clear_driver_scan_cache:1;
unsigned int manual_scan_id;
int scan_interval; /* time in sec between scans to find suitable AP */
@@ -857,6 +863,7 @@
unsigned int network_select:1;
unsigned int auto_select:1;
unsigned int auto_network_select:1;
+ unsigned int interworking_fast_assoc_tried:1;
unsigned int fetch_all_anqp:1;
unsigned int fetch_osu_info:1;
unsigned int fetch_osu_waiting_scan:1;
@@ -939,6 +946,7 @@
#ifdef CONFIG_TESTING_OPTIONS
struct l2_packet_data *l2_test;
unsigned int extra_roc_dur;
+ enum wpa_supplicant_test_failure test_failure;
#endif /* CONFIG_TESTING_OPTIONS */
struct wmm_ac_assoc_data *wmm_ac_assoc_info;
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index 209e2bc..8387043 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -860,12 +860,14 @@
static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject,
+ const char *altsubject[], int num_altsubject,
const char *cert_hash,
const struct wpabuf *cert)
{
struct wpa_supplicant *wpa_s = ctx;
- wpas_notify_certification(wpa_s, depth, subject, cert_hash, cert);
+ wpas_notify_certification(wpa_s, depth, subject, altsubject,
+ num_altsubject, cert_hash, cert);
}
@@ -948,6 +950,7 @@
ctx->port_cb = wpa_supplicant_port_cb;
ctx->cb = wpa_supplicant_eapol_cb;
ctx->cert_cb = wpa_supplicant_cert_cb;
+ ctx->cert_in_cb = wpa_s->conf->cert_in_cb;
ctx->status_cb = wpa_supplicant_status_cb;
ctx->set_anon_id = wpa_supplicant_set_anon_id;
ctx->cb_ctx = wpa_s;