Cumulative patch from commit 5e32f8256f5fcce8b70a95e070375ac549ac935a

5e32f82 tests: Verify HS 2.0R2 deauthentication request b61e70c HS 2.0R2: Add WFA server-only EAP-TLS server method 8d2a992 HS 2.0R2: RADIUS server support to request Subscr Remediation ae6d15c HS 2.0R2 AP: Add OSU Providers list ANQP element f7bd7a0 HS 2.0R2 AP: Add Icon Request and Icon binary File ANQP elements 97596f8 HS 2.0R2 AP: Add support for Session Info URL RADIUS AVP 8e1146d HS 2.0R2 AP: Add support for deauthentication request a14896e HS 2.0R2 AP: Add OSEN implementation 6ca0853 HS 2.0R2 AP: Use Subscr Remediation request from RADIUS server 7bc9c25 HS 2.0R2 AP: Add STA's Hotspot 2.0 Release Number into Access-Request 76579ec HS 2.0R2 AP: Add AP Hotspot 2.0 Release Number as WFA RADIUS VSA 0dd100f HS 2.0R2 AP: Add definition and helper function for WFA RADIUS VSA 3fb17a9 HS 2.0R2 AP: Add WNM-Notification Request for Subscription Remediation d5d2478 HS 2.0R2 AP: Update HS 2.0 Indication element to Release 2 a6739e1 HS 2.0R2: Try to scan multiple times for OSU providers cf6d08a Interworking: Add OCSP parameter to the cred block 6402f2f Interworking: Add more debug info on roaming partner preferences 7479489 Interworking: Add sp_priority cred parameter 751ac99 Interworking: Use a helper function to compare cred priority aff419f Interworking: Remove separate credential priority tracking 533536d HS 2.0R2: Disable full ESS for as a workaround for per-BSS issues 8a77f1b HS 2.0R2: Slow down connection attempts on EAP failures 76a55a8 HS 2.0R2: Add more debug to network selection 8b4b9fb HS 2.0R2: Fix bandwidth policy BSS selection 28f2a7c HS 2.0R2: Allow excluded network to be selected based on user override 33fb8c5 HS 2.0R2: Add support for Policy/RequiredProtoPortTuple a45b2dc HS 2.0R2: Add support for Policy/MaximumBSSLoadValue 4cad9df HS 2.0R2: Add support for Policy/MinBackhaulThreshold aa26ba6 HS 2.0R2: Add tracking of provisioning SP 8e5fdfa HS 2.0R2: Add WFA server-only EAP-TLS peer method df0f01d HS 2.0R2: Add OSEN client implementation a5d7563 HS 2.0R2: Add common OSEN definitions 230e373 HS 2.0R2: Add GAS operation duration statistics into debug b572df8 HS 2.0R2: Add routine for fetching OSU provider information 1d2215f HS 2.0R2: Add OSU Providers list ANQP element 184e110 HS 2.0R2: Add Icon Request and Icon binary File ANQP elements 7ef6947 HS 2.0R2: Add STA support for Deauthentication Request notification 95a3ea9 HS 2.0R2: Add WNM-Notification Request for Subscription Remediation f9cd147 HS 2.0R2: Update Indication element to Release 2 bc00053 Interworking: Allow roaming partner configuration ae6f927 nl80211: Add driver capability for GTK_NOT_USED 2c49d04 Do not clear global pmf setting on FLUSH eef7235 Only try fast reconnect if network is not disabled 3d910ef Interworking: Prefer last added network during network selection 2a33687 P2P: Remove unnecessary ifdef CONFIG_NO_CONFIG_WRITE 050d8b5 Fix documentation for wpa_supplicant_global_ctrl_iface_process() 8c9cb81 DFS: Fix coding style (missing whitespace) 4f1e01b DFS: Add VHT160 available channels b8058a6 hostapd: DFS allow mixed channels 4db216f wpa_supplicant: Add support for IPv6 with UDP ctrl_iface e2364d1 hostapd: Deauthenticate clients forbidden by maclist changes 1748f1d hostapd: Make it possible to remove addresses from maclists 064eb05 Add os_remove_in_array() c1151e4 Force OFDM/HT/VHT to be disabled on channel 14 bfb79dd nl80211: Show regulatory rule flags in debug output 3d7ad2f hostapd: Configure spectrum management capability e0392f8 hostapd: Add Power Constraint element 891330f Fix spelling s/algorith/algorithm/ f0e30c8 Do not start another connect work while one is pending 3290398 WPS: Fix UNSUBSCRIBE error returns if NT or CALLBACK header is used f34df28 WPS: Fix UNSUBSCRIBE to return 412 if no SID match found 80f256a WPS: Remove unnecessary filename NULL check Change-Id: I7dc25a8bb0074f4970ade8d42dfa60da166baf96 Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
author: Dmitry Shmidt <dimitrysh@google.com> 2014-02-26 10:55:25 -0800
committer: Dmitry Shmidt <dimitrysh@google.com> 2014-02-26 10:55:25 -0800
commit: f21452aea786ac056eb01f1cbba4f553bd502747 (patch)
tree: 52237fc49df86428cba18241051a3bf1936c1c5c /src/eap_server
parent: 0970157a386c5a37a66ed762ef127ed329b478f3 (diff)
download: android_external_wpa_supplicant_8-f21452aea786ac056eb01f1cbba4f553bd502747.tar.gz
android_external_wpa_supplicant_8-f21452aea786ac056eb01f1cbba4f553bd502747.tar.bz2
android_external_wpa_supplicant_8-f21452aea786ac056eb01f1cbba4f553bd502747.zip
5 files changed, 68 insertions, 0 deletions
diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h
index 36b230b4..197b232f 100644
--- a/src/eap_server/eap.h
+++ b/src/eap_server/eap.h
@@ -32,6 +32,7 @@ struct eap_user {
 			    * nt_password_hash() */
 	int phase2;
 	int force_version;
+	unsigned int remediation:1;
 	int ttls_auth; /* bitfield of
 			* EAP_TTLS_AUTH_{PAP,CHAP,MSCHAP,MSCHAPV2} */
 };
diff --git a/src/eap_server/eap_methods.h b/src/eap_server/eap_methods.h
index 429cb72b..0baa3279 100644
--- a/src/eap_server/eap_methods.h
+++ b/src/eap_server/eap_methods.h
@@ -27,6 +27,7 @@ int eap_server_identity_register(void);
 int eap_server_md5_register(void);
 int eap_server_tls_register(void);
 int eap_server_unauth_tls_register(void);
+int eap_server_wfa_unauth_tls_register(void);
 int eap_server_mschapv2_register(void);
 int eap_server_peap_register(void);
 int eap_server_tlv_register(void);
diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c
index 447f47cf..6bed62f8 100644
--- a/src/eap_server/eap_server_tls.c
+++ b/src/eap_server/eap_server_tls.c
@@ -94,6 +94,28 @@ static void * eap_unauth_tls_init(struct eap_sm *sm)
 #endif /* EAP_SERVER_UNAUTH_TLS */
 
 
+#ifdef CONFIG_HS20
+static void * eap_wfa_unauth_tls_init(struct eap_sm *sm)
+{
+	struct eap_tls_data *data;
+
+	data = os_zalloc(sizeof(*data));
+	if (data == NULL)
+		return NULL;
+	data->state = START;
+
+	if (eap_server_tls_ssl_init(sm, &data->ssl, 0)) {
+		wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL.");
+		eap_tls_reset(sm, data);
+		return NULL;
+	}
+
+	data->eap_type = EAP_WFA_UNAUTH_TLS_TYPE;
+	return data;
+}
+#endif /* CONFIG_HS20 */
+
+
 static void eap_tls_reset(struct eap_sm *sm, void *priv)
 {
 	struct eap_tls_data *data = priv;
@@ -178,6 +200,10 @@ static Boolean eap_tls_check(struct eap_sm *sm, void *priv,
 		pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS,
 				       EAP_VENDOR_TYPE_UNAUTH_TLS, respData,
 				       &len);
+	else if (data->eap_type == EAP_WFA_UNAUTH_TLS_TYPE)
+		pos = eap_hdr_validate(EAP_VENDOR_WFA_NEW,
+				       EAP_VENDOR_WFA_UNAUTH_TLS, respData,
+				       &len);
 	else
 		pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_type,
 				       respData, &len);
@@ -340,3 +366,34 @@ int eap_server_unauth_tls_register(void)
 	return ret;
 }
 #endif /* EAP_SERVER_UNAUTH_TLS */
+
+
+#ifdef CONFIG_HS20
+int eap_server_wfa_unauth_tls_register(void)
+{
+	struct eap_method *eap;
+	int ret;
+
+	eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
+				      EAP_VENDOR_WFA_NEW,
+				      EAP_VENDOR_WFA_UNAUTH_TLS,
+				      "WFA-UNAUTH-TLS");
+	if (eap == NULL)
+		return -1;
+
+	eap->init = eap_wfa_unauth_tls_init;
+	eap->reset = eap_tls_reset;
+	eap->buildReq = eap_tls_buildReq;
+	eap->check = eap_tls_check;
+	eap->process = eap_tls_process;
+	eap->isDone = eap_tls_isDone;
+	eap->getKey = eap_tls_getKey;
+	eap->isSuccess = eap_tls_isSuccess;
+	eap->get_emsk = eap_tls_get_emsk;
+
+	ret = eap_server_method_register(eap);
+	if (ret)
+		eap_server_method_free(eap);
+	return ret;
+}
+#endif /* CONFIG_HS20 */
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index 526e1bcc..de5ab0dd 100644
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -25,6 +25,10 @@ struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len,
 		return eap_msg_alloc(EAP_VENDOR_UNAUTH_TLS,
 				     EAP_VENDOR_TYPE_UNAUTH_TLS, payload_len,
 				     code, identifier);
+	else if (type == EAP_WFA_UNAUTH_TLS_TYPE)
+		return eap_msg_alloc(EAP_VENDOR_WFA_NEW,
+				     EAP_VENDOR_WFA_UNAUTH_TLS, payload_len,
+				     code, identifier);
 	return eap_msg_alloc(EAP_VENDOR_IETF, type, payload_len, code,
 			     identifier);
 }
@@ -393,6 +397,10 @@ int eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data,
 		pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS,
 				       EAP_VENDOR_TYPE_UNAUTH_TLS, respData,
 				       &left);
+	else if (eap_type == EAP_WFA_UNAUTH_TLS_TYPE)
+		pos = eap_hdr_validate(EAP_VENDOR_WFA_NEW,
+				       EAP_VENDOR_WFA_UNAUTH_TLS, respData,
+				       &left);
 	else
 		pos = eap_hdr_validate(EAP_VENDOR_IETF, eap_type, respData,
 				       &left);
diff --git a/src/eap_server/eap_tls_common.h b/src/eap_server/eap_tls_common.h
index 11f58275..91449afd 100644
--- a/src/eap_server/eap_tls_common.h
+++ b/src/eap_server/eap_tls_common.h
@@ -64,6 +64,7 @@ struct eap_ssl_data {
 
 /* dummy type used as a flag for UNAUTH-TLS */
 #define EAP_UNAUTH_TLS_TYPE 255
+#define EAP_WFA_UNAUTH_TLS_TYPE 254
 
 
 struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len,
author	Dmitry Shmidt <dimitrysh@google.com>	2014-02-26 10:55:25 -0800
committer	Dmitry Shmidt <dimitrysh@google.com>	2014-02-26 10:55:25 -0800
commit	f21452aea786ac056eb01f1cbba4f553bd502747 (patch)
tree	52237fc49df86428cba18241051a3bf1936c1c5c /src/eap_server
parent	0970157a386c5a37a66ed762ef127ed329b478f3 (diff)
download	android_external_wpa_supplicant_8-f21452aea786ac056eb01f1cbba4f553bd502747.tar.gz android_external_wpa_supplicant_8-f21452aea786ac056eb01f1cbba4f553bd502747.tar.bz2 android_external_wpa_supplicant_8-f21452aea786ac056eb01f1cbba4f553bd502747.zip