refuse to remove declarative networks
this is terrible, it doesn't give back an error message, just "hangs up".
declarative check improvements:
- factor declarative checking out into separate procedure
- load declarative networks only once
- use basename of network files instead of full path
Reformulate nixos error message
Allocate strings on stack
build: Require at least version 0.33 when building with external ELL
ap: Start EAP-WSC authentication with WSC enrollees
After association and sending the SET_STATION commands, set up the
handshake_state and eapol_sm for EAP-WSC and start the handshake.
ap: Parse WSC PBC association request and build response
Check the conditions for PBC enrollee registration when we receive the
Association Request with WSC IE and indicate to the enrollee whether we
accept the association using a WSC IE in the Association Response.
After this, a NULL sta->assoc_rsne indicates that the station is not
establishing the RSNA and is a WSC enrollee.
ap: WSC Probe Request processing logic
Implement the caching of WSC probe requests -- when an Enrollee later
associates to start registration we need to have its Probe Request on
file. Also use this cache for PBC "Session Overlap" detection.
ap: Push Button mode API and beacon changes
This adds the API for putting the AP in Push Button mode, which we'll
need to P2P GO side but may be useful on its own too. A WSC IE is added
to our beacons and probe responses indicating whether the PBC mode is
ap: Stop ongoing handshake on reassociation
On a new association or re-association, in addition to forgetting a
complete RSN Association, also stop the EAPoL SM to stop any ongoing
Do this in a new function ap_stop_handshake that is now used in a few
places that had copies of the same few lines. I'll be adding some more
lines to this function for WSC support.
eapol: Handle the use_eapol_start flag on authenticator
Reuse this flag on the authenticator side with a slightly different
meaning: when it's true we're forced to wait for the EAPoL-Start before
sending the first EAPoL-EAP frame to the supplicant, such as is required
in a WSC enrollee registration when the Association Request didn't have
a v2.0 WSC IE.
wscutil: Add wsc_build_beacon
For consistency also update wsc_build_probe_response to use the same
__builtin_popcount based rf_bands check.
wscutil: Use a utility for building authorized_macs
Add the wfa_build_authorized_macs function (wfa_ prefix following the
wfa_extract_ naming) and use it in wsc_build_probe_response. The logic
is changed slightly to treat the first 6-zeros address in the array as
the end of the array.
ap: Fix incoming Probe Request BSSID check
Setting 'match' false wouldn't do anything because it was already false.
If the frame is addressed to some other non-broadcast address ignore it
directly and exit ap_probe_req_cb.
ap: Move AP parameters to a struct
To limit the number of ap_start parameters, group basic AP config
parameters in the ap_config struct that is passed as a pointer and owned
by the ap_state.
eap-wsc: In WSC-R read UUID-E from settings
The intent was to read the UUID-E from the settings rather than generate
it from the enrollee's MAC because it needs to match the UUID-E from
enrolee's Probe Requests, fix this. The UUID-E supplied in the unit
test was being ignored but the test still passed because the supplied
UUID-E was generated the same way we generated it in eap-wsc.c.
eap: Re-send Identity Request on EAPoL-Start
It looks like clients sometimes miss our unsolicited Identity Request
and need a resend.