resolve merge conflicts

MFC after:	3 weeks

3 files changed, 18 insertions, 158 deletions

diff --git a/contrib/hostapd/eapol_version.patch b/contrib/hostapd/eapol_version.patch
deleted file mode 100644
index c02e367..0000000
--- a/contrib/hostapd/eapol_version.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-? eapol_version.patch
-Index: config.c
-===================================================================
-RCS file: /home/ncvs/src/contrib/hostapd/config.c,v
-retrieving revision 1.1.1.3
-diff -u -r1.1.1.3 config.c
---- config.c	7 Mar 2006 05:46:42 -0000	1.1.1.3
-+++ config.c	27 Mar 2006 05:28:09 -0000
-@@ -29,6 +29,7 @@
- #include "sha1.h"
- #include "eap.h"
- #include "radius_client.h"
-+#include "ieee802_1x.h"		/* XXX for EAPOL_VERSION */
- 
- 
- static struct hostapd_config *hostapd_config_defaults(void)
-@@ -60,6 +61,7 @@
- 	conf->logger_stdout = (unsigned int) -1;
- 
- 	conf->auth_algs = HOSTAPD_AUTH_OPEN | HOSTAPD_AUTH_SHARED_KEY;
-+	conf->eapol_version = EAPOL_VERSION;	/* NB: default version */
- 
- 	conf->wpa_group_rekey = 600;
- 	conf->wpa_gmk_rekey = 86400;
-@@ -855,6 +857,17 @@
- 			}
- 		} else if (strcmp(buf, "eapol_key_index_workaround") == 0) {
- 			conf->eapol_key_index_workaround = atoi(pos);
-+		} else if (strcmp(buf, "eapol_version") == 0) {
-+			conf->eapol_version = atoi(pos);
-+			if (conf->eapol_version < 1 ||
-+			    conf->eapol_version > 2) {
-+				printf("Line %d: invalid EAPOL "
-+				       "version (%d): '%s'.\n",
-+				       line, conf->eapol_version, pos);
-+				errors++;
-+			} else
-+				wpa_printf(MSG_DEBUG, "eapol_version=%d",
-+				   conf->eapol_version);
- #ifdef CONFIG_IAPP
- 		} else if (strcmp(buf, "iapp_interface") == 0) {
- 			conf->ieee802_11f = 1;
-Index: config.h
-===================================================================
-RCS file: /home/ncvs/src/contrib/hostapd/config.h,v
-retrieving revision 1.1.1.2
-diff -u -r1.1.1.2 config.h
---- config.h	7 Mar 2006 05:46:42 -0000	1.1.1.2
-+++ config.h	27 Mar 2006 05:28:09 -0000
-@@ -73,6 +73,7 @@
- 				* EAP Request-Identity */
- 	size_t eap_req_id_text_len;
- 	int eapol_key_index_workaround;
-+	int eapol_version;
- 
- 	size_t default_wep_key_len;
- 	int individual_wep_key_len;
-Index: hostapd.conf
-===================================================================
-RCS file: /home/ncvs/src/contrib/hostapd/hostapd.conf,v
-retrieving revision 1.1.1.2
-diff -u -r1.1.1.2 hostapd.conf
---- hostapd.conf	7 Mar 2006 05:46:50 -0000	1.1.1.2
-+++ hostapd.conf	27 Mar 2006 05:28:09 -0000
-@@ -106,6 +106,14 @@
- # Require IEEE 802.1X authorization
- #ieee8021x=1
- 
-+# IEEE 802.1X/EAPOL version
-+# hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL
-+# version 2. However, there are some clients that do not handle
-+# the new version number correctly (they seem to drop the frames completely).
-+# In order to make hostapd interoperate with these clients, the version number
-+# can be set to the older version (1) with this configuration value.
-+#eapol_version=2
-+
- # Optional displayable message sent with EAP Request-Identity. The first \0
- # in this string will be converted to ASCII-0 (nul). This can be used to
- # separate network info (comma separated list of attribute=value pairs); see,
-Index: ieee802_1x.c
-===================================================================
-RCS file: /home/ncvs/src/contrib/hostapd/ieee802_1x.c,v
-retrieving revision 1.4
-diff -u -r1.4 ieee802_1x.c
---- ieee802_1x.c	7 Mar 2006 05:51:52 -0000	1.4
-+++ ieee802_1x.c	27 Mar 2006 05:28:10 -0000
-@@ -76,7 +76,7 @@
- #endif
- 
- 	xhdr = (struct ieee802_1x_hdr *) buf;
--	xhdr->version = EAPOL_VERSION;
-+	xhdr->version = hapd->conf->eapol_version;
- 	xhdr->type = type;
- 	xhdr->length = htons(datalen);
- 
-@@ -324,7 +324,7 @@
- 
- 	/* This header is needed here for HMAC-MD5, but it will be regenerated
- 	 * in ieee802_1x_send() */
--	hdr->version = EAPOL_VERSION;
-+	hdr->version = hapd->conf->eapol_version;
- 	hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
- 	hdr->length = htons(len);
- 	hmac_md5(sm->eapol_key_sign, sm->eapol_key_sign_len,
-@@ -1665,7 +1665,7 @@
- 			"dot1xPaePortInitialize=%d\n"
- 			"dot1xPaePortReauthenticate=FALSE\n",
- 			sta->aid,
--			EAPOL_VERSION,
-+			hapd->conf->eapol_version,
- 			sm->initialize);
- 
- 	/* dot1xAuthConfigTable */
-Index: wpa.c
-===================================================================
-RCS file: /home/ncvs/src/contrib/hostapd/wpa.c,v
-retrieving revision 1.4
-diff -u -r1.4 wpa.c
---- wpa.c	7 Mar 2006 05:51:52 -0000	1.4
-+++ wpa.c	27 Mar 2006 05:28:12 -0000
-@@ -1855,7 +1855,7 @@
- 	if (hdr == NULL)
- 		return;
- 	memset(hdr, 0, len);
--	hdr->version = EAPOL_VERSION;
-+	hdr->version = hapd->conf->eapol_version;
- 	hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
- 	hdr->length = htons(len  - sizeof(*hdr));
- 	key = (struct wpa_eapol_key *) (hdr + 1);
diff --git a/contrib/hostapd/ieee802_1x.c b/contrib/hostapd/ieee802_1x.c
index 7cde0652..53f6b47 100644
--- a/contrib/hostapd/ieee802_1x.c
+++ b/contrib/hostapd/ieee802_1x.c
@@ -1678,6 +1678,8 @@ int ieee802_1x_init(struct hostapd_data *hapd)
 
 void ieee802_1x_deinit(struct hostapd_data *hapd)
 {
+	eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
+
 	if (hapd->driver != NULL &&
 	    (hapd->conf->ieee802_1x || hapd->conf->wpa))
 		hostapd_set_ieee8021x(hapd->conf->iface, hapd, 0);
diff --git a/contrib/hostapd/wpa.c b/contrib/hostapd/wpa.c
index 7d40b9a..25ca57f 100644
--- a/contrib/hostapd/wpa.c
+++ b/contrib/hostapd/wpa.c
@@ -1,6 +1,6 @@
 /*
  * hostapd - IEEE 802.11i-2004 / WPA Authenticator
- * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
@@ -107,7 +107,6 @@ struct wpa_state_machine {
 	unsigned int in_step_loop:1;
 	unsigned int pending_deinit:1;
 	unsigned int started:1;
-	unsigned int sta_counted:1;
 	unsigned int mgmt_frame_prot:1;
 
 	u8 req_replay_counter[WPA_REPLAY_COUNTER_LEN];
@@ -136,7 +135,6 @@ struct wpa_group {
 	int vlan_id;
 
 	Boolean GInit;
-	int GNoStations;
 	int GKeyDoneStations;
 	Boolean GTKReKey;
 	int GTK_len;
@@ -2687,14 +2685,6 @@ SM_STATE(WPA_PTK, DISCONNECT)
 SM_STATE(WPA_PTK, DISCONNECTED)
 {
 	SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
-	if (sm->sta_counted) {
-		sm->group->GNoStations--;
-		sm->sta_counted = 0;
-	} else {
-		wpa_printf(MSG_DEBUG, "WPA: WPA_PTK::DISCONNECTED - did not "
-			   "decrease GNoStations (STA " MACSTR ")",
-			   MAC2STR(sm->addr));
-	}
 	sm->DeauthenticationRequest = FALSE;
 }
 
@@ -2702,14 +2692,6 @@ SM_STATE(WPA_PTK, DISCONNECTED)
 SM_STATE(WPA_PTK, AUTHENTICATION)
 {
 	SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
-	if (!sm->sta_counted) {
-		sm->group->GNoStations++;
-		sm->sta_counted = 1;
-	} else {
-		wpa_printf(MSG_DEBUG, "WPA: WPA_PTK::DISCONNECTED - did not "
-			   "increase GNoStations (STA " MACSTR ")",
-			   MAC2STR(sm->addr));
-	}
 	memset(&sm->PTK, 0, sizeof(sm->PTK));
 	sm->PTK_valid = FALSE;
 	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
@@ -3221,8 +3203,9 @@ SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
 {
 	SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
 	sm->EAPOLKeyReceived = FALSE;
+	if (sm->GUpdateStationKeys)
+		sm->group->GKeyDoneStations--;
 	sm->GUpdateStationKeys = FALSE;
-	sm->group->GKeyDoneStations--;
 	sm->GTimeoutCtr = 0;
 	/* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
 	wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
@@ -3235,7 +3218,8 @@ SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
 SM_STATE(WPA_PTK_GROUP, KEYERROR)
 {
 	SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
-	sm->group->GKeyDoneStations--;
+	if (sm->GUpdateStationKeys)
+		sm->group->GKeyDoneStations--;
 	sm->GUpdateStationKeys = FALSE;
 	sm->Disconnect = TRUE;
 }
@@ -3311,6 +3295,12 @@ static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
 
 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
 {
+	if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
+		wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
+				"Not in PTKINITDONE; skip Group Key update");
+		return 0;
+	}
+	sm->group->GKeyDoneStations++;
 	sm->GUpdateStationKeys = TRUE;
 	wpa_sm_step(sm);
 	return 0;
@@ -3330,10 +3320,14 @@ static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
 	tmp = group->GM;
 	group->GM = group->GN;
 	group->GN = tmp;
-	group->GKeyDoneStations = group->GNoStations;
+	/* "GKeyDoneStations = GNoStations" is done in more robust way by
+	 * counting the STAs that are marked with GUpdateStationKeys instead of
+	 * including all STAs that could be in not-yet-completed state. */
 	wpa_gtk_update(wpa_auth, group);
 
 	wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
+	wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
+		   group->GKeyDoneStations);
 }
 
 
@@ -3782,13 +3776,6 @@ int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
 	wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
 		   "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
 
-	if (sm->group && sm->group != group && sm->sta_counted) {
-		sm->group->GNoStations--;
-		sm->sta_counted = 0;
-		wpa_printf(MSG_DEBUG, "WLA: Decreased GNoStations for the "
-			   "previously used group state machine");
-	}
-
 	sm->group = group;
 	return 0;
 }