3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-30 06:39:46 +01:00
Commit Graph

4929 Commits

Author SHA1 Message Date
James Prestwood
ca9110e8c2 network: enforce max EAP/pkey password length 2020-03-06 13:08:25 -06:00
James Prestwood
d40a8d1a6d eap-gtc: limit password length to maximum
The password for EAP-GTC is directly used in an EAP response. The
response buffer is created on the stack so an overly large password
could cause a stack overflow.
2020-03-06 13:08:05 -06:00
James Prestwood
301d8473df iwd: define a maximum password length 2020-03-06 13:07:58 -06:00
James Prestwood
77cfb615e5 eap: check MTU when loading identity
If the MTU was set very low an identity could exceed the maximum.
2020-03-06 12:17:09 -06:00
Denis Kenzior
53ea9adfb5 netdev: Fix disconnect event coming out of order
mac80211 drivers seem to send the disconnect event which is triggered by
CMD_DISCONNECT prior to the CMD_DISCONNECT response.  However, some
drivers, namely brcmfmac, send the response first and then send the
disconnect event.  This confused iwd when a connection was immediately
triggered after a disconnection (network switch operation).

Fix this by making sure that connected variable isn't set until the
connect event is actually processed, and ignore disconnect events which
come after CMD_DISCONNECT has alredy succeeded.
2020-02-28 10:25:04 -06:00
Tim Kourt
df64dd443e client: Rework agent registarion logic
Do agent registration as part of agent manager proxy creation.
This ensures that the registration call is made only after the agent
manager’s interface becomes available on the bus.
2020-02-27 16:30:11 -06:00
Tim Kourt
4fdb6bc9fa client: Reorder interface creation ops
Add the newly created proxy objects into the queue before the
interface specific initialization logic takes place. This way the new
proxy objects can be used within the initialization procedures.
2020-02-27 16:26:32 -06:00
Andrew Zaborowski
58737e02d5 test: Handle missing agent calls in simple-agent
Handle RequestPrivateKeyPassphrase and RequestUserNameAndPassword
2020-02-17 12:28:21 -06:00
Andrew Zaborowski
0b34371253 test: Update paths in list-devices 2020-02-17 12:28:17 -06:00
Andrew Zaborowski
dd2677402a ap: React to NL80211_CMD_STOP_AP events
These events will tell use when our AP gets stopped without our request,
for example due to suspend/resume.
2020-02-17 12:27:54 -06:00
Andrew Zaborowski
87a198111a frame-xchg: Don't use l_genl for additional nl80211 sockets
For nl80211 sockets other than our main l_genl object use socket io
directly, to avoid creating many instances of l_genl.  The only reason
we use multiple sockets is to work around an nl80211 design quirk that
requires closing the socket to unregister management frame watches.
Normally there should not be a need to create multiple sockets in a
program.
2020-02-17 12:23:13 -06:00
Andrew Zaborowski
0d62b5a2fc frame-xchg: Add a frame exchange API
Add a little state machine and a related API, to simplify sending out a
frame, receiving the Ack / No-ack status and (if acked) waiting for a
response frame from the target device, one of a list of possible
frame prefixes.  The nl80211 API for this makes it complicated
enough that this new API seems to be justified, on top of that there's a
quirk when using the brcmfmac driver where the nl80211 response
(containing the operation's cookie), the Tx Status event and the response
Frame event are received from nl80211 in reverse order (not seen with
other drivers so far), further complicating what should be a pretty
simple task.
2020-02-17 10:45:40 -06:00
Andrew Zaborowski
ff7abdb89d frame-xchg: Try to call a handler only once per frame
Try to better deduplicate the frame watches.  Until now we'd check if
we'd already registered a given frame body prefix with the kernel, or a
matching more general prefix (shorter).  Now also try to check if we
have already have a watch with the same callback pointer and user_data
value, and:

 * an identical or shorter (more general) prefix, in that case ignore
   the new watch completely.

 * a longer (more specific) prefix, in that case forget the existing
   watch.

The use case for this is when we have a single callback for multiple
watches and multiple frame types, and inside that callback we're looking
at the frame body again and matching it to frame types.  In that case
we don't want that function to be called multiple times for one frame
event.
2020-02-17 10:42:55 -06:00
Daniel Wagner
a40503427e rtnlutil: Remove used rtnlutil
The rtnl code has been added to ELL. There is caller left in iwd,
therefore remove the rtnlutil file.
2020-02-17 09:08:50 -06:00
Daniel Wagner
280658c73b netconfig: Use ell's rtnl API 2020-02-17 09:08:50 -06:00
Daniel Wagner
0af1207a6c netdev: Use ell's rtnl APIs 2020-02-17 09:08:50 -06:00
Marcel Holtmann
1ee7b985aa Release 1.5 2020-02-09 08:31:09 +01:00
Marcel Holtmann
71cdd84dfb build: Require at least version 0.28 when building with external ELL 2020-02-09 08:25:24 +01:00
Andrew Zaborowski
1896ac2d73 frame-xchg: Use both group_id and wdev_id when removing group
In frame_watch_group_remove I forgot to actually match the group to be
removed by both wdev_id and group_id.  group_ids are unique only in the
scope of one wdev.
2020-02-07 15:41:14 -06:00
Andrew Zaborowski
053c1ca2a2 frame-xchg: Add new groups to watch_groups list
I forgot to actually add new groups being created in
frame_watch_group_get to the watch_groups queue, meaning that we'd
re-create the group every time a new watch was added to the group.
2020-02-07 15:34:14 -06:00
Andrew Zaborowski
16cc2386f1 nl80211util: Handle NL80211_ATTR_ACK flag in parser
If this attribute is included in the nl80211_parse_attrs parameters, set
the corresponding bool to true if flag was present and false if not.
2020-02-07 15:26:35 -06:00
Tim Kourt
c32495cf03 client: Fix proxy object's dependency resolution
Previously, the parsing of the OMs objects has been done in one pass,
therefore, the proxy object's dependencies may not have been parsed at the
time when they were looked up for the dependency assignments. Now, the
parsing of the OM objects is done in two passes: 1) Create proxy objects -
one per interface and path, 2) Populate the proxy objects with properties
and assign dependencies. Therefore, we are guaranteed to have the proxy
objects created by the time they are looked up for the dependency
assignments.
2020-02-07 15:24:47 -06:00
Tim Kourt
49607880fc peap: Fail auth. if invalid compound MAC is received
Since the interoperability with the Windows server has been achieved,
witch back to failing authentication if invalid compound MAC is
received.
2020-02-06 15:18:04 -06:00
Tim Kourt
bdf328320d peap: Ensure TLV uniqueness
Processing the duplicated TLVs while connecting to a malicious AP may lead
to overflow of the response buffer. This patch ensures that the
duplicated TLVs are not parsed.
2020-02-06 10:28:39 -06:00
Denis Kenzior
4f745ff930 manager: Fix initialization for blacklisted drivers
The pending wiphy state 'use_default' variable was not set early enough
in some circumstances resulting in weird behavior for blacklisted
drivers.  Fix this by adding a manager_wiphy_dump_done callback which
will properly initialize the use_default value.

Fixes: c4b2f10483 ("manager: Handle missing NEW_WIPHY events")
2020-02-05 14:27:05 -06:00
Denis Kenzior
360f66f71c manager: Also set retry when using default interfaces 2020-02-05 09:14:47 -06:00
Denis Kenzior
8530396fb3 manager: Add brcmfmac to the blacklist
brcmfmac does not allow the removal of the default / primary interface.
So there isn't much point in having iwd attempt this.

Another issue is that brcmfmac _does_ allow the deletion of non-default
interfaces.  So starting iwd on a system with a station & ap interface
active can result in iwd attempting to delete all the interfaces.  Given
the above, it succeeds in deleting the ap interface but not the station
one.  In strange circumstances it might end up thinking that the ap
interface is the 'default' and trying to use it, whereas it was just
successfully removed.
2020-02-04 16:00:46 -06:00
Denis Kenzior
f168fb2e16 manager: Fix valgrind complaint
==192== Conditional jump or move depends on uninitialised value(s)
==192==    at 0x4531D3: l_queue_find (queue.c:346)
==192==    by 0x42F1F8: manager_config_notify (manager.c:667)
==192==    by 0x45A895: process_multicast (genl.c:970)
==192==    by 0x45A895: received_data (genl.c:1037)
==192==    by 0x4577B2: io_callback (io.c:126)
==192==    by 0x456B0D: l_main_iterate (main.c:473)
==192==    by 0x456BCB: l_main_run (main.c:520)
==192==    by 0x456DDA: l_main_run_with_signal (main.c:642)
==192==    by 0x4034B0: main (main.c:497)
2020-02-04 11:05:10 -06:00
Andrew Zaborowski
fff6c97e99 frame-watch: Fix an l_queue_foreach_remove call
A pointer to the wdev_id is expected in this call inside
frame_watch_group_remove_wdev instead of a pointer to the pointer.
2020-02-04 10:46:57 -06:00
Andrew Zaborowski
1df4cb5be7 frame-watch: Actually unregister removed groups
Actually close the sockets for removed groups an free resources
2020-02-04 10:46:32 -06:00
Denis Kenzior
c4b2f10483 manager: Handle missing NEW_WIPHY events
The kernel emits NEW_WIPHY events whenever a new wiphy is registered.
Unfortunately these events are emitted under the 'legacy' semantics and
have a hard size limit of 4096 bytes.  Unfortunately, it is possible for
a NEW_WIPHY message to exceed this limit (ath10k cards seem to be
affected in particular), which results in the kernel never sending these
messages out.  This can lead to NEW_INTERFACE events being emitted with
a wiphy_id that had no corresponding NEW_WIPHY event emitted.  Such a
sequence can confuse iwd's hardware detection logic, particularly during
hot-plug or system boot.

Fix this by re-dumping the wiphy if such a condition is detected.  This
has some interaction with blacklisted wiphys, so the wiphy objects are
now always tracked and marked as blacklisted.  Before, the blacklisted
wiphys were simply not added to the iwd list of tracked wiphys.
2020-02-04 10:42:07 -06:00
Denis Kenzior
6825721535 wiphy: Add wiphy_get_id 2020-02-03 17:37:28 -06:00
Denis Kenzior
fcdddf2b72 build: Support missing rawmemchr 2020-02-03 11:54:28 -06:00
Tim Kourt
40ad8be113 auto-t: Test PEAPv0 cryptobinding 2020-02-03 11:34:29 -06:00
Tim Kourt
dc4b7e327e peap: Add inner EAP key material into imsk calculation
For the inner EAP methods that support generation of the key material
include it into imck generation. This allows to cryptographically
bind the inner method with the tunnel.
2020-02-03 11:33:57 -06:00
Tim Kourt
c2078c703d eap-tls-common: Address PEAPv0 interoperability with Windows
Windows Server 2008 - Network Policy Server (NPS) generates an invalid
Compound MAC for Cryptobinding TLV when is used within PEAPv0 due to
incorrect parsing of the message containing TLS Client Hello.
Setting L bit and including TLS Message Length field, even for the
packets that do not require fragmentation, corrects the issue. The
redundant TLS Message Length field in unfragmented packets doesn't
seem to affect the other server implementations.
2020-02-03 11:33:02 -06:00
Denis Kenzior
0508879e2a hwsim: Use L_DBUS_PROPERTY_FLAG_AUTO_EMIT 2020-01-29 10:51:40 -06:00
Andrew Zaborowski
55f9639ee3 manager: Retry the interface setup if we get an EBUSY
Sometimes, at least with brcmfmac, the default interface apparently
takes a moment to get created after the NEW_WIPHY event.  We didn't
really consider this case in the NEW_WIPHY handler and we've got a race
condition.  It fixes the following bug for me:
https://bugs.archlinux.org/task/63912 -- tested by removing and
re-modprobing the brcmfmac module rather than rebooting.

To work around this wait for the NEW_INTERFACE event and then retry the
setup.  We still do the initial attempt directly after NEW_WIPHY to
handle cases like wiphys with no default interfaces and pre-existing
wiphys.
2020-01-28 15:10:10 -06:00
Andrew Zaborowski
aec7c0f39c manager: Make sure all interface are processed after dump
In manager_interface_dump_done use l_queue_foreach_remove instead of
l_queue_remove_if to make sure we process all of the interfaces.
2020-01-27 15:00:23 -06:00
Andrew Zaborowski
b216e98974 Document P2P dbus interfaces
Proposed minimum P2P interfaces for establishing basic connections.  The
device discovery results in creation of Peer objects.
2020-01-27 14:55:09 -06:00
Denis Kenzior
bc076834b0 wired: Update to the new ell API 2020-01-27 14:30:42 -06:00
Denis Kenzior
03ccc454b7 knownneetworks: React to mtime updates
We track mtime as the 'LastConnectedTime' of the network, and also sort
the known network list according to the last connected time.
Unfortunately we were never reacting to ATTRIB changes, and so were
never updating the network_info->connected_time whenever a network was
connected to.

Rework the logic to address this.  This also fixes a small bug where the
connected_time was not set properly prior to removal / re-insertion of
the network_info.
2020-01-27 14:28:08 -06:00
Denis Kenzior
f2af2d004d client: Make variables extern
These arrays should have been declared extern in the first place.
Newer versions of gcc now complain about this:

/usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: client/dbus-proxy.o:(.bss+0x0): multiple definition of `properties_yes_no_opts'; client/adapter.o:(.bss+0x0): first defined here
/usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: client/dbus-proxy.o:(.bss+0x20): multiple definition of `properties_on_off_opts'; client/adapter.o:(.bss+0x20): first defined here
/usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: client/device.o:(.bss+0x20): multiple definition of `properties_on_off_opts'; client/adapter.o:(.bss+0x20): first defined here
/usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: client/device.o:(.bss+0x0): multiple definition of `properties_yes_no_opts'; client/adapter.o:(.bss+0x0): first defined here
/usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: client/known-networks.o:(.bss+0x0): multiple definition of `properties_yes_no_opts'; client/adapter.o:(.bss+0x0): first defined here
/usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: client/known-networks.o:(.bss+0x20): multiple definition of `properties_on_off_opts'; client/adapter.o:(.bss+0x20): first defined here
/usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: client/properties.o:(.data.rel.local+0x0): multiple definition of `properties_yes_no_opts'; client/adapter.o:(.bss+0x0): first defined here
/usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: client/properties.o:(.data.rel.local+0x20): multiple definition of `properties_on_off_opts'; client/adapter.o:
2020-01-27 09:47:40 -06:00
Denis Kenzior
98e1d38056 monitor: Fix crash
NLMSG_OK and NLMSG_NEXT expect to operate on nlmsg_len which is an int
(signed type).  The current code uses an unsigned type which means that
it cannot detect underflows.  Such underflows can happen when NLMSG_NEXT
tries to advance nlmsg_len by a number of bytes (due to alignment) which
are greater than the current nlmsg_len itself.  This causes iwmon to
crash on certain messages.

Reported-By: Daniel Wagner <wagi@monom.org>
2020-01-22 11:52:28 -06:00
Denis Kenzior
681172a999 storage: Add ability to preserve times
We use the mtime on the network profile as the 'Last Connected Time'.
When we update any property and sync the file to disk, the mtime was not
preserved (since we were creating a new temporary file instead of
modifying the old one).  This led to LastConnectedTime property change
being emitted / updated incorrectly when a writable property on the
KnownNetwork interface was updated.
2020-01-22 11:15:19 -06:00
Torstein Husebø
759dbdd37f treewide: fix typos 2020-01-21 16:03:28 -06:00
Denis Kenzior
2a7c4a9c3d doc: Fix wrong interface name
When we moved SignalLevelAgent from Device to Station we apparently
forgot to update this particular straggler.
2020-01-18 10:58:33 -06:00
Denis Kenzior
1bc3e56431 doc: Remove empty file 2020-01-18 10:54:08 -06:00
Denis Kenzior
b00d4f4ce6 wsc: Use macros to simplify reply code a bit 2020-01-17 12:50:23 -06:00
Denis Kenzior
30ec06edcc wsc: Remove stale comment
Known networks are now automatically updated through inotify mechanisms,
so this comment is no longer needed.
2020-01-17 12:50:23 -06:00