3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-28 03:42:34 +01:00
Commit Graph

1281 Commits

Author SHA1 Message Date
Denis Kenzior
1f3b120467 eap-peap: Add reset_state method 2018-06-07 19:43:25 -05:00
Denis Kenzior
6e242acddb eap-mschapv2: Implement reset_state 2018-06-07 17:10:59 -05:00
Denis Kenzior
ff7a581d36 eap: Don't destroy method on completion
Let the upper layers decide what to do when a method completes
2018-05-30 22:36:41 -05:00
Denis Kenzior
9bcb2b75ac eapol: On success, reset EAP state
Instead of destroying the EAP object, just reset its state in case the
EAP process completed successfully.  This allows EAP Reauthentication to
work.
2018-05-30 15:09:42 -05:00
Denis Kenzior
2722990e61 eap-pwd: Add .reset_state method 2018-05-30 15:04:20 -05:00
Denis Kenzior
5894051d6c eap: Introduce state reset
This is meant to reset the EAP state back to its original state without
affecting any state variables obtained through load_settings.  This can
be useful for EAP Reauthentication triggered by the AP.
2018-05-30 14:52:22 -05:00
Denis Kenzior
4c59569f0c scan: Move scan_get_security to common.c 2018-05-24 19:22:16 -05:00
Denis Kenzior
7c18e3cdfe iwd: Move network_init & network_exit to iwd.h 2018-05-24 19:22:12 -05:00
Denis Kenzior
e4ddf4cf19 ie: Add missing #include and forward declaration 2018-05-24 15:54:32 -05:00
Tim Kourt
c0daec7e8d scan: add wiphy into scan context
The added wiphy will later be used by the scan command
builder to identify the available features and get properties
2018-05-24 15:24:33 -05:00
Tim Kourt
8f17186666 scan: rename callback for the triggered scan 2018-05-24 15:24:33 -05:00
Denis Kenzior
3b4cc1bfe2 wiphy: Rename get_ext_feature API
to has_ext_feature
2018-05-24 15:24:16 -05:00
Tim Kourt
933eabb6ef wiphy: added accessor for the feature flags 2018-05-24 13:10:56 -05:00
Tim Kourt
367522fe8f netdev: added accessor for wiphy
Added an accessor to get wiphy associated with a network device
2018-05-24 13:07:00 -05:00
Denis Kenzior
e6adb36621 iwd.service: Use multi-user target 2018-05-22 11:28:02 -05:00
Denis Kenzior
2aba2f3ba9 main: Disable debug output by default
Instead use '-d' command line option.  This option uses an optional
argument.  Without an argument, '*' is assumed.  Otherwise you can
specify a glob string to match.  Any debug output that matches the glob
string will be printed.  e.g.:

src/iwd -d '*eap*'
2018-05-19 18:29:28 -05:00
James Prestwood
d54a8e56d3 netdev: print error if frame watch fails
The frame watch API had no callback, so if there was a failure
it would silently continue.
2018-05-18 12:54:40 -05:00
Denis Kenzior
6db257b937 eap: Dump unhandled EAP packets 2018-05-18 10:29:58 -05:00
Denis Kenzior
450ed03e21 eap: Fix crash
Some EAP servers might try to send us packets after the EAP connection
has been established.  When EAP succeeds we destroy the EAP object.  If
a new EAP request arrives we create a temporary EAP object to handle the
request (most likely to NAK it).  However, if the packet is not destined
to a particular method (e.g. it is a notification) the current logic can
result in a crash.

src/netdev.c:netdev_set_gtk() 3
==4300== Invalid read of size 8
==4300==    at 0x14204B: __eap_handle_request (eap.c:203)
==4300==    by 0x142339: eap_rx_packet (eap.c:287)
==4300==    by 0x12AEF9: eapol_rx_packet (eapol.c:1622)
==4300==    by 0x12BBBC: __eapol_rx_packet (eapol.c:2018)
==4300==    by 0x116D1E: netdev_pae_read (netdev.c:3121)
==4300==    by 0x16672B: io_callback (io.c:123)
==4300==    by 0x165239: l_main_iterate (main.c:376)
==4300==    by 0x16537D: l_main_run (main.c:423)
==4300==    by 0x10F95C: main (main.c:447)
==4300==  Address 0x30 is not stack'd, malloc'd or (recently) free'd
==4300==
2018-05-18 10:27:42 -05:00
Denis Kenzior
56eeaf7b7a eap: Fix invalid access
When the server sends an identity prompt or a notification, we were
trying to print from our local buffer, not from the actual packet.  The
relevant valgrind trace is:

src/netdev.c:netdev_mlme_notify() MLME notification 64
==4300== Conditional jump or move depends on uninitialised value(s)
==4300==    at 0x4C3006E: strnlen (vg_replace_strmem.c:425)
==4300==    by 0x508C513: vfprintf (vfprintf.c:1643)
==4300==    by 0x508EB75: buffered_vfprintf (vfprintf.c:2329)
==4300==    by 0x508C1A1: vfprintf (vfprintf.c:1301)
==4300==    by 0x167051: log_stderr (log.c:145)
==4300==    by 0x16756E: l_log_with_location (log.c:293)
==4300==    by 0x142173: __eap_handle_request (eap.c:235)
==4300==    by 0x142339: eap_rx_packet (eap.c:287)
==4300==    by 0x12AEF9: eapol_rx_packet (eapol.c:1622)
==4300==    by 0x12BBBC: __eapol_rx_packet (eapol.c:2018)
==4300==    by 0x116D1E: netdev_pae_read (netdev.c:3121)
==4300==    by 0x16672B: io_callback (io.c:123)
==4300==
EAP identity prompt: ""
2018-05-18 09:46:12 -05:00
John Zimmermann
3b4c1dd4d3 build: check for existence of execinfo.h
GLIBC is not necessarily the only library that provides execinfo.
With libexecinfo execinfo can be used also in other Libraries.
The patch lets the configure check the existence of the header
and the libexecinfo Library and uses them if avaible.

(also fixes compilation if execinfo is not avaible)
2018-05-17 17:42:28 -05:00
Tim Kourt
42c5d96219 network: load settings for the open networks
iwd was auto-connecting to the open networks despite having
Autoconnect=false flag set in the network configuration file.
This patch enables iwd to load the configuration files for the
open networks during the auto-connect attempt to take advantage
of the Autoconnect flag.
2018-05-10 12:47:40 -05:00
Tim Kourt
46abfc7813 wiphy: add support for MAX_NUM_SCAN_SSIDS 2018-05-08 19:17:40 -05:00
James Prestwood
2f0c37dae6 eap-pwd: use ecc byte conversion API's 2018-05-04 19:33:55 -05:00
James Prestwood
db690ebe73 ecc: added byte conversion functions
EAP-PWD was hard coded to only work on LE architectures. This
adds 2 conversion functions to go from network byte order (BE)
to any native architecture, and vise versa.
2018-05-04 19:33:55 -05:00
James Prestwood
71902e2291 eap-pwd: fix 32 bit build warnings from debug prints
Printing size_t as %lu works on 64 bit architectures but shows a
compile warning on 32 bit. The %zu modifier fixes this.
2018-05-04 12:48:02 -05:00
James Prestwood
322f32295d eap-pwd: fixup some minor bounds checking issues 2018-05-03 14:46:29 -05:00
Denis Kenzior
6a28cd5527 main: Check and print missing kernel options 2018-05-03 14:45:26 -05:00
Denis Kenzior
bfe4fcffd3 eap-mschapv2: Check for MD4 support 2018-05-03 14:45:00 -05:00
Denis Kenzior
a65e5e0800 eap-pwd: Don't leak on failure 2018-05-03 12:57:23 -05:00
Denis Kenzior
5cf358cd4f eap-pwd: Fixup minor style issues 2018-05-03 12:55:45 -05:00
James Prestwood
d10369cf60 eap-pwd: core EAP-PWD code 2018-05-03 10:50:30 -05:00
James Prestwood
fdee72dffc ecc: added ecc implementation for EAP-PWD
The file, src/ecc.c was taken from the bluez project:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/src/shared/ecc.c

There were minor changes made, e.g. changing some functions to globals
for access in EAP-PWD as well as removing some unneeded code. There was
also some code appended which allows for point addition, modulus inverse
as well as a function to compute a Y value given an X.
2018-05-03 10:27:53 -05:00
Denis Kenzior
b8c80060d3 wiphy: Update ext_features size 2018-05-01 20:46:06 -05:00
Denis Kenzior
92cf0446a1 netdev: Print handshake failure reason code 2018-05-01 20:46:06 -05:00
Denis Kenzior
9e8850c423 ap: Use EAPoL over NL80211 if available 2018-05-01 20:46:06 -05:00
Denis Kenzior
5d0f1bbb31 netdev: Handle Control Port TX path 2018-05-01 20:46:06 -05:00
Denis Kenzior
b5d48da4c7 netdev: Open PAE transport if needed
If Control Port over NL80211 is not supported, open up a PAE socket and
stuff it into an l_io on the netdev object.  Install a read handler on
the l_io and call __eapol_rx_packet as needed.
2018-05-01 20:46:03 -05:00
Denis Kenzior
ebc4e2cdf0 netdev: React to CONTROL_PORT unicast 2018-05-01 20:46:01 -05:00
Denis Kenzior
c31cf5d383 eapol: Fully separate eapol transport details
With the introduction of Control Port Over NL80211 feature, the
transport details need to be moved out of eapol and into netdev.c.
Whether a given WiFi hardware supports transfer of Control Port packets
over NL80211 is Wiphy and kernel version related, so the transport
decisions need to be made elsewhere.
2018-05-01 11:14:04 -05:00
Andrew Zaborowski
008965882d eap-mschapv2: Fix string start calculation 2018-04-30 10:47:31 -05:00
Andrew Zaborowski
b1d4db7cc8 eap: Return specific error when check_settings fails
Change the check_settings eap functions to return a negative errno and
return more granular Dbus error from the Connect method.
2018-04-30 10:45:28 -05:00
James Prestwood
071ef356db eap: add EAP-PWD method type 2018-04-27 11:14:30 -05:00
Andrew Zaborowski
56d3d40f30 eap: Wipe passphrase memory in TLS, TTLS, EAP
Wipe the passphrase memory in more places before freeing.
2018-04-26 11:27:22 -05:00
Andrew Zaborowski
6dc5d2c3ec eap-mschapv2: Load credentials obtained from agent
If needed load the username and password obtained from the agent and
received in the settings object.
2018-04-26 11:23:29 -05:00
Andrew Zaborowski
cb775819b8 network: Pass secrets to EAP methods
On connect add any secrets we've received through the agent to the
l_settings objects which the EAP methods will process in load_settings.
The settings object is modified but is never written to storage.  If
this was to change because some settings need to be saved to storage,
a new l_settings object might be needed with the union of the settings
from the file and the secrets so as to avoid saving the sensitive data.
2018-04-26 11:23:29 -05:00
James Prestwood
d1a13036d2 eap: fix EAP-SIM/AKA/AKA' after settings change
These EAP methods do not store the identity inside the settings file
since it is obtained from the SIM card, then provided to IWD via
get_identity method. If the get_identity method is implemented, do
not fail the settings check when EAP-Identity is missing.
2018-04-20 14:36:52 -05:00
Andrew Zaborowski
2382dc7ffa network: Validate 8021x settings and request passwords
Use eap_check_settings directly from network.c before we start the
connection attempt at netdev.c level, to obtain all of the required
passwords/passphrases through the agent.  This is in network.c because
here we can decide the policies for whether to call the agent in
autoconnect or only if we had a request from the user, also whether we
want to save any of that for later re-use (either password data or
kernel-side key serial), etc.

In this patch we save the credentials for the lifetime of the network
object in memory, and we skip the network if it requires any passphrases
we don't have while in autoconnect, same as with PSK networks where the
PSK isn't given in the settings.  Note that NetworkManager does pop up
the password window for PSK or EAP passwords even in autoconnect.

If EAP needs multiple passwords we will call the agent sequentially for
each.
2018-04-19 14:05:20 -05:00
Andrew Zaborowski
7541b595f9 eap-peap: Implement .check_settings
Confirm that the PEM file paths that we'll be passing to the l_tls
object are loading Ok and request/validate the private key passphrase
if needed.  Then also call eap_check_settings to validate the inner
method's settings.
2018-04-19 13:23:03 -05:00
Andrew Zaborowski
86aa4e8af1 eap-gtc: Implement .check_settings
Only do the same validation that .load_settings would do for GTC.
2018-04-19 13:14:37 -05:00