3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-18 10:19:24 +01:00
Commit Graph

7242 Commits

Author SHA1 Message Date
James Prestwood
11914431bc netdev: zero out diagnostic info
The info struct is on the stack which leads to the potential
for uninitialized data access. Zero out the info struct prior
to calling the get station callback:

==141137== Conditional jump or move depends on uninitialised value(s)
==141137==    at 0x458A6F: diagnostic_info_to_dict (diagnostic.c:109)
==141137==    by 0x41200B: station_get_diagnostic_cb (station.c:3620)
==141137==    by 0x405BE1: netdev_get_station_cb (netdev.c:4783)
==141137==    by 0x4722F9: process_unicast (genl.c:994)
==141137==    by 0x4722F9: received_data (genl.c:1102)
==141137==    by 0x46F28B: io_callback (io.c:120)
==141137==    by 0x46E5AC: l_main_iterate (main.c:478)
==141137==    by 0x46E65B: l_main_run (main.c:525)
==141137==    by 0x46E65B: l_main_run (main.c:507)
==141137==    by 0x46E86B: l_main_run_with_signal (main.c:647)
==141137==    by 0x403EA8: main (main.c:490)
2021-04-28 11:24:13 -05:00
Denis Kenzior
8cb61f9aae diagnostic: Fix crash with Open networks
It isn't safe to return a NULL from diagnostic_akm_suite_to_security()
since the value is used directly.  Also, if the AKM suite is 0, this
implies that the network is an Open network and not some unknown AKM.

==17982== Invalid read of size 1
==17982==    at 0x483BC92: strlen (vg_replace_strmem.c:459)
==17982==    by 0x47DE60: _dbus1_builder_append_basic (dbus-util.c:981)
==17982==    by 0x41ACB2: dbus_append_dict_basic (dbus.c:197)
==17982==    by 0x412050: station_get_diagnostic_cb (station.c:3614)
==17982==    by 0x405B19: netdev_get_station_cb (netdev.c:4801)
==17982==    by 0x47436E: process_unicast (genl.c:994)
==17982==    by 0x47436E: received_data (genl.c:1102)
==17982==    by 0x470FBB: io_callback (io.c:120)
==17982==    by 0x4701DC: l_main_iterate (main.c:478)
==17982==    by 0x4702AB: l_main_run (main.c:525)
==17982==    by 0x4702AB: l_main_run (main.c:507)
==17982==    by 0x4704BB: l_main_run_with_signal (main.c:647)
==17982==    by 0x403EDB: main (main.c:490)
==17982==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==17982==
Aborting (signal 11) [/home/denkenz/iwd/src/iwd]
++++++++ backtrace ++++++++
0  0x488a550 in /lib64/libc.so.6
1  0x483bc92 in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so
2  0x47de61 in _dbus1_builder_append_basic() at ell/dbus-util.c:983
3  0x41acb3 in dbus_append_dict_basic() at src/dbus.c:197
4  0x412051 in station_get_diagnostic_cb() at src/station.c:3618
5  0x405b1a in netdev_get_station_cb() at src/netdev.c:4801
2021-04-28 11:19:38 -05:00
Denis Kenzior
1c9a736ed5 netconfig: Cancel outstanding rtnl commands
It is possible for the RTNL command callback to come after
netconfig_reset or netconfig_destroy has been called.  Make sure that
any outstanding commands that might access the netconfig object are
canceled.

src/netconfig.c:netconfig_ipv4_dhcp_event_handler() DHCPv4 event 0
src/netconfig.c:netconfig_ifaddr_added() wlan0: ifaddr 192.168.1.55/24 broadcast 192.168.1.255
^CTerminate
src/netdev.c:netdev_free() Freeing netdev wlan0[15]
src/device.c:device_free()
src/station.c:station_free()
src/netconfig.c:netconfig_destroy()
src/netconfig.c:netconfig_reset()
src/netconfig.c:netconfig_reset_v4() 16
src/netconfig.c:netconfig_reset_v4() Stopping client
Removing scan context for wdev c
src/scan.c:scan_context_free() sc: 0x4a3cc10
==12792== Invalid read of size 8
==12792==    at 0x43BF5A: netconfig_route_add_cmd_cb (netconfig.c:600)
==12792==    by 0x4727FA: process_message (netlink.c:181)
==12792==    by 0x4727FA: can_read_data (netlink.c:289)
==12792==    by 0x470F4B: io_callback (io.c:120)
==12792==    by 0x47016C: l_main_iterate (main.c:478)
==12792==    by 0x47023B: l_main_run (main.c:525)
==12792==    by 0x47023B: l_main_run (main.c:507)
==12792==    by 0x47044B: l_main_run_with_signal (main.c:647)
==12792==    by 0x403EDB: main (main.c:490)
2021-04-28 11:19:34 -05:00
Denis Kenzior
e5550ed58f netdev: Detect netdev going down early
In case the netdev is brought down while we're trying to connect, try to
detect this and fail early instead of trying to send additional
commands.

src/station.c:station_enter_state() Old State: disconnected, new state: connecting
src/station.c:station_netdev_event() Associating
src/netdev.c:netdev_mlme_notify() MLME notification Connect(46)
src/netdev.c:netdev_connect_event()
src/netdev.c:netdev_link_notify() event 16 on ifindex 4
src/eapol.c:eapol_handle_ptk_1_of_4() ifindex=4
src/netdev.c:netdev_link_notify() event 16 on ifindex 4
src/eapol.c:eapol_handle_ptk_3_of_4() ifindex=4
src/netdev.c:netdev_set_gtk() 4
src/station.c:station_handshake_event() Setting keys
src/netdev.c:netdev_set_tk() 4
src/netdev.c:netdev_set_rekey_offload() 4
New Key for Group Key failed for ifindex: 4:Network is down
src/netdev.c:netdev_link_notify() event 16 on ifindex 4
src/station.c:station_free()
src/netdev.c:netdev_mlme_notify() MLME notification Disconnect(48)
src/netdev.c:netdev_disconnect_event()
src/wiphy.c:wiphy_reg_notify() Notification of command Reg Change(36)
src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for (global) is XX
src/netdev.c:netdev_link_notify() event 16 on ifindex 4
src/wiphy.c:wiphy_reg_notify() Notification of command Reg Change(36)
src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for (global) is DE
src/wiphy.c:wiphy_radio_work_done() Work item 14 done
src/station.c:station_connect_cb() 4, result: 4
Segmentation fault
2021-04-27 17:33:37 -05:00
Denis Kenzior
775f4643b5 netdev: Move disconnect_cmd_id reset
This operation logically belongs in the callback, not a common operation
that is also invoked from event handlers.
2021-04-27 16:16:09 -05:00
James Prestwood
9d9c516596 wiphy: add fils_hint to wiphy_can_connect
A prior commit refactored the AKM selection in wiphy.c. This
ended up breaking FILS tests due to the hard coding of a
false fils_hint in wiphy_select_akm. Since our FILS tests
only advertise FILS AKMs wiphy_can_connect would return false
for these networks.

Similar to wiphy_select_akm, add a fils hint parameter to
wiphy_can_connect and pass that down directly to wiphy_select_akm.
2021-04-27 14:48:23 -05:00
James Prestwood
bba47527d3 station: update to use network_has_erp_identity 2021-04-27 14:48:09 -05:00
James Prestwood
936542fa79 network: copy station_has_erp_identity
This API is internal to station, but acts only on the network
object so it is being moved into network.c and exposed.
2021-04-27 14:47:16 -05:00
Denis Kenzior
1fe5070666 netdev: Work around CMD_CONNECT behavior on mwifiex 2021-04-27 14:00:24 -05:00
Denis Kenzior
337f5e062e netdev: Return -ENOTCONN in netdev_get_current_station 2021-04-27 10:22:46 -05:00
Denis Kenzior
654154e721 network: ensure passphrase is valid when psk is set
If PreSharedKey is set, the current logic does not validate the
Passphrase beyond its existence.  This can lead to strange situations
where an invalid WPA3-PSK passphrase might get used.  This can of course
only happen if the user (as root) or NetworkManager-iwd-backend writes
such a file incorrectly.
2021-04-27 09:34:22 -05:00
Andrew Zaborowski
8d58f5b679 wscutil: Move DeviceType parsing from p2p & eap-wsc to a function
Move the WSC Primary Device Type parsing from p2p.c and eap-wsc.c to a
common function in wscutil.c supporting both formats so that it can be
used in ap.c too.
2021-04-26 10:48:03 -05:00
Andrew Zaborowski
0ad463742b p2p,netdev: Fix event name typo in comments
Fix the spelling of NETDEV_RESULT_KEY_SETTING_FAILED in two comments.
2021-04-26 10:47:59 -05:00
Denis Kenzior
4a1dafb907 station: Move AP directed roam watch to station
Logically this frame watch belongs in station.  It was kept in device.c
for the purported reason that the station object was removed with
ifdown/ifup changes and hence the frame watch might need to be removed
and re-added unnecessarily.  Since the kernel does not actually allow to
unregister a frame watch (only when the netdev is removed or its iftype
changes), re-adding a frame watch might trigger a -EALREADY or similar
error.

Avoid this by registering the frame watch when a new netdev is detected
in STATION mode, or when the interface type changes to STATION.
2021-04-23 09:51:46 -05:00
Denis Kenzior
a83bb33ea5 rrm: React to IFTYPE_CHANGE events
If a netdev iftype is changed, all frame registrations are removed.
Make sure to re-register for the appropriate frame notifications in case
our iftype is switched back to 'station'.  In any other iftype, no frame
watches are registered and rrm_state object is effectively dormant.
2021-04-23 09:51:46 -05:00
Denis Kenzior
5e0069e146 rrm: Always create RRM state
Right now, RRM is created when a new netdev is detected and its iftype
is of type station.  That means that any devices that start their life
as any other iftype cannot be changed to a station and have RRM function
properly.  Fix that by always creating the RRM state regardless of the
initial iftype.
2021-04-23 09:51:46 -05:00
Denis Kenzior
23249c85c7 netdev: Add new iftype change event 2021-04-23 09:51:46 -05:00
Denis Kenzior
0611632d7b rrm: Track that station is removed
In the case that a netdev is powered down, or an interface type change
occurs, the station object will be removed and any watches will be
freed.

Since rrm is created when the netdev is created and persists across
iftype and power up/down changes, it should provide a destroy callback
to station_add_state_watch so that it can be notified when the watch is
removed.
2021-04-23 09:51:46 -05:00
Denis Kenzior
4fa2ce2cbe netdev: Re-add frame watches on iftype change
If the iftype changes, kernel silently wipes out any frame registrations
we may have registered.  Right now, frame registrations are only done when
the interface is created.  This can result in frame watches not being
added if the interface type is changed between station mode to ap mode
and then back to station mode, e.g.:

device wlan0 set-property Mode ap
device wlan0 set-property Mode station

Make sure to re-add frame registrations according to the mode if the
interface type is changed.
2021-04-23 09:51:46 -05:00
Denis Kenzior
b8ef64f6e3 frame-xchg: iftype changes to be managed by netdev
Since netdev now keeps track of iftype changes, let it call
frame_watch_wdev_remove on netdevs that it manages to clear frame
registrations that should be cleared due to an iftype change.

Note that P2P_DEVICE wdevs are not managed by any netdev object, but
since their iftype cannot be changed, they should not be affected
by this change.
2021-04-23 09:51:46 -05:00
Denis Kenzior
7a2719f314 netdev: Track SET_INTERFACE events
And set the interface type based on the event rather than the command
callback.  This allows us to track interface type changes even if they
come from outside iwd (which shouldn't happen.)
2021-04-23 09:51:46 -05:00
James Prestwood
d42549e46d netdev: move prepare_ft call which broke FT
The prepare_ft patch was an intermediate to a full patch
set and was not fully tested stand alone. Its placement
actually broke FT due to handshake->aa getting overwritten
prior to netdev->prev_bssid being copied out. This caused
FT to fail with "transport endpoint not connected (-107)"
2021-04-22 13:25:23 -05:00
James Prestwood
f98ddf2201 netdev: print error number on CMD_FRAME failure 2021-04-22 13:25:23 -05:00
James Prestwood
cb6faed69a auto-t: properly print wait_for_object_change exception 2021-04-22 13:25:23 -05:00
James Prestwood
1f4d73ab73 auto-t: add more cleanup to ofono based tests (again)
The AuthCenter was still not being fully cleaned up in these
tests. It was being stopped but there was still a reference being
held which prevented __del__ from being called.
2021-04-22 13:25:23 -05:00
James Prestwood
8aac527e29 test-runner: fix process output truncation
There was a bug with process output where the last bit of data would
never make it into stdout or log files. This was due to the IO watch
being cleaned up when the process was killed and never allowing it
to finish writing any pending data.

Now the IO watch implementation has been moved out into its own
function (io_process) which is now used to write the final bits of
data out on process exit.
2021-04-22 13:25:23 -05:00
James Prestwood
d11974c717 test-runner: add timeout for waiting for process to finish
If a process hangs on exit test-runner would sit indefinitely
waiting.
2021-04-22 13:25:23 -05:00
James Prestwood
709c86086f test-runner: fix process cleanup loop
The processes in the list ultimately get removed for each
kill() call. This causes strange behavior since the list is
being iterated and each iteration is removing items. Instead
iterate over a new temporary list so the actual process list
can be cleaned up.
2021-04-22 13:25:23 -05:00
James Prestwood
d4e27b8ee2 auto-t: move AuthCenter to Setup/Tear down
By moving the AuthCenter initializer to SetUpClass we can now
call stop() in TearDownClass which handles any exception the
test might throw.
2021-04-21 13:55:35 -05:00
Denis Kenzior
45dd5d2f7c frame-xchg: Make debugs a bit more useful
- Make sure to print the cookie information
- Don't print messages for frames we're not interested in.  This is
  particularly helpful when running auto-tests since frame acks from
  hostapd pollute the iwd log.
2021-04-21 11:03:55 -05:00
James Prestwood
1b0f24a283 auto-t: include ssidTKIP.psk in Netconfig test
This file was not included when testNetconfig was introduced
and is required. My system was working fine as it was in my
local tree but has been missing and not passing for others.
2021-04-21 10:44:12 -05:00
Denis Kenzior
38a7c4a8dc test-runner: Don't bother enabling IWD_GENL_DEBUG
IWD_GENL_DEBUG is not generally useful anymore as it just prints a
hexdump of the raw data on the socket.  The messages are quite verbose
and spam test-runner logs for little utility.
2021-04-20 10:48:50 -05:00
Denis Kenzior
ea324a7959 netdev: Fix connections to open networks
Fix a regression where connection to an open network results in an
NotSupported error being returned.

Fixes: d79e883e93 ("netdev: Introduce connection types")
2021-04-20 10:45:25 -05:00
Denis Kenzior
61d0abe910 netdev: Move iftype_to_string utility
Move and rename this utility into netdev_iftype_to_string away from
dbus.c.  This also allows us to drop including nl80211.h in dbus.c
2021-04-20 09:37:48 -05:00
Denis Kenzior
6096d8895d netdev: Mirror nl80211.h iftype enum values
This makes conversions simpler.  Also fixes a bug where P2P devices were
printed with an incorrect Mode value since dbus_iftype_to_string was
assuming that an iftype as defined in nl80211.h was being passed in,
while netdev was returning an enum value defined in netdev.h.
2021-04-20 09:37:48 -05:00
Denis Kenzior
89b3d34dd3 ie: Fix IE_AKM_IS_FILS macro
Fixes: e30345d699 ("ie: Add IE_AKM_IS_FILS macro")
2021-04-20 09:37:48 -05:00
Denis Kenzior
d3eef8b56a netdev: Move netdev finding to a common function 2021-04-16 14:47:48 -05:00
James Prestwood
9bbe14e7a3 netdev: factor out FT handshake preparation
This isolates the handshake/nhs preparation for
FT into its own function to be used by both
FT-over-Air and FT-over-DS after refactoring.
2021-04-16 11:32:55 -05:00
James Prestwood
726a12461f ft: separate ft_sm from ft_process_ies
To prepare for some refactoring remove the ft_sm dependency
from ft_process_ies and instead only make it depend on the
handshake_state object.
2021-04-16 11:13:46 -05:00
James Prestwood
b276e3f590 ap: remove rates requirement for fmac cards
It was seen that some full mac cards/drivers do not include any
rate information with the NEW_STATION event. This was causing
the NEW_STATION event to be ignored, preventing AP mode from
working on these cards.

Since the full mac path does not even require sta->rates the
parsing can be removed completely.
2021-04-12 14:15:18 -05:00
James Prestwood
d04ab5ad96 agent: call back even if agent disconnects
It was found that if the user cancels/disconnects the agent prior to
entering credentials, IWD would get stuck and could no longer accept
any connect calls with the error "Operation already in progress".
For example exiting iwctl in the Password prompt would cause this:

iwctl
$ station wlan0 connect myssid
$ Password: <Ctrl-C>

This was due to the agent never calling the network callback in the
case of an agent disconnect. Network would wait indefinitely for the
credentials, and disallow any future connect attempts.

To fix this agent_finalize_pending can be called in agent_disconnect
with a NULL reply which behaves the same as if there was an
internal timeout and ultimately allows network to fail the connection
2021-04-09 11:36:08 -05:00
James Prestwood
379ec4b952 netdev: implement netdev_set_pmk
The 8021x offloading procedure still does EAP in userspace which
negotiates the PMK. The kernel then expects to obtain this PMK
from userspace by calling SET_PMK. This then allows the firmware
to begin the 4-way handshake.

Using __eapol_install_set_pmk_func to install netdev_set_pmk,
netdev now gets called into once EAP finishes and can begin
the final userspace actions prior to the firmware starting
the 4-way handshake:

 - SET_PMK using PMK negotiated with EAP
 - Emit SETTING_KEYS event
 - netdev_connect_ok

One thing to note is that the kernel provides no way of knowing if
the 4-way handshake completed. Assuming SET_PMK/SET_STATION come
back with no errors, IWD assumes the PMK was valid. If not, or
due to some other issue in the 4-way, the kernel will send a
disconnect.
2021-04-09 11:33:20 -05:00
James Prestwood
026ec40e1c netdev: add CONNECTION_TYPE_8021X_OFFLOAD
This adds a new type for 8021x offload as well as support in
building CMD_CONNECT.

As described in the comment, 8021x offloading is not particularly
similar to PSK as far as the code flow in IWD is concerned. There
still needs to be an eapol_sm due to EAP being done in userspace.
This throws somewhat of a wrench into our 'is_offload' cases. And
as such this connection type is handled specially.
2021-04-09 11:32:34 -05:00
James Prestwood
93b49a72ac eapol: add PMK installer support
802.1x offloading needs a way to call SET_PMK after EAP finishes.
In the same manner as set_tk/gtk/igtk a new 'install_pmk' function
was added which eapol can call into after EAP completes.
2021-04-09 11:32:21 -05:00
Denis Kenzior
3284ed4e8e eapol: Work around an apparent GCC 8.3 bug
With GCC 8.3 on Rasberry Pi, iwd sends invalid EAPoL 1_of_4 packets:

< PAE: len 99                                                          8.785095
    Interface Index: 27
    EAPoL: len 99
        Protocol Version: 2 (802.1X-2004)
        Type: 3 (Key)
        Length: 95
        Checking mic len 16
        Frame len 99
        key data len 22
        Checking mic len 24
        Frame len 107
        Bad MIC len, malformed packet?
        02 03 00 5f 02 00 8a 00 10 00 00 00 00 00 00 00  ..._............
        02 94 40 a3 da c3 2b aa b7 a6 a5 5f 25 0a ae 74  ..@...+...._%..t
        b0 8d e2 62 9c 90 c9 e9 fd a5 33 1b e1 b4 9b 81  ...b......3.....
        42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  B...............
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        00 00 16

The trouble seems to be that eapol_key_data_append() correctly sets the
key_data_length field (the last 2 bytes of the message), but the actual
packet_length is not being set properly.

Dropping to O0 optimization level results in GCC correctly computing
the packet length.
2021-04-07 16:47:40 -05:00
James Prestwood
5b4a7fc377 unit: remove timeout tests from test-sae
The timeout functionality was removed from the core SAE
implementation as it causes issues with kernel behavior.
Because of this the timeout tests are no longer valid,
nor is a few asserts in the end-to-end test.
2021-04-06 15:03:35 -05:00
James Prestwood
6c9f72380d netdev: use l_idle_create for disconnect idle
The chances were extremely low, but using l_idle_oneshot
could end up causing a invalid memory access if the netdev
went down while waiting for the disconnect idle callback.

Instead netdev can keep track of the idle with l_idle_create
and remove it if the netdev goes down prior to the idle callback.
2021-04-06 12:32:30 -05:00
James Prestwood
51fc2453ba netdev: fix spelling error 2021-04-05 17:49:36 -05:00
James Prestwood
01acadbeb9 auto-t: add auth/assoc timeouts to testOWE 2021-04-05 17:47:42 -05:00
James Prestwood
b8da948caf auto-t: add timeout test to SAE
This tests the timeout handling in SAE for both authenticate
and associate frames.
2021-04-05 17:47:42 -05:00