3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-14 16:09:24 +01:00
Commit Graph

4229 Commits

Author SHA1 Message Date
Denis Kenzior
996a6d2546 netdev/device: Combine watches
There was somewhat overlapping functionality in the device_watch
infrastructure as well as the netdev_event_watch.  This commit combines
the two into a single watch based on the netdev object and cleans up the
various interface additions / removals.

With this commit the interfaces are created when the netdev/device is
switched to Powered=True state AND when the netdev iftype is also in the
correct state for that interface.  If the device is brought down, then
all interfaces except the .Device interface are removed.

This will make it easy to implement Device.Mode property properly since
most nl80211 devices need to be brought into Powered=False state prior
to switching the iftype.
2018-08-18 00:38:56 -05:00
Denis Kenzior
da52bcd109 netdev: Rework netdev_init/exit 2018-08-17 23:47:20 -05:00
Denis Kenzior
b3e937e11a main: Rework initialization order
Group together all the configuration settings / reading code together
for more readability.

Initialize eap, eapol and rfkill before device
2018-08-17 23:35:09 -05:00
Denis Kenzior
c5b19dc747 main: Don't call wsc_exit twice 2018-08-17 16:45:05 -05:00
Denis Kenzior
28916dc5ca netdev: Add netdev_get_device 2018-08-17 14:59:01 -05:00
Denis Kenzior
3788156f39 netdev: Don't use device_get_ifindex in join_adhoc
This is pointless as the ifindex is already available on the netdev
object.
2018-08-17 14:42:07 -05:00
Denis Kenzior
3c28c5c24c netdev: Don't crash on operstate callbacks
The way that netdev_set_linkmode_and_operstate was used resulted in
potential crashes when the netdev was destroyed.  This is because netdev
was given as data to l_netlink_send and could be destroyed between the
time of the call and the callback.  Since the result of calls to
netdev_set_linkmode_and_operstate is inconsequential, it isn't really
worthwhile tracking these calls in order to cancel them.

This patch simplies the handling of these rtnl calls, makes sure that
netdev isn't passed as user data and rewrites the
netdev_set_linkmode_and_operstate signature to be more consistent with
rtnl_set_powered.
2018-08-17 14:10:13 -05:00
Denis Kenzior
ec437661b8 netdev: Don't set userdata for getlink 2018-08-17 14:10:13 -05:00
Denis Kenzior
015e8625bf netdev: Make sure set_powered calls are cancelable
Since all netdevs share the rtnl l_netlink object, it was possible for
netdevs to be destroyed with outstanding commands still executing on the
rtnl object.  This can lead to crashes and other nasty situations.

This patch makes sure that Powered requests are always tracked via
set_powered_cmd_id and the request is canceled when netdev is destroyed.
This also implies that netdev_set_powered can now return an -EBUSY error
in case a request is already outstanding.
2018-08-17 14:10:13 -05:00
Denis Kenzior
c530667ed1 device: Send .Aborted error if property set fails
If a property setting is canceled before the callback is generated, then
generate an .Aborted error the the method return
2018-08-17 14:10:13 -05:00
Denis Kenzior
3a9b1f2e38 device: Return an error if netdev_set_powered fails
netdev_set_powered could in theory return an error.  So handle this
case by returning an error from the property set call.
2018-08-17 14:10:13 -05:00
Marcel Holtmann
eab0731cb1 gitignore: Add unit/test-sae 2018-08-16 11:00:24 +02:00
Denis Kenzior
0453308134 doc: Split Device into Device & Station apis 2018-08-15 16:54:14 -05:00
James Prestwood
41d35e561a unit: fix buffer overrun in SAE test 2018-08-15 15:54:18 -05:00
James Prestwood
26246e75c8 unit: tests for SAE 2018-08-15 13:26:58 -05:00
James Prestwood
b9fac0fd14 sae: fix sae to not hard code peer address
SAE is meant to work in a peer-to-peer fashion where neither side acts
as a dedicated authenticator or supplicant. This was not the case with
the current code. The handshake state authenticator address was hard
coded as the destination address for all packets, which will not work
when mesh comes into play. This also made unit testing the full SAE
procedure with two sae_sm's impossible.

This patch adds a peer address element to sae_sm which is filled with
either aa/spa based on the value of handshake->authenticator
2018-08-15 13:26:45 -05:00
James Prestwood
986f66a3c6 eapol: removed authenticator bit and auth register
This removes the authenticator bit in eapol_sm as well as unifies
eapol_register_authenticator and eapol_register. Taking advantage
of the handshake state authenticator bit we no longer have a need
for 2 separate register functions.

ap, and adhoc were also updated to set the authenticator bit in
the handshake and only use eapol_register to register their sm's.

netdev was updated to use the authenticator bit when choosing the
correct key address for adhoc.
2018-08-15 12:40:38 -05:00
James Prestwood
2036d36313 handshake: introduce authenticator bit
Both SAE and adhoc can benefit from knowing whether the handshake state
is an authenticator or a supplicant. It will allow both to easily
obtain the remote address rather than sorting out if aa/spa match the
devices own address.
2018-08-15 12:40:35 -05:00
Denis Kenzior
1f512ff85c device: Move device_init/device_exit to iwd.h 2018-08-14 14:57:19 -05:00
Denis Kenzior
47beec30f9 network: Implement Network.KnownNetwork property 2018-08-14 14:57:16 -05:00
Denis Kenzior
1c27aa5f1d knownnetworks: move known_networks_init/exit to iwd.h 2018-08-14 13:36:48 -05:00
Denis Kenzior
e6b3691c9e knownnetworks: Expose known_network_get_path
So that it can be used to implement Network.KnownNetwork property
2018-08-14 13:35:23 -05:00
Denis Kenzior
fb20c3a003 doc: Mark Network.Type property as readonly 2018-08-14 13:29:20 -05:00
Denis Kenzior
be821a80d8 doc: Add Network.KnownNetwork property 2018-08-14 13:29:08 -05:00
James Prestwood
dd1885de11 sae: remove double sc increment
The send confirm counter is incremented before calling sae_send_confirm
in all cases, but the function itself was also incrementing sc after
sending the packet. This isn't critical to the successful execution of
SAE as the AP just uses the sc value in the packet but it did violate
the 802.11 spec.
2018-08-14 13:13:50 -05:00
Denis Kenzior
d8882a75e5 auto-t: Make sure to disable autoconnect 2018-08-14 13:11:44 -05:00
Denis Kenzior
0c2b9f15c4 TODO: Add OWE task 2018-08-14 11:27:39 -05:00
Denis Kenzior
35e5c79f52 TODO: Add DPP task 2018-08-14 11:22:19 -05:00
Denis Kenzior
82ae6c27c1 TODO: Add CRIT_PROTO task 2018-08-14 10:37:56 -05:00
James Prestwood
57fedfba46 auto-t: added test for SAE 2018-08-14 10:37:56 -05:00
James Prestwood
fd8671e9c5 netdev: added sae functionality to netdev
In order to plug SAE into the existing connect mechanism the actual
CMD_CONNECT message is never sent, rather sae_register takes care
of sending out CMD_AUTHENTICATE. This required some shuffling of
code in order to handle both eapol and sae. In the case of non-SAE
authentication everything behaves as it did before. When using SAE
an sae_sm is created when a connection is attempted but the eapol_sm
is not. After SAE succeeds it will start association and then create
the eapol_sm and start the 4-way handshake.

This change also adds the handshake SAE events to device and
initializes SAE in main.
2018-08-14 10:37:52 -05:00
James Prestwood
220fb61128 sae: implementation
SAE (Simultaneous Authentication of Equals) takes place during
authentication, and followed by EAPoL/4-way handshake. This
module handles the entire SAE commit/confirm exchange. This was
done similar to eapol.

SAE begins when sae_register is called. At this point a commit
message will be created and sent out which kicks off the SAE
authentication procedure.

The commit/confirm exchange is very similar to EAP-PWD, so all
the ecc utility functions could be re-used as-is. A few new ecc
utility functions were added to conform to the 80211 'blinding'
technique for computing the password element.
2018-08-13 20:40:59 -05:00
James Prestwood
920b307431 network: require Passphrase on psk files
For an SAE network, the raw passphrase is required. For this reason,
known network psk files should now always contain a 'Passphrase' entry.

If a psk file is found without a Passphrase entry the agent will be asked
for the Passphrase before connecting. This will update the legacy psk
file with the Passphrase entry.
2018-08-13 20:40:59 -05:00
Denis Kenzior
fac55f6891 auto-t: Rename SignalLevelChanged to Changed 2018-08-13 20:40:59 -05:00
Denis Kenzior
70acf2dcb4 device: rename SignalLevelChanged to Changed 2018-08-13 20:40:59 -05:00
Denis Kenzior
70a3101319 doc: Rename SignalLevelChanged to Changed 2018-08-13 20:40:59 -05:00
James Prestwood
9ff0e8f6ef auto-t: fixed typo in autoconnect test 2018-08-13 11:09:27 -05:00
James Prestwood
a1a85b0135 auto-t: fixed TLS/TTLS autotests
These test were failing due to autoconnect taking over before
the explicit connect call. This adds Autoconnect=False to all
TLS/TTLS tests.
2018-08-10 15:43:45 -05:00
Denis Kenzior
db378dd2e8 unit: Fix compilation warning
Some compilers complained that:

../unit/test-ecc.c: In function ‘run_test’:
../unit/test-ecc.c:295:38: warning: ‘lres’ may be used uninitialized in
	this function [-Wmaybe-uninitialized]

assert(data->lres == lres);
                     ^
2018-08-10 14:46:03 -05:00
Denis Kenzior
51c6d2d391 storage: use rename instead of unlink, link, unlink 2018-08-10 14:42:33 -05:00
Marcel Holtmann
e56656521d Release 0.6 2018-08-10 21:33:53 +02:00
Denis Kenzior
cbc149c7ed knownnetworks: Avoid unnecessary known object removal
Due to the quirk in how storage_network_sync implements file writing,
iwd was generating unnecessary KnownNetwork removal events (and
preventing certain test cases from passing successfully)

storage_network_sync tries to perform atomic writes by writing to a
temporary storage location first, unlinking the existing file and
renaming the tmp file as the original.

This generates a set of inotify events which confuses the current
implementation.
2018-08-10 12:17:40 -05:00
Denis Kenzior
c38b77d0c0 network: Fix syncing the PSK on 1st connection
The previous change did not consider the case of the PSK being written
for the very first time.  In this case storage_network_open would return
NULL and an empty file would be written.

Change this so that if storage_network_open fails, then the current
network settings are written to disk and not a temporary.
2018-08-10 12:13:44 -05:00
Marcel Holtmann
cb24b622ae Release 0.5 2018-08-10 18:09:15 +02:00
Andrew Zaborowski
abeed797c0 network: Reload settings in network_sync_psk
Reload the network settings from disk before calling
storage_network_sync in network_sync_psk to avoid potentially
overwriting changes made to the storage by user since the connection
attempt started.  This won't account for all situations but it
covers some of them and doesn't cost us much.
2018-08-10 09:44:16 -05:00
Andrew Zaborowski
3065e0768c knownnetworks: Add KnownNetwork.Hidden boolean property 2018-08-10 09:43:31 -05:00
Andrew Zaborowski
cbbba5cc5a doc: Add the KnownNetwork.Hidden property 2018-08-10 09:43:27 -05:00
James Prestwood
4ddb95e147 auto-t: made waiting for network connection optional
The default behavior of NetworkObject.connect() is to wait for the
Connect dbus method to reply before returning back to the test. This
change makes it possible to connect, but not wait for a reply and
continue on with the test (by specifying wait=False). This is
specifically required to test SAE anti-clogging, where the AP needs
to have several simultaneous connections at once for the anti-clogging
logic to trigger. This change also adds Device.wait_for_connected()
which waits for the device interface State variable to be "connected".
2018-08-09 15:22:18 -05:00
Denis Kenzior
14693065d7 netdev: Use EAPoL over nl80211 if CONTROL_PORT set
Our logic would set CONTROL_PORT_OVER_NL80211 even in cases where
CONTROL_PORT wasn't used (e.g. for open networks).  While the kernel
ignored this attribute in this case, it is nicer to set this only if
CONTROL_PORT is intended to be used.
2018-08-09 15:20:27 -05:00
James Prestwood
d2d2b59f25 netdev: break out FT associate into common function
SAE will require some of the same CMD_ASSOCIATE building code that
FT currently uses. This breaks out the common code from FT into
netdev_build_cmd_associate_common.
2018-08-09 15:20:10 -05:00