3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 21:22:37 +01:00
Commit Graph

1665 Commits

Author SHA1 Message Date
Denis Kenzior
6df62ab68e station: Update to the new GetHiddenAccessPoints API 2018-11-09 14:06:20 -06:00
Denis Kenzior
5f8c20f455 netdev: Enable ControlPortOverNL80211 by default 2018-11-09 11:52:09 -06:00
Denis Kenzior
8732a9f38a main: Add checks for asymmetric key support
Tell the user that Kernel 4.20 with asymmetric key support enabled is
required to support TLS based (EAP/PEAP/TTLS) WPA-Enterprise methods.
2018-11-09 11:50:29 -06:00
Tim Kourt
8c1992feb2 station: Introduce GetHiddenStations API call 2018-11-09 11:34:43 -06:00
Tim Kourt
f803b0439b station: Introduce an ordered list of hidden stations
A sorted list of hidden network BSSs observed in the recent scan
is kept for the informational purposes of the clients. In addition,
it has deprecated the usage of seen_hidden_networks variable.
2018-11-09 11:34:43 -06:00
Andrew Zaborowski
0b5dceab27 network: Don't require PSK if Passphrase present
Refactor the network->psk and network->passphrase loading and saving
logic to not require the PreSharedKey entry in the psk config file and
to generate network->psk lazily on request.  Still cache the computed
PSK in memory and in the .psk file to avoid recomputing it which uses
many syscalls.  While there update the ask_psk variable to
ask_passphrase because we're specifically asking for the passphrase.
2018-11-05 12:43:16 -06:00
Patrik Flykt
0b1e6cc3e5 scan: Log BSSID in messages
If there is an error with the BSSID information, log the BSSID
station address to catch the offending Access Point.
2018-11-05 12:29:41 -06:00
Patrik Flykt
7ec8fd6776 ie: Fix up broken Access Point with too many rates added
According to the specification, Supported rates IE is supposed
to have a maximum length of eight rate bytes. In the wild an
Access Point is found to add 12 bytes of data instead of placing
excess rate bytes in an Extended Rates IE.

BSS: len 480
    BSSID 44:39:C4:XX:XX:XX
    Probe Response: true
    TSF: 0 (0x0000000000000000)
    IEs: len 188
...
        Supported rates:
            1.0(B) 2.0(B) 5.5(B) 6.0(B) 9.0 11.0(B) 12.0(B) 18.0 Mbit/s
            24.0(B) 36.0 48.0 54.0 Mbit/s
            82 84 8b 8c 12 96 98 24 b0 48 60 6c              .......$.H`l
        DSSS parameter set: channel 3
            03
...

Any following IEs decode nicely, thus it seems that we can relax
Supported Rates IE length handling to support this thermostat.
2018-11-05 12:07:22 -06:00
Patrik Flykt
c68ae2f00b main: Log optimized implementations only when they exist
Log optimized implementations strings only when the hashmap contains
items in order to avoid an unnecessary line of text with no members
printed out.
2018-11-05 11:52:48 -06:00
Denis Kenzior
c4153941af netdev: Use l_genl_family_unicast_handler 2018-11-02 15:53:07 -05:00
James Prestwood
1d62f4ec0e eapol: remove unused public eapol functions from header
After moving AP EAPoL code into eapol.c there were a few functions that
no longer needed to be public API's. These were changed to static's and
the header definition was removed.
2018-11-02 14:05:44 -05:00
Marcel Holtmann
554e4f55db build: Fix includes for using with -std=c99 compiler option 2018-11-01 22:37:11 +01:00
Marcel Holtmann
72a64fa7fb build: Adjust to the latest ELL signal API changes 2018-11-01 22:09:19 +01:00
Andrew Zaborowski
e4222d0ebe eap-tls: Set upper limit on request size
Set an upper limit on a fragmented EAP-TLS request size similar to how
we do it in EAP-TTLS.  While there make the code more similar to the
EAP-TTLS flag processing to keep them closer in sync.  Note that the
spec suggests a 64KB limit but it's not clear if that is for the TLS
record or EAP request although it takes into account the whole TLS
negotiation so it might be good for both.
2018-11-01 15:04:56 -05:00
Andrew Zaborowski
0b71b034c1 eap-tls/ttls/peap: Conditionally enable TLS debugging
Print the TLS debug messages if IWD_TLS_DEBUG is set.
2018-11-01 15:04:56 -05:00
Marcel Holtmann
a011909556 main: Use l_main_run_with_signal instead of open coding it 2018-11-01 19:56:16 +01:00
Marcel Holtmann
38e831afa0 main: Make genl and nl80211 global variables static 2018-11-01 19:55:54 +01:00
Marcel Holtmann
013bae6d3d eapol: Make eapol_frame_watch_{add,remove} functions static 2018-11-01 10:27:22 +01:00
Marcel Holtmann
9335602ba0 network: Removed unneeded include for src/watchlist.h 2018-11-01 10:19:26 +01:00
Marcel Holtmann
e1c391a76b wsc: Removed unneeded include for src/watchlist.h 2018-11-01 10:17:54 +01:00
Denis Kenzior
7699c8ab1e eap-ttls: Handle redundant L flags
Some of the TTLS server implementations set the L flag in the fragment
packets other than the first one. To stay interoperable with such devices,
iwd is relaxing the L bit check.
2018-10-30 15:47:57 -05:00
Denis Kenzior
5cc60d18cc eap-md5: Add warning about deprecated settings key 2018-10-29 18:49:19 -05:00
Tim Kourt
99c685940a eap-md5: Standardize setting keys
Switch EAP-MD5 to use the common password setting key nomenclature.
The key name has been changed from PREFIX-MD5-Secret to PREFIX-Password.
Note: The old key name is supported.
In addition, this patch adds an ability to request Identity and/or
Password from user.
2018-10-29 18:46:07 -05:00
James Prestwood
b9029aaf65 adhoc: wait for both handshakes before adding peer
Adhoc was not waiting for BOTH handshakes to complete before adding the
new peer to the ConnectedPeers property. Actually waiting for the gtk/igtk
(in a previous commit) helps with this, but adhoc also needed to keep track
of which handshakes had completed, and only add the peer once BOTH were done.
This required a small change in netdev, where we memcmp the addresses from
both handshakes and only set the PTK on one.
2018-10-26 15:29:48 -05:00
James Prestwood
e678d6655f netdev: signal handshake complete after setting all keys
Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing
the SET_STATION (after setting the pairwise key). Depending on the timing
this may happen before the GTK/IGTK are set which will result in group
traffic not working initially (the GTK/IGTK would still get set, but group
traffic would not work immediately after DBus said you were connected, this
mainly poses a problem with autotests).

In order to fix this, several flags were added in netdev_handshake_state:
ptk_installed, gtk_installed, igtk_installed, and completed. Each of these
flags are set true when their respective keys are set, and in each key
callback we try to trigger the handshake complete event (assuming all the
flags are true). Initially the gtk/igtk flags are set to true, for reasons
explained below.

In the WPA2 case, all the key setter functions are called sequentially from
eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is
because the gtk/igtk are optional and only set if group traffic is allowed.
If the gtk/igtk are not used, we set the PTK and can immediately trigger the
handshake complete event (since gtk_installed/igtk_installed are initialized
as true). When the gtk/igtk are being set, we immediately set their flags to
false and wait for their callbacks in addition to the PTK callback. Doing it
this way handles both group traffic and non group traffic paths.

WPA1 throws a wrench into this since the group keys are obtained in a
separate handshake. For this case a new flag was added to the handshake_state,
'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way,
but still wait for the gtk/igtk setters to get called before triggering the
handshake complete event. As a precaution, netdev sets a timeout that will
trigger if the gtk/igtk setters are never called. In this case we can still
complete the connection, but print a warning that group traffic will not be
allowed.
2018-10-26 15:26:49 -05:00
Marcel Holtmann
9b2bb2723f crypto: Use full include path local includes 2018-10-26 21:35:27 +02:00
Marcel Holtmann
77710f9765 simauth: Use full include path local includes 2018-10-26 21:34:58 +02:00
Marcel Holtmann
515c130549 storage: Use full include path local includes 2018-10-26 21:34:00 +02:00
Marcel Holtmann
0b93fde3b4 wscutil: Use full include path local includes 2018-10-26 21:33:38 +02:00
Marcel Holtmann
162e6a19f6 watchlist: Use full include path local includes 2018-10-26 21:33:01 +02:00
Marcel Holtmann
1eaca1f8e1 mscaputil: Use full include path local includes 2018-10-26 21:32:20 +02:00
Marcel Holtmann
3fa63ede50 eapol: Use full include path local includes 2018-10-26 21:31:52 +02:00
Marcel Holtmann
c2d0517228 knownnetworks: Use full include path local includes 2018-10-26 21:30:44 +02:00
Marcel Holtmann
e92b976663 ecc: Use full include path local includes 2018-10-26 21:29:45 +02:00
Marcel Holtmann
42cfaeb265 sae: Use full include path local includes 2018-10-26 21:29:08 +02:00
Marcel Holtmann
785be02ee5 mpdu: Use full include path local includes 2018-10-26 21:28:10 +02:00
Marcel Holtmann
52f7f1dea2 handshake: Use full include path local includes 2018-10-26 21:27:01 +02:00
Marcel Holtmann
23a7fafec6 ie: Use full include path for local includes 2018-10-26 21:26:17 +02:00
Marcel Holtmann
be5bf7ee15 util: Only include <ell/ell.h> and use full include path 2018-10-26 21:24:20 +02:00
Denis Kenzior
a2efe2d2de eap-pwd: Warn if deprecated setting is used 2018-10-25 14:52:30 -05:00
Tim Kourt
df59d57f96 eap-pwd: Standardize setting keys
Switch EAP-PWD to use the common password setting key nomenclature.
2018-10-25 14:29:56 -05:00
Denis Kenzior
c256dbfbd8 eap-gtc: Warn if deprecated setting is used 2018-10-25 14:25:28 -05:00
Tim Kourt
c92f8231b2 eap-gtc: Standardize property keys
Switch EAP-GTC to use the common password setting key nomenclature.
2018-10-25 14:14:16 -05:00
Tim Kourt
e8de229223 ttls: add support for tunneled MS-CHAP 2018-10-24 16:33:06 -05:00
Tim Kourt
b46376980a mschaputil: Add MS CHAP utilities 2018-10-24 16:28:46 -05:00
Denis Kenzior
ae538eae7d netdev: Cancel ongoing rekey offload
We need to cancel an ongoing rekey offload in a few additional places
besides the netdev destructor.
2018-10-20 10:38:56 -05:00
Denis Kenzior
8501b2edb1 netdev: Add a TODO about Rekey Offload errors 2018-10-20 10:36:42 -05:00
Denis Kenzior
658362a349 netdev: Put command cancelation into a common function 2018-10-20 10:35:28 -05:00
Tim Kourt
e979bf97f1 netdev: add an ability to cancel hw rekey cmd
==1628== Invalid read of size 1
==1628==    at 0x405E71: hardware_rekey_cb (netdev.c:1381)
==1628==    by 0x444E5B: process_unicast (genl.c:415)
==1628==    by 0x444E5B: received_data (genl.c:534)
==1628==    by 0x442032: io_callback (io.c:126)
==1628==    by 0x4414CD: l_main_iterate (main.c:387)
==1628==    by 0x44158B: l_main_run (main.c:434)
==1628==    by 0x403775: main (main.c:489)
==1628==  Address 0x5475208 is 312 bytes inside a block of size 320 free'd
==1628==    at 0x4C2ED18: free (vg_replace_malloc.c:530)
==1628==    by 0x43D94D: l_queue_clear (queue.c:107)
==1628==    by 0x43D998: l_queue_destroy (queue.c:82)
==1628==    by 0x40B431: netdev_shutdown (netdev.c:4765)
==1628==    by 0x403B17: iwd_shutdown (main.c:81)
==1628==    by 0x4419D2: signal_callback (signal.c:82)
==1628==    by 0x4414CD: l_main_iterate (main.c:387)
==1628==    by 0x44158B: l_main_run (main.c:434)
==1628==    by 0x403775: main (main.c:489)
==1628==  Block was alloc'd at
==1628==    at 0x4C2DB6B: malloc (vg_replace_malloc.c:299)
==1628==    by 0x43CA4D: l_malloc (util.c:62)
==1628==    by 0x40A853: netdev_create_from_genl (netdev.c:4517)
==1628==    by 0x444E5B: process_unicast (genl.c:415)
==1628==    by 0x444E5B: received_data (genl.c:534)
==1628==    by 0x442032: io_callback (io.c:126)
==1628==    by 0x4414CD: l_main_iterate (main.c:387)
==1628==    by 0x44158B: l_main_run (main.c:434)
==1628==    by 0x403775: main (main.c:489)
2018-10-20 10:29:52 -05:00
Marcel Holtmann
a59e162446 knownnetworks: Use l_dir_watch instead of l_fswatch 2018-10-19 19:14:05 +02:00