3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-06 20:19:24 +01:00
Commit Graph

7035 Commits

Author SHA1 Message Date
James Prestwood
7fad6590bd eapol: allow 'secure' to be set on rekeys
About a month ago hostapd was changed to set the secure bit on
eapol frames during rekeys (bc36991791). The spec is ambiguous
about this and has conflicting info depending on the sections you
read (12.7.2 vs 12.7.6). According to the hostapd commit log TGme
is trying to clarify this and wants to set secure=1 in the case
of rekeys. Because of this, IWD is completely broken with rekeys
since its disallows secure=1 on PTK 1/4 and 2/4.

Now, a bool is passed to the verify functions which signifies if
the PTK has been negotiated already. If secure differs from this
the key frame is not verified.
2022-06-24 18:11:56 -05:00
James Prestwood
cfb782cfff auto-t: remove sleep in testAgent
The test here is verifying that a DBus Connect() call will still
work with 'other' agents registered. In this case it uses iwctl to
set a password, then call Connect() manually.

The problem here is that we have no way of knowing when iwctl fully
starts and registers its agent. There was a sleep in there but that
is unreliable and we occationally were still getting past that without
iwctl having started fully.

To fix this properly we need to wait for iwctl's agent service to appear
on the bus. Since the bus name is unknown we must first find all names,
then cross reference their PID's against the iwctl PID. This is done
using ListNames, and GetConnectionUnixProcessID APIs.
2022-06-24 18:11:49 -05:00
James Prestwood
267feb94b0 auto-t: fix rekey/reauth logic in a few ways
The rekey/reauth logic was broken in a few different ways.

For rekeys the event list was not being reset so any past 4-way
handshake would allow the call to pass. This actually removes
the need for the sleep in the extended key ID test because the
actual handshake event is waited for correctly.

For both rekeys and reauths, just waiting for the EAP/handshake
events was not enough. Without checking if the client got
disconnected we essentially allow a full disconnect and reconnect,
meaning the rekey/reauth failed.

Now a 'disallow' array can be passed to wait_for_event which will
throw an exception if any events in that array are encountered
while waiting for the target event.
2022-06-24 18:11:33 -05:00
James Prestwood
53e8bf4cb0 auto-t: fix testEncryptedProfiles mtime check
Yet another weird UML quirk. The intent of this tests was to ensure
the profile gets encrypted, and to check this both the mtime and
contents of the profile were checked.

But under UML the profile is copied, IWD started, and the profile
is encrypted all without any time passing. The (same) mtime was
then updated without any changes which fails the mtime check.

This puts a sleep after copying the profile to ensure the system
time differs once IWD encrypts the profile.
2022-06-24 18:11:15 -05:00
James Prestwood
1ecadc3952 test-runner: fix UML blocking on wait_for_socket/service
In UML if any process dies while test-runner is waiting for the DBus
service or some socket to be available it will block forever. This
is due to the way the non_block_wait works.

Its not optimal but it essentially polls over some input function
until the conditions are met. And, depending on the input function,
this can cause UML to hang since it never has a chance to go idle
and advance the time clock.

This can be fixed, at least for services/sockets, by sleeping in
the input function allowing time to pass. This will then allow
test-runner to bail out with an exception.

This patch adds a new wait_for_service function which handles this
automatically, and wait_for_socket was refactored to behave
similarly.
2022-06-24 18:11:10 -05:00
James Prestwood
3e5ce99e82 test-runner: make is_process_running more accurate
This function was checking if the process object exists, which can
persist long after a process is killed, or dies unexpectedly. Check
that the actual PID exists by sending signal 0.
2022-06-24 18:11:02 -05:00
James Prestwood
c10ade711d test-runner: remove reference to missing class member
The print statement was referencing self.name, which doesn't exist. Use
self.args[0] instead.
2022-06-24 18:10:54 -05:00
James Prestwood
a276243e9a storage: warn user on badly named provisioning file
The man pages (iwd.network) have a section about how to name provisioning
files containing non-alphanumeric characters but not everyone reads the
entire man page.

Warning them that the provisioning file was not read and pointing to
'man iwd.network' should lead someone in the right direction.
2022-06-24 10:40:11 -05:00
Denis Kenzior
16739cb4e6 eap: Fix EAP-Success handling
EAP-Success might come in with an identifier that is incremented by 1
from the last Response packet.  Since identifier field is a byte, the
value might overflow (from 255 -> 0.)  This overflow isn't handled
properly resulting in EAP-Success/Failure packets with a 0 identifier
due to overflow being erroneously ignored.  Fix that.
2022-06-23 16:20:28 -05:00
James Prestwood
d7136483c3 auto-t: fix timing issue in testEncryptedProfiles
test_decryption_failure is quite simple and only verifies that a known
network exists after starting. This causes the test to end before IWD can
fully start up leaving the DBus utilities in limbo having not fully
initialized.

Then, on the next test, stale InterfaceAdded signals arrive (for Station
and P2P) which throw exceptions when trying to get the bus (since IWD is
long gone). In addition the next IWD instance has started so any paths
included in the InterfaceAdded signals are bogus and cause additional
exceptions.

At the end of this test we can call list_devices() which will wait for
the InterfaceAdded signal, and cleanly exit afterwards.
2022-06-22 18:42:40 -05:00
James Prestwood
d43ec1b014 test-runner: fix result/monitor options
An earlier commit fixed several options but ended up breaking others. The
result_parent/monitor_parent options are hidden from the user and only meant
to be passed to the kernel but they relied on the fact that the underscore
was present, not a dash. This updates the argument to use a dash:

--result-parent
--monitor-parent

Fixes: 00e41eb0ff ("test-runner: Fix parsing for some arguments")
2022-06-22 18:41:21 -05:00
James Prestwood
8f42507641 test-runner: fix matching with --verbose
The new regex match update was actually matching way more than it should
have due to how python's 'match' API works. 'match' will return successfully
if zero or more characters match from the beginning of the string. In this
case we actually need the entire regex to match otherwise we start matching
all prefixes, for example:

"--verbose iwd" will match iwd, iwd-dhcp, iwd-acd, iwd-genl and iwd-tls.

Instead use re.fullmatch which requires the entire string to match the
regex.
2022-06-22 18:39:41 -05:00
James Prestwood
f4279ebf53 auto-t: fix hardcoded 'wlan1' in testNetconfig
This works, if testNetconfig is the only test. Otherwise it will always
fail since the interface naming increments for each test.
2022-06-22 18:37:15 -05:00
James Prestwood
72fac7f1b8 auto-t: rename testHiddenNetwork's test class
This was copy pasted from the autoconnect test, and depending on
how the python module cache is ordered can incorrectly use the
wrong test class. This should nothappen because we insert
the paths to the head of the list but for consistency the class
should be named something that reflects what the test is doing.
2022-06-22 18:37:15 -05:00
James Prestwood
679cea02af test-runner: exclude 'iwd-rtnl' from being enabled with --log
Enabling this ends up dumping so much logging and, at least with namespaces,
seems to break the logger module and cause really weird behavior, worst of
which is that all processes start dumping to stdout.

This can still be enabled explicitly with --verbose iwd-rtnl, but is turned
off by default when --log is used.
2022-06-22 18:37:15 -05:00
Andrew Zaborowski
2c0bb06d1a auto-t: Verify DNS entries added from DHCP/static
Add a fake resolvconf executable to verify that the right nameserver
addresses were actually committed by iwd.  Again use unique nameserver
addresses to reduce the possibility that the test succeeds by pure luck.
2022-06-22 15:57:36 -05:00
Andrew Zaborowski
c4fe900a71 auto-t: In testNetconfig verify routes created
Check that the right set of routes is being added for IPv4 and IPv6.
Chane gateway addresses to differ from the AP or dhcpd addresses.
2022-06-22 15:57:22 -05:00
Andrew Zaborowski
c65b2ec317 auto-t: In testNetconfig add static IPv6, add comments
In static_test.py add IPv6.  Add comments on what we're actually testing
since it wasn't very clear.  After the expected ACD conflict detection,
succeed if either the lost address was removed or the client disconnected
from the AP since this seems like a correct action for netconfig to
implement.
2022-06-22 15:57:09 -05:00
Andrew Zaborowski
a46707a595 auto-t: Ensure storage_dir exists, clean up
In iwd.py make sure all the static methods that touch IWD storage take the
storage_dir parameter instead of hardcoding IWD_STORAGE_DIR, and make
sure that parameter is actually used.

Create the directory if it doesn't exist before copying files into it.
This fixes a problem in testNetconfig where

`IWD.copy_to_storage('ssidTKIP.psk', '/tmp/storage')`

would result in /tmp/storage being created as a file, rather than a
directory containing a file, and resulting in IWD failing to start with:

`Failed to create /tmp/storage`

runner.py creates /tmp/iwd but that doesn't account for IWD sessions
with a custom storage dir path.
2022-06-22 15:56:57 -05:00
Andrew Zaborowski
57888632a3 auto-t: Validate netmasks in testNetconfig, add utility
Extend test_ip_address_match to support IPv6 and to test the
netmask/prefix length while it reads the local address since those are
retrieved using the same API.

Modify testNetconfig to validate the prefix lengths, change the prefix
lengths to be less common values (not 24 bits for IPv4 or 64 for IPv6),
minor cleanup.
2022-06-22 15:56:35 -05:00
Andrew Zaborowski
00e41eb0ff test-runner: Fix parsing for some arguments
Currently the parameter values reach run-tests by first being parsed by
runner.py's RunnerArgParser, then the resulting object members being
encoded as a commandline string, then as environment variables, then the
environment being converted to a python string list and passed to
RunnerCoreArgParser again.  Where argument names (like --sub-tests) had
dashes, the object members had underscores (.sub_tests), this wasn't
taken into account when building the python string list from environment
variables so convert all underscores to dashes and hope that all the
names match now.

Additionally some arguments used nargs='1' or nargs='*' which resulted
in their python values becoming lists.  They were converted back to command
line arguments such as: --sub_tests ['static_test.py'], and when parsed
by RunnerCoreArgParser again, the values ended up being lists of lists.
In all three cases it seems the actual user of the parsed value actually
expects a single string with comma-separated substrings in it so just drop
the nargs= uses.
2022-06-22 15:56:01 -05:00
Andrew Zaborowski
8237264848 autotests: Drop unused file+directory 2022-06-17 14:13:33 -05:00
Andrew Zaborowski
1aa418d098 test-runner: Support iwd-rtnl as a --verbose value 2022-06-17 14:13:30 -05:00
Andrew Zaborowski
032a3d1473 station: Move netconfig_reset() to common path
To avoid repetition, call netconfig_reset in
station_reset_connection_state.
2022-06-17 14:09:55 -05:00
Andrew Zaborowski
e88a0757ab storage: Log a message on network file parse errors
Most users of storage_network_open don't log errors when the function
returns a NULL and fall back to defaults (empty l_settings).
storage_network_open() itself only logs errors if the flie is encrypted.
Now also log an error when l_settings_load_from_file() fails to help track
down potential syntax errors.
2022-06-17 14:09:38 -05:00
Andrew Zaborowski
ba1253df3b netconfig: Fix address format validation
Drop the wrong negation in the error check.  Check that there are no extra
characters after prefix length suffix.  Reset errno 0 before the strtoul
call, as recommended by the manpage.
2022-06-17 14:04:07 -05:00
James Prestwood
ef956995b8 HACKING: update to use new mailing list
IWD will be switching to a new mailing list iwd@lists.linux.dev.
This list is active already, and any new patches should be sent
there.
2022-06-15 19:36:48 -05:00
James Prestwood
f2fe9206c6 p2p: fix warning for uninitialized variable (clang)
This is actually a false positive only because
p2p_device_validate_conn_wfd bails out if the IE is NULL which
avoids using wfd_data_length. But its subtle and without inspecting
the code it does seem like the length could be used uninitialized.

src/p2p.c:940:7: error: variable 'wfd_data_len' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
                if (dev->conn_own_wfd)
                    ^~~~~~~~~~~~~~~~~
src/p2p.c:946:8: note: uninitialized use occurs here
                                                        wfd_data_len))
                                                        ^~~~~~~~~~~~
src/p2p.c:940:3: note: remove the 'if' if its condition is always true
                if (dev->conn_own_wfd)
                ^~~~~~~~~~~~~~~~~~~~~~
src/p2p.c:906:23: note: initialize the variable 'wfd_data_len' to silence this warning
                ssize_t wfd_data_len;
                                    ^
                                     = 0
2022-06-10 14:44:18 -05:00
James Prestwood
8a8c2fbe38 storage: remove unused variables
The auto macros apparently made it difficult for gcc to
detect, but clang was able to find them.
2022-06-10 14:44:10 -05:00
James Prestwood
c7640f8346 monitor: fix integer comparison error (clang)
Though the documentation for NLMSG_OK uses an int type for the length
the actual check is based on nlmsghdr->nlmsg_len which is a 32 bit
unsigned integer. Clang was complaining about one call in nlmon.c
because nlmsg_len was int type. Every other usage in nlmon.c uses
a uint32_t, so use that both for consistency and to fix the warning.

monitor/nlmon.c:7998:29: error: comparison of integers of different
		signs: '__u32' (aka 'unsigned int') and 'int'
		[-Werror,-Wsign-compare]
        for (nlmsg = iov.iov_base; NLMSG_OK(nlmsg, nlmsg_len);
                                   ^~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/linux/netlink.h💯24: note: expanded from macro 'NLMSG_OK'
                           (nlh)->nlmsg_len <= (len))
2022-06-10 14:26:39 -05:00
James Prestwood
39b36f8e21 fils: pragma false positive for uninitialized variable
On musl-gcc the compiler is giving a warning for igtk_key_index
and gtk_key_index being used uninitialized. This isn't possible
since they are only used if gtk/igtk are non-NULL so pragma to
ignore the warning.

src/fils.c: In function 'fils_rx_associate':
src/fils.c:580:17: error: 'igtk_key_index' may be used uninitialized
	in this function [-Werror=maybe-uninitialized]
  580 |                 handshake_state_install_igtk(fils->hs,
					igtk_key_index,igtk + 6,
					igtk_len - 6, igtk);

(same error for gtk_key_index)
2022-06-10 13:59:01 -05:00
Andrew Zaborowski
cb6289b622 auto-t: Work around wpa_s config issue in testP2P
Since commit 922fa099721903b106a7bc1ccd1ffe8c4a7bce69 in hostap, our
setting of config_methods on P2P-client interface was ignored.  Work
around that commit, in addition to the previous workaround we have in
this test, to again ensure the correct config_methods value is used.
2022-06-06 10:39:00 -05:00
Marcel Holtmann
649ddf696e Release 1.28 2022-06-04 22:13:27 +02:00
Marcel Holtmann
d555a867fb build: Require at least version 0.51 when building with external ELL 2022-06-04 22:04:21 +02:00
Marcel Holtmann
5c1cc7729d build: Update to support Autoconf >= 2.69 2022-06-04 22:03:41 +02:00
James Prestwood
b2ed779ce9 test-runner: fix testhome mounting for QEMU
This was lazily copied from UML but really made no sense in the context
of QEMU. First QEMU needs the virtfs option to define the mount tag and
in addition a 9p mount should be used rather than 'hostfs'.
2022-06-03 18:20:55 -05:00
James Prestwood
db3d6a3652 test-runner: allow regex for verbose option
The glob match was completely broken for --verbose because globs
are actually path matches, not generally for strings. Instead
match based on regular expressions.

First the verbose option was fixed to store it as an array as well
as write any list arguments into the kernel command line properly
(str() would include []). This has worked up until now because the
'in' keyword in python will work on strings just as well
as lists, for example:

>>> 'test' in 'this,is,a,test'
True

Then, the glob match was replaced with a regex match. Any exceptions
are caught and somewhat ignored (printed, but only seen with --debug).
This only guards against fatal exceptions from a user passing an
invalid expression.
2022-06-03 18:20:48 -05:00
James Prestwood
2ad5e48314 network: fix handling of AlwaysRandomizeAddress/AddressOverride
For network configuration files the man pages (iwd.network) state
that [General].{AlwaysRandomizeAddress,AddressOverride} are only
used if main.conf has [General].AddressRandomization=network.

This actually was not being enforced and both iwd.network settings
were still taken into account regardless of what AddressRandomization
was set to (even disabled).

The handshake setup code now checks the AddressRandomization value
and if anything other than 'network' skips the randomization.
2022-06-03 15:52:06 -05:00
James Prestwood
c36f94a15a test-runner: only remove /tmp files if they exist
This bit of code was throwing exceptions if a test cleaned up files that
test-runner was expecting to clean up. Specifically testHotspot swaps out
main.conf and PSK files many times. This led to the exception being thrown,
caught, and ignored but further on test-runner would print:

"File _X_ not cleaned up!"

Now the files will be checked if they exist before trying to remove it.
2022-06-03 11:59:13 -05:00
James Prestwood
0545dbcf24 auto-t: remove ifconfig call from testScan
ifconfig isn't available by default in several linux distros
so instead use 'ip' which seems to be much more widespread.
2022-06-03 11:59:07 -05:00
James Prestwood
19693f587f dpp,dpp-util: cast size_t for constant arguments to va_arg
There were a few places in dpp/dpp-util which passed a single byte but
was being read in with va_arg(va, size_t). On some architectures this was
causing failures presumably from the compiler using an integer type
smaller than size_t. As we do elsewhere, cast to size_t to force the
compiler to pass a properly sized iteger to va_arg.
2022-06-03 11:54:58 -05:00
James Prestwood
df46776046 auto-t: allow skipping tests is wpa_supplicant is not found
Similarly to ofono/phonesim allow tests to be skipped if wpa_supplicant
is not found on the system.

This required some changes to DPP/P2P where Wpas() should be called first
since this can now throw a SkipTest exception.

The Wpas class was also made to allow __del__ to be called without
throwing additional exceptions in case wpa_supplicant was not found.
2022-06-02 16:47:02 -05:00
James Prestwood
1296e4eacb auto-t: allow wildcard phase1 for EAP tests
This allows the EAP tests to pass, but the fix really needs to be in
hostapd itself. Hostapd currently tries to lookup the EAP session
immediately after receiving EAPOL_REAUTH. This uses the identity
it has stored which, in the case of PEAP/TTLS, will always be a phase2
identity. During this initial lookup hostapd hard codes the identity
to be phase1 which is not true for PEAP/TTLS, and the lookup fails.
2022-06-01 11:02:01 -05:00
James Prestwood
e2aca6e917 auto-t: correctly import Mapping from collections
The current way this was being done was to import collections and
use collections.Mapping. This has been deprecated since python 3.3
but has worked up until python 3.10. After python 3.10 this will
no longer work, and Mapping must be imported from collections.abc.
2022-06-01 11:01:50 -05:00
James Prestwood
7290989e15 auto-t: add EAP reauth to testEAP 2022-05-26 11:24:56 -05:00
James Prestwood
a18c6e10a7 auto-t: fix eapol_reauth utility
This was passing IFNAME= along with EAPOL_REAUTH which does not work
in the context of a hostapd socket where the iface is already implied.
This fixes that issue as well as resets the events array and actually
waits for the required events afterwards.
2022-05-26 11:24:52 -05:00
Andrew Zaborowski
eb8362bf76 eap-tls: Keep l_tls instance for reauthentication
After one of the eap-tls-common-based methods succeeds keep the TLS
tunnel instance until the method is freed, rather than free it the
moment the method succeeds.  This fixes repeated method runs where until
now each next run would attempt to create a new TLS tunnel instance
but would have no authentication data (CA certificate, client
certificate, private key and private key passphrase) since those are
were by the old l_tls object from the moment of the l_tls_set_auth_data()
call.

Use l_tls_reset() to reset the TLS state after method success, followed
by a new l_tls_start() when the reauthentication starts.
2022-05-26 11:23:46 -05:00
James Prestwood
0e77e33a4d auto-t: fix testRSSIAgent after signal agent changes
The signal agent notifications were changed which breaks this test.
Specifically commit ce227e7b94 sends a notification when connected
which breaks the 'agent.calls' check. Since this check is done both
after connecting and once already connected the initial value may
be 1 or 0. Because of this that check was removed entirely.
2022-05-25 15:00:06 -05:00
James Prestwood
e000eff492 auto-t: use copy_to_storage in address randomization test
This test was just piping the PSK files into /tmp/iwd/ssidCCMP.psk
which is a bit fragile if the storage dir was ever to change. Instead
use copy_to_storage and the 'name' keyword to copy the file.
2022-05-25 15:00:06 -05:00
James Prestwood
87bb9a42b5 test-runner: skip mounting duplicate folders
If the user specifies the same parent directory for several outfiles
skip mounting since it already exists. For example:

--monitor /outfiles/monitor.txt --result /outfiles/result.txt
2022-05-25 15:00:05 -05:00