3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-27 11:39:23 +01:00
Commit Graph

2696 Commits

Author SHA1 Message Date
Tim Kourt
8884fd8bbd peap: Add support for Crypto-Binding in PEAPv0
The Crypto Binding TLV is used to ensure that the EAP peer and the
EAP server participated in both the inner and the outer EAP
authentications of a PEAP authentication by cryptographically associating
the phase 1 and phase 2 authentications.

The usage of Crypto-Binding in PEAPv0 is optional and is triggered by
the reception of the Crypto-Binding TLV from the server.
2019-12-12 15:13:32 -06:00
Tim Kourt
8e5f838219 peap: Extend EAP Extensions to handle multiple TLVs
The handler for EAP Extensions has been modified to support multiple
TLV types instead of the single Result TLV. This will allow to handle
the other TLVs such as Crypto-Binding TLV.
2019-12-12 15:13:32 -06:00
Tim Kourt
fb338154a2 netconfig: Add IPv4 domain name helper and installer
The provided domain name helper allows to override the DHCP lease
option value with the static one from network configuration file.
2019-12-12 10:35:12 -06:00
Pinghao Wu
d510f332b6 eap-gtc: Try to auth even if request not Password
There are some server implementations that send requests that are
not "Password" but still want us send password. This commit modify
the behavior to send a warning and still try to auth with password.

This makes me able to auth with server in my school which sends
"Enter Aruba Login".

wpa_supplicant does not check if it is "Password".
2019-12-12 10:22:58 -06:00
Denis Kenzior
0238ffb8d9 netdev: Use -EOPNOTSUPP instead of -ENOTSUPP
The kernel uses -EOPNOTSUPP in the case of change_station operation not
being provided.  On most systems -EOPNOTSUPP is defined to be the same
as -ENOTSUPP, but seemingly not all systems.
2019-12-12 10:19:24 -06:00
Tim Kourt
930528e35e resolve: Add systemd-resolved domain name installer
The exposed DBus API is used to install doamin name into
sytemd-resolved.
2019-12-11 00:57:35 -06:00
Tim Kourt
1fd794a444 netconfig: Use CamelCase for IPv6 DNS setting 2019-12-11 00:57:29 -06:00
Tim Kourt
ac9c87d012 netconfig: Use CamelCase for IPv6 gateway setting 2019-12-11 00:57:29 -06:00
Tim Kourt
2414a3ae51 netconfig: Use CamelCase for IPv6 address settings 2019-12-11 00:57:29 -06:00
Tim Kourt
e7db478f97 netconfig: Use CamelCase for IPv4 DNS setting 2019-12-11 00:57:29 -06:00
Tim Kourt
994c1a4b5a netconfig: Use CamelCase for IPv4 gateway setting 2019-12-11 00:57:29 -06:00
Tim Kourt
0d9487d4ec netconfig: Use CamelCase for IPv4 address settings 2019-12-11 00:57:29 -06:00
Tim Kourt
1b483c3963 crypto: Add support for PRF+ SHA1
The PRF+ algorithm is based Internet Key Exchange (IKEv2) Protocol:
	https://www.ietf.org/rfc/rfc4306.txt
2019-12-09 01:47:11 -06:00
Tim Kourt
24b6a95366 peap: Rename AVPs to TLVs
Most of the literature seems to refer to AVPs as TLVs. Rename the
variables to follow the common nomenclature.
2019-12-09 01:39:41 -06:00
Tim Kourt
9bf0b756c8 peap: Delay key installation until success of Phase 2
Previously, the key was installed once the tunnel was created
despite the outcome of the second authentication phase. Now, the
key installation is delayed until the successful completion of
the second authentication phase. This excludes the unnecessary
operations in the case of a failure and key reinstallation with
cypro-binding in use.
2019-12-09 01:39:27 -06:00
Tim Kourt
5273a3b581 peap: Introduce PEAP state
Introduction of the state struct will allow to hold the additional
state variables related to the implementation of PEAP.
2019-12-09 01:38:59 -06:00
Andrew Zaborowski
cbbc247aa2 wsc: Declare the credentials structure in wsc.h 2019-12-08 21:48:33 -06:00
Denis Kenzior
738184d491 device/netdev: init scan in netdev instead of device
Commit 1057d8aa74 changed the device interface creation logic
from being unconditional inside netdev.c to instead use NETDEV_WATCH_*
events.  However, this broke the assumption that the device interface
was created before all others.  The effect is that the scan_wdev_add
might no longer be called prior to station interface being created.  Fix
this by moving scan_wdev_add/remove calls to netdev.c instead.

Fixes: 1057d8aa74 ("device: Move device creation from netdev.c to event watch")
2019-12-06 10:12:55 -06:00
Denis Kenzior
d2556a48b7 scan: Fix crash when scan is triggered outside iwd
#0  0x000055555558ee5d in scan_notify (msg=0x55555560b640, user_data=0x0) at src/scan.c:1706
 #1  0x00007ffff7f2c78c in ?? () from /usr/lib/libell.so.0
 #2  0x00007ffff7f299ec in ?? () from /usr/lib/libell.so.0
 #3  0x00007ffff7f28e4a in l_main_iterate () from /usr/lib/libell.so.0
 #4  0x00007ffff7f28efc in l_main_run () from /usr/lib/libell.so.0
 #5  0x00007ffff7f290b9 in l_main_run_with_signal () from /usr/lib/libell.so.0
 #6  0x00005555555639c4 in main (argc=1, argv=0x7fffffffec18) at src/main.c:497
2019-12-02 11:02:05 -06:00
Marcel Holtmann
9d8e74c1bc module: Declare functions as foo(void) instead of just foo() 2019-11-24 19:44:06 +01:00
Andrew Zaborowski
becba0dd09 scan: Add scan_bss_new_from_probe_req 2019-11-21 20:51:21 -06:00
Andrew Zaborowski
1d57ec0d46 scan: Parse P2P IEs according to frame type
Save the source frame type in struct scan_bss as it may affect how some
of the data in the struct will be parsed.  Also replace the P2P IE
payload data in that struct with a union containing pre-parsed p2p
attributes corresponding to the frame type.

This means users don't have to call the parsers in p2putil.c on that
data, which wouldn't have worked anyway because those parsers assume
input is the raw IE sequence rather than just the "payload".
2019-11-21 20:51:17 -06:00
Denis Kenzior
41ff1d2383 rrm: Remove unneeded casts 2019-11-21 20:34:06 -06:00
James Prestwood
32dfb6208d rrm: add packed struct for beacon reports
build_report_for_bss was refactored to use this packed structure rather
than l_put_* APIs.
2019-11-21 16:33:06 -06:00
Andrew Zaborowski
ce94133472 p2putil: Replace free with clear in function names
All these functions free up the resources used by the struct but don't
free the struct itself (allowing it to be static) so rename the
functions to avoid confusion.
2019-11-21 14:02:19 -06:00
James Prestwood
c86f5678b2 wsc: fix use of non-ascii apostrophe 2019-11-21 14:00:35 -06:00
James Prestwood
0381361c81 eapol: fix use of non-ascii apostrophe 2019-11-21 14:00:35 -06:00
James Prestwood
ccfe369766 rrm: include actual scan start time in report 2019-11-21 13:45:40 -06:00
James Prestwood
27af5b715e scan: parse the scan start time
The kernel sends NL80211_ATTR_SCAN_START_TIME_TSF with CMD_TRIGGER and
RRM requires this value for beacon measurement reports.

The start time is parsed during CMD_TRIGGER and set into the scan request.
A getter was added to obtain this time value for an already triggered
scan.

After making the change, the SCAN_ABORTED case was cleaned up a bit to
remove the local scan_request usage in favor of the one used for all the
other cases.
2019-11-21 13:45:40 -06:00
James Prestwood
002fdb5c10 rrm: fix non-ascii character in comment 2019-11-21 13:45:40 -06:00
Marcel Holtmann
ee864662fe module: Add missing empty line 2019-11-21 18:03:55 +01:00
Andrew Zaborowski
59b963a121 netdev: Power P2P interfaces up like other interfaces
After all we will want to power these iftypes up on init just like
station, etc.
2019-11-20 20:29:34 -06:00
Andrew Zaborowski
81be5fbae5 rtnlutil: Move rtnl_set_powered from netdev to rtnlutil
This function fits with the other utilities in rtnlutil and netdev.c
can slim down.
2019-11-20 20:28:48 -06:00
Andrew Zaborowski
3ffb645f22 device: Make functions static, drop device.h 2019-11-20 20:26:55 -06:00
Andrew Zaborowski
1057d8aa74 device: Move device creation from netdev.c to event watch
Create and destroy the device state struct and the DBus interfaces in a
way more similar to the Station, AdHoc and AP interfaces.  Drop
netdev_get_device() and the device specific code in netdev that as far
as I can tell wasn't needed.
2019-11-20 20:24:48 -06:00
Andrew Zaborowski
bc1b9ce10c anqp: Only register for frames on station interfaces
Check the iftype before registering ANQP on new interface.

Not that the check here and in rrm.c (which already checks the iftype)
may need to be extended to run on NETDEV_WATCH_EVENT_UP because a device
could be created with a different iftype and then have the iftype changed
before powering up.
2019-11-20 20:24:43 -06:00
Denis Kenzior
aa754cbb4a rrm: include actual parent TSF value
If the scan results included a parent TSF value use it.
2019-11-20 20:11:47 -06:00
James Prestwood
e92424611a scan: fix parent TSF parsing
The value coming from the kernel is in the same endianness as IWD, so
just parse it as a u64 rather than le64.
2019-11-20 20:04:30 -06:00
James Prestwood
c1c2ca5e7f rrm: remove use of floating point math
The RCPI value was using floating point values as per the spec. But instead
we can just use the signal strength coming from the kernel in mili mdm and
scale the hard coded values by a factor of 100.
2019-11-18 12:52:33 -06:00
James Prestwood
be4ab2826f scan: parse parent TSF value in scan results
RRM can include this in measurement reports if present in scans
2019-11-15 14:28:26 -06:00
James Prestwood
1b35eda3dd rrm: support scan duration and mandatory flags
Beacon requests can specify a scan duration, and set a flag which makes
this duration mandatory. The kernel supports both these values for scan
requests so we no longer need to reject requests which contain these.

Drivers which do not support EXT_FEATURE_SET_SCAN_DWELL will ignore the
duration value, but if duration mandatory is set we must reject the
request.
2019-11-15 14:12:24 -06:00
James Prestwood
dca90abdc5 scan: add duration scan_parameters
The kernel allows a scan duration and duration mandatory flag to be
set in scan requests. RRM requests can contain these values so they
have been added to scan_parameters.

Scanning with drivers which do not support EXT_FEATURE_SET_SCAN_DWELL
will not include these values in scan requests.
2019-11-15 14:11:16 -06:00
James Prestwood
4cee10ec50 scan: add scan_passive_full variant
Just like active scans, add an API for passive scans which take in
the full scan_parameters structure.
2019-11-15 14:11:16 -06:00
James Prestwood
5528403d77 rrm: fix invalid IE tag when rejecting request
The rejection report actually contained a request IE, not a report IE
2019-11-15 11:03:39 -06:00
James Prestwood
90fb7eff7d station: fail if trying to scan while connecting
If a scan is requested during the middle of a connection we should
return busy instead of attempting the scan. The kernel ends up coming
back with not supported in this case, which is misleading and
difficult to debug.
2019-11-14 15:23:03 -06:00
James Prestwood
81ac94fd01 hotspot: fix double free between hostpot and knownnetworks
The module framework was changed to call the module exit functions in
the reverse order as the init functions. This uncovered/caused known
networks to try and free the network_info structures after hotspot had
already freed them. Since known networks clean up the network_info's
anyways, we don't actually need hotspot to do any cleanup.
2019-11-13 16:37:17 -06:00
Andrew Zaborowski
95d4eea68f modules: Unload modules in reverse order from loading
Make sure a module A that is needed by B is not unloaded before B.
2019-11-11 18:29:45 -06:00
Andrew Zaborowski
083143ed05 module: Fix variable names
Apparently the intention was for the dependent module's name to appear
in the variable name resulting from using IWD_MODULE_DEPENDS, so the
dependencies all have unique names (apparently not critical).
2019-11-11 18:29:45 -06:00
Tim Kourt
96a97dc959 peap: Adjust V0 not to close tunnel on Success of Phase2
Despite that PEAPv0 spec indicates that TLS tunnel needs to be torn
down after the transmission of a secure Result response, some servers
treat this TLS close alert as a failure. This patch changes the above
behavior to explicitly torn the tunnel only in the case of
authentication failure and leave it open after the success.
2019-11-11 18:29:12 -06:00
Denis Kenzior
bc17925f3a manpage: Fix section naming
The previous refactoring somehow changed the 'Settings' section name
into 'General'

Fixes: ac53239109 ("doc: Split network configuration description into separate manpage")
2019-11-08 21:24:54 -06:00
Tim Kourt
aea6c1ccb6 scan: Separate IE attr creation into logical block
This also introduces the max IE length check and exludes the addition
of IEs for the drivers that don't support it.
2019-11-08 21:05:51 -06:00
Tim Kourt
0490c25fde scan: Fix bit checking for interworking
The checker function will later be changed to match the bit setter.
2019-11-08 21:05:39 -06:00
Tim Kourt
48570141ba scan: Improve comment 2019-11-08 20:43:16 -06:00
Tim Kourt
175bf574c6 manpage: Add route prioritization setting 2019-11-08 17:05:18 -06:00
Marcel Holtmann
ab5742bb32 module: Move declarations into separate header file 2019-11-07 23:40:13 +01:00
James Prestwood
1f01819c70 rrm: add radio resource management module
This module takes care of radio measurements which an AP can request.
There are many types of requests, and for now only beacon requests
are supported.

IWD will filter certain types of beacon requests that are NOT
supported:

 - AP channel reports. Only single channel requests will be supported
 - Autonomous measurements. Only direct requests will be supported.
   IWD will not accept requets to trigger reports under certain
   conditions (SNR/RSSI thresholds, etc.)
 - Timed measurements. Only immediate measurements will be performed.
   The accuracy for timed measurements cannot be reliably guaranteed
   due to kernel scheduling/queues.
 - Full reporting detail. The AP can request the STA return the full
   set of IEs in a beacon. IWD does not currently save all IEs, plus
   there is quite a bit of complexity involved as certain IEs get
   truncated, and there are other length limitations.

There are other limitations not specific to beacon requests:

 - IWD will support single measurement requests per report. Multiple
   measurement request IEs can be included, but the reports will be
   sent out separately.

 - IWD will limit the number of requests it responds to in a given
   amount of time. As it stands now this is hard coded to 2 requests
   per second maximum. This will prevent DoS attacks.

 - IWD will not accept any measurement requests from APs it is not
   connected to, and will not accept any requests until connected.
2019-11-07 12:26:19 -06:00
James Prestwood
63e8f146b7 wiphy: add beacon bits to RM Enabled Capabilities
This tells AP's that we support Passive, Active, and Table beacon
measurements.
2019-11-07 12:26:19 -06:00
Marcel Holtmann
754ce0d112 anqputil: Use complete path internal includes 2019-11-07 18:29:11 +01:00
Tim Kourt
259a666a76 wsc: Check capability before adding interface 2019-11-06 17:46:00 -06:00
Tim Kourt
df43470c32 wiphy: Add parser and getter for max ie len attr 2019-11-06 17:04:00 -06:00
Marcel Holtmann
c6f9e89748 doc: Add manual page for debugging information 2019-11-05 22:14:09 +01:00
Marcel Holtmann
1365fc6820 doc: Fix manual page title names 2019-11-05 22:12:22 +01:00
James Prestwood
2962a80e14 station: add APIs to get connected BSS and BSS list
For Radio Resource Management (RRM) we will need access to the currently
connected BSS as well as the last scan results in order to do certain
kinds of requested measurements.
2019-11-04 14:43:38 -06:00
Tim Kourt
597920d06c knownnetworks: Check result of setting getter
Set the value of 'is_hidden' if necessary.
2019-10-30 14:39:21 -05:00
Andrew Zaborowski
77e9df23c1 netdev: Drop unused netdev_connect_wsc 2019-10-30 14:36:23 -05:00
Andrew Zaborowski
6d3ae88a21 wsc: Replace netdev_connect_wsc with netdev_connect usage
netdev_connect can achieve the same effect as netdev_connect_wsc but is
more flexible as it allows us to supply additional association IEs.  We
will need this capability to make P2P connections.  This way we're also
moving the WSC-specific bits to wsc.c from the crowded netdev.c.
2019-10-30 14:35:10 -05:00
Andrew Zaborowski
0651c2c430 eapol: Drop unused eapol_sm_set_event_func 2019-10-30 14:34:20 -05:00
Andrew Zaborowski
dcf419ee7f eapol: Move the EAP events to handshake event handler
On EAP events, call the handshake_event handler with the new event type
HANDSHAKE_EVENT_EAP_NOTIFY isntead of the eapol_event callback.

This allows the handler to be set before calling
netdev_connect/netdev_connect_wsc.  It's also in theory more type-safe
because we don't need the cast in netdev_connect_wsc anymore.
2019-10-30 14:26:09 -05:00
Andrew Zaborowski
0cccbea904 handshake: Convert handshake event callbacks variadic functions
Convert the handshake event callback type to use variable argument
list to allow for more flexibility in event-specific arguments
passed to the callbacks.

Note the uint16_t reason code is promoted to an int when using variable
arguments so va_arg(args, int) has to be used.
2019-10-30 14:24:05 -05:00
Andrew Zaborowski
2c536ba4fa scan: Hide CCK rates if no_cck_rates set
no_cck_rates is set in the scan parameters generally to make sure
that the Probe Request frames are not sent at any of the 802.11b
rates during active scans.  With this patch we also omit those rates
from the Supported Rates IEs, which is required by the p2p spec and
also matches our flag's name.
2019-10-30 11:13:42 -05:00
Andrew Zaborowski
07cef99e5c wiphy: Add wiphy_get_supported_rates
Add code to parse the supported data rates info from the wiphy dumps and
expose it for P2P's use with a getter function.
2019-10-30 10:58:36 -05:00
Denis Kenzior
7d24edf467 manpage: Add some examples of network configurations 2019-10-28 21:50:23 -05:00
Denis Kenzior
785fd8c6eb manpage: Add James to author info 2019-10-28 21:10:37 -05:00
Denis Kenzior
480d678a85 main: Update to the new ell API 2019-10-28 15:48:36 -05:00
Denis Kenzior
ccc114fa5f dbus: Use the new /net/connman/iwd root path 2019-10-28 11:32:57 -05:00
James Prestwood
d164923e7c manpages: replace shorthand words
Replaces cases of 'certs' with 'certificates', and 8021x with IEEE 802.1x
2019-10-28 10:45:30 -05:00
Marcel Holtmann
5a473a755c doc: Minor formatting changes for the configuration documentation 2019-10-26 02:07:03 +02:00
Denis Kenzior
3b937424db nl80211util: Ensure all entries are parsed
The current logic did not make sure that each entry provided was
actually parsed.  Also add a sanity check to make sure that no duplicate
parsing occurs.
2019-10-25 13:46:58 -05:00
Andrew Zaborowski
d577036879 p2putils: Fix length in Channel List parsing 2019-10-25 13:34:37 -05:00
Andrew Zaborowski
6ee83fdca9 p2putil: Replace constants with wifi_alliance_oui 2019-10-25 13:34:05 -05:00
James Prestwood
0d7fbfe523 network: add L_WARN for known network lookup failure
When updating the network ranking there was a potential out of bounds
array access. The condition was if known_network_offset returned a
negative value, indicating the known network was not found. Since
network->info is only set for known networks this should not ever
happen as network->info is checked prior.

Though this is likely impossible, knownnetworks is complex enough that
its better to just be paranoid and put an L_WARN_ON to check the
return.
2019-10-25 13:19:31 -05:00
Denis Kenzior
cf6499387f manpage: Update networking related settings 2019-10-25 13:18:42 -05:00
Denis Kenzior
16f51f5b5e treewide: Use CamelCase for netconfig settings 2019-10-25 13:18:42 -05:00
James Prestwood
8c3c81716f manpage: add section on embedding PEMs in settings 2019-10-25 11:22:36 -05:00
Denis Kenzior
624533e9c4 manpage: Document additional [General] settings 2019-10-25 11:21:29 -05:00
Denis Kenzior
7db8cf92fe manager: Switch to CamelCase for mac_randomize 2019-10-25 11:21:04 -05:00
Denis Kenzior
8d0860ef86 wiphy: Switch to CamelCase for mac_randomize_bytes 2019-10-25 11:16:28 -05:00
Denis Kenzior
b3c08da45b manager: Use CamelCase for use_default_interface 2019-10-25 09:20:42 -05:00
Denis Kenzior
d12ee292aa treewide: Use CamelCase for disable_anqp setting 2019-10-24 23:18:23 -05:00
Denis Kenzior
27afe6c49f netdev: Use CamelCase for pae over nl80211 setting 2019-10-24 21:36:53 -05:00
Denis Kenzior
43d386bbe4 netdev: Use CamelCase for roam threshold setting 2019-10-24 21:36:53 -05:00
Denis Kenzior
1fbf64b667 station: use CamelCase for MFP setting 2019-10-24 21:36:50 -05:00
Marcel Holtmann
7abd998d00 build: Move 50-iwd.link up to 80-iwd.link for less confusion 2019-10-25 01:08:56 +02:00
Marcel Holtmann
152b56a12a treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
Marcel Holtmann
2a1cf2593b doc: Add missing author names to iwd config manual page 2019-10-25 00:22:20 +02:00
Marcel Holtmann
eb4ea958c7 build: Rename iwd.conf.5 into iwd.config.5 2019-10-25 00:21:05 +02:00
Marcel Holtmann
cd0d57077e build: Add systemd network link file to disable persistent naming 2019-10-25 00:15:05 +02:00
Denis Kenzior
d4d35c7872 eapol: Use CamelCase for [EAPoL] settings 2019-10-24 15:58:08 -05:00
Denis Kenzior
3540cc5cc0 manpage: Document [Scan] settings 2019-10-24 15:58:08 -05:00
Denis Kenzior
e540978633 treewide: Use CamelCase for [Scan] settings 2019-10-24 15:58:08 -05:00
Denis Kenzior
3a0c70210d manpage: Document [Rank] settings 2019-10-24 15:58:08 -05:00
Denis Kenzior
b205d9bdf1 scan: Use CamelCase for [Rank] settings 2019-10-24 15:58:05 -05:00
Denis Kenzior
19a85a85e7 treewide: Rename EAP mtu key to MTU 2019-10-24 13:51:20 -05:00
Denis Kenzior
f6994f502b manpage: Document Blacklist settings 2019-10-24 13:39:40 -05:00
Denis Kenzior
d66139fe34 treewide: Switch to CamelCase for Blacklist settings 2019-10-24 13:38:11 -05:00
Denis Kenzior
8a1ce9e3e3 manpage: Use AutoConnect instead of Autoconnect 2019-10-24 13:04:53 -05:00
Denis Kenzior
356fadad5a hotspot: Use AutoConnect instead of Autoconnect 2019-10-24 13:04:53 -05:00
Denis Kenzior
2dec3ff1b6 knownnetworks: Use AutoConnect setting
Since the property Autoconnect was renamed to AutoConnect, change the
Autoconnect setting to match.

For now we still allow the legacy name to be used here, but a warning is
printed to remind users to update.
2019-10-24 13:04:53 -05:00
Denis Kenzior
c49893c827 knownnetworks: Use AutoConnect as property name 2019-10-24 12:49:59 -05:00
Denis Kenzior
2d2bc70b64 device: Remove support for WDS property 2019-10-24 11:41:19 -05:00
Denis Kenzior
206bfbdf3a dbus: update to use InvalidArguments error 2019-10-24 10:54:21 -05:00
Denis Kenzior
a06583ffc4 dbus: Update to the new wsc api naming 2019-10-24 10:49:13 -05:00
Tim Kourt
b096c27377 hotspot: eliminate double assignment of variable 2019-10-23 17:57:35 -05:00
Tim Kourt
d8f98a5f20 hotspot: Fix mem leak on failed hotspot config 2019-10-23 17:56:18 -05:00
Denis Kenzior
45bd459711 eap-tls-common: Relax certificate chain check
Relax the pre-check for local user certificate.  Before we used to check
that the CA provided (if any) was used to verify both the peer identity
and the local certificate chain.  However, there seem to be networks
that use different CAs to sign AP/Radius certificates and certificates
issued to users.

Drop the ca_certs argument from l_certchain_verify, but keep the call
there to make sure the certificate chain is indeed a chain as a sanity
check.
2019-10-23 09:51:29 -05:00
Andrew Zaborowski
1d29221ef0 netdev: Extend checks for P2P scenarios
Extend the iftype-based checks to handle the P2P iftypes and remove a
warning that may be triggered in normal situations in the P2P scenarios.
2019-10-21 22:35:31 -05:00
Andrew Zaborowski
cd47834d6c wiphy: Add wiphy_get_max_roc_duration
Add a function to retrieve the maximum Remain On Channel listen duration
supported by the wiphy's driver.
2019-10-21 22:07:17 -05:00
James Prestwood
a1189d64b1 sae: remove unneeded NULL pointer check
The frame was already validated, and mmpdu_body will never return
a NULL pointer.
2019-10-21 17:14:49 -05:00
James Prestwood
27d698a0c0 sae: fix incorrect length adjustment
The commit/confirm processing was incorrectly subtracting 2 from
the length when they should be subtracting 6. As with the other
similar change, the length is validated with mpdu_validate so
subtracting 6 will not cause an overflow.
2019-10-21 17:12:01 -05:00
James Prestwood
47efe17461 sae: fix inproper return value in sae_verify_accepted
This function was returning a boolean and the expected return was
a signed integer. Since this function actually returned false in
all cases the check for a success (0) return always worked.

The comment about the 'standard code path' was removed as this is
no longer valid.
2019-10-21 16:50:42 -05:00
James Prestwood
3f2b558f57 sae: fix potential integer overflow
If an authentication frame of length <= 5 is sent sae will overflow an
integer. The original cause of this was due to incorrectly using the
sizeof(struct mmpdu_header). The header can be either 24 or 28 bytes
depending on fc.order. sizeof does not account for this so 28 is always
the calculated length.

This, in addition to hostapd not including a group number when rejecting,
cause this erroneous length calculation to be worked around as seen in
the removed comment. The comment is still valid (and described again
in another location) but the actual check for len == 4 is not correct.

To fix this we now rely on mpdu_validate to check that the authentication
frame is valid, and then subtract the actual header length using
mmpdu_header_len rather than sizeof. Doing this lets us also remove the
length check since it was validated previously.
2019-10-21 16:50:42 -05:00
James Prestwood
9ec87acccf mpdu: expose mmpdu_header_len 2019-10-21 16:50:42 -05:00
Marcel Holtmann
ac53239109 doc: Split network configuration description into separate manpage 2019-10-20 19:33:53 +02:00
Marcel Holtmann
6238f9bbd7 doc: Start describing settings in main.conf 2019-10-20 10:25:51 +02:00
Marcel Holtmann
5e77e34c46 doc: Mention all available environment settings 2019-10-19 23:13:34 +02:00
Marcel Holtmann
806d36a35e doc: Minor updates to formatting and mention STATE_DIRECTORY 2019-10-19 23:00:16 +02:00
James Prestwood
0d9c9274d9 eapol: do not parse RSN for WPA1 in 1 of 4
A recent change checked the return value of ie_parse_rsne_from_data
inside the ptk 1/4 handler. This seemed safe, but actually caused
the eapol unit test to fail.

The reason was because eapol was parsing the IEs assuming they were
an RSN, when they could be a WPA IE (WPA1 not WPA2). The WPA case
does not end up using the rsn_info at all, so having rsn_info
uninitialized did not pose a problem. After adding the return value
check it was found this fails every time for WPA1.

Since the rsn_info is not needed for WPA1 we can only do the RSN
parse for WPA2 and leave rsn_info uninitialized.
2019-10-17 18:48:18 -05:00
Denis Kenzior
99923c90da util: Be more paranoid when parsing addresses
Add a check to make sure that sscanf reads all 6 bytes of the address as
well.
2019-10-17 18:22:25 -05:00
Denis Kenzior
f878ec275d scan: Fix logic error in frequency validation
The intent here was to validate that the frequency is a multiple of 5
and lies in a certain range.  Somehow the channel was checked for being
a multiple of 5 instead.
2019-10-17 18:00:33 -05:00
Denis Kenzior
9ec50c910b rtnlutil: Remove pointless conditional
gateway is checked to be !null above, so the conditional can be dropped.
2019-10-17 17:53:30 -05:00
Denis Kenzior
a533734471 p2putil: Fix logic in required attribute check
The logic here intended to check whether all required attributes were
available.  However, it set the parse_error to true instead of
have_required to false as intended.
2019-10-17 17:39:53 -05:00
Denis Kenzior
5dbccee798 network: Be extra pedantic in network_get_psk
Check that the passphrase to PSK conversion actually succeeds.
2019-10-17 17:33:56 -05:00
Denis Kenzior
a043f26134 netdev: Skip IE processing of no request IEs sent 2019-10-17 17:30:11 -05:00
Denis Kenzior
aa75b3e06e ap: Remove unneeded NULL check
sta is already dereferenced above, no need for the extra check here
2019-10-17 17:22:02 -05:00
Denis Kenzior
aba73171f6 wsc: Fix potential memory leak
If the netdev_connect_wsc call fails, handshake_state object isn't
freed.
2019-10-17 12:37:04 -05:00
Denis Kenzior
9a588944aa backtrace: Don't ignore strchr errors 2019-10-17 12:10:36 -05:00
Denis Kenzior
ef0f9ad193 backtrace: Fix a potential buffer overrun 2019-10-17 12:08:21 -05:00
James Prestwood
34560120f9 util: add bounds check to util_get_{domain,username}
Replace uses of strcpy by the safer l_strlcpy.  Note that both of these
functions can only be called with a buffer of max 253 bytes (the
identity string), so this is purely a precautionary measure.
2019-10-17 11:21:47 -05:00
James Prestwood
65f279dc1e util: Use memcpy instead of strncpy
The sub-string copied here will never have NULL terminators, so use
memcpy here to make this clearer.
2019-10-17 11:20:51 -05:00
James Prestwood
6b8f566498 ie: reorder ie_parse_osen to fix uninitialized value
RSNE_ADVANCE could result in a jump to the done label where info would
be copied without being initialized.
2019-10-16 21:25:41 -05:00
James Prestwood
de3a267d03 eapol: check return of ie_parse_rsne_from_data 2019-10-16 21:24:25 -05:00
James Prestwood
91c449d74a eapol: reorder eapol_sm_free
Technically there's no problem here as l_queue_remove does not
dereference the pointer.  Still, it confuses certain static analysis
tools in the current form. Reordering this will not change the behavior
at all.
2019-10-16 21:16:28 -05:00
James Prestwood
0ade612b3e hotspot: check if HESSID parses correctly 2019-10-16 18:40:30 -05:00
James Prestwood
87a1c55145 hotspot: fix multiple potential memory leaks 2019-10-16 18:32:46 -05:00
Denis Kenzior
b3799a9f8d owe: Fix potential memory leak 2019-10-16 18:14:17 -05:00
James Prestwood
96aa658375 sae: check return getting k_point 2019-10-16 18:09:29 -05:00
James Prestwood
ba7f7febd1 owe: fix potential uninitialized variable 2019-10-16 18:08:47 -05:00
James Prestwood
8bbfa4db49 owe: fix potential double free on error 2019-10-16 18:08:08 -05:00
James Prestwood
ab92901252 owe: check for error return getting shared_secret 2019-10-16 18:05:43 -05:00
James Prestwood
7b1e1497b7 ie: fix uninitialized rx/tx_nss values 2019-10-16 18:02:49 -05:00
James Prestwood
a8e935ee77 crypto: fix potential memory leak 2019-10-16 17:58:50 -05:00
James Prestwood
8364807938 eap-pwd: fix potential memory leak 2019-10-16 17:58:14 -05:00
James Prestwood
e31074b246 erp: check return of hkdf_expand 2019-10-16 17:57:05 -05:00
James Prestwood
81ec93fdcc anqp: fix potential NULL pointer dereference 2019-10-16 17:57:05 -05:00
Denis Kenzior
269377c92f scan: Simplify parsing using nl80211_parse_attrs 2019-10-16 16:33:40 -05:00
Tim Kourt
34cd8d5f3e eap-ttls: Fix memory leak
A very unlikely condition could result in struct phase2_method being
leaked.
2019-10-16 15:48:32 -05:00
Denis Kenzior
6917f75c6a doc: Add network configuration section to iwd.rst
Content is mostly pulled from the wiki and re-arranged slightly.
2019-10-16 15:45:58 -05:00
Florian Klink
af877978a1 doc: fix typo systemd->system
Even though this is equal on most distros, we're not quite there yet.
2019-10-14 16:38:49 -05:00
James Prestwood
fe179f96fd eap: utilize IWD_MODULE
Converts eap into an IWD module.
2019-10-11 15:45:26 -05:00
James Prestwood
8f600ee1b5 eap: remove mtu argument from eap_init
This was refactored to set the mtu via __eap_set_config rather than
passing the MTU into eap_init. This makes eap work in a similar fashion
as eapol (i.e. __eapol_set_config).

If __eap_set_config is not used, the MTU will be set to 1020, which is
the same as previously passing 0 to eap_init.
2019-10-11 15:44:38 -05:00
James Prestwood
d53dcf2334 wiphy: utilize IWD_MODULE
This converts wiphy into an IWD module. nl80211 was completely removed
from main.c as it is no longer passed with manager or wiphy.
2019-10-11 15:42:13 -05:00
James Prestwood
97bac236c8 wiphy: remove white/blacklist from wiphy_init
wiphy will now use getters for the phy white/black list.
2019-10-11 15:41:54 -05:00
Denis Kenzior
cc2d4f97e2 manager: Make sure pending_wiphys remains NULL on error 2019-10-11 15:41:16 -05:00
James Prestwood
2d8d47c9dd manager: utilize IWD_MODULE
Converts manager into an IWD module.
2019-10-11 15:38:25 -05:00
James Prestwood
87c42bccf1 manager: remove white/black list from argument
Instead we add getters for these lists that manager_init can use.
2019-10-11 15:37:58 -05:00
James Prestwood
2ab8d4bbed anqp: utilize IWD_MODULE
This converts anqp into an IWD module.
2019-10-11 15:37:33 -05:00
James Prestwood
369c5fbd0b eapol: utilize IWD_MODULE
This converts eapol to using IWD modules. The init/exit APIs did need
to remain exposed for unit tests.

Netdev was updated to depend on eapol.
2019-10-11 15:36:45 -05:00
Denis Kenzior
cb57d44cb4 netdev: Fix resource leaks in netdev_init 2019-10-11 15:34:54 -05:00
James Prestwood
d42c4a57b8 netdev: utilize IWD_MODULE
Since iwd_modules_init is now defered until nl80211_appeared, we can
assume the nl80211 object is available. This removes the need for
netdev_set_nl80211 completely.
2019-10-11 15:30:28 -05:00
James Prestwood
df8fc5f918 main: move module init into nl80211_appeared
In preparation for integrating IWD_MODULE into modules which require
nl80211 we move the module init into the nl80211_appeared callback.
This will guarentee that the nl80211 is available during module init
and allow modules to get their own copy of nl80211 rather than needing
a set function (e.g. netdev_set_nl80211).

Since the dbus name request callback happens before this as well any
dbus module can also use IWD_MODULE and simply assume the dbus object
is ready.

plugin_init was also deferred to nl80211_appeared since some plugins
depend on modules being initialized.
2019-10-11 15:21:32 -05:00
James Prestwood
046fe96537 agent: utilize IWD_MODULE
Converts agent into an IWD module. This removes the dbus dependency
on agent. Since dbus is initialized very early we can assume
dbus_get_bus is going to return a valid object.
2019-10-11 13:52:22 -05:00
Tim Kourt
3aa336cb2a resolve: Add IPv6 handler for systemd msg appender 2019-10-10 11:54:58 -05:00
Tim Kourt
8168b22233 netconfig: Don't clear IPv6 addresses on shutdown
Unlike IPv4, the IPv6 address are removed by the kernel.
2019-10-09 17:53:26 -05:00
Tim Kourt
2d02816efd station: Subscribe to netconfig event notifier 2019-10-09 17:52:36 -05:00
Tim Kourt
c4a17ed711 netconfig: Add netconfig event notifier
The notifier allows to subscribe for the netconfig events such as
‘connected’.
2019-10-09 17:51:57 -05:00
Tim Kourt
624933fab0 station: Move 'connected' logic out of enter state func
Previously, station state 'connected' used to identify an interface associated
with AP. With the introduction of netconfig, an interface is assumed to be
connected after the IP addresses have been assigned to it. If netconfig is
disabled, the behavior remains unchanged.
2019-10-09 17:05:42 -05:00
Tim Kourt
beca75830c netconfig: Split route add/del callbacks 2019-10-09 14:18:07 -05:00
Tim Kourt
48be2c0252 station: Simplify and comply with coding style 2019-10-09 14:18:02 -05:00
James Prestwood
bea1d22a5c eap-tls-common: allow embedded PEMs in settings
Refactoring was required to allow for embedded certs. The existing
eap_tls_state object was changed to hold the cert types (l_queue,
l_certchain, l_key) rather than the file path, since there may not
actually be separate PEM files.

Care was taken to properly manage the memory of these objects.
Since the TLS object takes ownership when setting auth data or the
CA certs all error cases must be handled properly to free these
objects after they are loaded and in addition they must be set to
NULL so that the cleanup doesn't double free them.

If everything goes to plan, we load all the PEMs in settings_load,
provide these objects to the TLS APIs, and then NULL out the
pointers (TLS now owns this memory). If anything fails between
settings_load and l_tls_start we must free these objects.

A special format must be used to indicate that a PEM is embedded
inside the settings file. First, the l_settings format should be
followed for the PEM itself, e.g.

[@pem@my_ca_cert]
<CA Cert data>

This PEM can then be referenced by "embed:my_ca_cert", e.g.

EAP-TLS-CACert=embed:my_ca_cert

Any other value not starting with "embed:" will be treated as a file
path.
2019-10-07 11:39:30 -05:00
Tim Kourt
e0651cf25b netconfig: Allow to override IPv6 DHCP DNSs with static addresses 2019-10-04 12:17:20 -05:00
Tim Kourt
0fdd27463e netconfig: Allow to override IPv4 DHCP DNSs with static addresses 2019-10-04 12:17:20 -05:00
Denis Kenzior
46a88744c1 netconfig: Remove unused member 2019-10-04 12:17:20 -05:00
Marcel Holtmann
6476d68aed build: Add manual page for iwd configuration file 2019-10-03 22:36:39 +02:00
Marcel Holtmann
f9f12533fc doc: Add more detailed description for iwd daemon 2019-10-03 22:35:47 +02:00
Will Dietz
44ae6a46da station: don't reset/(re)configure/destroy NULL netconfig's
Fixes crashes when `enable_network_config` is false (default).
2019-10-03 12:34:56 -05:00
Will Dietz
6672bc2a37 station: record dependency on netconfig module
The netconfig module must be initialized (netconfig_list, for example)
before station module can be used, record this to ensure that happens.
2019-10-03 12:30:43 -05:00
Will Dietz
f74e6ff2f2 crypto: fix copy size causing overruns/crashing
num_ad is already accounted for in `sizeof(iov)`
as iov has size `sizeof(struct iovec) * (num_ad+1)`.
2019-10-03 12:25:57 -05:00
Tim Kourt
3e634bfbcc netconfig: Optimize IPv4 address deletion
Decrease the queue traversals to a single pass
2019-10-03 10:56:07 -05:00
Tim Kourt
444491490e netconfig: Remove IPv6 default route
The IPv6 default route needs to be explicitly revoked. Unlike in IPv4,
there is no SRC address associated with the route and it will not be
removed on address removal.
2019-10-03 10:56:07 -05:00
Tim Kourt
eebd44cfc0 rtnlutil: Add IPv6 route deletion helper 2019-10-03 10:56:07 -05:00
Tim Kourt
cd21d4d3e7 netconfig: Fix return type for module init 2019-10-03 10:56:07 -05:00
Tim Kourt
c4ecf96942 netconfig: Install IPv6 DNS 2019-10-02 12:13:42 -05:00
Tim Kourt
95c3df3ccf netconfig: Install IPv6 default route 2019-10-02 12:10:00 -05:00
Tim Kourt
ce5e481239 netconfig: Add IPv6 static address installation/removal
The network configuration options for IPv6 are grouped under [IPv6]
and include the following:
	ip= ADDRESS/PREFIX
	gateway=ADDRESS
	dns=ADDRESS

The placeholders for DHCPv6 are placed along the way and marked
as TODO items.
2019-10-02 12:09:00 -05:00
Tim Kourt
0a293ef538 netconfig: Request all known IPv6 addresses 2019-10-02 11:58:56 -05:00
Tim Kourt
577e638be3 netconfig: Subscribe for IPv6 address changes
The IPv6 addresses changes are maintained in ifaddr_list.
2019-10-02 11:58:07 -05:00
Tim Kourt
50a112e425 netconfig: Remove roaming logic
Previously, netconfig_ipv4_select_and_install was used to install
addresses on initial connection to a network and after we have roamed.
Now for the after roaming connection scenario we have
netconfig_reconfigure. Remove roaming related code from
netconfig_ipv4_select_and_install
2019-10-02 10:53:39 -05:00
Tim Kourt
332eec9f9d netconfig: Don't re-install IPv4 address on re-configure 2019-10-02 10:53:08 -05:00
Denis Kenzior
72a417e8a3 eap-tls-common: update to new ELL TLS APIs 2019-10-02 10:36:06 -05:00
Tim Kourt
77770b9566 netconfig: Switch to internal active network settings
As part of the de-coupling from station object, switch all of
the network settings inquiries to use active_settings. active_settings
are set with netconfig_configure by the owner of netconfig object
and removed with netconfig_reset once network disconnects.
2019-09-30 15:05:12 -05:00