3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-29 13:12:50 +01:00
Commit Graph

1773 Commits

Author SHA1 Message Date
James Prestwood
9b204a8c7e ie: add IE_TYPE_OWE_DH_PARAM to IE list 2018-11-16 16:20:59 -06:00
Denis Kenzior
712a92cc4c network: Simplify is_rsn logic
In the current version SECURITY_PSK was handled inside the is_rsn block
while the SECURITY_8021X was off in its own block.  This was weird and a
bit misleading.  Simplify the code flow through the use of a goto and
decrease the nesting level.

Also optimize out unnecessary use of scan_bss_get_rsn_info
2018-11-15 11:37:20 -06:00
Denis Kenzior
5bfbdd5a01 network: Check Autoconnectable as the first condition 2018-11-15 11:31:39 -06:00
Denis Kenzior
c146490567 network: Introduce __bss_is_sae
This takes an rsn_info pointer directly so that some calls to
scan_bss_get_rsn_info can be optimized
2018-11-15 11:29:13 -06:00
Denis Kenzior
3d549e457d scan: make scan_bss_get_rsn_info const correct 2018-11-15 11:28:46 -06:00
James Prestwood
ad242a796a network: fix 8021x autoconnect
In network_autoconnect, when the network was SECURITY_8021X there was no
check (for SECURITY_PSK) before calling network_load_psk. Since the
provisioning file was for an 8021x network neither PreSharedKey or
Passphrase existed so this would always fail. This fixes the 8021x failure
in testConnectAutoconnect.
2018-11-15 11:20:06 -06:00
James Prestwood
07c870df55 station: only set 8021x config on 8021x networks
During the handshake setup, if security != SECURITY_PSK then 8021x settings
would get set in the handshake object. This didn't appear to break anything
(e.g. Open/WEP) but its better to explicitly check that we are setting up
an 8021x network.
2018-11-14 20:47:42 -06:00
Peter Seiderer
7d6e11ddd5 main: Fix __iwd_backtrace_init() availability detection
Check for HAVE_EXECINFO_H for all __iwd_backtrace_init usages.

Fixes:

  src/main.o: In function `main':
  main.c:(.text.startup+0x798): undefined reference to `__iwd_backtrace_init'
  collect2: error: ld returned 1 exit status
2018-11-10 19:09:14 +01:00
Denis Kenzior
6df62ab68e station: Update to the new GetHiddenAccessPoints API 2018-11-09 14:06:20 -06:00
Denis Kenzior
5f8c20f455 netdev: Enable ControlPortOverNL80211 by default 2018-11-09 11:52:09 -06:00
Denis Kenzior
8732a9f38a main: Add checks for asymmetric key support
Tell the user that Kernel 4.20 with asymmetric key support enabled is
required to support TLS based (EAP/PEAP/TTLS) WPA-Enterprise methods.
2018-11-09 11:50:29 -06:00
Tim Kourt
8c1992feb2 station: Introduce GetHiddenStations API call 2018-11-09 11:34:43 -06:00
Tim Kourt
f803b0439b station: Introduce an ordered list of hidden stations
A sorted list of hidden network BSSs observed in the recent scan
is kept for the informational purposes of the clients. In addition,
it has deprecated the usage of seen_hidden_networks variable.
2018-11-09 11:34:43 -06:00
Andrew Zaborowski
0b5dceab27 network: Don't require PSK if Passphrase present
Refactor the network->psk and network->passphrase loading and saving
logic to not require the PreSharedKey entry in the psk config file and
to generate network->psk lazily on request.  Still cache the computed
PSK in memory and in the .psk file to avoid recomputing it which uses
many syscalls.  While there update the ask_psk variable to
ask_passphrase because we're specifically asking for the passphrase.
2018-11-05 12:43:16 -06:00
Patrik Flykt
0b1e6cc3e5 scan: Log BSSID in messages
If there is an error with the BSSID information, log the BSSID
station address to catch the offending Access Point.
2018-11-05 12:29:41 -06:00
Patrik Flykt
7ec8fd6776 ie: Fix up broken Access Point with too many rates added
According to the specification, Supported rates IE is supposed
to have a maximum length of eight rate bytes. In the wild an
Access Point is found to add 12 bytes of data instead of placing
excess rate bytes in an Extended Rates IE.

BSS: len 480
    BSSID 44:39:C4:XX:XX:XX
    Probe Response: true
    TSF: 0 (0x0000000000000000)
    IEs: len 188
...
        Supported rates:
            1.0(B) 2.0(B) 5.5(B) 6.0(B) 9.0 11.0(B) 12.0(B) 18.0 Mbit/s
            24.0(B) 36.0 48.0 54.0 Mbit/s
            82 84 8b 8c 12 96 98 24 b0 48 60 6c              .......$.H`l
        DSSS parameter set: channel 3
            03
...

Any following IEs decode nicely, thus it seems that we can relax
Supported Rates IE length handling to support this thermostat.
2018-11-05 12:07:22 -06:00
Patrik Flykt
c68ae2f00b main: Log optimized implementations only when they exist
Log optimized implementations strings only when the hashmap contains
items in order to avoid an unnecessary line of text with no members
printed out.
2018-11-05 11:52:48 -06:00
Denis Kenzior
c4153941af netdev: Use l_genl_family_unicast_handler 2018-11-02 15:53:07 -05:00
James Prestwood
1d62f4ec0e eapol: remove unused public eapol functions from header
After moving AP EAPoL code into eapol.c there were a few functions that
no longer needed to be public API's. These were changed to static's and
the header definition was removed.
2018-11-02 14:05:44 -05:00
Marcel Holtmann
554e4f55db build: Fix includes for using with -std=c99 compiler option 2018-11-01 22:37:11 +01:00
Marcel Holtmann
72a64fa7fb build: Adjust to the latest ELL signal API changes 2018-11-01 22:09:19 +01:00
Andrew Zaborowski
e4222d0ebe eap-tls: Set upper limit on request size
Set an upper limit on a fragmented EAP-TLS request size similar to how
we do it in EAP-TTLS.  While there make the code more similar to the
EAP-TTLS flag processing to keep them closer in sync.  Note that the
spec suggests a 64KB limit but it's not clear if that is for the TLS
record or EAP request although it takes into account the whole TLS
negotiation so it might be good for both.
2018-11-01 15:04:56 -05:00
Andrew Zaborowski
0b71b034c1 eap-tls/ttls/peap: Conditionally enable TLS debugging
Print the TLS debug messages if IWD_TLS_DEBUG is set.
2018-11-01 15:04:56 -05:00
Marcel Holtmann
a011909556 main: Use l_main_run_with_signal instead of open coding it 2018-11-01 19:56:16 +01:00
Marcel Holtmann
38e831afa0 main: Make genl and nl80211 global variables static 2018-11-01 19:55:54 +01:00
Marcel Holtmann
013bae6d3d eapol: Make eapol_frame_watch_{add,remove} functions static 2018-11-01 10:27:22 +01:00
Marcel Holtmann
9335602ba0 network: Removed unneeded include for src/watchlist.h 2018-11-01 10:19:26 +01:00
Marcel Holtmann
e1c391a76b wsc: Removed unneeded include for src/watchlist.h 2018-11-01 10:17:54 +01:00
Denis Kenzior
7699c8ab1e eap-ttls: Handle redundant L flags
Some of the TTLS server implementations set the L flag in the fragment
packets other than the first one. To stay interoperable with such devices,
iwd is relaxing the L bit check.
2018-10-30 15:47:57 -05:00
Denis Kenzior
5cc60d18cc eap-md5: Add warning about deprecated settings key 2018-10-29 18:49:19 -05:00
Tim Kourt
99c685940a eap-md5: Standardize setting keys
Switch EAP-MD5 to use the common password setting key nomenclature.
The key name has been changed from PREFIX-MD5-Secret to PREFIX-Password.
Note: The old key name is supported.
In addition, this patch adds an ability to request Identity and/or
Password from user.
2018-10-29 18:46:07 -05:00
James Prestwood
b9029aaf65 adhoc: wait for both handshakes before adding peer
Adhoc was not waiting for BOTH handshakes to complete before adding the
new peer to the ConnectedPeers property. Actually waiting for the gtk/igtk
(in a previous commit) helps with this, but adhoc also needed to keep track
of which handshakes had completed, and only add the peer once BOTH were done.
This required a small change in netdev, where we memcmp the addresses from
both handshakes and only set the PTK on one.
2018-10-26 15:29:48 -05:00
James Prestwood
e678d6655f netdev: signal handshake complete after setting all keys
Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing
the SET_STATION (after setting the pairwise key). Depending on the timing
this may happen before the GTK/IGTK are set which will result in group
traffic not working initially (the GTK/IGTK would still get set, but group
traffic would not work immediately after DBus said you were connected, this
mainly poses a problem with autotests).

In order to fix this, several flags were added in netdev_handshake_state:
ptk_installed, gtk_installed, igtk_installed, and completed. Each of these
flags are set true when their respective keys are set, and in each key
callback we try to trigger the handshake complete event (assuming all the
flags are true). Initially the gtk/igtk flags are set to true, for reasons
explained below.

In the WPA2 case, all the key setter functions are called sequentially from
eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is
because the gtk/igtk are optional and only set if group traffic is allowed.
If the gtk/igtk are not used, we set the PTK and can immediately trigger the
handshake complete event (since gtk_installed/igtk_installed are initialized
as true). When the gtk/igtk are being set, we immediately set their flags to
false and wait for their callbacks in addition to the PTK callback. Doing it
this way handles both group traffic and non group traffic paths.

WPA1 throws a wrench into this since the group keys are obtained in a
separate handshake. For this case a new flag was added to the handshake_state,
'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way,
but still wait for the gtk/igtk setters to get called before triggering the
handshake complete event. As a precaution, netdev sets a timeout that will
trigger if the gtk/igtk setters are never called. In this case we can still
complete the connection, but print a warning that group traffic will not be
allowed.
2018-10-26 15:26:49 -05:00
Marcel Holtmann
9b2bb2723f crypto: Use full include path local includes 2018-10-26 21:35:27 +02:00
Marcel Holtmann
77710f9765 simauth: Use full include path local includes 2018-10-26 21:34:58 +02:00
Marcel Holtmann
515c130549 storage: Use full include path local includes 2018-10-26 21:34:00 +02:00
Marcel Holtmann
0b93fde3b4 wscutil: Use full include path local includes 2018-10-26 21:33:38 +02:00
Marcel Holtmann
162e6a19f6 watchlist: Use full include path local includes 2018-10-26 21:33:01 +02:00
Marcel Holtmann
1eaca1f8e1 mscaputil: Use full include path local includes 2018-10-26 21:32:20 +02:00
Marcel Holtmann
3fa63ede50 eapol: Use full include path local includes 2018-10-26 21:31:52 +02:00
Marcel Holtmann
c2d0517228 knownnetworks: Use full include path local includes 2018-10-26 21:30:44 +02:00
Marcel Holtmann
e92b976663 ecc: Use full include path local includes 2018-10-26 21:29:45 +02:00
Marcel Holtmann
42cfaeb265 sae: Use full include path local includes 2018-10-26 21:29:08 +02:00
Marcel Holtmann
785be02ee5 mpdu: Use full include path local includes 2018-10-26 21:28:10 +02:00
Marcel Holtmann
52f7f1dea2 handshake: Use full include path local includes 2018-10-26 21:27:01 +02:00
Marcel Holtmann
23a7fafec6 ie: Use full include path for local includes 2018-10-26 21:26:17 +02:00
Marcel Holtmann
be5bf7ee15 util: Only include <ell/ell.h> and use full include path 2018-10-26 21:24:20 +02:00
Denis Kenzior
a2efe2d2de eap-pwd: Warn if deprecated setting is used 2018-10-25 14:52:30 -05:00
Tim Kourt
df59d57f96 eap-pwd: Standardize setting keys
Switch EAP-PWD to use the common password setting key nomenclature.
2018-10-25 14:29:56 -05:00
Denis Kenzior
c256dbfbd8 eap-gtc: Warn if deprecated setting is used 2018-10-25 14:25:28 -05:00
Tim Kourt
c92f8231b2 eap-gtc: Standardize property keys
Switch EAP-GTC to use the common password setting key nomenclature.
2018-10-25 14:14:16 -05:00
Tim Kourt
e8de229223 ttls: add support for tunneled MS-CHAP 2018-10-24 16:33:06 -05:00
Tim Kourt
b46376980a mschaputil: Add MS CHAP utilities 2018-10-24 16:28:46 -05:00
Denis Kenzior
ae538eae7d netdev: Cancel ongoing rekey offload
We need to cancel an ongoing rekey offload in a few additional places
besides the netdev destructor.
2018-10-20 10:38:56 -05:00
Denis Kenzior
8501b2edb1 netdev: Add a TODO about Rekey Offload errors 2018-10-20 10:36:42 -05:00
Denis Kenzior
658362a349 netdev: Put command cancelation into a common function 2018-10-20 10:35:28 -05:00
Tim Kourt
e979bf97f1 netdev: add an ability to cancel hw rekey cmd
==1628== Invalid read of size 1
==1628==    at 0x405E71: hardware_rekey_cb (netdev.c:1381)
==1628==    by 0x444E5B: process_unicast (genl.c:415)
==1628==    by 0x444E5B: received_data (genl.c:534)
==1628==    by 0x442032: io_callback (io.c:126)
==1628==    by 0x4414CD: l_main_iterate (main.c:387)
==1628==    by 0x44158B: l_main_run (main.c:434)
==1628==    by 0x403775: main (main.c:489)
==1628==  Address 0x5475208 is 312 bytes inside a block of size 320 free'd
==1628==    at 0x4C2ED18: free (vg_replace_malloc.c:530)
==1628==    by 0x43D94D: l_queue_clear (queue.c:107)
==1628==    by 0x43D998: l_queue_destroy (queue.c:82)
==1628==    by 0x40B431: netdev_shutdown (netdev.c:4765)
==1628==    by 0x403B17: iwd_shutdown (main.c:81)
==1628==    by 0x4419D2: signal_callback (signal.c:82)
==1628==    by 0x4414CD: l_main_iterate (main.c:387)
==1628==    by 0x44158B: l_main_run (main.c:434)
==1628==    by 0x403775: main (main.c:489)
==1628==  Block was alloc'd at
==1628==    at 0x4C2DB6B: malloc (vg_replace_malloc.c:299)
==1628==    by 0x43CA4D: l_malloc (util.c:62)
==1628==    by 0x40A853: netdev_create_from_genl (netdev.c:4517)
==1628==    by 0x444E5B: process_unicast (genl.c:415)
==1628==    by 0x444E5B: received_data (genl.c:534)
==1628==    by 0x442032: io_callback (io.c:126)
==1628==    by 0x4414CD: l_main_iterate (main.c:387)
==1628==    by 0x44158B: l_main_run (main.c:434)
==1628==    by 0x403775: main (main.c:489)
2018-10-20 10:29:52 -05:00
Marcel Holtmann
a59e162446 knownnetworks: Use l_dir_watch instead of l_fswatch 2018-10-19 19:14:05 +02:00
Marcel Holtmann
8f8a214fbd build: Use new l_tls_prf_get_bytes and remove ell/tls-private.h usage 2018-10-19 09:30:59 +02:00
Marcel Holtmann
467d3958b4 build: Use l_tls_prf_get_bytes instead of tls_prf_get_bytes 2018-10-19 08:46:57 +02:00
Marcel Holtmann
b27edce298 build: Use include "" instead of include <> for ell/tls-private.h 2018-10-19 08:24:57 +02:00
Denis Kenzior
d22e57c994 treewide: Remove use of key-private.h 2018-10-19 00:31:41 -05:00
Denis Kenzior
6e8f10f695 eap-ttls: Use iwd's version of align_len
No need to include ell's private bits unnecessarily
2018-10-19 00:20:47 -05:00
Denis Kenzior
770f3c6049 dbus: Remove unneeded include 2018-10-19 00:20:35 -05:00
Marcel Holtmann
1ee7de15c8 ttls: Fix truncated before the last format character 2018-10-14 11:35:48 +02:00
Marcel Holtmann
a3c1fa28da build: Rename nl80211_util.[ch] into nl80211util.[ch] 2018-10-14 05:41:06 +02:00
James Prestwood
70d6c9c692 adhoc: implement setting TX GTK
Adhoc requires 2 GTK's to be set, a single TX GTK and a per-mac RX GTK.
The per-mac RX GTK already gets set via netdev_set_gtk. The single TX GTK
is created the same as AP, where, upon the first station connecting a GTK
is generated and set in the kernel. Then any subsequent stations use
GET_KEY to retrieve the GTK and set it in the handshake.
2018-10-08 21:38:30 -05:00
James Prestwood
2123d613fc nl80211: support per-mac GTK on _new_key_group
AdHoc will require a per-mac GTK to be set. For this reason
nl80211_build_new_key_group has been updated to optionally take
a MAC address.
2018-10-08 21:35:33 -05:00
James Prestwood
5e5caedb90 nl80211: added verifier/parser for GET_KEY
AdHoc will also need the same functionality to verify and parse the
key sequence from GET_KEY. This block of code was moved from AP's
GET_KEY callback into nl80211_parse_get_key_seq.
2018-10-08 21:35:24 -05:00
James Prestwood
60aba7114e nl80211: make SET_KEY/GET_KEY common
Moved AP helpers for building SET_KEY/GET_KEY commands into
nl80211_util.c
2018-10-08 21:35:12 -05:00
James Prestwood
04a9315a3c nl80211: introduce nl80211 utility API's
Netdev/AP share several NL80211 commands and each has their own
builder API's. These were moved into a common file nl80211_util.[ch].

A helper was added to AP for building NEW_STATION to make the associate
callback look cleaner (rather than manually building NEW_STATION).
2018-10-08 21:34:58 -05:00
Andrew Zaborowski
dc39c52525 station: Cancel ongoing scans in station_free
Make scan.c forget station's scan callbacks to prevent crash when
switching interface types with a scan running.
2018-10-08 11:33:53 -05:00
James Prestwood
395acc8203 netdev: simplify netdev_choose_key_address
The key address can be chosen regardless of iftype. The deciding
factor is the authenticator bit in the handshake.
2018-10-08 11:29:47 -05:00
Andrew Zaborowski
fb85b1d1a7 netdev: Check that netdev->device is not NULL
Check that netdev->device is not NULL before doing device_remove()
(which would crash) and emitting NETDEV_WATCH_EVENT_DEL.  It may be
NULL if the initial RTM_SETLINK has failed to bring device UP.
2018-10-04 20:57:33 -05:00
Andrew Zaborowski
6e70c84f8e station: Ignore ad-hoc networks in scan results
If there are Ad-hoc BSSes they should be present in the scan results
together with regular APs as far as scan.c is concerned.  But in
station mode we can't connect to them -- the Connect method will fail and
autoconnect would fail.  Since we have no property to indicate a
network is an IBSS just filter these results out for now.  There are
perhaps better solutions but the benefit is very low.
2018-10-03 16:56:19 -05:00
Tim Kourt
0682ddad37 ttls: change signature of the inner reset funcs 2018-10-01 17:30:29 -05:00
Tim Kourt
f0a86519e9 ttls: add support for tunneled CHAP 2018-10-01 17:14:19 -05:00
Tim Kourt
ba5cf86716 ttls: add support for tunneled PAP 2018-10-01 17:12:17 -05:00
Tim Kourt
aedf89ca37 ttls: remove load_settings from phase2_method 2018-10-01 17:11:39 -05:00
Tim Kourt
726ff5d2b1 ttls: exclude avp_builder_put_bytes 2018-10-01 17:11:10 -05:00
Tim Kourt
2aefd8badf ttls: improve avp build approach 2018-10-01 17:10:03 -05:00
Tim Kourt
e6bf22f8c9 ttls: add support for non eap auth settings 2018-09-26 17:55:44 -05:00
Tim Kourt
8f0c4a769a ttls: clear the obtained memory to prevent info leaks 2018-09-26 17:19:46 -05:00
Tim Kourt
3d77748bca ttls: change signature of the inner destroy funcs. 2018-09-26 17:19:05 -05:00
Tim Kourt
b2ec0c350a ttls: fix check on avp start 2018-09-25 16:23:40 -05:00
James Prestwood
50acc11f07 wiphy: added wiphy_select_akm
This is a replacement for station's static select_akm_suite. This was
done because wiphy can make a much more intellegent decision about the
akm suite by checking the wiphy supported features e.g. SAE support.

This allows a connection to hybrid WPA2/WPA3 AP's if SAE is not
supported in the kernel.
2018-09-25 10:58:04 -05:00
James Prestwood
272cb441cd wiphy: only connect to SAE if feature is supported 2018-09-25 10:56:06 -05:00
Andrew Zaborowski
36c441c945 ap: Set up the GTK and pass to handshake
Set a default GTK cipher type same as our current PTK type, generate a
random GTK when the first STA connects and set it up in the kernel, then
pass the values that EAPoL is going to need to the handshake_state.
2018-09-25 10:53:40 -05:00
Andrew Zaborowski
01edef9001 netdev: Reject setting powered while setting iftype
In netdev_set_powered also check that no NL80211_CMD_SET_INTERFACE is in
progress because once it returned we would overwrite
netdev->set_powered_cmd_id (could also add a check there but it seems
more logical to just disallow Powered property changes while Mode is
being changed, since we also disallow Mode changes while Powered is
being changed.)
2018-09-25 10:51:48 -05:00
Denis Kenzior
ebda2ce60f device: Remove unneeded includes 2018-09-24 19:29:40 -05:00
Denis Kenzior
87118959e6 device: Obtain station using station_find
Since device object no longer creates / destroys station objects, use
station_find inside ap directed roam events to direct these to the
station interface.
2018-09-24 19:27:04 -05:00
Andrew Zaborowski
8632b81397 eapol: Add GTK data to msg 3/4 of the handshake 2018-09-24 14:53:41 -05:00
Andrew Zaborowski
e4873dea5a handshake: Use enum handshake_kde in find_kde()
Since we have all the KDE types defined in enum handshake_kde use that
instead of uint8_t buffers containing the same values.
2018-09-24 14:24:41 -05:00
Andrew Zaborowski
7c779956ac handshake: Add handshake_util_build_gtk_kde utility 2018-09-24 14:24:41 -05:00
Andrew Zaborowski
68e612573e handshake: Add GTK data to handshake_state
Add places to store the GTK data, index and RSC in struct
handshake_state and add a setter function for these fields.  We may want
to also convert install_gtk to use these fields similar to install_ptk.
2018-09-24 14:24:41 -05:00
Denis Kenzior
7eb59602df netdev: Drop redundant netdev_get_device checks
As a consequence of the previous commit, netdev watches are always
called when the device object is valid.  As a result, we can drop the
netdev_get_device calls and checks from individual AP/AdHoc/Station/WSC
netdev watches
2018-09-24 14:12:43 -05:00
Andrew Zaborowski
916bde3a02 netdev: Don't emit events before NETDEV_WATCH_EVENT_NEW 2018-09-24 14:09:36 -05:00
Andrew Zaborowski
c96f44b2e6 station: Make station_create/station_free static
These two functions don't need to be used from outside of station.c
anymore so make them static and simplify the station_create arguments
slightly.
2018-09-24 14:07:03 -05:00
Andrew Zaborowski
567baed2c4 station: Create interface simliarly to AP, AdHoc interfaces
Instead of creating the Station interface in device.c create it directly
on the netdev watch event the same way that the AP and AdHoc interfaces
are created and freed.  This fixes some minor incosistencies, for
example station_free was previously called twice, once from device.c and
once from the netdev watch.

device.c would previously keep the pointer returned by station_create()
but that pointer was not actually useful so remove it.  Autotests still
seem to pass.
2018-09-24 14:05:03 -05:00
Andrew Zaborowski
daf248e1ba station: Disconnect netdev in station_free()
Call netdev_disconnect() to make netdev forget any of station.c's
callbacks for connections or transitions in progress or established.
Otherwise station.c will crash as soon as we're connected and try to
change interface mode:
==17601== Invalid read of size 8
==17601==    at 0x11DFA0: station_disconnect_event (station.c:775)
==17601==    by 0x11DFA0: station_netdev_event (station.c:1570)
==17601==    by 0x115D18: netdev_disconnect_event (netdev.c:868)
==17601==    by 0x115D18: netdev_mlme_notify (netdev.c:3403)
==17601==    by 0x14E287: l_queue_foreach (queue.c:441)
==17601==    by 0x1558B4: process_multicast (genl.c:469)
==17601==    by 0x1558B4: received_data (genl.c:532)
==17601==    by 0x152888: io_callback (io.c:123)
==17601==    by 0x151BCD: l_main_iterate (main.c:376)
==17601==    by 0x151C9B: l_main_run (main.c:423)
==17601==    by 0x10FE20: main (main.c:489)
2018-09-24 13:57:36 -05:00
Andrew Zaborowski
f9faeed7bb ap, adhoc: On NETDEV_WATCH_EVENT_NEW check device is UP
Since the interfaces are not supposed to exist when the device is DOWN
(we destroy the interfaces on NETDEV_WATCH_EVENT_DOWN too), don't
create the interfaces if the device hasn't been brought up yet.
2018-09-24 13:56:02 -05:00
Andrew Zaborowski
99e7e0d977 netdev: Update ifi_flags in rntl_set_powered callbacks
When we detect a new device we either bring it down and then up or only
up.  The IFF_UP flag in netdev->ifi_flags is updated before that, then
we send the two rtnl commands and then fire the NETDEV_WATCH_EVENT_NEW
event if either the bring up succeeded or -ERFKILL was returned, so the
device may either be UP or DOWN at that point.

It seems that a RTNL NEWLINK notification is usually received before
the RTNL command callback but I don't think this is guaranteed so update
the IFF_UP flag in the callbacks so that the NETDEV_WATCH_EVENT_NEW
handlers can reliably use netdev_get_is_up()
2018-09-24 13:54:24 -05:00
Andrew Zaborowski
ab6160b017 netdev: Drop DEFAULT_TYPES nl80211 attr of CMD_NEW_KEY
The NL80211_ATTR_KEY_DEFAULT_TYPES attribute is only parsed by the
kernel if either NL80211_ATTR_KEY_DEFAULT or
NL80211_ATTR_KEY_DEFAULT_MGMT are also present, however these are only
used with NL80211_CMD_SET_KEY and ignored for NEW_KEY.  As far as I
understand the default key concept only makes sense for a Tx key because
on Rx all keys can be tried, so we don't need this for client mode.  The
kernel decides whether the NEW_KEY is for unicast or multicast based on
whether NL80211_ATTR_KEY_MAC was supplied.
2018-09-24 13:14:27 -05:00
Denis Kenzior
b60e79b8dd eap-wsc: Do not leak device_password
device password was read from settings using l_settings_get_string which
returns a newly-allocated string due to un-escape semantics.  However,
when assigning wsc->device_password, we strdup-ed the password again
unnecessarily.

==1069== 14 bytes in 2 blocks are definitely lost in loss record 1 of 1
==1069==    at 0x4C2AF0F: malloc (vg_replace_malloc.c:299)
==1069==    by 0x16696A: l_malloc (util.c:62)
==1069==    by 0x16B14B: unescape_value (settings.c:108)
==1069==    by 0x16D12C: l_settings_get_string (settings.c:971)
==1069==    by 0x149680: eap_wsc_load_settings (eap-wsc.c:1270)
==1069==    by 0x146113: eap_load_settings (eap.c:556)
==1069==    by 0x12E079: eapol_start (eapol.c:2022)
==1069==    by 0x1143A5: netdev_connect_event (netdev.c:1728)
==1069==    by 0x118751: netdev_mlme_notify (netdev.c:3406)
==1069==    by 0x1734F1: notify_handler (genl.c:454)
==1069==    by 0x168987: l_queue_foreach (queue.c:441)
==1069==    by 0x173561: process_multicast (genl.c:469)
2018-09-24 12:19:27 -05:00
Denis Kenzior
3ca1aeb917 wsc: Don't use wsc_pin_is_checksum_valid on 4 digit PINs
wsc_pin_is_valid allows two types of PINs through:
  1. 4 digit numeric PIN
  2. 8 digit numeric PIN

The current code always calls wsc_pin_is_checksum_valid to determine
whether a DEFAULT or USER_SPECIFIED PIN is used.  However, this function
is not safe to call on 4 digit PINs and causes a buffer overflow.

Add simple checks to treat 4 digit PINs as DEFAULT PINs and do not call
wsc_pin_is_checksum_valid on these.

Reported-By: Matthias Gerstner <matthias.gerstner@suse.de>
2018-09-24 12:19:27 -05:00
Denis Kenzior
cc37018426 eap-wsc: Drop 8 digit PIN check
EAP-WSC handles 4 digit, 8 digit and out-of-band Device passwords.  The
latter in particular can be anything, so drop the mandatory minimum
password length check here.

This also has the effect of enabling 4-digit PINs to actually work as
they are intended.
2018-09-24 12:19:27 -05:00
Tim Kourt
a3cc68e61e ttls: add radius AVP builder and build response 2018-09-21 18:07:58 -05:00
Tim Kourt
4d8791dd3a ttls: replace old AVP processing with new 2018-09-21 15:20:18 -05:00
Tim Kourt
5d1d1ad893 ttls: add radius AVP parser 2018-09-21 15:19:13 -05:00
Tim Kourt
71ba8ac765 ttls: introduce phase2_method structure
The struct allows to support multiple types of the tunneled methods.
Previously, EAP-TTLS was supporting only the eap based ones.
This patch is also starts to move some of the phase 2 EAP
functionality into the new structure.
2018-09-21 15:19:13 -05:00
Tim Kourt
a7f5d1da21 ttls: remove unused state var 2018-09-21 12:15:28 -05:00
Tim Kourt
410ee2f6b9 eap-tls-common: introduce utility functions for eap-tls 2018-09-21 12:15:25 -05:00
James Prestwood
a553771ffe netdev: station: support FT over SAE
Boiled down, FT over SAE is no different than FT over PSK, apart from
the different AKM suite. The bulk of this change fixes the current
netdev/station logic related to SAE by rebuilding the RSNE and adding
the MDE if present in the handshake to match what the PSK logic does.

A common function was introduced into station which will rebuild the
handshake rsne's for a target network. This is used for both new
network connections as well as fast transitions.
2018-09-21 11:26:05 -05:00
James Prestwood
8064cb599a ie: introduce IE_AKM_IS_SAE macro
To prepare for FT over SAE, several case/if statements needed to include
IE_RSN_AKM_SUITE_FT_OVER_SAE. Also a new macro was introduced to remove
duplicate if statement code checking for both FT_OVER_SAE and SAE AKM's.
2018-09-21 11:26:05 -05:00
James Prestwood
996a18e934 network: free EAP_CACHE_NEVER secret types
When freeing a network secrets any secrets labeled with CACHE_NEVER
would get removed from the secret queue but never actually freed.
2018-09-19 14:33:23 -05:00
James Prestwood
74b8b6d65c watchlist: fix stale watchlist item processing
All the watchlist notify macros were broken in that they did not check
that the watchlist item was still valid before calling it. This only
came into play when a watchlist was being notified and one of the notify
functions removed an item from the same watchlist. It appears this was
already thought of since watchlist_remove checks 'in_notify' and will
mark the item's id as stale (0), but that id never got checked in the
notify macros.

This fixes testAdHoc valgrind warning:

==3347== Invalid read of size 4
==3347==    at 0x416612: eapol_rx_auth_packet (eapol.c:1871)
==3347==    by 0x416DD4: __eapol_rx_packet (eapol.c:2334)
==3347==    by 0x40725B: netdev_pae_read (netdev.c:3515)
==3347==    by 0x440958: io_callback (io.c:123)
==3347==    by 0x43FDED: l_main_iterate (main.c:376)
==3347==    by 0x43FEAB: l_main_run (main.c:423)
==3347==    by 0x40377A: main (main.c:489)
...
2018-09-19 14:17:26 -05:00
Denis Kenzior
ba248e028e station: Make station_rssi_level_changed static 2018-09-19 13:47:51 -05:00
Denis Kenzior
f06c3b645d station: Make station_state_to_string static 2018-09-19 13:45:49 -05:00
Tim Kourt
59c4c8ac6b scan: change scan triggered notification behavior
Do not notify the caller after the first scan_triggered event in
multi-segmented scans.
2018-09-19 11:53:36 -05:00
Tim Kourt
b5aefede95 network: add check for the existing settings
In the case of the open networks with hidden SSIDs
the settings object is already created.

Valgrind:
==4084==    at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
==4084==    by 0x43B44D: l_malloc (util.c:62)
==4084==    by 0x43E3FA: l_settings_new (settings.c:83)
==4084==    by 0x41D101: network_connect_new_hidden_network (network.c:1053)
==4084==    by 0x4105B7: station_hidden_network_scan_results (station.c:1733)
==4084==    by 0x419817: scan_finished (scan.c:1165)
==4084==    by 0x419CAA: get_scan_done (scan.c:1191)
==4084==    by 0x443562: destroy_request (genl.c:139)
==4084==    by 0x4437F7: process_unicast (genl.c:424)
==4084==    by 0x4437F7: received_data (genl.c:534)
==4084==    by 0x440958: io_callback (io.c:123)
==4084==    by 0x43FDED: l_main_iterate (main.c:376)
==4084==    by 0x43FEAB: l_main_run (main.c:423)
2018-09-19 11:52:33 -05:00
Denis Kenzior
88b2aefeed wiphy: Add missing blank 2018-09-18 17:06:07 -05:00
Denis Kenzior
e52204f46f station: Fix scan_pending assignment
In case an error occurs starting a scan, the scan_pending variable is
never cleared and message is never unrefed.
2018-09-18 13:58:52 -05:00
Denis Kenzior
d347100ac2 device: Remove the rest of the legacy Device properties 2018-09-14 21:53:01 -05:00
Denis Kenzior
42e5dbf6f8 device: Remove legacy GetOrderedNetworks 2018-09-14 21:49:13 -05:00
Denis Kenzior
b2e0a82225 device: Remove Scan method 2018-09-14 21:21:47 -05:00
Denis Kenzior
c47db2635f device: Remove Disconnect method 2018-09-14 21:20:33 -05:00
Marcel Holtmann
804ce5944b dbus: Make the g_dbus global variable static 2018-09-14 23:01:32 +02:00
Marcel Holtmann
2606bc73ad build: Add DAEMON_ prefix to CONFIGDIR and STORAGEDIR 2018-09-14 17:58:44 +02:00
Marcel Holtmann
1e37ef31fe eapol: Move eapol_key_validate() into eapolutil helper 2018-09-14 17:31:42 +02:00
Marcel Holtmann
c40be7a7d5 monitor: Add EAP dummy method to keep linker happy 2018-09-14 17:12:47 +02:00
Marcel Holtmann
502aac073f tools: Add configure option and D-Bus policy file for hwsim utility 2018-09-14 15:24:15 +02:00
Marcel Holtmann
5126459ecc main: Fix the order of --help and -h option handling 2018-09-14 15:19:06 +02:00
Marcel Holtmann
0c5b6e4da3 dbus: Fix policy entries and add access for group wheel 2018-09-14 15:04:15 +02:00
Denis Kenzior
b181604c18 main: Don't init nl80211 until dbus name is owned 2018-09-11 20:06:00 -05:00
Denis Kenzior
95896c10ff device: Fix crashes when outside of Station mode 2018-09-10 20:01:35 -05:00
Denis Kenzior
0a42f63d42 station: Update GetOrderedNetworks API implementation
The Station interface GetOrderedNetworks signature now matches the API
documentation.  Device.GetOrderedNetworks still uses the legacy
signature.
2018-09-08 10:34:52 -05:00
Andrew Zaborowski
854ce2b062 station: Emit PropertiesChanged on the Station interface too 2018-09-07 21:23:41 -05:00
Tim Kourt
18aa744099 eap: clarify warning message 2018-09-07 12:31:03 -05:00
Tim Kourt
bb5997c4ea peap: fix typo and add labels 2018-09-07 12:30:05 -05:00
Tim Kourt
2735e32b10 peap: handle redundant usage of the L flag
Some of the PEAP server implementations set the L flag along with
redundant TLS Message Length field for the un-fragmented packets.
This patch allows to identify and handle such occasions.
2018-09-07 12:26:23 -05:00
Tim Kourt
958bd12624 peap: accept EAP type 33 as termination mechanism for PEAPv1
EAP Extensions type 33 is used in PEAPv0 as a termination
mechanism for the tunneled EAP methods. In PEAPv1
the regular EAP-Success/Failure packets must be used to terminate
the method. Some of the server implementations of PEAPv1
rely on EAP Extensions method to terminate the conversation
instead of the required Success/Failure packets. This patch
makes iwd interoperable with such devices.
2018-09-06 18:23:24 -05:00
James Prestwood
397bf9c0bd crypto: pwd: sae: Made H function common
The "H" function used by SAE and EAP-PWD was effectively the same
function, EAP-PWD just used a zero key for its calls. This removes
the duplicate implementations and merges them into crypto.c as
"hkdf_256".

Since EAP-PWD always uses a zero'ed key, passing in a NULL key to
hkdf_256 will actually use a 32 byte zero'ed array as the key. This
avoids the need for EAP-PWD to store or create a zero'ed key for
every call.

Both the original "H" functions never called va_end, so that was
added to hkdf_256.
2018-09-05 11:12:54 -05:00
Denis Kenzior
5db022041c station: Fix up some printf type inconsistencies
The ifindex as reported by netdev is unsigned, so make sure that it is
printed as such.  It is astronomically unlikely that this causes any
actual issues, but lets be paranoid.
2018-09-05 11:09:35 -05:00
Denis Kenzior
0f34e1a0c1 station: Expose ConnectedNetwork, Scanning and State
These properties will temporarily be exposed on both interfaces
until tools such as test runner, iwctl and NetworkManager/ConnMan
are ported over.
2018-09-05 11:09:35 -05:00
Denis Kenzior
2f2ec71a6c station: Expose Scan, Disconnect, GetOrderedNetworks
These methods will temporarily be exposed on both interfaces until tools
such as test runner, iwctl and NetworkManager/ConnMan are ported over.
2018-09-05 11:09:35 -05:00
Denis Kenzior
b650a5d492 station: Move ConnectHiddenNetwork to station 2018-09-05 11:09:35 -05:00
Denis Kenzior
f61747f011 device: Allow switching mode even if station is busy
Since device will no longer be aware of what is happening on the station
interface, we should allow switching modes in any situation
2018-09-04 23:57:14 -05:00
Denis Kenzior
25f36f5644 station: Move remaining connect/re-connect/roam logic 2018-09-04 23:57:14 -05:00
Denis Kenzior
cdfcb902e4 station: move signal level agent logic from device 2018-09-04 23:57:14 -05:00
Denis Kenzior
ac83a35b97 station: Register skeleton dbus interface 2018-09-04 23:57:14 -05:00