3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-22 23:09:34 +01:00
Commit Graph

3812 Commits

Author SHA1 Message Date
James Prestwood
94afeabc18 dpp: put no station device print behind else if
The previous (incorrect) else was removed since it ended up
printing in most cases since the if clause returned. This should
have been an else if conditional from the start and only print if the
station device was not found.
2022-01-12 09:32:37 -06:00
James Prestwood
0c8d3f106a dpp: don't send StartEnrollee reply until offchannel starts
IWD may be in the middle of some long operation, e.g. scanning.
If the URI is returned before IWD is ready, a configurator could
start sending frames and IWD either wont receive them, or will
be unable to respond quickly.
2022-01-12 09:32:13 -06:00
James Prestwood
295430a47e frame-xchg: use work priorities rather than hard coding 2022-01-11 12:38:10 -06:00
James Prestwood
ae12132495 offchannel: use work priorities rather than hard coding
The offchannel priority was also changed to zero, which matches the
priority of frames. Currently there should be no interaction between
offchannel and connect (previous offchannel priority).
2022-01-11 12:37:59 -06:00
James Prestwood
87e1045b11 netdev: use work priorities rather than hard coding 2022-01-11 12:37:44 -06:00
James Prestwood
217bb6dc65 scan: don't special case periodic scan work
Periodic scans were handled specially where they were only
started if no other requests were pending in the scan queue.
This is fine, and what we want, but this can actually be
handled automatically by nature of the wiphy work queue rather
than needing to check the request queue explicitly.

Instead we can insert periodic scans at a lower priority than
other scans. This puts them at the end of the work queue, as
well as allows future requests to jump ahead if a periodic scan
has not yet started.

Eventually, once all pending scans are done, the peridoic scan
may begin. This is no different than the preivous behavior and
avoids the need for any special checks once scan requests
complete.

One check was added to address the problem of the periodic scan
timer firing before the scan could even start. Currently this
happened to be handled fine in scan_periodic_queue, as it checks
the queue length. Since this check was removed we must see check
for this condition inside scan_periodic_timeout.
2022-01-11 12:37:13 -06:00
James Prestwood
c7a6730d28 scan: set scan priority via scan_common
This adds a priority argument to scan_common rather than hard
coding it when inserting the work item and uses the newly
defined wiphy priority for scanning.
2022-01-11 12:36:36 -06:00
James Prestwood
6e5d1a540c wiphy: define work priorities in one place
Work priority was never explicitly defined anywhere, and a module
using wiphy_radio_work APIs needed to ensure it was not inserting
at a priority that would interfere with other work.

Now all the types of work have been defined with their own priority
and future priorities can easily be added before, after, or in
between existing priorities.
2022-01-11 12:36:22 -06:00
Denis Kenzior
372a1c05e6 scan: Simplify debug statement
l_debug will already print the function name, so including it in the
printed string is redundant
2022-01-11 11:07:33 -06:00
Denis Kenzior
5cb7591bc0 treewide: Use __func__ when possible
Instead of hard-coding the function name in l_warn/l_error statements,
use '__func__'
2022-01-11 11:07:33 -06:00
Denis Kenzior
8b9442efe0 treewide: Prefer not using assignment in if 2022-01-11 11:07:33 -06:00
Denis Kenzior
6ae1917733 netdev: Make code more readable
Introduce a new 'hs' variable to make the code a bit more compact and
readable.  Avoid splitting pointer dereferences on multiple lines.
2022-01-11 11:07:33 -06:00
Denis Kenzior
073346ee37 treewide: Remove unneeded else statements
The code is more readable without the unnecessary nesting
2022-01-11 11:07:33 -06:00
Denis Kenzior
b44460464e treewide: Add () around certain macros 2022-01-11 11:07:33 -06:00
Denis Kenzior
cba19d3bf5 treewide: Remove pointless return statement 2022-01-11 11:07:33 -06:00
Denis Kenzior
fe95cbe077 treewide: Various style fixups
- Mostly problems with whitespace:
	- Use of spaces instead of tabs
	- Stray spaces before closing ')
	- Missing spaces

- Missing 'void' from function declarations & definitions that
  take no arguments.

- Wrong indentation level
2022-01-11 11:07:05 -06:00
James Prestwood
967c95829f scan: fix double space 2022-01-11 08:57:05 -06:00
Peter Seiderer
6ce41f6211 dpp: fix implicit declaration of function explicit_bzero warning
- add missing src/missing.h include for explicit_bzero, fixes uclibc
  compile/linking

Fixes:

  src/dpp.c:166:2: warning: implicit declaration of function ‘explicit_bzero’ [-Wimplicit-function-declaration]
    166 |  explicit_bzero(dpp->r_nonce, dpp->nonce_len);
        |  ^~~~~~~~~~~~~~
2022-01-10 15:43:52 -06:00
James Prestwood
82818d7454 dpp: allow config response handling without station
If the device is not in station mode DPP can still write out
the credentials and finish without attempting to connect or
scan.
2022-01-10 10:59:15 -06:00
James Prestwood
e6ecc078a1 dpp: handle CHANNEL attribute in auth request
When this attribute is included, the initiator is requesting all
future frames be sent on this channel. There is no reason for a
configurator to act on this attribute (at least for now) so the
request frame will be dropped in this case. Enrollees will act
on it by switching to the new channel and sending the authentication
response.
2022-01-10 10:59:05 -06:00
James Prestwood
235042fcd5 dpp: refactor calls to offchannel_start into common function
This will aid in channel switching during authentication by allowing
an arbitrary channel to be passed in rather than dpp->current_freq.
2022-01-10 10:58:56 -06:00
James Prestwood
39020bf14d dpp: move r_auth into dpp_sm
In order to support channel switching during authentication r_auth
needs to be held onto in dpp_sm for after the ROC call starts.
2022-01-10 10:58:47 -06:00
James Prestwood
786e36eee6 dpp: don't allow StartEnrollee while connected
While connected the driver ends up choosing quite small ROC
durations leading to excessive calls to ROC. This also will
negatively effect any wireless performance for the current
network and possibly lead to missed DPP frames.
2022-01-10 10:58:17 -06:00
James Prestwood
0f7ea99605 dpp: don't allocate transient ssid strings
These can be kept on the stack and avoid the need for
allocated memory and unneeded auto-free functionality.
2022-01-10 10:52:41 -06:00
James Prestwood
847a8ba265 dpp: memset header to fix uninitialized buffer 2022-01-07 11:49:55 -06:00
James Prestwood
226fd5c0b8 dpp: unref DPP frame if sending fails 2022-01-07 11:49:44 -06:00
James Prestwood
6a421a1254 dpp: speed up connection after being configured
Currently the enrollee relied on autoconnect to handle connecting
to the newly configured network. This usually resulted in poor
performance since periodic scans are done at large intervals apart.

Instead first check if the newly configured network is already
in IWD's network queue. If so it can be connected to immediately.
If not, a full scan must be done and results given to station.
2022-01-06 17:37:14 -06:00
James Prestwood
1ec0fd75e1 dpp: parse configuration request values
With better JSON support the configuration request object
can now be fully parsed. As stated in the previous comment
there really isn't much use from the configurator side apart
from verifying mandatory values are included.

This patch also modifies the configuration result to handle
sending non 'OK' status codes in case of JSON parsing errors.
2022-01-06 17:36:19 -06:00
James Prestwood
67ded4c2fd json: restrict json_iter_{parse,next} to objects/arrays
json_iter_parse is only meant to work on objects while
json_iter_next is only meant to work on arrays.

This adds checks in both APIs to ensure they aren't being
used incorrectly.
2022-01-06 16:43:18 -06:00
James Prestwood
1f91c03bf6 json: add NULL check for container on get_container
In case the caller just wants to check an object is iterable,
without actually iterating it.
2022-01-06 16:43:18 -06:00
James Prestwood
790d431624 json: add json_iter_get_string 2022-01-06 16:43:18 -06:00
James Prestwood
0d7482e379 json: add json_iter_get_container
This allows getting an iterator for a container nested inside
an array.
2022-01-06 16:01:39 -06:00
James Prestwood
7991c861e1 json: add support for array iteration
Arrays can now be parsed using the JSON_ARRAY type (stored in
a struct json_iter) then iterated using json_iter_next. When
iterating the type can be checked with json_iter_get_type. For
each iteration the value can be obtained using any of the type
getters (int/uint/boolean/null).
2022-01-06 15:15:06 -06:00
James Prestwood
ebed84ab55 json: increase default token size to 60 2022-01-06 14:26:09 -06:00
James Prestwood
4f1cd8af93 json: add support for primitive types
This adds support for boolean, (unsigned) integers, and
null types. JSON_PRIMITIVE should be used as the type when
parsing and the value should be struct json_iter.

Once parsed the actual value can be obtained using one of
the primitive getters. If the type does not match they will
return false.

If using JSON_OPTIONAL with JSON_PRIMITIVE the resulting
iterator can be checked with json_iter_is_valid. If false
the key/value was not found or the type was not matching.
2022-01-06 14:10:26 -06:00
James Prestwood
23a1a66aee json: fix find_object_tokens
First, this was renamed to 'count_tokens_in_container' to be
more general purpose (i.e. include future array counting).

The way the tokens are counted also changed to be more intuitive.
While the previous way was correct, it was somewhat convoluted in
how it worked (finding the next parent of the objects parent).

Instead we can use the container token itself as the parent and
begin counting tokens. When we find a token with a parent index
less than the target we have reached the end of this container.
This also works for nested containers, including arrays since we
no longer rely on a key (which an array element would not have).

For example::

{
	"first":{"foo":"bar"},
	"second":{"foo2":"bar2"}
}

index 0		<overall object>
index 1		"first"		with parent 0
index 2         {"foo":"bar"}   with parent 1

Counting tokens inside "first"'s object we have:

index 3		"foo"		with parent 2
index 4		"bar"		with parent 3

If we continue counting we reach:

index 5		"second"	with parent 0

This terminates the counting loop since the parent index is
less than '2' (the index of {"foo":"bar"} object).
2022-01-06 14:10:21 -06:00
Denis Kenzior
f05e60f338 dpp: Fix compilation on 32 bit
In file included from ./ell/ell.h:15,
                 from ../../src/dpp.c:29:
../../src/dpp.c: In function ‘authenticate_request’:
../../ell/log.h:79:22: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 8 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
   79 |   l_log(L_LOG_DEBUG, "%s:%s() " format, __FILE__, \
      |                      ^~~~~~~~~~
../../ell/log.h:54:16: note: in definition of macro ‘l_log’
   54 |      __func__, format "\n", ##__VA_ARGS__)
      |                ^~~~~~
../../ell/log.h:103:31: note: in expansion of macro ‘L_DEBUG_SYMBOL’
  103 | #define l_debug(format, ...)  L_DEBUG_SYMBOL(__debug_desc, format, ##__VA_ARGS__)
      |                               ^~~~~~~~~~~~~~
../../src/dpp.c:1235:3: note: in expansion of macro ‘l_debug’
 1235 |   l_debug("I-Nonce has unexpected length %lu", i_nonce_len);
      |   ^~~~~~~
2022-01-05 13:50:59 -06:00
Denis Kenzior
7c30fc2cbf netdev: do not leak auth_cmd
Direct leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7fa226fbf0f8 in __interceptor_malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/9.4.0/libasan.so.5+0x10c0f8)
    #1 0x688c98 in l_malloc ell/util.c:62
    #2 0x6c2b19 in msg_alloc ell/genl.c:740
    #3 0x6cb32c in l_genl_msg_new_sized ell/genl.c:1567
    #4 0x424f57 in netdev_build_cmd_authenticate src/netdev.c:3285
    #5 0x425b50 in netdev_sae_tx_authenticate src/netdev.c:3385
2021-12-23 09:58:05 -06:00
Denis Kenzior
60366346fb handshake: Do not leak vendor_ies
Direct leak of 7 byte(s) in 1 object(s) allocated from:
    #0 0x7fd748ad00f8 in __interceptor_malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/9.4.0/libasan.so.5+0x10c0f8)
    #1 0x688c21 in l_malloc ell/util.c:62
    #2 0x4beec7 in handshake_state_set_vendor_ies src/handshake.c:324
    #3 0x464e4e in station_handshake_setup src/station.c:1203
    #4 0x472a2f in __station_connect_network src/station.c:2975
    #5 0x473a30 in station_connect_network src/station.c:3078
    #6 0x4ed728 in network_connect_8021x src/network.c:1497

Fixes: f24cfa481b ("handshake: Add setter for vendor IEs")
2021-12-22 21:32:18 -06:00
James Prestwood
eeab42af03 dpp: init unwrapped pointer to NULL
Fixes possible issues with auto-free on error paths
2021-12-22 17:06:16 -06:00
James Prestwood
ce9188ee35 dpp: zero nonces/keys on dpp_reset 2021-12-22 17:06:16 -06:00
James Prestwood
1a9734d704 dpp: implement configurator role
This implements a configurator in the responder role. Currently
configuring an enrollee is limited to only the connected network.
This is to avoid the need to go offchannel for any reason. But
because of this a roam, channel switch, or disconnect will cause
the configuration to fail as none of the frames are being sent
offchannel.
2021-12-20 18:13:44 -06:00
James Prestwood
ec0f4e8826 dpp: add role definitions
Added both enrollee and configurator roles, as well as the needed
logic inside the authentication protocol to verify role compatibility.
The dpp_sm's role will now be used when setting capability bits making
the auth protocol agnostic to enrollees or configurators.
2021-12-20 18:13:44 -06:00
James Prestwood
8f711078b8 dpp: add timeout for auth/config protocols
This also allows the card to re-issue ROC if it ends in the middle of
authenticating or configuring as well as add a maximum timeout for
auth/config protocols.

IO errors were also handled as these sometimes can happen with
certain drivers but are not fatal.
2021-12-20 18:13:44 -06:00
James Prestwood
00fddaa868 dpp-util: add dpp_configuration_new/dpp_configuration_to_json
Allows creating a new configuration object based on settings, ssid,
and akm suite (for configurator role) as well as converting a
configuration object to JSON.
2021-12-20 17:04:26 -06:00
James Prestwood
d3fca54a7e dpp-util: pass actual ad_size, not hard coded '2'. 2021-12-20 17:04:21 -06:00
James Prestwood
c42080fe28 dpp: use frame data directly in unwrap for config response
Rather than hard coding ad0, use the actual frame data. There really
isn't a reason this would differ (only status attribute) but just
in case its better to use the frame data directly.
2021-12-20 17:03:55 -06:00
James Prestwood
d2240c4a62 dpp: handle protocol errors in ROC timeout
This is a standing TODO of properly handling these timeouts but
for now just treat any ROC timeout as an error if authenticating
or configuring.
2021-12-17 15:34:19 -06:00
James Prestwood
926c8bb9bd dpp: add support for configuration protocol
This is a minimal implementation only supporting legacy network
configuration, i.e. only SSID and PSK/passphrase are supported.

Missing features include:
 - Fragmentation/comeback delay support
 - DPP AKM support
 - 8021x/PKEX support
2021-12-17 15:33:46 -06:00
James Prestwood
59a5cf3de4 dpp: add DPP authentication protocol
This implements the DPP protocol used to authenticate to a
DPP configurator.

Note this is not a full implementation of the protocol and
there are a few missing features which will be added as
needed:

 - Mutual authentication (needed for BLE bootstrapping)
 - Configurator support
 - Initiator role
2021-12-17 14:19:20 -06:00
James Prestwood
84c095e787 dpp-util: add DPP attribute building APIs 2021-12-17 13:37:04 -06:00
James Prestwood
992deb36d4 dpp-util: add dpp_parse_configuration_object
This parses the configuration JSON object from the configuration
response. Only a minimal configuration object is supported for
now.
2021-12-16 14:29:18 -06:00
James Prestwood
683d3a3f04 dpp: send presence announcements on StartEnrollee
The presence procedure implemented is a far cry from what the spec
actually wants. There are two reason for this: a) the kernels offchannel
support is not at a level where it will work without rather annoying
work arounds, and b) doing the procedure outlined in the spec will
result in terrible discovery performance.

Because of this a simpler single channel announcement is done by default
and the full presence procedure is left out until/if it is needed.
2021-12-16 13:55:40 -06:00
James Prestwood
76d9a2e702 dpp: generate URI on StartEnrollee
Generates the required keys, hashes, and sets the Uri property
2021-12-16 13:53:56 -06:00
James Prestwood
acfbc34909 dpp: initial skeleton DPP module 2021-12-16 13:53:29 -06:00
James Prestwood
f06d0bd028 dbus: add DPP interface 2021-12-16 13:53:17 -06:00
James Prestwood
5ab6566a3b dpp-util: add dpp_point_to_asn1
Converts an l_ecc_point to the DPP ASN.1 structure.
2021-12-16 12:22:26 -06:00
James Prestwood
484dea8d7a offchannel: always use -ECANCELED for cancelation
info->error gets reset to zero on a successful ROC callback
which was getting used for cancelation.
2021-12-16 12:17:28 -06:00
James Prestwood
4a8a43965f offchannel: always call destroy right away on cancel
The main cancel code path was not calling destroy immediately which
was not consistent with other code paths/APIs.
2021-12-16 12:17:08 -06:00
James Prestwood
1a27cd1548 crypto: allow NULL 'ad' to aes_siv_decrypt 2021-12-16 12:16:31 -06:00
James Prestwood
53e68b64b2 crypto: allow NULL 'ad' to aes_siv_encrypt 2021-12-16 12:16:02 -06:00
James Prestwood
124b04fff6 dpp-util: add dpp status and attribute types 2021-12-14 15:36:12 -06:00
James Prestwood
1c1b63aae7 json: fix pointer arithmetic error
Subtracting the pointers is sufficient for counting the tokens,
they do not need to be modulus the size of jsmntok_t
2021-12-10 17:59:49 -06:00
James Prestwood
abfd749335 json: introduce JSON module
This is a minimal wrapper around jsmn.h to make things a bit easier
for iterating through a JSON object.

To use, first parse the JSON and create a contents object using
json_contents_new(). This object can then be used to initialize a
json_iter object using json_iter_init().

The json_iter object can then be parsed with json_iter_parse by
passing in JSON_MANDATORY/JSON_OPTIONAL arguments. Currently only
JSON_STRING and JSON_OBJECT types are supported. Any JSON_MANDATORY
values that are not found will result in an error.

If a JSON_OPTIONAL string is not found, the pointer will be NULL.
If a JSON_OPTIONAL object is not found, this iterator will be
initialized but 'start' will be -1. This can be checked with a
convenience macro json_object_not_found();
2021-12-10 17:33:47 -06:00
James Prestwood
d65aaf8740 dpp-util: check return of l_ecc_scalar_get_data
Static analysis was not happy since this return can be negative and
it was being fed into an unsigned argument. In reality this cannot
happen since the key buffer is always set to the maximum size supported
by any curves.
2021-12-10 15:41:53 -06:00
James Prestwood
669a92607c dpp-util: add DPP attribute iteration APIs 2021-12-06 16:32:09 -06:00
James Prestwood
c511e4be2a dpp-util: add URI generation API 2021-12-06 16:32:03 -06:00
James Prestwood
cdf05183b9 dpp-util: Introduce dpp-util, and add crypto operations 2021-12-06 15:54:37 -06:00
James Prestwood
bc36aca98e offchannel: introduce new offchannel module
This module provides a convenient wrapper around both
CMD_[CANCEL_]_REMAIN_ON_CHANNEL APIs.

Certain protocols require going offchannel to send frames, and/or
wait for a response. The frame-xchg module somewhat does this but
has some limitations. For example you cannot just go offchannel;
an initial frame must be sent out to start the procedure. In addition
frame-xchg does not work for broadcasts since it expects an ACK.

This module is much simpler and only handles going offchannel for
a duration. During this time frames may be sent or received. After
the duration the caller will get a callback and any included error
if there was one. Any offchannel request can be cancelled prior to
the duration expriring if the offchannel work has finished early.
2021-12-06 14:10:39 -06:00
James Prestwood
e6b4354530 wiphy: update wiphy_radio_work_is_running to return int
This differentiates between pending, running, and non-existent:
false, true, -ENOENT respectively
2021-12-06 14:10:03 -06:00
James Prestwood
94cdbb4669 scan: add scan_freq_set_to_fixed_array
This serializes a scan_freq_set into a uint32_t array.
2021-11-30 12:29:46 -06:00
James Prestwood
9c732cb32d scan: move scan_freq_set* into util
This will allow scan_freq_set utilities to be used in any
modules requiring unit testing
2021-11-30 12:29:06 -06:00
James Prestwood
24494e978c scan: remove scan APIs refactored into band.c 2021-11-29 17:08:32 -06:00
James Prestwood
56ea2c4d15 treewide: update scan utility usage to use band_* 2021-11-29 17:07:44 -06:00
James Prestwood
f3c9b66f08 band: move several scan utilities into band
This will allow unit testing modules which depend on these
APIs:

scan_channel_to_freq
scan_freq_to_channel
scan_oper_class_to_band
2021-11-29 17:07:10 -06:00
James Prestwood
945710fae1 scan: parse configurator connectivity element
This element has no data and indicates the AP supports configuring
stations via DPP while also serving current stations.
2021-11-29 17:03:31 -06:00
James Prestwood
5ab1a1298f ie: add DPP configurator connectivity element 2021-11-29 17:03:21 -06:00
James Prestwood
7103bda058 netdev: always honor disconnect events if issued by AP
The disconnect event handler was mistakenly bailing out if FT or
reassociation was going on. This was done because a disconnect
event is sent by the kernel when CMD_AUTH/CMD_ASSOC is used.

The problem is an AP could also disconnect IWD which should never
be ignored.

To fix this always parse the disconnect event and, if issued by
the AP, always notify watchers of the disconnect.
2021-11-23 12:18:08 -06:00
James Prestwood
aed383b037 wiphy: make wiphy work queue reentrancy safe
Now both the do_work and destroy callback can safely insert new
work items without causing problems.
2021-11-22 15:29:51 -06:00
James Prestwood
876fe9f210 crypto: use void* for hkdf_expand
This makes it more flexible for other storage types
2021-11-22 15:29:31 -06:00
James Prestwood
b735c90c42 crypto: use void* args for aes_siv_{encrypt,decrypt}
This makes these APIs more flexible for other storage types
2021-11-22 15:29:27 -06:00
Fangrui Song
fa1c12453b build: treewide: Set retain attribute
LLD 13 and GNU ld 2.37 support -z start-stop-gc which allows garbage
collection of C identifier name sections despite the __start_/__stop_
references. GNU ld before 2015-10 had the behavior as well. Simply set
the retain attribute so that GCC 11 (if configure-time binutils is 2.36
or newer)/Clang 13 will set the SHF_GNU_RETAIN section attribute to
prevent garbage collection.

Without the patch, there are linker errors with -z start-stop-gc
(LLD default) when -Wl,--gc-sections is used:

```
ld.lld: error: undefined symbol: __start___eap
>>> referenced by eap.c
>>>               src/eap.o:(eap_init)
```

The remain attribute will not be needed if the metadata sections are
referenced by code directly.
2021-11-11 14:27:33 -06:00
Andrew Zaborowski
6ac062d151 netconfig: Move FILS override checks to common functions 2021-11-10 11:54:51 -06:00
Andrew Zaborowski
5e7949c144 netconfig: Split ipv4 route setters
Split this function into two, one for setting the gateway route and one
for setting the subnet route.
2021-11-10 11:25:27 -06:00
Andrew Zaborowski
c473290b47 ap: Delay ap_free if called inside event handler
ap.c has been mostly careful to call the event handler at the end of any
externally called function to allow methods like ap_free() to be called
within the handler, but that isn't enough.  For example in
ap_del_station we may end up emitting two events: STATION_REMOVED and
DHCP_LEASE_EXPIRED.  Use a slightly more complicated mechanism to
explicitly guard ap_free calls inside the event handler.

To make it easier, simplify cleanup in ap_assoc_reassoc with the use of
_auto_.

In ap_del_station reorder the actions to send the STATION_REMOVED event
first as the DHCP_LEASE_EXPIRED is a consequence of the former and it
makes sense for the handler to react to it first.
2021-11-09 14:29:52 -06:00
Denis Kenzior
cfd191a803 eap: Silence uninitialized var warning
src/eap.c: In function 'eap_rx_packet':
src/eap.c:419:50: error: 'vendor_type' may be used uninitialized in this function [-Werror=maybe-uninitialized]
  419 |  (type == EAP_TYPE_EXPANDED && vendor_id == (id) && vendor_type == (t))
      |                                                  ^~
src/eap.c:430:11: note: 'vendor_type' was declared here
  430 |  uint32_t vendor_type;

It isn't clear why GCC complains about vendor_type, but not vendor_id.
But in all cases if type == EAP_TYPE_EXPANDED, then vendor_type and
vendor_id are set.  Silence this spurious warning.
2021-11-08 15:12:25 -06:00
Torsten Schmitz
5a111ac902 station: Prevent a NULL pointer access
There is an unchecked NULL pointer access in network_has_open_pair.
open_info can be NULL, when out of multiple APs in range that advertise
the same SSID some advertise OWE transition elments and some don't.
2021-11-08 13:51:34 -06:00
James Prestwood
ea23556a40 scan: use signal strength if bss ranks are equal
If two BSS's end up with the same rank sort them based on signal
strength so IWD still prefers the higher strength BSS.
2021-11-08 13:49:50 -06:00
James Prestwood
f85fc4202a anqp: return the request ID rather than true 2021-11-08 11:31:49 -06:00
Marc-Antoine Perennou
b3991c1a40 eap: Remove nested function use
This allows building iwd with clang
2021-11-08 11:12:37 -06:00
James Prestwood
ba5f4616d2 station: set sysfs options required by HS2.0 spec
The Hotspot 2.0 spec has some requirements that IWD was missing depending
on a few bits in extended capabilities and the HS2.0 indication element.
These requirements correspond to a few sysfs options that can be set in
the kernel which are now set on CONNECTED and unset on DISCONNECTED.
2021-11-04 14:30:00 -05:00
James Prestwood
d4e3ec52b2 scan: keep track of HS20 DGAF Disable bit in scan_bss 2021-11-04 14:29:46 -05:00
James Prestwood
6852cf0a3e ie: parse DGAF Disable bit from HS20 indication element 2021-11-04 14:29:25 -05:00
James Prestwood
fd85192a54 scan: parse Proxy ARP bit from extended capabilities 2021-11-04 14:27:55 -05:00
James Prestwood
b4c20ef81c netconfig: netconfig_reconfigure check bool for setting ARP
Only set the gateway to the ARP cache if the caller requests.
2021-11-03 17:47:03 -05:00
James Prestwood
873924a027 station: set evict_nocarrier sysfs option during roaming
If the kernel supports evict_nocarrier set this during the roam
to prevent packet delays post roam.
2021-11-03 17:44:25 -05:00
James Prestwood
25936b1365 netconfig: remove sysfs static functions 2021-11-03 17:44:11 -05:00
James Prestwood
6ea58f9fde sysfs: introduce sysfs module
Netconfig was the only user of sysfs but now other modules will
also need it.

Adding existing API for IPv6 settings, a IPv4 and IPv6 'supports'
checker, and a setter for IPv4 settings.
2021-11-03 17:44:00 -05:00
James Prestwood
3a47181a50 netdev: add SA Query delay with OCV enabled
The way a SA Query was done following a channel switch was slightly
incorrect. One because it is only needed when OCVC is set, and two
because IWD was not waiting a random delay between 0 and 5000us as
lined out by the spec. This patch fixes both these issues.
2021-10-26 17:16:38 -05:00
Andrew Zaborowski
0971eb4d0c netconfig: Convert netconfig_load_settings to use _auto_
As requested do the cleanup in netconfig_load_settings using ell's
private _auto_() macro.
2021-10-22 12:12:17 -05:00
Andrew Zaborowski
f0a85ddeb4 netconfig: Track local domains lists
Cache the latest v4 and v6 domain string lists in struct netconfig state
to be able to more easily detect changes in those values in future
commits.  For that split netconfig_set_domains's code into this function,
which now only commits the values in netconfig->v{4,6}_domain{,s} to the
resolver, and netconfig_domains_update() which figures out the active
domains string list and saves it into netconfig->v{4,6}_domain{,s}.  This
probably saves some cycles as the callers can now decide to only
recalculate the domains list which may have changed.

While there simplify netconfig_set_domains return type to void as the
result was always 0 anyway and was never checked by callers.
2021-10-22 12:12:17 -05:00
Andrew Zaborowski
2b1b8cce54 netconfig: Track DNS address string lists
Cache the latest v4 and v6 DNS IP string lists in struct netconfig state
to be able to more easily detect changes in those values in future
commits.  For that split netconfig_set_dns's code into this function,
which now only commit the values in netconfig->dns{4,6}_list to the
resolver, and netconfig_dns_list_update() which figures out the active
DNS IP address list and saves it in netconfig->dns{4,6} list.  This
probably saves some cycles as the callers can now decide to only
recalculate the dns_list which may have changed.

While there simplify netconfig_set_dns return type to void as the result
was always 0 anyway and was never checked by callers.
2021-10-22 12:12:17 -05:00
Andrew Zaborowski
7e38962d59 netconfig: Track gateway address strings
Cache the latest v4 and v6 gateway IP string in struct netconfig state
to be able to more easily detect changes in those values in future
commits and perhaps to simplify the ..._routes_install functions.
netconfig_ipv4_get_gateway's out_mac parameter can now be NULL.  While
editing that function fix a small formatting annoyance.
2021-10-22 12:12:17 -05:00
Andrew Zaborowski
ec634ad2a7 netconfig: trivial: Fix double-empty space 2021-10-22 12:12:17 -05:00
Andrew Zaborowski
cfde6c3f55 netconfig: Refactor netconfig_ipv4_get_gateway
Use a separate fils variable to make the code a bit prettier.

Also make sure that the out_mac parameter is not NULL prior to storing
the gateway_mac in it.
2021-10-22 12:12:17 -05:00
Andrew Zaborowski
927a3dc322 netconfig: Cache the IPv6 l_rtnl_address object
For symmetry with netconfig->v4_address add a netconfig->v6_address
so that we can track what the current address is at any time.
2021-10-22 12:12:17 -05:00
Denis Kenzior
d702e037c0 main: Simplify away l_dbus_message_builder use
Since the dictionary attributes are static, l_dbus_message_set_arguments
can be used instead.
2021-10-22 12:12:17 -05:00
Andrew Zaborowski
23799d0cb4 treewide: Parse EnableNetworkConfiguration in one place
Add netconfig_enabled() and use that in all places that want to know
whether network configuration is enabled.  Drop the enable_network_config
deprecated setting, which was only being handled in one of these 5 or so
places.
2021-10-22 12:12:02 -05:00
James Prestwood
e4b78d83d6 network: fix autoconnect for Open networks
This code path was never tested and used to ensure a OWE transition
candidate gets selected over an open one (e.g. if all the BSS's are
blacklisted). But this logic was incorrect and the path was being
taken for BSS's that did not contain the owe_trans element, basically
all BSS's. For RSN's this was somewhat fine since the final check
would set a candidate, but for open BSS's the loop would start over
and potentially complete the loop without ever returning a candidate.
If fallback was false, NULL would be returned.

To fix this only take the OWE transition path if its an OWE transition
BSS, i.e. inverse the logic.
2021-10-20 16:52:16 -05:00
Denis Kenzior
3dc724d734 rrm: Consider requests w/ Beacon Reporting
Normally Beacon Reporting subelements are present only if repeated
measurements are requested.  However, an all-zero Beacon Reporting
subelement is included by some implementations.  Handle this case
similarly to the absent case.
2021-10-20 11:49:13 -05:00
Denis Kenzior
ae0ee89d72 rrm: relax Reporting Detail subelement length check
Since Reporting Detail subelement is listed as 'extensible', make sure
that the length check is not overly restrictive.  We only interpret the
first field.
2021-10-20 11:48:26 -05:00
James Prestwood
42ab82c20c station: disable OCV if offloading is supported
It was seen during testing that several offload-capable cards
were not including the OCI in the 4-way handshake. This made
any OCV capable AP unconnectable.

To be safe disable OCV on any cards that support offloading.
2021-10-19 17:04:42 -05:00
James Prestwood
747cb00c31 wiphy: add wiphy_can_offload
This is a convenience method for detecting any supported offload
extended features (4way/1x/SAE).
2021-10-19 17:04:39 -05:00
James Prestwood
2b88840316 station: don't enable OCV unless MFPC is supported 2021-10-19 15:41:16 -05:00
Denis Kenzior
659a63ae20 netdev: Print if SA Query is in progress 2021-10-19 15:40:26 -05:00
James Prestwood
4b88607b19 netdev: start SA Query on channel switch event
802.11 requires an STA initiate the SA Query procedure on channel
switch events. This patch refactors sending the SA Query into its
own routine and starts the procedure when the channel switch event
comes in.

In addition the OCI needs to be verified, so the channel info is
parsed and set into the handshakes chandef.
2021-10-19 13:28:18 -05:00
James Prestwood
8f036c229e nl80211cmd: make CH_SWITCH_STARTED_NOTIFY name unique
There are several events for channel switching, and nl80211cmd was
naming two of them "Channel Switch Notify". Change
CH_SWITCH_STARTED_NOTIFY to "Channel Switch Started Notify" to
distinguish the two events.
2021-10-19 13:28:07 -05:00
James Prestwood
bf5afa52e5 netdev: add OCI elements to SA Query request/response frames
SA query is the final protocol that requires OCI inclusion and
verification. The OCI element is now included and verified in
both request and response frames as required by 802.11.
2021-10-19 13:26:57 -05:00
James Prestwood
7fed9f758f ie: add ie_parse_oci
This is a very minimal parser, more or less to put the type
and length checks into a single location.
2021-10-19 13:26:49 -05:00
Denis Kenzior
224721e7f0 netconfig: Make sure gw is not NULL
strcmp behavior is undefined if one of the parameters is NULL.
Server-id is a mandatory value and cannot be NULL.  Gateway can be NULL
in DHCP, so check that explicitly.

Reported-by: Andrew Zaborowski <andrew.zaborowski@intel.com>
2021-10-18 10:43:41 -05:00
Denis Kenzior
2135a4f845 netconfig: Try to put gateway mac into ARP cache
In certain situations, it is possible for us to know the MAC of the
default gateway when DHCP finishes.  This is quite typical on many home
network and small network setups.  It is thus possible to pre-populate
the ARP cache with the gateway MAC address to save an extra round trip
at connection time.

Another advantage is during roaming.  After version 4.20, linux kernel
flushes ARP caches by default whenever netdev encounters a no carrier
condition (as is the case during roaming).  This can prevent packets
from going out after a roam for a significant amount of time due to
lost/delayed ARP responses.
2021-10-15 16:43:42 -05:00
Denis Kenzior
b6fd028fe7 ap: Use _u32 dhcp_lease getters 2021-10-13 17:56:51 -05:00
Denis Kenzior
f1b2bca6bd netconfig: Use l_dhcp_lease_get_prefix_length 2021-10-13 17:56:49 -05:00
Denis Kenzior
6b71a71e19 ap: Use l_dhcp_lease_get_prefix_length 2021-10-13 17:56:46 -05:00
James Prestwood
219e18323f station: limit extended key IDs to CCMP ciphers 2021-10-13 10:34:55 -05:00
James Prestwood
a205afe2de netdev: set TK index to zero for FT
Since FT re-uses the handshake the active TK index may be set to a
non-zero value.
2021-10-08 14:13:56 -05:00
Denis Kenzior
3d736d4c20 station: Only set our OCVC if the AP supports it 2021-10-08 13:33:11 -05:00
James Prestwood
1ec6c46a1d station: set extended key capability
If wiphy and the AP suppor it, set the Extended Key ID capability
bit in the RSN info.
2021-10-08 13:27:52 -05:00
James Prestwood
5ff7d113b9 netdev: support extended key IDs
This implements the new handshake callback for setting a TK with
an extended key ID. The procedure is different from legacy zero
index TKs.

First the new TK is set as RX only. Then message 4 should be sent
out (so it uses the existing TK). This poses a slight issue with
PAE sockets since message order is not guaranteed. In this case
the 4th message is stored and sent after the new TK is installed.
Then the new TK is modified using SET_KEY to both send and
receive.

In the case of control port over NL80211 the above can be avoided
and we can simply install the new key, send message 4, and modify
the TK as TX + RX all in sequence, without waiting for any callbacks.
2021-10-08 13:27:14 -05:00
James Prestwood
80135367cf handshake: update TK installer/builder to take key index 2021-10-08 13:26:25 -05:00
Denis Kenzior
a001740506 manager: Initialize all default interfaces
When UseDefaultInterface is set, iwd doesn't attempt to destroy and
recreate any default interfaces it detects.  However, only a single
default interface was ever remembered & initialized.  This is fine for
most cases since the kernel would typically only create a single netdev
by default.

However, some drivers can create multiple netdevs by default, if
configured to do so.  Other usecases, such as tethering, can also
benefit if iwd initialized & managed all default netdevs that were
detected at iwd start time or device hotplug.
2021-10-08 13:23:36 -05:00
Denis Kenzior
a584396147 eapol: Remove unneeded initialization
oci variable is always set during handshake_util_find_kde.  Do not
initialize it unnecessarily to help the compiler / static analysis find
potential issues.
2021-10-08 12:31:36 -05:00
Denis Kenzior
e519d1139a eapol: Remove unneeded assignment
gtk and igtk are already initialized to NULL at declaration time.
There's no need to set them to NULL here.
2021-10-08 12:31:10 -05:00
Denis Kenzior
80ed3ef5b2 eapol: Fix trying to include uninitialized data
If OCI is not used, then the oci array is never initialized.  Do not try
to include it in our GTK 2_of_2 message.

Fixes: ad4d639854 ("eapol: include OCI in GTK 2/2")
2021-10-08 12:31:10 -05:00
James Prestwood
24d4790537 eapol: support extended key IDs
802.11 added Extended Key IDs which aim to solve the issue of PTK
key replacement during rekeys. Since swapping out the existing PTK
may result in data loss because there may be in flight packets still
using the old PTK.

Extended Key IDs use two key IDs for the PTK, which toggle between
0 and 1. During a rekey a new PTK is derived which uses the key ID
not already taken by the existing PTK. This new PTK is added as RX
only, then message 4/4 is sent. This ensure message 4 is encrypted
using the previous PTK. Once sent, the new PTK can be modified to
both RX and TX and the rekey is complete.

To handle this in eapol the extended key ID KDE is parsed which
gives us the new PTK key index. Using the new handshake callback
(handshake_state_set_ext_tk) the new TK is installed. The 4th
message is also included as an argument which is taken care of by
netdev (in case waiting for NEW_KEY is required due to PAE socekts).
2021-10-08 08:52:52 -05:00
James Prestwood
cc850d3a3d nl80211util: set multicast on new group keys
This may not be required but setting the group key mode explicitly
to multicast makes things consistent, even if only for the benefit
of reading iwmon logs easier.
2021-10-08 08:48:58 -05:00
James Prestwood
63b0778c99 handshake: add callback for extended key IDs
The procedure for setting extended key IDs is different from the
single PTK key. The key ID is toggled between 0 and 1 and the new
key is set as RX only, then set to RX/TX after message 4/4 goes
out.

Since netdev needs to set this new key before sending message 4,
eapol can include a built message which netdev will store if
required (i.e. using PAE).
2021-10-08 08:40:29 -05:00
James Prestwood
fba3b90c11 handshake: add flags/key index for extended key IDs
ext_key_id_capable indicates the handshake has set the capability bit
in the RSN info. This will only be set if the AP also has the capability
set.

active_tk_index is the key index the AP chose in message 3. This is
now used for both legacy (always zero) and extended key IDs.
2021-10-08 08:39:27 -05:00
James Prestwood
898c7e636e wiphy: change wiphy_control_port_capable -> enabled
Move the reading of ControlPortOverNL80211 into wiphy itself and
renamed wiphy_control_port_capable to wiphy_control_port_enabled.
This makes things easier for any modules interested in control
port support since they will only have to check this one API rather
than read the settings and check capability.
2021-10-08 08:38:35 -05:00
Andrew Zaborowski
af47112a30 p2p: Add p2p.Peer.Address D-bus property
Expose the Device Address property for each peer.  The spec doesn't say
much about how permanent the address or the name are, although the
device address by definition lives longer than the interface addresses.
However the device address is defined to be unique and the name is not
so the address can be used to differentiate devices with identical name.
Being unique also may imply that it's assigned globally and thus
permanent.

Network Manager uses the P2P device address when saving connection
profiles (and will need it from the backend) and in this case it seems
better justified than using the name.

The address is already in the object path but the object path also
includes the local phy index which may change for no reason even when
the peer's address hasn't changed so the path is not useful for
remembering which device we've connected to before.  Looking at only
parts of the path is considered wrong.
2021-10-06 15:59:15 -05:00
James Prestwood
d2f52a6723 wiphy: add wiphy_supports_ext_key_id 2021-10-04 13:39:29 -05:00
Denis Kenzior
9766426b59 wiphy/netdev: Add & use wiphy_control_port_capable
Some drivers might not actually support control port properly even if
advertised by mac80211.  Introduce a new method to wiphy that will take
care of looking up any driver quirks that override the presence of
NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211
2021-10-01 09:38:38 -05:00
Denis Kenzior
6f925c4dae manager/wiphy: Move default if determination
Move the driver database into wiphy.c so it can be extended with other
potential driver quirks.
2021-10-01 09:28:56 -05:00
Denis Kenzior
c5890ac87f netconfig: Apply MDNS setting at _configure time 2021-09-29 16:08:12 -05:00
Denis Kenzior
7f55a241a4 netconfig: Allow consecutive calls to _load_settings()
Make consecutive calls to netconfig_load_settings() memory-leak safe by
introducing a netconfig_free_settings convenience method.  This method
will free any settings that are allocated as a result of
netconfig_load_settings() and will be called from netconfig_free() to
ensure that any settings are freed as a result of netconfig_destroy().
2021-09-29 16:03:39 -05:00
Andrew Zaborowski
3021472358 netconfig: Set netconfig_get_static6_gateway out param on success
Make sure to only set the netconfig_get_static6_gateway's out_mac
parameter on successful return and make sure to always set it, even if
to NULL.
2021-09-29 15:16:50 -05:00
Andrew Zaborowski
d71a604385 netconfig: Track the IPv6 route add netlink command
For symmetry with IPv4, save the command id for this netlink command so
we can later add logic to the callback as well as be able to cancel the
command.  No functional change in this commit alone.
2021-09-29 14:51:18 -05:00
James Prestwood
e6340996d7 eapol: netdev: allow rekeys using FT-FILS
Rekeying was overlooked when implementing FT-FILS and there were
many places where the AKM was never checked and the rekey was
failing.
2021-09-28 17:26:10 -05:00
James Prestwood
183a7a18a9 eapol: don't enforce PMKID on 1/4 if require_handshake is false
FT/FILS handle their own PMK derivation but rekeys still require
using the 4-way handshake. There is some ambiguity in the spec whether
or not the PMKID needs to be included in message 1/4 and it appears
that when rekeying after FT/FILS hostapd does not include a PMKID.
2021-09-28 17:26:10 -05:00
James Prestwood
ad4d639854 eapol: include OCI in GTK 2/2 2021-09-28 17:26:05 -05:00
James Prestwood
27be63fe65 ft: check authenticator_ie from ft_ds_info, not handshake
The handshake contains the current BSS's RSNE/WPA which may differ
from the FT-over-DS target. When verifying the target BSS's RSNE/WPA
IE needs to be checked, not the current BSS.
2021-09-28 17:24:59 -05:00
James Prestwood
ae358bd524 ft: netdev: store FT-over-DS target RSNE/WPA
Keep track of the target BSS's authenticator IE for verification.
It should not be assumed that the target BSS and original RSNE/WPA
IE matches.
2021-09-28 16:58:41 -05:00
James Prestwood
d0b0004c8c netdev: set result/status for deauth path
If the deauth path was triggered IWD would deauth but end up
calling the connect callback with whatever result netdev had
set, e.g. 'NETDEV_RESULT_OK'. This, of course, caused station
some confusion.
2021-09-28 16:53:25 -05:00
James Prestwood
7e9708ddbc station: start FT-over-DS actions after roaming
Once roamed IWD never sent out any FT Request frames. This prevented
FT-over-DS from being used after an initial roam.
2021-09-28 16:52:26 -05:00
James Prestwood
d68c9e69fa fils: support OCI in reassociation 2021-09-28 16:46:48 -05:00
James Prestwood
c4c14f3ac0 ft: set OCVC false for FT-over-DS
FT-over-DS cannot use OCV due to how the kernel works. This means
we could connect initially with OCVC set, but a FT-over-DS attempt
needs to unset OCVC. Set OCVC false when rebuilding the RSNE for
reassociation.
2021-09-28 11:51:52 -05:00
James Prestwood
bc0375fb30 ft: make Authenticate OCVC settable by caller
The FT-over-DS action stage builds an FT-Request which contains an
RSNE. Since FT-over-DS will not support OCV add a boolean to
ft_build_authenticate_ies so the OCVC bit can be disabled rather
than relying on the handshake setting.
2021-09-28 11:01:03 -05:00
James Prestwood
141b01f82a station: set OCVC for handshakes
Setting OCVC true for all connections unless disabled
2021-09-28 11:01:03 -05:00
James Prestwood
69cf481ca9 ft: get OCI prior to reassociation
This modifies the FT logic to fist call get_oci() before
reassociation. This allows the OCI to be included in reassociation
and in the 4-way handshake later on.

The code path for getting the OCI had to be slightly changed to
handle an OCI that is already set. First the handshake chandef is
NULL'ed out for any new connection. This prevents a stale OCI from
being used. Then some checks were added for this case in
netdev_connect_event and if chandef is already set, start the 4-way
handshake.
2021-09-28 11:01:00 -05:00
James Prestwood
10c8e5e263 netdev: change netdev_get_oci to be used as a callback
This can be reused to be called from ft.c
2021-09-28 10:51:48 -05:00
James Prestwood
7474ff0975 auth-proto: add auth_proto_rx_oci
This allows auth protos to get notified when the chandef has been
set. Since netdev sets chandef already there is no arguments.
2021-09-28 10:51:33 -05:00
James Prestwood
08936c1534 eapol: fix incorrect increment appending OCI
This was addign an extra byte to the buffer which hostapd accepted
unless there was additional data, like the RSNXE.
2021-09-28 10:51:30 -05:00
James Prestwood
e6aaceeb4b doc: add DisableOCV setting 2021-09-28 10:51:25 -05:00
Denis Kenzior
6c0eb76cb7 netconfig: Set address at configure time
netconfig_load_settings is called when establishing a new initial
association to a network.  This function tries to update dhcp/dhcpv6
clients with the MAC address of the netdev being used.  However, it is
too early to update the MAC here since netdev might need to powercycle
the underlying network device in order to update the MAC (i.e. when
AddressRandomization="network" is used).

If the MAC is set incorrectly, DHCP clients are unable to obtain the
lease properly and station is stuck in "connecting" mode indefinitely.
Fix this by delaying MAC address update until netconfig_configure() is
invoked.

Fixes: ad228461ab ("netconfig: Move loading settings to new method, refactor")
2021-09-28 10:11:20 -05:00
James Prestwood
8db2f442bc netdev: fix return value check for ft_over_ds_parse_action_ies
This returns a bool but was being treated as a signed int.
2021-09-27 19:32:52 -05:00
James Prestwood
2613564093 util: surround MAC_STR array access with ()
This allows printing from pointer offsets, for example:

MAC_STR(buf + 10)
2021-09-27 19:32:41 -05:00
James Prestwood
7e95480094 station: remove signal_low check for FT-over-DS
If the AP advertises FT-over-DS support it likely wants us to use
it. Additionally signal_low is probably going to be true since IWD
has started a roam attempt.
2021-09-27 12:44:40 -05:00
James Prestwood
61c804f5b2 ft: sent OCI in Reassociate 2021-09-27 12:42:45 -05:00
James Prestwood
1e9c3b3d1e eapol: send OCI in handshake 2/4 2021-09-27 12:42:37 -05:00
James Prestwood
23fb4493df ie: add OCI support in build_fast_bss_transition 2021-09-27 12:42:33 -05:00
James Prestwood
1187fcbf42 handshake: free chandef if already set
This can happen with FT, since the handshake object is reused.
2021-09-23 17:46:57 -05:00
James Prestwood
dfd304353d station: check if connected before allowing Roam() 2021-09-23 17:46:51 -05:00
James Prestwood
b6884df39a station: fix use-after-free on neighbor reports
When netdev goes down so does station, but prior to netdev calling
the neighbor report callback. The way the logic was written station
is dereferenced prior to checking for any errors, causing a use
after free.

Since -ENODEV is used in this case check for that early before
accessing station.
2021-09-23 17:46:34 -05:00
Denis Kenzior
a0deadc919 treewide: Remove double-empty lines 2021-09-23 17:45:29 -05:00
Denis Kenzior
a2990443d2 band: add oci_from_chandef
This adds a utility to convert a chandef obtained from the kernel into a
3 byte OCI element format containing the operating class, primary
  channel and secondary channel center frequency index.
2021-09-23 11:52:56 -05:00
James Prestwood
885c4c9632 scan: use oper_class/channel for OWE hidden scans
If these are included in the OWE transition IE use them to scan
for the OWE hidden network.
2021-09-22 14:40:10 -05:00
James Prestwood
e798d4fe9d scan: validate OWE transition operating class/channel
If the IE's operating class and channel doesn't validate don't bother
storing the IE at all.
2021-09-22 14:39:33 -05:00
James Prestwood
ea16ade5e0 ie: parse operating class/channel for ie_owe_transition_info 2021-09-22 14:32:50 -05:00
James Prestwood
22ff2a5f79 scan: use structure for OWE transition parsing
This changes scan_bss from using separate members for each
OWE transition element data type (ssid, ssid_len, and bssid)
to a structure that holds them all.

This is being done because OWE transition has option operating
class and channel bytes which will soon be parsed. This would
end up needing 5 separate members in scan_bss which is a bit
much for a single IE that needs to be parsed.

This makes checking the presense of the IE more convenient
as well since it can be done with a simple NULL pointer check
rather than having to l_memeqzero the BSSID.
2021-09-22 13:52:44 -05:00
James Prestwood
421f068903 ie: add info struct for OWE transition
These members are currently stored in scan_bss but with the
addition of operating class/band info this will become 5
separate members. This is a bit excessive to store in scan_bss
separately so instead this structure can hold everything related
to the OWE transition IE.
2021-09-22 13:52:36 -05:00
Denis Kenzior
c678ba16b8 netdev: Pretty print the unicast notification type 2021-09-22 08:28:46 -05:00
James Prestwood
6dc7fde272 ie: parse RSNXE Present bit 2021-09-21 16:34:36 -05:00
Denis Kenzior
06482b8116 netdev: Obtain operating channel info
Prior to starting the 4-way handshake, obtain operating channel
information (OCI) for possible operating channel validation (OCV)
processing.
2021-09-21 15:48:08 -05:00
Denis Kenzior
2aded60c94 eapol: Validate OCI in STA mode 2021-09-21 15:39:55 -05:00
Denis Kenzior
8ada894f70 handshake: Add OCV utilities
Add a utility for setting the OCI obtained from the hardware (prior to
handshake starting) as well as a utility to validate the OCI obtained
from the peer.
2021-09-21 15:39:07 -05:00
Denis Kenzior
b41106d359 band: Add oci_verify
Add a utility that will verify a peer's OCI element and validate it
given the current chandef obtained from the driver.
2021-09-21 15:34:40 -05:00
Denis Kenzior
ca767aa857 band: Add oci_to_frequency
This adds a utility that can convert an operating class + channel
combination to a frequency.  Operating class is assumed to be a global
operating class from 802.11 Appendix E4.

This information can be found in Operating Channel Information (OCI) IEs,
as well as OWE Transition Mode IEs.
2021-09-21 15:34:40 -05:00
Denis Kenzior
85a6fc25f1 nl80211util: Add chandef parser
Parse chandef elements from NL80211_CMD_GET_INTERFACE.  This provides
information on the current operating channel.
2021-09-21 15:21:39 -05:00
Denis Kenzior
5e631c8af8 handshake: Refactor ie setters
Calling handshake_state_setup_own_ciphers from within
handshate_state_set_authenticator_ie was misleading.  In all cases the
supplicant chooses the AKM.  This worked since our AP code only ever
advertises a single AKM, but would not work in the general case.

Similarly, the supplicant would choose which authentication type to use
by either sending the WPA1 or WPA2 IE (or OSEN).  Thus the setting of
the related variables in handshake_state_set_authenticator_ie was also
incorrect.  In iwd, the supplicant_ie would be set after the
authenticator_ie, so these settings would be overwritten in most cases.

Refactor these two setters so that the supplicant's chosen rsn_info
would be used to drive the handshake.
2021-09-20 15:19:27 -05:00
Denis Kenzior
63ef918671 ap: validate group cipher
Make sure to validate group_cipher from the STA similarly to how
akm_suites and pairwise_ciphers are validated.
2021-09-20 15:19:27 -05:00
Fabrice Fontaine
ec1c348b4f build: Add reallocarray to missing.h
reallocarray has been added to glibc relatively recently (version 2.26,
from 2017) and apparently not all users run new enough glibc. Moreover,
reallocarray is not available with uclibc-ng. So use realloc if
reallocarray is not available to avoid the following build failure
raised since commit 891b78e9e8:

/home/giuliobenetti/autobuild/run/instance-3/output-1/host/lib/gcc/xtensa-buildroot-linux-uclibc/10.3.0/../../../../xtensa-buildroot-linux-uclibc/bin/ld: src/sae.o: in function `sae_rx_authenticate':
sae.c:(.text+0xd74): undefined reference to `reallocarray'

Fixes:
 - http://autobuild.buildroot.org/results/c6d3f86282c44645b4f1c61882dc63ccfc8eb35a
2021-09-20 10:32:51 -05:00
James Prestwood
f45696485c network: reply to pending messages on network_unregister
If there is a connect_after_* message for ANQP or OWE hidden networks
reply to these before unregistering the network.
2021-09-17 18:13:15 -05:00
James Prestwood
8a735edac0 network: prefer OWE transition BSS over open
There isn't much control station has with how BSS's are inserted to
a network object. The rank algorithm makes that decision. Because of
this we could end up in a situation where the Open BSS is preferred
over the OWE transition BSS.

In attempt to better handle this any Open BSS in this type of network
will not be chosen unless its the only candidate (e.g. no other BSSs,
inability to connect with OWE, or an improperly configured network).
2021-09-17 18:05:07 -05:00
James Prestwood
e462dcda56 station: handle OWE Transition procedure
OWE Transition is described in the WiFi Alliance OWE Specification
version 1.1. The idea behind it is to support both legacy devices
without any concept of OWE as well as modern ones which support the
OWE protocol.

OWE is a somewhat special type of network. Where it advertises an
RSN element but is still "open". This apparently confuses older
devices so the OWE transition procedure was created.

The idea is simple: have two BSS's, one open, and one as a hidden
OWE network. Each network advertises a vendor IE which points to the
other. A device sees the open network and can connect (legacy) or
parse the IE, scan for the hidden OWE network, and connect to that
instead.

Care was taken to handle connections to hidden networks directly.
The policy is being set that any hidden network with the WFA OWE IE
is not connectable via ConnectHiddenNetwork(). These networks are
special, and can only be connected to via the network object for
the paired open network.

When scan results come in from any source (DBus, quick, autoconnect)
each BSS is checked for the OWE Transition IE. A few paths can be
taken here when the IE is found:

1. The BSS is open. The BSSID in the IE is checked against the
   current scan results (excluding hidden networks). If a match is
   found we should already have the hidden OWE BSS and nothing
   else needs to be done (3).

2. The BSS is open. The BSSID in the IE is not found in the
   current scan results, and the open network also has no OWE BSS
   in it. This will be processed after scan results.

3. The BSS is not open and contains the OWE IE. This BSS will
   automatically get added to the network object and nothing else
   needs to be done.

After the scan results each network is checked for any non-paired
open BSS's. If found a scan is started for these BSS's per-network.
Once these scan results come in the network is notified.

From here network.c can detect that this is an OWE transition
network and connect to the OWE BSS rather than the open one.
2021-09-17 17:59:54 -05:00
James Prestwood
71384da38f network: add network_get_station 2021-09-17 17:59:52 -05:00
James Prestwood
a6c4972290 scan: add scan API specifically for OWE transition networks
Specifically OWE networks with multiple open/hidden BSS's are troublesome
to scan for with the current APIs. The scan parameters are limited to a
single SSID and even if that was changed we have the potential of hitting
the max SSID's per scan limit. In all, it puts the burden onto the caller
to sort out the SSIDs/frequencies to scan for.

Rather than requiring station to handle this a new scan API was added,
scan_owe_hidden() which takes a list of open BSS's and will automatically
scan for the SSIDs in the OWE transition IE for each.

It is slightly optimized to first check if all the hidden SSID's are the
same. This is the most likely case (e.g. single pair or single network)
and a single scan command can be used. Otherwise individual scan commands
are queued for each SSID/frequency combo.
2021-09-17 17:59:43 -05:00
Denis Kenzior
c235c9fa54 handshake: Only bitwise compare when needed
handshake_util_ap_ie_matches() is used to make sure that the RSN element
received from the Authenticator during handshake / association response
is the same as the one advertised in Beacon/Probe Response frames.  This
utility tries to bitwise compare the element first, and only if that
fails, compares RSN members individually.

For FT, bitwise comparison will always fail since the PMKID has to be
included by the Authenticator in any RSN IEs included in Authenticate
& Association Response frames.

Perform the bitwise comparison as an optimization only during processing
of eapol message 3/4.  Also keep the parsed rsn information for future
use and to possibly avoid re-parsing it during later checks.
2021-09-17 09:19:26 -05:00
Denis Kenzior
4d95e3a161 handshake: Update KDE definitions to 802.11-2020 2021-09-17 08:27:20 -05:00
Denis Kenzior
77d2d79ac2 handshake: Also check OCVC bit 2021-09-17 08:22:40 -05:00
Denis Kenzior
171b2b90b8 ie: Add support for OCVC bit in RSNE utils 2021-09-17 08:22:15 -05:00
Denis Kenzior
64923913c2 station: Trigger autoconnect only on last subset
DBus scan is performed in several subsets.  In certain corner-case
circumstances it would be possible for autoconnect to run after each
subset scan.  Instead, trigger autoconnect only after the dbus scan
completes.

This also works around a condition where ANQP results could trigger
autoconnect too early.
2021-09-16 17:28:04 -05:00
Denis Kenzior
17827f1ff9 station: Commonize autoconnect starting logic 2021-09-16 16:41:59 -05:00
Denis Kenzior
c0fe7070a3 station: Simplify station_set_scan_results() calls
Several invocations of station_set_scan_results() base the
'add_to_autoconnect' parameter on station_is_autoconnecting().  Simplify
the code by having station_set_scan_results() invoke that itself.
'add_to_autoconnect' now becomes an 'intent' parameter, specifying
whether autoconnect path should be invoked as a result of these scan
results or not when station is in an appropriate state.  Rename
'add_to_autoconnect' parameter to make this clearer.
2021-09-16 16:38:16 -05:00
Denis Kenzior
514e3b2710 station: Don't autoconnect via debug scans
Scans triggered via the StationDebug interface should not trigger the
autoconnect logic.
2021-09-16 16:38:03 -05:00
James Prestwood
163fb868c2 station: Ignore OWE Transition BSSes
BSSes that advertise OWE Transition IE are special and should be ignored
for the purposes of ConnectHiddenNetwork
2021-09-16 16:35:57 -05:00
James Prestwood
e10bb3bd77 station: Do not re-process cached entries for anqp
If the frequency of the bss is not in the list of frequencies for the
current scan, then this is a cached bss.  It was likely already
processed for ANQP before, so skip it.
2021-09-16 16:35:15 -05:00
James Prestwood
a94c0ed29e scan: keep track of OWE Transition element 2021-09-16 11:21:32 -05:00
James Prestwood
df6221bcb2 scan: allow non-utf8 SSIDs to be scanned for
IWD has restricted SSIDs to only utf8 so they can be displayed but
with the addition of OWE transition networks this is an unneeded
restriction (for these networks). The SSID of an OWE transition
network is never displayed to the user so limiting to utf8 isn't
required.

Allow non-utf8 SSIDs to be scanned for by including the length in
the scan parameters and not relying on strlen().
2021-09-16 11:20:46 -05:00
James Prestwood
56c2cf9f10 ie: add ie_parse_owe_transition_from_data
This is a parser for the WFA OWE Transition element. For now the
optional band/channel bytes will not be parsed as hostapd does not
yet support these and would also require the 802.11 appendix E-1
to be added to IWD. Because of this OWE Transition networks are
assumed to be on the same channel as their open counterpart.
2021-09-16 11:20:14 -05:00
Andrew Zaborowski
42bd5ba7c2 netconfig: Remove usage of in6_addr.__in6_u
in6_addr.__in6_u.__u6_addr8 is glibc-specific and named differently in
the headers shipped with musl libc for example.  The POSIX compliant and
universal way of accessing it is in6_addr.s6_addr.
2021-09-16 11:09:51 -05:00
James Prestwood
c19dc6605f network: fix pending hidden OWE scan logic
This was actually broken if triggered because __network_connect
checks if network->connect_after_owe_hidden is set and returns
already in progress. We want to keep this behavior though for
obvious reasons.

To fix this station_connect_network can be called directly which
bypasses the check. This is essentially how ANQP avoids this
problem as well.
2021-09-15 18:36:54 -05:00
James Prestwood
f8b703efed network: support connect during OWE hidden scan
Similar to ANQP a connect call could come in while station is
scanning for OWE hidden networks. This is supported in the same
manor by saving away the dbus message and resuming the connection
after the hidden OWE scan.
2021-09-15 15:49:21 -05:00
James Prestwood
e6f5efbe73 station: add OWE_HIDDEN_STARTED/FINISHED events 2021-09-15 15:49:05 -05:00
James Prestwood
81816ce04d station: network: make ANQP watch a generic event
With the addition of OWE transition network needs to be notified
of the hidden OWE scan which is quite similar to how it is notified
of ANQP. The ANQP event watch can be made generic and reused to
allow other events besides ANQP.
2021-09-15 15:49:02 -05:00
James Prestwood
926dc608af network: set handshake SSID based on BSS, not network
This is being added to support OWE transition mode. For these
type of networks the OWE BSS may contain a different SSID than
that of the network, but the WFA spec requires this be hidden
from the user. This means we need to set the handshake SSID based
on the BSS rather than the network object.
2021-09-15 14:59:05 -05:00
James Prestwood
4329b669d0 ie: add WFA OWE Transition element type 2021-09-15 12:56:43 -05:00
Andrew Zaborowski
8b573fe398 netconfig: Refactor netconfig_set_dns
Refactor netconfig_set_dns to be a bit easier to follow and remove use
of macros.  Also bail out early if no DNS addresses are provided instead
of building an empty DNS list since resolve_set_dns() simply returns if
a NULL or empty DNS list is provided.
2021-09-14 15:12:12 -05:00
Denis Kenzior
23af586acd netdev: Properly handle auth_proto error returns
Kernel keeps transmitting authentication frames until told to stop or an
authentication frame the kernel considers 'final' is received.  Detect
cases where the kernel would keep retransmitting, and if auth_proto
encounters a fatal protocol error, prevent these retransmissions from
occuring by sending a Deauthenticate command to the kernel.

Additionally, treat -EBADMSG/-ENOMSG return from auth_proto specially.
These error codes are meant to convey that a frame should be silently
dropped and retransmissions should continue.
2021-09-08 17:04:36 -05:00
James Prestwood
3d82ab167f mpdu: add MMPDU_STATUS_CODE_SAE_PK 2021-09-08 16:47:36 -05:00
James Prestwood
305189523a auth-proto: document acceptable return values for auth-protos
Since all auth-protos are hidden behind an abstraction they need
to be consisten with the return values as some should be handled
specially.
2021-09-08 16:46:45 -05:00
James Prestwood
7e9b4170b1 sae: don't send commit/confirm in confirmed state
This works around a hostapd bug (described more in the TODO comment)
which is exposed because of the kernels overly agressive re-transmit
behavior on missed ACKs. Combined this results in a death if the
initial commit is not acked. This behavior has been identified in
consumer access points and likely won't ever be patched for older
devices. Because of this IWD must work around the problem which can
be eliminated by not sending out this commit message.

This bug was reported to the hostapd ML:

https://lists.infradead.org/pipermail/hostap/2021-September/039842.html

This change should not cause any compatibility problems to non-hostapd
access points and is identical to how wpa_supplicant treats this
scenario.
2021-09-08 16:46:07 -05:00
James Prestwood
f78ea26f13 fils: change fatal return code to -EPROTO
This keeps FILS consistent with what netdev expects for a fatal
auth-proto return.
2021-09-08 14:35:05 -05:00
James Prestwood
8ca638fb88 sae: fix a spec violation with duplicate commits
If a commit is received while in an accepted state the spec states
the scalar should be checked against the previous commit and if
equal the message should be silently dropped.
2021-09-08 14:16:40 -05:00
James Prestwood
799e7af9c7 sae: print state and transaction on received packets
This will make SAE a bit easier to debug in the future.
2021-09-07 20:03:02 -05:00
James Prestwood
7fe55567bd netdev: print error if CMD_ASSOCIATE fails 2021-09-07 20:02:45 -05:00
Denis Kenzior
9d045fae0e scan: Parse network cost IE info into scan_bss 2021-09-03 16:32:51 -05:00
Denis Kenzior
c93966d5a1 ie: Add parse utility for network cost vendor IE 2021-09-03 16:30:28 -05:00
Andrew Zaborowski
c545674918 station: Check ie_tlv_iter_next return value
This can't be false but check it to calm static analysis.
2021-09-03 14:49:25 -05:00
Andrew Zaborowski
48c5e8d215 netconfig: Actually use the DNS override values
In netconfig_load_settings apply the DNS overrides strings we've loaded
instead of leaking them.

Fixes: ad228461ab ("netconfig: Move loading settings to new method, refactor")
2021-09-03 14:49:15 -05:00
Denis Kenzior
dd9265f2db netdev: deauth if eapol_start fails 2021-09-03 14:40:16 -05:00
James Prestwood
8b6ad5d3b9 owe: netdev: refactor to remove OWE as an auth-proto 2021-09-03 14:34:30 -05:00
James Prestwood
038b9bff4d wsc: set ssid in handshake
netdev now assumes the SSID was set in the handshake (normally via
network_handshake_setup) but WSC calls netdev_connect directly so
it also should set the SSID.
2021-09-03 14:30:44 -05:00
James Prestwood
db2f14225d netdev: factor out scan_bss from CMD_CONNECT builder
In order to support OWE in the CMD_CONNECT path the scan_bss parameter
needs to be removed since this is lost after netdev_connect returns.
Nearly everything needed is also stored in the handshake except the
privacy capability which is now being mirrored in the netdev object
itself.
2021-09-03 14:30:44 -05:00
James Prestwood
3975e4eb6d station: check for duplicate frequencies in debug scan 2021-09-03 13:19:49 -05:00
Andrew Zaborowski
5b7ec7689a ap: Add MACs to FILS IP Assignment responses
Try to include the gateway and DNS MAC addresses in the corresponding
fields in the FILS IP Address Assignment IEs we send to the clients.
2021-08-31 10:10:05 -05:00
Andrew Zaborowski
093d23a869 netconfig: Apply MACs received in FILS IP Assigment
Use the MAC addresses for the gateways and DNS servers received in the
FILS IP Assigment IE together with the gateway IP and DNS server IP.
Commit the IP to MAC mappings directly to the ARP/NDP tables so that the
network stack can skip sending the corresponding queries over the air.
2021-08-31 10:07:13 -05:00
Andrew Zaborowski
eb1149ca1f ie: Extract same-subnet check code to util.h 2021-08-31 10:06:47 -05:00
Andrew Zaborowski
d383a49b7b station, netdev: Enable FILS IP Address Assignment
Send and receive the FILS IP Address Assignment IEs during association.
As implemented this would work independently of FILS although the only
AP software handling this mechanism without FILS is likely IWD itself.

No support is added for handling the IP assignment information sent from
the server after the initial Association Request/Response frames, i.e.
the information is only used if it is received directly in the
Association Response without the "response pending" bit, otherwise the
DHCP client will be started.
2021-08-31 10:04:36 -05:00
Andrew Zaborowski
581b6139dc netconfig: FILS IP assigment API
Add two methods that will allow station to implement FILS IP Address
Assigment, one method to decide whether to send the request during
association, and fill in the values to be used in the request IE, and
another to handle the response IE values received from the server and
apply them.  The netconfig->rtm_protocol value used when the address is
assigned this way remains RTPROT_DHCP because from the user's point of
view this is automatic IP assigment by the server, a replacement for
DHCP.
2021-08-31 10:01:11 -05:00
Andrew Zaborowski
ad228461ab netconfig: Move loading settings to new method, refactor
Split loading settings out of network_configure into a new method,
network_load_settings.  Make sure both consistently handle errors by
printing messages and informing the caller.
2021-08-31 08:37:47 -05:00
James Prestwood
4b38c92f26 netdev: force SAE group 19 if BSS requires 2021-08-25 13:05:15 -05:00
James Prestwood
6680a771e8 sae: add sae_sm_set_force_group_19
Setter which forces the use of group 19 rather than the group order
that ELL provides. Certain APs have been found to have buggy group
negotiation and only work if group 19 is tried first, and only. When
an AP like this this is found (based on vendor OUI match) SAE will
use group 19 unconditionally, and fail if group 19 does not work.
Other groups could be tried upon failure but per the spec group 19
must be supported so there isn't much use in trying other, optional
groups.
2021-08-25 13:05:05 -05:00
James Prestwood
194b4cf60e scan: set force_default_sae_group if OUI matches 2021-08-25 13:04:15 -05:00
James Prestwood
f26f51bf8c ie: add is_ie_default_sae_group_oui
Start an OUI list of vendors who have buggy SAE group negotiation
2021-08-25 12:58:55 -05:00
Andrew Zaborowski
58d2814a92 ap: Support FILS IP Address Assignment IE
Handle the 802.11ai FILS IP Address Assignment IEs in Association
Request frames when netconfig is enabled.  Only IPv4 is supported.
Like the P2P IP Allocation mechanism, since the payload format and logic
is independent from the rest of the FILS standard this is enabled
unconditionally for clients who want to use it even though we don't
actually do FILS in AP mode.
2021-08-25 08:32:16 -05:00
Andrew Zaborowski
8f5f62575d ie: Add FILS IP Address Assignment parsers and builders 2021-08-25 08:02:57 -05:00
Andrew Zaborowski
3045ef0770 ap: Expire client's leases on disconnect
If netconfig is enabled tell the DHCP server to expire any leases owned
by the client that is disconnecting by using l_dhcp_server_expire_by_mac
to return the IPs to the IP pool.  They're added to the expired list
so they'd only be used if there are no other addresses left in the pool
and can be reactivated if the client comes back before the address is
used by somebody else.

This should ensure that we're always able to offer an address to a new
client as long as there are fewer concurrent clients than addresses in
the configured subnet or IP range.
2021-08-25 08:02:38 -05:00
Andrew Zaborowski
bc046994db ap: Implement P2P GO-side 4-way handshake IP Allocation
Use the struct handshake_state::support_ip_allocation field already
supported in eapol.c authenticator side to enable the P2P IP Allocation
mechanism in ap.c.  Add the P2P_GROUP_CAP_IP_ALLOCATION bit in P2P group
capabilities to signal the feature is now supported.

There's no harm in enabling this feature in every AP (not just P2P Group
Owner) but the clients won't know whether we support it other than
through that P2P-specific group capability bit.
2021-08-25 08:02:13 -05:00
Andrew Zaborowski
a90c4025f1 handshake: Add HANDSHAKE_EVENT_P2P_IP_REQUEST
Add a handshake event for use by the AP side for mechanisms that
allocate client IPs during the handshake: P2P address allocation and
FILS address assignment.  This is emitted only when EAPOL or the
auth_proto is actually about to send the network configuration data to
the client so that ap.c can skip allocating a DHCP leases altogether if
the client doesn't send the required KDE or IE.
2021-08-25 08:01:23 -05:00
Denis Kenzior
a75126af39 netdev: Retry IF_OPER_UP
Some drivers ignore the initial IF_OPER_UP setting that was sent during
netdev_connect_ok().  Attempt to work around this by parsing New Link
events.  If OperState setting is still not correct in a subsequent event,
retry setting OperState to IF_OPER_UP.
2021-08-20 09:49:29 -05:00
James Prestwood
9eb3adc33b anqp: print MAC when sending ANQP request 2021-08-18 19:52:20 -05:00
James Prestwood
ea572f23fc network: handle NULL/hotspot networks when removing secrets
The hotspot case can actually result in network being NULL which
ends up crashing when accessing "->secrets". In addition any
secrets on this network were never removed for hotspot networks
since everything happened in network_unset_hotspot.
2021-08-18 16:58:31 -05:00
James Prestwood
99a94bc441 network: destroy secrets on known network removal
If a known network is removed explicitly IWD should forget any
secrets cached on the network object.
2021-08-17 11:44:36 -05:00
James Prestwood
cd2dd4e2dc station: Add generic Event signal
This is meant to be used as a generic notification to autotests. For
now 'no-roam-candidates' is the only event being sent. The idea
is to extend these events to signal conditions that are otherwise
undiscoverable in autotesting.
2021-08-13 14:44:24 -05:00
Andrew Zaborowski
2af0166970 ap: Make station removal safer
Replace instances of the ap_del_station() +
ap_sta_free()/ap_remove_sta() with calls to ap_station_disconnect to
make sure we consistently remove the station from the ap->sta_states
queue before using ap_del_station().  ap_del_station() may generate an
event to the ap.h API user (e.g. P2P) and this may end up tearing down
the AP completely.

For that scenario we also don't want ap_sta_free() to access sta->ap so
we make sure ap_del_station() performs these cleanup steps so that
ap_sta_free() has nothing to do that accesses sta->ap.
2021-08-13 10:49:28 -05:00
Andrew Zaborowski
97a34e6b4a ap: Fix an invalid access in ap_write_wsc_ie
client_frame is not valid for a beacon frame as beacons are not sent in
response to another frame.  Move the access to client_frame->address_2
to the conditional blocks for Probe Response and Association Response
frames.
2021-08-13 10:49:28 -05:00
Andrew Zaborowski
5c9de0cf23 eapol: Store IP address in network byte order
Switch handshake_state's .client_ip_addr, .subnet_mask and .go_ip_addr
from host byte order to network by order.
2021-08-13 10:47:05 -05:00
James Prestwood
dffff73e89 station: implement Scan on debug interface
This is to support the autotesting framework by allowing a smaller
scan subset. This will cut down on the amount of time spent scanning
via normal DBus scans (where the entire spectrum is scanned).
2021-08-13 10:44:26 -05:00
James Prestwood
ea3ce7a119 station: set autoconnect via setter
This updates the autoconnect property for the debug interface
2021-08-13 10:41:25 -05:00
James Prestwood
f6f08f9b96 station: disable autoconnect when in developer mode
Most autotests do not want autoconnect behavior so it is being
turned off by default. There are a few tests where it is needed
and in these few cases the test can enable autoconnect through
the new station debug property.
2021-08-12 16:53:58 -05:00
James Prestwood
249a1ef1c0 station: make autoconnect settable via debug interface
This adds the property "AutoConnect" to the station debug interface
which can be read/written to disable or enable autoconnect globally.
As one would expect this property is only going to be used for testing
hence why it was put on the debug interface. Mosts tests disable
autoconnect (or they should) because it leads to unexpected connections.
2021-08-12 15:57:00 -05:00
James Prestwood
77c4d311ff station: move Roam() under station debug interface 2021-08-12 14:59:19 -05:00
James Prestwood
3afa5e570d station: add ConnectBssid() developer method
This method will initiate a connection to a specific BSS rather
than relying on a network based connection (which the user has
no control over which specific BSS is selected).
2021-08-12 14:46:08 -05:00
James Prestwood
b543bf76f1 netdev: move failure point out of netdev_connect_common
The only point of failure in netdev_connect_common was setting
up the handshake type. Moving this outside of netdev_connect_common
makes the code flow much better in netdev_{connect,reassociate} as
nothing needs to be reset upon failure.
2021-08-12 13:05:58 -05:00
Matt Oberle
2e50e6fc05 hotspot: stat fallback for unknown d_type
Utilize 'storage_is_file' when readdir returns DT_UNKNOWN to ensure
features like autoconnect work on filesystems that don't return a d_type
(eg. XFS).
2021-08-12 10:00:11 -05:00
Matt Oberle
328cb02e4d knownnetworks: stat fallback for unknown d_type
Utilize 'storage_is_file' when readdir returns DT_UNKNOWN to ensure
features like autoconnect work on filesystems that don't return a d_type
(eg. XFS).
2021-08-12 09:59:47 -05:00
Matt Oberle
3ab0d8270a storage: provide storage_is_file
Add a function 'storage_is_file' which will use stat to verify a
file's existence given a path relative to the storage directory.

Not all filesystems provide a file type via readdir's d_type.
XFS is a notable system with optional d_type support.
When d_type is not supported stat must be used as a fallback.
If a stat fallback is not provided iwd will fail to load state files.
2021-08-12 09:59:17 -05:00
James Prestwood
b33d100f7b station: set preparing_roam flag on Roam()
The preparing_roam flag is expected to be set by a few roam
routines and normally this is done prior to the roam scan.
The Roam() developer option was not doing this and would
cause failed roams in some cases.
2021-08-06 22:29:52 -05:00
James Prestwood
04f563c3dc dbus: add StationDebug interface definition
This will hold methods/properties for developers to use.
2021-08-06 22:29:27 -05:00
James Prestwood
a4d18ecf8f network: add __network_connect
This is to support the ConnectBssid developer method which
bypasses the BSS selection logic in order to force a connection
to a specific BSS.
2021-08-06 22:28:44 -05:00
James Prestwood
80fec3f5f4 netdev: allow reassociation for auth-protos
This adds support in netdev_reassociate for all the auth
protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect
into netdev_connect_common. In addition PREV_BSSID is set
in the associate message if 'in_reassoc' is true.
2021-08-06 22:03:13 -05:00
Denis Kenzior
da0fa4e012 station: Set network's vendor IEs into handshake
This guarantees that the vendor IEs will be used on ReAssociate and
Fast-Transition paths, as well as on all non-CMD_CONNECT based
connections.
2021-08-06 14:23:45 -05:00
Denis Kenzior
7e9971661b netdev: Append any vendor IEs from the handshake 2021-08-06 14:07:06 -05:00
Denis Kenzior
f24cfa481b handshake: Add setter for vendor IEs
Some connections, like Hotspot require additional IEs to be used during
the Association.  These are now passed as 'extra_ies' when invoking
netdev_connect, however they are also needed during ReAssociation and FT
to such APs.

Additionally, it may be that Hotspot-enabled APs will start utilizing
FILS or SAE.  In these cases the extra_ies need to be accounted for
somehow, either by making a copy in handshake_state, netdev, or the
auth_proto itself.  Similarly, P2P which heavily uses vendor IEs can be
used over SAE in the future.

Since a copy of these IEs is needed, might as well store them in
handshake_state itself for easy book-keeping by network/station.
2021-08-06 14:04:25 -05:00
Denis Kenzior
8f9e6b3f76 netdev: Send addititional IEs for FT/SAE/OWE/FILS
RM Enabled Capabilities and Extended Capabilities IEs were correctly
being sent when using CMD_CONNECT for initial connections and
re-associations.  However, for SoftMac SAE, FT, FILS and OWE connections,
these additional IEs were not added properly during the Associate step.
2021-08-05 21:01:37 -05:00
Denis Kenzior
289b8826bf netdev: Always send RM Enabled Capabilities
If the driver supports RRM, then we might as well always send the RM
Enabled Capabilities IE (and use the USE_RRM flag).  802.11-2020
suggests that this IE can be sent whenever
dot11RadioMeasurementActivated is true, and this setting is independent
of whether the peer supports RRM.  There's nothing to indicate that an
STA should not send these IEs if the AP is not RRM enabled.
2021-08-05 15:49:46 -05:00
Alvin Šipraga
aa7845ca98 netdev: update frequency on channel switch events
While we correctly emit a NETDEV_EVENT_CHANNEL_SWITCHED event from
netdev for other modules to respond to, we fail to actually update the
frequency of the netdev object in question. Since the netdev frequency
is used elsewhere (e.g. to send action frames), it needs updating too.

Fixes: 5eb0b7ca8e ("netdev: add a channel switch event")
2021-08-05 10:35:50 -05:00
Denis Kenzior
317e345a6a netdev: Remove prev_bssid member
This variable ended up being used only on the fast-transition path.  On
the re-associate path it was never used, but memcpy-ied nevertheless.
Since its only use is by auth_proto based protocols, move it to the
auth_proto object directly.

Due to how prepare_ft works (we need prev_bssid from the handshake, but
the handshake is reset), have netdev_ft_* methods take an 'orig_bss'
parameter, similar to netdev_reassociate.
2021-08-04 23:08:34 -05:00
Denis Kenzior
60e2a9994f netdev: Remove unused variable
This was set, but never used in any way
2021-08-04 15:55:30 -05:00
Denis Kenzior
17d653904f netdev: netdev_connect_common doesn't fail 2021-08-04 15:55:30 -05:00
Denis Kenzior
3f69ddb615 mpdu: Add ie sorting utility
IE elements in various management frames are ordered.  This ordering is
outlined in 802.11, Section 9.3.3.  The ordering is actually different
depending on the frame type.  Instead of trying to implement the order
manually, add a utility function that will sort the IEs in the order
expected by the particular management frame type.

Since we already have IE ordering look up tables in the various
management frame type validation functions, move them to global level
and re-use these lookup tables for the sorting utility.
2021-08-04 10:41:19 -05:00
Denis Kenzior
9a8129abd6 mpdu: Update IE ordering for 802.11-2020 2021-08-04 09:03:07 -05:00
James Prestwood
d58ae33e5c erp: take cache ref in erp_new
Since the erp_state is holding a pointer to the ERP cache, as
well as calling erp_cache_put on free, it should take a reference
for symmetry.
2021-08-03 16:29:47 -05:00
James Prestwood
95574e4538 handshake: unref erp_cache when handshake is freed
This makes the erp_cache ownership more consisten rather than
relying on the ERP state to free the cache.
2021-08-03 16:29:30 -05:00
James Prestwood
630c2c2a08 station: network: rework ERP/FILS code path
This refactors some code to eliminate getting the ERP entry twice
by simply returning it from network_has_erp_identity (now renamed
to network_get_erp_cache). In addition this code was moved into
station_build_handshake_rsn and properly cleaned up in case there
was an error or if a FILS AKM was not chosen.
2021-08-03 16:29:08 -05:00
James Prestwood
d4e8ba072a p2p: fix out of scope read
The authorized macs pointer was being set to either the wsc_beacon
or wsc_probe_response structures, which were initialized out of
scope to where 'amacs' was being used. This resulted in an out of
scope read, caught by address sanitizers.
2021-07-30 10:40:30 -05:00
James Prestwood
4bcfa21ca4 eap-aka: round to nearest word on message buffers
One of these message buffers was overflowing due to padding not
being taken into account (caught by sanitizers). Wrapped the length
of all message buffers with EAP_SIM_ROUND as to account for any
padding that attributes may add.
2021-07-30 10:38:26 -05:00
James Prestwood
1b4c6e9be8 knownnetworks: copy network_config on update
The network_config was not being copied to network_info when
updated. This caused any new settings to be lost if the network
configuration file was updated during runtime.
2021-07-29 17:51:25 -05:00
James Prestwood
befa448017 netdev: fix RoamThreshold5G
The RoamThreshold5G was never honored because it was being
set prior to any connections. This caused the logic inside
netdev_cqm_rssi_update to always choose the 2GHz threshold
(RoamThreshold) due to netdev->frequency being zero at this time.

Instead call netdev_cqm_rssi_update in all connect/transition
calls after netdev->frequency is updated. This will allow both
the 2G and 5G thresholds to be used depending on what frequency
the new BSS is.

The call to netdev_cqm_rssi_update in netdev_setup_interface
was also removed since it serves no purpose, at least now
that there are two thresholds to consider.
2021-07-28 10:04:41 -05:00
Denis Kenzior
30d32e4a58 treewide: Remove non-ascii characters 2021-07-28 10:03:27 -05:00
Denis Kenzior
78b9328db6 scan: Quiet down warning
Under certain conditions, access points with very low signal could be
detected.  This signal is too low to estimate a data rate and causes
this L_WARN to fire.  Fix this by returning a -ENETUNREACH error code in
case the signal is too low for any of the supported rates.
2021-07-28 09:53:21 -05:00
Denis Kenzior
74fa720e60 iwd.network: Document Transition Disable settings 2021-07-27 17:43:38 -05:00
Denis Kenzior
2e777a0d31 network: Enforce Transition Disable settings
Transition Disable indications and information stored in the network
profile needs to be enforced.  Since Transition Disable information is
now stored inside the network object, add a new method
'network_can_connect_bss' that will take this information into account.
wiphy_can_connect method is thus deprecated and removed.

Transition Disable can also result in certain AKMs and pairwise ciphers
being disabled, so wiphy_select_akm method's signature is changed and
takes the (possibly overriden) ie_rsn_info as input.
2021-07-27 17:43:38 -05:00
Denis Kenzior
ca8f3edc33 wiphy: Add wiphy_can_transition_disable 2021-07-27 17:43:38 -05:00
Denis Kenzior
0c8406780f knownnetworks: Parse Transition Disable settings 2021-07-27 17:43:35 -05:00
Denis Kenzior
51b437bbfe eapol: Add support for Transition Disable
If this indication is received in message 3/4, forward the contents as
a HANDSHAKE_EVENT_TRANSITION_DISABLE
2021-07-27 16:56:01 -05:00
Denis Kenzior
47ba837e98 network: Store Transition Disable info
This indication can come in via EAPoL message 3 or during
FILS Association.  It carries information as to whether certain
transition mode options should be disabled.  See WPA3 Specification,
version 3 for more details.
2021-07-27 16:55:58 -05:00
Denis Kenzior
8cfe038d67 network: Move parsing of additional options
Move parsing of AddressOverride and AlwaysRandomizeAddress settings to
knownnetwork.c to be in the same place as other global network settings.
2021-07-27 14:02:43 -05:00
Denis Kenzior
bedf2b0596 knownnetworks: Commonize parser for common settings
Some network settings keys are set / parsed in multiple files.  Add a
utility to parse all common network configuration settings in one place.

Also add some defines to make sure settings are always saved in the
expected group/key.
2021-07-27 14:02:43 -05:00
Denis Kenzior
46c19b6c6a eapol: Use handshake_util_find_kde
This returns the length of the actual contents, making the code a bit
easier to read and avoid the need to mask the KDE value which isn't
self-explanatory.
2021-07-27 14:02:43 -05:00