3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-29 22:19:23 +01:00
Commit Graph

4039 Commits

Author SHA1 Message Date
James Prestwood
a3a48da542 station: allow autoconnect to hotspot networks
Since hotspot networks may require ANQP the autoconnect loop needed to
be delayed until after the ANQP results came back and the network
objects were updated. If there are hotspot networks in range ANQP will
be performed and once complete autoconnect will begin for all networks
including hotspots. If no hotspots are in range autoconnect will
proceed as it always has.

Note: Assuming hotspots are in range this will introduce some delay
in autoconnecting to any network since ANQP must come back. The full
plan is to intellegently decide when and when not to do ANQP in order
to minimize delays but since ANQP is disabled by default the behavior
introduced with this patch is acceptable.
2019-08-28 11:27:09 -05:00
James Prestwood
d33b5357ed network: check info match for unsetting hotspot info
No need to check for matching if unsetting
2019-08-28 11:25:05 -05:00
James Prestwood
b4fb60b2c5 knownnetworks: remove redundant ops->remove()
The remove op was being called inside known_networks_remove, which only
gets called from L_DIR_WATCH events. In this case the actual provisioning
has already been removed. Calling remove() again causes the op
implementation to then try and remove the file that no longer exists.
2019-08-28 11:17:50 -05:00
Denis Kenzior
6a52590687 network: Fix incorrect comment 2019-08-28 11:17:50 -05:00
Marcel Holtmann
2dc785982d netdev: Check EXT_FEATURE_CQM_RSSI_LIST before sending CMD_SET_CQM 2019-08-28 08:36:20 +02:00
James Prestwood
5661e886d8 eap-wsc: fix valgrind warning
Valgrind does not like uninitialized bytes used in a syscall. In this
case the buffer is an out buffer but since valgrind doesn't know that
it complains. Initializing to zero fixes the warning:

Syscall param socketcall.sendto(msg) points to uninitialised byte(s)
    at 0x5162C4D: send (send.c:28)
    by 0x457AF4: l_checksum_update (checksum.c:319)
    by 0x43C03C: eap_wsc_handle_m2 (eap-wsc.c:842)
    by 0x43CD33: eap_wsc_handle_request (eap-wsc.c:1048)
    by 0x43A3A7: __eap_handle_request.part.0 (eap.c:266)
    by 0x41A426: eapol_rx_packet.part.12 (eapol.c:2262)
    by 0x41B536: __eapol_rx_packet (eapol.c:2650)
    by 0x407C80: netdev_control_port_frame_event (netdev.c:3542)
    by 0x407C80: netdev_unicast_notify (netdev.c:3684)
    by 0x4598C5: dispatch_unicast_watches (genl.c:899)
    by 0x4598C5: process_unicast (genl.c:918)
    by 0x4598C5: received_data (genl.c:1039)
    by 0x456452: io_callback (io.c:126)
    by 0x45569D: l_main_iterate (main.c:473)
    by 0x45576B: l_main_run (main.c:520)
  Address 0x1ffeffe290 is on thread 1's stack
in frame #2, created by eap_wsc_handle_m2 (eap-wsc.c:797)
2019-08-27 20:58:01 -05:00
Denis Kenzior
b3881b84c1 eapol: Propagate noencrypt and use it
We were not using or taking into account the noencrypt flag obtained
from the kernel via CONTROL_PORT events.  For the most part this still
worked as the kernel would never include NO_ENCRYPT flag (due to a bug).
However, this was actually incorrect and led to loss of synchronization
between the AP and STA 4-Way handshake state machines when certain
packets were lost and had to be re-transmitted.
2019-08-27 20:50:07 -05:00
Tim Kourt
ebad9bf9be client: Enhance secret masking
Due to the changed IO behavior, pasting of the secrets
into the agent prompt became impossible. The reimplemented
logic allows to add (paste) an arbitrary number of characters
into a desired position of a secret string up to its max lengths.
The deletion has also been reworked to accommodate the new behavior.
2019-08-27 13:25:14 -05:00
Tim Kourt
44fcb2b1d7 client: Preserve command history in between the instances
This also limits the number of entries in history to 24.
2019-08-27 10:30:01 -05:00
James Prestwood
202f65be69 tools/ios_convert: use join rather than manually looping 2019-08-27 10:14:08 -05:00
James Prestwood
de2c808970 tools/ios_convert: add ServerDomainMask
Parses mobileconfig TLSTrustedServerNames
2019-08-27 10:14:08 -05:00
James Prestwood
96ce39c1c2 tools/ios_convert: add raw XML option
This option allows the script to be called with a raw XML file. This
is mostly useful for testing, but since its already implemented we
might as well include it.
2019-08-27 10:14:08 -05:00
James Prestwood
ab0c8cae3c tools/ios_convert: parse DisplayedOperatorName
Some hotspot networks do not contain SSID_STR, which was required
for both naming the provisioning file as well as the 'Name' key.
The DisplayedOperatorName is a better option for this 'Name' key
and could also be used for the filename.

Now, DisplayedOperatorName is preferred, and if not found SSID_STR
is used.
2019-08-27 10:14:08 -05:00
Andrew Zaborowski
9e81a8115a build: Make test-eapol depend on ell
It seems that setting unit_test_eapol_DEPENDENCIES prevents test-eapol
from depending on some ell .c files, like other unit tests do that have
no explicit _DEPENDENCIES variable set in Makefile.am.  Using
EXTRA_unit_test_eapol_DEPENDENCIES instead also seems to fix this.
2019-08-26 11:18:21 -05:00
Andrew Zaborowski
969c1871c5 unit: Update values in EAP-TLS-ServerDomainMask tests
Use more realistic domain name mask strings to be matched against the
DNS Name values in the subjectAltName extension.
2019-08-26 11:12:07 -05:00
Andrew Zaborowski
c5627ad62e build: Add a DNSName in the test server cert 2019-08-26 11:12:02 -05:00
Andrew Zaborowski
9a9ff9f2f3 eapol: Don't l_queue_remove from state_machines while destroying it
We do an l_queue_destroy(state_machines, eapol_sm_destroy) so don't
l_queue_remove from state_machines inside eapol_sm_destroy.
2019-08-23 09:32:57 -05:00
Andrew Zaborowski
9c4c9a71c5 unit: Test the EAP-TLS-ServerSubjectMatch config option 2019-08-23 09:31:59 -05:00
Andrew Zaborowski
fc4685abec eap-tls: Add ServerDomainMask config option
Allow users to provide a glob string that the contents of the server
certificate's subject DN should be matched against as a primitive
protection against rogue APs using certificates purchased from
commercial CAs trusted by the client.  If the network uses an AP
certificate emitted by a commerical CA and the clients are configured
to trust those CAs so that the client configurations don't have to be
updated when the AP renews its certificate, this new option can be used
to check if the CN in the AP certificate's DN matches the known domain
name.  This logic assumes that the commercial CAs provide enough
assurance that only the owner of the domain can buy a certificate with
that domain in the CN field.

The format of this option is similar to apple's TLSTrustedServerNames
and wpa_supplicant's domain_match/domain_suffix_match format, the exact
syntax is documented in ell/tls.c.
2019-08-23 09:30:24 -05:00
Denis Kenzior
0ebe960daf netdev: Use the RM Enabled Capability IE from wiphy 2019-08-23 09:11:51 -05:00
Denis Kenzior
01cfcabfb4 wiphy: Setup RM Enabled Capabilities in wiphy 2019-08-23 08:55:54 -05:00
Denis Kenzior
e01a036a41 monitor: decode additional Extended Capability bits 2019-08-23 08:54:17 -05:00
James Prestwood
b05689fc81 tools/ios_convert: Use tag instead of text for IsHotspot
The IsHotspot key just contains a tag after it (true/false), not
a tag with inner text.
2019-08-22 13:05:16 -05:00
James Prestwood
54a5791195 tools/ios_convert: add 'Name' to hotspot config
Also fixed a indentation issue for NAIRealms
2019-08-22 12:46:16 -05:00
James Prestwood
41740ceabc scan: only set Interworking if capable
Checks that the extended capabilities has the Interworking
bit set before adding the IE.
2019-08-21 17:34:43 -05:00
James Prestwood
20887dfe1a wiphy: explicitly set extended capability bits
Some capability bits are required by the spec to be set for
probe requests for certain features (HS20, FILS, FT). Currently
these features work as-is, but depending on the hardware we may
be in violation of the spec if we assume the correct bits are
set when we get the wiphy dump.

Just to be safe we can explicity set these capability bits.

There are also two ways the kernel exposes these capabilities.
Per-type or globally. The hardware may expose one, or both of
these capability arrays. To combat this we are now always
creating a per-type capability array for stations. If the
wiphy dump has not produced a per-type capability array we
now create one based off the global capability array. That
way we can always assume there is a capability array for a
station iftype.
2019-08-21 17:24:16 -05:00
James Prestwood
76b73a1cf5 util: add util_set_bit
Sets a single bit in a uint8_t * bit field
2019-08-21 17:24:16 -05:00
James Prestwood
dd2daa4961 scan: add Interworking to scan requests 2019-08-21 16:15:07 -05:00
James Prestwood
a9473df555 scan: add Extended Capabilities to scan requests
This will be seen in Probe Requests. More IEs can and should
be added here depending on the support in IWD. E.g. HS20 indication,
Interworking, HT/VHT IE's etc.
2019-08-21 16:15:07 -05:00
James Prestwood
92e1838cbe doc: update docs with hotspot name/type info 2019-08-21 14:20:15 -05:00
James Prestwood
0766138432 auto-t: update testHotspot with new Name requirements 2019-08-21 14:17:15 -05:00
James Prestwood
0f55b0023d auto-t: add hotspot to testKnownNetworks 2019-08-21 14:17:00 -05:00
James Prestwood
0846f76703 auto-t: add 'hotspot' network type 2019-08-21 14:16:08 -05:00
James Prestwood
0d0377ede7 knownnetworks: use get_name/get_type for dbus
The name/type on the dbus object will now refect the values
returned from the network_info ops
2019-08-21 14:16:08 -05:00
James Prestwood
313553aadd hotspot: require 'Name' value in provisioning file
In order to implement get_name/get_type we need some value for the name
of the hotspot network. For simplicity we now require a 'Name' value
be provided inside the hotspot provisioning file. Eventually this may
change (e.g. obtained via ANQP).
2019-08-21 14:16:08 -05:00
James Prestwood
a6a77ddc07 knownnetworks: add get_name and get_type ops 2019-08-21 14:16:08 -05:00
James Prestwood
894cde987d storage: util: remove unused APIs
Both util_timespec_compare and storage_network_get_mtime
are now unused.
2019-08-21 14:16:08 -05:00
James Prestwood
4f14e4bb42 hotspot: set connected_time on network_info 2019-08-21 14:16:08 -05:00
James Prestwood
6ff86abb41 knownnetworks: use l_path_get_mtime
Rather than using timespec directly, ELL has a convenient API
to get the elapsed microseconds as a uint64_t. This can then
be used with the other l_time_ APIs for comparison.

This patch removes timespec from network_info and updates
to use l_time_* API's for sorting.
2019-08-21 14:16:08 -05:00
Denis Kenzior
de589f3183 TODO: Mark agent for non-interactive iwctl as done 2019-08-21 13:38:22 -05:00
Denis Kenzior
58beed7544 AUTHORS: Mention Will's contributions 2019-08-21 12:30:01 -05:00
Will Dietz
690c9c2045 manager: Fix build
Attached, but basically replace 2-argument call to l_genl_msg_new
with what seems rather likely was intended instead: l_genl_msg_new_sized.
2019-08-21 12:29:22 -05:00
Denis Kenzior
9f1875fd3d manager: Use split wiphy dumps 2019-08-20 18:04:27 -05:00
James Prestwood
0e317ed9b1 test-runner: print if haveged fails to start
If haveged is not installed it attempts to start but exits with no
indication of what happened.
2019-08-20 14:23:35 -05:00
James Prestwood
ed08bc35a3 network: update hotspots on knownnetwork changes 2019-08-19 17:47:16 -05:00
James Prestwood
610ef41578 network: remove all hotspot related getter/setters 2019-08-19 13:59:01 -05:00
James Prestwood
7313d3bad7 network: remove hotspot specific settings loading
The hotspot module now uses network_info ops 'open'
2019-08-19 13:58:27 -05:00
James Prestwood
8242b7e9f3 station: add network_info after ANQP
Once ANQP is complete we can try matching the NAI realm with any
known networks.
2019-08-19 13:58:18 -05:00
James Prestwood
8910da5836 network: find hotspot network_info when adding BSS
When adding a BSS to a network: if it is hs20_capable and no
'info' has been set we attempt to search for a matching
network_info for this network.
2019-08-19 13:51:08 -05:00
James Prestwood
f4ef431e8d knownnetworks: add matching ops to network_info
These operations will allow the hotspot module to implement
matching HESSID, Roaming Consortium, and NAI realms. This offloads
the matching details into the hotspot module.
2019-08-19 13:46:01 -05:00