3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-21 03:32:42 +01:00
Commit Graph

7245 Commits

Author SHA1 Message Date
Denis Kenzior
8d68b33e76 netdev: Fix buffer overflow with 32 character ssids
ssid is declared as a 32 byte field in handshake_state, hence using it
as a string which is assumed to be nul-terminated will fail for SSIDs
that are 32 bytes long.

Fixes: 1f14782857 ("wiphy: add _generate_address_from_ssid")
Fixes: 5a1b1184fc ("netdev: support per-network MAC addresses")
2023-11-27 11:27:26 +01:00
Denis Kenzior
290f294c60 netdev: Do not leak l_genl_msg on error
In netdev_retry_owe, if l_gen_family_send fails, the connect_cmd is
never freed or reset.  Fix that.

While here, use a stack variable instead of netdev member, since the use
of such a member is unnecessary and confusing.
2023-11-27 11:27:26 +01:00
Denis Kenzior
5ce1c0d001 netdev: Don't duplicate vendor_ies
vendor_ies stored in handshake_state are already added as part of
netdev_populate_common_ies(), which is already invoked by
netdev_build_cmd_connect().

Normally vendor_ies is NULL for OWE connections, so no IEs are
duplicated as a result.
2023-11-27 11:27:26 +01:00
Denis Kenzior
b10ef09186 nl80211util: Move nl80211_append_rsn_attributes 2023-11-27 11:27:26 +01:00
Denis Kenzior
5a4fc931e7 ie: Move AKM suite converter from netdev
It is more logical to host this function inside ie.c than netdev.c.
Particularly since ie_rsn_cipher_suite_to_cipher is already present in
ie.c.
2023-11-27 11:27:26 +01:00
Denis Kenzior
44e9816dcb adhoc: Fix compilation on old systems
CC       src/adhoc.o
In file included from src/adhoc.c:28:0:
/usr/include/linux/if.h:234:19: error: field ‘ifru_addr’ has incomplete type
   struct sockaddr ifru_addr;
                   ^
/usr/include/linux/if.h:235:19: error: field ‘ifru_dstaddr’ has incomplete type
   struct sockaddr ifru_dstaddr;
                   ^
/usr/include/linux/if.h:236:19: error: field ‘ifru_broadaddr’ has incomplete type
   struct sockaddr ifru_broadaddr;
                   ^
/usr/include/linux/if.h:237:19: error: field ‘ifru_netmask’ has incomplete type
   struct sockaddr ifru_netmask;
                   ^
/usr/include/linux/if.h:238:20: error: field ‘ifru_hwaddr’ has incomplete type
   struct  sockaddr ifru_hwaddr;
                    ^
2023-11-27 11:26:52 +01:00
James Prestwood
a40d5199a8 netdev: move power save disabling until after interface is up
Very rarely on ath10k (potentially other ath cards), disabling
power save while the interface is down causes a timeout when
bringing the interface back up. This seems to be a race in the
driver or firmware but it causes IWD to never start up properly
since there is no retry logic on that path.

Retrying is an option, but a more straight forward approach is
to just reorder the logic to set power save off after the
interface is already up. If the power save setting fails we can
just log it, ignore the failure, and continue. From a users point
of view there is no real difference in doing it this way as
PS still gets disabled prior to IWD connecting/sending data.

Changing behavior based on a buggy driver isn't something we
should be doing, but in this instance the change shouldn't have
any downside and actually isn't any different than how it has
been done prior to the driver quirks change (i.e. use network
manager, iw, or iwconfig to set power save after IWD starts).

For reference, this problem is quite rare and difficult to say
exactly how often but certainly <1% of the time:

iwd[1286641]: src/netdev.c:netdev_disable_ps_cb() Disabled power save for ifindex 54
kernel: ath10k_pci 0000:02:00.0: wmi service ready event not received
iwd[1286641]: Error bringing interface 54 up: Connection timed out
kernel: ath10k_pci 0000:02:00.0: Could not init core: -110

After this IWD just sits idle as it has no interface to start using.

This is even reproducable outside of IWD if you loop and run:

ip link set <wlan> down
iw dev <wlan> set power_save off
ip link set <wlan> up

Eventually the 'up' command will fail with a timeout.

I've brought this to the linux-wireless/ath10k mailing list but
even if its fixed in future kernels we'd still need to support
older kernels, so a workaround/change in IWD is still required.
2023-11-23 09:21:36 -06:00
Marcel Holtmann
400782b6e4 Release 2.9 2023-11-19 18:53:15 +01:00
Marcel Holtmann
ca0806438b build: Require at least version 0.60 when building with external ELL 2023-11-19 18:36:14 +01:00
James Prestwood
aaaa3d1800 dbus: add SharedCodeAgent interface to iwd-dbus.conf 2023-11-17 14:13:31 -06:00
James Prestwood
5e1f19fca7 doc: document additional NotSupported shared code return 2023-11-17 10:51:23 -06:00
James Prestwood
5e0a97b197 dpp: fail early if multicast frame registration is unsupported
This is done already for DPP, do the same for PKEX. Few drivers
(ath9k upstream, ath10k/11k in progress) support this which is
unfortunate but since a configurator will not work without this
capability its best to fail early.
2023-11-17 10:51:23 -06:00
James Prestwood
cac10b52fc json: fix comment typo, "json_object_is_valid"
This should be json_iter_is_valid.
2023-11-17 09:49:12 -06:00
James Prestwood
4b147217ac auto-t: add checks for DPP 3rd party settings
Ensure the newly configured profile contains the additional
SendHostname setting that the configurator sends.
2023-11-17 09:49:06 -06:00
James Prestwood
6afda046c2 dpp: include 3rd party settings in network profile
If the configuration object contained IWD's 3rd party settings set
those into the network profile.
2023-11-17 09:48:58 -06:00
James Prestwood
87055f5a02 dpp-util: add support for 3rd party JSON fields
The DPP spec allows 3rd party fields in the DPP configuration
object (section 4.5.2). IWD can take advantage of this (when
configuring another IWD supplicant) to communicate additional
profile options that may be required for the network.

The new configuration member will be called "/net/connman/iwd"
and will be an object containing settings specific to IWD.
More settings could be added here if needed but for now only
the following are defined:

{
  send_hostname: true/false,
  hidden: true/false
}

These correspond to the following network profile settings:

[IPv4].SendHostname
[Settings].Hidden
2023-11-17 09:48:22 -06:00
James Prestwood
6a60cb5a32 dpp: use the config's SSID to process scan results
The scan result handling was fragile because it assumed the kernel
would only give results matching the requested SSID. This isn't
something we should assume so instead keep the configuration object
around until after the scan and use the target SSID to lookup the
network.
2023-11-17 09:46:06 -06:00
James Prestwood
fa14ac125e dpp: use the new config->ssid member
This is now a NULL terminated string so it can be used directly.
2023-11-17 09:44:42 -06:00
James Prestwood
00ffb056e8 dpp-util: store SSID as string, not raw buffer
Nearly every use of the ssid member first has to memcpy it to a
buffer and NULL terminate. Instead just store the ssid as a
string when creating/parsing from JSON.
2023-11-17 09:44:36 -06:00
James Prestwood
aa116ba522 dpp: check that DPP is running in station watch
This was causing unneeded WARNING prints because the DPP state
was never checked. Fix this and bail out if DPP isn't running.
2023-11-16 09:47:41 -06:00
James Prestwood
3c02f387cb dpp: scan to pick up extra frequencies when enrolling
The DPP-PKEX spec provides a very limited list of frequencies used
to discover configurators, only 3 on 2.4 and 5GHz bands. Since
configurators (at least in IWD's implementation) are only allowed
on the current operating frequency its very unlikely an enrollee
will find a configurator on these frequencies out of the entire
spectrum.

The spec does mention that the 3 default frequencies should be used
"In lieu of specific channel information obtained in a manner outside
the scope of this specification, ...". This allows the implementation
some flexibility in using a broader range of frequencies.

To increase the chances of finding a configurator shared code
enrollees will first issue a scan to determine what access points are
around, then iterate these frequencies. This is especially helpful
when the configurators are IWD-based since we know that they'll be
on the same channels as the APs in the area.
2023-11-16 09:14:32 -06:00
James Prestwood
c8a86edffe dpp: fix fragile scan/connecting logic
The post-DPP connection was never done quite right due to station's
state being unknown. The state is now tracked in DPP by a previous
patch but the scan path in DPP is still wrong.

It relies on station autoconnect logic which has the potential to
connect to a different network than what was configured with DPP.
Its unlikely but still could happen in theory. In addition the scan
was not selectively filtering results by the SSID that DPP
configured.

This fixes the above problems by first filtering the scan by the
SSID. Then setting the scan results into station without triggering
autoconnect. And finally using network_autoconnect() directly
instead of relying on station to choose the SSID.
2023-11-16 09:10:39 -06:00
James Prestwood
e2f28312e2 dpp: add station watch to DPP
DPP (both DPP and PKEX) run the risk of odd behavior if station
decides to change state. DPP is completely unaware of this and
best case would just result in a protocol failure, worst case
duplicate calls to __station_connect_network.

Add a station watch and stop DPP if station changes state during
the protocol.
2023-11-16 09:07:22 -06:00
James Prestwood
485f9f56bf dpp: remove duplicate connected network check 2023-11-16 09:07:10 -06:00
Denis Kenzior
30c6a10f28 netdev: Separate connect_failed and disconnected paths
Commit c59669a366 ("netdev: disambiguate between disconnection types")
introduced different paths for different types of disconnection
notifications from netdev.  Formalize this further by having
netdev_connect_failed only invoke connect_cb.

Disconnections that could be triggered outside of connection
related events are now handled on a different code path.  For this
purpose, netdev_disconnected() is introduced.
2023-11-14 17:40:56 -06:00
Denis Kenzior
a14d78596d netdev: Simplify netdev_auth_cb error logic 2023-11-14 17:29:59 -06:00
Denis Kenzior
972d277363 netdev: Remove improper use of netdev_connect_failed
When a roam event is received, iwd generates a firmware scan request and
notifies its event filter of the ROAMING condition.  In cases where the
firmware scan could not be started successfully, netdev_connect_failed
is invoked.  This is not a correct use of netev_connect_failed since it
doesn't actually disconnect the underlying netdev and the reflected
state becomes de-synchronized from the underlying kernel device.

The firmware scan request could currently fail for two reasons:
  1. nl80211 genl socket is in a bad state, or
  2. the scan context does not exist

Since both reasons are highly unlikely, simply use L_WARN instead.

The other two cases where netdev_connect_failed is used could only occur
if the kernel message is invalid.  The message is ignored in that case
and a warning is printed.

The situation described above also exists in netdev_get_fw_scan_cb. If
the scan could not be completed successfully, there's not much iwd can
do to recover.  Have iwd remain in roaming state and print an error.
2023-11-14 17:27:34 -06:00
Denis Kenzior
c59669a366 netdev: disambiguate between disconnection types
There are generally three scenarios where iwd generates a disconnection
command to the kernel:
  1. Error conditions stemming from a connection related event.  For
     example if SAE/FT/FILS authentication fails during Authenticate or
     Associate steps and the kernel doesn't disconnect properly.
  2. Deauthentication after the connection has been established and not
     related to a connection attempt in progress.  For example, SA Query
     processing that triggers an disconnect.
  3. Disconnects that are triggered due to a handshake failure or if
     setting keys resulting from the handshake fails.  These disconnects
     can be triggered as a result of a pending connection or when a
     connection has been established (e.g. due to rekeying).

Distinguish between 1 and 2/3 by having the disconnect procedure take
different paths.  For now there are no functional changes since all
paths end up in netdev_connect_failed(), but this will change in the
future.
2023-11-14 14:55:06 -06:00
Denis Kenzior
28798990d2 netdev: Move CMD_REKEY_OFFLOAD builder to nl80211util 2023-11-14 10:09:07 -06:00
Denis Kenzior
05c1d34c6e netdev: Move CMD_NEW_KEY RX-only builder to nl80211util 2023-11-14 10:03:58 -06:00
Denis Kenzior
708a8feaba netdev: Move pairwise NEW_KEY builder to nl80211util 2023-11-14 09:57:36 -06:00
Denis Kenzior
1aa83722a0 netdev: Move CMD_DEL_STATION builder to nl80211util
While here, also get rid of netdev_del_station.  The only user of this
function was in ap.c and it could easily be replaced by invoking the new
nl80211_build_del_station function.  The callback used by
netdev_build_del_station only printed an error and didn't do anything
useful.  Get rid of it for now.
2023-11-14 09:49:39 -06:00
Denis Kenzior
904373eee7 netdev: Move CMD_DEAUTHENTICATE builder to nl80211util 2023-11-14 09:26:49 -06:00
Denis Kenzior
7498eaae62 netdev: Move CMD_DISCONNECT builder to nl80211util 2023-11-14 09:21:58 -06:00
Denis Kenzior
d12d8bec85 netdev: Don't unnecessarily call netdev_connect_failed
netdev_begin_connection() already invokes netdev_connect_failed on
error.  Remove any calls to netdev_connect_failed in callers of
netdev_begin_connection().

Fixes: 4165d9414f ("netdev: use wiphy radio work queue for connections")
2023-11-13 23:11:12 -06:00
Denis Kenzior
afc8f53fd3 netdev: Use CMD_DISCONNECT if OCI fails
If netdev_get_oci fails, a goto deauth is invoked in order to terminate
the current connection and return an error to the caller.  Unfortunately
the deauth label builds CMD_DEAUTHENTICATE in order to terminate the
connection.  This was fine because it used to handle authentication
protocols that ran over CMD_AUTHENTICATE and CMD_ASSOCIATE.  However,
OCI can also be used on FullMAC hardware that does not support them.
Use CMD_DISCONNECT instead which works everywhere.

Fixes: 06482b8116 ("netdev: Obtain operating channel info")
2023-11-13 21:29:08 -06:00
Denis Kenzior
e1c2706674 netdev: sa_query: Fix reason code handling
The reason code field was being obtained as a uint8_t value, while it is
actually a uint16_t in little-endian byte order.

Fixes: f3cc96499c ("netdev: added support for SA Query")
2023-11-13 17:14:34 -06:00
Denis Kenzior
bef70275f7 netdev: Fix obtaining reason code from deauth frames
The reason code from deauthentication frame was being obtained as a
uint8_t instead of a uint16_t.  The value was only ever used in an
informational statement.  Since the value was in little endian, only the
first 8 bits of the reason code were obtained.  Fix that.

Fixes: 2bebb4bdc7 ("netdev: Handle deauth frames prior to association")
2023-11-13 16:43:39 -06:00
James Prestwood
dbce8f9ff9 auto-t: get DPP PKEX test running reliably
Several tests do not pass due to some additional changes that have
not been merged. Remove these cases and add some hardening after
discovering some unfortunate wpa_supplicant behavior.

 - Disable p2p in wpa_supplicant. With p2p enabled an extra device
   is created which starts receiving DPP frames and printing
   confusing messages.
 - Remove extra asserts which don't make sense currently. These
   will be added back later as future additions to PKEX are
   upstreamed.
 - Work around wpa_supplicant retransmit limitation. This is
   described in detail in the comment in pkex_test.py
2023-11-13 09:47:13 -06:00
James Prestwood
13952ff350 auto-t: add stop APIs and fix some issues wpas.py
- wait_for_event was returning a list in certain cases, not the
   event itself
 - The configurator ID was not being printed (',' instead of '%')
 - The DPP ID was not being properly waited for with PKEX
2023-11-13 09:46:58 -06:00
James Prestwood
2be49a93ba auto-t: make test timeout configurable
With the addition of DPP PKEX autotests some of the timeouts are
quite long and hit test-runners maximum timeouts. For UML we should
allow this since time-travel lets us skip idle waits. Move the test
timeout out of a global define and into the argument list so QEMU
and UML can define it differently.
2023-11-13 09:46:34 -06:00
James Prestwood
3b6d279184 client: add client commands for shared code configuration
The StartConfigurator() call was left out since there would be no
functional difference to the user in iwctl. Its expected that
human users of the shared code API provide the code/id ahead of
time, i.e. use ConfigureEnrollee/StartEnrollee.
2023-11-11 10:27:27 -06:00
James Prestwood
6e2dacb0ec client: Add shared code DBus interface 2023-11-11 10:27:10 -06:00
Finn Behrens
8d2e35b2d4 client: display_completion_matches add 0-byte check
Check that enough space for newline and 0-byte is left in line.
This fixes a buffer overflow on specific completion results.

Reported-By: Leona Maroni <dev@leona.is>
2023-11-11 10:24:01 -06:00
James Prestwood
2f4c09def0 dpp: fix removed dpp_reset in Stop()
It seems in my patch reordering both stop methods lost the actual
call to dpp_reset().
2023-11-09 20:15:56 -06:00
James Prestwood
29778733e5 auto-t: add DPP PKEX tests 2023-11-09 10:35:21 -06:00
James Prestwood
6f7384d5c7 auto-t: add APIs for PKEX
Also added some sanity checks to the existing DPP APIs to make
sure started/role gets set correctly.
2023-11-09 10:35:11 -06:00
James Prestwood
809ddcebbd auto-t: add utils for wpa_supplicant PKEX 2023-11-09 10:35:00 -06:00
James Prestwood
2ca9a55fd5 dpp: Add StartConfigurator, PKEX agent support
Adds a configurator variant to be used along side an agent. When
called the configurator will start and wait for an initial PKEX
exchange message from an enrollee at which point it will request
the code from an agent. This provides more flexibility for
configurators that are capable of configuring multiple enrollees
with different identifiers/codes.

Note that the timing requirements per the DPP spec still apply
so this is not meant to be used with a human configurator but
within an automated agent which does a quick lookup of potential
identifiers/codes and can reply within the 200ms window.
2023-11-09 10:34:46 -06:00
James Prestwood
cf378e562e dpp: initial version of PKEX configurator support
The PKEX configurator role is currently limited to being a responder.
When started the configurator will listen on its current operating
channel for a PKEX exchange request. Once received it and the
encrypted key is properly decrypted it treats this peer as the
enrollee and won't allow configurations from other peers unless
PKEX is restarted. The configurator will encrypt and send its
encrypted ephemeral key in the PKEX exchange response. The enrollee
then sends its encrypted bootstrapping key (as commit-reveal request)
then the same for the configurator (as commit-reveal response).

After this, PKEX authentication begins. The enrollee is expected to
send the authenticate request, since its the initiator.
2023-11-09 10:26:59 -06:00