3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-29 22:19:23 +01:00
Commit Graph

4409 Commits

Author SHA1 Message Date
Denis Kenzior
8a0c148368 ie: Handle WPA1 elements with Capability fields 2019-09-05 21:13:10 -05:00
Denis Kenzior
059be1924d AUTHORS: Mention Henrik's contributions 2019-09-05 20:55:19 -05:00
Henrik Stokseth
008fd6c87a ie: Fix WPA1 element parsing
The memset was done after setting the defaults when it should have been
done before.
2019-09-05 20:53:57 -05:00
Tim Kourt
df32279a31 client: Enable non-interactive mode support for agent prompts 2019-09-02 16:12:37 -05:00
Tim Kourt
02e38304b3 client: Prompt user for missing secrets in non-interactive mode
In non-interactive mode, prompt user for the missing secrets if
no command-line options were given.
2019-09-02 16:12:37 -05:00
Tim Kourt
589f6182b5 client: Set exit status on agent reg. failure 2019-09-02 16:12:37 -05:00
Tim Kourt
6c64016402 client: Make agent registration unconditional 2019-09-02 16:12:37 -05:00
Denis Kenzior
42954e98ae nl80211: Update to the latest mac80211-next version 2019-08-29 12:45:59 -05:00
Milan P. Stanić
5667227020 doc/main.conf: add short description about internal dhcp
added example how to use internal dhcp and resolver config
2019-08-29 12:31:12 -05:00
James Prestwood
342aeeb62b doc: add some documentation about --shell 2019-08-28 15:55:57 -05:00
James Prestwood
7acb910a26 test-runner: better define --shell behavior
Specifically, this defines the behavior when --shell is used when no
specific test is specified. In this case test-runner will assume the
'shell' test/sandbox should be used as the test environment as
running all autotests with --shell is not useful or feasable.
2019-08-28 15:55:57 -05:00
Marcel Holtmann
00f0039232 Release 0.20 2019-08-28 21:39:38 +02:00
Marcel Holtmann
3d7a40f119 build: Require at least version 0.22 when building with external ELL 2019-08-28 21:39:38 +02:00
Antonio Quartulli
8106d82b4e fast_transition: fix crash by parsing RSN IE only if present
When performing a fast transition to another OPEN network the RSN
element won't be there and therefore the bss->rsne is gonna be NULL.

Fix crash by not accessing the rsne member when performing a fast
transition to an AP that doe snot advertise any RSN IE.

Crash caught with gdb:

 src/station.c:station_transition_start() 186, target 34:8f:27:2f:b8:fc

 Program received signal SIGSEGV, Segmentation fault.
 handshake_state_set_authenticator_ie (s=0x555555626eb0, ie=0x0) at src/handshake.c:163
 163		s->authenticator_ie = l_memdup(ie, ie[1] + 2u);
 (gdb) bt
 #0  handshake_state_set_authenticator_ie (s=0x555555626eb0, ie=0x0) at src/handshake.c:163
 #1  0x0000555555561a98 in fast_transition (netdev=0x55555562fbe0, target_bss=0x55555561f4a0,
     over_air=over_air@entry=true, cb=0x55555556d5b0 <station_fast_transition_cb>) at src/netdev.c:3164
 #2  0x0000555555565dfd in netdev_fast_transition (netdev=<optimized out>, target_bss=<optimized out>,
     cb=<optimized out>) at src/netdev.c:3232
 #3  0x000055555556ccbd in station_transition_start (bss=0x55555561f4a0, station=0x555555617da0)
     at src/station.c:1261
 #4  station_roam_scan_notify (err=<optimized out>, bss_list=<optimized out>, userdata=0x555555617da0)
     at src/station.c:1444
 #5  0x0000555555579560 in scan_finished (sc=0x55555562bf80, err=err@entry=0, bss_list=0x55555561bd90,
     sr=0x555555626b30, wiphy=<optimized out>) at src/scan.c:1234
 #6  0x0000555555579620 in get_scan_done (user=0x555555618920) at src/scan.c:1264
 #7  0x00005555555abd23 in destroy_request (data=0x55555561b000) at ell/genl.c:673
 #8  0x00005555555ac129 in process_unicast (nlmsg=0x7fffffffc310, genl=0x55555560b7a0) at ell/genl.c:940
 #9  received_data (io=<optimized out>, user_data=0x55555560b7a0) at ell/genl.c:1039
 #10 0x00005555555a8aa3 in io_callback (fd=<optimized out>, events=1, user_data=0x55555560b840)
     at ell/io.c:126
 #11 0x00005555555a7ccd in l_main_iterate (timeout=<optimized out>) at ell/main.c:473
 #12 0x00005555555a7d9c in l_main_run () at ell/main.c:520
 #13 l_main_run () at ell/main.c:502
 #14 0x00005555555a7fac in l_main_run_with_signal (callback=<optimized out>, user_data=0x0)
    at ell/main.c:642
 #15 0x000055555555e5b8 in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:519
2019-08-28 14:35:06 -05:00
James Prestwood
c17b0ce04e auto-t: check for known networks in EAP-WSC
Make sure changes to WSC continue to work with known networks
2019-08-28 13:06:40 -05:00
James Prestwood
8500b60b13 network: fix issue with WSC not connecting
After wsc_store_credentials, wsc_try_credentials is called which
sets the PSK obtained via the protocol. After the known network
refactor network_settings_load was changed to depend on the
network_info->open() call. Since there is no known network for
this initial WSC connection this always fails and the PSK is not
set into the network object (and the connection is failed).

In this case if network_settings_load fails we can just create
an empty settings object to be filled later.
2019-08-28 13:06:40 -05:00
James Prestwood
7fa5eddfbc doc: add required kernel version for anqp_disabled=false
The release candidates for v5.3 contain the required patches for
offchannel management frames to work properly.
2019-08-28 12:38:58 -05:00
James Prestwood
fe9376c74f hotspot: use known_network_update
If the file was modified we no longer need to completely remove
and recreate the network_info.
2019-08-28 11:41:16 -05:00
James Prestwood
ab5e83014c knownnetworks: refactor to expose known_network_update
known_network_update was being used to both update and create known
networks as they appeared on the file system. Hotspot needs updating
capabilities so known_network_update was exposed and updated with
one major difference; it no longer can be used to create new known
networks. For creation, a new API was added (known_network_new)
which will create and add to the queue.
2019-08-28 11:40:14 -05:00
James Prestwood
a0a81c72e1 auto-t: add autoconnect hotspot test 2019-08-28 11:28:53 -05:00
James Prestwood
a3a48da542 station: allow autoconnect to hotspot networks
Since hotspot networks may require ANQP the autoconnect loop needed to
be delayed until after the ANQP results came back and the network
objects were updated. If there are hotspot networks in range ANQP will
be performed and once complete autoconnect will begin for all networks
including hotspots. If no hotspots are in range autoconnect will
proceed as it always has.

Note: Assuming hotspots are in range this will introduce some delay
in autoconnecting to any network since ANQP must come back. The full
plan is to intellegently decide when and when not to do ANQP in order
to minimize delays but since ANQP is disabled by default the behavior
introduced with this patch is acceptable.
2019-08-28 11:27:09 -05:00
James Prestwood
d33b5357ed network: check info match for unsetting hotspot info
No need to check for matching if unsetting
2019-08-28 11:25:05 -05:00
James Prestwood
b4fb60b2c5 knownnetworks: remove redundant ops->remove()
The remove op was being called inside known_networks_remove, which only
gets called from L_DIR_WATCH events. In this case the actual provisioning
has already been removed. Calling remove() again causes the op
implementation to then try and remove the file that no longer exists.
2019-08-28 11:17:50 -05:00
Denis Kenzior
6a52590687 network: Fix incorrect comment 2019-08-28 11:17:50 -05:00
Marcel Holtmann
2dc785982d netdev: Check EXT_FEATURE_CQM_RSSI_LIST before sending CMD_SET_CQM 2019-08-28 08:36:20 +02:00
James Prestwood
5661e886d8 eap-wsc: fix valgrind warning
Valgrind does not like uninitialized bytes used in a syscall. In this
case the buffer is an out buffer but since valgrind doesn't know that
it complains. Initializing to zero fixes the warning:

Syscall param socketcall.sendto(msg) points to uninitialised byte(s)
    at 0x5162C4D: send (send.c:28)
    by 0x457AF4: l_checksum_update (checksum.c:319)
    by 0x43C03C: eap_wsc_handle_m2 (eap-wsc.c:842)
    by 0x43CD33: eap_wsc_handle_request (eap-wsc.c:1048)
    by 0x43A3A7: __eap_handle_request.part.0 (eap.c:266)
    by 0x41A426: eapol_rx_packet.part.12 (eapol.c:2262)
    by 0x41B536: __eapol_rx_packet (eapol.c:2650)
    by 0x407C80: netdev_control_port_frame_event (netdev.c:3542)
    by 0x407C80: netdev_unicast_notify (netdev.c:3684)
    by 0x4598C5: dispatch_unicast_watches (genl.c:899)
    by 0x4598C5: process_unicast (genl.c:918)
    by 0x4598C5: received_data (genl.c:1039)
    by 0x456452: io_callback (io.c:126)
    by 0x45569D: l_main_iterate (main.c:473)
    by 0x45576B: l_main_run (main.c:520)
  Address 0x1ffeffe290 is on thread 1's stack
in frame #2, created by eap_wsc_handle_m2 (eap-wsc.c:797)
2019-08-27 20:58:01 -05:00
Denis Kenzior
b3881b84c1 eapol: Propagate noencrypt and use it
We were not using or taking into account the noencrypt flag obtained
from the kernel via CONTROL_PORT events.  For the most part this still
worked as the kernel would never include NO_ENCRYPT flag (due to a bug).
However, this was actually incorrect and led to loss of synchronization
between the AP and STA 4-Way handshake state machines when certain
packets were lost and had to be re-transmitted.
2019-08-27 20:50:07 -05:00
Tim Kourt
ebad9bf9be client: Enhance secret masking
Due to the changed IO behavior, pasting of the secrets
into the agent prompt became impossible. The reimplemented
logic allows to add (paste) an arbitrary number of characters
into a desired position of a secret string up to its max lengths.
The deletion has also been reworked to accommodate the new behavior.
2019-08-27 13:25:14 -05:00
Tim Kourt
44fcb2b1d7 client: Preserve command history in between the instances
This also limits the number of entries in history to 24.
2019-08-27 10:30:01 -05:00
James Prestwood
202f65be69 tools/ios_convert: use join rather than manually looping 2019-08-27 10:14:08 -05:00
James Prestwood
de2c808970 tools/ios_convert: add ServerDomainMask
Parses mobileconfig TLSTrustedServerNames
2019-08-27 10:14:08 -05:00
James Prestwood
96ce39c1c2 tools/ios_convert: add raw XML option
This option allows the script to be called with a raw XML file. This
is mostly useful for testing, but since its already implemented we
might as well include it.
2019-08-27 10:14:08 -05:00
James Prestwood
ab0c8cae3c tools/ios_convert: parse DisplayedOperatorName
Some hotspot networks do not contain SSID_STR, which was required
for both naming the provisioning file as well as the 'Name' key.
The DisplayedOperatorName is a better option for this 'Name' key
and could also be used for the filename.

Now, DisplayedOperatorName is preferred, and if not found SSID_STR
is used.
2019-08-27 10:14:08 -05:00
Andrew Zaborowski
9e81a8115a build: Make test-eapol depend on ell
It seems that setting unit_test_eapol_DEPENDENCIES prevents test-eapol
from depending on some ell .c files, like other unit tests do that have
no explicit _DEPENDENCIES variable set in Makefile.am.  Using
EXTRA_unit_test_eapol_DEPENDENCIES instead also seems to fix this.
2019-08-26 11:18:21 -05:00
Andrew Zaborowski
969c1871c5 unit: Update values in EAP-TLS-ServerDomainMask tests
Use more realistic domain name mask strings to be matched against the
DNS Name values in the subjectAltName extension.
2019-08-26 11:12:07 -05:00
Andrew Zaborowski
c5627ad62e build: Add a DNSName in the test server cert 2019-08-26 11:12:02 -05:00
Andrew Zaborowski
9a9ff9f2f3 eapol: Don't l_queue_remove from state_machines while destroying it
We do an l_queue_destroy(state_machines, eapol_sm_destroy) so don't
l_queue_remove from state_machines inside eapol_sm_destroy.
2019-08-23 09:32:57 -05:00
Andrew Zaborowski
9c4c9a71c5 unit: Test the EAP-TLS-ServerSubjectMatch config option 2019-08-23 09:31:59 -05:00
Andrew Zaborowski
fc4685abec eap-tls: Add ServerDomainMask config option
Allow users to provide a glob string that the contents of the server
certificate's subject DN should be matched against as a primitive
protection against rogue APs using certificates purchased from
commercial CAs trusted by the client.  If the network uses an AP
certificate emitted by a commerical CA and the clients are configured
to trust those CAs so that the client configurations don't have to be
updated when the AP renews its certificate, this new option can be used
to check if the CN in the AP certificate's DN matches the known domain
name.  This logic assumes that the commercial CAs provide enough
assurance that only the owner of the domain can buy a certificate with
that domain in the CN field.

The format of this option is similar to apple's TLSTrustedServerNames
and wpa_supplicant's domain_match/domain_suffix_match format, the exact
syntax is documented in ell/tls.c.
2019-08-23 09:30:24 -05:00
Denis Kenzior
0ebe960daf netdev: Use the RM Enabled Capability IE from wiphy 2019-08-23 09:11:51 -05:00
Denis Kenzior
01cfcabfb4 wiphy: Setup RM Enabled Capabilities in wiphy 2019-08-23 08:55:54 -05:00
Denis Kenzior
e01a036a41 monitor: decode additional Extended Capability bits 2019-08-23 08:54:17 -05:00
James Prestwood
b05689fc81 tools/ios_convert: Use tag instead of text for IsHotspot
The IsHotspot key just contains a tag after it (true/false), not
a tag with inner text.
2019-08-22 13:05:16 -05:00
James Prestwood
54a5791195 tools/ios_convert: add 'Name' to hotspot config
Also fixed a indentation issue for NAIRealms
2019-08-22 12:46:16 -05:00
James Prestwood
41740ceabc scan: only set Interworking if capable
Checks that the extended capabilities has the Interworking
bit set before adding the IE.
2019-08-21 17:34:43 -05:00
James Prestwood
20887dfe1a wiphy: explicitly set extended capability bits
Some capability bits are required by the spec to be set for
probe requests for certain features (HS20, FILS, FT). Currently
these features work as-is, but depending on the hardware we may
be in violation of the spec if we assume the correct bits are
set when we get the wiphy dump.

Just to be safe we can explicity set these capability bits.

There are also two ways the kernel exposes these capabilities.
Per-type or globally. The hardware may expose one, or both of
these capability arrays. To combat this we are now always
creating a per-type capability array for stations. If the
wiphy dump has not produced a per-type capability array we
now create one based off the global capability array. That
way we can always assume there is a capability array for a
station iftype.
2019-08-21 17:24:16 -05:00
James Prestwood
76b73a1cf5 util: add util_set_bit
Sets a single bit in a uint8_t * bit field
2019-08-21 17:24:16 -05:00
James Prestwood
dd2daa4961 scan: add Interworking to scan requests 2019-08-21 16:15:07 -05:00
James Prestwood
a9473df555 scan: add Extended Capabilities to scan requests
This will be seen in Probe Requests. More IEs can and should
be added here depending on the support in IWD. E.g. HS20 indication,
Interworking, HT/VHT IE's etc.
2019-08-21 16:15:07 -05:00
James Prestwood
92e1838cbe doc: update docs with hotspot name/type info 2019-08-21 14:20:15 -05:00