3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-09 21:49:23 +01:00
Commit Graph

36 Commits

Author SHA1 Message Date
Marcel Holtmann
b27edce298 build: Use include "" instead of include <> for ell/tls-private.h 2018-10-19 08:24:57 +02:00
Tim Kourt
bb5997c4ea peap: fix typo and add labels 2018-09-07 12:30:05 -05:00
Tim Kourt
2735e32b10 peap: handle redundant usage of the L flag
Some of the PEAP server implementations set the L flag along with
redundant TLS Message Length field for the un-fragmented packets.
This patch allows to identify and handle such occasions.
2018-09-07 12:26:23 -05:00
Tim Kourt
958bd12624 peap: accept EAP type 33 as termination mechanism for PEAPv1
EAP Extensions type 33 is used in PEAPv0 as a termination
mechanism for the tunneled EAP methods. In PEAPv1
the regular EAP-Success/Failure packets must be used to terminate
the method. Some of the server implementations of PEAPv1
rely on EAP Extensions method to terminate the conversation
instead of the required Success/Failure packets. This patch
makes iwd interoperable with such devices.
2018-09-06 18:23:24 -05:00
Andrew Zaborowski
4ffb97faa1 eap: Add secret cache policy types
eap_append_secret now takes a new cache_policy parameter which can be
used by the EAP method to signal that the value received from the agent
is to never be cached, i.e. each value can only be used once.  The
parameter value should be EAP_CACHE_NEVER for this and we use this in
value EAP-GTC where the secret tokens are one time use.  The
EAP_CACHE_TEMPORARY value is used in other methods, it preserves the
default behaviour where a secret can be cached for as long as the
network stays in range (this is the current implementation more than a
design choice I believe, I didn't go for a more specific enum name as
this may still change I suppose).
2018-08-08 19:43:05 -05:00
Tim Kourt
5f69aba32b eap-peap: add warning for the missing M flag 2018-07-02 20:28:08 -05:00
Tim Kourt
9976007dd8 eap-peap: Relax the M bit requirement
Some of the PEAP server implementation brake the protocol
and don’t set the M flag for the first packet during the
fragmented transmission. To stay compatible with such
devices, we relax this requirement in iwd.
2018-06-29 17:39:50 -05:00
Denis Kenzior
961c3e849d eap-peap: Print alert number 2018-06-28 13:23:13 -05:00
Denis Kenzior
a2d8054218 eap: Separate private bits into eap-private.h 2018-06-14 20:01:19 -05:00
Denis Kenzior
786365e2c7 eap: Add __eap_check_settings
Since PEAP & TTLS expect to use eap_check_settings recursively, make
them use a private version of that API that does not perform cleanup and
can contain side-effects.

eap_check_settings itself will guarantee that no side effects happen on
error.  It is meant to be used by code outside of the eap subsystem.
2018-06-14 19:21:44 -05:00
Denis Kenzior
75b492eacc eap-peap: Fix double free 2018-06-14 16:01:50 -05:00
Andrew Zaborowski
66e332fd4a eap: Use l_settings_get_string where needed
Replace usages of l_settings_get_value with l_settings_get_string, which
will make sure the returned strings are unescaped but also allocates
memeory and forces us to use l_free on most of the strings.  Some of
these strings we explicitly set with l_settings_set_string() in our code
so when we retrieved them with l_settings_get_value() we would receive a
different string if there were any escapable characters in the string.
I didn't replace any of the l_settings_get_value() uses where we're just
checking whether a setting is present, or those which are hexstrings or
EAP method names assuming that they can't have any special characters,
although this isn't future proof.  I did use l_settings_get_string() for
file paths though.
2018-06-13 21:41:43 -05:00
Andrew Zaborowski
b8fde0c166 eap: Accept a second id parameter in eap_append_secret
Accept two setting IDs in eap_append_secret, first for the username and
second for the password in case of the EAP_SECRET_REMOTE_USER_PASSWORD
EAP secret type.  In all other cases only the first setting is used.
Until now for EAP_SECRET_REMOTE_USER_PASSWORD secrets we'd generate the
two setting names by adding different suffixes to the ID parameter.

Using the two different setting names automatically fixes the issues
with using the EAP Identity returned by the agent in EAP-MSCHAPv2 and
EAP-PWD.
2018-06-13 21:34:25 -05:00
Denis Kenzior
1f3b120467 eap-peap: Add reset_state method 2018-06-07 19:43:25 -05:00
Andrew Zaborowski
b1d4db7cc8 eap: Return specific error when check_settings fails
Change the check_settings eap functions to return a negative errno and
return more granular Dbus error from the Connect method.
2018-04-30 10:45:28 -05:00
Andrew Zaborowski
56d3d40f30 eap: Wipe passphrase memory in TLS, TTLS, EAP
Wipe the passphrase memory in more places before freeing.
2018-04-26 11:27:22 -05:00
Andrew Zaborowski
7541b595f9 eap-peap: Implement .check_settings
Confirm that the PEM file paths that we'll be passing to the l_tls
object are loading Ok and request/validate the private key passphrase
if needed.  Then also call eap_check_settings to validate the inner
method's settings.
2018-04-19 13:23:03 -05:00
Tim Kourt
436e95d599 peap: Postpone cleanup on phase two failure 2018-03-01 09:13:17 -06:00
Tim Kourt
9783e236a1 peap: handle completion of phase two 2018-02-23 15:19:52 -06:00
Tim Kourt
55e8d7fdcc peap: add retransmission support 2018-02-15 13:00:22 -06:00
Tim Kourt
91ec5cff8c peap: add phase two eap tx/rx handlers 2018-02-14 21:34:21 -06:00
Tim Kourt
1ece3b13e4 peap: introduce and configure phase two eap method 2018-02-14 21:31:24 -06:00
Tim Kourt
50b7a01f87 peap: handle send for phase two data 2018-02-14 21:30:33 -06:00
Tim Kourt
8ae6e7c3de peap: switch tx_pdu_buf to use databuf struct 2018-02-14 21:28:03 -06:00
Tim Kourt
93d0dac77b peap: handle receive for phase two data 2018-02-14 21:26:54 -06:00
Tim Kourt
487c5cbafc peap: send ack on established tunnel 2018-02-14 17:37:19 -06:00
Tim Kourt
43c650a2b4 peap: add specification reference by the version 2018-02-14 17:36:08 -06:00
Tim Kourt
8c1b175b8b peap: derive and install eap key material 2018-02-02 14:27:05 -06:00
Tim Kourt
c5ec12e0e4 peap: response fragmentation support 2018-02-02 12:58:28 -06:00
Tim Kourt
71ebb7c1d5 peap: send response pkts 2018-02-01 22:09:12 -06:00
Tim Kourt
84be0eb8d3 peap: handle fragmented request 2018-02-01 22:08:13 -06:00
Tim Kourt
362771577b peap: introduce basic request-response flow 2018-02-01 10:47:26 -06:00
Tim Kourt
40898deb8b peap: handle Start flag 2018-02-01 10:43:16 -06:00
Tim Kourt
1d1bbb83eb eap-peap: add version validation 2018-01-24 11:23:50 -06:00
Tim Kourt
ba8857d2f4 eap-peap: configure Protected EAP 2018-01-24 11:22:16 -06:00
Tim Kourt
20e74e8679 eap-peap: Introduce Protected EAP support 2018-01-24 11:19:56 -06:00