3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-09 21:49:23 +01:00
Commit Graph

2859 Commits

Author SHA1 Message Date
James Prestwood
85fd9f50f7 netdev: fix auth protocols not setting ->connected
This causes netdev to think another supplicant is running when it
recieves a connect event due to an auth protocol running.
2020-03-13 23:52:26 -05:00
James Prestwood
421af060f8 netdev: update use of l_rtnl_set_mac
This API was updated to take an extra boolean which will
automatically power up the device while changing the MAC
address. Since this is what IWD does anyways we can avoid
the need for an intermediate callback and go right into
netdev_initial_up_cb.
2020-03-12 10:46:06 -05:00
Louis Whitburn
eb7845ec29 eap-tls-common: Don't fail with omitted EAP-TLS-CACert
iwd would fail to connect using EAP-TLS when no CA certificate was
provided as it checked for successful loading of the CA certificate
instead of the client certificate when attempting to load the client
certificate.
2020-03-09 22:25:33 -05:00
James Prestwood
ca9110e8c2 network: enforce max EAP/pkey password length 2020-03-06 13:08:25 -06:00
James Prestwood
d40a8d1a6d eap-gtc: limit password length to maximum
The password for EAP-GTC is directly used in an EAP response. The
response buffer is created on the stack so an overly large password
could cause a stack overflow.
2020-03-06 13:08:05 -06:00
James Prestwood
301d8473df iwd: define a maximum password length 2020-03-06 13:07:58 -06:00
James Prestwood
77cfb615e5 eap: check MTU when loading identity
If the MTU was set very low an identity could exceed the maximum.
2020-03-06 12:17:09 -06:00
Denis Kenzior
53ea9adfb5 netdev: Fix disconnect event coming out of order
mac80211 drivers seem to send the disconnect event which is triggered by
CMD_DISCONNECT prior to the CMD_DISCONNECT response.  However, some
drivers, namely brcmfmac, send the response first and then send the
disconnect event.  This confused iwd when a connection was immediately
triggered after a disconnection (network switch operation).

Fix this by making sure that connected variable isn't set until the
connect event is actually processed, and ignore disconnect events which
come after CMD_DISCONNECT has alredy succeeded.
2020-02-28 10:25:04 -06:00
Andrew Zaborowski
dd2677402a ap: React to NL80211_CMD_STOP_AP events
These events will tell use when our AP gets stopped without our request,
for example due to suspend/resume.
2020-02-17 12:27:54 -06:00
Andrew Zaborowski
87a198111a frame-xchg: Don't use l_genl for additional nl80211 sockets
For nl80211 sockets other than our main l_genl object use socket io
directly, to avoid creating many instances of l_genl.  The only reason
we use multiple sockets is to work around an nl80211 design quirk that
requires closing the socket to unregister management frame watches.
Normally there should not be a need to create multiple sockets in a
program.
2020-02-17 12:23:13 -06:00
Andrew Zaborowski
0d62b5a2fc frame-xchg: Add a frame exchange API
Add a little state machine and a related API, to simplify sending out a
frame, receiving the Ack / No-ack status and (if acked) waiting for a
response frame from the target device, one of a list of possible
frame prefixes.  The nl80211 API for this makes it complicated
enough that this new API seems to be justified, on top of that there's a
quirk when using the brcmfmac driver where the nl80211 response
(containing the operation's cookie), the Tx Status event and the response
Frame event are received from nl80211 in reverse order (not seen with
other drivers so far), further complicating what should be a pretty
simple task.
2020-02-17 10:45:40 -06:00
Andrew Zaborowski
ff7abdb89d frame-xchg: Try to call a handler only once per frame
Try to better deduplicate the frame watches.  Until now we'd check if
we'd already registered a given frame body prefix with the kernel, or a
matching more general prefix (shorter).  Now also try to check if we
have already have a watch with the same callback pointer and user_data
value, and:

 * an identical or shorter (more general) prefix, in that case ignore
   the new watch completely.

 * a longer (more specific) prefix, in that case forget the existing
   watch.

The use case for this is when we have a single callback for multiple
watches and multiple frame types, and inside that callback we're looking
at the frame body again and matching it to frame types.  In that case
we don't want that function to be called multiple times for one frame
event.
2020-02-17 10:42:55 -06:00
Daniel Wagner
a40503427e rtnlutil: Remove used rtnlutil
The rtnl code has been added to ELL. There is caller left in iwd,
therefore remove the rtnlutil file.
2020-02-17 09:08:50 -06:00
Daniel Wagner
280658c73b netconfig: Use ell's rtnl API 2020-02-17 09:08:50 -06:00
Daniel Wagner
0af1207a6c netdev: Use ell's rtnl APIs 2020-02-17 09:08:50 -06:00
Andrew Zaborowski
1896ac2d73 frame-xchg: Use both group_id and wdev_id when removing group
In frame_watch_group_remove I forgot to actually match the group to be
removed by both wdev_id and group_id.  group_ids are unique only in the
scope of one wdev.
2020-02-07 15:41:14 -06:00
Andrew Zaborowski
053c1ca2a2 frame-xchg: Add new groups to watch_groups list
I forgot to actually add new groups being created in
frame_watch_group_get to the watch_groups queue, meaning that we'd
re-create the group every time a new watch was added to the group.
2020-02-07 15:34:14 -06:00
Andrew Zaborowski
16cc2386f1 nl80211util: Handle NL80211_ATTR_ACK flag in parser
If this attribute is included in the nl80211_parse_attrs parameters, set
the corresponding bool to true if flag was present and false if not.
2020-02-07 15:26:35 -06:00
Tim Kourt
49607880fc peap: Fail auth. if invalid compound MAC is received
Since the interoperability with the Windows server has been achieved,
witch back to failing authentication if invalid compound MAC is
received.
2020-02-06 15:18:04 -06:00
Tim Kourt
bdf328320d peap: Ensure TLV uniqueness
Processing the duplicated TLVs while connecting to a malicious AP may lead
to overflow of the response buffer. This patch ensures that the
duplicated TLVs are not parsed.
2020-02-06 10:28:39 -06:00
Denis Kenzior
4f745ff930 manager: Fix initialization for blacklisted drivers
The pending wiphy state 'use_default' variable was not set early enough
in some circumstances resulting in weird behavior for blacklisted
drivers.  Fix this by adding a manager_wiphy_dump_done callback which
will properly initialize the use_default value.

Fixes: c4b2f10483 ("manager: Handle missing NEW_WIPHY events")
2020-02-05 14:27:05 -06:00
Denis Kenzior
360f66f71c manager: Also set retry when using default interfaces 2020-02-05 09:14:47 -06:00
Denis Kenzior
8530396fb3 manager: Add brcmfmac to the blacklist
brcmfmac does not allow the removal of the default / primary interface.
So there isn't much point in having iwd attempt this.

Another issue is that brcmfmac _does_ allow the deletion of non-default
interfaces.  So starting iwd on a system with a station & ap interface
active can result in iwd attempting to delete all the interfaces.  Given
the above, it succeeds in deleting the ap interface but not the station
one.  In strange circumstances it might end up thinking that the ap
interface is the 'default' and trying to use it, whereas it was just
successfully removed.
2020-02-04 16:00:46 -06:00
Denis Kenzior
f168fb2e16 manager: Fix valgrind complaint
==192== Conditional jump or move depends on uninitialised value(s)
==192==    at 0x4531D3: l_queue_find (queue.c:346)
==192==    by 0x42F1F8: manager_config_notify (manager.c:667)
==192==    by 0x45A895: process_multicast (genl.c:970)
==192==    by 0x45A895: received_data (genl.c:1037)
==192==    by 0x4577B2: io_callback (io.c:126)
==192==    by 0x456B0D: l_main_iterate (main.c:473)
==192==    by 0x456BCB: l_main_run (main.c:520)
==192==    by 0x456DDA: l_main_run_with_signal (main.c:642)
==192==    by 0x4034B0: main (main.c:497)
2020-02-04 11:05:10 -06:00
Andrew Zaborowski
fff6c97e99 frame-watch: Fix an l_queue_foreach_remove call
A pointer to the wdev_id is expected in this call inside
frame_watch_group_remove_wdev instead of a pointer to the pointer.
2020-02-04 10:46:57 -06:00
Andrew Zaborowski
1df4cb5be7 frame-watch: Actually unregister removed groups
Actually close the sockets for removed groups an free resources
2020-02-04 10:46:32 -06:00
Denis Kenzior
c4b2f10483 manager: Handle missing NEW_WIPHY events
The kernel emits NEW_WIPHY events whenever a new wiphy is registered.
Unfortunately these events are emitted under the 'legacy' semantics and
have a hard size limit of 4096 bytes.  Unfortunately, it is possible for
a NEW_WIPHY message to exceed this limit (ath10k cards seem to be
affected in particular), which results in the kernel never sending these
messages out.  This can lead to NEW_INTERFACE events being emitted with
a wiphy_id that had no corresponding NEW_WIPHY event emitted.  Such a
sequence can confuse iwd's hardware detection logic, particularly during
hot-plug or system boot.

Fix this by re-dumping the wiphy if such a condition is detected.  This
has some interaction with blacklisted wiphys, so the wiphy objects are
now always tracked and marked as blacklisted.  Before, the blacklisted
wiphys were simply not added to the iwd list of tracked wiphys.
2020-02-04 10:42:07 -06:00
Denis Kenzior
6825721535 wiphy: Add wiphy_get_id 2020-02-03 17:37:28 -06:00
Denis Kenzior
fcdddf2b72 build: Support missing rawmemchr 2020-02-03 11:54:28 -06:00
Tim Kourt
dc4b7e327e peap: Add inner EAP key material into imsk calculation
For the inner EAP methods that support generation of the key material
include it into imck generation. This allows to cryptographically
bind the inner method with the tunnel.
2020-02-03 11:33:57 -06:00
Tim Kourt
c2078c703d eap-tls-common: Address PEAPv0 interoperability with Windows
Windows Server 2008 - Network Policy Server (NPS) generates an invalid
Compound MAC for Cryptobinding TLV when is used within PEAPv0 due to
incorrect parsing of the message containing TLS Client Hello.
Setting L bit and including TLS Message Length field, even for the
packets that do not require fragmentation, corrects the issue. The
redundant TLS Message Length field in unfragmented packets doesn't
seem to affect the other server implementations.
2020-02-03 11:33:02 -06:00
Andrew Zaborowski
55f9639ee3 manager: Retry the interface setup if we get an EBUSY
Sometimes, at least with brcmfmac, the default interface apparently
takes a moment to get created after the NEW_WIPHY event.  We didn't
really consider this case in the NEW_WIPHY handler and we've got a race
condition.  It fixes the following bug for me:
https://bugs.archlinux.org/task/63912 -- tested by removing and
re-modprobing the brcmfmac module rather than rebooting.

To work around this wait for the NEW_INTERFACE event and then retry the
setup.  We still do the initial attempt directly after NEW_WIPHY to
handle cases like wiphys with no default interfaces and pre-existing
wiphys.
2020-01-28 15:10:10 -06:00
Andrew Zaborowski
aec7c0f39c manager: Make sure all interface are processed after dump
In manager_interface_dump_done use l_queue_foreach_remove instead of
l_queue_remove_if to make sure we process all of the interfaces.
2020-01-27 15:00:23 -06:00
Denis Kenzior
03ccc454b7 knownneetworks: React to mtime updates
We track mtime as the 'LastConnectedTime' of the network, and also sort
the known network list according to the last connected time.
Unfortunately we were never reacting to ATTRIB changes, and so were
never updating the network_info->connected_time whenever a network was
connected to.

Rework the logic to address this.  This also fixes a small bug where the
connected_time was not set properly prior to removal / re-insertion of
the network_info.
2020-01-27 14:28:08 -06:00
Denis Kenzior
681172a999 storage: Add ability to preserve times
We use the mtime on the network profile as the 'Last Connected Time'.
When we update any property and sync the file to disk, the mtime was not
preserved (since we were creating a new temporary file instead of
modifying the old one).  This led to LastConnectedTime property change
being emitted / updated incorrectly when a writable property on the
KnownNetwork interface was updated.
2020-01-22 11:15:19 -06:00
Torstein Husebø
759dbdd37f treewide: fix typos 2020-01-21 16:03:28 -06:00
Denis Kenzior
b00d4f4ce6 wsc: Use macros to simplify reply code a bit 2020-01-17 12:50:23 -06:00
Denis Kenzior
30ec06edcc wsc: Remove stale comment
Known networks are now automatically updated through inotify mechanisms,
so this comment is no longer needed.
2020-01-17 12:50:23 -06:00
Denis Kenzior
ec15838215 wsc: Rework wsc_enrollee_destroy
Our design preference is to not call any callbacks in the _free/_destroy
method of a class (with the exception of explicit destroy callbacks
provided, if any).

Invoking the callback in this case was unnecessary: wsc_dbus_free was
already replying to pending connect / cancel messages.  The only other
thing the callback would attempt to do is to set station back into
autoconnect mode.  This was unnecessary as well since the netdev is
already down.

This change removes the callback invocation.  Since wsc_enrollee_destroy
is now just calling wsc_enrollee_free, remove this from the API and
expose wsc_enrollee_free instead.
2020-01-17 12:50:23 -06:00
Andrew Zaborowski
1f14941011 wsc: Accept extra IEs in wsc_enrollee_new 2020-01-17 12:50:23 -06:00
Andrew Zaborowski
ce16ba3bf8 wsc: Refactor WSC D-Bus interface logic
Split the WSC D-Bus interface class (struct wsc) into a base class
common to station mode and P2P mode (struct wsc_dbus) and station-
specific logic like scanning, saving the credentials as a known network
and triggering the station-mode connection (struct wsc_station_dbus).

Make the base class and its utilities public in wsc.h for P2P use.
2020-01-17 12:50:23 -06:00
Andrew Zaborowski
b10264dcc7 wsc: Split out enrollee state machine to own object
Create struct wsc_enrollee which is allocated with wsc_enrollee_new,
taking a done callback as a parameter.  The callback is always
called so there's no need for a separate destroy callback.  The object
only lives until the done callback happens so wsc_enrollee_cancel/destroy
can only be used before this.

Looks like the rest of the file is simplified thanks to this.
2020-01-17 12:50:23 -06:00
Andrew Zaborowski
02f7d425b3 netdev: Drop the netdev_frame_watch API 2020-01-16 11:38:01 -06:00
Andrew Zaborowski
baad7e5fd8 netdev: Switch to new frame watch API 2020-01-16 11:37:59 -06:00
Andrew Zaborowski
b234a8e614 rrm: Switch to new frame watch API 2020-01-16 11:37:57 -06:00
Andrew Zaborowski
b31a23785a device: Switch to new frame watch API 2020-01-16 11:37:55 -06:00
Andrew Zaborowski
4a61620a9b ap: Switch to new frame watch API 2020-01-13 11:49:08 -06:00
Andrew Zaborowski
6484b7dbb6 Add a new frame watch API
This new API is independent of netdev.c and allows actually
unregistering from receiving notifications of frames, although with some
quirks.  The current API only allowed the callback for a registration to
be forgotten but our process and/or the kernel would still be woken up
when matching frames were received because the kernel had no frame
unregister call.  In the new API you can supply a group-id paramter when
registering frames.  If it is non-zero the frame_watch_group_remove() call
can be used to remove all frame registrations that had a given group-id
by closing the netlink socket on which the notifications would be
received.  This means though that it's a slightly costly operation.

The file is named frame-xchg.c because I'm thinking of also adding
utilities for sending frames and waiting for one of a number of replies
and handling the acked/un-acked information.
2020-01-13 11:49:08 -06:00
Andrew Zaborowski
c6c45e0569 wscutil: Add wsc_build_m8_encrypted_settings 2020-01-09 14:03:45 -06:00
Andrew Zaborowski
c67219a292 wscutil: Add wsc_build_credential 2020-01-09 13:57:11 -06:00
Andrew Zaborowski
0f8a49501e wsc: Refactor store_credentials / try_credentials
Instead of taking the credentials from wsc object directly, have the
caller pass these in.  This makes it more consistent with how the
done_cb was done.
2020-01-06 15:23:55 -06:00
Andrew Zaborowski
25708fbb5c wsc: Refactor to separate station-specific code
Split the interface-specific logic from the core WSC logic.  The core
WSC code is the part that we can re-use between P2P and station and
doesn't include the D-Bus code, scanning for the target BSS or the
attempt to make a station mode connection.
2020-01-06 11:50:12 -06:00
Andrew Zaborowski
a716f46573 netdev: Replace bool randomize_mac with specific address
Allow netdev_create_from_genl callers to draw a random or non-random MAC
and pass it in the parameter instead of a bool to tell us to generating
the MAC locally.  In P2P we are generating the MAC some time before
creating the netdev in order to pass it to the peer during negotiation.
2020-01-06 11:27:38 -06:00
Tim Kourt
d9efacfbba peap: Ignore Crypto-Binding TLVs with invalid compound MACs
Some server implementation don't seem to provide the valid compound MACs.
In the meantime, iwd will ignore the invalid Crypto-Binding TLVs as their
usage is optional.
2019-12-18 23:46:49 -06:00
Denis Kenzior
83e535b643 netdev: Use nl80211_parse_attrs 2019-12-17 16:58:04 -06:00
Denis Kenzior
9ee2b4ea4a nl80211util: Support ATTR_MAC 2019-12-17 16:58:04 -06:00
Denis Kenzior
ab14515715 resolve: Fix invalid method name check
The intent was to check for the presence of the add_domain_name
operation, not add_dns operation.

Fixes: 930528e35e ("resolve: Add systemd-resolved domain name installer")
2019-12-17 16:58:04 -06:00
Denis Kenzior
0e49561bb7 treewide: Use l_debug with at least one argument
By convention we should be passing at least an empty string to make it
clearer that no additional debug info is being printed
2019-12-17 16:15:05 -06:00
Denis Kenzior
3607ee0c7e netdev: Allow both -EOPNOTSUPP and -ENOTSUPP
It seems that the kernel uses -EOPNOTSUPP if the change_station
operation is not implemented by the driver.  However, some drivers do
implement change_station and choose to report -ENOTSUPP instead of
-EOPNOTSUPP.

To add to the confusion, EOPNOTSUPP and -ENOTSUPP are the same on some
systems (e.g. Gentoo).  Be paranoid and allow both errors to be ignored
when sending CMD_SET_STATION.

Fixes: 0238ffb8d9 ("netdev: Use -EOPNOTSUPP instead of -ENOTSUPP")
2019-12-17 16:10:46 -06:00
Tim Kourt
1f84c3b19a manpage: Add section about IPv4 static network configuration 2019-12-17 11:30:54 -06:00
Tim Kourt
f21d1aa78b peap: Add debug statements 2019-12-17 11:07:32 -06:00
Denis Kenzior
295e42f87a resolve: Don't try to set routing domains
The intent was to treat all domains as search domains, not routing
domains.

Fixes: 930528e35e ("resolve: Add systemd-resolved domain name installer")
2019-12-17 11:01:38 -06:00
James Prestwood
18c2c98ad5 rrm: fix bad sign for calculating RCPI
The first if case should be -10950, not 10950. Without the negative
this first case would get hit every time since signal strength values
are always negative.
2019-12-13 08:34:14 +01:00
Tim Kourt
8884fd8bbd peap: Add support for Crypto-Binding in PEAPv0
The Crypto Binding TLV is used to ensure that the EAP peer and the
EAP server participated in both the inner and the outer EAP
authentications of a PEAP authentication by cryptographically associating
the phase 1 and phase 2 authentications.

The usage of Crypto-Binding in PEAPv0 is optional and is triggered by
the reception of the Crypto-Binding TLV from the server.
2019-12-12 15:13:32 -06:00
Tim Kourt
8e5f838219 peap: Extend EAP Extensions to handle multiple TLVs
The handler for EAP Extensions has been modified to support multiple
TLV types instead of the single Result TLV. This will allow to handle
the other TLVs such as Crypto-Binding TLV.
2019-12-12 15:13:32 -06:00
Tim Kourt
fb338154a2 netconfig: Add IPv4 domain name helper and installer
The provided domain name helper allows to override the DHCP lease
option value with the static one from network configuration file.
2019-12-12 10:35:12 -06:00
Pinghao Wu
d510f332b6 eap-gtc: Try to auth even if request not Password
There are some server implementations that send requests that are
not "Password" but still want us send password. This commit modify
the behavior to send a warning and still try to auth with password.

This makes me able to auth with server in my school which sends
"Enter Aruba Login".

wpa_supplicant does not check if it is "Password".
2019-12-12 10:22:58 -06:00
Denis Kenzior
0238ffb8d9 netdev: Use -EOPNOTSUPP instead of -ENOTSUPP
The kernel uses -EOPNOTSUPP in the case of change_station operation not
being provided.  On most systems -EOPNOTSUPP is defined to be the same
as -ENOTSUPP, but seemingly not all systems.
2019-12-12 10:19:24 -06:00
Tim Kourt
930528e35e resolve: Add systemd-resolved domain name installer
The exposed DBus API is used to install doamin name into
sytemd-resolved.
2019-12-11 00:57:35 -06:00
Tim Kourt
1fd794a444 netconfig: Use CamelCase for IPv6 DNS setting 2019-12-11 00:57:29 -06:00
Tim Kourt
ac9c87d012 netconfig: Use CamelCase for IPv6 gateway setting 2019-12-11 00:57:29 -06:00
Tim Kourt
2414a3ae51 netconfig: Use CamelCase for IPv6 address settings 2019-12-11 00:57:29 -06:00
Tim Kourt
e7db478f97 netconfig: Use CamelCase for IPv4 DNS setting 2019-12-11 00:57:29 -06:00
Tim Kourt
994c1a4b5a netconfig: Use CamelCase for IPv4 gateway setting 2019-12-11 00:57:29 -06:00
Tim Kourt
0d9487d4ec netconfig: Use CamelCase for IPv4 address settings 2019-12-11 00:57:29 -06:00
Tim Kourt
1b483c3963 crypto: Add support for PRF+ SHA1
The PRF+ algorithm is based Internet Key Exchange (IKEv2) Protocol:
	https://www.ietf.org/rfc/rfc4306.txt
2019-12-09 01:47:11 -06:00
Tim Kourt
24b6a95366 peap: Rename AVPs to TLVs
Most of the literature seems to refer to AVPs as TLVs. Rename the
variables to follow the common nomenclature.
2019-12-09 01:39:41 -06:00
Tim Kourt
9bf0b756c8 peap: Delay key installation until success of Phase 2
Previously, the key was installed once the tunnel was created
despite the outcome of the second authentication phase. Now, the
key installation is delayed until the successful completion of
the second authentication phase. This excludes the unnecessary
operations in the case of a failure and key reinstallation with
cypro-binding in use.
2019-12-09 01:39:27 -06:00
Tim Kourt
5273a3b581 peap: Introduce PEAP state
Introduction of the state struct will allow to hold the additional
state variables related to the implementation of PEAP.
2019-12-09 01:38:59 -06:00
Andrew Zaborowski
cbbc247aa2 wsc: Declare the credentials structure in wsc.h 2019-12-08 21:48:33 -06:00
Denis Kenzior
738184d491 device/netdev: init scan in netdev instead of device
Commit 1057d8aa74 changed the device interface creation logic
from being unconditional inside netdev.c to instead use NETDEV_WATCH_*
events.  However, this broke the assumption that the device interface
was created before all others.  The effect is that the scan_wdev_add
might no longer be called prior to station interface being created.  Fix
this by moving scan_wdev_add/remove calls to netdev.c instead.

Fixes: 1057d8aa74 ("device: Move device creation from netdev.c to event watch")
2019-12-06 10:12:55 -06:00
Denis Kenzior
d2556a48b7 scan: Fix crash when scan is triggered outside iwd
#0  0x000055555558ee5d in scan_notify (msg=0x55555560b640, user_data=0x0) at src/scan.c:1706
 #1  0x00007ffff7f2c78c in ?? () from /usr/lib/libell.so.0
 #2  0x00007ffff7f299ec in ?? () from /usr/lib/libell.so.0
 #3  0x00007ffff7f28e4a in l_main_iterate () from /usr/lib/libell.so.0
 #4  0x00007ffff7f28efc in l_main_run () from /usr/lib/libell.so.0
 #5  0x00007ffff7f290b9 in l_main_run_with_signal () from /usr/lib/libell.so.0
 #6  0x00005555555639c4 in main (argc=1, argv=0x7fffffffec18) at src/main.c:497
2019-12-02 11:02:05 -06:00
Marcel Holtmann
9d8e74c1bc module: Declare functions as foo(void) instead of just foo() 2019-11-24 19:44:06 +01:00
Andrew Zaborowski
becba0dd09 scan: Add scan_bss_new_from_probe_req 2019-11-21 20:51:21 -06:00
Andrew Zaborowski
1d57ec0d46 scan: Parse P2P IEs according to frame type
Save the source frame type in struct scan_bss as it may affect how some
of the data in the struct will be parsed.  Also replace the P2P IE
payload data in that struct with a union containing pre-parsed p2p
attributes corresponding to the frame type.

This means users don't have to call the parsers in p2putil.c on that
data, which wouldn't have worked anyway because those parsers assume
input is the raw IE sequence rather than just the "payload".
2019-11-21 20:51:17 -06:00
Denis Kenzior
41ff1d2383 rrm: Remove unneeded casts 2019-11-21 20:34:06 -06:00
James Prestwood
32dfb6208d rrm: add packed struct for beacon reports
build_report_for_bss was refactored to use this packed structure rather
than l_put_* APIs.
2019-11-21 16:33:06 -06:00
Andrew Zaborowski
ce94133472 p2putil: Replace free with clear in function names
All these functions free up the resources used by the struct but don't
free the struct itself (allowing it to be static) so rename the
functions to avoid confusion.
2019-11-21 14:02:19 -06:00
James Prestwood
c86f5678b2 wsc: fix use of non-ascii apostrophe 2019-11-21 14:00:35 -06:00
James Prestwood
0381361c81 eapol: fix use of non-ascii apostrophe 2019-11-21 14:00:35 -06:00
James Prestwood
ccfe369766 rrm: include actual scan start time in report 2019-11-21 13:45:40 -06:00
James Prestwood
27af5b715e scan: parse the scan start time
The kernel sends NL80211_ATTR_SCAN_START_TIME_TSF with CMD_TRIGGER and
RRM requires this value for beacon measurement reports.

The start time is parsed during CMD_TRIGGER and set into the scan request.
A getter was added to obtain this time value for an already triggered
scan.

After making the change, the SCAN_ABORTED case was cleaned up a bit to
remove the local scan_request usage in favor of the one used for all the
other cases.
2019-11-21 13:45:40 -06:00
James Prestwood
002fdb5c10 rrm: fix non-ascii character in comment 2019-11-21 13:45:40 -06:00
Marcel Holtmann
ee864662fe module: Add missing empty line 2019-11-21 18:03:55 +01:00
Andrew Zaborowski
59b963a121 netdev: Power P2P interfaces up like other interfaces
After all we will want to power these iftypes up on init just like
station, etc.
2019-11-20 20:29:34 -06:00
Andrew Zaborowski
81be5fbae5 rtnlutil: Move rtnl_set_powered from netdev to rtnlutil
This function fits with the other utilities in rtnlutil and netdev.c
can slim down.
2019-11-20 20:28:48 -06:00
Andrew Zaborowski
3ffb645f22 device: Make functions static, drop device.h 2019-11-20 20:26:55 -06:00
Andrew Zaborowski
1057d8aa74 device: Move device creation from netdev.c to event watch
Create and destroy the device state struct and the DBus interfaces in a
way more similar to the Station, AdHoc and AP interfaces.  Drop
netdev_get_device() and the device specific code in netdev that as far
as I can tell wasn't needed.
2019-11-20 20:24:48 -06:00
Andrew Zaborowski
bc1b9ce10c anqp: Only register for frames on station interfaces
Check the iftype before registering ANQP on new interface.

Not that the check here and in rrm.c (which already checks the iftype)
may need to be extended to run on NETDEV_WATCH_EVENT_UP because a device
could be created with a different iftype and then have the iftype changed
before powering up.
2019-11-20 20:24:43 -06:00
Denis Kenzior
aa754cbb4a rrm: include actual parent TSF value
If the scan results included a parent TSF value use it.
2019-11-20 20:11:47 -06:00
James Prestwood
e92424611a scan: fix parent TSF parsing
The value coming from the kernel is in the same endianness as IWD, so
just parse it as a u64 rather than le64.
2019-11-20 20:04:30 -06:00
James Prestwood
c1c2ca5e7f rrm: remove use of floating point math
The RCPI value was using floating point values as per the spec. But instead
we can just use the signal strength coming from the kernel in mili mdm and
scale the hard coded values by a factor of 100.
2019-11-18 12:52:33 -06:00
James Prestwood
be4ab2826f scan: parse parent TSF value in scan results
RRM can include this in measurement reports if present in scans
2019-11-15 14:28:26 -06:00
James Prestwood
1b35eda3dd rrm: support scan duration and mandatory flags
Beacon requests can specify a scan duration, and set a flag which makes
this duration mandatory. The kernel supports both these values for scan
requests so we no longer need to reject requests which contain these.

Drivers which do not support EXT_FEATURE_SET_SCAN_DWELL will ignore the
duration value, but if duration mandatory is set we must reject the
request.
2019-11-15 14:12:24 -06:00
James Prestwood
dca90abdc5 scan: add duration scan_parameters
The kernel allows a scan duration and duration mandatory flag to be
set in scan requests. RRM requests can contain these values so they
have been added to scan_parameters.

Scanning with drivers which do not support EXT_FEATURE_SET_SCAN_DWELL
will not include these values in scan requests.
2019-11-15 14:11:16 -06:00
James Prestwood
4cee10ec50 scan: add scan_passive_full variant
Just like active scans, add an API for passive scans which take in
the full scan_parameters structure.
2019-11-15 14:11:16 -06:00
James Prestwood
5528403d77 rrm: fix invalid IE tag when rejecting request
The rejection report actually contained a request IE, not a report IE
2019-11-15 11:03:39 -06:00
James Prestwood
90fb7eff7d station: fail if trying to scan while connecting
If a scan is requested during the middle of a connection we should
return busy instead of attempting the scan. The kernel ends up coming
back with not supported in this case, which is misleading and
difficult to debug.
2019-11-14 15:23:03 -06:00
James Prestwood
81ac94fd01 hotspot: fix double free between hostpot and knownnetworks
The module framework was changed to call the module exit functions in
the reverse order as the init functions. This uncovered/caused known
networks to try and free the network_info structures after hotspot had
already freed them. Since known networks clean up the network_info's
anyways, we don't actually need hotspot to do any cleanup.
2019-11-13 16:37:17 -06:00
Andrew Zaborowski
95d4eea68f modules: Unload modules in reverse order from loading
Make sure a module A that is needed by B is not unloaded before B.
2019-11-11 18:29:45 -06:00
Andrew Zaborowski
083143ed05 module: Fix variable names
Apparently the intention was for the dependent module's name to appear
in the variable name resulting from using IWD_MODULE_DEPENDS, so the
dependencies all have unique names (apparently not critical).
2019-11-11 18:29:45 -06:00
Tim Kourt
96a97dc959 peap: Adjust V0 not to close tunnel on Success of Phase2
Despite that PEAPv0 spec indicates that TLS tunnel needs to be torn
down after the transmission of a secure Result response, some servers
treat this TLS close alert as a failure. This patch changes the above
behavior to explicitly torn the tunnel only in the case of
authentication failure and leave it open after the success.
2019-11-11 18:29:12 -06:00
Denis Kenzior
bc17925f3a manpage: Fix section naming
The previous refactoring somehow changed the 'Settings' section name
into 'General'

Fixes: ac53239109 ("doc: Split network configuration description into separate manpage")
2019-11-08 21:24:54 -06:00
Tim Kourt
aea6c1ccb6 scan: Separate IE attr creation into logical block
This also introduces the max IE length check and exludes the addition
of IEs for the drivers that don't support it.
2019-11-08 21:05:51 -06:00
Tim Kourt
0490c25fde scan: Fix bit checking for interworking
The checker function will later be changed to match the bit setter.
2019-11-08 21:05:39 -06:00
Tim Kourt
48570141ba scan: Improve comment 2019-11-08 20:43:16 -06:00
Tim Kourt
175bf574c6 manpage: Add route prioritization setting 2019-11-08 17:05:18 -06:00
Marcel Holtmann
ab5742bb32 module: Move declarations into separate header file 2019-11-07 23:40:13 +01:00
James Prestwood
1f01819c70 rrm: add radio resource management module
This module takes care of radio measurements which an AP can request.
There are many types of requests, and for now only beacon requests
are supported.

IWD will filter certain types of beacon requests that are NOT
supported:

 - AP channel reports. Only single channel requests will be supported
 - Autonomous measurements. Only direct requests will be supported.
   IWD will not accept requets to trigger reports under certain
   conditions (SNR/RSSI thresholds, etc.)
 - Timed measurements. Only immediate measurements will be performed.
   The accuracy for timed measurements cannot be reliably guaranteed
   due to kernel scheduling/queues.
 - Full reporting detail. The AP can request the STA return the full
   set of IEs in a beacon. IWD does not currently save all IEs, plus
   there is quite a bit of complexity involved as certain IEs get
   truncated, and there are other length limitations.

There are other limitations not specific to beacon requests:

 - IWD will support single measurement requests per report. Multiple
   measurement request IEs can be included, but the reports will be
   sent out separately.

 - IWD will limit the number of requests it responds to in a given
   amount of time. As it stands now this is hard coded to 2 requests
   per second maximum. This will prevent DoS attacks.

 - IWD will not accept any measurement requests from APs it is not
   connected to, and will not accept any requests until connected.
2019-11-07 12:26:19 -06:00
James Prestwood
63e8f146b7 wiphy: add beacon bits to RM Enabled Capabilities
This tells AP's that we support Passive, Active, and Table beacon
measurements.
2019-11-07 12:26:19 -06:00
Marcel Holtmann
754ce0d112 anqputil: Use complete path internal includes 2019-11-07 18:29:11 +01:00
Tim Kourt
259a666a76 wsc: Check capability before adding interface 2019-11-06 17:46:00 -06:00
Tim Kourt
df43470c32 wiphy: Add parser and getter for max ie len attr 2019-11-06 17:04:00 -06:00
Marcel Holtmann
c6f9e89748 doc: Add manual page for debugging information 2019-11-05 22:14:09 +01:00
Marcel Holtmann
1365fc6820 doc: Fix manual page title names 2019-11-05 22:12:22 +01:00
James Prestwood
2962a80e14 station: add APIs to get connected BSS and BSS list
For Radio Resource Management (RRM) we will need access to the currently
connected BSS as well as the last scan results in order to do certain
kinds of requested measurements.
2019-11-04 14:43:38 -06:00
Tim Kourt
597920d06c knownnetworks: Check result of setting getter
Set the value of 'is_hidden' if necessary.
2019-10-30 14:39:21 -05:00
Andrew Zaborowski
77e9df23c1 netdev: Drop unused netdev_connect_wsc 2019-10-30 14:36:23 -05:00
Andrew Zaborowski
6d3ae88a21 wsc: Replace netdev_connect_wsc with netdev_connect usage
netdev_connect can achieve the same effect as netdev_connect_wsc but is
more flexible as it allows us to supply additional association IEs.  We
will need this capability to make P2P connections.  This way we're also
moving the WSC-specific bits to wsc.c from the crowded netdev.c.
2019-10-30 14:35:10 -05:00
Andrew Zaborowski
0651c2c430 eapol: Drop unused eapol_sm_set_event_func 2019-10-30 14:34:20 -05:00
Andrew Zaborowski
dcf419ee7f eapol: Move the EAP events to handshake event handler
On EAP events, call the handshake_event handler with the new event type
HANDSHAKE_EVENT_EAP_NOTIFY isntead of the eapol_event callback.

This allows the handler to be set before calling
netdev_connect/netdev_connect_wsc.  It's also in theory more type-safe
because we don't need the cast in netdev_connect_wsc anymore.
2019-10-30 14:26:09 -05:00
Andrew Zaborowski
0cccbea904 handshake: Convert handshake event callbacks variadic functions
Convert the handshake event callback type to use variable argument
list to allow for more flexibility in event-specific arguments
passed to the callbacks.

Note the uint16_t reason code is promoted to an int when using variable
arguments so va_arg(args, int) has to be used.
2019-10-30 14:24:05 -05:00
Andrew Zaborowski
2c536ba4fa scan: Hide CCK rates if no_cck_rates set
no_cck_rates is set in the scan parameters generally to make sure
that the Probe Request frames are not sent at any of the 802.11b
rates during active scans.  With this patch we also omit those rates
from the Supported Rates IEs, which is required by the p2p spec and
also matches our flag's name.
2019-10-30 11:13:42 -05:00
Andrew Zaborowski
07cef99e5c wiphy: Add wiphy_get_supported_rates
Add code to parse the supported data rates info from the wiphy dumps and
expose it for P2P's use with a getter function.
2019-10-30 10:58:36 -05:00
Denis Kenzior
7d24edf467 manpage: Add some examples of network configurations 2019-10-28 21:50:23 -05:00
Denis Kenzior
785fd8c6eb manpage: Add James to author info 2019-10-28 21:10:37 -05:00
Denis Kenzior
480d678a85 main: Update to the new ell API 2019-10-28 15:48:36 -05:00
Denis Kenzior
ccc114fa5f dbus: Use the new /net/connman/iwd root path 2019-10-28 11:32:57 -05:00
James Prestwood
d164923e7c manpages: replace shorthand words
Replaces cases of 'certs' with 'certificates', and 8021x with IEEE 802.1x
2019-10-28 10:45:30 -05:00
Marcel Holtmann
5a473a755c doc: Minor formatting changes for the configuration documentation 2019-10-26 02:07:03 +02:00
Denis Kenzior
3b937424db nl80211util: Ensure all entries are parsed
The current logic did not make sure that each entry provided was
actually parsed.  Also add a sanity check to make sure that no duplicate
parsing occurs.
2019-10-25 13:46:58 -05:00
Andrew Zaborowski
d577036879 p2putils: Fix length in Channel List parsing 2019-10-25 13:34:37 -05:00
Andrew Zaborowski
6ee83fdca9 p2putil: Replace constants with wifi_alliance_oui 2019-10-25 13:34:05 -05:00
James Prestwood
0d7fbfe523 network: add L_WARN for known network lookup failure
When updating the network ranking there was a potential out of bounds
array access. The condition was if known_network_offset returned a
negative value, indicating the known network was not found. Since
network->info is only set for known networks this should not ever
happen as network->info is checked prior.

Though this is likely impossible, knownnetworks is complex enough that
its better to just be paranoid and put an L_WARN_ON to check the
return.
2019-10-25 13:19:31 -05:00
Denis Kenzior
cf6499387f manpage: Update networking related settings 2019-10-25 13:18:42 -05:00
Denis Kenzior
16f51f5b5e treewide: Use CamelCase for netconfig settings 2019-10-25 13:18:42 -05:00
James Prestwood
8c3c81716f manpage: add section on embedding PEMs in settings 2019-10-25 11:22:36 -05:00
Denis Kenzior
624533e9c4 manpage: Document additional [General] settings 2019-10-25 11:21:29 -05:00
Denis Kenzior
7db8cf92fe manager: Switch to CamelCase for mac_randomize 2019-10-25 11:21:04 -05:00
Denis Kenzior
8d0860ef86 wiphy: Switch to CamelCase for mac_randomize_bytes 2019-10-25 11:16:28 -05:00
Denis Kenzior
b3c08da45b manager: Use CamelCase for use_default_interface 2019-10-25 09:20:42 -05:00
Denis Kenzior
d12ee292aa treewide: Use CamelCase for disable_anqp setting 2019-10-24 23:18:23 -05:00
Denis Kenzior
27afe6c49f netdev: Use CamelCase for pae over nl80211 setting 2019-10-24 21:36:53 -05:00
Denis Kenzior
43d386bbe4 netdev: Use CamelCase for roam threshold setting 2019-10-24 21:36:53 -05:00
Denis Kenzior
1fbf64b667 station: use CamelCase for MFP setting 2019-10-24 21:36:50 -05:00
Marcel Holtmann
7abd998d00 build: Move 50-iwd.link up to 80-iwd.link for less confusion 2019-10-25 01:08:56 +02:00
Marcel Holtmann
152b56a12a treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
Marcel Holtmann
2a1cf2593b doc: Add missing author names to iwd config manual page 2019-10-25 00:22:20 +02:00
Marcel Holtmann
eb4ea958c7 build: Rename iwd.conf.5 into iwd.config.5 2019-10-25 00:21:05 +02:00
Marcel Holtmann
cd0d57077e build: Add systemd network link file to disable persistent naming 2019-10-25 00:15:05 +02:00
Denis Kenzior
d4d35c7872 eapol: Use CamelCase for [EAPoL] settings 2019-10-24 15:58:08 -05:00
Denis Kenzior
3540cc5cc0 manpage: Document [Scan] settings 2019-10-24 15:58:08 -05:00
Denis Kenzior
e540978633 treewide: Use CamelCase for [Scan] settings 2019-10-24 15:58:08 -05:00
Denis Kenzior
3a0c70210d manpage: Document [Rank] settings 2019-10-24 15:58:08 -05:00
Denis Kenzior
b205d9bdf1 scan: Use CamelCase for [Rank] settings 2019-10-24 15:58:05 -05:00
Denis Kenzior
19a85a85e7 treewide: Rename EAP mtu key to MTU 2019-10-24 13:51:20 -05:00
Denis Kenzior
f6994f502b manpage: Document Blacklist settings 2019-10-24 13:39:40 -05:00
Denis Kenzior
d66139fe34 treewide: Switch to CamelCase for Blacklist settings 2019-10-24 13:38:11 -05:00
Denis Kenzior
8a1ce9e3e3 manpage: Use AutoConnect instead of Autoconnect 2019-10-24 13:04:53 -05:00
Denis Kenzior
356fadad5a hotspot: Use AutoConnect instead of Autoconnect 2019-10-24 13:04:53 -05:00
Denis Kenzior
2dec3ff1b6 knownnetworks: Use AutoConnect setting
Since the property Autoconnect was renamed to AutoConnect, change the
Autoconnect setting to match.

For now we still allow the legacy name to be used here, but a warning is
printed to remind users to update.
2019-10-24 13:04:53 -05:00
Denis Kenzior
c49893c827 knownnetworks: Use AutoConnect as property name 2019-10-24 12:49:59 -05:00
Denis Kenzior
2d2bc70b64 device: Remove support for WDS property 2019-10-24 11:41:19 -05:00
Denis Kenzior
206bfbdf3a dbus: update to use InvalidArguments error 2019-10-24 10:54:21 -05:00
Denis Kenzior
a06583ffc4 dbus: Update to the new wsc api naming 2019-10-24 10:49:13 -05:00
Tim Kourt
b096c27377 hotspot: eliminate double assignment of variable 2019-10-23 17:57:35 -05:00
Tim Kourt
d8f98a5f20 hotspot: Fix mem leak on failed hotspot config 2019-10-23 17:56:18 -05:00
Denis Kenzior
45bd459711 eap-tls-common: Relax certificate chain check
Relax the pre-check for local user certificate.  Before we used to check
that the CA provided (if any) was used to verify both the peer identity
and the local certificate chain.  However, there seem to be networks
that use different CAs to sign AP/Radius certificates and certificates
issued to users.

Drop the ca_certs argument from l_certchain_verify, but keep the call
there to make sure the certificate chain is indeed a chain as a sanity
check.
2019-10-23 09:51:29 -05:00
Andrew Zaborowski
1d29221ef0 netdev: Extend checks for P2P scenarios
Extend the iftype-based checks to handle the P2P iftypes and remove a
warning that may be triggered in normal situations in the P2P scenarios.
2019-10-21 22:35:31 -05:00
Andrew Zaborowski
cd47834d6c wiphy: Add wiphy_get_max_roc_duration
Add a function to retrieve the maximum Remain On Channel listen duration
supported by the wiphy's driver.
2019-10-21 22:07:17 -05:00
James Prestwood
a1189d64b1 sae: remove unneeded NULL pointer check
The frame was already validated, and mmpdu_body will never return
a NULL pointer.
2019-10-21 17:14:49 -05:00
James Prestwood
27d698a0c0 sae: fix incorrect length adjustment
The commit/confirm processing was incorrectly subtracting 2 from
the length when they should be subtracting 6. As with the other
similar change, the length is validated with mpdu_validate so
subtracting 6 will not cause an overflow.
2019-10-21 17:12:01 -05:00
James Prestwood
47efe17461 sae: fix inproper return value in sae_verify_accepted
This function was returning a boolean and the expected return was
a signed integer. Since this function actually returned false in
all cases the check for a success (0) return always worked.

The comment about the 'standard code path' was removed as this is
no longer valid.
2019-10-21 16:50:42 -05:00
James Prestwood
3f2b558f57 sae: fix potential integer overflow
If an authentication frame of length <= 5 is sent sae will overflow an
integer. The original cause of this was due to incorrectly using the
sizeof(struct mmpdu_header). The header can be either 24 or 28 bytes
depending on fc.order. sizeof does not account for this so 28 is always
the calculated length.

This, in addition to hostapd not including a group number when rejecting,
cause this erroneous length calculation to be worked around as seen in
the removed comment. The comment is still valid (and described again
in another location) but the actual check for len == 4 is not correct.

To fix this we now rely on mpdu_validate to check that the authentication
frame is valid, and then subtract the actual header length using
mmpdu_header_len rather than sizeof. Doing this lets us also remove the
length check since it was validated previously.
2019-10-21 16:50:42 -05:00
James Prestwood
9ec87acccf mpdu: expose mmpdu_header_len 2019-10-21 16:50:42 -05:00
Marcel Holtmann
ac53239109 doc: Split network configuration description into separate manpage 2019-10-20 19:33:53 +02:00
Marcel Holtmann
6238f9bbd7 doc: Start describing settings in main.conf 2019-10-20 10:25:51 +02:00
Marcel Holtmann
5e77e34c46 doc: Mention all available environment settings 2019-10-19 23:13:34 +02:00
Marcel Holtmann
806d36a35e doc: Minor updates to formatting and mention STATE_DIRECTORY 2019-10-19 23:00:16 +02:00
James Prestwood
0d9c9274d9 eapol: do not parse RSN for WPA1 in 1 of 4
A recent change checked the return value of ie_parse_rsne_from_data
inside the ptk 1/4 handler. This seemed safe, but actually caused
the eapol unit test to fail.

The reason was because eapol was parsing the IEs assuming they were
an RSN, when they could be a WPA IE (WPA1 not WPA2). The WPA case
does not end up using the rsn_info at all, so having rsn_info
uninitialized did not pose a problem. After adding the return value
check it was found this fails every time for WPA1.

Since the rsn_info is not needed for WPA1 we can only do the RSN
parse for WPA2 and leave rsn_info uninitialized.
2019-10-17 18:48:18 -05:00
Denis Kenzior
99923c90da util: Be more paranoid when parsing addresses
Add a check to make sure that sscanf reads all 6 bytes of the address as
well.
2019-10-17 18:22:25 -05:00
Denis Kenzior
f878ec275d scan: Fix logic error in frequency validation
The intent here was to validate that the frequency is a multiple of 5
and lies in a certain range.  Somehow the channel was checked for being
a multiple of 5 instead.
2019-10-17 18:00:33 -05:00
Denis Kenzior
9ec50c910b rtnlutil: Remove pointless conditional
gateway is checked to be !null above, so the conditional can be dropped.
2019-10-17 17:53:30 -05:00
Denis Kenzior
a533734471 p2putil: Fix logic in required attribute check
The logic here intended to check whether all required attributes were
available.  However, it set the parse_error to true instead of
have_required to false as intended.
2019-10-17 17:39:53 -05:00
Denis Kenzior
5dbccee798 network: Be extra pedantic in network_get_psk
Check that the passphrase to PSK conversion actually succeeds.
2019-10-17 17:33:56 -05:00
Denis Kenzior
a043f26134 netdev: Skip IE processing of no request IEs sent 2019-10-17 17:30:11 -05:00
Denis Kenzior
aa75b3e06e ap: Remove unneeded NULL check
sta is already dereferenced above, no need for the extra check here
2019-10-17 17:22:02 -05:00
Denis Kenzior
aba73171f6 wsc: Fix potential memory leak
If the netdev_connect_wsc call fails, handshake_state object isn't
freed.
2019-10-17 12:37:04 -05:00
Denis Kenzior
9a588944aa backtrace: Don't ignore strchr errors 2019-10-17 12:10:36 -05:00
Denis Kenzior
ef0f9ad193 backtrace: Fix a potential buffer overrun 2019-10-17 12:08:21 -05:00
James Prestwood
34560120f9 util: add bounds check to util_get_{domain,username}
Replace uses of strcpy by the safer l_strlcpy.  Note that both of these
functions can only be called with a buffer of max 253 bytes (the
identity string), so this is purely a precautionary measure.
2019-10-17 11:21:47 -05:00
James Prestwood
65f279dc1e util: Use memcpy instead of strncpy
The sub-string copied here will never have NULL terminators, so use
memcpy here to make this clearer.
2019-10-17 11:20:51 -05:00
James Prestwood
6b8f566498 ie: reorder ie_parse_osen to fix uninitialized value
RSNE_ADVANCE could result in a jump to the done label where info would
be copied without being initialized.
2019-10-16 21:25:41 -05:00
James Prestwood
de3a267d03 eapol: check return of ie_parse_rsne_from_data 2019-10-16 21:24:25 -05:00
James Prestwood
91c449d74a eapol: reorder eapol_sm_free
Technically there's no problem here as l_queue_remove does not
dereference the pointer.  Still, it confuses certain static analysis
tools in the current form. Reordering this will not change the behavior
at all.
2019-10-16 21:16:28 -05:00
James Prestwood
0ade612b3e hotspot: check if HESSID parses correctly 2019-10-16 18:40:30 -05:00
James Prestwood
87a1c55145 hotspot: fix multiple potential memory leaks 2019-10-16 18:32:46 -05:00
Denis Kenzior
b3799a9f8d owe: Fix potential memory leak 2019-10-16 18:14:17 -05:00
James Prestwood
96aa658375 sae: check return getting k_point 2019-10-16 18:09:29 -05:00
James Prestwood
ba7f7febd1 owe: fix potential uninitialized variable 2019-10-16 18:08:47 -05:00
James Prestwood
8bbfa4db49 owe: fix potential double free on error 2019-10-16 18:08:08 -05:00
James Prestwood
ab92901252 owe: check for error return getting shared_secret 2019-10-16 18:05:43 -05:00
James Prestwood
7b1e1497b7 ie: fix uninitialized rx/tx_nss values 2019-10-16 18:02:49 -05:00
James Prestwood
a8e935ee77 crypto: fix potential memory leak 2019-10-16 17:58:50 -05:00
James Prestwood
8364807938 eap-pwd: fix potential memory leak 2019-10-16 17:58:14 -05:00
James Prestwood
e31074b246 erp: check return of hkdf_expand 2019-10-16 17:57:05 -05:00
James Prestwood
81ec93fdcc anqp: fix potential NULL pointer dereference 2019-10-16 17:57:05 -05:00
Denis Kenzior
269377c92f scan: Simplify parsing using nl80211_parse_attrs 2019-10-16 16:33:40 -05:00
Tim Kourt
34cd8d5f3e eap-ttls: Fix memory leak
A very unlikely condition could result in struct phase2_method being
leaked.
2019-10-16 15:48:32 -05:00
Denis Kenzior
6917f75c6a doc: Add network configuration section to iwd.rst
Content is mostly pulled from the wiki and re-arranged slightly.
2019-10-16 15:45:58 -05:00
Florian Klink
af877978a1 doc: fix typo systemd->system
Even though this is equal on most distros, we're not quite there yet.
2019-10-14 16:38:49 -05:00
James Prestwood
fe179f96fd eap: utilize IWD_MODULE
Converts eap into an IWD module.
2019-10-11 15:45:26 -05:00
James Prestwood
8f600ee1b5 eap: remove mtu argument from eap_init
This was refactored to set the mtu via __eap_set_config rather than
passing the MTU into eap_init. This makes eap work in a similar fashion
as eapol (i.e. __eapol_set_config).

If __eap_set_config is not used, the MTU will be set to 1020, which is
the same as previously passing 0 to eap_init.
2019-10-11 15:44:38 -05:00
James Prestwood
d53dcf2334 wiphy: utilize IWD_MODULE
This converts wiphy into an IWD module. nl80211 was completely removed
from main.c as it is no longer passed with manager or wiphy.
2019-10-11 15:42:13 -05:00
James Prestwood
97bac236c8 wiphy: remove white/blacklist from wiphy_init
wiphy will now use getters for the phy white/black list.
2019-10-11 15:41:54 -05:00
Denis Kenzior
cc2d4f97e2 manager: Make sure pending_wiphys remains NULL on error 2019-10-11 15:41:16 -05:00
James Prestwood
2d8d47c9dd manager: utilize IWD_MODULE
Converts manager into an IWD module.
2019-10-11 15:38:25 -05:00
James Prestwood
87c42bccf1 manager: remove white/black list from argument
Instead we add getters for these lists that manager_init can use.
2019-10-11 15:37:58 -05:00
James Prestwood
2ab8d4bbed anqp: utilize IWD_MODULE
This converts anqp into an IWD module.
2019-10-11 15:37:33 -05:00
James Prestwood
369c5fbd0b eapol: utilize IWD_MODULE
This converts eapol to using IWD modules. The init/exit APIs did need
to remain exposed for unit tests.

Netdev was updated to depend on eapol.
2019-10-11 15:36:45 -05:00
Denis Kenzior
cb57d44cb4 netdev: Fix resource leaks in netdev_init 2019-10-11 15:34:54 -05:00
James Prestwood
d42c4a57b8 netdev: utilize IWD_MODULE
Since iwd_modules_init is now defered until nl80211_appeared, we can
assume the nl80211 object is available. This removes the need for
netdev_set_nl80211 completely.
2019-10-11 15:30:28 -05:00
James Prestwood
df8fc5f918 main: move module init into nl80211_appeared
In preparation for integrating IWD_MODULE into modules which require
nl80211 we move the module init into the nl80211_appeared callback.
This will guarentee that the nl80211 is available during module init
and allow modules to get their own copy of nl80211 rather than needing
a set function (e.g. netdev_set_nl80211).

Since the dbus name request callback happens before this as well any
dbus module can also use IWD_MODULE and simply assume the dbus object
is ready.

plugin_init was also deferred to nl80211_appeared since some plugins
depend on modules being initialized.
2019-10-11 15:21:32 -05:00
James Prestwood
046fe96537 agent: utilize IWD_MODULE
Converts agent into an IWD module. This removes the dbus dependency
on agent. Since dbus is initialized very early we can assume
dbus_get_bus is going to return a valid object.
2019-10-11 13:52:22 -05:00
Tim Kourt
3aa336cb2a resolve: Add IPv6 handler for systemd msg appender 2019-10-10 11:54:58 -05:00
Tim Kourt
8168b22233 netconfig: Don't clear IPv6 addresses on shutdown
Unlike IPv4, the IPv6 address are removed by the kernel.
2019-10-09 17:53:26 -05:00
Tim Kourt
2d02816efd station: Subscribe to netconfig event notifier 2019-10-09 17:52:36 -05:00
Tim Kourt
c4a17ed711 netconfig: Add netconfig event notifier
The notifier allows to subscribe for the netconfig events such as
‘connected’.
2019-10-09 17:51:57 -05:00
Tim Kourt
624933fab0 station: Move 'connected' logic out of enter state func
Previously, station state 'connected' used to identify an interface associated
with AP. With the introduction of netconfig, an interface is assumed to be
connected after the IP addresses have been assigned to it. If netconfig is
disabled, the behavior remains unchanged.
2019-10-09 17:05:42 -05:00
Tim Kourt
beca75830c netconfig: Split route add/del callbacks 2019-10-09 14:18:07 -05:00
Tim Kourt
48be2c0252 station: Simplify and comply with coding style 2019-10-09 14:18:02 -05:00
James Prestwood
bea1d22a5c eap-tls-common: allow embedded PEMs in settings
Refactoring was required to allow for embedded certs. The existing
eap_tls_state object was changed to hold the cert types (l_queue,
l_certchain, l_key) rather than the file path, since there may not
actually be separate PEM files.

Care was taken to properly manage the memory of these objects.
Since the TLS object takes ownership when setting auth data or the
CA certs all error cases must be handled properly to free these
objects after they are loaded and in addition they must be set to
NULL so that the cleanup doesn't double free them.

If everything goes to plan, we load all the PEMs in settings_load,
provide these objects to the TLS APIs, and then NULL out the
pointers (TLS now owns this memory). If anything fails between
settings_load and l_tls_start we must free these objects.

A special format must be used to indicate that a PEM is embedded
inside the settings file. First, the l_settings format should be
followed for the PEM itself, e.g.

[@pem@my_ca_cert]
<CA Cert data>

This PEM can then be referenced by "embed:my_ca_cert", e.g.

EAP-TLS-CACert=embed:my_ca_cert

Any other value not starting with "embed:" will be treated as a file
path.
2019-10-07 11:39:30 -05:00
Tim Kourt
e0651cf25b netconfig: Allow to override IPv6 DHCP DNSs with static addresses 2019-10-04 12:17:20 -05:00
Tim Kourt
0fdd27463e netconfig: Allow to override IPv4 DHCP DNSs with static addresses 2019-10-04 12:17:20 -05:00
Denis Kenzior
46a88744c1 netconfig: Remove unused member 2019-10-04 12:17:20 -05:00
Marcel Holtmann
6476d68aed build: Add manual page for iwd configuration file 2019-10-03 22:36:39 +02:00
Marcel Holtmann
f9f12533fc doc: Add more detailed description for iwd daemon 2019-10-03 22:35:47 +02:00
Will Dietz
44ae6a46da station: don't reset/(re)configure/destroy NULL netconfig's
Fixes crashes when `enable_network_config` is false (default).
2019-10-03 12:34:56 -05:00
Will Dietz
6672bc2a37 station: record dependency on netconfig module
The netconfig module must be initialized (netconfig_list, for example)
before station module can be used, record this to ensure that happens.
2019-10-03 12:30:43 -05:00
Will Dietz
f74e6ff2f2 crypto: fix copy size causing overruns/crashing
num_ad is already accounted for in `sizeof(iov)`
as iov has size `sizeof(struct iovec) * (num_ad+1)`.
2019-10-03 12:25:57 -05:00
Tim Kourt
3e634bfbcc netconfig: Optimize IPv4 address deletion
Decrease the queue traversals to a single pass
2019-10-03 10:56:07 -05:00
Tim Kourt
444491490e netconfig: Remove IPv6 default route
The IPv6 default route needs to be explicitly revoked. Unlike in IPv4,
there is no SRC address associated with the route and it will not be
removed on address removal.
2019-10-03 10:56:07 -05:00
Tim Kourt
eebd44cfc0 rtnlutil: Add IPv6 route deletion helper 2019-10-03 10:56:07 -05:00
Tim Kourt
cd21d4d3e7 netconfig: Fix return type for module init 2019-10-03 10:56:07 -05:00
Tim Kourt
c4ecf96942 netconfig: Install IPv6 DNS 2019-10-02 12:13:42 -05:00
Tim Kourt
95c3df3ccf netconfig: Install IPv6 default route 2019-10-02 12:10:00 -05:00
Tim Kourt
ce5e481239 netconfig: Add IPv6 static address installation/removal
The network configuration options for IPv6 are grouped under [IPv6]
and include the following:
	ip= ADDRESS/PREFIX
	gateway=ADDRESS
	dns=ADDRESS

The placeholders for DHCPv6 are placed along the way and marked
as TODO items.
2019-10-02 12:09:00 -05:00
Tim Kourt
0a293ef538 netconfig: Request all known IPv6 addresses 2019-10-02 11:58:56 -05:00
Tim Kourt
577e638be3 netconfig: Subscribe for IPv6 address changes
The IPv6 addresses changes are maintained in ifaddr_list.
2019-10-02 11:58:07 -05:00
Tim Kourt
50a112e425 netconfig: Remove roaming logic
Previously, netconfig_ipv4_select_and_install was used to install
addresses on initial connection to a network and after we have roamed.
Now for the after roaming connection scenario we have
netconfig_reconfigure. Remove roaming related code from
netconfig_ipv4_select_and_install
2019-10-02 10:53:39 -05:00
Tim Kourt
332eec9f9d netconfig: Don't re-install IPv4 address on re-configure 2019-10-02 10:53:08 -05:00
Denis Kenzior
72a417e8a3 eap-tls-common: update to new ELL TLS APIs 2019-10-02 10:36:06 -05:00
Tim Kourt
77770b9566 netconfig: Switch to internal active network settings
As part of the de-coupling from station object, switch all of
the network settings inquiries to use active_settings. active_settings
are set with netconfig_configure by the owner of netconfig object
and removed with netconfig_reset once network disconnects.
2019-09-30 15:05:12 -05:00
Tim Kourt
d7c52b8280 station: netconfig devices based on station state 2019-09-30 14:57:21 -05:00
Tim Kourt
fb65b5f92c netconfig: Decouple from station state
Instead of relying on station state changed signal, netconfig
introduces three new API calls to configure, re-configure and
reset the network configurations. The owner of netconfig object
is responsible for initiating the re-configuration of the device
depending on its state.
2019-09-30 14:57:18 -05:00
Tim Kourt
57095eaa2c rtnlutil: Add IPv6 default route helper 2019-09-30 11:08:23 -05:00
Tim Kourt
f0b3a6cf1d rtnlutil: Add IPv6 address change helpers
Implements the IPv6 helper functions to add/delete IP addresses.
2019-09-30 11:08:01 -05:00
Tim Kourt
e3e569b75b rtnlutil: Add IPv6 address dump 2019-09-30 11:07:37 -05:00
Tim Kourt
c8eb33c2c2 rtnlutil: Add parser for IPv6 RTNL packet
At this time, we are only looking for IFA_ADDRESS attribute that
represents the IPv6 IP address.
2019-09-30 11:07:37 -05:00
Tim Kourt
d954eee0cc netconfig: Change public API
As a first step to enable the usage of netconfig in ead and
prospective transition to be a part of ell, the public API for
creation and destruction of the netconfig objects has been
renamed and changed. Instead of hiding the netconfig objects inside
of netconfig module, the object is now passed back to the caller.
The internal queue of netconfig objects remains untouched, due
to limitations in ell’s implementation of rtnl. After the proper
changes are done to ell, netconfig_list is expected to be removed
from netconfig module.
2019-09-27 16:32:05 -05:00
Tim Kourt
c8dfb6061d netconfig: Rename netconfig destructor
The old name will be repurposed for the API.
2019-09-27 16:31:56 -05:00
Denis Kenzior
3b040f5c27 main: Make rfkill an IWD_MODULE 2019-09-24 10:07:40 -05:00
Marcel Holtmann
765bb92084 build: Add skeleton manual pages for all installed binaries 2019-09-22 21:57:47 +02:00
Denis Kenzior
73f6e0b43b anqp: Use nl80211_parse_attrs 2019-09-19 23:04:06 -05:00
Denis Kenzior
91784425ec wiphy: Remove wiphy_parse_id_and_name
in favor of using nl80211_parse_attrs
2019-09-19 22:55:07 -05:00
Denis Kenzior
bf7e62fafb manager: Simplify parsing using nl80211_parse_attrs 2019-09-19 22:42:25 -05:00
Denis Kenzior
d400c7f303 manager: Simplify manager_parse_wiphy_id
using nl80211_get_attrs
2019-09-19 22:42:02 -05:00
Denis Kenzior
2772845a7b manager: Simplify manager_parse_ifindex
using nl80211_parse_attrs
2019-09-19 22:42:02 -05:00
Denis Kenzior
2dbcad3185 nl80211util: Add skeleton of nl80211_parse_attrs 2019-09-19 22:41:54 -05:00
Denis Kenzior
1fc480c007 manager: Remove stale comment
setup_timeout was removed by the previous patch, so this comment no
longer applies.
2019-09-19 21:05:57 -05:00
James Prestwood
95f1fb1663 manager: dump wiphy/iface on NEW_WIPHY
A NEW_WIPHY event may not always contain all the information about a
given phy, but GET_WIPHY will. In order to get everything we must
mimic the behavior done during initalization and dump both wiphy
and interfaces when a NEW_WIPHY comes in.

Now, any NEW_WIPHY event will initialize a wiphy, but then do a
GET_WIPHY/GET_INTERFACE to obtain all the information. Because of
this we can ignore any NEW_INTERFACE notifications since we are
dumping the interface anyways.

Once some kernel changes get merged we wont need to do this anymore
so long as the 'full' NEW_WIPHY feature is supported.
2019-09-19 20:49:41 -05:00
James Prestwood
27ae3ce14d network: validate passphrase on _set_passphrase 2019-09-18 16:48:29 -05:00
James Prestwood
42e083cf9b crypto: add crypto_passphrase_is_valid
Move this check out of crypto_psk_from_passphrase so other modules
can validate a passphrase.
2019-09-18 16:48:07 -05:00
James Prestwood
7a9891dbef wsc: store plain text passphrase if available
If the AP sent us the plain passphrase we can now store that rather
than generating the PSK. This will allow WPA3 to work properly when
WPA3 + WSC is implemented.
2019-09-18 16:47:41 -05:00
James Prestwood
2c14e73f82 network: add network_set_passphrase
This lets other modules (like WSC) to set a plain text passphrase
as opposed to only allowing a PSK to be set. network_get_psk was
also updated to generate a PSK on-the-fly if required. Since WPA3
requires the raw passphrase to work, it makes sense to just store
the passphrase if we have it.
2019-09-17 16:20:28 -05:00
James Prestwood
a8187468b5 station: optimize roam scanning
If neighbor reports are unavailable, or the report yielded no
results we can quickly scan for only known frequencies. This
changes the original behavior where we would do a full scan
in this case.
2019-09-17 11:52:55 -05:00
James Prestwood
235fd2b7e6 eap-pwd: remove old EAP-PWD-Password support
This password key was deprecated in favor of the common EAP-Password
key. Its been about a year so we are now removing support entirely
for EAP-PWD-Password.
2019-09-17 11:46:19 -05:00
James Prestwood
07e6876ef5 knownnetworks: add roam frequency getter
Gets a newly created scan_freq_set containing the most recent
frequencies for the network. The currently connected BSS frequency
(passed as a parameters) will not be included in the set.
2019-09-17 11:39:12 -05:00
James Prestwood
d9e6b2263f scan: add scan_freq_set_isempty 2019-09-17 11:28:23 -05:00
James Prestwood
09d336dbdd knownnetworks: free file_path in get_uuid 2019-09-16 15:24:49 -05:00
James Prestwood
66346712e6 knownnetworks: make frequencies/UUID forgettable
Since the UUID was being generated purely on the file path, it
would never change for a given network (unless the SSID/name changed).
In the future we would like to use this unique UUID to generate a
MAC per-SSID, and if that network is forgotten we also want the UUID
to change next time the network is connected to.

Rather than only using the file path, the mtime can also be fed into
the UUID generation. Since the mtime would be changed after forgetting
and re-adding a known network we will get a new UUID.

Now, whenever a known network is removed, we lookup the UUID we have
in network_info and remove that entry in the settings file and
sync the frequency file.
2019-09-16 13:48:48 -05:00
James Prestwood
f57b73898b knownnetwork: track/optimize UUID for known networks
The UUID was being generated every time we synced which is wasteful.
Instead we can track the UUID inside network_info and only generate
it once when needed.

Two new network_info APIs were added:
network_info_set_uuid
network_info_get_uuid

The setter is used when the frequency file is loaded. If a valid UUID
is found in the frequency file this UUID is set and used.

network_info_get_uuid will not just get the UUID, but actually generate
it if one has not been set yet. This will allow other modules to
get/generate the UUID if one has no been loaded from the frequency
file.
2019-09-16 13:39:41 -05:00
James Prestwood
96998a83c5 netdev: handle QoS Map IE/Frame
The QoS Map can come in either as a management frame or via the
Associate Response. In either case this IE simply needs to be
forwarded back to the kernel.
2019-09-13 17:29:39 -05:00
James Prestwood
74aa280b56 wiphy: set QoS bit in extended capabilities 2019-09-13 17:29:39 -05:00
James Prestwood
8d3b065022 wiphy: fix bits in extended capabilities
The extended capability bits were not being set properly inside
wiphy. Since we build the IE after the wiphy dump the first 2
bytes are the IE type and length. The way we were setting the bits
did not take this into account and were actually setting the
completely wrong bits.
2019-09-13 12:37:59 -05:00
James Prestwood
ef209c305b knownnetworks: make known frequencies its own module
The known frequency file was being loaded at the end of the known
networks initialization routine. This allowed all known networks
to be properly loaded, but since hotspot depends on known networks,
its initalization would be run afterwards meaning the frequency
loading would not have been finding any hotspot networks.

To fix this a new module was added inside known networks which
depends on hotspot. This means that first known networks will
initialize, then hotspot, then the frequency file would be loaded.
2019-09-12 12:55:30 -05:00
James Prestwood
4eaf93d26a knownnetworks: rework known frequencies
The current format for the .known_networks.freq file had a hidden
limitation of not being able to handle SSID's with some special
characters. Since the provisioning file path was used as the
group name the filename was limited to only characters supported
by l_settings groups, which conflicted with allowable SSID
characters.

Instead we can generate a unique UUID for each network and use
this as the group. For this particular case the group does not
really matter, so long as its unique. But we can utilize this unique
UUID for other purposes, including using it as a seed for changing
the MAC address per-connection in the future.

The .known_networks.freq file will now have the following format:

[<UUID>]
name=/path/to/provisioning/file
list= XXXX YYYY ZZZZ
2019-09-12 11:33:00 -05:00
James Prestwood
f5db4bfea8 network: sync frequencies per-network
The existing frequency syncing was done when IWD closes. Instead we
can sync as networks are connected to or promoted to known which
will keep the FS more up to date. This also allows hotspot networks
to use the known frequency file.
2019-09-12 11:32:50 -05:00
James Prestwood
9ed5fba57b knownnetwork: add known_network_frequency_sync
This API will sync the known frequencies of a network_info object
to disk. This will allow network to sync known frequencies as
known networks are added, rather that when IWD closes.

Since this will result in more frequent syncing that before, the
known_freqs settings pointer was moved globally in knownnetworks.c
as to only parse the file one time rather than on every sync.
2019-09-12 11:28:20 -05:00
James Prestwood
3dba205de1 hotspot: implement get_file_path op 2019-09-12 11:28:20 -05:00