3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-12 15:09:23 +01:00
Commit Graph

106 Commits

Author SHA1 Message Date
Andrew Zaborowski
fd934aa39e ap: Don't use L_AUTO_FREE_VAR with l_settings
L_AUTO_FREE_VAR only causes l_free to be called on the variable that is
freed and may leak the rest of the l_settings object's memory.
2021-02-26 10:59:22 -06:00
Andrew Zaborowski
e8ad4f10b0 ap: Drop an outdated TODO comment 2021-02-18 14:00:30 -06:00
Denis Kenzior
6ad50ac49b ap: Make sure strerror argument is positive 2021-02-08 15:05:54 -06:00
James Prestwood
f046bed225 ap: massage code to make static analysis happy
There is no functional change here but checking the return
value makes static analysis much happier. Checking the
return and setting the default inside the if clause is also
consistent with how IWD does it many other places.
2021-02-08 14:24:06 -06:00
James Prestwood
0ae3e1c59d ap: free passphrase on error 2021-02-08 14:23:54 -06:00
James Prestwood
676ee1e4d2 ap: tie diagnostic interface to AP Start/Stop
The diagnostic interface serves no purpose until the AP has
been started. Any calls on it will return an error so instead
it makes more sense to bring it up when the AP is started, and
down when the AP is stopped.
2021-02-02 15:54:56 -06:00
James Prestwood
ec15ef1d34 ap: add Name property
Its useful being able to refer to the network Name/SSID once
an AP is started. For example opening an iwctl session with an
already started AP provides no way of obtaining the SSID.
2021-02-02 15:53:25 -06:00
Andrew Zaborowski
074bc52717 eapol,ap: Remove assumption of single cipher in authenticator IE
Allow the user of the eapol_sm & handshake_state APIs to have multiple
pairwise ciphers listed in the authenticator IE.
2021-02-01 10:06:21 -06:00
Andrew Zaborowski
436c5a45e4 ap: Set the group cipher when sending START_AP
Seems this was overlooked because an initial version of ap.c didn't have
group traffic support.
2021-02-01 10:05:55 -06:00
Andrew Zaborowski
065f19b479 ap: Fix cleanup on ap_parse_new_station_ies errors 2021-01-29 20:06:18 -06:00
James Prestwood
9f33740d41 ap: fix off by one error
The RSN element was not being allocated properly which caused
an invalid read in some cases.
2021-01-29 15:04:10 -06:00
James Prestwood
aefcaf8559 ap: handle GET_KEY error setting RSC to zero
Rather than the previous hack which disabled group traffic it
was found that the GTK RSC could be manually set to zero which
allows group traffic. This appears to fix AP mode on brcmfmac
along with the previous fixes. This is not documented in
nl80211, but appears to work with this driver.
2021-01-29 13:15:36 -06:00
James Prestwood
4635e095ba ap: rename ap_parse_ie to be more descriptive
This is only used for NEW_STATION parsing so name appropriately
2021-01-29 13:15:24 -06:00
James Prestwood
32028f6daf ap: add DEL_STATION path to fullmac AP handling
This is how a fullmac card tells userspace that a station has
left. This fixes the issue where the same client cannot re-connect
to the same AP multiple times. ap_new_station was renamed to
ap_handle_new_station for consistency.
2021-01-29 11:36:09 -06:00
James Prestwood
7429b2162d ap: allow no group traffic on GET_KEY error
Some fullmac cards were found to be buggy with getting the GTK
where it returns a BIP key for the GTK index, even after creating
a GTK with NEW_KEY explicitly. In an effort to get these cards
semi-working we can treat this just as a warning and continue with
the handshake without a GTK set which disables group traffic. A
warning is printed in this case so the user is not completely in
the dark.
2021-01-28 13:41:43 -06:00
James Prestwood
63c8df78a3 ap: handle NEW_STATION for fullmac cards
Since fullmac cards handle auth/assoc in firmware IWD must
react differently while in AP mode just as it does in station.
For fullmac cards a NEW_STATION event is emitted post association
and from here the 4-way handshake can begin. In this NEW_STATION
handler a new sta_state is created and the needed members are
set in order to inject us back into the normal code execution
for softmac post association (i.e. creating group keys and
starting the 4-way handshake). From here everything works the
same as softmac.
2021-01-28 13:25:18 -06:00
James Prestwood
9c33572aee ap: add AP diagnostic interface
This adds a new AccessPointDiagnostic interface. This interface
provides similar low level functionality as StationDiagnostic, but
for when IWD is in AP mode. This uses netdev_get_all_stations
which will dump all stations, parse, and return each station in
an individual callback. Once the dump is complete the destroy is
called and all data is packaged as an array of dictionaries.
2021-01-22 15:00:48 -06:00
Jonathan Liu
5e9f1a6806 ap: Fix handshake state gtk not being set
handshake_state_set_authenticator_ie must be called to set group_cipher
in struct handshake_shake before handshake_set_gtk_state, otherwise
handshake_set_gtk_state is unable to determine the key length to set
handshake state gtk.

Fixes: 4bc20a0979 ("ap: Start EAP-WSC authentication with WSC enrollees")
2020-11-16 13:35:51 -06:00
James Prestwood
acb31477c1 ap: make APRanges optional
If EnableNetworkConfiguration was enabled ap.c required that
APRanges also be set. This prevents IWD from starting which
effects a perfectly valid station configuration. Instead if
APRanges is not provided IWD still allows ap_init to pass but
DHCP just will not be enabled.
2020-11-03 13:58:23 -06:00
James Prestwood
5420fdaf01 ap: fixup incorrect return
If an RTNL address change fails -EIO should be returned, not
false (aka "success").
2020-11-02 14:23:53 -06:00
James Prestwood
e1b3e73c2b ap: allow DHCP settings in provisioning files
Users can now supply an AP provisioning file containing an [IPv4]
section and define various DHCP settings:

[IPv4]
Address=<address>
Netmask=<netmask>
Gateway=<gateway>
IPRange=<start_address>,<end_address>
DNSList=<dns1>,<dns2>,...<dnsN>
LeaseTime=<lease_time>

There are a few notes/requirements to keep in mind when using a
provisioning file:

 - All settings are optional but [IPv4].Address is required if the
   interface does not already have an address set.
 - If no [IPv4].Address is defined in the provisioning file and the AP
   interface does not already have an address set, StartWithConfig()
   will fail with -EINVAL.
 - If a provisioning file is provided it will take precedence, and the
   AP will not pull from the IP pool.
 - A provisioning file containing an IPv4 section assumes DHCP is being
   enabled and will override [General].EnableNetworkConfiguration.
 - Any address that AP sets on the interface will be deleted when the AP
   is stopped.
2020-11-02 13:47:24 -06:00
James Prestwood
5153b88cbe ap: add StartProfile DBus method
Users can now start an AP from settings based on a profile
on disk. The only argument is the SSID which will be used to
lookup the profile. If no profile is found a NotFound error
will be returned. Any invalid profiles will result in an
Invalid return.
2020-11-02 13:39:25 -06:00
James Prestwood
18d1c752f4 ap: add support for DHCPv4 server
The DHCP server can be enabled by enabling network configuration
with [General].EnableNetworkConfiguration. If an IP is not set
on the interface before the AP is started a valid IP range must
also be provided under [General].APRanges in IP prefix format e.g.

[General]
EnableNetworkConfiguration=true
APRanges=192.168.1.1/24

Each AP started will get assigned a new subnet within the range
specified by APRanges as to not conflict with other AP interfaces.
If there are no subnets left in the pool when an AP is started
it will fail with -EEXIST. Any AP's that are stopped will release
their subnet back into the pool to be used with other APs.

The DHCP IP pool will be automatically chosen by the ELL DHCP
implementation (+1 the AP's IP to *.254). The remaining DHCP
settings will be defaults chosen by ELL (DNS, lease time, etc).
2020-10-27 16:19:47 -05:00
James Prestwood
b7e2a98628 ap: add error out param to ap_start
This allows the caller to extract a bit more information about what
exactly went wrong.
2020-10-26 14:30:34 -05:00
Andrew Zaborowski
c51e187462 ap: Use frame-xchg when sending frames
Convert ap_send_mgmt_frame() to use frame_xchg_start for sending frames,
this fixes among other things the ACK-received checks.

One side effect is that we're no longer sending Probe Responses with the
don't-wait-for-ack flag because frame-xchg doesn't support it, but other
AP implementations don't use that flag either.

Another side-effect is that we do use the no-cck-rate flag
unconditionally, something we may want to fix but would need to add
another parameter to frame-xchg.
2020-09-21 22:13:38 -05:00
Andrew Zaborowski
185b676f31 ap: Rename wpa2_psk to wpa2_passphrase on DBus
Use the passphrase naming instead of PSK.
2020-09-16 17:25:44 -05:00
Andrew Zaborowski
fbe7e0bd36 ap: Support working without passphrase
Add a "psk" setting to allow the user to pass the binary PSK directly
instead of generating it from the passphrase and the SSID.  In that case
we'll only send the PSK to WSC enrollees.
2020-09-16 17:25:44 -05:00
Andrew Zaborowski
1f68696578 ap: Pass "ops" struct to ap_start()
Pass the event callback function pointer in a "struct ap_ops" instead of
as individual ap_start() argument to make adding new callbacks easier.
2020-09-16 17:25:34 -05:00
Andrew Zaborowski
8e9a2fe05d treewide: Use l_settings_{set,get}_bytes 2020-09-16 16:46:02 -05:00
Andrew Zaborowski
fbb0776716 ap: Fix setting the basic rate in Supported Rates IE 2020-09-14 11:39:25 -05:00
Andrew Zaborowski
1eb2735239 ap: Fix NULL ap->rates
Make sure ap->rates is non-NULL both with and without no_cck_rates.
2020-09-14 11:39:20 -05:00
Fabrice Fontaine
0a6de7932a ap: fix build with uclibc
explicit_bzero is used in src/ap.c since commit
d55e00b31d but src/missing.h is not
included, as a result build with uclibc fails on:

/srv/storage/autobuild/run/instance-1/output-1/host/lib/gcc/xtensa-buildroot-linux-uclibc/9.3.0/../../../../xtensa-buildroot-linux-uclibc/bin/ld: src/ap.o: in function `ap_probe_req_cb':
ap.c:(.text+0x23d8): undefined reference to `explicit_bzero'

Fixes:
 - http://autobuild.buildroot.org/results/c7a0096a269bfc52bd8e23d453d36d5bfb61441d
2020-09-11 13:42:58 -05:00
Andrew Zaborowski
c7b072ff21 ap: Accept P2P wildcard SSIDs in probe requests
Add the special case "DIRECT-" SSID, called the P2P Wildcard SSID, in
ap_probe_req_cb so as not to reject those Probe Requests on the basis of
ssid mismatch.  I'd have preferred to keep all the P2P-specific bits in
p2p.c but in this case there's little point in adding a generic
config setting for SSID-matching quirks.
2020-09-09 14:52:44 -05:00
Andrew Zaborowski
4bc20a0979 ap: Start EAP-WSC authentication with WSC enrollees
After association and sending the SET_STATION commands, set up the
handshake_state and eapol_sm for EAP-WSC and start the handshake.
2020-08-28 10:50:59 -05:00
Andrew Zaborowski
7a7c580ffc ap: Parse WSC PBC association request and build response
Check the conditions for PBC enrollee registration when we receive the
Association Request with WSC IE and indicate to the enrollee whether we
accept the association using a WSC IE in the Association Response.
After this, a NULL sta->assoc_rsne indicates that the station is not
establishing the RSNA and is a WSC enrollee.
2020-08-28 10:49:16 -05:00
Andrew Zaborowski
99112c9317 ap: WSC Probe Request processing logic
Implement the caching of WSC probe requests -- when an Enrollee later
associates to start registration we need to have its Probe Request on
file.  Also use this cache for PBC "Session Overlap" detection.
2020-08-28 10:35:58 -05:00
Andrew Zaborowski
43c101ab14 ap: Push Button mode API and beacon changes
This adds the API for putting the AP in Push Button mode, which we'll
need to P2P GO side but may be useful on its own too.  A WSC IE is added
to our beacons and probe responses indicating whether the PBC mode is
active.
2020-08-28 10:32:58 -05:00
Andrew Zaborowski
1f89311798 ap: Stop ongoing handshake on reassociation
On a new association or re-association, in addition to forgetting a
complete RSN Association, also stop the EAPoL SM to stop any ongoing
handshake.

Do this in a new function ap_stop_handshake that is now used in a few
places that had copies of the same few lines.  I'll be adding some more
lines to this function for WSC support.
2020-08-28 10:32:01 -05:00
Andrew Zaborowski
1449b8fbc4 ap: Fix incoming Probe Request BSSID check
Setting 'match' false wouldn't do anything because it was already false.
If the frame is addressed to some other non-broadcast address ignore it
directly and exit ap_probe_req_cb.
2020-08-27 14:04:02 -05:00
Andrew Zaborowski
137309c998 ap: Drop unused variable 2020-08-27 14:02:03 -05:00
Andrew Zaborowski
d55e00b31d ap: Move AP parameters to a struct
To limit the number of ap_start parameters, group basic AP config
parameters in the ap_config struct that is passed as a pointer and owned
by the ap_state.
2020-08-27 14:00:28 -05:00
Denis Kenzior
ac5ddda56f treewide: Add missing netdev module dependencies 2020-08-20 11:49:01 -05:00
Andrew Zaborowski
1f910f84b4 eapol: Use eapol_start in authenticator mode too
On the supplicant side eapol_register would only register the eapol_sm
on a given netdev to start receiving frames and an eapol_start call is
required for the state machine to start executing.  On the authenticator
side we shouldn't have the "early frame" problem but there's no reason
for the semantics of the two methods to be different.  Somehow we were
doing everything in eapol_register and not using eapol_start if
hs->authenticator was true, so bring this in line with the supplicant
side and require eapol_start to be called also from ap.c.
2020-08-17 09:25:50 -05:00
Andrew Zaborowski
59ce53ceb2 ap: Add authorized_macs parameter 2020-08-04 10:41:45 -05:00
Andrew Zaborowski
887f679023 ap: Add a no_cck_rates flag 2020-08-04 10:41:45 -05:00
Andrew Zaborowski
30933423fd ap: Put a public api between AP logic and DBus code
Separate AP logic from DBus code, add a public API to make the AP
logic reusable from other files.
2020-08-04 10:41:42 -05:00
Andrew Zaborowski
dd2677402a ap: React to NL80211_CMD_STOP_AP events
These events will tell use when our AP gets stopped without our request,
for example due to suspend/resume.
2020-02-17 12:27:54 -06:00
Andrew Zaborowski
4a61620a9b ap: Switch to new frame watch API 2020-01-13 11:49:08 -06:00
Andrew Zaborowski
3ffb645f22 device: Make functions static, drop device.h 2019-11-20 20:26:55 -06:00
Marcel Holtmann
ab5742bb32 module: Move declarations into separate header file 2019-11-07 23:40:13 +01:00