[PATCH] peap: Add debug statements
by Tim Kourt
---
src/eap-peap.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/eap-peap.c b/src/eap-peap.c
index 5de6e862..ee71514a 100644
--- a/src/eap-peap.c
+++ b/src/eap-peap.c
@@ -170,6 +170,8 @@ static int eap_extensions_handle_cryptobinding_tlv(struct eap_state *eap,
uint8_t buf[61];
uint8_t imck[60];
+ l_debug();
+
if (tlv_value_len != cryptobinding_val_len)
return -EBADMSG;
@@ -405,8 +407,11 @@ static void eap_extensions_handle_request(struct eap_state *eap,
&response[EAP_EXTENSIONS_HEADER_LEN],
&result);
- if (response_len < 0)
+ if (response_len < 0) {
+ l_debug("PEAP: Failed to process TLVs %d", response_len);
+
return;
+ }
response_len += EAP_EXTENSIONS_HEADER_LEN;
--
2.13.6
1 year, 2 months
Issue with iwd 1.3 + systemd-resolved + iwd's built-in network
configuration not adding DNS servers
by caljorden@hotmail.com
Hello everyone,
I have hit an issue with iwd 1.3 on Arch Linux (also reported in arch bug tracker https://bugs.archlinux.org/task/64855) where with a minimal iwd configuration using the built-in network configuration and systemd-resolved for DNS, iwd 1.3 does not properly add the DNS servers to systemd-resolved.
I saw this first on my laptop, which I temporarily worked around by simply disabling the internal network configuration and manually running dhclient. But, once I updated Arch on my workstation, and hit the same issue, I thought I should report it. I opened the bug in Arch's bug system, not knowing (and still not entirely sure) if the issue is specific to Arch Linux or not.
I found that by reverting the commit 930528e35, and removing one call to the added function that had been added after this patch was applied, the problem went away.
I am not sure if this is some bad interaction between iwd and systemd-resolved in Arch, or some wider issue. I have hit this issue on my home network using WPA2-PSK, as well as my work network (WPA2 Enterprise), so I do not think this is related to the network type of the connection. My iwd/main.conf file looks like this:
---------------
[General]
EnableNetworkConfiguration=true
[Network]
NameResolvingService=systemd
---------------
Thank you,
Caleb Jorden
1 year, 2 months
[PATCH 1/7] iwmon: Print WSC AuthorizedMACs extended attributes
by Andrew Zaborowski
---
monitor/nlmon.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/monitor/nlmon.c b/monitor/nlmon.c
index 4c0e045f..82acb533 100644
--- a/monitor/nlmon.c
+++ b/monitor/nlmon.c
@@ -2763,9 +2763,25 @@ static void print_wsc_wfa_ext_version2(unsigned int level, const char *label,
print_attr(level, "%s: %x.%x", label, bytes[0] >> 4, bytes[0] & 0xf);
}
+static void print_wsc_wfa_ext_authorized_macs(unsigned int level,
+ const char *label,
+ const void *data, uint16_t size)
+{
+ if (size > 30 || size % 6 != 0) {
+ printf("malformed packet\n");
+ return;
+ }
+
+ for (; size; size -= 6, data += 6)
+ print_attr(level, "%s: %s", label, util_address_to_string(data));
+}
+
static struct attr_entry wsc_wfa_ext_attr_entry[] = {
{ WSC_WFA_EXTENSION_VERSION2, "Version2",
ATTR_CUSTOM, { .function = print_wsc_wfa_ext_version2 } },
+ { WSC_WFA_EXTENSION_AUTHORIZED_MACS, "Authorized MAC",
+ ATTR_CUSTOM,
+ { .function = print_wsc_wfa_ext_authorized_macs } },
{ WSC_WFA_EXTENSION_NETWORK_KEY_SHAREABLE,
"Network Key Shareable",
ATTR_CUSTOM, { .function = print_wsc_bool } },
--
2.20.1
1 year, 2 months
[PATCH] rrm: fix bad sign for calculating RCPI
by James Prestwood
The first if case should be -10950, not 10950. Without the negative
this first case would get hit every time since signal strength values
are always negative.
---
src/rrm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/rrm.c b/src/rrm.c
index a8b265d6..a117dce3 100644
--- a/src/rrm.c
+++ b/src/rrm.c
@@ -243,7 +243,7 @@ static void rrm_build_measurement_report(struct rrm_request_info *info,
/* 802.11 Table 9-154 */
static uint8_t mdb_to_rcpi(int32_t mdb)
{
- if (mdb <= 10950)
+ if (mdb <= -10950)
return 0;
else if (mdb >= -10950 && mdb < 0)
return (2 * (mdb + 11000)) / 100;
--
2.17.1
1 year, 2 months
[PATCH v2 1/2] peap: Extend EAP Extensions to handle multiple TLVs
by Tim Kourt
The handler for EAP Extensions has been modified to support multiple
TLV types instead of the single Result TLV. This will allow to handle
the other TLVs such as Crypto-Binding TLV.
---
src/eap-peap.c | 125 ++++++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 88 insertions(+), 37 deletions(-)
diff --git a/src/eap-peap.c b/src/eap-peap.c
index ed18c667..8059e60b 100644
--- a/src/eap-peap.c
+++ b/src/eap-peap.c
@@ -111,6 +111,7 @@ static void eap_peap_phase2_complete(enum eap_result result, void *user_data)
*/
#define EAP_EXTENSIONS_HEADER_LEN 5
#define EAP_EXTENSIONS_TLV_HEADER_LEN 4
+#define EAP_EXTENSIONS_TLV_M_BIT_MASK 0x8000
enum eap_extensions_tlv_type {
/* Reserved = 0x0000, */
@@ -127,39 +128,24 @@ enum eap_extensions_result {
static int eap_extensions_handle_result_tlv(struct eap_state *eap,
const uint8_t *data,
size_t data_len,
- uint8_t *response)
+ uint8_t *response,
+ uint8_t *result)
{
+ static const uint8_t result_tlv_len = 2;
struct peap_state *peap_state;
- uint16_t type;
- uint16_t len;
- uint16_t result;
- if (data_len < EAP_EXTENSIONS_TLV_HEADER_LEN + 2)
- return -ENOENT;
-
- type = l_get_be16(data);
-
- if (type != EAP_EXTENSIONS_TLV_TYPE_RESULT)
- return -ENOENT;
-
- data += 2;
-
- len = l_get_be16(data);
-
- if (len != 2)
- return -ENOENT;
-
- data += 2;
+ if (data_len != result_tlv_len)
+ return -EBADMSG;
- result = l_get_be16(data);
+ *result = l_get_be16(data);
- l_debug("result: %d", result);
+ l_debug("result: %d", *result);
- switch (result) {
+ switch (*result) {
case EAP_EXTENSIONS_RESULT_SUCCCESS:
peap_state = eap_tls_common_get_variant_data(eap);
- result = eap_method_is_success(peap_state->phase2) ?
+ *result = eap_method_is_success(peap_state->phase2) ?
EAP_EXTENSIONS_RESULT_SUCCCESS :
EAP_EXTENSIONS_RESULT_FAILURE;
/* fall through */
@@ -169,13 +155,68 @@ static int eap_extensions_handle_result_tlv(struct eap_state *eap,
return -ENOENT;
}
- l_put_be16(EAP_EXTENSIONS_TLV_TYPE_RESULT,
- &response[EAP_EXTENSIONS_HEADER_LEN]);
- l_put_be16(2, &response[EAP_EXTENSIONS_HEADER_LEN + 2]);
- l_put_be16(result, &response[EAP_EXTENSIONS_HEADER_LEN +
- EAP_EXTENSIONS_TLV_HEADER_LEN]);
+ /* Build response Result TLV */
+
+ l_put_be16(EAP_EXTENSIONS_TLV_TYPE_RESULT, response);
+ response += 2;
+
+ l_put_be16(result_tlv_len, response);
+ response += 2;
+
+ l_put_be16(*result, response);
+
+ return EAP_EXTENSIONS_TLV_HEADER_LEN + result_tlv_len;
+}
+
+static int eap_extensions_process_tlvs(struct eap_state *eap,
+ const uint8_t *data,
+ size_t data_len,
+ uint8_t *response,
+ uint8_t *result)
+{
+ int response_len = 0;
+ uint16_t tlv_type;
+ uint16_t tlv_value_len;
+
+ while (data_len >= EAP_EXTENSIONS_TLV_HEADER_LEN) {
+ int response_tlv_len = 0;
+
+ tlv_type = l_get_be16(data);
+ data += 2;
+
+ tlv_value_len = l_get_be16(data);
+ data += 2;
+
+ data_len -= EAP_EXTENSIONS_TLV_HEADER_LEN;
+
+ if (data_len < tlv_value_len)
+ return -EBADMSG;
+
+ switch (tlv_type) {
+ case EAP_EXTENSIONS_TLV_TYPE_RESULT:
+ response_tlv_len = eap_extensions_handle_result_tlv(eap,
+ data, tlv_value_len, response,
+ result);
+
+ break;
+ default:
+ if (tlv_type & EAP_EXTENSIONS_TLV_M_BIT_MASK)
+ return -ENOENT;
+
+ break;
+ }
+
+ if (response_tlv_len < 0)
+ return response_tlv_len;
+
+ response += response_tlv_len;
+ response_len += response_tlv_len;
+
+ data += tlv_value_len;
+ data_len -= tlv_value_len;
+ }
- return result;
+ return response_len;
}
static void eap_extensions_handle_request(struct eap_state *eap,
@@ -184,24 +225,34 @@ static void eap_extensions_handle_request(struct eap_state *eap,
size_t len)
{
struct peap_state *peap_state;
- uint8_t response[EAP_EXTENSIONS_HEADER_LEN +
- EAP_EXTENSIONS_TLV_HEADER_LEN + 2];
- int r = eap_extensions_handle_result_tlv(eap, pkt, len, response);
+ uint8_t result = EAP_EXTENSIONS_RESULT_FAILURE;
+ /*
+ * The buffer size is chosen to satisfy the needs of the two supported
+ * TLVs.
+ */
+ uint8_t response[256];
+ int response_len;
- if (r < 0)
+ response_len = eap_extensions_process_tlvs(eap, pkt, len,
+ &response[EAP_EXTENSIONS_HEADER_LEN],
+ &result);
+
+ if (response_len < 0)
return;
+ response_len += EAP_EXTENSIONS_HEADER_LEN;
+
response[0] = EAP_CODE_RESPONSE;
response[1] = id;
- l_put_be16(sizeof(response), &response[2]);
+ l_put_be16(response_len, &response[2]);
response[4] = EAP_TYPE_EXTENSIONS;
- eap_peap_phase2_send_response(response, sizeof(response), eap);
+ eap_peap_phase2_send_response(response, response_len, eap);
eap_discard_success_and_failure(eap, false);
eap_tls_common_set_completed(eap);
- if (r != EAP_EXTENSIONS_RESULT_SUCCCESS) {
+ if (result != EAP_EXTENSIONS_RESULT_SUCCCESS) {
eap_tls_common_set_phase2_failed(eap);
eap_tls_common_tunnel_close(eap);
--
2.13.6
1 year, 2 months
[PATCH v3 1/2] netconfig: Add IPv4 domain name helper and installer
by Tim Kourt
The provided domain name helper allows to override the DHCP lease
option value with the static one from network configuration file.
---
src/netconfig.c | 34 +++++++++++++++++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)
diff --git a/src/netconfig.c b/src/netconfig.c
index c7e9f934..8d493496 100644
--- a/src/netconfig.c
+++ b/src/netconfig.c
@@ -278,6 +278,28 @@ static char **netconfig_ipv4_get_dns(struct netconfig *netconfig, uint8_t proto)
return NULL;
}
+static char *netconfig_ipv4_get_domain_name(struct netconfig *netconfig,
+ uint8_t proto)
+{
+ const struct l_dhcp_lease *lease;
+ char *domain_name;
+
+ domain_name = l_settings_get_string(netconfig->active_settings,
+ "IPv4", "DomainName");
+ if (domain_name)
+ /* Allow to override the DHCP domain name with setting entry. */
+ return domain_name;
+
+ if (proto != RTPROT_DHCP)
+ return NULL;
+
+ lease = l_dhcp_client_get_lease(netconfig->dhcp_client);
+ if (!lease)
+ return NULL;
+
+ return l_dhcp_lease_get_domain_name(lease);
+}
+
static struct netconfig_ifaddr *netconfig_ipv6_get_ifaddr(
struct netconfig *netconfig,
uint8_t proto)
@@ -727,6 +749,7 @@ static void netconfig_ipv4_ifaddr_add_cmd_cb(int error, uint16_t type,
struct netconfig *netconfig = user_data;
struct netconfig_ifaddr *ifaddr;
char **dns;
+ char *domain_name;
if (error && error != -EEXIST) {
l_error("netconfig: Failed to add IP address. "
@@ -751,12 +774,21 @@ static void netconfig_ipv4_ifaddr_add_cmd_cb(int error, uint16_t type,
dns = netconfig_ipv4_get_dns(netconfig, netconfig->rtm_protocol);
if (!dns) {
l_error("netconfig: Failed to obtain DNS addresses.");
- goto done;
+ goto domain_name;
}
resolve_add_dns(netconfig->ifindex, ifaddr->family, dns);
l_strv_free(dns);
+domain_name:
+ domain_name = netconfig_ipv4_get_domain_name(netconfig,
+ netconfig->rtm_protocol);
+ if (!domain_name)
+ goto done;
+
+ resolve_add_domain_name(netconfig->ifindex, domain_name);
+ l_free(domain_name);
+
done:
netconfig_ifaddr_destroy(ifaddr);
}
--
2.13.6
1 year, 2 months
[PATCH] eap-gtc: Try to auth even if request not Password
by xdavidwu
There are some server implementations that send requests that are
not "Password" but still want us send password. This commit modify
the behavior to send a warning and still try to auth with password.
This makes me able to auth with server in my school which sends
"Enter Aruba Login".
wpa_supplicant does not check if it is "Password".
---
src/eap-gtc.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/src/eap-gtc.c b/src/eap-gtc.c
index 9302257e..7788d44c 100644
--- a/src/eap-gtc.c
+++ b/src/eap-gtc.c
@@ -56,11 +56,9 @@ static void eap_gtc_handle_request(struct eap_state *eap,
size_t secret_len = strlen(gtc->password);
uint8_t response[5 + secret_len];
- if (len < 8)
- goto error;
-
- if (strncmp((const char *)pkt, "Password", 8))
- goto error;
+ if (len < 8 || strncmp((const char *)pkt, "Password", 8))
+ l_warn("GTC request not understood, proceeding anyway: %.*s",
+ (int) len, (const char *) pkt);
memcpy(response + 5, gtc->password, secret_len);
@@ -69,10 +67,6 @@ static void eap_gtc_handle_request(struct eap_state *eap,
eap_method_success(eap);
return;
-
-error:
- l_error("invalid GTC request");
- eap_method_error(eap);
}
static int eap_gtc_check_settings(struct l_settings *settings,
--
2.24.1
1 year, 2 months
[PATCH 1/4] net: Add l_net_hostname_is_root
by Tim Kourt
The function identifies if the given hostname is root domain name.
---
ell/net.c | 23 +++++++++++++++++++++++
ell/net.h | 1 +
2 files changed, 24 insertions(+)
diff --git a/ell/net.c b/ell/net.c
index b5b5f9d..3b6e0dc 100644
--- a/ell/net.c
+++ b/ell/net.c
@@ -110,3 +110,26 @@ LIB_EXPORT char *l_net_get_name(uint32_t ifindex)
return l_strdup(ifr.ifr_name);
}
+
+/**
+ * l_net_hostname_is_root:
+ * @hostname: Hostname to validate
+ *
+ * Identifies if the hostname given by @hostname is root domain name or
+ * not.
+ *
+ * Returns: #true if the given hostname is root and #false otherwise.
+ **/
+LIB_EXPORT bool l_net_hostname_is_root(const char *hostname)
+{
+ if (unlikely(!hostname))
+ return false;
+
+ if (!strcmp(hostname, ""))
+ return true;
+
+ if (!strcmp(hostname, "."))
+ return true;
+
+ return false;
+}
diff --git a/ell/net.h b/ell/net.h
index 25b1ca2..7afcf86 100644
--- a/ell/net.h
+++ b/ell/net.h
@@ -32,6 +32,7 @@ extern "C" {
bool l_net_get_mac_address(uint32_t ifindex, uint8_t *out_addr);
char *l_net_get_name(uint32_t ifindex);
+bool l_net_hostname_is_root(const char *hostname);
#ifdef __cplusplus
}
--
2.13.6
1 year, 2 months