December 2019 - iwd - Ml01.01.Org

by Tim Kourt

--- src/eap-peap.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/eap-peap.c b/src/eap-peap.c index 5de6e862..ee71514a 100644 --- a/src/eap-peap.c +++ b/src/eap-peap.c @@ -170,6 +170,8 @@ static int eap_extensions_handle_cryptobinding_tlv(struct eap_state *eap, uint8_t buf[61]; uint8_t imck[60]; + l_debug(); + if (tlv_value_len != cryptobinding_val_len) return -EBADMSG; @@ -405,8 +407,11 @@ static void eap_extensions_handle_request(struct eap_state *eap, &response[EAP_EXTENSIONS_HEADER_LEN], &result); - if (response_len < 0) + if (response_len < 0) { + l_debug("PEAP: Failed to process TLVs %d", response_len); + return; + } response_len += EAP_EXTENSIONS_HEADER_LEN; -- 2.13.6

1 year, 2 months

2
1
0 / 0

Issue with iwd 1.3 + systemd-resolved + iwd's built-in network configuration not adding DNS servers

by caljorden＠hotmail.com

Hello everyone, I have hit an issue with iwd 1.3 on Arch Linux (also reported in arch bug tracker https://bugs.archlinux.org/task/64855) where with a minimal iwd configuration using the built-in network configuration and systemd-resolved for DNS, iwd 1.3 does not properly add the DNS servers to systemd-resolved. I saw this first on my laptop, which I temporarily worked around by simply disabling the internal network configuration and manually running dhclient. But, once I updated Arch on my workstation, and hit the same issue, I thought I should report it. I opened the bug in Arch's bug system, not knowing (and still not entirely sure) if the issue is specific to Arch Linux or not. I found that by reverting the commit 930528e35, and removing one call to the added function that had been added after this patch was applied, the problem went away. I am not sure if this is some bad interaction between iwd and systemd-resolved in Arch, or some wider issue. I have hit this issue on my home network using WPA2-PSK, as well as my work network (WPA2 Enterprise), so I do not think this is related to the network type of the connection. My iwd/main.conf file looks like this: --------------- [General] EnableNetworkConfiguration=true [Network] NameResolvingService=systemd --------------- Thank you, Caleb Jorden

1 year, 2 months

3
6
0 / 0

[PATCH 1/7] iwmon: Print WSC AuthorizedMACs extended attributes

by Andrew Zaborowski

--- monitor/nlmon.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/monitor/nlmon.c b/monitor/nlmon.c index 4c0e045f..82acb533 100644 --- a/monitor/nlmon.c +++ b/monitor/nlmon.c @@ -2763,9 +2763,25 @@ static void print_wsc_wfa_ext_version2(unsigned int level, const char *label, print_attr(level, "%s: %x.%x", label, bytes[0] >> 4, bytes[0] & 0xf); } +static void print_wsc_wfa_ext_authorized_macs(unsigned int level, + const char *label, + const void *data, uint16_t size) +{ + if (size > 30 || size % 6 != 0) { + printf("malformed packet\n"); + return; + } + + for (; size; size -= 6, data += 6) + print_attr(level, "%s: %s", label, util_address_to_string(data)); +} + static struct attr_entry wsc_wfa_ext_attr_entry[] = { { WSC_WFA_EXTENSION_VERSION2, "Version2", ATTR_CUSTOM, { .function = print_wsc_wfa_ext_version2 } }, + { WSC_WFA_EXTENSION_AUTHORIZED_MACS, "Authorized MAC", + ATTR_CUSTOM, + { .function = print_wsc_wfa_ext_authorized_macs } }, { WSC_WFA_EXTENSION_NETWORK_KEY_SHAREABLE, "Network Key Shareable", ATTR_CUSTOM, { .function = print_wsc_bool } }, -- 2.20.1

1 year, 2 months

2
12
0 / 0

EAP-Method=PEAP and tls_reset_handshake/authentication timeout results in core-dumped

by Simon Brand

Hello, I use a config with EAP-Method=PEAP and EAP-PEAP-Phase2-Method=MSCHAPV2, which results in (random?) core-dump. [0] This happens after authentication timeout or tls_reset_handshake. [1] My system is an uptodate arch linux machine with iwd 1.2-1, Linux 5.4.2-arch1-1, glibc 2.30-3. If you need more information I am happy to provide it. There is no problem with PreSharedKey Wifis. Thank you for your time and this great tool. [0] http://sprunge.us/5Ez0pP [1] http://sprunge.us/c13AYe

1 year, 2 months

2
7
0 / 0

Suggestion: make iwctl follow the XDG Base Directory Specification

by hoe.dom＠gmx.de

Hi. Currently iwctl writes its history to a file named .iwctl_history in the users home directory. The XDG Base Directory Specification tries to standardize these kind of things (see https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html for details). The bottom line would probably be to: * check XDG_DATA_HOME (with fall back to .local/share/) and save the history in an iwd subfolder of that directory * potentially read (and migrate?) .iwctl_history from the home directory for compatibility purposes Thanks for iwd by the way. Its a huge improvement over the wpa_supplicant world!

1 year, 2 months

3
4
0 / 0

[PATCH] rrm: fix bad sign for calculating RCPI

by James Prestwood

The first if case should be -10950, not 10950. Without the negative this first case would get hit every time since signal strength values are always negative. --- src/rrm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rrm.c b/src/rrm.c index a8b265d6..a117dce3 100644 --- a/src/rrm.c +++ b/src/rrm.c @@ -243,7 +243,7 @@ static void rrm_build_measurement_report(struct rrm_request_info *info, /* 802.11 Table 9-154 */ static uint8_t mdb_to_rcpi(int32_t mdb) { - if (mdb <= 10950) + if (mdb <= -10950) return 0; else if (mdb >= -10950 && mdb < 0) return (2 * (mdb + 11000)) / 100; -- 2.17.1

1 year, 2 months

2
1
0 / 0

[PATCH v2 1/2] peap: Extend EAP Extensions to handle multiple TLVs

by Tim Kourt

The handler for EAP Extensions has been modified to support multiple TLV types instead of the single Result TLV. This will allow to handle the other TLVs such as Crypto-Binding TLV. --- src/eap-peap.c | 125 ++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 88 insertions(+), 37 deletions(-) diff --git a/src/eap-peap.c b/src/eap-peap.c index ed18c667..8059e60b 100644 --- a/src/eap-peap.c +++ b/src/eap-peap.c @@ -111,6 +111,7 @@ static void eap_peap_phase2_complete(enum eap_result result, void *user_data) */ #define EAP_EXTENSIONS_HEADER_LEN 5 #define EAP_EXTENSIONS_TLV_HEADER_LEN 4 +#define EAP_EXTENSIONS_TLV_M_BIT_MASK 0x8000 enum eap_extensions_tlv_type { /* Reserved = 0x0000, */ @@ -127,39 +128,24 @@ enum eap_extensions_result { static int eap_extensions_handle_result_tlv(struct eap_state *eap, const uint8_t *data, size_t data_len, - uint8_t *response) + uint8_t *response, + uint8_t *result) { + static const uint8_t result_tlv_len = 2; struct peap_state *peap_state; - uint16_t type; - uint16_t len; - uint16_t result; - if (data_len < EAP_EXTENSIONS_TLV_HEADER_LEN + 2) - return -ENOENT; - - type = l_get_be16(data); - - if (type != EAP_EXTENSIONS_TLV_TYPE_RESULT) - return -ENOENT; - - data += 2; - - len = l_get_be16(data); - - if (len != 2) - return -ENOENT; - - data += 2; + if (data_len != result_tlv_len) + return -EBADMSG; - result = l_get_be16(data); + *result = l_get_be16(data); - l_debug("result: %d", result); + l_debug("result: %d", *result); - switch (result) { + switch (*result) { case EAP_EXTENSIONS_RESULT_SUCCCESS: peap_state = eap_tls_common_get_variant_data(eap); - result = eap_method_is_success(peap_state->phase2) ? + *result = eap_method_is_success(peap_state->phase2) ? EAP_EXTENSIONS_RESULT_SUCCCESS : EAP_EXTENSIONS_RESULT_FAILURE; /* fall through */ @@ -169,13 +155,68 @@ static int eap_extensions_handle_result_tlv(struct eap_state *eap, return -ENOENT; } - l_put_be16(EAP_EXTENSIONS_TLV_TYPE_RESULT, - &response[EAP_EXTENSIONS_HEADER_LEN]); - l_put_be16(2, &response[EAP_EXTENSIONS_HEADER_LEN + 2]); - l_put_be16(result, &response[EAP_EXTENSIONS_HEADER_LEN + - EAP_EXTENSIONS_TLV_HEADER_LEN]); + /* Build response Result TLV */ + + l_put_be16(EAP_EXTENSIONS_TLV_TYPE_RESULT, response); + response += 2; + + l_put_be16(result_tlv_len, response); + response += 2; + + l_put_be16(*result, response); + + return EAP_EXTENSIONS_TLV_HEADER_LEN + result_tlv_len; +} + +static int eap_extensions_process_tlvs(struct eap_state *eap, + const uint8_t *data, + size_t data_len, + uint8_t *response, + uint8_t *result) +{ + int response_len = 0; + uint16_t tlv_type; + uint16_t tlv_value_len; + + while (data_len >= EAP_EXTENSIONS_TLV_HEADER_LEN) { + int response_tlv_len = 0; + + tlv_type = l_get_be16(data); + data += 2; + + tlv_value_len = l_get_be16(data); + data += 2; + + data_len -= EAP_EXTENSIONS_TLV_HEADER_LEN; + + if (data_len < tlv_value_len) + return -EBADMSG; + + switch (tlv_type) { + case EAP_EXTENSIONS_TLV_TYPE_RESULT: + response_tlv_len = eap_extensions_handle_result_tlv(eap, + data, tlv_value_len, response, + result); + + break; + default: + if (tlv_type & EAP_EXTENSIONS_TLV_M_BIT_MASK) + return -ENOENT; + + break; + } + + if (response_tlv_len < 0) + return response_tlv_len; + + response += response_tlv_len; + response_len += response_tlv_len; + + data += tlv_value_len; + data_len -= tlv_value_len; + } - return result; + return response_len; } static void eap_extensions_handle_request(struct eap_state *eap, @@ -184,24 +225,34 @@ static void eap_extensions_handle_request(struct eap_state *eap, size_t len) { struct peap_state *peap_state; - uint8_t response[EAP_EXTENSIONS_HEADER_LEN + - EAP_EXTENSIONS_TLV_HEADER_LEN + 2]; - int r = eap_extensions_handle_result_tlv(eap, pkt, len, response); + uint8_t result = EAP_EXTENSIONS_RESULT_FAILURE; + /* + * The buffer size is chosen to satisfy the needs of the two supported + * TLVs. + */ + uint8_t response[256]; + int response_len; - if (r < 0) + response_len = eap_extensions_process_tlvs(eap, pkt, len, + &response[EAP_EXTENSIONS_HEADER_LEN], + &result); + + if (response_len < 0) return; + response_len += EAP_EXTENSIONS_HEADER_LEN; + response[0] = EAP_CODE_RESPONSE; response[1] = id; - l_put_be16(sizeof(response), &response[2]); + l_put_be16(response_len, &response[2]); response[4] = EAP_TYPE_EXTENSIONS; - eap_peap_phase2_send_response(response, sizeof(response), eap); + eap_peap_phase2_send_response(response, response_len, eap); eap_discard_success_and_failure(eap, false); eap_tls_common_set_completed(eap); - if (r != EAP_EXTENSIONS_RESULT_SUCCCESS) { + if (result != EAP_EXTENSIONS_RESULT_SUCCCESS) { eap_tls_common_set_phase2_failed(eap); eap_tls_common_tunnel_close(eap); -- 2.13.6

1 year, 2 months

2
3
0 / 0

[PATCH v3 1/2] netconfig: Add IPv4 domain name helper and installer

by Tim Kourt

The provided domain name helper allows to override the DHCP lease option value with the static one from network configuration file. --- src/netconfig.c | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/src/netconfig.c b/src/netconfig.c index c7e9f934..8d493496 100644 --- a/src/netconfig.c +++ b/src/netconfig.c @@ -278,6 +278,28 @@ static char **netconfig_ipv4_get_dns(struct netconfig *netconfig, uint8_t proto) return NULL; } +static char *netconfig_ipv4_get_domain_name(struct netconfig *netconfig, + uint8_t proto) +{ + const struct l_dhcp_lease *lease; + char *domain_name; + + domain_name = l_settings_get_string(netconfig->active_settings, + "IPv4", "DomainName"); + if (domain_name) + /* Allow to override the DHCP domain name with setting entry. */ + return domain_name; + + if (proto != RTPROT_DHCP) + return NULL; + + lease = l_dhcp_client_get_lease(netconfig->dhcp_client); + if (!lease) + return NULL; + + return l_dhcp_lease_get_domain_name(lease); +} + static struct netconfig_ifaddr *netconfig_ipv6_get_ifaddr( struct netconfig *netconfig, uint8_t proto) @@ -727,6 +749,7 @@ static void netconfig_ipv4_ifaddr_add_cmd_cb(int error, uint16_t type, struct netconfig *netconfig = user_data; struct netconfig_ifaddr *ifaddr; char **dns; + char *domain_name; if (error && error != -EEXIST) { l_error("netconfig: Failed to add IP address. " @@ -751,12 +774,21 @@ static void netconfig_ipv4_ifaddr_add_cmd_cb(int error, uint16_t type, dns = netconfig_ipv4_get_dns(netconfig, netconfig->rtm_protocol); if (!dns) { l_error("netconfig: Failed to obtain DNS addresses."); - goto done; + goto domain_name; } resolve_add_dns(netconfig->ifindex, ifaddr->family, dns); l_strv_free(dns); +domain_name: + domain_name = netconfig_ipv4_get_domain_name(netconfig, + netconfig->rtm_protocol); + if (!domain_name) + goto done; + + resolve_add_domain_name(netconfig->ifindex, domain_name); + l_free(domain_name); + done: netconfig_ifaddr_destroy(ifaddr); } -- 2.13.6

1 year, 2 months

2
3
0 / 0

[PATCH] eap-gtc: Try to auth even if request not Password

by xdavidwu

There are some server implementations that send requests that are not "Password" but still want us send password. This commit modify the behavior to send a warning and still try to auth with password. This makes me able to auth with server in my school which sends "Enter Aruba Login". wpa_supplicant does not check if it is "Password". --- src/eap-gtc.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/src/eap-gtc.c b/src/eap-gtc.c index 9302257e..7788d44c 100644 --- a/src/eap-gtc.c +++ b/src/eap-gtc.c @@ -56,11 +56,9 @@ static void eap_gtc_handle_request(struct eap_state *eap, size_t secret_len = strlen(gtc->password); uint8_t response[5 + secret_len]; - if (len < 8) - goto error; - - if (strncmp((const char *)pkt, "Password", 8)) - goto error; + if (len < 8 || strncmp((const char *)pkt, "Password", 8)) + l_warn("GTC request not understood, proceeding anyway: %.*s", + (int) len, (const char *) pkt); memcpy(response + 5, gtc->password, secret_len); @@ -69,10 +67,6 @@ static void eap_gtc_handle_request(struct eap_state *eap, eap_method_success(eap); return; - -error: - l_error("invalid GTC request"); - eap_method_error(eap); } static int eap_gtc_check_settings(struct l_settings *settings, -- 2.24.1

1 year, 2 months

3
3
0 / 0

[PATCH 1/4] net: Add l_net_hostname_is_root

by Tim Kourt

The function identifies if the given hostname is root domain name. --- ell/net.c | 23 +++++++++++++++++++++++ ell/net.h | 1 + 2 files changed, 24 insertions(+) diff --git a/ell/net.c b/ell/net.c index b5b5f9d..3b6e0dc 100644 --- a/ell/net.c +++ b/ell/net.c @@ -110,3 +110,26 @@ LIB_EXPORT char *l_net_get_name(uint32_t ifindex) return l_strdup(ifr.ifr_name); } + +/** + * l_net_hostname_is_root: + * @hostname: Hostname to validate + * + * Identifies if the hostname given by @hostname is root domain name or + * not. + * + * Returns: #true if the given hostname is root and #false otherwise. + **/ +LIB_EXPORT bool l_net_hostname_is_root(const char *hostname) +{ + if (unlikely(!hostname)) + return false; + + if (!strcmp(hostname, "")) + return true; + + if (!strcmp(hostname, ".")) + return true; + + return false; +} diff --git a/ell/net.h b/ell/net.h index 25b1ca2..7afcf86 100644 --- a/ell/net.h +++ b/ell/net.h @@ -32,6 +32,7 @@ extern "C" { bool l_net_get_mac_address(uint32_t ifindex, uint8_t *out_addr); char *l_net_get_name(uint32_t ifindex); +bool l_net_hostname_is_root(const char *hostname); #ifdef __cplusplus } -- 2.13.6

1 year, 2 months

1
3
0 / 0

2021

2020

2019

iwd December 2019

2021

2020

2019

iwd December 2019 ----- 2021 ----- February 2021 January 2021 ----- 2020 ----- December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 ----- 2019 ----- December 2019 November 2019 October 2019 September 2019

iwd December 2019