From patchwork Thu Oct 14 16:16:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Damien Dejean X-Patchwork-Id: 1541005 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=aJLeALKj; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=i7oGnFuk; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HVZMZ6jYJz9s0r for ; Fri, 15 Oct 2021 03:18:34 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=BXSSF/BR91UsVfLDp+z3hWi90xTzDATzb2moEVZQi7A=; b=aJLeALKjhhWVRX ZeVxbtWMXNLvoFE7xBtT0WZ+LRy+suDEj2y/9Jpk+btY50t+i0NwgcZP0MjFrfLW4we38Y/nqAjt9 Cb9QmXQO3M25lW9V86SjMda29HqukMzSoXYB7zEAqkzXOveTC8NjqObdrXg7EaQwftuhd8B0S2F1/ l0rvyEIXbZ0KljYe9g32qqj4mxQ1TZRYL2QXZT75O7DJrBl42LJ6cSOqOzOkjjl9KGpQd6zahga8q pXlcUGFY7bzJA8CfJNaD+It74rnZAX+cMMrfWYIFtCxwlWKI52PSv/A0R3METR9N1dHxgdIC1dBpF ps5kLKJ4udRUxDFv8xtQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mb3Pr-003oX9-5b; Thu, 14 Oct 2021 16:17:11 +0000 Received: from mail-wr1-x429.google.com ([2a00:1450:4864:20::429]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mb3Pl-003oW5-W3 for hostap@lists.infradead.org; Thu, 14 Oct 2021 16:17:08 +0000 Received: by mail-wr1-x429.google.com with SMTP id v17so21127271wrv.9 for ; Thu, 14 Oct 2021 09:17:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=u//RKUUpHkV4Y+7wxGE72SZQt95jknf2lJGJA8Q5nI0=; b=i7oGnFukkrYFPDu7kfviKRZepF46D5i5W0PtxeYmS84w90PIj/bClKzvKVYw5mWYYH NYrL2l595JGBDE5m7voupzlTn4d+PHxTX2XiIc57SictCa5HY4zALyp1tjQnDufWTaYe AzE+ju2/dlf9B8j7+O3tEC4RQaHpYKma2t4yc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=u//RKUUpHkV4Y+7wxGE72SZQt95jknf2lJGJA8Q5nI0=; b=WmhLpIEe34TtCmNlU+gL09+/FgUoppV7ldmqP7SqOGDCB4E4wHqHOgo2vzau5AS55j ItAgC3BXX+fYzZSzBtJHmIJJ//e/umgFCP4II53VBj60ENqYEsRAmfyqfWNfxTNdsrzt 49R8q9d9UChT1zxDSbv81TbCScx3s3k9saRNBDWhYrp4HNH9YTTQ/UW6N4uCdhYgMqAR Wz8+WVenVR2O0RMH4o5ExP5X49TbWQTcESpWCIN/XHGXj/AzLrDHbr/7t+bQl5jxs1Hp 0UsINniC5mrdSZkccKqGH2VvBEplmffUH7OjSyp8FcKcB74jKSqzIERjD7s0G3RDV/le EKow== X-Gm-Message-State: AOAM532k0f7oVCSNY/ony3D4C1J9CoPss9GbWvsTkEeTicVTCXbAnwua mBL4mAJ8KbR09V6HICVdVdsSnKPOCJfTFHP9l4o= X-Google-Smtp-Source: ABdhPJwzNxzAebIBx5tWtlnVuaAMIaiGE8exm44qw07yJTiyvTKnnGwQ/w0qu5c9cG8/vj2H+G1j4w== X-Received: by 2002:a5d:6b88:: with SMTP id n8mr7519945wrx.332.1634228223906; Thu, 14 Oct 2021 09:17:03 -0700 (PDT) Received: from ddejean-cros.c.googlers.com.com (110.121.148.146.bc.googleusercontent.com. [146.148.121.110]) by smtp.gmail.com with ESMTPSA id c204sm8422039wme.11.2021.10.14.09.17.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Oct 2021 09:17:03 -0700 (PDT) From: damiendejean@chromium.org To: hostap@lists.infradead.org Cc: Damien Dejean Subject: [PATCH 2/3] DBus: add interworking credentials. Date: Thu, 14 Oct 2021 16:16:53 +0000 Message-Id: <20211014161654.3981468-2-damiendejean@chromium.org> X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog In-Reply-To: <20211014161654.3981468-1-damiendejean@chromium.org> References: <20211014161654.3981468-1-damiendejean@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211014_091706_088606_61D036D1 X-CRM114-Status: GOOD ( 24.62 ) X-Spam-Score: -0.4 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Damien Dejean Add "AddCred" and "RemoveCred" methods to the D-Bus API of the network interface to allow the caller to manipulate a set of interworking credentials. Signed-off-by: Damien Dejean --- tests/hwsim/test_dbus.py | 26 +++ wpa_supplicant/dbus/dbus_new.c | 17 ++ wpa_supplicant/dbus/dbus_new.h | 4 + wpa_supplicant/dbus/dbus_new_ [...] Content analysis details: (-0.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:429 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.2 DKIMWL_WL_HIGH DKIMwl.org - High trust sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Damien Dejean Add "AddCred" and "RemoveCred" methods to the D-Bus API of the network interface to allow the caller to manipulate a set of interworking credentials. Signed-off-by: Damien Dejean --- tests/hwsim/test_dbus.py | 26 +++ wpa_supplicant/dbus/dbus_new.c | 17 ++ wpa_supplicant/dbus/dbus_new.h | 4 + wpa_supplicant/dbus/dbus_new_handlers.c | 228 ++++++++++++++++++++++++ wpa_supplicant/dbus/dbus_new_handlers.h | 11 ++ 5 files changed, 286 insertions(+) diff --git a/tests/hwsim/test_dbus.py b/tests/hwsim/test_dbus.py index 1143802c6..1822e0a2c 100644 --- a/tests/hwsim/test_dbus.py +++ b/tests/hwsim/test_dbus.py @@ -6091,3 +6091,29 @@ def test_dbus_roam(dev, apdev): with TestDbusConnect(bus) as t: if not t.success(): raise Exception("Expected signals not seen") + +def test_dbus_creds(dev, apdev): + "D-Bus interworking credentials" + (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0]) + iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE) + + args = {'domain': 'server.w1.fi', + 'realm': 'server.w1.fi', + 'eap': 'TTLS', + 'phase2': 'auth=MSCHAPV2', + 'username': 'user', + 'password': 'password', + 'domain_suffix_match': 'server.w1.fi', + 'ca_cert': 'auth_serv/ca.pem'} + + path = iface.AddCred(dbus.Dictionary(args, signature='sv')) + for k, v in args.items(): + if k == 'password': + continue + prop = dev[0].get_cred(0, k) + if prop != v: + raise Exception('Credential add failed: %s does not match %s' % (prop, v)) + + iface.RemoveCred(path) + if not "FAIL" in dev[0].get_cred(0, 'domain'): + raise Exception("Credential remove failed") diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c index 2c01943f7..413396a9f 100644 --- a/wpa_supplicant/dbus/dbus_new.c +++ b/wpa_supplicant/dbus/dbus_new.c @@ -3570,6 +3570,23 @@ static const struct wpa_dbus_method_desc wpas_dbus_interface_methods[] = { END_ARGS } }, +#ifdef CONFIG_INTERWORKING + { "AddCred", WPAS_DBUS_NEW_IFACE_INTERFACE, + (WPADBusMethodHandler) wpas_dbus_handler_add_cred, + { + { "args", "a{sv}", ARG_IN }, + { "path", "o", ARG_OUT }, + END_ARGS + } + }, + { "RemoveCred", WPAS_DBUS_NEW_IFACE_INTERFACE, + (WPADBusMethodHandler) wpas_dbus_handler_remove_cred, + { + { "path", "o", ARG_IN }, + END_ARGS + } + }, +#endif /* CONFIG_INTERWORKING */ { NULL, NULL, NULL, { END_ARGS } } }; diff --git a/wpa_supplicant/dbus/dbus_new.h b/wpa_supplicant/dbus/dbus_new.h index 42db3892e..8ae0afeaa 100644 --- a/wpa_supplicant/dbus/dbus_new.h +++ b/wpa_supplicant/dbus/dbus_new.h @@ -16,6 +16,7 @@ struct wpa_global; struct wpa_supplicant; struct wpa_ssid; +struct wpa_cred; struct wps_event_m2d; struct wps_event_fail; struct wps_credential; @@ -96,6 +97,9 @@ enum wpas_dbus_sta_prop { #define WPAS_DBUS_NEW_P2P_PEERS_PART "Peers" #define WPAS_DBUS_NEW_IFACE_P2P_PEER WPAS_DBUS_NEW_INTERFACE ".Peer" +#define WPAS_DBUS_NEW_CREDENTIALS_PART "Credentials" +#define WPAS_DBUS_NEW_IFACE_CREDENTIAL WPAS_DBUS_NEW_INTERFACE ".Credential" + /* Top-level Errors */ #define WPAS_DBUS_ERROR_UNKNOWN_ERROR \ WPAS_DBUS_NEW_INTERFACE ".UnknownError" diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c index db9f30c9a..2b2cefb76 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.c +++ b/wpa_supplicant/dbus/dbus_new_handlers.c @@ -148,6 +148,9 @@ static const char * const dont_quote[] = { #ifdef CONFIG_P2P "go_p2p_dev_addr", "p2p_client_list", "psk_list", #endif /* CONFIG_P2P */ +#ifdef CONFIG_INTERWORKING + "roaming_consortium", +#endif /* CONFIG_INTERWORKING */ NULL }; @@ -328,6 +331,110 @@ error: } +/** + * set_cred_properties - Set the properties of a configured set of + * crendentials. + * @wpa_s: wpa_supplicant structure for a network interface + * @cred: wpa_cred structure for a configured credential + * @iter: DBus message iterator containing dictionary of network + * properties to set. + * @error: On failure, an error describing the failure + * Returns: TRUE if the request succeeds, FALSE if it failed + */ +dbus_bool_t set_cred_properties(struct wpa_supplicant *wpa_s, + struct wpa_cred *cred, + DBusMessageIter *iter, + DBusError *error) +{ + struct wpa_dbus_dict_entry entry = { .type = DBUS_TYPE_STRING }; + DBusMessageIter iter_dict; + char *value = NULL; + + if (!wpa_dbus_dict_open_read(iter, &iter_dict, error)) + return FALSE; + + while (wpa_dbus_dict_has_dict_entry(&iter_dict)) { + size_t size = 50; + int ret; + + if (!wpa_dbus_dict_get_entry(&iter_dict, &entry)) + goto error; + + value = NULL; + if (entry.type == DBUS_TYPE_ARRAY && + entry.array_type == DBUS_TYPE_BYTE) { + if (entry.array_len <= 0) + goto error; + + size = entry.array_len * 2 + 1; + value = os_zalloc(size); + if (value == NULL) + goto error; + + ret = wpa_snprintf_hex(value, size, + (u8 *) entry.bytearray_value, + entry.array_len); + if (ret <= 0) + goto error; + } else if (entry.type == DBUS_TYPE_STRING) { + if (should_quote_opt(entry.key)) { + size = os_strlen(entry.str_value); + + size += 3; + value = os_zalloc(size); + if (value == NULL) + goto error; + + ret = os_snprintf(value, size, "\"%s\"", + entry.str_value); + if (os_snprintf_error(size, ret)) + goto error; + } else { + value = os_strdup(entry.str_value); + if (value == NULL) + goto error; + } + } else if (entry.type == DBUS_TYPE_UINT32) { + value = os_zalloc(size); + if (value == NULL) + goto error; + + ret = os_snprintf(value, size, "%u", + entry.uint32_value); + if (os_snprintf_error(size, ret)) + goto error; + } else if (entry.type == DBUS_TYPE_INT32) { + value = os_zalloc(size); + if (value == NULL) + goto error; + + ret = os_snprintf(value, size, "%d", + entry.int32_value); + if (os_snprintf_error(size, ret)) + goto error; + } else + goto error; + + ret = wpa_config_set_cred(cred, entry.key, value, 0); + if (ret < 0) + goto error; + + os_free(value); + value = NULL; + wpa_dbus_dict_entry_clear(&entry); + } + + return TRUE; + +error: + os_free(value); + wpa_dbus_dict_entry_clear(&entry); + dbus_set_error_const(error, DBUS_ERROR_INVALID_ARGS, + "invalid message format"); + return FALSE; +} + + /** * wpas_dbus_simple_property_getter - Get basic type property * @iter: Message iter to use when appending arguments @@ -1514,6 +1621,127 @@ DBusMessage * wpas_dbus_handler_abort_scan(DBusMessage *message, return NULL; } +/** + * wpas_dbus_new_iface_add_cred - Add a new set of credentials + * @message: Pointer to incoming dbus message + * @wpa_s: wpa_supplicant structure for a network interface + * Returns: A dbus message containing the object path of the new credential + * + * Handler function for "AddCred" method call of a network interface. + */ +DBusMessage * wpas_dbus_handler_add_cred(DBusMessage *message, + struct wpa_supplicant *wpa_s) +{ + DBusMessage *reply = NULL; + DBusMessageIter iter; + struct wpa_cred *cred = NULL; + char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *path = path_buf; + DBusError error; + + dbus_message_iter_init(message, &iter); + + if (wpa_s->dbus_new_path) + cred = wpa_config_add_cred(wpa_s->conf); + if (cred == NULL) { + wpa_printf(MSG_ERROR, "%s[dbus]: can't add new interface.", + __func__); + reply = wpas_dbus_error_unknown_error( + message, + "wpa_supplicant could not add a credential on this interface."); + goto err; + } + + dbus_error_init(&error); + if (!set_cred_properties(wpa_s, cred, &iter, &error)) { + wpa_printf(MSG_DEBUG, + "%s[dbus]: control interface couldn't set credential properties", + __func__); + reply = wpas_dbus_reply_new_from_error(message, &error, + DBUS_ERROR_INVALID_ARGS, + "Failed to add credential"); + dbus_error_free(&error); + goto err; + } + + /* Construct the object path for this network. */ + os_snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX, + "%s/" WPAS_DBUS_NEW_CREDENTIALS_PART "/%d", + wpa_s->dbus_new_path, cred->id); + + reply = dbus_message_new_method_return(message); + if (reply == NULL) { + reply = wpas_dbus_error_no_memory(message); + goto err; + } + if (!dbus_message_append_args(reply, DBUS_TYPE_OBJECT_PATH, &path, + DBUS_TYPE_INVALID)) { + dbus_message_unref(reply); + reply = wpas_dbus_error_no_memory(message); + goto err; + } + + return reply; + +err: + if (cred) { + wpa_config_remove_cred(wpa_s->conf, cred->id); + } + return reply; +} + +/** + * wpas_dbus_handler_remove_cred - Remove a configured set of credentials + * @message: Pointer to incoming dbus message + * @wpa_s: wpa_supplicant structure for a network interface + * Returns: NULL on success or dbus error on failure + * + * Handler function for "RemoveCred" method call of a network interface. + */ +DBusMessage * wpas_dbus_handler_remove_cred(DBusMessage *message, + struct wpa_supplicant *wpa_s) +{ + DBusMessage *reply = NULL; + const char *op; + char *iface, *cred_id; + int id; + int result; + + dbus_message_get_args(message, NULL, DBUS_TYPE_OBJECT_PATH, &op, + DBUS_TYPE_INVALID); + + /* Extract the network ID and ensure the network */ + /* is actually a child of this interface */ + iface = wpas_dbus_new_decompose_object_path(op, + WPAS_DBUS_NEW_CREDENTIALS_PART, + &cred_id); + if (iface == NULL || cred_id == NULL || !wpa_s->dbus_new_path || + os_strcmp(iface, wpa_s->dbus_new_path) != 0) { + reply = wpas_dbus_error_invalid_args(message, op); + goto out; + } + + errno = 0; + id = strtoul(cred_id, NULL, 10); + if (errno != 0) { + reply = wpas_dbus_error_invalid_args(message, op); + goto out; + } + + result = wpa_config_remove_cred(wpa_s->conf, id); + if (result == -1) { + wpa_printf(MSG_ERROR, + "%s[dbus]: error occurred when removing cred %d", + __func__, id); + reply = wpas_dbus_error_unknown_error( + message, + "error removing the specified credential on its interface."); + goto out; + } + +out: + os_free(iface); + return reply; +} /** * wpas_dbus_handler_signal_poll - Request immediate signal properties diff --git a/wpa_supplicant/dbus/dbus_new_handlers.h b/wpa_supplicant/dbus/dbus_new_handlers.h index c36383f05..5b01ab527 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.h +++ b/wpa_supplicant/dbus/dbus_new_handlers.h @@ -144,6 +144,17 @@ DBusMessage * wpas_dbus_handler_eap_logoff(DBusMessage *message, DBusMessage * wpas_dbus_handler_eap_logon(DBusMessage *message, struct wpa_supplicant *wpa_s); +dbus_bool_t set_cred_properties(struct wpa_supplicant *wpa_s, + struct wpa_cred *cred, + DBusMessageIter *iter, + DBusError *error); + +DBusMessage * wpas_dbus_handler_add_cred(DBusMessage *message, + struct wpa_supplicant *wpa_s); + +DBusMessage * wpas_dbus_handler_remove_cred(DBusMessage *message, + struct wpa_supplicant *wpa_s); + DECLARE_ACCESSOR(wpas_dbus_getter_capabilities); DECLARE_ACCESSOR(wpas_dbus_getter_state); DECLARE_ACCESSOR(wpas_dbus_getter_scanning);