From patchwork Thu Oct 14 16:16:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Damien Dejean X-Patchwork-Id: 1541004 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=gzRHYN6Z; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=cRFom5By; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HVZMX1fznz9s0r for ; Fri, 15 Oct 2021 03:18:32 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=P8h4+LqPuKwJEXjP0JLOp9v/9nvQrRPmwhotvl2vXQw=; b=gzRHYN6ZPHq6pw yxGBNVRGnOWdhgplH4RFHXY7xswAMsZA9cj09RL1/rXr0In039xfTyoy7AJKo1PkbULcp9Yoysb1I Ca61+cpujHFhmMMHKtevydArzu/GIHNFYEfTYT42VjGuzPvgAGY/inQZGZ4DwcHDVM/h1dIJm0Bru gZFRujRsJSmq8kXSb16pvclyQ+88QAqfGPAdnQVaxsY9a72ZXR4XRq/cBXgOepB5HRnJfhKQt7eLD 8zqYbQ4dsGzxXigknu0tliN1WEOpbzlejQ4AAWrYPXeyfLMWe81OyBjxNckD+5X7ukQgbnZOoXSC+ 5/WOvOCnbkYhYjfVSlKg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mb3Pj-003oVs-55; Thu, 14 Oct 2021 16:17:03 +0000 Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mb3Pg-003oVF-3y for hostap@lists.infradead.org; Thu, 14 Oct 2021 16:17:02 +0000 Received: by mail-wr1-x42d.google.com with SMTP id i12so21163696wrb.7 for ; Thu, 14 Oct 2021 09:16:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=GkmPL0VedD/OJunxpt7HSQk1TiMGdu+Up6AQvtn2pHc=; b=cRFom5ByX28BYTAZQ0r/jkNqV/El63AXbC5AdEHSDv7FMBx2zjmog2dA+3gaXfNAqG omg/4/Rf7/O+h0s7ReOioutPi04zzt0E8xniqYbtno/73c5NFko3SsGm3zijIPD6X21r fB88RnjVqaHBFlaOF5TgMwELsSxZw/9QpjTjc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=GkmPL0VedD/OJunxpt7HSQk1TiMGdu+Up6AQvtn2pHc=; b=aA9dzQ8NJN5gMpSCs0QC308OqyTQLR3fyJolhTwX9VWyMHcLlA01y4IomC6yxRk/Iu PTE6ISBDe9qulqeeAfuqtDyzuSqWDUpLXV+KtDu+xVgsNTHKK4/KyFEDpqu6N4kuUk2e 4DrhJAgfLC4By+LAG6wq7C9F18exkZVRetrivjdoTdlmDnvK2zGW19oiQxTpWi+DWG57 rOFBbOyK9qMgFzEnCH1AAZRh5bwq9pQcJIH9ZecjOe7bJcA6z5JBxTArhufNfs3gvF3G VY2Fz89ewkquxlG9/DAhLJ9lIB+JtbN27BiCGi8sM2IitdmcI+sADnqjOin2iGR+k7gx vjUQ== X-Gm-Message-State: AOAM531N355c4ynI5eafQX+52vLJf0yMQc3EKb16wrJxKqQz9wG0m7YO pt1a2Cli5IM/Uj64ZGorU32JWrEymn3Xsw== X-Google-Smtp-Source: ABdhPJx849sSiVIcK7/QQjwX5D5Irz3aw3xWT1L/RUQx/ulUj0hAVqwQITIDdGYbkqm+2xPx+OaSJg== X-Received: by 2002:adf:a31d:: with SMTP id c29mr7686995wrb.381.1634228217637; Thu, 14 Oct 2021 09:16:57 -0700 (PDT) Received: from ddejean-cros.c.googlers.com.com (110.121.148.146.bc.googleusercontent.com. [146.148.121.110]) by smtp.gmail.com with ESMTPSA id c204sm8422039wme.11.2021.10.14.09.16.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Oct 2021 09:16:57 -0700 (PDT) From: damiendejean@chromium.org To: hostap@lists.infradead.org Cc: Damien Dejean Subject: [PATCH 1/3] HS 2.0: crypto engine support for creds. Date: Thu, 14 Oct 2021 16:16:52 +0000 Message-Id: <20211014161654.3981468-1-damiendejean@chromium.org> X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211014_091700_191757_DAAE83BE X-CRM114-Status: GOOD ( 17.03 ) X-Spam-Score: -0.4 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Damien Dejean Adds the support of engine, engine_id, ca_cert_id, cert_id and key_id to credential blocks for Hotspot 2.0. Signed-off-by: Damien Dejean --- wpa_supplicant/config.c | 33 +++++++++++++++++++++++++++++++++ wpa_supplicant/config.h | 25 +++++++++++++++++++++++++ wpa_supplicant/interw [...] Content analysis details: (-0.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:42d listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.2 DKIMWL_WL_HIGH DKIMwl.org - High trust sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Damien Dejean Adds the support of engine, engine_id, ca_cert_id, cert_id and key_id to credential blocks for Hotspot 2.0. Signed-off-by: Damien Dejean --- wpa_supplicant/config.c | 33 +++++++++++++++++++++++++++++++++ wpa_supplicant/config.h | 25 +++++++++++++++++++++++++ wpa_supplicant/interworking.c | 30 ++++++++++++++++++++++++++---- wpa_supplicant/wpa_cli.c | 1 + 4 files changed, 85 insertions(+), 4 deletions(-) diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c index bf97de698..c5f1a126b 100644 --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c @@ -2855,6 +2855,10 @@ void wpa_config_free_cred(struct wpa_cred *cred) os_free(cred->client_cert); os_free(cred->private_key); str_clear_free(cred->private_key_passwd); + os_free(cred->engine_id); + os_free(cred->ca_cert_id); + os_free(cred->cert_id); + os_free(cred->key_id); os_free(cred->imsi); str_clear_free(cred->milenage); for (i = 0; i < cred->num_domain; i++) @@ -3618,6 +3622,11 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var, return 0; } + if (os_strcmp(var, "engine") == 0) { + cred->engine = atoi(value); + return 0; + } + val = wpa_config_parse_string(value, &len); if (val == NULL || (os_strcmp(var, "excluded_ssid") != 0 && @@ -3673,6 +3682,30 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var, return 0; } + if (os_strcmp(var, "engine_id") == 0) { + os_free(cred->engine_id); + cred->engine_id = val; + return 0; + } + + if (os_strcmp(var, "ca_cert_id") == 0) { + os_free(cred->ca_cert_id); + cred->ca_cert_id = val; + return 0; + } + + if (os_strcmp(var, "cert_id") == 0) { + os_free(cred->cert_id); + cred->cert_id = val; + return 0; + } + + if (os_strcmp(var, "key_id") == 0) { + os_free(cred->key_id); + cred->key_id = val; + return 0; + } + if (os_strcmp(var, "imsi") == 0) { os_free(cred->imsi); cred->imsi = val; diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h index 0320d9eeb..c7a55202b 100644 --- a/wpa_supplicant/config.h +++ b/wpa_supplicant/config.h @@ -179,6 +179,31 @@ struct wpa_cred { */ char *milenage; + /** + * engine - Use an engine for private key operations. + */ + int engine; + + /** + * engine_id - String identifying the engine to use. + */ + char *engine_id; + + /** + * ca_cert_id - The CA certificate identifier when using an engine. + */ + char *ca_cert_id; + + /** + * cert_id - The certificate identifier when using an engine. + */ + char *cert_id; + + /** + * key_id - The private key identifier when using an engine. + */ + char *key_id; + /** * domain_suffix_match - Constraint for server domain name * diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c index 1c82d2117..066e344a0 100644 --- a/wpa_supplicant/interworking.c +++ b/wpa_supplicant/interworking.c @@ -702,12 +702,15 @@ static struct nai_realm_eap * nai_realm_find_eap(struct wpa_supplicant *wpa_s, ((cred->password == NULL || cred->password[0] == '\0') && (cred->private_key == NULL || - cred->private_key[0] == '\0'))) { + cred->private_key[0] == '\0') && + (cred->key_id == NULL || + cred->key_id[0] == '\0'))) { wpa_msg(wpa_s, MSG_DEBUG, - "nai-realm-find-eap: incomplete cred info: username: %s password: %s private_key: %s", + "nai-realm-find-eap: incomplete cred info: username: %s password: %s private_key: %s key_id: %s", cred->username ? cred->username : "NULL", cred->password ? cred->password : "NULL", - cred->private_key ? cred->private_key : "NULL"); + cred->private_key ? cred->private_key : "NULL", + cred->key_id ? cred->private_key : "NULL"); return NULL; } @@ -716,7 +719,8 @@ static struct nai_realm_eap * nai_realm_find_eap(struct wpa_supplicant *wpa_s, if (cred->password && cred->password[0] && nai_realm_cred_username(wpa_s, eap)) return eap; - if (cred->private_key && cred->private_key[0] && + if (((cred->private_key && cred->private_key[0]) || + (cred->key_id && cred->key_id[0])) && nai_realm_cred_cert(wpa_s, eap)) return eap; } @@ -1539,6 +1543,24 @@ static int interworking_set_eap_params(struct wpa_ssid *ssid, cred->private_key_passwd) < 0) return -1; + if (cred->ca_cert_id && cred->ca_cert_id[0] && + wpa_config_set_quoted(ssid, "ca_cert_id", cred->ca_cert_id) < 0) + return -1; + + if (cred->cert_id && cred->cert_id[0] && + wpa_config_set_quoted(ssid, "cert_id", cred->cert_id) < 0) + return -1; + + if (cred->key_id && cred->key_id[0] && + wpa_config_set_quoted(ssid, "key_id", cred->key_id) < 0) + return -1; + + if (cred->engine_id && cred->engine_id[0] && + wpa_config_set_quoted(ssid, "engine_id", cred->engine_id) < 0) + return -1; + + ssid->eap.cert.engine = cred->engine; + if (cred->phase1) { os_free(ssid->eap.phase1); ssid->eap.phase1 = os_strdup(cred->phase1); diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c index b72983e9c..17b14c824 100644 --- a/wpa_supplicant/wpa_cli.c +++ b/wpa_supplicant/wpa_cli.c @@ -1591,6 +1591,7 @@ static const char * const cred_fields[] = { "min_dl_bandwidth_roaming", "min_ul_bandwidth_roaming", "max_bss_load", "req_conn_capab", "ocsp", "sim_num", "realm", "username", "password", "ca_cert", "client_cert", "private_key", "private_key_passwd", "imsi", + "ca_cert_id", "cert_id", "key_id", "engine_id", "engine", "milenage", "domain_suffix_match", "domain", "phase1", "phase2", "roaming_consortium", "required_roaming_consortium", "excluded_ssid", "roaming_partner", "provisioning_sp" From patchwork Thu Oct 14 16:16:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Damien Dejean X-Patchwork-Id: 1541005 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=aJLeALKj; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=i7oGnFuk; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HVZMZ6jYJz9s0r for ; Fri, 15 Oct 2021 03:18:34 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=BXSSF/BR91UsVfLDp+z3hWi90xTzDATzb2moEVZQi7A=; b=aJLeALKjhhWVRX ZeVxbtWMXNLvoFE7xBtT0WZ+LRy+suDEj2y/9Jpk+btY50t+i0NwgcZP0MjFrfLW4we38Y/nqAjt9 Cb9QmXQO3M25lW9V86SjMda29HqukMzSoXYB7zEAqkzXOveTC8NjqObdrXg7EaQwftuhd8B0S2F1/ l0rvyEIXbZ0KljYe9g32qqj4mxQ1TZRYL2QXZT75O7DJrBl42LJ6cSOqOzOkjjl9KGpQd6zahga8q pXlcUGFY7bzJA8CfJNaD+It74rnZAX+cMMrfWYIFtCxwlWKI52PSv/A0R3METR9N1dHxgdIC1dBpF ps5kLKJ4udRUxDFv8xtQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mb3Pr-003oX9-5b; Thu, 14 Oct 2021 16:17:11 +0000 Received: from mail-wr1-x429.google.com ([2a00:1450:4864:20::429]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mb3Pl-003oW5-W3 for hostap@lists.infradead.org; Thu, 14 Oct 2021 16:17:08 +0000 Received: by mail-wr1-x429.google.com with SMTP id v17so21127271wrv.9 for ; Thu, 14 Oct 2021 09:17:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=u//RKUUpHkV4Y+7wxGE72SZQt95jknf2lJGJA8Q5nI0=; b=i7oGnFukkrYFPDu7kfviKRZepF46D5i5W0PtxeYmS84w90PIj/bClKzvKVYw5mWYYH NYrL2l595JGBDE5m7voupzlTn4d+PHxTX2XiIc57SictCa5HY4zALyp1tjQnDufWTaYe AzE+ju2/dlf9B8j7+O3tEC4RQaHpYKma2t4yc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=u//RKUUpHkV4Y+7wxGE72SZQt95jknf2lJGJA8Q5nI0=; b=WmhLpIEe34TtCmNlU+gL09+/FgUoppV7ldmqP7SqOGDCB4E4wHqHOgo2vzau5AS55j ItAgC3BXX+fYzZSzBtJHmIJJ//e/umgFCP4II53VBj60ENqYEsRAmfyqfWNfxTNdsrzt 49R8q9d9UChT1zxDSbv81TbCScx3s3k9saRNBDWhYrp4HNH9YTTQ/UW6N4uCdhYgMqAR Wz8+WVenVR2O0RMH4o5ExP5X49TbWQTcESpWCIN/XHGXj/AzLrDHbr/7t+bQl5jxs1Hp 0UsINniC5mrdSZkccKqGH2VvBEplmffUH7OjSyp8FcKcB74jKSqzIERjD7s0G3RDV/le EKow== X-Gm-Message-State: AOAM532k0f7oVCSNY/ony3D4C1J9CoPss9GbWvsTkEeTicVTCXbAnwua mBL4mAJ8KbR09V6HICVdVdsSnKPOCJfTFHP9l4o= X-Google-Smtp-Source: ABdhPJwzNxzAebIBx5tWtlnVuaAMIaiGE8exm44qw07yJTiyvTKnnGwQ/w0qu5c9cG8/vj2H+G1j4w== X-Received: by 2002:a5d:6b88:: with SMTP id n8mr7519945wrx.332.1634228223906; Thu, 14 Oct 2021 09:17:03 -0700 (PDT) Received: from ddejean-cros.c.googlers.com.com (110.121.148.146.bc.googleusercontent.com. [146.148.121.110]) by smtp.gmail.com with ESMTPSA id c204sm8422039wme.11.2021.10.14.09.17.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Oct 2021 09:17:03 -0700 (PDT) From: damiendejean@chromium.org To: hostap@lists.infradead.org Cc: Damien Dejean Subject: [PATCH 2/3] DBus: add interworking credentials. Date: Thu, 14 Oct 2021 16:16:53 +0000 Message-Id: <20211014161654.3981468-2-damiendejean@chromium.org> X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog In-Reply-To: <20211014161654.3981468-1-damiendejean@chromium.org> References: <20211014161654.3981468-1-damiendejean@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211014_091706_088606_61D036D1 X-CRM114-Status: GOOD ( 24.62 ) X-Spam-Score: -0.4 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Damien Dejean Add "AddCred" and "RemoveCred" methods to the D-Bus API of the network interface to allow the caller to manipulate a set of interworking credentials. Signed-off-by: Damien Dejean --- tests/hwsim/test_dbus.py | 26 +++ wpa_supplicant/dbus/dbus_new.c | 17 ++ wpa_supplicant/dbus/dbus_new.h | 4 + wpa_supplicant/dbus/dbus_new_ [...] Content analysis details: (-0.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:429 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.2 DKIMWL_WL_HIGH DKIMwl.org - High trust sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Damien Dejean Add "AddCred" and "RemoveCred" methods to the D-Bus API of the network interface to allow the caller to manipulate a set of interworking credentials. Signed-off-by: Damien Dejean --- tests/hwsim/test_dbus.py | 26 +++ wpa_supplicant/dbus/dbus_new.c | 17 ++ wpa_supplicant/dbus/dbus_new.h | 4 + wpa_supplicant/dbus/dbus_new_handlers.c | 228 ++++++++++++++++++++++++ wpa_supplicant/dbus/dbus_new_handlers.h | 11 ++ 5 files changed, 286 insertions(+) diff --git a/tests/hwsim/test_dbus.py b/tests/hwsim/test_dbus.py index 1143802c6..1822e0a2c 100644 --- a/tests/hwsim/test_dbus.py +++ b/tests/hwsim/test_dbus.py @@ -6091,3 +6091,29 @@ def test_dbus_roam(dev, apdev): with TestDbusConnect(bus) as t: if not t.success(): raise Exception("Expected signals not seen") + +def test_dbus_creds(dev, apdev): + "D-Bus interworking credentials" + (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0]) + iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE) + + args = {'domain': 'server.w1.fi', + 'realm': 'server.w1.fi', + 'eap': 'TTLS', + 'phase2': 'auth=MSCHAPV2', + 'username': 'user', + 'password': 'password', + 'domain_suffix_match': 'server.w1.fi', + 'ca_cert': 'auth_serv/ca.pem'} + + path = iface.AddCred(dbus.Dictionary(args, signature='sv')) + for k, v in args.items(): + if k == 'password': + continue + prop = dev[0].get_cred(0, k) + if prop != v: + raise Exception('Credential add failed: %s does not match %s' % (prop, v)) + + iface.RemoveCred(path) + if not "FAIL" in dev[0].get_cred(0, 'domain'): + raise Exception("Credential remove failed") diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c index 2c01943f7..413396a9f 100644 --- a/wpa_supplicant/dbus/dbus_new.c +++ b/wpa_supplicant/dbus/dbus_new.c @@ -3570,6 +3570,23 @@ static const struct wpa_dbus_method_desc wpas_dbus_interface_methods[] = { END_ARGS } }, +#ifdef CONFIG_INTERWORKING + { "AddCred", WPAS_DBUS_NEW_IFACE_INTERFACE, + (WPADBusMethodHandler) wpas_dbus_handler_add_cred, + { + { "args", "a{sv}", ARG_IN }, + { "path", "o", ARG_OUT }, + END_ARGS + } + }, + { "RemoveCred", WPAS_DBUS_NEW_IFACE_INTERFACE, + (WPADBusMethodHandler) wpas_dbus_handler_remove_cred, + { + { "path", "o", ARG_IN }, + END_ARGS + } + }, +#endif /* CONFIG_INTERWORKING */ { NULL, NULL, NULL, { END_ARGS } } }; diff --git a/wpa_supplicant/dbus/dbus_new.h b/wpa_supplicant/dbus/dbus_new.h index 42db3892e..8ae0afeaa 100644 --- a/wpa_supplicant/dbus/dbus_new.h +++ b/wpa_supplicant/dbus/dbus_new.h @@ -16,6 +16,7 @@ struct wpa_global; struct wpa_supplicant; struct wpa_ssid; +struct wpa_cred; struct wps_event_m2d; struct wps_event_fail; struct wps_credential; @@ -96,6 +97,9 @@ enum wpas_dbus_sta_prop { #define WPAS_DBUS_NEW_P2P_PEERS_PART "Peers" #define WPAS_DBUS_NEW_IFACE_P2P_PEER WPAS_DBUS_NEW_INTERFACE ".Peer" +#define WPAS_DBUS_NEW_CREDENTIALS_PART "Credentials" +#define WPAS_DBUS_NEW_IFACE_CREDENTIAL WPAS_DBUS_NEW_INTERFACE ".Credential" + /* Top-level Errors */ #define WPAS_DBUS_ERROR_UNKNOWN_ERROR \ WPAS_DBUS_NEW_INTERFACE ".UnknownError" diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c index db9f30c9a..2b2cefb76 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.c +++ b/wpa_supplicant/dbus/dbus_new_handlers.c @@ -148,6 +148,9 @@ static const char * const dont_quote[] = { #ifdef CONFIG_P2P "go_p2p_dev_addr", "p2p_client_list", "psk_list", #endif /* CONFIG_P2P */ +#ifdef CONFIG_INTERWORKING + "roaming_consortium", +#endif /* CONFIG_INTERWORKING */ NULL }; @@ -328,6 +331,110 @@ error: } +/** + * set_cred_properties - Set the properties of a configured set of + * crendentials. + * @wpa_s: wpa_supplicant structure for a network interface + * @cred: wpa_cred structure for a configured credential + * @iter: DBus message iterator containing dictionary of network + * properties to set. + * @error: On failure, an error describing the failure + * Returns: TRUE if the request succeeds, FALSE if it failed + */ +dbus_bool_t set_cred_properties(struct wpa_supplicant *wpa_s, + struct wpa_cred *cred, + DBusMessageIter *iter, + DBusError *error) +{ + struct wpa_dbus_dict_entry entry = { .type = DBUS_TYPE_STRING }; + DBusMessageIter iter_dict; + char *value = NULL; + + if (!wpa_dbus_dict_open_read(iter, &iter_dict, error)) + return FALSE; + + while (wpa_dbus_dict_has_dict_entry(&iter_dict)) { + size_t size = 50; + int ret; + + if (!wpa_dbus_dict_get_entry(&iter_dict, &entry)) + goto error; + + value = NULL; + if (entry.type == DBUS_TYPE_ARRAY && + entry.array_type == DBUS_TYPE_BYTE) { + if (entry.array_len <= 0) + goto error; + + size = entry.array_len * 2 + 1; + value = os_zalloc(size); + if (value == NULL) + goto error; + + ret = wpa_snprintf_hex(value, size, + (u8 *) entry.bytearray_value, + entry.array_len); + if (ret <= 0) + goto error; + } else if (entry.type == DBUS_TYPE_STRING) { + if (should_quote_opt(entry.key)) { + size = os_strlen(entry.str_value); + + size += 3; + value = os_zalloc(size); + if (value == NULL) + goto error; + + ret = os_snprintf(value, size, "\"%s\"", + entry.str_value); + if (os_snprintf_error(size, ret)) + goto error; + } else { + value = os_strdup(entry.str_value); + if (value == NULL) + goto error; + } + } else if (entry.type == DBUS_TYPE_UINT32) { + value = os_zalloc(size); + if (value == NULL) + goto error; + + ret = os_snprintf(value, size, "%u", + entry.uint32_value); + if (os_snprintf_error(size, ret)) + goto error; + } else if (entry.type == DBUS_TYPE_INT32) { + value = os_zalloc(size); + if (value == NULL) + goto error; + + ret = os_snprintf(value, size, "%d", + entry.int32_value); + if (os_snprintf_error(size, ret)) + goto error; + } else + goto error; + + ret = wpa_config_set_cred(cred, entry.key, value, 0); + if (ret < 0) + goto error; + + os_free(value); + value = NULL; + wpa_dbus_dict_entry_clear(&entry); + } + + return TRUE; + +error: + os_free(value); + wpa_dbus_dict_entry_clear(&entry); + dbus_set_error_const(error, DBUS_ERROR_INVALID_ARGS, + "invalid message format"); + return FALSE; +} + + /** * wpas_dbus_simple_property_getter - Get basic type property * @iter: Message iter to use when appending arguments @@ -1514,6 +1621,127 @@ DBusMessage * wpas_dbus_handler_abort_scan(DBusMessage *message, return NULL; } +/** + * wpas_dbus_new_iface_add_cred - Add a new set of credentials + * @message: Pointer to incoming dbus message + * @wpa_s: wpa_supplicant structure for a network interface + * Returns: A dbus message containing the object path of the new credential + * + * Handler function for "AddCred" method call of a network interface. + */ +DBusMessage * wpas_dbus_handler_add_cred(DBusMessage *message, + struct wpa_supplicant *wpa_s) +{ + DBusMessage *reply = NULL; + DBusMessageIter iter; + struct wpa_cred *cred = NULL; + char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *path = path_buf; + DBusError error; + + dbus_message_iter_init(message, &iter); + + if (wpa_s->dbus_new_path) + cred = wpa_config_add_cred(wpa_s->conf); + if (cred == NULL) { + wpa_printf(MSG_ERROR, "%s[dbus]: can't add new interface.", + __func__); + reply = wpas_dbus_error_unknown_error( + message, + "wpa_supplicant could not add a credential on this interface."); + goto err; + } + + dbus_error_init(&error); + if (!set_cred_properties(wpa_s, cred, &iter, &error)) { + wpa_printf(MSG_DEBUG, + "%s[dbus]: control interface couldn't set credential properties", + __func__); + reply = wpas_dbus_reply_new_from_error(message, &error, + DBUS_ERROR_INVALID_ARGS, + "Failed to add credential"); + dbus_error_free(&error); + goto err; + } + + /* Construct the object path for this network. */ + os_snprintf(path, WPAS_DBUS_OBJECT_PATH_MAX, + "%s/" WPAS_DBUS_NEW_CREDENTIALS_PART "/%d", + wpa_s->dbus_new_path, cred->id); + + reply = dbus_message_new_method_return(message); + if (reply == NULL) { + reply = wpas_dbus_error_no_memory(message); + goto err; + } + if (!dbus_message_append_args(reply, DBUS_TYPE_OBJECT_PATH, &path, + DBUS_TYPE_INVALID)) { + dbus_message_unref(reply); + reply = wpas_dbus_error_no_memory(message); + goto err; + } + + return reply; + +err: + if (cred) { + wpa_config_remove_cred(wpa_s->conf, cred->id); + } + return reply; +} + +/** + * wpas_dbus_handler_remove_cred - Remove a configured set of credentials + * @message: Pointer to incoming dbus message + * @wpa_s: wpa_supplicant structure for a network interface + * Returns: NULL on success or dbus error on failure + * + * Handler function for "RemoveCred" method call of a network interface. + */ +DBusMessage * wpas_dbus_handler_remove_cred(DBusMessage *message, + struct wpa_supplicant *wpa_s) +{ + DBusMessage *reply = NULL; + const char *op; + char *iface, *cred_id; + int id; + int result; + + dbus_message_get_args(message, NULL, DBUS_TYPE_OBJECT_PATH, &op, + DBUS_TYPE_INVALID); + + /* Extract the network ID and ensure the network */ + /* is actually a child of this interface */ + iface = wpas_dbus_new_decompose_object_path(op, + WPAS_DBUS_NEW_CREDENTIALS_PART, + &cred_id); + if (iface == NULL || cred_id == NULL || !wpa_s->dbus_new_path || + os_strcmp(iface, wpa_s->dbus_new_path) != 0) { + reply = wpas_dbus_error_invalid_args(message, op); + goto out; + } + + errno = 0; + id = strtoul(cred_id, NULL, 10); + if (errno != 0) { + reply = wpas_dbus_error_invalid_args(message, op); + goto out; + } + + result = wpa_config_remove_cred(wpa_s->conf, id); + if (result == -1) { + wpa_printf(MSG_ERROR, + "%s[dbus]: error occurred when removing cred %d", + __func__, id); + reply = wpas_dbus_error_unknown_error( + message, + "error removing the specified credential on its interface."); + goto out; + } + +out: + os_free(iface); + return reply; +} /** * wpas_dbus_handler_signal_poll - Request immediate signal properties diff --git a/wpa_supplicant/dbus/dbus_new_handlers.h b/wpa_supplicant/dbus/dbus_new_handlers.h index c36383f05..5b01ab527 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.h +++ b/wpa_supplicant/dbus/dbus_new_handlers.h @@ -144,6 +144,17 @@ DBusMessage * wpas_dbus_handler_eap_logoff(DBusMessage *message, DBusMessage * wpas_dbus_handler_eap_logon(DBusMessage *message, struct wpa_supplicant *wpa_s); +dbus_bool_t set_cred_properties(struct wpa_supplicant *wpa_s, + struct wpa_cred *cred, + DBusMessageIter *iter, + DBusError *error); + +DBusMessage * wpas_dbus_handler_add_cred(DBusMessage *message, + struct wpa_supplicant *wpa_s); + +DBusMessage * wpas_dbus_handler_remove_cred(DBusMessage *message, + struct wpa_supplicant *wpa_s); + DECLARE_ACCESSOR(wpas_dbus_getter_capabilities); DECLARE_ACCESSOR(wpas_dbus_getter_state); DECLARE_ACCESSOR(wpas_dbus_getter_scanning); From patchwork Thu Oct 14 16:16:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Damien Dejean X-Patchwork-Id: 1541003 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=CHwl9v2u; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=ir75N/eU; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HVZMX2mK0z9sNH for ; Fri, 15 Oct 2021 03:18:32 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=DZEfuOjmnGgaC5Vy8GKCjwfyGWKOVSqAcvVtVXLZ3QA=; b=CHwl9v2uHWi6x/ PFAAxcTrfFCclPF9uDRGa3d9FRqQ4tLpyFR7DdU7/Fyr9t2A+wN6/SYTniWzMq+Fi/l2HxeejRUD+ ctsqKVPiJLI43Q9XC7dIq6ISZzmW0z2JyXl4PxVCIL/koJ9qQ3Ieq236VMLTi63I7W2fVzgajn+rS MsZPRWr9Vos+o3zjchx4SP3mlBpHCT2VaLTibFAlurvY/8bhAxG9QIfcW83aotRMy0xyPgmPH5N6G bfUO7l3+PeyYcahXYYoIBikjWMBPS8eOdN5i15txcAMriByddXKq5/2vyZrey92B5eVvn1oChcOuL QW7IN/8ZiIocRxbxnvHA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mb3Pz-003oXh-0t; Thu, 14 Oct 2021 16:17:19 +0000 Received: from mail-wr1-x429.google.com ([2a00:1450:4864:20::429]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mb3Po-003oWW-IV for hostap@lists.infradead.org; Thu, 14 Oct 2021 16:17:10 +0000 Received: by mail-wr1-x429.google.com with SMTP id g25so21081429wrb.2 for ; Thu, 14 Oct 2021 09:17:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=yeBYdqZF2GMu+fnctx5olLN9Pia4PAPchMr5VGkpg8g=; b=ir75N/eUDAo5T3jwRWWPsOLX1GpmdBklgmz3I3tvip69FYdH1RXCAD5tEE5lp7cCyo 0cElcKdgQTjUUT4V9kklwKjin+hzKLSU0CjWJ4J9Savx264VaH9eOtFf0XGdNLRR/umj cNsRAEQBjETP7JUOTM5nMJd0DM1h8hC9C8900= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=yeBYdqZF2GMu+fnctx5olLN9Pia4PAPchMr5VGkpg8g=; b=yTwYPGl46SksHezIi20gIlyDosp+RRDqx/BitgKs8oENROI0KnJbxFzuruQcGxFgb7 S2Hpomh2DdE7Bf5UWmJQ2+L4ix3l3EcV3j4gkrPGq9Su3LnfDGozresa1szKa+QvA4Kw iRRlZt9UgdfN0SUR+SKNxLHqluusQ4OdxEC9MKXytHYLkqSriaOvC5PApObpXeLnoKVf Vu1dZfLpd+DCckr6NGxT7qVUf/qAQDM2yRMSxLUTozlraeRTDzOx60NLZd1/UalMx1cJ 5fh3ZMljIQwAk0CVOplgwz+Vv08ow7VfkqxIRF4yIQf7XHTIqyytu8pvxt4gmxxkVBxx ADTw== X-Gm-Message-State: AOAM533VR1BukNwkW7/exX3b36alpfb4Mbx2LCUdHC3KEQ7+wNnyCKAP s6SnQDNRvQvnWBeJuShyaVIF2aQ5xsMEPH8czMs= X-Google-Smtp-Source: ABdhPJy21x6rQ4PEU0JjTA32ijoJ35xdCPsyqLOt2mPoCp2mOsFJneflGMRBCLOZ+z9hW2iI01PW6g== X-Received: by 2002:adf:a114:: with SMTP id o20mr7734899wro.95.1634228226862; Thu, 14 Oct 2021 09:17:06 -0700 (PDT) Received: from ddejean-cros.c.googlers.com.com (110.121.148.146.bc.googleusercontent.com. [146.148.121.110]) by smtp.gmail.com with ESMTPSA id c204sm8422039wme.11.2021.10.14.09.17.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Oct 2021 09:17:06 -0700 (PDT) From: damiendejean@chromium.org To: hostap@lists.infradead.org Cc: Damien Dejean Subject: [PATCH 3/3] DBus: add InterworkingSelect. Date: Thu, 14 Oct 2021 16:16:54 +0000 Message-Id: <20211014161654.3981468-3-damiendejean@chromium.org> X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog In-Reply-To: <20211014161654.3981468-1-damiendejean@chromium.org> References: <20211014161654.3981468-1-damiendejean@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211014_091708_788295_BAF5FF79 X-CRM114-Status: GOOD ( 22.06 ) X-Spam-Score: -0.4 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Damien Dejean Adds the "InterworkingSelect" method to the DBus API to trigger an interworking scan with ANQP fetches. When a BSS that matches a set of credentials is found, the result is emitted using the signal "I [...] Content analysis details: (-0.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:429 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.2 DKIMWL_WL_HIGH DKIMwl.org - High trust sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Damien Dejean Adds the "InterworkingSelect" method to the DBus API to trigger an interworking scan with ANQP fetches. When a BSS that matches a set of credentials is found, the result is emitted using the signal "InterworkingAPAdded". Signed-off-by: Damien Dejean --- tests/hwsim/test_dbus.py | 66 ++++++++++++++ wpa_supplicant/dbus/dbus_new.c | 113 ++++++++++++++++++++++++ wpa_supplicant/dbus/dbus_new.h | 19 ++++ wpa_supplicant/dbus/dbus_new_handlers.c | 19 ++++ wpa_supplicant/dbus/dbus_new_handlers.h | 3 + wpa_supplicant/interworking.c | 11 +-- wpa_supplicant/notify.c | 26 ++++++ wpa_supplicant/notify.h | 5 ++ 8 files changed, 255 insertions(+), 7 deletions(-) diff --git a/tests/hwsim/test_dbus.py b/tests/hwsim/test_dbus.py index 1822e0a2c..c9e2db028 100644 --- a/tests/hwsim/test_dbus.py +++ b/tests/hwsim/test_dbus.py @@ -6117,3 +6117,69 @@ def test_dbus_creds(dev, apdev): iface.RemoveCred(path) if not "FAIL" in dev[0].get_cred(0, 'domain'): raise Exception("Credential remove failed") + +def test_dbus_interworking(dev, apdev): + "D-Bus interworking selection" + (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0]) + iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE) + + params = {"ssid": "test-interworking", "wpa": "2", + "wpa_key_mgmt": "WPA-EAP", "rsn_pairwise": "CCMP", + "ieee8021x": "1", "eapol_version": "2", + "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf", + "ca_cert": "auth_serv/ca.pem", + "server_cert": "auth_serv/server.pem", + "private_key": "auth_serv/server.key", + "interworking": "1", + "domain_name": "server.w1.fi", + "nai_realm": "0,server.w1.fi,21[2:4][5:7]", + "roaming_consortium": "2233445566", + "hs20": "1", "anqp_domain_id": "1234"} + + hapd = hostapd.add_ap(apdev[0], params) + + class TestDbusInterworking(TestDbus): + def __init__(self, bus): + TestDbus.__init__(self, bus) + self.interworking_ap_seen = False + self.interworking_select_done = False + + def __enter__(self): + gobject.timeout_add(1, self.run_select) + gobject.timeout_add(15000, self.timeout) + self.add_signal(self.interworkingAPAdded, WPAS_DBUS_IFACE, + "InterworkingAPAdded") + self.add_signal(self.interworkingSelectDone, WPAS_DBUS_IFACE, + "InterworkingSelectDone") + self.loop.run() + return self + + def interworkingAPAdded(self, bss, cred, properties): + logger.debug("interworkingAPAdded: bss=%s cred=%s %s" % (bss, cred, str(properties))) + if self.cred == cred: + self.interworking_ap_seen = True + + def interworkingSelectDone(self): + logger.debug("interworkingSelectDone") + self.interworking_select_done = True + self.loop.quit() + + def run_select(self, *args): + args = {"domain": "server.w1.fi", + "realm": "server.w1.fi", + "eap": "TTLS", + "phase2": "auth=MSCHAPV2", + "username": "user", + "password": "password", + "domain_suffix_match": "server.w1.fi", + "ca_cert": "auth_serv/ca.pem"} + self.cred = iface.AddCred(dbus.Dictionary(args, signature='sv')) + iface.InterworkingSelect() + return False + + def success(self): + return self.interworking_ap_seen and self.interworking_select_done + + with TestDbusInterworking(bus) as t: + if not t.success(): + raise Exception("Expected signals not seen") diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c index 413396a9f..22971acff 100644 --- a/wpa_supplicant/dbus/dbus_new.c +++ b/wpa_supplicant/dbus/dbus_new.c @@ -937,6 +937,98 @@ void wpas_dbus_signal_mesh_peer_disconnected(struct wpa_supplicant *wpa_s, #endif /* CONFIG_MESH */ +#ifdef CONFIG_INTERWORKING + +void wpas_dbus_signal_interworking_ap_added(struct wpa_supplicant *wpa_s, + struct wpa_bss *bss, + struct wpa_cred *cred, + const char *type, + int excluded, + int bh, + int bss_load, + int conn_capab) +{ + struct wpas_dbus_priv *iface; + DBusMessage *msg; + DBusMessageIter iter, dict_iter; + char bss_path[WPAS_DBUS_OBJECT_PATH_MAX], *bss_obj_path; + char cred_path[WPAS_DBUS_OBJECT_PATH_MAX], *cred_obj_path; + + iface = wpa_s->global->dbus; + + /* Do nothing if the control interface is not turned on */ + if (!iface || !wpa_s->dbus_new_path) + return; + + msg = dbus_message_new_signal(wpa_s->dbus_new_path, + WPAS_DBUS_NEW_IFACE_INTERFACE, + "InterworkingAPAdded"); + if (!msg) + return; + + os_snprintf(bss_path, WPAS_DBUS_OBJECT_PATH_MAX, + "%s/" WPAS_DBUS_NEW_BSSIDS_PART "/%u", + wpa_s->dbus_new_path, bss->id); + bss_obj_path = bss_path; + + os_snprintf(cred_path, WPAS_DBUS_OBJECT_PATH_MAX, + "%s/" WPAS_DBUS_NEW_CREDENTIALS_PART "/%u", + wpa_s->dbus_new_path, cred->id); + cred_obj_path = cred_path; + + dbus_message_iter_init_append(msg, &iter); + if (!dbus_message_iter_append_basic(&iter, + DBUS_TYPE_OBJECT_PATH, &bss_obj_path) || + !dbus_message_iter_append_basic(&iter, + DBUS_TYPE_OBJECT_PATH, &cred_obj_path) || + !wpa_dbus_dict_open_write(&iter, &dict_iter) || + !wpa_dbus_dict_append_string(&dict_iter, "type", type) || + !wpa_dbus_dict_append_int32(&dict_iter, "excluded", excluded) || + !wpa_dbus_dict_append_int32(&dict_iter, "priority", cred->priority) || + !wpa_dbus_dict_append_int32(&dict_iter, + "sp_priority", cred->sp_priority) || + !wpa_dbus_dict_append_int32(&dict_iter, "below_min_backhaul", bh) || + !wpa_dbus_dict_append_int32(&dict_iter, + "over_max_bss_load", bss_load) || + !wpa_dbus_dict_append_int32(&dict_iter, + "conn_capab_missing", conn_capab) || + !wpa_dbus_dict_close_write(&iter, &dict_iter)) + wpa_printf(MSG_ERROR, "dbus: Failed to construct signal"); + else { + dbus_connection_send(iface->con, msg, NULL); + } + dbus_message_unref(msg); +} + + +void wpas_dbus_signal_interworking_select_done(struct wpa_supplicant *wpa_s) +{ + struct wpas_dbus_priv *iface; + DBusMessage *msg; + + iface = wpa_s->global->dbus; + + /* Do nothing if the control interface is not turned on */ + if (iface == NULL) + return; + + if (!iface || !wpa_s->dbus_new_path) + return; + + msg = dbus_message_new_signal(wpa_s->dbus_new_path, + WPAS_DBUS_NEW_IFACE_INTERFACE, + "InterworkingSelectDone"); + if (msg == NULL) + return; + + dbus_connection_send(iface->con, msg, NULL); + + dbus_message_unref(msg); +} + +#endif /* CONFIG_INTERWORKING */ + + void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s, int depth, const char *subject, const char *altsubject[], @@ -3586,6 +3678,12 @@ static const struct wpa_dbus_method_desc wpas_dbus_interface_methods[] = { END_ARGS } }, + { "InterworkingSelect", WPAS_DBUS_NEW_IFACE_INTERFACE, + (WPADBusMethodHandler) wpas_dbus_handler_interworking_select, + { + END_ARGS + } + }, #endif /* CONFIG_INTERWORKING */ { NULL, NULL, NULL, { END_ARGS } } }; @@ -4154,6 +4252,21 @@ static const struct wpa_dbus_signal_desc wpas_dbus_interface_signals[] = { } }, #endif /* CONFIG_MESH */ +#ifdef CONFIG_INTERWORKING + { "InterworkingAPAdded", WPAS_DBUS_NEW_IFACE_INTERFACE, + { + { "bss", "o", ARG_OUT }, + { "cred", "o", ARG_OUT }, + { "properties", "a{sv}", ARG_OUT }, + END_ARGS + } + }, + { "InterworkingSelectDone", WPAS_DBUS_NEW_IFACE_INTERFACE, + { + END_ARGS + } + }, +#endif /* CONFIG_INTERWORKING */ { NULL, NULL, { END_ARGS } } }; diff --git a/wpa_supplicant/dbus/dbus_new.h b/wpa_supplicant/dbus/dbus_new.h index 8ae0afeaa..46aeb1d77 100644 --- a/wpa_supplicant/dbus/dbus_new.h +++ b/wpa_supplicant/dbus/dbus_new.h @@ -17,6 +17,7 @@ struct wpa_global; struct wpa_supplicant; struct wpa_ssid; struct wpa_cred; +struct wpa_bss; struct wps_event_m2d; struct wps_event_fail; struct wps_credential; @@ -268,6 +269,11 @@ void wpas_dbus_signal_mesh_peer_connected(struct wpa_supplicant *wpa_s, const u8 *peer_addr); void wpas_dbus_signal_mesh_peer_disconnected(struct wpa_supplicant *wpa_s, const u8 *peer_addr, int reason); +void wpas_dbus_signal_interworking_ap_added(struct wpa_supplicant *wpa_s, + struct wpa_bss *bss, struct wpa_cred *cred, + const char *type, int excluded, int bh, int bss_load, + int conn_capab); +void wpas_dbus_signal_interworking_select_done(struct wpa_supplicant *wpa_s); #else /* CONFIG_CTRL_IFACE_DBUS_NEW */ @@ -620,6 +626,19 @@ void wpas_dbus_signal_mesh_peer_disconnected(struct wpa_supplicant *wpa_s, { } +static inline +void wpas_dbus_signal_interworking_ap_added(struct wpa_supplicant *wpa_s, + struct wpa_bss *bss, struct wpa_cred *cred, + const char *type, int excluded, int bh, int bss_load, + int conn_capab) +{ +} + +static inline +void wpas_dbus_signal_interworking_select_done(struct wpa_supplicant *wpa_s) +{ +} + #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */ #endif /* CTRL_IFACE_DBUS_H_NEW */ diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c index 2b2cefb76..14e55211c 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.c +++ b/wpa_supplicant/dbus/dbus_new_handlers.c @@ -26,6 +26,7 @@ #include "../scan.h" #include "../autoscan.h" #include "../ap.h" +#include "../interworking.h" #include "dbus_new_helpers.h" #include "dbus_new.h" #include "dbus_new_handlers.h" @@ -1743,6 +1744,24 @@ out: return reply; } +DBusMessage * wpas_dbus_handler_interworking_select(DBusMessage *message, + struct wpa_supplicant *wpa_s) +{ + int result; + DBusMessage *reply = NULL; + + result = interworking_select(wpa_s, /*auto_select=*/0, /*freqs=*/NULL); + if (result < 0) { + wpa_printf(MSG_ERROR, + "%s[dbus]: failed to start interworking selection", + __func__); + reply = wpas_dbus_error_scan_error( + message, + "error starting interworking selection."); + } + + return reply; +} /** * wpas_dbus_handler_signal_poll - Request immediate signal properties * @message: Pointer to incoming dbus message diff --git a/wpa_supplicant/dbus/dbus_new_handlers.h b/wpa_supplicant/dbus/dbus_new_handlers.h index 5b01ab527..90e523e00 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.h +++ b/wpa_supplicant/dbus/dbus_new_handlers.h @@ -155,6 +155,9 @@ DBusMessage * wpas_dbus_handler_add_cred(DBusMessage *message, DBusMessage * wpas_dbus_handler_remove_cred(DBusMessage *message, struct wpa_supplicant *wpa_s); +DBusMessage * wpas_dbus_handler_interworking_select(DBusMessage *message, + struct wpa_supplicant *wpa_s); + DECLARE_ACCESSOR(wpas_dbus_getter_capabilities); DECLARE_ACCESSOR(wpas_dbus_getter_state); DECLARE_ACCESSOR(wpas_dbus_getter_scanning); diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c index 066e344a0..2cb198459 100644 --- a/wpa_supplicant/interworking.c +++ b/wpa_supplicant/interworking.c @@ -2503,13 +2503,8 @@ static void interworking_select_network(struct wpa_supplicant *wpa_s) bh = cred_below_min_backhaul(wpa_s, cred, bss); bss_load = cred_over_max_bss_load(wpa_s, cred, bss); conn_capab = cred_conn_capab_missing(wpa_s, cred, bss); - wpa_msg(wpa_s, MSG_INFO, "%s" MACSTR " type=%s%s%s%s id=%d priority=%d sp_priority=%d", - excluded ? INTERWORKING_EXCLUDED : INTERWORKING_AP, - MAC2STR(bss->bssid), type, - bh ? " below_min_backhaul=1" : "", - bss_load ? " over_max_bss_load=1" : "", - conn_capab ? " conn_capab_missing=1" : "", - cred->id, cred->priority, cred->sp_priority); + wpas_notify_interworking_ap_added(wpa_s, bss, cred, excluded, type, bh, + bss_load, conn_capab); if (excluded) continue; if (wpa_s->auto_select || @@ -2600,6 +2595,8 @@ static void interworking_select_network(struct wpa_supplicant *wpa_s) wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); } + wpas_notify_interworking_select_done(wpa_s); + if (selected) { wpa_printf(MSG_DEBUG, "Interworking: Selected " MACSTR, MAC2STR(selected->bssid)); diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c index fe5e072c2..50ec3df03 100644 --- a/wpa_supplicant/notify.c +++ b/wpa_supplicant/notify.c @@ -19,6 +19,7 @@ #include "rsn_supp/wpa.h" #include "fst/fst.h" #include "crypto/tls.h" +#include "bss.h" #include "driver_i.h" #include "scan.h" #include "p2p_supplicant.h" @@ -943,3 +944,28 @@ void wpas_notify_mesh_peer_disconnected(struct wpa_supplicant *wpa_s, } #endif /* CONFIG_MESH */ + +#ifdef CONFIG_INTERWORKING + +void wpas_notify_interworking_ap_added(struct wpa_supplicant *wpa_s, + struct wpa_bss *bss, struct wpa_cred *cred, int excluded, + const char *type, int bh, int bss_load, int conn_capab) +{ + wpa_msg(wpa_s, MSG_INFO, "%s" MACSTR " type=%s%s%s%s id=%d priority=%d sp_priority=%d", + excluded ? INTERWORKING_EXCLUDED : INTERWORKING_AP, + MAC2STR(bss->bssid), type, + bh ? " below_min_backhaul=1" : "", + bss_load ? " over_max_bss_load=1" : "", + conn_capab ? " conn_capab_missing=1" : "", + cred->id, cred->priority, cred->sp_priority); + + wpas_dbus_signal_interworking_ap_added(wpa_s, bss, cred, type, excluded, + bh, bss_load, conn_capab); +} + +void wpas_notify_interworking_select_done(struct wpa_supplicant *wpa_s) +{ + wpas_dbus_signal_interworking_select_done(wpa_s); +} + +#endif /* CONFIG_INTERWORKING */ diff --git a/wpa_supplicant/notify.h b/wpa_supplicant/notify.h index e843aa124..c70b31a92 100644 --- a/wpa_supplicant/notify.h +++ b/wpa_supplicant/notify.h @@ -15,6 +15,7 @@ struct wps_credential; struct wps_event_m2d; struct wps_event_fail; struct tls_cert_data; +struct wpa_cred; int wpas_notify_supplicant_initialized(struct wpa_global *global); void wpas_notify_supplicant_deinitialized(struct wpa_global *global); @@ -156,5 +157,9 @@ void wpas_notify_mesh_peer_connected(struct wpa_supplicant *wpa_s, const u8 *peer_addr); void wpas_notify_mesh_peer_disconnected(struct wpa_supplicant *wpa_s, const u8 *peer_addr, u16 reason_code); +void wpas_notify_interworking_ap_added(struct wpa_supplicant *wpa_s, + struct wpa_bss *bss, struct wpa_cred *cred, int excluded, + const char *type, int bh, int bss_load, int conn_capab); +void wpas_notify_interworking_select_done(struct wpa_supplicant *wpa_s); #endif /* NOTIFY_H */