From patchwork Wed Nov 17 09:40:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Damien Dejean X-Patchwork-Id: 1556126 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=FkzkxHOu; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=If9+tmG9; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HvJ216m2xz9s5P for ; Wed, 17 Nov 2021 20:45:13 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=uFGrVwN0bSRtkKzazRH62v0IRHmtOzqHJe9YBjAinCY=; b=FkzkxHOuFKO30k uEpZ1tjgPCYsIWA5t7npOzf0p7JlFXD77UqB/2jvHqdZ4eCqC7slQuPcp6fFOGkxIt9NL95n/4b9e 5Mb0Gnqe1ZkN33YLQQnICAr+SnM+j8xV1oaneQAey161suJ6MfwhkQry3m7I139gd2zLEhXvV2aFz yKYXXnyvB4W6GuekXJafOwK5J2VU6sab/6RVGsRbza5AFMziTMBSqaqm4IX98Id6+cmUp5og3mQo+ dPtk+T1kyWtSLLd1pq+9zOz24RpDFGWZ7bn7++aK9nIgmpFvUlQVP/ehYcqM21mFRlQRZnDLxd8Vt 5y24+hcQHKZkgJmyewKw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mnHU5-004LFM-Da; Wed, 17 Nov 2021 09:44:05 +0000 Received: from mail-wr1-x42c.google.com ([2a00:1450:4864:20::42c]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mnHU1-004LEb-W8 for hostap@lists.infradead.org; Wed, 17 Nov 2021 09:44:04 +0000 Received: by mail-wr1-x42c.google.com with SMTP id r8so3400908wra.7 for ; Wed, 17 Nov 2021 01:44:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=CqDFQB8O0yN8hrQL9UGD0bAVQ2g0jsUE/WsgTYpY3T0=; b=If9+tmG9R8pPF2JC9Qkm1J+TMPCkwKNjkXR+Ty7wnYX/Rri0Li/YShL9frNt/sNYio 8XVZz7FaKeck8ynb8ac96YJ3Ta1JlxCT/8k2qa1Ehowpd3Q4jTQ6gCIlsk/CuNSlbWFF 3LG+8c+Z0mWqa0KiGVSwTDsFh+6EPGaNZlYqc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=CqDFQB8O0yN8hrQL9UGD0bAVQ2g0jsUE/WsgTYpY3T0=; b=6yl3SzkP2k47zpzgnatUodmzODNKNxfYBtOGSDfETrscSJnKYjhIsdNo+wk+zv/Su/ r4edsG7YElAE6f7Ew46cHwILWtSn/j7vGsGqd9gm8r9/T+NSyJptJW0s3/S9yLGekAzA mnvqFE5NNWgTXbXefo2maWc/3/lp2HATJxBwdWtSqdQ6gBbvtDgHX34J6efMLKW2vrY9 wf0Hr+xL394dp4LNLeWpKc+KsePeaEbd91IFHVpUUZggK/HghJ8uqqIinBqAYk5h7Wrn XeMCs7+QGQ/Cc0S+PzjQSd5kQXW2mpkQjpVBT2dJIlY5GAyhVcBLlM9EnXrpo1Pmr9OI 5YnA== X-Gm-Message-State: AOAM533/QHI7Kfrza4E0gDLmL+9Ywvi6dsT12kVsCbJ6ZwQGQfpQ3YO+ HPgOIcnKLIzG8lX83l/CFEPUEyzc+zF14A== X-Google-Smtp-Source: ABdhPJwR5DQvrzLxkH3c86Txsq6rWSzlN9DG8xS6g+kswrhA68acEj6yQpSCWqXX2eRb2qnrdPpaIA== X-Received: by 2002:a5d:58fb:: with SMTP id f27mr18785156wrd.10.1637142238971; Wed, 17 Nov 2021 01:43:58 -0800 (PST) Received: from ddejean-cros.c.googlers.com.com (110.121.148.146.bc.googleusercontent.com. [146.148.121.110]) by smtp.gmail.com with ESMTPSA id m21sm19955248wrb.2.2021.11.17.01.43.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Nov 2021 01:43:58 -0800 (PST) From: Damien Dejean To: hostap@lists.infradead.org Cc: Damien Dejean Subject: [PATCH] DBus: add RemoveAllCreds to the API. Date: Wed, 17 Nov 2021 09:40:31 +0000 Message-Id: <20211117094031.3355517-1-damiendejean@chromium.org> X-Mailer: git-send-email 2.34.0.rc1.387.gb447b232ab-goog MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211117_014402_083822_BAFE81D0 X-CRM114-Status: GOOD ( 20.67 ) X-Spam-Score: -0.4 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Adds a method to allow the caller to remove all the interworking credentials in one call. Signed-off-by: Damien Dejean --- tests/hwsim/test_dbus.py | 17 ++++++ wpa_supplicant/ctrl_iface.c | 55 ++ wpa_supplicant/dbus/dbus_new.c | 6 ++ wpa_supplic [...] Content analysis details: (-0.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:42c listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.2 DKIMWL_WL_HIGH DKIMwl.org - High trust sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Adds a method to allow the caller to remove all the interworking credentials in one call. Signed-off-by: Damien Dejean --- tests/hwsim/test_dbus.py | 17 ++++++ wpa_supplicant/ctrl_iface.c | 55 ++----------------- wpa_supplicant/dbus/dbus_new.c | 6 ++ wpa_supplicant/dbus/dbus_new_handlers.c | 40 +++++++++++++- wpa_supplicant/dbus/dbus_new_handlers.h | 3 + wpa_supplicant/wpa_supplicant.c | 73 +++++++++++++++++++++++++ wpa_supplicant/wpa_supplicant_i.h | 4 ++ 7 files changed, 146 insertions(+), 52 deletions(-) diff --git a/tests/hwsim/test_dbus.py b/tests/hwsim/test_dbus.py index c9e2db028..59e7e4098 100644 --- a/tests/hwsim/test_dbus.py +++ b/tests/hwsim/test_dbus.py @@ -6118,6 +6118,23 @@ def test_dbus_creds(dev, apdev): if not "FAIL" in dev[0].get_cred(0, 'domain'): raise Exception("Credential remove failed") + # Removal of multiple credentials + cred1 = {'domain': 'server1.w1.fi','realm': 'server1.w1.fi','eap': 'TTLS'} + iface.AddCred(dbus.Dictionary(cred1, signature='sv')) + if "FAIL" in dev[0].get_cred(0, 'domain'): + raise Exception("Failed to add credential") + + cred2 = {'domain': 'server2.w1.fi','realm': 'server2.w1.fi','eap': 'TTLS'} + iface.AddCred(dbus.Dictionary(cred2, signature='sv')) + if "FAIL" in dev[0].get_cred(1, 'domain'): + raise Exception("Failed to add credential") + + iface.RemoveAllCreds() + if not "FAIL" in dev[0].get_cred(0, 'domain'): + raise Exception("Credential remove failed") + if not "FAIL" in dev[0].get_cred(1, 'domain'): + raise Exception("Credential remove failed") + def test_dbus_interworking(dev, apdev): "D-Bus interworking selection" (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0]) diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index 9dc17f5ee..95e5efdb7 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -3793,47 +3793,6 @@ static int wpa_supplicant_ctrl_iface_add_cred(struct wpa_supplicant *wpa_s, } -static int wpas_ctrl_remove_cred(struct wpa_supplicant *wpa_s, - struct wpa_cred *cred) -{ - struct wpa_ssid *ssid; - char str[20]; - int id; - - if (cred == NULL) { - wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find cred"); - return -1; - } - - id = cred->id; - if (wpa_config_remove_cred(wpa_s->conf, id) < 0) { - wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find cred"); - return -1; - } - - wpa_msg(wpa_s, MSG_INFO, CRED_REMOVED "%d", id); - - /* Remove any network entry created based on the removed credential */ - ssid = wpa_s->conf->ssid; - while (ssid) { - if (ssid->parent_cred == cred) { - int res; - - wpa_printf(MSG_DEBUG, "Remove network id %d since it " - "used the removed credential", ssid->id); - res = os_snprintf(str, sizeof(str), "%d", ssid->id); - if (os_snprintf_error(sizeof(str), res)) - str[sizeof(str) - 1] = '\0'; - ssid = ssid->next; - wpa_supplicant_ctrl_iface_remove_network(wpa_s, str); - } else - ssid = ssid->next; - } - - return 0; -} - - static int wpa_supplicant_ctrl_iface_remove_cred(struct wpa_supplicant *wpa_s, char *cmd) { @@ -3844,13 +3803,7 @@ static int wpa_supplicant_ctrl_iface_remove_cred(struct wpa_supplicant *wpa_s, * "provisioning_sp= */ if (os_strcmp(cmd, "all") == 0) { wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_CRED all"); - cred = wpa_s->conf->cred; - while (cred) { - prev = cred; - cred = cred->next; - wpas_ctrl_remove_cred(wpa_s, prev); - } - return 0; + return wpa_supplicant_remove_all_creds(wpa_s); } if (os_strncmp(cmd, "sp_fqdn=", 8) == 0) { @@ -3866,7 +3819,7 @@ static int wpa_supplicant_ctrl_iface_remove_cred(struct wpa_supplicant *wpa_s, if (os_strcmp(prev->domain[i], cmd + 8) != 0) continue; - wpas_ctrl_remove_cred(wpa_s, prev); + wpa_supplicant_remove_cred(wpa_s, prev); break; } } @@ -3883,7 +3836,7 @@ static int wpa_supplicant_ctrl_iface_remove_cred(struct wpa_supplicant *wpa_s, cred = cred->next; if (prev->provisioning_sp && os_strcmp(prev->provisioning_sp, cmd + 16) == 0) - wpas_ctrl_remove_cred(wpa_s, prev); + wpa_supplicant_remove_cred(wpa_s, prev); } return 0; } @@ -3892,7 +3845,7 @@ static int wpa_supplicant_ctrl_iface_remove_cred(struct wpa_supplicant *wpa_s, wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_CRED id=%d", id); cred = wpa_config_get_cred(wpa_s->conf, id); - return wpas_ctrl_remove_cred(wpa_s, cred); + return wpa_supplicant_remove_cred(wpa_s, cred); } diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c index 22971acff..501d3854c 100644 --- a/wpa_supplicant/dbus/dbus_new.c +++ b/wpa_supplicant/dbus/dbus_new.c @@ -3678,6 +3678,12 @@ static const struct wpa_dbus_method_desc wpas_dbus_interface_methods[] = { END_ARGS } }, + { "RemoveAllCreds", WPAS_DBUS_NEW_IFACE_INTERFACE, + (WPADBusMethodHandler) wpas_dbus_handler_remove_all_creds, + { + END_ARGS + } + }, { "InterworkingSelect", WPAS_DBUS_NEW_IFACE_INTERFACE, (WPADBusMethodHandler) wpas_dbus_handler_interworking_select, { diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c index 14e55211c..bf22203e0 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.c +++ b/wpa_supplicant/dbus/dbus_new_handlers.c @@ -1705,6 +1705,7 @@ DBusMessage * wpas_dbus_handler_remove_cred(DBusMessage *message, const char *op; char *iface, *cred_id; int id; + struct wpa_cred *cred; int result; dbus_message_get_args(message, NULL, DBUS_TYPE_OBJECT_PATH, &op, @@ -1728,7 +1729,17 @@ DBusMessage * wpas_dbus_handler_remove_cred(DBusMessage *message, goto out; } - result = wpa_config_remove_cred(wpa_s->conf, id); + cred = wpa_config_get_cred(wpa_s->conf, id); + if (!cred) { + wpa_printf(MSG_ERROR, + "%s[dbus]: could not find credential %s", + __func__, op); + reply = wpas_dbus_error_invalid_args(message, + "could not find credentials"); + goto out; + } + + result = wpa_supplicant_remove_cred(wpa_s, cred); if (result == -1) { wpa_printf(MSG_ERROR, "%s[dbus]: error occurred when removing cred %d", @@ -1744,6 +1755,33 @@ out: return reply; } +/** + * wpas_dbus_handler_remove_all_creds - Remove all the configured sets of + * credentials. + * @message: Pointer to incoming dbus message + * @wpa_s: wpa_supplicant structure for a network interface + * Returns: NULL indicating success or DBus error message on failure + * + * Handler function for "RemoveAllCreds" method call of a network interface. + */ +DBusMessage * wpas_dbus_handler_remove_all_creds(DBusMessage *message, + struct wpa_supplicant *wpa_s) +{ + int res; + DBusMessage *reply = NULL; + + res = wpa_supplicant_remove_all_creds(wpa_s); + if (res < 0) { + wpa_printf(MSG_ERROR, + "%s[dbus]: failed to remove all credentials", + __func__); + reply = wpas_dbus_error_unknown_error(message, + "failed to remove all credentials"); + } + + return reply; +} + DBusMessage * wpas_dbus_handler_interworking_select(DBusMessage *message, struct wpa_supplicant *wpa_s) { diff --git a/wpa_supplicant/dbus/dbus_new_handlers.h b/wpa_supplicant/dbus/dbus_new_handlers.h index 90e523e00..417a79f3b 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.h +++ b/wpa_supplicant/dbus/dbus_new_handlers.h @@ -155,6 +155,9 @@ DBusMessage * wpas_dbus_handler_add_cred(DBusMessage *message, DBusMessage * wpas_dbus_handler_remove_cred(DBusMessage *message, struct wpa_supplicant *wpa_s); +DBusMessage * wpas_dbus_handler_remove_all_creds(DBusMessage *message, + struct wpa_supplicant *wpa_s); + DBusMessage * wpas_dbus_handler_interworking_select(DBusMessage *message, struct wpa_supplicant *wpa_s); diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index b80f1d4f0..34da9cac4 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -4512,6 +4512,79 @@ void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s, } +/** + * wpa_supplicant_remove_cred - Remove the set of provided credentials and all + * the network entries created based on the removed credentials. + * @wpa_s: wpa_supplicant structure for a network interface + * @cred: the set of credentials to remove + */ +int wpa_supplicant_remove_cred(struct wpa_supplicant* wpa_s, + struct wpa_cred* cred) +{ + struct wpa_ssid *ssid; + int id; + + if (cred == NULL) { + wpa_printf(MSG_DEBUG, "Could not find cred"); + return -1; + } + + id = cred->id; + if (wpa_config_remove_cred(wpa_s->conf, id) < 0) { + wpa_printf(MSG_DEBUG, "Could not find cred %d", id); + return -1; + } + + wpa_msg(wpa_s, MSG_INFO, CRED_REMOVED "%d", id); + + /* Remove any network entry created based on the removed credential */ + ssid = wpa_s->conf->ssid; + while (ssid) { + if (ssid->parent_cred == cred) { + int res; + wpa_printf(MSG_DEBUG, "Remove network id %d since it " + "used the removed credential", ssid->id); + res = wpa_supplicant_remove_network(wpa_s, ssid->id); + if (res == -1) { + wpa_printf(MSG_DEBUG, + "Could not find network id=%d", + ssid->id); + } + ssid = ssid->next; + } else + ssid = ssid->next; + } + + return 0; +} + + +/** + * wpa_supplicant_remove_cred - Remove all the interworking credentials. + * @wpa_s: wpa_supplicant structure for a network interface + */ +int wpa_supplicant_remove_all_creds(struct wpa_supplicant* wpa_s) +{ + int res; + struct wpa_cred *cred, *prev; + + cred = wpa_s->conf->cred; + while (cred) { + prev = cred; + cred = cred->next; + res = wpa_supplicant_remove_cred(wpa_s, prev); + if (res < 0) { + wpa_printf(MSG_DEBUG, "Remove all credentials failed " + "because remove of credential id=%d failed", + prev->id); + return -1; + } + } + + return 0; +} + + /** * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path * @wpa_s: wpa_supplicant structure for a network interface diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index cbc955159..d68350ae9 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -38,6 +38,7 @@ struct wpa_bss; struct wpa_scan_results; struct hostapd_hw_modes; struct wpa_driver_associate_params; +struct wpa_cred; /* * Forward declarations of private structures used within the ctrl_iface @@ -1578,6 +1579,9 @@ void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid); void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid); +int wpa_supplicant_remove_cred(struct wpa_supplicant* wpa_s, + struct wpa_cred* cred); +int wpa_supplicant_remove_all_creds(struct wpa_supplicant* wpa_s); int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s, const char *pkcs11_engine_path, const char *pkcs11_module_path);