From patchwork Fri Feb 7 09:10:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Greear X-Patchwork-Id: 1234799 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=candelatech.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20170209 header.b=HAHywwwH; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=candelatech.com header.i=@candelatech.com header.a=rsa-sha256 header.s=default header.b=JQlKXsqx; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48DTzb3SR6z9sRR for ; Fri, 7 Feb 2020 20:10:35 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=eskoOr1umPJthgdXy6RjP/9EOMuF5Oc9Sq313egwIwM=; b=HAHywwwHcCwHk6 fg9AQUQtRPupSDbQWati2pjp2JlIv+AvsZz2vD3cafOnma/8NlGHXE0fEIEJ74lhxBprk+exPqgLh 9kHAvEAmUyVzUpzSSCd63xXObbzs0fBZH69hUoMc7tcoJvTEimz1arm/V7GzaoBGDQVEBwkleK1Al BJ4u391TtVnFEqX/iEz8Ur0P2O4HJXxCi1/gpOy5nMgRBgiMWeqXqt9VZj74FSGHmszs0DEwQ24Pw gMyPBLQKqztxZppJNugYxZVS2hY+k/jyHK1607yjDDpFYdEWFbNQS7tFD+F2JvvmmUAhSWqoQ/l5o Fi0nSnVt2rVTVMqXDA1A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzeh-0001mX-LE; Fri, 07 Feb 2020 09:10:31 +0000 Received: from mail2.candelatech.com ([208.74.158.173] helo=mail3.candelatech.com) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzed-0001kB-1A for hostap@lists.infradead.org; Fri, 07 Feb 2020 09:10:28 +0000 Received: from ben-dt4.candelatech.com (50-251-239-81-static.hfc.comcastbusiness.net [50.251.239.81]) by mail3.candelatech.com (Postfix) with ESMTP id E580D137584; Fri, 7 Feb 2020 01:10:25 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 mail3.candelatech.com E580D137584 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=candelatech.com; s=default; t=1581066626; bh=MPnc9X92ueli6ycW/ndb0Lyxcb31Ll7HrXvtvAQGT44=; h=From:To:Cc:Subject:Date:From; b=JQlKXsqxtQYFu7HsqyYnyNohlJ2MzGB50KJ01bIBSTtl8wEhY2fu8KCWaB818/1FY EXUrFOjl/uVWHC7LE1INJAnZVG9eP5l6PGvZoGBYPQcIdaYzrgT28aky5qyDpfpeux i6TP4EwYi49uypemDBoisG/TjhABXWWPzjF2xztE= From: greearb@candelatech.com To: hostap@lists.infradead.org Subject: [PATCH 1/9] supplicant: Update HS20 readme. Date: Fri, 7 Feb 2020 01:10:09 -0800 Message-Id: <20200207091017.26244-1-greearb@candelatech.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200207_011027_109835_C4719140 X-CRM114-Status: UNSURE ( 5.85 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ben Greear Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Ben Greear Mention dependencies needed to properly implement HS20. Signed-off-by: Ben Greear --- wpa_supplicant/README-HS20 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/wpa_supplicant/README-HS20 b/wpa_supplicant/README-HS20 index 334287101..481e8cf2a 100644 --- a/wpa_supplicant/README-HS20 +++ b/wpa_supplicant/README-HS20 @@ -70,6 +70,12 @@ There are number of run-time configuration parameters (e.g., in wpa_supplicant.conf when using the configuration file) that can be used to control Hotspot 2.0 operations. + +Requirements & Limitations in hostapd implementation: + * HotSpot 2.0 requires interworking. + * Interworking requires WPA2-Enterprise/EAPOL (802.1x) authentication. + + # Enable Interworking interworking=1 From patchwork Fri Feb 7 09:10:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Greear X-Patchwork-Id: 1234803 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=candelatech.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20170209 header.b=q/h7TUzr; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=candelatech.com header.i=@candelatech.com header.a=rsa-sha256 header.s=default header.b=qNLEKWJS; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48DV0L6RWvz9sRR for ; Fri, 7 Feb 2020 20:11:14 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=crg8M2dcS6JKGAFwqZZZZiu+jCsrXXFfk3lKvFyVgkU=; b=q/h7TUzrpnb4qr XMJLr6J3FOinughp4Kt6+hFwANg8yB1noxgjYfuGw8S+T4HZtd6vEwP4AjIcfsjDCf+scOZwvBQR8 Piplxj3p9WugmpDdxE6bsP1qdiF4KqhZqBfG2bV0rlryuQwyU6ojGNKgXup5vuxK6OC5z+lhIhw6n agpAD280UMU2COfWgF/1QC3rQPQZJsyuOErX7p2Kq/HLidrAIjOHNOD4GJaT1dCLdqnJ+0OJ5p59U m0IySga8tUXMZFeyJkxZXVde3BqZsc1kLPOxFdYfWOZlD5nqH2XYa521E8mq6uxDR/xtNqvPXo4v4 mOY+Je1FPfShXuHhDSpg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzfL-0002Qc-7k; Fri, 07 Feb 2020 09:11:11 +0000 Received: from mail2.candelatech.com ([208.74.158.173] helo=mail3.candelatech.com) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzed-0001kC-1B for hostap@lists.infradead.org; Fri, 07 Feb 2020 09:10:30 +0000 Received: from ben-dt4.candelatech.com (50-251-239-81-static.hfc.comcastbusiness.net [50.251.239.81]) by mail3.candelatech.com (Postfix) with ESMTP id 2BB1E137586; Fri, 7 Feb 2020 01:10:26 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 mail3.candelatech.com 2BB1E137586 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=candelatech.com; s=default; t=1581066626; bh=GC50eSuKDcI/nsOf4kVUV5Q/y2r7sbhWn3gvI349QZA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qNLEKWJSrxRNj6osPrZmum0odaad9RoPl+mqYNJcRugfC8MdKN1erFcOblk5gGh04 EnKEmChXFml3wk4fnvOb8xaP1ED3GaRrs3r6T8VGR/hPVoUWPbTXQ0cAVVNNo3yxYa zG97szdh/Uhx6Z4gxJ9v8dfmgbBDkGannjEGxMc4= From: greearb@candelatech.com To: hostap@lists.infradead.org Subject: [PATCH 2/9] supplicant: Allow user-defined defaults for Interworking network blocks. Date: Fri, 7 Feb 2020 01:10:10 -0800 Message-Id: <20200207091017.26244-2-greearb@candelatech.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200207091017.26244-1-greearb@candelatech.com> References: <20200207091017.26244-1-greearb@candelatech.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200207_011027_124714_51DDA46F X-CRM114-Status: GOOD ( 15.56 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ben Greear Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Ben Greear This way users can still configure the HT over-rides and some other constraints that Interworking has no interest or ability to configure. Example config file (to disable HT-40 on an Interworking/HS20 interface): ctrl_interface=/var/run/wpa_supplicant fast_reauth=1 interworking=1 auto_interworking=1 access_network_type=0 hs20=1 bss_max_count=2000 network={ interworking_defaults=1 disable_ht=0 disable_ht40=1 disable_sgi=0 ht_mcs="" disable_max_amsdu=-1 ampdu_factor=-1 ampdu_density=-1 } cred={ username="client2" password="lanforge" ca_cert="/home/lanforge/ca.pem" private_key="/home/lanforge/client.p12" private_key_passwd="lanforge" realm="lanforge.org" domain="lanforge.org" eap=TLS } Signed-off-by: Ben Greear --- src/utils/common.c | 3 ++ wpa_supplicant/config.c | 72 ++++++++++++++++++++++++++++++ wpa_supplicant/config.h | 1 + wpa_supplicant/config_ssid.h | 7 +++ wpa_supplicant/interworking.c | 3 ++ wpa_supplicant/scan.h | 1 + wpa_supplicant/wpa_supplicant.conf | 10 +++++ 7 files changed, 97 insertions(+) diff --git a/src/utils/common.c b/src/utils/common.c index 27bf435d9..a0199ed21 100644 --- a/src/utils/common.c +++ b/src/utils/common.c @@ -891,6 +891,9 @@ void int_array_concat(int **res, const int *a) reslen = int_array_len(*res); alen = int_array_len(a); + if (alen == 0) + return; /* nothing to concat */ + n = os_realloc_array(*res, reslen + alen + 1, sizeof(int)); if (n == NULL) { os_free(*res); diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c index 1bc798b89..0f6003bc0 100644 --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c @@ -2558,6 +2558,7 @@ static const struct parse_data ssid_fields[] = { { INT_RANGE(pbss, 0, 2) }, { INT_RANGE(wps_disabled, 0, 1) }, { INT_RANGE(fils_dh_group, 0, 65535) }, + { INT_RANGE(interworking_defaults, 0, 1) }, #ifdef CONFIG_DPP { STR(dpp_connector) }, { STR_LEN(dpp_netaccesskey) }, @@ -3009,6 +3010,76 @@ int wpa_config_remove_network(struct wpa_config *config, int id) } +/** + * wpa_set_user_network_defalts - Configure ssid with network defaults. + * @config: Configuration data from wpa_config_read() + * @ssid: The SSID to configure. + * Looks for first wpa_ssid that has interworking_defaults=1. If found, + * select values are applied to the ssid. In this way one may configure + * options not explicitly dealt with by interworking, such as + * disable_ht=0 + * disable_ht40=0 + * etc. + * If no ssid is found, no action is taken. + */ +void wpa_config_set_user_network_defaults(struct wpa_config *config, struct wpa_ssid *ssid) +{ + struct wpa_ssid *s = config->ssid; + + while (s) { + if (s->interworking_defaults) { + os_free(ssid->scan_freq); + ssid->scan_freq = NULL; + int_array_concat(&ssid->scan_freq, s->scan_freq); + + os_free(ssid->freq_list); + ssid->freq_list = NULL; + int_array_concat(&ssid->freq_list, s->freq_list); + + ssid->bg_scan_period = s->bg_scan_period; +#ifdef CONFIG_HT_OVERRIDES + ssid->disable_ht = s->disable_ht; + ssid->disable_ht40 = s->disable_ht40; + ssid->disable_sgi = s->disable_sgi; + ssid->disable_max_amsdu = s->disable_max_amsdu; + ssid->ampdu_factor = s->ampdu_factor; + ssid->ampdu_density = s->ampdu_density; + + os_free(ssid->ht_mcs); + ssid->ht_mcs = NULL; + if (s->ht_mcs) { + ssid->ht_mcs = strdup(s->ht_mcs); + } +#endif +#ifdef CONFIG_VHT_OVERRIDES + ssid->disable_vht = s->disable_vht; + ssid->vht_capa = s->vht_capa; + ssid->vht_capa_mask = s->vht_capa_mask; + ssid->vht_rx_mcs_nss_1 = s->vht_rx_mcs_nss_1; + ssid->vht_rx_mcs_nss_2 = s->vht_rx_mcs_nss_2; + ssid->vht_rx_mcs_nss_3 = s->vht_rx_mcs_nss_3; + ssid->vht_rx_mcs_nss_4 = s->vht_rx_mcs_nss_4; + ssid->vht_rx_mcs_nss_5 = s->vht_rx_mcs_nss_5; + ssid->vht_rx_mcs_nss_6 = s->vht_rx_mcs_nss_6; + ssid->vht_rx_mcs_nss_7 = s->vht_rx_mcs_nss_7; + ssid->vht_rx_mcs_nss_8 = s->vht_rx_mcs_nss_8; + ssid->vht_tx_mcs_nss_1 = s->vht_tx_mcs_nss_1; + ssid->vht_tx_mcs_nss_2 = s->vht_tx_mcs_nss_2; + ssid->vht_tx_mcs_nss_3 = s->vht_tx_mcs_nss_3; + ssid->vht_tx_mcs_nss_4 = s->vht_tx_mcs_nss_4; + ssid->vht_tx_mcs_nss_5 = s->vht_tx_mcs_nss_5; + ssid->vht_tx_mcs_nss_6 = s->vht_tx_mcs_nss_6; + ssid->vht_tx_mcs_nss_7 = s->vht_tx_mcs_nss_7; + ssid->vht_tx_mcs_nss_8 = s->vht_tx_mcs_nss_8; +#endif /* CONFIG_VHT_OVERRIDES */ + return; + } + else { + s = s->next; + } + } +} /* wpa_set_user_network_defaults */ + /** * wpa_config_set_network_defaults - Set network default values * @ssid: Pointer to network configuration data @@ -3070,6 +3141,7 @@ void wpa_config_set_network_defaults(struct wpa_ssid *ssid) #endif /* CONFIG_MACSEC */ ssid->mac_addr = -1; ssid->max_oper_chwidth = DEFAULT_MAX_OPER_CHWIDTH; + ssid->interworking_defaults = DEFAULT_INTERWORKING_DEFAULTS; } diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h index b3c779233..41fa21298 100644 --- a/wpa_supplicant/config.h +++ b/wpa_supplicant/config.h @@ -1584,6 +1584,7 @@ struct wpa_ssid * wpa_config_get_network(struct wpa_config *config, int id); struct wpa_ssid * wpa_config_add_network(struct wpa_config *config); int wpa_config_remove_network(struct wpa_config *config, int id); void wpa_config_set_network_defaults(struct wpa_ssid *ssid); +void wpa_config_set_user_network_defaults(struct wpa_config *config, struct wpa_ssid *ssid); int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value, int line); int wpa_config_set_quoted(struct wpa_ssid *ssid, const char *var, diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h index b752dfdda..57269bd5c 100644 --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h @@ -40,6 +40,7 @@ #define DEFAULT_AMPDU_DENSITY -1 /* no change */ #define DEFAULT_USER_SELECTED_SIM 1 #define DEFAULT_MAX_OPER_CHWIDTH -1 +#define DEFAULT_INTERWORKING_DEFAULTS 0 struct psk_list_entry { struct dl_list list; @@ -642,6 +643,12 @@ struct wpa_ssid { */ int temporary; + /** + * interworking_defaults - Whether this network block should be used for + * network defaults when creating temporary interworking network blocks. + */ + int interworking_defaults; + /** * export_keys - Whether keys may be exported * diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c index 49b9907b0..6f1e5725d 100644 --- a/wpa_supplicant/interworking.c +++ b/wpa_supplicant/interworking.c @@ -996,6 +996,7 @@ static int interworking_connect_3gpp(struct wpa_supplicant *wpa_s, wpas_notify_network_added(wpa_s, ssid); wpa_config_set_network_defaults(ssid); + wpa_config_set_user_network_defaults(wpa_s->conf, ssid); ssid->priority = cred->priority; ssid->temporary = 1; ssid->ssid = os_zalloc(bss->ssid_len + 1); @@ -1586,6 +1587,7 @@ static int interworking_connect_roaming_consortium( ssid->parent_cred = cred; wpas_notify_network_added(wpa_s, ssid); wpa_config_set_network_defaults(ssid); + wpa_config_set_user_network_defaults(wpa_s->conf, ssid); ssid->priority = cred->priority; ssid->temporary = 1; ssid->ssid = os_zalloc(bss->ssid_len + 1); @@ -1806,6 +1808,7 @@ int interworking_connect(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, ssid->parent_cred = cred; wpas_notify_network_added(wpa_s, ssid); wpa_config_set_network_defaults(ssid); + wpa_config_set_user_network_defaults(wpa_s->conf, ssid); ssid->priority = cred->priority; ssid->temporary = 1; ssid->ssid = os_zalloc(bss->ssid_len + 1); diff --git a/wpa_supplicant/scan.h b/wpa_supplicant/scan.h index c9ce2cecf..1f85606a4 100644 --- a/wpa_supplicant/scan.h +++ b/wpa_supplicant/scan.h @@ -86,5 +86,6 @@ unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s, const u8 *ies, size_t ies_len, int rate, int snr); void wpa_supplicant_set_default_scan_ies(struct wpa_supplicant *wpa_s); +void int_array_concat(int **res, const int *a); #endif /* SCAN_H */ diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf index d587bd340..7fa49d266 100644 --- a/wpa_supplicant/wpa_supplicant.conf +++ b/wpa_supplicant/wpa_supplicant.conf @@ -1450,6 +1450,16 @@ fast_reauth=1 # 2 = like 1, but maintain OUI (with local admin bit set) #mac_addr=0 +# interworking_defaults: Should this network block's values be used as +# defaults for automatically-created interworking network blocks? +# Not all values will be propagated, but the HT and VHT overrides, +# and a few other values will be. This will only be used if +# Interworking is active. Only the first interworking_defaults=1 +# network block will be used, so users should only set this value +# in a single network block. +# 0 = Not used (default) +# 1 = Use this network block's values. + # disable_ht: Whether HT (802.11n) should be disabled. # 0 = HT enabled (if AP supports it) # 1 = HT disabled From patchwork Fri Feb 7 09:10:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Greear X-Patchwork-Id: 1234800 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=candelatech.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20170209 header.b=cwqraTP+; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=candelatech.com header.i=@candelatech.com header.a=rsa-sha256 header.s=default header.b=RGGMxZAS; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48DTzh18lNz9sSD for ; Fri, 7 Feb 2020 20:10:39 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=WyRDUmusa3/4E11gkiNF//65Yq4FyvaxPVPK6Ek6pJE=; b=cwqraTP+P7Ilae LRaMD7T6lCnUdP+sCTvOUq+X9Tj+j7iLPQBP4rwihUhiyOoOJx5TcghkPlIEnsGbFIwZdh9anWKeS otmAFDxY6cLfxJctFjctjDrd0keVN6evLOpToGtwlt4E17T2Fvxiz9M1czv3uHKEpd1lCU+Nnc5Ye HJbLQbhk620FHUQrXjvSDoFloxOkt+Tf2X15FStrFVnn8+rb14Dhv96sUwwXaQBY6ped2OweHRy6B OlQf35q9/SWC7zmNHb88ZJs5L6+v5Nm18ZMUSbKwNA0pXdSUx8rvxbg/LtuOn9j+vcO3vd3gL6Zup SEh7t/7lv0eOgnLox6zg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzej-0001p0-Sy; Fri, 07 Feb 2020 09:10:33 +0000 Received: from mail2.candelatech.com ([208.74.158.173] helo=mail3.candelatech.com) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzed-0001kD-1B for hostap@lists.infradead.org; Fri, 07 Feb 2020 09:10:28 +0000 Received: from ben-dt4.candelatech.com (50-251-239-81-static.hfc.comcastbusiness.net [50.251.239.81]) by mail3.candelatech.com (Postfix) with ESMTP id 4DFFB137587; Fri, 7 Feb 2020 01:10:26 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 mail3.candelatech.com 4DFFB137587 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=candelatech.com; s=default; t=1581066626; bh=iITmL3htpvterHaUTpbbUIUp9Q0dV6vx+GxxFKeu2Ew=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RGGMxZASU91O1euKdeyc9HXQqFxhc0QSdtAL65JOl45GYuoR1vAvoNw9oWlz495gE hlL9SYyhNT/uJXuJCgJPP+rjkMZHHNllts/35hy97ht9bKEiZ2wlVcyKSGSkalt5n1 fqJp6Ggu6qY9ME3evi9yWEMVttnSp6Dg8agcIWx4= From: greearb@candelatech.com To: hostap@lists.infradead.org Subject: [PATCH 3/9] hs20-client: use configured ca-fname instead of cwd. Date: Fri, 7 Feb 2020 01:10:11 -0800 Message-Id: <20200207091017.26244-3-greearb@candelatech.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200207091017.26244-1-greearb@candelatech.com> References: <20200207091017.26244-1-greearb@candelatech.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200207_011027_112479_8B686B65 X-CRM114-Status: UNSURE ( 9.08 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ben Greear Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Ben Greear This gives more flexibility to the hs20 client user. Signed-off-by: Ben Greear --- hs20/client/osu_client.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c index a94f40c51..9f9c307b6 100644 --- a/hs20/client/osu_client.c +++ b/hs20/client/osu_client.c @@ -2190,14 +2190,23 @@ static int osu_connect(struct hs20_osu_client *ctx, const char *bssid, if (ssid2) osu_nai = osu_nai2; if (osu_nai && os_strlen(osu_nai) > 0) { - char dir[255], fname[300]; - if (getcwd(dir, sizeof(dir)) == NULL) - return -1; - os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir); + char fname[300]; + if (ctx->ca_fname) { + strncpy(fname, ctx->ca_fname, sizeof(fname)); + } + else { + char dir[255]; + if (getcwd(dir, sizeof(dir)) == NULL) + return -1; + os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir); + ctx->ca_fname = strdup(fname); /* so lib curl can use it. */ + } if (ssid2 && set_network_quoted(ifname, id, "ssid", ssid2) < 0) return -1; + fname[sizeof(fname) - 1] = 0; /* ensure null termination */ + if (set_network(ifname, id, "proto", "OSEN") < 0 || set_network(ifname, id, "key_mgmt", "OSEN") < 0 || set_network(ifname, id, "pairwise", "CCMP") < 0 || From patchwork Fri Feb 7 09:10:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Greear X-Patchwork-Id: 1234801 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=candelatech.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20170209 header.b=IavdJCLj; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=candelatech.com header.i=@candelatech.com header.a=rsa-sha256 header.s=default header.b=HMpxU0H7; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48DTzt5Jncz9sRR for ; Fri, 7 Feb 2020 20:10:50 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=rbezK9kA4uk0cLOwlSyjuVRv5O780ViwLAK/MDYZE60=; b=IavdJCLjQvKMAY /XdW5S5zeBLE/L/NLtPDoKQFRFrYGm+LD0X3ebsmUAtZ2jvpdvm+YWt5Tjx2jHospHjXVzmV4KcNF o6byxkuUZpxGMEsjVz5JUP86jGorJvb1UN+KnoSaBEkc/xxVC4zH6HdqBAr22AHXaOat0eybgm85c JjxkjK1Hv8sKyVId144yZFok2HDOvf5SVNpOlxLO2sHrk4DKaSvCME3gKnwDwqCibmVeg4ez+Ao/n AOWi1xMlxiY7jD6fW85e24mQKe66ZSZK57hxOc2VwdwysHpmwi7peTRAPOKgFxz5yr02L+HRrJJij i6HsL8PyhaPQW+Rjv/jg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzev-0001wf-9p; Fri, 07 Feb 2020 09:10:45 +0000 Received: from mail2.candelatech.com ([208.74.158.173] helo=mail3.candelatech.com) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzed-0001kE-1B for hostap@lists.infradead.org; Fri, 07 Feb 2020 09:10:29 +0000 Received: from ben-dt4.candelatech.com (50-251-239-81-static.hfc.comcastbusiness.net [50.251.239.81]) by mail3.candelatech.com (Postfix) with ESMTP id 7A65E137588; Fri, 7 Feb 2020 01:10:26 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 mail3.candelatech.com 7A65E137588 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=candelatech.com; s=default; t=1581066626; bh=4vs5j1KKqJtdLMdhxN/72oYFfyjPq5FadHXV5Prtgic=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HMpxU0H79Q7q4b8q/WQtihDJsnKD8Y9EkZuxG+WDT0wt8IAu2jxNVjQG4DBBaC0yA km8LoJRyNVqve9v708LtCEnAcBGyjNihMlBzaKBlLoWasQj/v4HoC6D5/0eSuAAXLS vrvEIczsj3W4NNCVKnO3nBkztS50mkm54vpmkLcM= From: greearb@candelatech.com To: hostap@lists.infradead.org Subject: [PATCH 4/9] hs20-spp-html: apache + systemd hides the log file. Date: Fri, 7 Feb 2020 01:10:12 -0800 Message-Id: <20200207091017.26244-4-greearb@candelatech.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200207091017.26244-1-greearb@candelatech.com> References: <20200207091017.26244-1-greearb@candelatech.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200207_011027_117859_6D94CF03 X-CRM114-Status: UNSURE ( 7.04 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ben Greear Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Ben Greear Add note so that the user has a chance to find it more easily. Signed-off-by: Ben Greear --- hs20/server/www/spp.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hs20/server/www/spp.php b/hs20/server/www/spp.php index c56d3d69e..77a2ebb44 100644 --- a/hs20/server/www/spp.php +++ b/hs20/server/www/spp.php @@ -141,6 +141,9 @@ $addr = $_SERVER["REMOTE_ADDR"]; putenv("HS20ADDR=$addr"); putenv("HS20TEST=$test"); +// Note that systemd + apache may run under chroot, and so your log file will +// be in some hard-to-find place like: +// /tmp/systemd-httpd.service-XqgPdBa/tmp/hs20_spp_server.log $last = exec("$osu_root/spp/hs20_spp_server -r$osu_root -f/tmp/hs20_spp_server.log", $output, $ret); if ($ret == 2) { From patchwork Fri Feb 7 09:10:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Greear X-Patchwork-Id: 1234805 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=candelatech.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20170209 header.b=HSr65CD0; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=candelatech.com header.i=@candelatech.com header.a=rsa-sha256 header.s=default header.b=gDMYbsXm; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48DV0k1wD4z9sSD for ; Fri, 7 Feb 2020 20:11:34 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=OuNmkkNmV0OB9zbc5SUke8x51xs+S/NXCK9yYA3jDkU=; b=HSr65CD0bJBJUU +gz6xmXrqyc+XxZVtC7lwWVH5uLrcVEVz1Jwh1SdQgfA01gaqpuOi16i9nqnxAg+H8RQD/bSbabnH RCVDggzxCueb0p0/lGDAyd4wm8CRKBMJzCIRbsnIn9t6VZia+hmHiGyZl6pSz06vn/nJv54J/A+w8 7yXvmijlPgl2pd1yyrURzYG/EHeJ0y8Q6MlJJvAKXVk77+uOGMgQehewKgFfK8aT7sXl4kWG3wiIP zoU8uIfbS53325O+BO3jJhFOeMkUXcsr2cKWTutoSlqIzD1yHr/BPZZXXKqkLrhz8D/9oJecq2iK9 Q8SGISqqqAt4uuvtcn7w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzfd-0002lG-1i; Fri, 07 Feb 2020 09:11:29 +0000 Received: from mail2.candelatech.com ([208.74.158.173] helo=mail3.candelatech.com) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzed-0001kF-1c for hostap@lists.infradead.org; Fri, 07 Feb 2020 09:10:30 +0000 Received: from ben-dt4.candelatech.com (50-251-239-81-static.hfc.comcastbusiness.net [50.251.239.81]) by mail3.candelatech.com (Postfix) with ESMTP id A755E137589; Fri, 7 Feb 2020 01:10:26 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 mail3.candelatech.com A755E137589 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=candelatech.com; s=default; t=1581066626; bh=MGt7RTayTi8cLGx5Cg5eqdtf4cEFmSbg4fKt24qfS4Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gDMYbsXm+OP8Ze8d3Ts062Bm8PQpCyckOBMuPyIRJFw4PyXzzUVYnk2+JuYQADS5c 37eE2TxhovfYNVKueS4ysTi2iha1geO0yPvWcW9Qz6LOhnSff1dgfEp1DjiFcHH9Mu HAiixRpytkv+iBxOrk4siWUhrm8BrYoSFB2tBJkw= From: greearb@candelatech.com To: hostap@lists.infradead.org Subject: [PATCH 5/9] hostap: Enable webkit2 support in the osu client. Date: Fri, 7 Feb 2020 01:10:13 -0800 Message-Id: <20200207091017.26244-5-greearb@candelatech.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200207091017.26244-1-greearb@candelatech.com> References: <20200207091017.26244-1-greearb@candelatech.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200207_011027_134027_EC737BC3 X-CRM114-Status: GOOD ( 10.99 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ben Greear Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Ben Greear This is my mostly-ignorant attempt to port osu client to webkit2 API. Signed-off-by: Ben Greear --- hs20/client/Makefile | 9 +++++ src/utils/browser.c | 89 ++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 90 insertions(+), 8 deletions(-) diff --git a/hs20/client/Makefile b/hs20/client/Makefile index 67f6f55c5..a8ee8bc4b 100644 --- a/hs20/client/Makefile +++ b/hs20/client/Makefile @@ -30,8 +30,17 @@ CFLAGS += -I../../src ifndef CONFIG_NO_BROWSER ifndef CONFIG_BROWSER_SYSTEM +TEST_WK := $(shell pkg-config --cflags webkitgtk-3.0) +ifeq ($(TEST_WK),) +# Try webkit2 +GTKCFLAGS := $(shell pkg-config --cflags gtk+-3.0 webkit2gtk-4.0) +GTKLIBS := $(shell pkg-config --libs gtk+-3.0 webkit2gtk-4.0) +CFLAGS += -DUSE_WEBKIT2 +else GTKCFLAGS := $(shell pkg-config --cflags gtk+-3.0 webkitgtk-3.0) GTKLIBS := $(shell pkg-config --libs gtk+-3.0 webkitgtk-3.0) +endif + CFLAGS += $(GTKCFLAGS) LIBS += $(GTKLIBS) endif diff --git a/src/utils/browser.c b/src/utils/browser.c index ad0b382fb..a9247092f 100644 --- a/src/utils/browser.c +++ b/src/utils/browser.c @@ -7,7 +7,11 @@ */ #include "includes.h" +#ifdef USE_WEBKIT2 +#include +#else #include +#endif #include "common.h" #include "browser.h" @@ -53,7 +57,11 @@ static void browser_update_title(struct browser_context *ctx) static void view_cb_notify_progress(WebKitWebView *view, GParamSpec *pspec, struct browser_context *ctx) { +#ifdef USE_WEBKIT2 + ctx->progress = 100 * webkit_web_view_get_estimated_load_progress(view); +#else ctx->progress = 100 * webkit_web_view_get_progress(view); +#endif wpa_printf(MSG_DEBUG, "BROWSER:%s progress=%d", __func__, ctx->progress); browser_update_title(ctx); @@ -63,23 +71,43 @@ static void view_cb_notify_progress(WebKitWebView *view, GParamSpec *pspec, static void view_cb_notify_load_status(WebKitWebView *view, GParamSpec *pspec, struct browser_context *ctx) { +#ifdef USE_WEBKIT2 + int status = webkit_web_view_get_estimated_load_progress(view); +#else int status = webkit_web_view_get_load_status(view); +#endif wpa_printf(MSG_DEBUG, "BROWSER:%s load-status=%d uri=%s", __func__, status, webkit_web_view_get_uri(view)); } static void view_cb_resource_request_starting(WebKitWebView *view, +#ifndef USE_WEBKIT2 WebKitWebFrame *frame, +#endif WebKitWebResource *res, +#ifdef USE_WEBKIT2 + WebKitURIRequest *req, +#else WebKitNetworkRequest *req, WebKitNetworkResponse *resp, +#endif struct browser_context *ctx) { +#ifdef USE_WEBKIT2 + const gchar *uri = webkit_uri_request_get_uri(req); +#else const gchar *uri = webkit_network_request_get_uri(req); +#endif wpa_printf(MSG_DEBUG, "BROWSER:%s uri=%s", __func__, uri); - if (g_str_has_suffix(uri, "/favicon.ico")) + if (g_str_has_suffix(uri, "/favicon.ico")) { +#ifdef USE_WEBKIT2 + webkit_uri_request_set_uri(req, "about:blank"); +#else webkit_network_request_set_uri(req, "about:blank"); +#endif + } + if (g_str_has_prefix(uri, "osu://")) { ctx->success = atoi(uri + 6); gtk_main_quit(); @@ -96,21 +124,44 @@ static void view_cb_resource_request_starting(WebKitWebView *view, static gboolean view_cb_mime_type_policy_decision( - WebKitWebView *view, WebKitWebFrame *frame, WebKitNetworkRequest *req, + WebKitWebView *view, +#ifndef USE_WEBKIT2 + WebKitWebFrame *frame, WebKitNetworkRequest *req, gchar *mime, WebKitWebPolicyDecision *policy, +#else + WebKitPolicyDecision *policy, + WebKitPolicyDecisionType type, +#endif struct browser_context *ctx) { +#ifdef USE_WEBKIT2 + switch (type) { + case WEBKIT_POLICY_DECISION_TYPE_RESPONSE: { + /* This function makes webkit send a download signal for all unknown + mime types. */ + WebKitResponsePolicyDecision *response = WEBKIT_RESPONSE_POLICY_DECISION(policy); + if (!webkit_response_policy_decision_is_mime_type_supported (response)) { + webkit_policy_decision_download (policy); + return TRUE; + } + break; + } + default: + break; + } +#else wpa_printf(MSG_DEBUG, "BROWSER:%s mime=%s", __func__, mime); if (!webkit_web_view_can_show_mime_type(view, mime)) { webkit_web_policy_decision_download(policy); return TRUE; } +#endif return FALSE; } - +#ifndef USE_WEBKIT2 static gboolean view_cb_download_requested(WebKitWebView *view, WebKitDownload *dl, struct browser_context *ctx) @@ -120,6 +171,7 @@ static gboolean view_cb_download_requested(WebKitWebView *view, wpa_printf(MSG_DEBUG, "BROWSER:%s uri=%s", __func__, uri); return FALSE; } +#endif static void view_cb_hovering_over_link(WebKitWebView *view, gchar *title, @@ -136,7 +188,7 @@ static void view_cb_hovering_over_link(WebKitWebView *view, gchar *title, browser_update_title(ctx); } - +#ifndef USE_WEBKIT2 static void view_cb_title_changed(WebKitWebView *view, WebKitWebFrame *frame, const char *title, struct browser_context *ctx) @@ -146,24 +198,31 @@ static void view_cb_title_changed(WebKitWebView *view, WebKitWebFrame *frame, ctx->title = os_strdup(title); browser_update_title(ctx); } - +#endif int hs20_web_browser(const char *url) { GtkWidget *scroll; - SoupSession *s; WebKitWebView *view; +#ifdef USE_WEBKIT2 + WebKitSettings *settings; +#else WebKitWebSettings *settings; + SoupSession *s; +#endif struct browser_context ctx; memset(&ctx, 0, sizeof(ctx)); if (!gtk_init_check(NULL, NULL)) return -1; +#ifndef USE_WEBKIT2 + /* TODO-BEN: Not sure how to do this in webkit2 */ s = webkit_get_default_session(); g_object_set(G_OBJECT(s), "ssl-ca-file", "/etc/ssl/certs/ca-certificates.crt", NULL); g_object_set(G_OBJECT(s), "ssl-strict", FALSE, NULL); +#endif ctx.win = gtk_window_new(GTK_WINDOW_TOPLEVEL); gtk_window_set_role(GTK_WINDOW(ctx.win), "Hotspot 2.0 client"); @@ -181,16 +240,30 @@ int hs20_web_browser(const char *url) G_CALLBACK(view_cb_notify_progress), &ctx); g_signal_connect(G_OBJECT(view), "notify::load-status", G_CALLBACK(view_cb_notify_load_status), &ctx); +#ifdef USE_WEBKIT2 + g_signal_connect(G_OBJECT(view), "resource-load-started", + G_CALLBACK(view_cb_resource_request_starting), &ctx); + g_signal_connect(G_OBJECT(view), "decide-policy", + G_CALLBACK(view_cb_mime_type_policy_decision), &ctx); + /* TODO-BEN: Implement these? + g_signal_connect(G_OBJECT(view), "download-started", + G_CALLBACK(view_cb_download_requested), &ctx); + g_signal_connect(G_OBJECT(view), "notify::title", + G_CALLBACK(view_cb_title_changed), &ctx); + */ +#else g_signal_connect(G_OBJECT(view), "resource-request-starting", G_CALLBACK(view_cb_resource_request_starting), &ctx); g_signal_connect(G_OBJECT(view), "mime-type-policy-decision-requested", G_CALLBACK(view_cb_mime_type_policy_decision), &ctx); g_signal_connect(G_OBJECT(view), "download-requested", G_CALLBACK(view_cb_download_requested), &ctx); - g_signal_connect(G_OBJECT(view), "hovering-over-link", - G_CALLBACK(view_cb_hovering_over_link), &ctx); g_signal_connect(G_OBJECT(view), "title-changed", G_CALLBACK(view_cb_title_changed), &ctx); +#endif + + g_signal_connect(G_OBJECT(view), "hovering-over-link", + G_CALLBACK(view_cb_hovering_over_link), &ctx); gtk_container_add(GTK_CONTAINER(scroll), GTK_WIDGET(view)); gtk_container_add(GTK_CONTAINER(ctx.win), GTK_WIDGET(scroll)); From patchwork Fri Feb 7 09:10:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Greear X-Patchwork-Id: 1234807 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=candelatech.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20170209 header.b=rDQMkr8e; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=candelatech.com header.i=@candelatech.com header.a=rsa-sha256 header.s=default header.b=hm8gjuTP; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48DV160qbvz9sSD for ; Fri, 7 Feb 2020 20:11:54 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=cn3XR18JNqWg/DeJYD9L2RO2/G1QtQeNZthOyycA5do=; b=rDQMkr8eB7HbJ8 YqBQJHlMSL2EZXJgV00aMTTVPB+KTB1AbwWqrjHjxPvqNUZ2AROfoUp/Q1ST3vkgHweyFmVRVl0d7 oviJS7ZMYZVDCrd3iIChKVBc+ydWJFBgblzWLxuQ6XfbSaZ+xXKV12+VDsYXZQsttud/wR3UW0H8w COdRsVO1Ssn+jlZIRG81qA+bmPvJ8GZy8Vvrl5ZGb/FZHi4npi25EvETCAGPjh0qYNLu5Z9gmmtAb +LVaLwbkwpYtWY9xzHZmJGhYA53Jnw5Qi7YQ4cQzc4hYP8ojz4IHeMsVA8I10CNwsqeclhUzVuhSC iHopEc/qCbZR39nxxwFw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzfx-0003J4-8p; Fri, 07 Feb 2020 09:11:49 +0000 Received: from mail2.candelatech.com ([208.74.158.173] helo=mail3.candelatech.com) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzee-0001lT-L4 for hostap@lists.infradead.org; Fri, 07 Feb 2020 09:10:32 +0000 Received: from ben-dt4.candelatech.com (50-251-239-81-static.hfc.comcastbusiness.net [50.251.239.81]) by mail3.candelatech.com (Postfix) with ESMTP id C904C13758A; Fri, 7 Feb 2020 01:10:26 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 mail3.candelatech.com C904C13758A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=candelatech.com; s=default; t=1581066626; bh=qE/pfRhrPiB0PlgSO8i+ZDuVqOky5Iktd88vteCK0lQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hm8gjuTPGmnihCf+XAKxyZblBTuXFYftm8jH9bdQEBTui30rRVKbQJcIDvXAlhKK6 5f1HNZemKg+F5NDSB5Hrfu/xU/x8ZV1VlXqBr9vO2DrBTaZY4qmI/ca524ZruIxfed AhYOI0RQyCHXGrXMLFeQnw/i29b8oy2LgN3d3Fmo= From: greearb@candelatech.com To: hostap@lists.infradead.org Subject: [PATCH 6/9] hs20: Bind curl, including dns, to wlan interface. Date: Fri, 7 Feb 2020 01:10:14 -0800 Message-Id: <20200207091017.26244-6-greearb@candelatech.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200207091017.26244-1-greearb@candelatech.com> References: <20200207091017.26244-1-greearb@candelatech.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200207_011028_789019_40171237 X-CRM114-Status: GOOD ( 15.27 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ben Greear Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Ben Greear This lets things work better on multi-homed networks. Signed-off-by: Ben Greear --- hs20/client/est.c | 15 ++++-- hs20/client/oma_dm_client.c | 7 ++- hs20/client/osu_client.c | 43 +++++++++++++-- hs20/client/osu_client.h | 4 ++ hs20/client/spp_client.c | 18 +++++-- src/utils/http-utils.h | 12 +++-- src/utils/http_curl.c | 103 ++++++++++++++++++++++++++++++++---- 7 files changed, 179 insertions(+), 23 deletions(-) diff --git a/hs20/client/est.c b/hs20/client/est.c index 97f913210..f93a15696 100644 --- a/hs20/client/est.c +++ b/hs20/client/est.c @@ -137,7 +137,10 @@ int est_load_cacerts(struct hs20_osu_client *ctx, const char *url) ctx->no_osu_cert_validation = 1; http_ocsp_set(ctx->http, 1); res = http_download_file(ctx->http, buf, "Cert/est-cacerts.txt", - ctx->ca_fname); + ctx->ca_fname, + ctx->do_bind_iface ? ctx->ifname : NULL, + ctx->dns); + http_ocsp_set(ctx->http, (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2); ctx->no_osu_cert_validation = 0; @@ -619,7 +622,10 @@ int est_build_csr(struct hs20_osu_client *ctx, const char *url) ctx->no_osu_cert_validation = 1; http_ocsp_set(ctx->http, 1); res = http_download_file(ctx->http, buf, "Cert/est-csrattrs.txt", - ctx->ca_fname); + ctx->ca_fname, + ctx->do_bind_iface ? ctx->ifname : NULL, + ctx->dns); + http_ocsp_set(ctx->http, (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2); ctx->no_osu_cert_validation = 0; @@ -721,7 +727,10 @@ int est_simple_enroll(struct hs20_osu_client *ctx, const char *url, resp = http_post(ctx->http, buf, req, "application/pkcs10", "Content-Transfer-Encoding: base64", ctx->ca_fname, user, pw, client_cert, client_key, - &resp_len); + &resp_len, + ctx->do_bind_iface ? ctx->ifname : NULL, + ctx->dns); + http_ocsp_set(ctx->http, (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2); ctx->no_osu_cert_validation = 0; diff --git a/hs20/client/oma_dm_client.c b/hs20/client/oma_dm_client.c index d75c84562..78b46341a 100644 --- a/hs20/client/oma_dm_client.c +++ b/hs20/client/oma_dm_client.c @@ -957,7 +957,10 @@ static xml_node_t * oma_dm_send_recv(struct hs20_osu_client *ctx, ctx->server_url = os_strdup(url); res = http_post(ctx->http, url, str, "application/vnd.syncml.dm+xml", ext_hdr, ctx->ca_fname, username, password, - client_cert, client_key, NULL); + client_cert, client_key, NULL, + ctx->do_bind_iface ? ctx->ifname : NULL, + ctx->dns); + os_free(str); os_free(resp_uri); resp_uri = NULL; @@ -1210,6 +1213,8 @@ int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url) } write_summary(ctx, "OMA-DM SIM provisioning"); + check_dns_file(ctx); + msgid++; syncml = build_oma_dm_1_sub_prov(ctx, url, msgid); if (syncml == NULL) diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c index 9f9c307b6..ff6e5b1c0 100644 --- a/hs20/client/osu_client.c +++ b/hs20/client/osu_client.c @@ -339,7 +339,10 @@ static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params, write_summary(ctx, "Download certificate from %s", url); ctx->no_osu_cert_validation = 1; http_ocsp_set(ctx->http, 1); - res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL); + res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL, + ctx->do_bind_iface ? ctx->ifname : NULL, + ctx->dns); + http_ocsp_set(ctx->http, (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2); ctx->no_osu_cert_validation = 0; @@ -2151,6 +2154,33 @@ static struct osu_data * parse_osu_providers(const char *fname, size_t *count) return osu; } +void check_dns_file(struct hs20_osu_client* ctx) +{ + /* Look for DNS servers in case user specified a place to look. */ + if (ctx->dns_file) { + FILE *f; + char buf[100]; + + f = fopen(ctx->dns_file, "r"); + if (f) { + if (fgets(buf, sizeof(buf), f)) { + wpa_printf(MSG_DEBUG, "Checking DNS file: %s contents: %s", + ctx->dns_file, buf); + if (strncmp(buf, "DNS:", 4) == 0) { + /* remove ending whitespace */ + int len = strlen(buf); + if ((buf[len - 2] == '\n') || (buf[len - 2] == '\r')) + buf[len - 2] = 0; + else if ((buf[len - 1] == '\n') || (buf[len - 1] == '\r')) + buf[len - 1] = 0; + http_bind_dns(ctx->http, NULL, buf + 4); + ctx->dns = strdup(buf + 4); + } + } + fclose(f); + } + } +} static int osu_connect(struct hs20_osu_client *ctx, const char *bssid, const char *ssid, const char *ssid2, const char *url, @@ -2255,6 +2285,8 @@ static int osu_connect(struct hs20_osu_client *ctx, const char *bssid, wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway"); } + check_dns_file(ctx); + if (no_prod_assoc) { if (res < 0) return -1; @@ -2698,6 +2730,7 @@ static int cmd_sub_rem(struct hs20_osu_client *ctx, const char *address, if (wait_ip_addr(ctx->ifname, 15) < 0) { wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway"); } + check_dns_file(ctx); if (spp) spp_sub_rem(ctx, address, pps_fname, @@ -3162,7 +3195,7 @@ static void check_workarounds(struct hs20_osu_client *ctx) static void usage(void) { printf("usage: hs20-osu-client [-dddqqKt] [-S] \\\n" - " [-w] " + " [-w] [-D] " "[-r] [-f] \\\n" " [-s] \\\n" " [-x] \\\n" @@ -3207,7 +3240,7 @@ int main(int argc, char *argv[]) return -1; for (;;) { - c = getopt(argc, argv, "df:hKNo:O:qr:s:S:tw:x:"); + c = getopt(argc, argv, "dD:f:hKNo:O:qr:s:S:tw:x:"); if (c < 0) break; switch (c) { @@ -3215,6 +3248,9 @@ int main(int argc, char *argv[]) if (wpa_debug_level > 0) wpa_debug_level--; break; + case 'D': + ctx.dns_file = optarg; + break; case 'f': wpa_debug_file_path = optarg; break; @@ -3241,6 +3277,7 @@ int main(int argc, char *argv[]) break; case 'S': ctx.ifname = optarg; + ctx.do_bind_iface = 1; break; case 't': wpa_debug_timestamp++; diff --git a/hs20/client/osu_client.h b/hs20/client/osu_client.h index 5c8e6d00b..9b1082278 100644 --- a/hs20/client/osu_client.h +++ b/hs20/client/osu_client.h @@ -34,6 +34,9 @@ struct hs20_osu_client { const char *summary_file; const char *ifname; const char *ca_fname; + const char *dns_file; + const char* dns; + int do_bind_iface; int no_osu_cert_validation; /* for EST operations */ char *fqdn; char *server_url; @@ -71,6 +74,7 @@ int update_pps_file(struct hs20_osu_client *ctx, const char *pps_fname, xml_node_t *pps); void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname); +void check_dns_file(struct hs20_osu_client* ctx); /* spp_client.c */ diff --git a/hs20/client/spp_client.c b/hs20/client/spp_client.c index c619541ae..4144189b0 100644 --- a/hs20/client/spp_client.c +++ b/hs20/client/spp_client.c @@ -796,7 +796,9 @@ void spp_sub_rem(struct hs20_osu_client *ctx, const char *address, if (soap_init_client(ctx->http, address, ctx->ca_fname, cred_username, cred_password, client_cert, - client_key) == 0) { + client_key, + ctx->do_bind_iface ? ctx->ifname : NULL, + ctx->dns) == 0) { spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REMEDIATION, "Subscription remediation", pps_fname, pps); } @@ -942,7 +944,9 @@ void spp_pol_upd(struct hs20_osu_client *ctx, const char *address, ctx->server_url = os_strdup(address); if (soap_init_client(ctx->http, address, ctx->ca_fname, cred_username, - cred_password, client_cert, client_key) == 0) { + cred_password, client_cert, client_key, + ctx->do_bind_iface ? ctx->ifname : NULL, + ctx->dns) == 0) { spp_post_dev_data(ctx, SPP_POLICY_UPDATE, "Policy update", pps_fname, pps); } @@ -967,7 +971,9 @@ int cmd_prov(struct hs20_osu_client *ctx, const char *url) ctx->server_url = os_strdup(url); if (soap_init_client(ctx->http, url, ctx->ca_fname, NULL, NULL, NULL, - NULL) < 0) + NULL, + ctx->do_bind_iface ? ctx->ifname : NULL, + ctx->dns) < 0) return -1; spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REGISTRATION, "Subscription registration", NULL, NULL); @@ -994,8 +1000,12 @@ int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url) wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway"); } + check_dns_file(ctx); + if (soap_init_client(ctx->http, url, ctx->ca_fname, NULL, NULL, NULL, - NULL) < 0) + NULL, + ctx->do_bind_iface ? ctx->ifname : NULL, + ctx->dns) < 0) return -1; spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REGISTRATION, "Subscription provisioning", NULL, NULL); diff --git a/src/utils/http-utils.h b/src/utils/http-utils.h index 8d4399a37..277ac3485 100644 --- a/src/utils/http-utils.h +++ b/src/utils/http-utils.h @@ -38,22 +38,28 @@ struct http_cert { int soap_init_client(struct http_ctx *ctx, const char *address, const char *ca_fname, const char *username, const char *password, const char *client_cert, - const char *client_key); + const char *client_key, const char* ifname, const char* dns); int soap_reinit_client(struct http_ctx *ctx); xml_node_t * soap_send_receive(struct http_ctx *ctx, xml_node_t *node); +/* Bind curl to an interface. */ +int http_bind_iface(struct http_ctx *ctx, void* curl, const char* ifname); +/* Tell curl's resolver (in case it is using one) to use a specific DNS server. */ +int http_bind_dns(struct http_ctx *ctx, void* curl, const char* dns); + struct http_ctx * http_init_ctx(void *upper_ctx, struct xml_node_ctx *xml_ctx); void http_ocsp_set(struct http_ctx *ctx, int val); void http_deinit_ctx(struct http_ctx *ctx); int http_download_file(struct http_ctx *ctx, const char *url, - const char *fname, const char *ca_fname); + const char *fname, const char *ca_fname, + const char* ifname, const char* dns); char * http_post(struct http_ctx *ctx, const char *url, const char *data, const char *content_type, const char *ext_hdr, const char *ca_fname, const char *username, const char *password, const char *client_cert, const char *client_key, - size_t *resp_len); + size_t *resp_len, const char* ifname, const char* dns); void http_set_cert_cb(struct http_ctx *ctx, int (*cb)(void *ctx, struct http_cert *cert), void *cb_ctx); diff --git a/src/utils/http_curl.c b/src/utils/http_curl.c index e62fbf96b..967eace09 100644 --- a/src/utils/http_curl.c +++ b/src/utils/http_curl.c @@ -50,8 +50,11 @@ struct http_ctx { char *svc_password; char *svc_client_cert; char *svc_client_key; + char *ifname; + char *dns; char *curl_buf; size_t curl_buf_len; + char curl_err_buffer[CURL_ERROR_SIZE + 1]; int (*cert_cb)(void *ctx, struct http_cert *cert); void *cert_cb_ctx; @@ -1348,7 +1351,7 @@ static CURLcode curl_cb_ssl(CURL *curl, void *sslctx, void *parm) static CURL * setup_curl_post(struct http_ctx *ctx, const char *address, const char *ca_fname, const char *username, const char *password, const char *client_cert, - const char *client_key) + const char *client_key, const char* ifname, const char* dns) { CURL *curl; #ifdef EAP_TLS_OPENSSL @@ -1364,6 +1367,15 @@ static CURL * setup_curl_post(struct http_ctx *ctx, const char *address, if (curl == NULL) return NULL; + ctx->curl_err_buffer[0] = 0; + curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, ctx->curl_err_buffer); + + if (ifname) + http_bind_iface(ctx, curl, ifname); + + if (dns) + http_bind_dns(ctx, curl, dns); + curl_easy_setopt(curl, CURLOPT_URL, address); curl_easy_setopt(curl, CURLOPT_POST, 1L); if (ca_fname) { @@ -1398,6 +1410,7 @@ static CURL * setup_curl_post(struct http_ctx *ctx, const char *address, curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, curl_cb_write); curl_easy_setopt(curl, CURLOPT_WRITEDATA, ctx); curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); + if (username) { curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_ANYSAFE); curl_easy_setopt(curl, CURLOPT_USERNAME, username); @@ -1407,11 +1420,67 @@ static CURL * setup_curl_post(struct http_ctx *ctx, const char *address, return curl; } +int http_bind_iface(struct http_ctx *ctx, void* _curl, const char* ifname) +{ + int rv; + CURL* curl = _curl; + + if (!curl) + curl = ctx->curl; + + if (ctx->ifname) + os_free(ctx->ifname); + ctx->ifname = NULL; + clone_str(&ctx->ifname, ifname); + + /* Bind DNS resolver to the local interface, if curl is using such. */ + rv = curl_easy_setopt(curl, CURLOPT_DNS_INTERFACE, ifname); + if (rv != CURLE_OK) { + wpa_printf(MSG_ERROR, "Failed CURLOPT_DNS_INTERFACE, curl: %p ifname: %s error: %s rv: %d (%s)\n", + curl, ifname, ctx->curl_err_buffer, rv, curl_easy_strerror(rv)); + } + else { + wpa_printf(MSG_DEBUG, "Bound curl DNS to interface: %s\n", ifname); + } + rv = curl_easy_setopt(curl, CURLOPT_INTERFACE, ifname); + if (rv != CURLE_OK) { + wpa_printf(MSG_ERROR, "Failed CURLOPT_INTERFACE, curl: %p ifname: %s error: %s, rv: %d(%s)\n", + curl, ifname, ctx->curl_err_buffer, rv, curl_easy_strerror(rv)); + } + else { + wpa_printf(MSG_DEBUG, "Bound curl to interface: %s\n", ifname); + } + return rv; +} + +int http_bind_dns(struct http_ctx *ctx, void* _curl, const char* dns) +{ + CURL* curl = _curl; + int rv; + + if (!curl) + curl = ctx->curl; + + if (ctx->dns) + os_free(ctx->dns); + ctx->dns = NULL; + clone_str(&ctx->dns, dns); + + rv = curl_easy_setopt(curl, CURLOPT_DNS_SERVERS, dns); + if (rv != CURLE_OK) { + wpa_printf(MSG_ERROR, "Failed CURLOPT_DNS_SERVERS, curl: %p dns: %s error: %s rv: %d(%s)\n", + curl, dns, ctx->curl_err_buffer, rv, curl_easy_strerror(rv)); + } + else { + wpa_printf(MSG_DEBUG, "Bound curl DNS servers: %s\n", dns); + } + return rv; +} static int post_init_client(struct http_ctx *ctx, const char *address, const char *ca_fname, const char *username, const char *password, const char *client_cert, - const char *client_key) + const char *client_key, const char* ifname, const char* dns) { char *pos; int count; @@ -1422,6 +1491,8 @@ static int post_init_client(struct http_ctx *ctx, const char *address, clone_str(&ctx->svc_password, password); clone_str(&ctx->svc_client_cert, client_cert); clone_str(&ctx->svc_client_key, client_key); + clone_str(&ctx->ifname, ifname); + clone_str(&ctx->dns, dns); /* * Workaround for Apache "Hostname 'FOO' provided via SNI and hostname @@ -1435,7 +1506,7 @@ static int post_init_client(struct http_ctx *ctx, const char *address, } ctx->curl = setup_curl_post(ctx, ctx->svc_address, ca_fname, username, - password, client_cert, client_key); + password, client_cert, client_key, ifname, dns); if (ctx->curl == NULL) return -1; @@ -1446,10 +1517,10 @@ static int post_init_client(struct http_ctx *ctx, const char *address, int soap_init_client(struct http_ctx *ctx, const char *address, const char *ca_fname, const char *username, const char *password, const char *client_cert, - const char *client_key) + const char *client_key, const char* ifname, const char* dns) { if (post_init_client(ctx, address, ca_fname, username, password, - client_cert, client_key) < 0) + client_cert, client_key, ifname, dns) < 0) return -1; ctx->curl_hdr = curl_slist_append(ctx->curl_hdr, @@ -1470,6 +1541,8 @@ int soap_reinit_client(struct http_ctx *ctx) char *password = NULL; char *client_cert = NULL; char *client_key = NULL; + char *ifname = NULL; + char *dns = NULL; int ret; clear_curl(ctx); @@ -1480,9 +1553,11 @@ int soap_reinit_client(struct http_ctx *ctx) clone_str(&password, ctx->svc_password); clone_str(&client_cert, ctx->svc_client_cert); clone_str(&client_key, ctx->svc_client_key); + clone_str(&ifname, ctx->ifname); + clone_str(&dns, ctx->dns); ret = soap_init_client(ctx, address, ca_fname, username, password, - client_cert, client_key); + client_cert, client_key, ifname, dns); os_free(address); os_free(ca_fname); str_clear_free(username); @@ -1614,7 +1689,8 @@ void http_deinit_ctx(struct http_ctx *ctx) int http_download_file(struct http_ctx *ctx, const char *url, - const char *fname, const char *ca_fname) + const char *fname, const char *ca_fname, + const char* ifname, const char* dns) { CURL *curl; FILE *f; @@ -1629,6 +1705,15 @@ int http_download_file(struct http_ctx *ctx, const char *url, if (curl == NULL) return -1; + ctx->curl_err_buffer[0] = 0; + curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, ctx->curl_err_buffer); + + if (ifname) + http_bind_iface(ctx, curl, ifname); + + if (dns) + http_bind_dns(ctx, curl, dns); + f = fopen(fname, "wb"); if (f == NULL) { curl_easy_cleanup(curl); @@ -1682,7 +1767,7 @@ char * http_post(struct http_ctx *ctx, const char *url, const char *data, const char *ca_fname, const char *username, const char *password, const char *client_cert, const char *client_key, - size_t *resp_len) + size_t *resp_len, const char* ifname, const char* dns) { long http = 0; CURLcode res; @@ -1693,7 +1778,7 @@ char * http_post(struct http_ctx *ctx, const char *url, const char *data, ctx->last_err = NULL; wpa_printf(MSG_DEBUG, "curl: HTTP POST to %s", url); curl = setup_curl_post(ctx, url, ca_fname, username, password, - client_cert, client_key); + client_cert, client_key, ifname, dns); if (curl == NULL) return NULL; From patchwork Fri Feb 7 09:10:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Greear X-Patchwork-Id: 1234804 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=candelatech.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20170209 header.b=I/tyIOsQ; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=candelatech.com header.i=@candelatech.com header.a=rsa-sha256 header.s=default header.b=PwmwzDjC; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48DV0X6Pnnz9sRR for ; Fri, 7 Feb 2020 20:11:24 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=6JmC5sRx+fUxIDWSvPT9pFdwZLnW02E/Hu0CuWcsBJs=; b=I/tyIOsQ3iJuHg Bn3X39RBjJdNThuA5VTipYzBbjr/c8CmE+lF/GAyxY6WiPZgvX36huuwqAiNb44jr6PU3ECGqvkBY zSkl0dWFwPpqjHkwPKZCkur0YmaYbhvZHBiZhzZ4x2clkgs8U843q+PavQ5Bd4SOpnk+bnsCEb6C+ Sjhzn+dIfdi1DWdxygF784D6aR0pOY9fR5HGubiYxA1HHeO7b4Y5np7gID7djdPf2iXJxsSj6juSB toDEgzY4oQ9jiY7l3pips7lIQVLfRZKmbIz0KCMcuQxV44I49C9rPcYS0TmSq5JN28kPULHl7Zjs8 30yd2vx/HDGwf6gHFgMg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzfU-0002bC-UT; Fri, 07 Feb 2020 09:11:20 +0000 Received: from mail2.candelatech.com ([208.74.158.173] helo=mail3.candelatech.com) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzee-0001lQ-JN for hostap@lists.infradead.org; Fri, 07 Feb 2020 09:10:30 +0000 Received: from ben-dt4.candelatech.com (50-251-239-81-static.hfc.comcastbusiness.net [50.251.239.81]) by mail3.candelatech.com (Postfix) with ESMTP id 0249013758B; Fri, 7 Feb 2020 01:10:26 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 mail3.candelatech.com 0249013758B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=candelatech.com; s=default; t=1581066627; bh=Rp0Ukz299kbC9crdobp700s5qCriusTk60lfPoZNDdc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PwmwzDjCoq+z671b+gkIBj1M5U6hCIR6zT98qHL1UJPWYIWtzp/lvkjtGzrp98qmL Mq8LJwmYrQaJrWNoiR6lpNUZW7LmLdoKkXgIjw2814E0GuNrm3Xal8Uinkk9iNBGBW wO6pNyLQ2kV4ArItxJYyHw0+NiNbgR1UwMmHU0cs= From: greearb@candelatech.com To: hostap@lists.infradead.org Subject: [PATCH 7/9] osu: Create keys for osu-signup web server too. Date: Fri, 7 Feb 2020 01:10:15 -0800 Message-Id: <20200207091017.26244-7-greearb@candelatech.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200207091017.26244-1-greearb@candelatech.com> References: <20200207091017.26244-1-greearb@candelatech.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200207_011028_719013_B6ABBDB3 X-CRM114-Status: UNSURE ( 7.03 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ben Greear Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Ben Greear Signed-off-by: Ben Greear --- hs20/server/ca/setup.sh | 40 +++++++++++++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 7 deletions(-) diff --git a/hs20/server/ca/setup.sh b/hs20/server/ca/setup.sh index 78abcccff..f5c5dfa2a 100755 --- a/hs20/server/ca/setup.sh +++ b/hs20/server/ca/setup.sh @@ -21,6 +21,7 @@ OCSP_URI="http://$CNO:8888/" LOGO_URI="http://osu.w1.fi/w1fi_logo.png" LOGO_HASH256="4532f7ec36424381617c03c6ce87b55a51d6e7177ffafda243cebf280a68954d" LOGO_HASH1="5e1d5085676eede6b02da14d31c523ec20ffba0b" +DAYS=7300 # Command line overrides USAGE=$( cat < openssl.cnf.tmp $OPENSSL req -config $PWD/openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -out ocsp.csr -keyout ocsp.key -extensions v3_OCSP -$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -keyfile demoCA/private/cakey.pem -passin pass:$PASS -in ocsp.csr -out ocsp.pem -days 730 -extensions v3_OCSP || fail "Could not generate ocsp.pem" +$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -keyfile demoCA/private/cakey.pem -passin pass:$PASS -in ocsp.csr -out ocsp.pem -days $DAYS -extensions v3_OCSP || fail "Could not generate ocsp.pem" echo echo "---[ Server - to be revoked ] ------------------------------------------" @@ -149,7 +152,7 @@ echo cat my-openssl.cnf | sed "s/#@CN@/commonName_default = $CNV/" > openssl.cnf.tmp $OPENSSL req -config $PWD/openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -out server-revoked.csr -keyout server-revoked.key -$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in server-revoked.csr -out server-revoked.pem -key $PASS -days 730 -extensions ext_server +$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in server-revoked.csr -out server-revoked.pem -key $PASS -days $DAYS -extensions ext_server $OPENSSL ca -revoke server-revoked.pem -key $PASS echo @@ -159,7 +162,7 @@ echo cat my-openssl.cnf | sed "s/#@CN@/commonName_default = $CNOC/" > openssl.cnf.tmp $OPENSSL req -config $PWD/openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -out server-client.csr -keyout server-client.key || fail "Could not create server-client.key" -$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in server-client.csr -out server-client.pem -key $PASS -days 730 -extensions ext_client || fail "Could not create server-client.pem" +$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in server-client.csr -out server-client.pem -key $PASS -days $DAYS -extensions ext_client || fail "Could not create server-client.pem" echo echo "---[ User ]-------------------------------------------------------------" @@ -167,7 +170,7 @@ echo cat my-openssl.cnf | sed "s/#@CN@/commonName_default = User/" > openssl.cnf.tmp $OPENSSL req -config $PWD/openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -out user.csr -keyout user.key || fail "Could not create user.key" -$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in user.csr -out user.pem -key $PASS -days 730 -extensions ext_client || fail "Could not create user.pem" +$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in user.csr -out user.pem -key $PASS -days $DAYS -extensions ext_client || fail "Could not create user.pem" echo echo "---[ Server ]-----------------------------------------------------------" @@ -180,12 +183,35 @@ ALT="$ALT,otherName:1.3.6.1.4.1.40808.1.1.1;UTF8String:$OPER_FI" cat my-openssl.cnf | sed "s/#@CN@/commonName_default = $OSU_SERVER_HOSTNAME/" | sed "s/^##organizationalUnitName/organizationalUnitName/" | - sed "s/#@OU@/organizationalUnitName_default = Hotspot 2.0 Online Sign Up Server/" | + sed "s/#@OU@/organizationalUnitName_default = Hotspot 2.0 Online Server/" | sed "s/#@ALTNAME@/subjectAltName=critical,$ALT/" \ > openssl.cnf.tmp echo $OPENSSL req -config $PWD/openssl.cnf.tmp -batch -sha256 -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key -reqexts v3_osu_server $OPENSSL req -config $PWD/openssl.cnf.tmp -batch -sha256 -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key -reqexts v3_osu_server || fail "Failed to generate server request" -$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in server.csr -out server.pem -key $PASS -days 730 -extensions ext_server -policy policy_osu_server || fail "Failed to sign server certificate" +$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in server.csr -out server.pem -key $PASS -days $DAYS -extensions ext_server -policy policy_osu_server || fail "Failed to sign server certificate" + +#dump logotype details for debugging +$OPENSSL x509 -in server.pem -out server.der -outform DER +openssl asn1parse -in server.der -inform DER | grep HEX | tail -1 | sed 's/.*://' | xxd -r -p > logo.der +openssl asn1parse -in logo.der -inform DER > logo.asn1 + +echo +echo "---[ Signup Server ]-----------------------------------------------------------" +echo + +ALT="DNS:$OSU_SIGNUP_SERVER_HOSTNAME" +ALT="$ALT,otherName:1.3.6.1.4.1.40808.1.1.1;UTF8String:$OPER_ENG" +ALT="$ALT,otherName:1.3.6.1.4.1.40808.1.1.1;UTF8String:$OPER_FI" + +cat my-openssl.cnf | + sed "s/#@CN@/commonName_default = $OSU_SIGNUP_SERVER_HOSTNAME/" | + sed "s/^##organizationalUnitName/organizationalUnitName/" | + sed "s/#@OU@/organizationalUnitName_default = Hotspot 2.0 Online Sign Up Server/" | + sed "s/#@ALTNAME@/subjectAltName=critical,$ALT/" \ + > openssl.cnf.tmp +echo $OPENSSL req -config $PWD/openssl.cnf.tmp -batch -sha256 -new -newkey rsa:2048 -nodes -out signup-server.csr -keyout signup-server.key -reqexts v3_osu_server +$OPENSSL req -config $PWD/openssl.cnf.tmp -batch -sha256 -new -newkey rsa:2048 -nodes -out signup-server.csr -keyout signup-server.key -reqexts v3_osu_server || fail "Failed to generate signup server request" +$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in signup-server.csr -out signup-server.pem -key $PASS -days $DAYS -extensions ext_server -policy policy_osu_server || fail "Failed to sign signup server certificate" #dump logotype details for debugging $OPENSSL x509 -in server.pem -out server.der -outform DER From patchwork Fri Feb 7 09:10:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Greear X-Patchwork-Id: 1234802 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=candelatech.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20170209 header.b=sMVxStF5; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=candelatech.com header.i=@candelatech.com header.a=rsa-sha256 header.s=default header.b=gUsd//Cs; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48DV083BXkz9sRR for ; Fri, 7 Feb 2020 20:11:04 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=8DhcZ/dBnqZ34TehxQEmHQhXQJ/jRL8ikrP6+iqiMlc=; b=sMVxStF5odFWXo Telkt1sE7tfAtgAPmwoN54uWvCII2fKlLr9Z8Jj48taLPJleEypNjlvdlpDN4Y3F5/3OkzFMbefNt G+r1yvx0Fl4AjRi+ErrvBEwI3bIKIrWDI/atQRN190TpV7WIwuH1h1zN4/5XMdTFNRT3bjHKo2u5B 559oVU1rCvI6TP2UmY+ImrzYtPz8yUH3dsm5cHh4ixX8n2QbgPZz+bBpxhaRBMxBZy0Rpf8CWPAiI mZauehUGv6XSfytSeemCyn2fUtNjntvdAyzAozjfMAcDTSrKHPveHPDXPiFawLKY6j3g/ms8Xu0gr bdUC1LZOww+tF+0j4mEQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzf8-0002EM-Iv; Fri, 07 Feb 2020 09:10:58 +0000 Received: from mail2.candelatech.com ([208.74.158.173] helo=mail3.candelatech.com) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzee-0001lR-KP for hostap@lists.infradead.org; Fri, 07 Feb 2020 09:10:30 +0000 Received: from ben-dt4.candelatech.com (50-251-239-81-static.hfc.comcastbusiness.net [50.251.239.81]) by mail3.candelatech.com (Postfix) with ESMTP id 24FCA13758D; Fri, 7 Feb 2020 01:10:27 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 mail3.candelatech.com 24FCA13758D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=candelatech.com; s=default; t=1581066627; bh=U0oMiLUsG2DoAMrIAINeF2o1gEqQE6WWeD4dk+TKty4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gUsd//CspmSO8WDa09HDYsUMTH7vM/TBDjq5Ij732h0tcVjBw4vB/rwRy9opyT0VN k1h8rKzH3khKmnC63SGjeJLlWokst5qvIn9tOlnXWgqeO1hO6BsLLLFaO70l+buqKu f1fNo5Ipe1YPMCNOUG2vOm7ar2+sZ4n92YkqeSsE= From: greearb@candelatech.com To: hostap@lists.infradead.org Subject: [PATCH 8/9] webkit: Ignore TLS errors. Date: Fri, 7 Feb 2020 01:10:16 -0800 Message-Id: <20200207091017.26244-8-greearb@candelatech.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200207091017.26244-1-greearb@candelatech.com> References: <20200207091017.26244-1-greearb@candelatech.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200207_011028_718945_25488DD5 X-CRM114-Status: UNSURE ( 5.75 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ben Greear Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Ben Greear Hopefully this helps with self-signed certs. Signed-off-by: Ben Greear --- src/utils/browser.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/utils/browser.c b/src/utils/browser.c index a9247092f..4f39c4186 100644 --- a/src/utils/browser.c +++ b/src/utils/browser.c @@ -211,6 +211,7 @@ int hs20_web_browser(const char *url) SoupSession *s; #endif struct browser_context ctx; + WebKitWebContext *wkctx; memset(&ctx, 0, sizeof(ctx)); if (!gtk_init_check(NULL, NULL)) @@ -278,6 +279,9 @@ int hs20_web_browser(const char *url) "hs20-client/1.0", NULL); g_object_set(G_OBJECT(settings), "auto-load-images", TRUE, NULL); + wkctx = webkit_web_context_get_default(); + webkit_web_context_set_tls_errors_policy(wkctx, WEBKIT_TLS_ERRORS_POLICY_IGNORE); + webkit_web_view_load_uri(view, url); gtk_main(); From patchwork Fri Feb 7 09:10:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Greear X-Patchwork-Id: 1234806 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=candelatech.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20170209 header.b=YL5q4Fxo; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=candelatech.com header.i=@candelatech.com header.a=rsa-sha256 header.s=default header.b=oz5ov8uY; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48DV0s6Fq2z9sRR for ; Fri, 7 Feb 2020 20:11:41 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=nANHC4SFgyFkMC8kuYQaZqkJNj5rC+iRNMxaAQyqC/4=; b=YL5q4FxovQFdgL G4sbHuXVdyWsiSV9IXQb+WYDpITA5JgRwwhz0HSUTRoZ/auPJTZHKrA2Iil1fLKT/Sa6j5BtXXdpy o7gQRMN+f/vKrGqwek49xSEUsYAan1nTsCfqMIwZkNTfzQCMkal0vgzM8xv1SNWsmg4Gb3t3pZADm 7AkNRJztRUxs02UCGVPAsDtrPZNy7eEC8jca1PyibXFp1nnYLcmjR7EtRotjTsmMosTR1W7IrakXf zB8fmyem/ngcnJwUgZYLtuvH5+QcHHcDYM7smEqXPrqA0GoGozVSgV7lY/JHWXZ3Czkkilm+ossFw Fmo9SobobWPFwO756wHg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzfl-0002x3-K2; Fri, 07 Feb 2020 09:11:37 +0000 Received: from mail2.candelatech.com ([208.74.158.173] helo=mail3.candelatech.com) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izzee-0001lS-K4 for hostap@lists.infradead.org; Fri, 07 Feb 2020 09:10:31 +0000 Received: from ben-dt4.candelatech.com (50-251-239-81-static.hfc.comcastbusiness.net [50.251.239.81]) by mail3.candelatech.com (Postfix) with ESMTP id 52DCE13758E; Fri, 7 Feb 2020 01:10:27 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 mail3.candelatech.com 52DCE13758E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=candelatech.com; s=default; t=1581066627; bh=p4arcpW2OLLwN/rRMv44jB9g5BgiuBj2bR0BZQd/gmI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oz5ov8uYf0iKXZldw42z/qlgAFKRBiV/9HNUSno4qvNOsvvDkzx2turUyzv+dKmi5 fnDv/7S5uGNUyfPJJM9NzlqKVtvsw9qm2bRgq5FqwFxqUjSaEu0dlaSpnmaVEigDAa VuNDzhds7vTQiyP7yQmYAWJ7P8EQ5zFqcpnFiu2c= From: greearb@candelatech.com To: hostap@lists.infradead.org Subject: [PATCH 9/9] hs20-client: Add 1 second sleep after IP is detected to allow external config to complete. Date: Fri, 7 Feb 2020 01:10:17 -0800 Message-Id: <20200207091017.26244-9-greearb@candelatech.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200207091017.26244-1-greearb@candelatech.com> References: <20200207091017.26244-1-greearb@candelatech.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200207_011028_717054_0FB47781 X-CRM114-Status: UNSURE ( 8.66 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ben Greear Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Ben Greear For instance, setting up VRFs and such might take a small bit of extra time. Signed-off-by: Ben Greear --- hs20/client/oma_dm_client.c | 2 ++ hs20/client/osu_client.c | 5 +++++ hs20/client/spp_client.c | 2 ++ 3 files changed, 9 insertions(+) diff --git a/hs20/client/oma_dm_client.c b/hs20/client/oma_dm_client.c index 78b46341a..ad5724525 100644 --- a/hs20/client/oma_dm_client.c +++ b/hs20/client/oma_dm_client.c @@ -1211,6 +1211,8 @@ int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url) if (wait_ip_addr(ctx->ifname, 15) < 0) { wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway"); } + /* Give a bit more time in case external tools are still configuring things, like VRF. */ + os_sleep(1, 0); write_summary(ctx, "OMA-DM SIM provisioning"); check_dns_file(ctx); diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c index ff6e5b1c0..3b579f14f 100644 --- a/hs20/client/osu_client.c +++ b/hs20/client/osu_client.c @@ -2285,6 +2285,8 @@ static int osu_connect(struct hs20_osu_client *ctx, const char *bssid, wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway"); } + /* Give a bit more time in case external tools are still configuring things, like VRF. */ + os_sleep(1, 0); check_dns_file(ctx); if (no_prod_assoc) { @@ -2730,6 +2732,9 @@ static int cmd_sub_rem(struct hs20_osu_client *ctx, const char *address, if (wait_ip_addr(ctx->ifname, 15) < 0) { wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway"); } + + /* Give a bit more time in case external tools are still configuring things, like VRF. */ + os_sleep(1, 0); check_dns_file(ctx); if (spp) diff --git a/hs20/client/spp_client.c b/hs20/client/spp_client.c index 4144189b0..48a8f6457 100644 --- a/hs20/client/spp_client.c +++ b/hs20/client/spp_client.c @@ -1000,6 +1000,8 @@ int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url) wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway"); } + /* Give a bit more time in case external tools are still configuring things, like VRF. */ + os_sleep(1, 0); check_dns_file(ctx); if (soap_init_client(ctx->http, url, ctx->ca_fname, NULL, NULL, NULL,