[PATCH 1/5] network: remove 'path' from settings_load_pt_ecc

[PATCH 1/5] network: remove 'path' from settings_load_pt_ecc

[James Prestwood]

The path argument was used purely for debugging. It can be just as
informational printing just the SSID of the profile that failed to
parse the setting without requiring callers allocate a string to
call the function.
---
 src/network.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/network.c b/src/network.c
index 79f964b2..41c5460b 100644
--- a/src/network.c
+++ b/src/network.c
@@ -556,7 +556,6 @@ int network_handshake_setup(struct network *network, struct scan_bss *bss,
 }
 
 static int network_settings_load_pt_ecc(struct network *network,
-					const char *path,
 					unsigned int group,
 					struct l_ecc_point **out_pt)
 {
@@ -581,7 +580,7 @@ static int network_settings_load_pt_ecc(struct network *network,
 		return 0;
 
 bad_format:
-	l_error("%s: invalid %s format", path, key);
+	l_error("%s profile: invalid %s format", network->ssid, key);
 
 generate:
 	if (!network->passphrase)
@@ -656,12 +655,10 @@ static int network_load_psk(struct network *network, struct scan_bss *bss)
 	network_reset_psk(network);
 	network->passphrase = l_steal_ptr(passphrase);
 
-	if (network_settings_load_pt_ecc(network, path,
-						19, &network->sae_pt_19) > 0)
+	if (network_settings_load_pt_ecc(network, 19, &network->sae_pt_19) > 0)
 		network->sync_settings = true;
 
-	if (network_settings_load_pt_ecc(network, path,
-						20, &network->sae_pt_20) > 0)
+	if (network_settings_load_pt_ecc(network, 20, &network->sae_pt_20) > 0)
 		network->sync_settings = true;
 
 	network->psk = l_steal_ptr(psk);
-- 
2.34.1

[PATCH 2/5] knownnetworks: network: support updating known network settings

[James Prestwood]

Currently if a known network is modified on disk the settings are not
reloaded by network. Only disconnecting/reconnecting to the network
would update the settings. This poses an issue to DPP since its
creating or updating a known network after configuration then trying
to connect. The connection itself works fine since the PSK/passphrase
is set to the network object directly, but any additional settings
are not updated.

To fix this add a new UPDATED known network event. This is then
handled from within network and all settings read from disk are
applied to the network object.
---
 src/knownnetworks.c |   4 ++
 src/knownnetworks.h |   1 +
 src/network.c       | 104 ++++++++++++++++++++++++++++++++++++++++++--
 3 files changed, 106 insertions(+), 3 deletions(-)

diff --git a/src/knownnetworks.c b/src/knownnetworks.c
index d4d50a6f..04ce74ec 100644
--- a/src/knownnetworks.c
+++ b/src/knownnetworks.c
@@ -468,6 +468,10 @@ void known_network_update(struct network_info *network,
 	known_network_set_autoconnect(network, new->is_autoconnectable);
 
 	memcpy(&network->config, new, sizeof(struct network_config));
+
+	WATCHLIST_NOTIFY(&known_network_watches,
+				known_networks_watch_func_t,
+				KNOWN_NETWORKS_EVENT_UPDATED, network);
 }
 
 bool known_networks_foreach(known_networks_foreach_func_t function,
diff --git a/src/knownnetworks.h b/src/knownnetworks.h
index 0a5c9e25..e8ffac0b 100644
--- a/src/knownnetworks.h
+++ b/src/knownnetworks.h
@@ -35,6 +35,7 @@ struct network_info;
 enum known_networks_event {
 	KNOWN_NETWORKS_EVENT_ADDED,
 	KNOWN_NETWORKS_EVENT_REMOVED,
+	KNOWN_NETWORKS_EVENT_UPDATED,
 };
 
 struct network_info_ops {
diff --git a/src/network.c b/src/network.c
index 41c5460b..bd3671ca 100644
--- a/src/network.c
+++ b/src/network.c
@@ -730,6 +730,73 @@ static void network_settings_save(struct network *network,
 		network_settings_save_sae_pt_ecc(settings, network->sae_pt_20);
 }
 
+static bool network_settings_update(struct network *network,
+					struct l_settings *new)
+{
+	bool have_transition_disable;
+	uint8_t transition_disable = 0;
+	unsigned int i;
+	size_t psk_len;
+	_auto_(l_strv_free) char **list = NULL;
+	_auto_(l_free) uint8_t *psk = NULL;
+	_auto_(l_free) char *passphrase = NULL;
+
+	if (l_settings_get_bool(new, NET_TRANSITION_DISABLE,
+				&have_transition_disable) &&
+				have_transition_disable) {
+		list = l_settings_get_string_list(new,
+					NET_TRANSITION_DISABLE_MODES, ' ');
+
+		for (i = 0; list[i]; i++) {
+			if (!strcmp(list[i], "personal"))
+				set_bit(&transition_disable, 0);
+			else if (!strcmp(list[i], "enterprise"))
+				set_bit(&transition_disable, 1);
+			else if (!strcmp(list[i], "open"))
+				set_bit(&transition_disable, 2);
+		}
+
+		have_transition_disable = true;
+	} else
+		have_transition_disable = false;
+
+	if (network->security != SECURITY_PSK)
+		goto apply;
+
+	psk = l_settings_get_bytes(network->settings, "Security",
+					"PreSharedKey", &psk_len);
+	if (psk && psk_len != 32) {
+		l_warn("updated [Security].PreSharedKey value is invalid!");
+		return false;
+	}
+
+	passphrase = l_settings_get_string(network->settings,
+						"Security", "Passphrase");
+	if (passphrase && !crypto_passphrase_is_valid(passphrase)) {
+		l_warn("updated [Security].Passphrase value is invalid!");
+		return false;
+	}
+
+apply:
+	network_settings_close(network);
+	network->settings = new;
+
+	network->have_transition_disable = have_transition_disable;
+	network->transition_disable = transition_disable;
+
+	if (psk)
+		network->psk = l_steal_ptr(psk);
+
+	if (passphrase) {
+		network->passphrase = l_strdup(passphrase);
+
+		network_settings_load_pt_ecc(network, 19, &network->sae_pt_19);
+		network_settings_load_pt_ecc(network, 20, &network->sae_pt_20);
+	}
+
+	return true;
+}
+
 void network_sync_settings(struct network *network)
 {
 	struct network_info *info = network->info;
@@ -1966,17 +2033,32 @@ static void network_update_hotspot(struct network *network, void *user_data)
 	match_hotspot_network(info, network);
 }
 
-static void match_known_network(struct station *station, void *user_data)
+static void match_known_network(struct station *station, void *user_data,
+				bool new)
 {
 	struct network_info *info = user_data;
 	struct network *network;
 
 	if (!info->is_hotspot) {
+		struct l_settings *settings;
 		network = station_network_find(station, info->ssid, info->type);
 		if (!network)
 			return;
 
-		network_set_info(network, info);
+		/* New networks should load settings upon connecting */
+		if (new) {
+			network_set_info(network, info);
+			return;
+		}
+
+		settings = network_info_open_settings(info);
+
+		if (!settings || !network_settings_update(network, settings)) {
+			l_warn("Failed to apply new/updated settings (%s)",
+					info->ssid);
+			l_settings_free(settings);
+		}
+
 		return;
 	}
 
@@ -1984,17 +2066,33 @@ static void match_known_network(struct station *station, void *user_data)
 	station_network_foreach(station, network_update_hotspot, info);
 }
 
+static void add_known_network(struct station *station, void *user_data)
+{
+	match_known_network(station, (struct network_info *)user_data, true);
+}
+
+static void update_known_network(struct station *station, void *user_data)
+{
+	match_known_network(station, (struct network_info *)user_data, false);
+}
+
 static void known_networks_changed(enum known_networks_event event,
 					const struct network_info *info,
 					void *user_data)
 {
 	switch (event) {
 	case KNOWN_NETWORKS_EVENT_ADDED:
-		station_foreach(match_known_network, (void *) info);
+		station_foreach(add_known_network, (void *) info);
 
 		/* Syncs frequencies of newly known network */
 		known_network_frequency_sync((struct network_info *)info);
 		break;
+	case KNOWN_NETWORKS_EVENT_UPDATED:
+		station_foreach(update_known_network, (void *) info);
+
+		/* Syncs frequencies of updated known network */
+		known_network_frequency_sync((struct network_info *)info);
+		break;
 	case KNOWN_NETWORKS_EVENT_REMOVED:
 		station_foreach(emit_known_network_removed, (void *) info);
 		break;
-- 
2.34.1

[PATCH 3/5] dpp: fix extra settings not being used when connecting

[James Prestwood]

After DPP completes all settings are written and synced to disk as
well as credentials set into the network object itself. The way
network/knownnetworks worked at the time did not actually re-load
these settings before the connection attempt was made which means
that extra settings not set into the network object were not used,
i.e. Hidden/Sendhostname. The connection itself always succeeded
because the network object was given the credentials directly via
setters.

Now network and knownnetworks support updating on the directory
watch callback and ADDED/UPDATED known network events. Take advantage
of this and if the network object already exists after DPP (from a
prior scan) wait unil known networks adds/updates the network and
issue the connection after that.
---
 src/dpp.c | 124 ++++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 93 insertions(+), 31 deletions(-)

diff --git a/src/dpp.c b/src/dpp.c
index 1ff4b99e..dca40660 100644
--- a/src/dpp.c
+++ b/src/dpp.c
@@ -53,6 +53,7 @@
 #include "src/network.h"
 #include "src/handshake.h"
 #include "src/nl80211util.h"
+#include "src/knownnetworks.h"
 
 #define DPP_FRAME_MAX_RETRIES 5
 #define DPP_FRAME_RETRY_TIMEOUT 1
@@ -101,6 +102,7 @@ struct dpp_sm {
 	uint8_t role;
 	int refcount;
 	uint32_t station_watch;
+	uint32_t known_network_watch;
 
 	uint64_t wdev_id;
 
@@ -168,6 +170,8 @@ struct dpp_sm {
 
 	struct l_dbus_message *pending;
 
+	struct l_idle *connect_idle;
+
 	/* PKEX-specific values */
 	char *pkex_id;
 	char *pkex_key;
@@ -515,6 +519,11 @@ static void dpp_reset(struct dpp_sm *dpp)
 		dpp->pkex_scan_id = 0;
 	}
 
+	if (dpp->connect_idle) {
+		l_idle_remove(dpp->connect_idle);
+		dpp->connect_idle = NULL;
+	}
+
 	dpp->state = DPP_STATE_NOTHING;
 	dpp->new_freq = 0;
 	dpp->frame_retry = 0;
@@ -570,6 +579,8 @@ static void dpp_free(struct dpp_sm *dpp)
 	if (station)
 		station_remove_state_watch(station, dpp->station_watch);
 
+	known_networks_watch_remove(dpp->known_network_watch);
+
 	l_free(dpp);
 }
 
@@ -812,8 +823,6 @@ static void dpp_write_config(struct dpp_configuration *config,
 {
 	_auto_(l_settings_free) struct l_settings *settings = l_settings_new();
 	_auto_(l_free) char *path;
-	_auto_(l_free) uint8_t *psk = NULL;
-	size_t psk_len;
 
 	path = storage_get_network_file_path(SECURITY_PSK, config->ssid);
 
@@ -822,22 +831,13 @@ static void dpp_write_config(struct dpp_configuration *config,
 		l_settings_remove_group(settings, "Security");
 	}
 
-	if (config->passphrase) {
+	if (config->passphrase)
 		l_settings_set_string(settings, "Security", "Passphrase",
 				config->passphrase);
-		if (network)
-			network_set_passphrase(network, config->passphrase);
-
-	} else if (config->psk) {
+	else if (config->psk)
 		l_settings_set_string(settings, "Security", "PreSharedKey",
 				config->psk);
 
-		psk = l_util_from_hexstring(config->psk, &psk_len);
-
-		if (network)
-			network_set_psk(network, psk);
-	}
-
 	if (config->send_hostname)
 		l_settings_set_bool(settings, "IPv4", "SendHostname", true);
 
@@ -856,14 +856,39 @@ static void dpp_scan_triggered(int err, void *user_data)
 		l_error("Failed to trigger DPP scan");
 }
 
+static void dpp_start_connect(struct l_idle *idle, void *user_data)
+{
+	struct dpp_sm *dpp = user_data;
+	struct station *station = station_find(netdev_get_ifindex(dpp->netdev));
+	struct scan_bss *bss;
+	struct network *network;
+	int ret;
+
+	network = station_network_find(station, dpp->config->ssid,
+					SECURITY_PSK);
+
+	dpp_reset(dpp);
+
+	if (!network) {
+		l_debug("Network was not found!");
+		return;
+	}
+
+	l_debug("connecting to %s from DPP", network_get_ssid(network));
+
+	bss = network_bss_select(network, true);
+	ret = network_autoconnect(network, bss);
+	if (ret < 0)
+		l_warn("failed to connect after DPP (%d) %s", ret,
+			strerror(ret));
+}
+
 static bool dpp_scan_results(int err, struct l_queue *bss_list,
 				const struct scan_freq_set *freqs,
 				void *userdata)
 {
 	struct dpp_sm *dpp = userdata;
 	struct station *station = station_find(netdev_get_ifindex(dpp->netdev));
-	struct scan_bss *bss;
-	struct network *network;
 
 	if (err < 0)
 		goto reset;
@@ -880,18 +905,7 @@ static bool dpp_scan_results(int err, struct l_queue *bss_list,
 
 	station_set_scan_results(station, bss_list, freqs, false);
 
-	network = station_network_find(station, dpp->config->ssid,
-					SECURITY_PSK);
-
-	dpp_reset(dpp);
-
-	if (!network) {
-		l_debug("Network was not found after scanning");
-		return true;
-	}
-
-	bss = network_bss_select(network, true);
-	network_autoconnect(network, bss);
+	dpp_start_connect(NULL, dpp);
 
 	return true;
 
@@ -907,6 +921,51 @@ static void dpp_scan_destroy(void *userdata)
 	dpp_reset(dpp);
 }
 
+static void dpp_known_network_watch(enum known_networks_event event,
+					const struct network_info *info,
+					void *user_data)
+{
+	struct dpp_sm *dpp = user_data;
+
+	/*
+	 * Check the following
+	 *  - DPP is enrolling
+	 *  - DPP finished (dpp->config is set)
+	 *  - This is for the network DPP just configured
+	 *  - DPP isn't already trying to connect (e.g. if the profile was
+	 *    immediately modified after DPP synced it).
+	 *  - DPP didn't start a scan for the network.
+	 */
+	if (dpp->role != DPP_CAPABILITY_ENROLLEE)
+		return;
+	if (!dpp->config)
+		return;
+	if (strcmp(info->ssid, dpp->config->ssid))
+		return;
+	if (dpp->connect_idle)
+		return;
+	if (dpp->connect_scan_id)
+		return;
+
+	switch (event) {
+	case KNOWN_NETWORKS_EVENT_ADDED:
+	case KNOWN_NETWORKS_EVENT_UPDATED:
+		/*
+		 * network.c takes care of updating the settings for the
+		 * network. This callback just tells us to begin the connection.
+		 * We do have use an idle here because there is no strict
+		 * guarantee of ordering between known network events, e.g. DPP
+		 * could have been called into prior to network and the network
+		 * object isn't updated yet.
+		 */
+		dpp->connect_idle = l_idle_create(dpp_start_connect, dpp, NULL);
+		break;
+	case KNOWN_NETWORKS_EVENT_REMOVED:
+		l_warn("profile was removed before DPP could connect");
+		break;
+	}
+}
+
 static void dpp_handle_config_response_frame(const struct mmpdu_header *frame,
 				const void *body, size_t body_len,
 				int rssi, void *user_data)
@@ -1074,10 +1133,11 @@ static void dpp_handle_config_response_frame(const struct mmpdu_header *frame,
 
 	offchannel_cancel(dpp->wdev_id, dpp->offchannel_id);
 
-	if (network && bss)
-		__station_connect_network(station, network, bss,
-						STATION_STATE_CONNECTING);
-	else if (station) {
+	if (network && bss) {
+		l_debug("delaying connect until settings are synced");
+		dpp->config = config;
+		return;
+	} else if (station) {
 		struct scan_parameters params = {0};
 
 		params.ssid = (void *) config->ssid;
@@ -3780,6 +3840,8 @@ static void dpp_create(struct netdev *netdev)
 
 	dpp->station_watch = station_add_state_watch(station,
 					dpp_station_state_watch, dpp, NULL);
+	dpp->known_network_watch = known_networks_watch_add(
+					dpp_known_network_watch, dpp, NULL);
 
 	l_queue_push_tail(dpp_list, dpp);
 }
-- 
2.34.1

[PATCH 4/5] auto-t: add DPP tests to check extra settings are applied

[James Prestwood]

In order to test that extra settings are applied prior to connecting
two tests were added for hidden networks as well as one testing if
there is already an existing profile after DPP.

The reason hidden networks were used was due to the requirement of
the "Hidden" settings in the profile. If this setting doesn't get
sync'ed to disk the connection will fail.
---
 autotests/testDPP/hw.conf         |  5 ++-
 autotests/testDPP/pkex_test.py    | 72 ++++++++++++++++++++++++++++++-
 autotests/testDPP/ssidHidden.conf |  9 ++++
 autotests/testDPP/ssidHidden.psk  |  5 +++
 4 files changed, 87 insertions(+), 4 deletions(-)
 create mode 100644 autotests/testDPP/ssidHidden.conf
 create mode 100644 autotests/testDPP/ssidHidden.psk

diff --git a/autotests/testDPP/hw.conf b/autotests/testDPP/hw.conf
index a2b1470e..85f33777 100644
--- a/autotests/testDPP/hw.conf
+++ b/autotests/testDPP/hw.conf
@@ -1,5 +1,5 @@
 [SETUP]
-num_radios=4
+num_radios=5
 start_iwd=0
 hwsim_medium=yes
 
@@ -8,6 +8,7 @@ rad0=wpas.conf
 
 [HOSTAPD]
 rad1=hostapd.conf
+rad2=ssidHidden.conf
 
 [NameSpaces]
-ns0=rad2
+ns0=rad3
diff --git a/autotests/testDPP/pkex_test.py b/autotests/testDPP/pkex_test.py
index 9e0b5dd8..5df6c47d 100644
--- a/autotests/testDPP/pkex_test.py
+++ b/autotests/testDPP/pkex_test.py
@@ -26,11 +26,11 @@ class Test(unittest.TestCase):
         self.wpas.dpp_stop_listen()
         self.wpas.dpp_configurator_remove()
 
-    def start_iwd_pkex_configurator(self, device, agent=False):
+    def start_iwd_pkex_configurator(self, device, agent=False, profile='ssidCCMP.psk'):
         self.hapd.reload()
         self.hapd.wait_for_event('AP-ENABLED')
 
-        IWD.copy_to_storage('ssidCCMP.psk')
+        IWD.copy_to_storage(profile)
         device.autoconnect = True
 
         condition = 'obj.state == DeviceState.connected'
@@ -186,6 +186,71 @@ class Test(unittest.TestCase):
 
         self.agent = None
 
+    def test_existing_network(self):
+        self.hapd.reload()
+        self.hapd.wait_for_event('AP-ENABLED')
+        IWD.copy_to_storage("existingProfile.psk", "/tmp/ns0/", "ssidCCMP.psk")
+
+        # Scan first so a network object exists, and its a known network
+        self.device[1].scan()
+        self.wd.wait_for_object_condition(self.device[1], 'obj.scanning == True')
+        self.wd.wait_for_object_condition(self.device[1], 'obj.scanning == False')
+
+        self.start_iwd_pkex_configurator(self.device[0])
+
+        self.device[1].dpp_pkex_enroll('secret123', identifier="test")
+        self.device[1].autoconnect = True
+
+        condition = 'obj.state == DeviceState.connected'
+        self.wd.wait_for_object_condition(self.device[1], condition)
+
+        # Check additional settings were carried over
+        with open('/tmp/ns0/ssidCCMP.psk', 'r') as f:
+            settings = f.read()
+
+        self.assertIn("SendHostname=true", settings)
+
+    def test_existing_hidden_network(self):
+        self.hapd_hidden.reload()
+        self.hapd_hidden.wait_for_event('AP-ENABLED')
+        IWD.copy_to_storage("existingProfile.psk", "/tmp/ns0/", "ssidHidden.psk")
+
+        # Scan first so a network object exists, and its a known network
+        self.device[1].scan()
+        self.wd.wait_for_object_condition(self.device[1], 'obj.scanning == True')
+        self.wd.wait_for_object_condition(self.device[1], 'obj.scanning == False')
+
+        self.start_iwd_pkex_configurator(self.device[0], profile='ssidHidden.psk')
+
+        self.device[1].dpp_pkex_enroll('secret123', identifier="test")
+        self.device[1].autoconnect = True
+
+        condition = 'obj.state == DeviceState.connected'
+        self.wd.wait_for_object_condition(self.device[1], condition)
+
+        # Check additional settings were carried over
+        with open('/tmp/ns0/ssidHidden.psk', 'r') as f:
+            settings = f.read()
+
+        self.assertIn("Hidden=true", settings)
+
+    def test_hidden_network(self):
+        self.hapd_hidden.reload()
+        self.hapd_hidden.wait_for_event('AP-ENABLED')
+        self.start_iwd_pkex_configurator(self.device[0], profile='ssidHidden.psk')
+
+        self.device[1].dpp_pkex_enroll('secret123', identifier="test")
+        self.device[1].autoconnect = True
+
+        condition = 'obj.state == DeviceState.connected'
+        self.wd.wait_for_object_condition(self.device[1], condition)
+
+        # Check additional settings were carried over
+        with open('/tmp/ns0/ssidHidden.psk', 'r') as f:
+            settings = f.read()
+
+        self.assertIn("Hidden=true", settings)
+
     def setUp(self):
         ns0 = ctx.get_namespace('ns0')
         self.wpas = Wpas('wpas.conf')
@@ -197,6 +262,8 @@ class Test(unittest.TestCase):
         self.device.append(self.wd_ns0.list_devices(1)[0])
         self.hapd = HostapdCLI('hostapd.conf')
         self.hapd.disable()
+        self.hapd_hidden = HostapdCLI('ssidHidden.conf')
+        self.hapd_hidden.disable()
         self.hwsim = Hwsim()
 
         self.rule_xchg_resp = self.hwsim.rules.create()
@@ -240,6 +307,7 @@ class Test(unittest.TestCase):
         self.hapd = None
         self.rule_xchg_resp = None
         IWD.clear_storage()
+        IWD.clear_storage('/tmp/ns0')
 
     @classmethod
     def setUpClass(cls):
diff --git a/autotests/testDPP/ssidHidden.conf b/autotests/testDPP/ssidHidden.conf
new file mode 100644
index 00000000..1055fb9c
--- /dev/null
+++ b/autotests/testDPP/ssidHidden.conf
@@ -0,0 +1,9 @@
+hw_mode=g
+channel=6
+ssid=ssidHidden
+
+wpa=1
+wpa_pairwise=TKIP
+wpa_passphrase=secret123
+
+ignore_broadcast_ssid=1
diff --git a/autotests/testDPP/ssidHidden.psk b/autotests/testDPP/ssidHidden.psk
new file mode 100644
index 00000000..9917294e
--- /dev/null
+++ b/autotests/testDPP/ssidHidden.psk
@@ -0,0 +1,5 @@
+[Security]
+Passphrase=secret123
+
+[Settings]
+Hidden=true
-- 
2.34.1

[PATCH 5/5] auto-t: increase RAM when running with valgrind (UML)

[James Prestwood]

This was done for QEMU but not for UML. Running more than a few
tests with --valgrind will generally thrown an OOM error pretty
quick.
---
 tools/runner.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/tools/runner.py b/tools/runner.py
index 03f44611..e50ba9c0 100644
--- a/tools/runner.py
+++ b/tools/runner.py
@@ -552,7 +552,12 @@ class UmlRunner(RunnerAbstract):
 
 		kern_log = "ignore_loglevel" if "kernel" in args.verbose else "quiet"
 
-		cmd = [args.kernel, 'rootfstype=hostfs', 'ro', 'mem=256M', 'mac80211_hwsim.radios=0',
+		if self.args.valgrind:
+			ram = 512
+		else:
+			ram = 256
+
+		cmd = [args.kernel, 'rootfstype=hostfs', 'ro', f'mem={ram}M', 'mac80211_hwsim.radios=0',
 				'time-travel=inf-cpu', 'eth0=mcast', 'eth1=mcast',
 				'%s' % kern_log, 'init=%s' % self.init]
 		cmd.extend(args.to_cmd().split(' '))
-- 
2.34.1

Re: [PATCH 1/5] network: remove 'path' from settings_load_pt_ecc

[Denis Kenzior]

Hi James,

On 12/14/23 12:01, James Prestwood wrote:
> The path argument was used purely for debugging. It can be just as
> informational printing just the SSID of the profile that failed to
> parse the setting without requiring callers allocate a string to
> call the function.
> ---
>   src/network.c | 9 +++------
>   1 file changed, 3 insertions(+), 6 deletions(-)
> 

Applied, thanks.

Regards,
-Denis

Re: [PATCH 2/5] knownnetworks: network: support updating known network settings

[Denis Kenzior]

Hi James,

On 12/14/23 12:01, James Prestwood wrote:
> Currently if a known network is modified on disk the settings are not
> reloaded by network. Only disconnecting/reconnecting to the network
> would update the settings. This poses an issue to DPP since its
> creating or updating a known network after configuration then trying
> to connect. The connection itself works fine since the PSK/passphrase
> is set to the network object directly, but any additional settings
> are not updated.
> 
> To fix this add a new UPDATED known network event. This is then
> handled from within network and all settings read from disk are
> applied to the network object.

Okay, so you chose option 2...

> ---
>   src/knownnetworks.c |   4 ++
>   src/knownnetworks.h |   1 +
>   src/network.c       | 104 ++++++++++++++++++++++++++++++++++++++++++--
>   3 files changed, 106 insertions(+), 3 deletions(-)
> 

<snip>

> diff --git a/src/network.c b/src/network.c
> index 41c5460b..bd3671ca 100644
> --- a/src/network.c
> +++ b/src/network.c
> @@ -730,6 +730,73 @@ static void network_settings_save(struct network *network,
>   		network_settings_save_sae_pt_ecc(settings, network->sae_pt_20);
>   }
>   
> +static bool network_settings_update(struct network *network,
> +					struct l_settings *new)
> +{
> +	bool have_transition_disable;
> +	uint8_t transition_disable = 0;
> +	unsigned int i;
> +	size_t psk_len;
> +	_auto_(l_strv_free) char **list = NULL;
> +	_auto_(l_free) uint8_t *psk = NULL;
> +	_auto_(l_free) char *passphrase = NULL;
> +
> +	if (l_settings_get_bool(new, NET_TRANSITION_DISABLE,
> +				&have_transition_disable) &&
> +				have_transition_disable) {
> +		list = l_settings_get_string_list(new,
> +					NET_TRANSITION_DISABLE_MODES, ' ');
> +
> +		for (i = 0; list[i]; i++) {
> +			if (!strcmp(list[i], "personal"))
> +				set_bit(&transition_disable, 0);
> +			else if (!strcmp(list[i], "enterprise"))
> +				set_bit(&transition_disable, 1);
> +			else if (!strcmp(list[i], "open"))
> +				set_bit(&transition_disable, 2);
> +		}
> +
> +		have_transition_disable = true;
> +	} else
> +		have_transition_disable = false;
> +
> +	if (network->security != SECURITY_PSK)
> +		goto apply;
> +
> +	psk = l_settings_get_bytes(network->settings, "Security",
> +					"PreSharedKey", &psk_len);
> +	if (psk && psk_len != 32) {
> +		l_warn("updated [Security].PreSharedKey value is invalid!");
> +		return false;
> +	}

I'm not sure you really want to yank the PSK or Passphrase actually.  These are 
obtained via the Agent and should take precedence.

> +
> +	passphrase = l_settings_get_string(network->settings,
> +						"Security", "Passphrase");
> +	if (passphrase && !crypto_passphrase_is_valid(passphrase)) {
> +		l_warn("updated [Security].Passphrase value is invalid!");
> +		return false;
> +	}
> +
> +apply:
> +	network_settings_close(network);
> +	network->settings = new;
> +
> +	network->have_transition_disable = have_transition_disable;
> +	network->transition_disable = transition_disable;
> +
> +	if (psk)
> +		network->psk = l_steal_ptr(psk);
> +
> +	if (passphrase) {
> +		network->passphrase = l_strdup(passphrase);
> +
> +		network_settings_load_pt_ecc(network, 19, &network->sae_pt_19);
> +		network_settings_load_pt_ecc(network, 20, &network->sae_pt_20);
> +	}

I suspect you're better off copying all the settings (with the exception of 
Security) over to the open settings object instead,

> +
> +	return true;
> +}
> +
>   void network_sync_settings(struct network *network)
>   {
>   	struct network_info *info = network->info;
> @@ -1966,17 +2033,32 @@ static void network_update_hotspot(struct network *network, void *user_data)
>   	match_hotspot_network(info, network);
>   }
>   
> -static void match_known_network(struct station *station, void *user_data)
> +static void match_known_network(struct station *station, void *user_data,
> +				bool new)
>   {
>   	struct network_info *info = user_data;
>   	struct network *network;
>   
>   	if (!info->is_hotspot) {
> +		struct l_settings *settings;
>   		network = station_network_find(station, info->ssid, info->type);
>   		if (!network)
>   			return;
>   
> -		network_set_info(network, info);
> +		/* New networks should load settings upon connecting */
> +		if (new) {
> +			network_set_info(network, info);
> +			return;
> +		}

Don't you want to update the settings even for the EVENT_ADDED case?  Something 
like this might happen for example:

- User issues Network.Connect() for an unknown network
- At the same time, the network file is written to /var/lib/iwd

Connect proceeds to win the race, with the EVENT_ADDED event coming in shortly 
after.  Don't you want any additional settings (say DHCP hostname or whatever) 
to be used when the network succeeds in associating?

> +
> +		settings = network_info_open_settings(info);
> +
> +		if (!settings || !network_settings_update(network, settings)) {
> +			l_warn("Failed to apply new/updated settings (%s)",
> +					info->ssid);
> +			l_settings_free(settings);
> +		}
> +
>   		return;
>   	}
>   

<snip>

> +	case KNOWN_NETWORKS_EVENT_UPDATED:
> +		station_foreach(update_known_network, (void *) info);
> +
> +		/* Syncs frequencies of updated known network */
> +		known_network_frequency_sync((struct network_info *)info);
> +		break;

Hmm, why do this on the update?

>   	case KNOWN_NETWORKS_EVENT_REMOVED:
>   		station_foreach(emit_known_network_removed, (void *) info);
>   		break;

Regards,
-Denis