static gboolean add_wep_key (NMSupplicantConfig *self, const char *key, const char *name, NMWepKeyType wep_type) { GBytes *bytes; gboolean success = FALSE; size_t key_len = key ? strlen (key) : 0; if (!key || !key_len) return TRUE; if (wep_type == NM_WEP_KEY_TYPE_UNKNOWN) { if (nm_utils_wep_key_valid (key, NM_WEP_KEY_TYPE_KEY)) wep_type = NM_WEP_KEY_TYPE_KEY; else if (nm_utils_wep_key_valid (key, NM_WEP_KEY_TYPE_PASSPHRASE)) wep_type = NM_WEP_KEY_TYPE_PASSPHRASE; } if ( (wep_type == NM_WEP_KEY_TYPE_UNKNOWN) || (wep_type == NM_WEP_KEY_TYPE_KEY)) { if ((key_len == 10) || (key_len == 26)) { bytes = nm_utils_hexstr2bin (key); if (bytes) { success = nm_supplicant_config_add_option (self, name, g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes), TRUE); g_bytes_unref (bytes); } if (!success) { nm_log_warn (LOGD_SUPPLICANT, "Error adding %s to supplicant config.", name); return FALSE; } } else if ((key_len == 5) || (key_len == 13)) { if (!nm_supplicant_config_add_option (self, name, key, key_len, TRUE)) { nm_log_warn (LOGD_SUPPLICANT, "Error adding %s to supplicant config.", name); return FALSE; } } else { nm_log_warn (LOGD_SUPPLICANT, "Invalid WEP key '%s'", name); return FALSE; } } else if (wep_type == NM_WEP_KEY_TYPE_PASSPHRASE) { guint8 digest[16]; size_t digest_len = sizeof (digest); success = wep128_passphrase_hash (key, key_len, digest, &digest_len); if (success) success = nm_supplicant_config_add_option (self, name, (const char *) digest, digest_len, TRUE); if (!success) { nm_log_warn (LOGD_SUPPLICANT, "Error adding %s to supplicant config.", name); return FALSE; } } return TRUE; }
static gboolean add_wep_key (NMSupplicantConfig *self, const char *key, const char *name, NMWepKeyType wep_type, GError **error) { size_t key_len = key ? strlen (key) : 0; if (!key || !key_len) return TRUE; if (wep_type == NM_WEP_KEY_TYPE_UNKNOWN) { if (nm_utils_wep_key_valid (key, NM_WEP_KEY_TYPE_KEY)) wep_type = NM_WEP_KEY_TYPE_KEY; else if (nm_utils_wep_key_valid (key, NM_WEP_KEY_TYPE_PASSPHRASE)) wep_type = NM_WEP_KEY_TYPE_PASSPHRASE; } if ( (wep_type == NM_WEP_KEY_TYPE_UNKNOWN) || (wep_type == NM_WEP_KEY_TYPE_KEY)) { if ((key_len == 10) || (key_len == 26)) { gs_unref_bytes GBytes *bytes = NULL; bytes = nm_utils_hexstr2bin (key); if (!bytes) { g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, "cannot add wep-key %s to suplicant config because key is not hex", name); return FALSE; } if (!nm_supplicant_config_add_option (self, name, g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes), TRUE, error)) return FALSE; } else if ((key_len == 5) || (key_len == 13)) { if (!nm_supplicant_config_add_option (self, name, key, key_len, TRUE, error)) return FALSE; } else { g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, "Cannot add wep-key %s to suplicant config because key-length %u is invalid", name, (guint) key_len); return FALSE; } } else if (wep_type == NM_WEP_KEY_TYPE_PASSPHRASE) { guint8 digest[16]; size_t digest_len = sizeof (digest); wep128_passphrase_hash (key, key_len, digest, &digest_len); if (!nm_supplicant_config_add_option (self, name, (const char *) digest, digest_len, TRUE, error)) return FALSE; } return TRUE; }
/** * nm_dhcp_utils_client_id_string_to_bytes: * @client_id: the client ID string * * Accepts either a hex string ("aa:bb:cc") representing a binary client ID * (the first byte is assumed to be the 'type' field per RFC 2132 section 9.14), * or a string representing a non-hardware-address client ID, in which case * the 'type' field is set to 0. * * Returns: the binary client ID suitable for sending over the wire * to the DHCP server. */ GBytes * nm_dhcp_utils_client_id_string_to_bytes (const char *client_id) { GBytes *bytes = NULL; guint len; char *c; g_return_val_if_fail (client_id && client_id[0], NULL); /* Try as hex encoded */ if (strchr (client_id, ':')) bytes = nm_utils_hexstr2bin (client_id); if (!bytes) { /* Fall back to string */ len = strlen (client_id); c = g_malloc (len + 1); c[0] = 0; /* type: non-hardware address per RFC 2132 section 9.14 */ memcpy (c + 1, client_id, len); bytes = g_bytes_new_take (c, len + 1); } return bytes; }
int main (int argc, char *argv[]) { char *bad_domains = NULL; GError *error = NULL; gboolean wrote_pidfile = FALSE; gs_free char *pidfile = NULL; gs_unref_object NMDhcpClient *dhcp4_client = NULL; gs_unref_object NMRDisc *rdisc = NULL; GByteArray *hwaddr = NULL; size_t hwaddr_len = 0; gconstpointer tmp; gs_free NMUtilsIPv6IfaceId *iid = NULL; guint sd_id; nm_g_type_init (); setpgid (getpid (), getpid ()); do_early_setup (&argc, &argv); if (global_opt.g_fatal_warnings) { GLogLevelFlags fatal_mask; fatal_mask = g_log_set_always_fatal (G_LOG_FATAL_MASK); fatal_mask |= G_LOG_LEVEL_WARNING | G_LOG_LEVEL_CRITICAL; g_log_set_always_fatal (fatal_mask); } if (global_opt.show_version) { fprintf (stdout, NM_DIST_VERSION "\n"); exit (0); } nm_main_utils_ensure_root (); if (!global_opt.ifname || !global_opt.uuid) { fprintf (stderr, _("An interface name and UUID are required\n")); exit (1); } ifindex = if_nametoindex (global_opt.ifname); if (ifindex <= 0) { fprintf (stderr, _("Failed to find interface index for %s (%s)\n"), global_opt.ifname, strerror (errno)); exit (1); } pidfile = g_strdup_printf (NMIH_PID_FILE_FMT, ifindex); nm_main_utils_ensure_not_running_pidfile (pidfile); nm_main_utils_ensure_rundir (); if (!nm_logging_setup (global_opt.opt_log_level, global_opt.opt_log_domains, &bad_domains, &error)) { fprintf (stderr, _("%s. Please use --help to see a list of valid options.\n"), error->message); exit (1); } else if (bad_domains) { fprintf (stderr, _("Ignoring unrecognized log domain(s) '%s' passed on command line.\n"), bad_domains); g_clear_pointer (&bad_domains, g_free); } if (global_opt.become_daemon && !global_opt.debug) { if (daemon (0, 0) < 0) { int saved_errno; saved_errno = errno; fprintf (stderr, _("Could not daemonize: %s [error %u]\n"), g_strerror (saved_errno), saved_errno); exit (1); } if (nm_main_utils_write_pidfile (pidfile)) wrote_pidfile = TRUE; } /* Set up unix signal handling - before creating threads, but after daemonizing! */ main_loop = g_main_loop_new (NULL, FALSE); setup_signals (); nm_logging_syslog_openlog (global_opt.logging_backend ? global_opt.logging_backend : (global_opt.debug ? "debug" : NULL)); nm_log_info (LOGD_CORE, "nm-iface-helper (version " NM_DIST_VERSION ") is starting..."); /* Set up platform interaction layer */ nm_linux_platform_setup (); tmp = nm_platform_link_get_address (NM_PLATFORM_GET, ifindex, &hwaddr_len); if (tmp) { hwaddr = g_byte_array_sized_new (hwaddr_len); g_byte_array_append (hwaddr, tmp, hwaddr_len); } if (global_opt.iid_str) { GBytes *bytes; gsize ignored = 0; bytes = nm_utils_hexstr2bin (global_opt.iid_str); if (!bytes || g_bytes_get_size (bytes) != sizeof (*iid)) { fprintf (stderr, _("(%s): Invalid IID %s\n"), global_opt.ifname, global_opt.iid_str); exit (1); } iid = g_bytes_unref_to_data (bytes, &ignored); } if (global_opt.dhcp4_address) { nm_platform_sysctl_set (NM_PLATFORM_GET, nm_utils_ip4_property_path (global_opt.ifname, "promote_secondaries"), "1"); dhcp4_client = nm_dhcp_manager_start_ip4 (nm_dhcp_manager_get (), global_opt.ifname, ifindex, hwaddr, global_opt.uuid, global_opt.priority_v4, !!global_opt.dhcp4_hostname, global_opt.dhcp4_hostname, global_opt.dhcp4_fqdn, global_opt.dhcp4_clientid, 45, NULL, global_opt.dhcp4_address); g_assert (dhcp4_client); g_signal_connect (dhcp4_client, NM_DHCP_CLIENT_SIGNAL_STATE_CHANGED, G_CALLBACK (dhcp4_state_changed), NULL); } if (global_opt.slaac) { nm_platform_link_set_user_ipv6ll_enabled (NM_PLATFORM_GET, ifindex, TRUE); rdisc = nm_lndp_rdisc_new (NM_PLATFORM_GET, ifindex, global_opt.ifname, global_opt.uuid, global_opt.addr_gen_mode, NULL); g_assert (rdisc); if (iid) nm_rdisc_set_iid (rdisc, *iid); nm_platform_sysctl_set (NM_PLATFORM_GET, nm_utils_ip6_property_path (global_opt.ifname, "accept_ra"), "1"); nm_platform_sysctl_set (NM_PLATFORM_GET, nm_utils_ip6_property_path (global_opt.ifname, "accept_ra_defrtr"), "0"); nm_platform_sysctl_set (NM_PLATFORM_GET, nm_utils_ip6_property_path (global_opt.ifname, "accept_ra_pinfo"), "0"); nm_platform_sysctl_set (NM_PLATFORM_GET, nm_utils_ip6_property_path (global_opt.ifname, "accept_ra_rtr_pref"), "0"); g_signal_connect (NM_PLATFORM_GET, NM_PLATFORM_SIGNAL_IP6_ADDRESS_CHANGED, G_CALLBACK (ip6_address_changed), rdisc); g_signal_connect (rdisc, NM_RDISC_CONFIG_CHANGED, G_CALLBACK (rdisc_config_changed), NULL); g_signal_connect (rdisc, NM_RDISC_RA_TIMEOUT, G_CALLBACK (rdisc_ra_timeout), NULL); nm_rdisc_start (rdisc); } sd_id = nm_sd_event_attach_default (); g_main_loop_run (main_loop); g_clear_pointer (&hwaddr, g_byte_array_unref); if (pidfile && wrote_pidfile) unlink (pidfile); nm_log_info (LOGD_CORE, "exiting"); nm_clear_g_source (&sd_id); exit (0); }
gboolean nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, NMSettingWirelessSecurity *setting, NMSetting8021x *setting_8021x, const char *con_uuid, guint32 mtu, GError **error) { const char *key_mgmt, *auth_alg; const char *psk; g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE); g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (con_uuid != NULL, FALSE); g_return_val_if_fail (!error || !*error, FALSE); key_mgmt = nm_setting_wireless_security_get_key_mgmt (setting); if (!add_string_val (self, key_mgmt, "key_mgmt", TRUE, FALSE, error)) return FALSE; auth_alg = nm_setting_wireless_security_get_auth_alg (setting); if (!add_string_val (self, auth_alg, "auth_alg", TRUE, FALSE, error)) return FALSE; psk = nm_setting_wireless_security_get_psk (setting); if (psk) { size_t psk_len = strlen (psk); if (psk_len == 64) { gs_unref_bytes GBytes *bytes = NULL; /* Hex PSK */ bytes = nm_utils_hexstr2bin (psk); if (!bytes) { g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, "Cannot add psk to supplicant config due to invalid hex"); return FALSE; } if (!nm_supplicant_config_add_option (self, "psk", g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes), TRUE, error)) return FALSE; } else if (psk_len >= 8 && psk_len <= 63) { /* Use TYPE_STRING here so that it gets pushed to the * supplicant as a string, and therefore gets quoted, * and therefore the supplicant will interpret it as a * passphrase and not a hex key. */ if (!nm_supplicant_config_add_option_with_type (self, "psk", psk, -1, TYPE_STRING, TRUE, error)) return FALSE; } else { g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, "Cannot add psk to supplicant config due to invalid PSK length %u (not between 8 and 63 characters)", (guint) psk_len); return FALSE; } } /* Only WPA-specific things when using WPA */ if ( !strcmp (key_mgmt, "wpa-none") || !strcmp (key_mgmt, "wpa-psk") || !strcmp (key_mgmt, "wpa-eap")) { if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, proto, protos, "proto", ' ', TRUE, FALSE, error)) return FALSE; if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, pairwise, pairwise, "pairwise", ' ', TRUE, FALSE, error)) return FALSE; if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, group, groups, "group", ' ', TRUE, FALSE, error)) return FALSE; } /* WEP keys if required */ if (!strcmp (key_mgmt, "none")) { NMWepKeyType wep_type = nm_setting_wireless_security_get_wep_key_type (setting); const char *wep0 = nm_setting_wireless_security_get_wep_key (setting, 0); const char *wep1 = nm_setting_wireless_security_get_wep_key (setting, 1); const char *wep2 = nm_setting_wireless_security_get_wep_key (setting, 2); const char *wep3 = nm_setting_wireless_security_get_wep_key (setting, 3); if (!add_wep_key (self, wep0, "wep_key0", wep_type, error)) return FALSE; if (!add_wep_key (self, wep1, "wep_key1", wep_type, error)) return FALSE; if (!add_wep_key (self, wep2, "wep_key2", wep_type, error)) return FALSE; if (!add_wep_key (self, wep3, "wep_key3", wep_type, error)) return FALSE; if (wep0 || wep1 || wep2 || wep3) { gs_free char *value = NULL; value = g_strdup_printf ("%d", nm_setting_wireless_security_get_wep_tx_keyidx (setting)); if (!nm_supplicant_config_add_option (self, "wep_tx_keyidx", value, -1, FALSE, error)) return FALSE; } } if (auth_alg && !strcmp (auth_alg, "leap")) { /* LEAP */ if (!strcmp (key_mgmt, "ieee8021x")) { const char *tmp; tmp = nm_setting_wireless_security_get_leap_username (setting); if (!add_string_val (self, tmp, "identity", FALSE, FALSE, error)) return FALSE; tmp = nm_setting_wireless_security_get_leap_password (setting); if (!add_string_val (self, tmp, "password", FALSE, TRUE, error)) return FALSE; if (!add_string_val (self, "leap", "eap", TRUE, FALSE, error)) return FALSE; } else { g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, "Invalid key-mgmt \"%s\" for leap", key_mgmt); return FALSE; } } else { /* 802.1x for Dynamic WEP and WPA-Enterprise */ if (!strcmp (key_mgmt, "ieee8021x") || !strcmp (key_mgmt, "wpa-eap")) { if (!setting_8021x) { g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, "Cannot set key-mgmt %s with missing 8021x setting", key_mgmt); return FALSE; } if (!nm_supplicant_config_add_setting_8021x (self, setting_8021x, con_uuid, mtu, FALSE, error)) return FALSE; } if (!strcmp (key_mgmt, "wpa-eap")) { /* If using WPA Enterprise, enable optimized background scanning * to ensure roaming within an ESS works well. */ if (!nm_supplicant_config_add_option (self, "bgscan", "simple:30:-65:300", -1, FALSE, error)) return FALSE; /* When using WPA-Enterprise, we want to use Proactive Key Caching (also * called Opportunistic Key Caching) to avoid full EAP exchanges when * roaming between access points in the same mobility group. */ if (!nm_supplicant_config_add_option (self, "proactive_key_caching", "1", -1, FALSE, error)) return FALSE; } } return TRUE; }