static gboolean
add_wep_key (NMSupplicantConfig *self,
const char *key,
const char *name,
NMWepKeyType wep_type)
{
GBytes *bytes;
gboolean success = FALSE;
size_t key_len = key ? strlen (key) : 0;
if (!key || !key_len)
return TRUE;
if (wep_type == NM_WEP_KEY_TYPE_UNKNOWN) {
if (nm_utils_wep_key_valid (key, NM_WEP_KEY_TYPE_KEY))
wep_type = NM_WEP_KEY_TYPE_KEY;
else if (nm_utils_wep_key_valid (key, NM_WEP_KEY_TYPE_PASSPHRASE))
wep_type = NM_WEP_KEY_TYPE_PASSPHRASE;
}
if ( (wep_type == NM_WEP_KEY_TYPE_UNKNOWN)
|| (wep_type == NM_WEP_KEY_TYPE_KEY)) {
if ((key_len == 10) || (key_len == 26)) {
bytes = nm_utils_hexstr2bin (key);
if (bytes) {
success = nm_supplicant_config_add_option (self,
name,
g_bytes_get_data (bytes, NULL),
g_bytes_get_size (bytes),
TRUE);
g_bytes_unref (bytes);
}
if (!success) {
nm_log_warn (LOGD_SUPPLICANT, "Error adding %s to supplicant config.", name);
return FALSE;
}
} else if ((key_len == 5) || (key_len == 13)) {
if (!nm_supplicant_config_add_option (self, name, key, key_len, TRUE)) {
nm_log_warn (LOGD_SUPPLICANT, "Error adding %s to supplicant config.", name);
return FALSE;
}
} else {
nm_log_warn (LOGD_SUPPLICANT, "Invalid WEP key '%s'", name);
return FALSE;
}
} else if (wep_type == NM_WEP_KEY_TYPE_PASSPHRASE) {
guint8 digest[16];
size_t digest_len = sizeof (digest);
success = wep128_passphrase_hash (key, key_len, digest, &digest_len);
if (success)
success = nm_supplicant_config_add_option (self, name, (const char *) digest, digest_len, TRUE);
if (!success) {
nm_log_warn (LOGD_SUPPLICANT, "Error adding %s to supplicant config.", name);
return FALSE;
}
}
return TRUE;
}
static gboolean
add_wep_key (NMSupplicantConfig *self,
const char *key,
const char *name,
NMWepKeyType wep_type,
GError **error)
{
size_t key_len = key ? strlen (key) : 0;
if (!key || !key_len)
return TRUE;
if (wep_type == NM_WEP_KEY_TYPE_UNKNOWN) {
if (nm_utils_wep_key_valid (key, NM_WEP_KEY_TYPE_KEY))
wep_type = NM_WEP_KEY_TYPE_KEY;
else if (nm_utils_wep_key_valid (key, NM_WEP_KEY_TYPE_PASSPHRASE))
wep_type = NM_WEP_KEY_TYPE_PASSPHRASE;
}
if ( (wep_type == NM_WEP_KEY_TYPE_UNKNOWN)
|| (wep_type == NM_WEP_KEY_TYPE_KEY)) {
if ((key_len == 10) || (key_len == 26)) {
gs_unref_bytes GBytes *bytes = NULL;
bytes = nm_utils_hexstr2bin (key);
if (!bytes) {
g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG,
"cannot add wep-key %s to suplicant config because key is not hex",
name);
return FALSE;
}
if (!nm_supplicant_config_add_option (self,
name,
g_bytes_get_data (bytes, NULL),
g_bytes_get_size (bytes),
TRUE,
error))
return FALSE;
} else if ((key_len == 5) || (key_len == 13)) {
if (!nm_supplicant_config_add_option (self, name, key, key_len, TRUE, error))
return FALSE;
} else {
g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG,
"Cannot add wep-key %s to suplicant config because key-length %u is invalid",
name, (guint) key_len);
return FALSE;
}
} else if (wep_type == NM_WEP_KEY_TYPE_PASSPHRASE) {
guint8 digest[16];
size_t digest_len = sizeof (digest);
wep128_passphrase_hash (key, key_len, digest, &digest_len);
if (!nm_supplicant_config_add_option (self, name, (const char *) digest, digest_len, TRUE, error))
return FALSE;
}
return TRUE;
}
/**
* nm_dhcp_utils_client_id_string_to_bytes:
* @client_id: the client ID string
*
* Accepts either a hex string ("aa:bb:cc") representing a binary client ID
* (the first byte is assumed to be the 'type' field per RFC 2132 section 9.14),
* or a string representing a non-hardware-address client ID, in which case
* the 'type' field is set to 0.
*
* Returns: the binary client ID suitable for sending over the wire
* to the DHCP server.
*/
GBytes *
nm_dhcp_utils_client_id_string_to_bytes (const char *client_id)
{
GBytes *bytes = NULL;
guint len;
char *c;
g_return_val_if_fail (client_id && client_id[0], NULL);
/* Try as hex encoded */
if (strchr (client_id, ':'))
bytes = nm_utils_hexstr2bin (client_id);
if (!bytes) {
/* Fall back to string */
len = strlen (client_id);
c = g_malloc (len + 1);
c[0] = 0; /* type: non-hardware address per RFC 2132 section 9.14 */
memcpy (c + 1, client_id, len);
bytes = g_bytes_new_take (c, len + 1);
}
return bytes;
}
int
main (int argc, char *argv[])
{
char *bad_domains = NULL;
GError *error = NULL;
gboolean wrote_pidfile = FALSE;
gs_free char *pidfile = NULL;
gs_unref_object NMDhcpClient *dhcp4_client = NULL;
gs_unref_object NMRDisc *rdisc = NULL;
GByteArray *hwaddr = NULL;
size_t hwaddr_len = 0;
gconstpointer tmp;
gs_free NMUtilsIPv6IfaceId *iid = NULL;
guint sd_id;
nm_g_type_init ();
setpgid (getpid (), getpid ());
do_early_setup (&argc, &argv);
if (global_opt.g_fatal_warnings) {
GLogLevelFlags fatal_mask;
fatal_mask = g_log_set_always_fatal (G_LOG_FATAL_MASK);
fatal_mask |= G_LOG_LEVEL_WARNING | G_LOG_LEVEL_CRITICAL;
g_log_set_always_fatal (fatal_mask);
}
if (global_opt.show_version) {
fprintf (stdout, NM_DIST_VERSION "\n");
exit (0);
}
nm_main_utils_ensure_root ();
if (!global_opt.ifname || !global_opt.uuid) {
fprintf (stderr, _("An interface name and UUID are required\n"));
exit (1);
}
ifindex = if_nametoindex (global_opt.ifname);
if (ifindex <= 0) {
fprintf (stderr, _("Failed to find interface index for %s (%s)\n"), global_opt.ifname, strerror (errno));
exit (1);
}
pidfile = g_strdup_printf (NMIH_PID_FILE_FMT, ifindex);
nm_main_utils_ensure_not_running_pidfile (pidfile);
nm_main_utils_ensure_rundir ();
if (!nm_logging_setup (global_opt.opt_log_level,
global_opt.opt_log_domains,
&bad_domains,
&error)) {
fprintf (stderr,
_("%s. Please use --help to see a list of valid options.\n"),
error->message);
exit (1);
} else if (bad_domains) {
fprintf (stderr,
_("Ignoring unrecognized log domain(s) '%s' passed on command line.\n"),
bad_domains);
g_clear_pointer (&bad_domains, g_free);
}
if (global_opt.become_daemon && !global_opt.debug) {
if (daemon (0, 0) < 0) {
int saved_errno;
saved_errno = errno;
fprintf (stderr, _("Could not daemonize: %s [error %u]\n"),
g_strerror (saved_errno),
saved_errno);
exit (1);
}
if (nm_main_utils_write_pidfile (pidfile))
wrote_pidfile = TRUE;
}
/* Set up unix signal handling - before creating threads, but after daemonizing! */
main_loop = g_main_loop_new (NULL, FALSE);
setup_signals ();
nm_logging_syslog_openlog (global_opt.logging_backend
? global_opt.logging_backend
: (global_opt.debug ? "debug" : NULL));
nm_log_info (LOGD_CORE, "nm-iface-helper (version " NM_DIST_VERSION ") is starting...");
/* Set up platform interaction layer */
nm_linux_platform_setup ();
tmp = nm_platform_link_get_address (NM_PLATFORM_GET, ifindex, &hwaddr_len);
if (tmp) {
hwaddr = g_byte_array_sized_new (hwaddr_len);
g_byte_array_append (hwaddr, tmp, hwaddr_len);
}
if (global_opt.iid_str) {
GBytes *bytes;
gsize ignored = 0;
bytes = nm_utils_hexstr2bin (global_opt.iid_str);
if (!bytes || g_bytes_get_size (bytes) != sizeof (*iid)) {
fprintf (stderr, _("(%s): Invalid IID %s\n"), global_opt.ifname, global_opt.iid_str);
exit (1);
}
iid = g_bytes_unref_to_data (bytes, &ignored);
}
if (global_opt.dhcp4_address) {
nm_platform_sysctl_set (NM_PLATFORM_GET, nm_utils_ip4_property_path (global_opt.ifname, "promote_secondaries"), "1");
dhcp4_client = nm_dhcp_manager_start_ip4 (nm_dhcp_manager_get (),
global_opt.ifname,
ifindex,
hwaddr,
global_opt.uuid,
global_opt.priority_v4,
!!global_opt.dhcp4_hostname,
global_opt.dhcp4_hostname,
global_opt.dhcp4_fqdn,
global_opt.dhcp4_clientid,
45,
NULL,
global_opt.dhcp4_address);
g_assert (dhcp4_client);
g_signal_connect (dhcp4_client,
NM_DHCP_CLIENT_SIGNAL_STATE_CHANGED,
G_CALLBACK (dhcp4_state_changed),
NULL);
}
if (global_opt.slaac) {
nm_platform_link_set_user_ipv6ll_enabled (NM_PLATFORM_GET, ifindex, TRUE);
rdisc = nm_lndp_rdisc_new (NM_PLATFORM_GET, ifindex, global_opt.ifname, global_opt.uuid, global_opt.addr_gen_mode, NULL);
g_assert (rdisc);
if (iid)
nm_rdisc_set_iid (rdisc, *iid);
nm_platform_sysctl_set (NM_PLATFORM_GET, nm_utils_ip6_property_path (global_opt.ifname, "accept_ra"), "1");
nm_platform_sysctl_set (NM_PLATFORM_GET, nm_utils_ip6_property_path (global_opt.ifname, "accept_ra_defrtr"), "0");
nm_platform_sysctl_set (NM_PLATFORM_GET, nm_utils_ip6_property_path (global_opt.ifname, "accept_ra_pinfo"), "0");
nm_platform_sysctl_set (NM_PLATFORM_GET, nm_utils_ip6_property_path (global_opt.ifname, "accept_ra_rtr_pref"), "0");
g_signal_connect (NM_PLATFORM_GET,
NM_PLATFORM_SIGNAL_IP6_ADDRESS_CHANGED,
G_CALLBACK (ip6_address_changed),
rdisc);
g_signal_connect (rdisc,
NM_RDISC_CONFIG_CHANGED,
G_CALLBACK (rdisc_config_changed),
NULL);
g_signal_connect (rdisc,
NM_RDISC_RA_TIMEOUT,
G_CALLBACK (rdisc_ra_timeout),
NULL);
nm_rdisc_start (rdisc);
}
sd_id = nm_sd_event_attach_default ();
g_main_loop_run (main_loop);
g_clear_pointer (&hwaddr, g_byte_array_unref);
if (pidfile && wrote_pidfile)
unlink (pidfile);
nm_log_info (LOGD_CORE, "exiting");
nm_clear_g_source (&sd_id);
exit (0);
}
gboolean
nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
NMSettingWirelessSecurity *setting,
NMSetting8021x *setting_8021x,
const char *con_uuid,
guint32 mtu,
GError **error)
{
const char *key_mgmt, *auth_alg;
const char *psk;
g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE);
g_return_val_if_fail (setting != NULL, FALSE);
g_return_val_if_fail (con_uuid != NULL, FALSE);
g_return_val_if_fail (!error || !*error, FALSE);
key_mgmt = nm_setting_wireless_security_get_key_mgmt (setting);
if (!add_string_val (self, key_mgmt, "key_mgmt", TRUE, FALSE, error))
return FALSE;
auth_alg = nm_setting_wireless_security_get_auth_alg (setting);
if (!add_string_val (self, auth_alg, "auth_alg", TRUE, FALSE, error))
return FALSE;
psk = nm_setting_wireless_security_get_psk (setting);
if (psk) {
size_t psk_len = strlen (psk);
if (psk_len == 64) {
gs_unref_bytes GBytes *bytes = NULL;
/* Hex PSK */
bytes = nm_utils_hexstr2bin (psk);
if (!bytes) {
g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG,
"Cannot add psk to supplicant config due to invalid hex");
return FALSE;
}
if (!nm_supplicant_config_add_option (self,
"psk",
g_bytes_get_data (bytes, NULL),
g_bytes_get_size (bytes),
TRUE,
error))
return FALSE;
} else if (psk_len >= 8 && psk_len <= 63) {
/* Use TYPE_STRING here so that it gets pushed to the
* supplicant as a string, and therefore gets quoted,
* and therefore the supplicant will interpret it as a
* passphrase and not a hex key.
*/
if (!nm_supplicant_config_add_option_with_type (self, "psk", psk, -1, TYPE_STRING, TRUE, error))
return FALSE;
} else {
g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG,
"Cannot add psk to supplicant config due to invalid PSK length %u (not between 8 and 63 characters)",
(guint) psk_len);
return FALSE;
}
}
/* Only WPA-specific things when using WPA */
if ( !strcmp (key_mgmt, "wpa-none")
|| !strcmp (key_mgmt, "wpa-psk")
|| !strcmp (key_mgmt, "wpa-eap")) {
if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, proto, protos, "proto", ' ', TRUE, FALSE, error))
return FALSE;
if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, pairwise, pairwise, "pairwise", ' ', TRUE, FALSE, error))
return FALSE;
if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, group, groups, "group", ' ', TRUE, FALSE, error))
return FALSE;
}
/* WEP keys if required */
if (!strcmp (key_mgmt, "none")) {
NMWepKeyType wep_type = nm_setting_wireless_security_get_wep_key_type (setting);
const char *wep0 = nm_setting_wireless_security_get_wep_key (setting, 0);
const char *wep1 = nm_setting_wireless_security_get_wep_key (setting, 1);
const char *wep2 = nm_setting_wireless_security_get_wep_key (setting, 2);
const char *wep3 = nm_setting_wireless_security_get_wep_key (setting, 3);
if (!add_wep_key (self, wep0, "wep_key0", wep_type, error))
return FALSE;
if (!add_wep_key (self, wep1, "wep_key1", wep_type, error))
return FALSE;
if (!add_wep_key (self, wep2, "wep_key2", wep_type, error))
return FALSE;
if (!add_wep_key (self, wep3, "wep_key3", wep_type, error))
return FALSE;
if (wep0 || wep1 || wep2 || wep3) {
gs_free char *value = NULL;
value = g_strdup_printf ("%d", nm_setting_wireless_security_get_wep_tx_keyidx (setting));
if (!nm_supplicant_config_add_option (self, "wep_tx_keyidx", value, -1, FALSE, error))
return FALSE;
}
}
if (auth_alg && !strcmp (auth_alg, "leap")) {
/* LEAP */
if (!strcmp (key_mgmt, "ieee8021x")) {
const char *tmp;
tmp = nm_setting_wireless_security_get_leap_username (setting);
if (!add_string_val (self, tmp, "identity", FALSE, FALSE, error))
return FALSE;
tmp = nm_setting_wireless_security_get_leap_password (setting);
if (!add_string_val (self, tmp, "password", FALSE, TRUE, error))
return FALSE;
if (!add_string_val (self, "leap", "eap", TRUE, FALSE, error))
return FALSE;
} else {
g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG,
"Invalid key-mgmt \"%s\" for leap", key_mgmt);
return FALSE;
}
} else {
/* 802.1x for Dynamic WEP and WPA-Enterprise */
if (!strcmp (key_mgmt, "ieee8021x") || !strcmp (key_mgmt, "wpa-eap")) {
if (!setting_8021x) {
g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG,
"Cannot set key-mgmt %s with missing 8021x setting", key_mgmt);
return FALSE;
}
if (!nm_supplicant_config_add_setting_8021x (self, setting_8021x, con_uuid, mtu, FALSE, error))
return FALSE;
}
if (!strcmp (key_mgmt, "wpa-eap")) {
/* If using WPA Enterprise, enable optimized background scanning
* to ensure roaming within an ESS works well.
*/
if (!nm_supplicant_config_add_option (self, "bgscan", "simple:30:-65:300", -1, FALSE, error))
return FALSE;
/* When using WPA-Enterprise, we want to use Proactive Key Caching (also
* called Opportunistic Key Caching) to avoid full EAP exchanges when
* roaming between access points in the same mobility group.
*/
if (!nm_supplicant_config_add_option (self, "proactive_key_caching", "1", -1, FALSE, error))
return FALSE;
}
}
return TRUE;
}
