On 2018 Nov 02 (Fri) at 19:13:56 +0100 (+0100), Peter Hessler wrote:
:On 2018 Nov 02 (Fri) at 17:59:05 +0100 (+0100), Solene Rapenne wrote:
::Stefan Sperling <s...@stsp.name> wrote:
::> On Fri, Nov 02, 2018 at 03:41:57PM +0100, Solene Rapenne wrote:
::> > Hello,
::> >
::> > I can't connect to wpa1 networks using join. From the man page, I
understand
::> > that "wpaprotos" parameter isn't supported.
::> >
::> > The id can either be any text string up to 32 characters in
::> > length, or a series of hexadecimal digits up to 64 digits. Any
::> > necessary wpakey or nwkey arguments should be specified on the
::> > same line. May not be used with nwid.
::> >
::> > The SSID when I use "ifconfig iwm0 scan":
::> >
::> > nwid freeboxSSID chan 11 bssid 16:fa:ca:a1:ba:3c 67% HT-MCS15
privacy,short_slottime,wpa1
::> >
::> >
::> > With this line in /etc/hostname.iwm0:
::> >
::> > join "freeboxSSID" wpakey somekeyhere
::> >
::> > It won't connect until I type "ifconfig iwm0 wpaprotos wpa1".
::> >
::> >
::> > If I add the wpaprotos parameters to the /etc/hostname.iwm0 line, when
::> > rebooting, the ifconfig command output is the following.
::> >
::> > iwm0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu
1500
::> > lladdr 8c:16:45:9b:c9:fe
::> > index 1 priority 4 llprio 3
::> > trunk: trunkdev trunk0
::> > groups: wlan
::> > media: IEEE802.11 autoselect (DS1)
::> > status: no network
::> > ieee80211: join freeboxSSID
::> >
::> > I'm not sure it's a bug, but I prefer to report it.
::>
::> That's probably a bug. Using wpaprotos with join in hostname.if is supposed
::> to work as long as you're specifying it on the same line, like this:
::>
::> join "freeboxSSID" wpakey somekeyhere wpaprotos wpa1
::
::With this line, it doesn't find the SSID after reboot or using netstart.
::
:
:I'll look into it. Thanks for the report!
:
Sorry for the delay, it took a while to get time to fix this.
There are two bugs masquarading as one.
First in the kernel, is that we didn't properly match what the node
(access point) is advertising to us, so we should match against that
instead. Secondly, in ifconfig, we made all of the nice pretty
structures and stomped all over them when saving them.
You'll need to rebuild ifconfig and boot into a new kernel.
OK?
Index: sbin/ifconfig/ifconfig.c
===================================================================
RCS file: /cvs/openbsd/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.383
diff -u -p -u -p -r1.383 ifconfig.c
--- sbin/ifconfig/ifconfig.c 14 Nov 2018 21:25:04 -0000 1.383
+++ sbin/ifconfig/ifconfig.c 20 Nov 2018 18:58:35 -0000
@@ -1905,7 +1905,7 @@ setifwpa(const char *val, int d)
wpa.i_enabled = d;
if (actions & A_JOIN) {
- memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
+ join.i_wpaparams.i_enabled = d;
join.i_flags |= IEEE80211_JOIN_WPA;
return;
}
@@ -1936,6 +1936,12 @@ setifwpaprotos(const char *val, int d)
}
free(optlist);
+ if (actions & A_JOIN) {
+ join.i_wpaparams.i_protos = rval;
+ join.i_flags |= IEEE80211_JOIN_WPA;
+ return;
+ }
+
memset(&wpa, 0, sizeof(wpa));
(void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
@@ -1945,12 +1951,6 @@ setifwpaprotos(const char *val, int d)
wpa.i_ciphers = 0;
wpa.i_groupcipher = 0;
- if (actions & A_JOIN) {
- memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
- join.i_flags |= IEEE80211_JOIN_WPA;
- return;
- }
-
if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
err(1, "SIOCS80211WPAPARMS");
}
@@ -1977,6 +1977,14 @@ setifwpaakms(const char *val, int d)
}
free(optlist);
+ if (actions & A_JOIN) {
+ join.i_wpaparams.i_akms = rval;
+ join.i_wpaparams.i_enabled =
+ ((rval & IEEE80211_WPA_AKM_8021X) != 0);
+ join.i_flags |= IEEE80211_JOIN_WPA;
+ return;
+ }
+
memset(&wpa, 0, sizeof(wpa));
(void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
@@ -1985,12 +1993,6 @@ setifwpaakms(const char *val, int d)
/* Enable WPA for 802.1x here. PSK case is handled in setifwpakey(). */
wpa.i_enabled = ((rval & IEEE80211_WPA_AKM_8021X) != 0);
- if (actions & A_JOIN) {
- memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
- join.i_flags |= IEEE80211_JOIN_WPA;
- return;
- }
-
if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
err(1, "SIOCS80211WPAPARMS");
}
@@ -2038,18 +2040,18 @@ setifwpaciphers(const char *val, int d)
}
free(optlist);
+ if (actions & A_JOIN) {
+ join.i_wpaparams.i_ciphers = rval;
+ join.i_flags |= IEEE80211_JOIN_WPA;
+ return;
+ }
+
memset(&wpa, 0, sizeof(wpa));
(void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
err(1, "SIOCG80211WPAPARMS");
wpa.i_ciphers = rval;
- if (actions & A_JOIN) {
- memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
- join.i_flags |= IEEE80211_JOIN_WPA;
- return;
- }
-
if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
err(1, "SIOCS80211WPAPARMS");
}
@@ -2072,7 +2074,7 @@ setifwpagroupcipher(const char *val, int
wpa.i_groupcipher = cipher;
if (actions & A_JOIN) {
- memcpy(&join.i_wpaparams, &wpa, sizeof(join.i_wpaparams));
+ join.i_wpaparams.i_groupcipher = cipher;
join.i_flags |= IEEE80211_JOIN_WPA;
return;
}
Index: sys/net80211/ieee80211_ioctl.c
===================================================================
RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_ioctl.c,v
retrieving revision 1.68
diff -u -p -u -p -r1.68 ieee80211_ioctl.c
--- sys/net80211/ieee80211_ioctl.c 27 Oct 2018 09:55:26 -0000 1.68
+++ sys/net80211/ieee80211_ioctl.c 20 Nov 2018 19:02:00 -0000
@@ -387,6 +387,48 @@ ieee80211_ioctl_getwpaparms(struct ieee8
return 0;
}
+static void
+ieee80211_ess_getwpaparms(struct ieee80211_ess *ess,
+ struct ieee80211_wpaparams *wpa)
+{
+ wpa->i_enabled = (ess->flags & IEEE80211_F_RSNON) ? 1 : 0;
+
+ wpa->i_protos = 0;
+ if (ess->rsnprotos & IEEE80211_PROTO_WPA)
+ wpa->i_protos |= IEEE80211_WPA_PROTO_WPA1;
+ if (ess->rsnprotos & IEEE80211_PROTO_RSN)
+ wpa->i_protos |= IEEE80211_WPA_PROTO_WPA2;
+
+ wpa->i_akms = 0;
+ if (ess->rsnakms & IEEE80211_AKM_PSK)
+ wpa->i_akms |= IEEE80211_WPA_AKM_PSK;
+ if (ess->rsnakms & IEEE80211_AKM_SHA256_PSK)
+ wpa->i_akms |= IEEE80211_WPA_AKM_SHA256_PSK;
+ if (ess->rsnakms & IEEE80211_AKM_8021X)
+ wpa->i_akms |= IEEE80211_WPA_AKM_8021X;
+ if (ess->rsnakms & IEEE80211_AKM_SHA256_8021X)
+ wpa->i_akms |= IEEE80211_WPA_AKM_SHA256_8021X;
+
+ if (ess->rsngroupcipher == IEEE80211_CIPHER_WEP40)
+ wpa->i_groupcipher = IEEE80211_WPA_CIPHER_WEP40;
+ else if (ess->rsngroupcipher == IEEE80211_CIPHER_TKIP)
+ wpa->i_groupcipher = IEEE80211_WPA_CIPHER_TKIP;
+ else if (ess->rsngroupcipher == IEEE80211_CIPHER_CCMP)
+ wpa->i_groupcipher = IEEE80211_WPA_CIPHER_CCMP;
+ else if (ess->rsngroupcipher == IEEE80211_CIPHER_WEP104)
+ wpa->i_groupcipher = IEEE80211_WPA_CIPHER_WEP104;
+ else
+ wpa->i_groupcipher = IEEE80211_WPA_CIPHER_NONE;
+
+ wpa->i_ciphers = 0;
+ if (ess->rsnciphers & IEEE80211_CIPHER_TKIP)
+ wpa->i_ciphers |= IEEE80211_WPA_CIPHER_TKIP;
+ if (ess->rsnciphers & IEEE80211_CIPHER_CCMP)
+ wpa->i_ciphers |= IEEE80211_WPA_CIPHER_CCMP;
+ if (ess->rsnciphers & IEEE80211_CIPHER_USEGROUP)
+ wpa->i_ciphers = IEEE80211_WPA_CIPHER_USEGROUP;
+}
+
int
ieee80211_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
{
@@ -506,6 +548,7 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
memset(&join, 0, sizeof(join));
join.i_len = ess->esslen;
memcpy(&join.i_nwid, ess->essid, join.i_len);
+ ieee80211_ess_getwpaparms(ess, &join.i_wpaparams);
error = copyout(&join, &ja->ja_node[ja->ja_nodes],
sizeof(ja->ja_node[0]));
if (error)
Index: sys/net80211/ieee80211_node.c
===================================================================
RCS file: /cvs/openbsd/src/sys/net80211/ieee80211_node.c,v
retrieving revision 1.156
diff -u -p -u -p -r1.156 ieee80211_node.c
--- sys/net80211/ieee80211_node.c 20 Nov 2018 10:00:15 -0000 1.156
+++ sys/net80211/ieee80211_node.c 20 Nov 2018 19:00:36 -0000
@@ -509,18 +509,19 @@ ieee80211_ess_is_better(struct ieee80211
int
ieee80211_match_ess(struct ieee80211_ess *ess, struct ieee80211_node *ni)
{
- if (ess->esslen != ni->ni_esslen)
+ if (!ISSET(ess->flags, IEEE80211_JOIN_ANY) &&
+ (ess->esslen != ni->ni_esslen ||
+ memcmp(ess->essid, ni->ni_essid, ess->esslen) != 0))
return 0;
- if (memcmp(ess->essid, ni->ni_essid, ess->esslen) != 0)
+
+ if (ess->esslen != 0 &&
+ (ess->esslen != ni->ni_esslen ||
+ memcmp(ess->essid, ni->ni_essid, ess->esslen) != 0))
return 0;
if (ess->flags & (IEEE80211_F_PSK | IEEE80211_F_RSNON)) {
- /* Ensure same WPA version. */
- if ((ni->ni_rsnprotos & IEEE80211_PROTO_RSN) &&
- (ess->rsnprotos & IEEE80211_PROTO_RSN) == 0)
- return 0;
- if ((ni->ni_rsnprotos & IEEE80211_PROTO_WPA) &&
- (ess->rsnprotos & IEEE80211_PROTO_WPA) == 0)
+ /* Ensure a compatible WPA version. */
+ if ((ni->ni_supported_rsnprotos & ess->rsnprotos) == 0)
return 0;
} else if (ess->flags & IEEE80211_F_WEPON) {
if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
--
My mother loved children -- she would
have given anything if I had been one.
-- Groucho Marx
