Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. Re: Improve support for 802.1X? (Patrik Flykt)
2. [PATCH v2] gdhcp: don't call the lease added callback for
OFFER (Michael Olbrich)
3. [PATCH] agent: avoid recursion in connman_agent_cancel()
(Michael Olbrich)
4. [PATCH] wifi: set interface when added (Michael Olbrich)
----------------------------------------------------------------------
Message: 1
Date: Mon, 30 Nov 2015 11:41:12 +0200
From: Patrik Flykt <[email protected]>
To: Mike Purvis <[email protected]>
Cc: [email protected]
Subject: Re: Improve support for 802.1X?
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
On Fri, 2015-11-27 at 16:42 -0500, Mike Purvis wrote:
> My experience with connman 1.30 mirrors this one:
>
> https://github.com/andrew-bibb/cmst/issues/2#issuecomment-40088345
>
> According to the linked ticket (https://01.org/jira/browse/CM-569),
> it's totally possible, but nothing about the supplied error message
> hints at this possibility. The ideal would be if this could be dealt
> with interactively, but the next best thing would be "Hey, looks like
> you're connecting to an 802.1X network? please see here for
> instructions on creating the necessary authentication file:
> http://.... "
>
> There's also some coverage on the Arch wiki which I found helpful:
>
> https://wiki.archlinux.org/index.php/WPA2_Enterprise#connman
>
> Thoughts?
There you have it in a nutshell. The eduroam config that comes with
ConnMan works for those universities that use peap for authentication.
Now those universities that use ttls to do the same authentication need
to configure their eduroam networks according to the arch linux web
page. EAP methods to use are defined by the end system authentication
setup handled by the university in question. The Access Point has no
idea what authentication will be requested, it only relays the EAP
authentication between the client and the back-end system. As a result
it will be told a set of keys to be used but nothing else.
The easiest way to set this one up is unfortunately a helpful system
admin handing out proper configuration files for ConnMan. Since we all
know this won't happen, the second easiest solution is to have the user
to run a wizard UI app to set up the connection. A decent wizard
application is not easy to do and moves all of the configuration pain to
the user.
ConnMan isn't of any helpful use here. All of the EAP communication
happen between the EAP authentication system and wpa_supplicant (and
relayed by the Access Point). So if someone needs a accurate on-the-fly
configuration app that asks only the needed questions, someone needs to
provide that feature to wpa_supplicant. ConnMan can fill in with a user
name and passphrase, should those be the only things missing.
But none of the above will work unless the user has already obtained the
necessary credentials and certificates beforehand, as is so well
depicted in the example on the arch linux web page with that CaCertFile
configuration option. This is really the main issue with setting up an
EAP connection - the user needs to be given a user id and passphrase and
usually also a certificate before attempting a connection. No amount of
configuration options will be enough if certificates and/or
ids/passphrases are missing.
For practical purposes it should be documented which universities use
peap and which ttls, so that there is one less point of confusion...
Also, if it is easier to understand(?) one can always think of changing
the returned error value in case of EAP. If it gives a better clue on
what is going on, I'm all for it.
Cheers,
Patrik
------------------------------
Message: 2
Date: Mon, 30 Nov 2015 13:00:50 +0100
From: Michael Olbrich <[email protected]>
To: [email protected]
Subject: [PATCH v2] gdhcp: don't call the lease added callback for
OFFER
Message-ID:
<[email protected]>
The lease added callback only used to determine and announce the peer
address. Without this, the peer address is announced via D-Bus before the
peer actually ueses the address.
If the first OFFER is lost, then the difference can actually be several
seconds.
---
Hi,
it took a while for me to get back to this, but here is the updated patch.
Regards,
Michael
v2: moved the lease callback instead of adding a new argument to
add_lease() (as suggested).
gdhcp/server.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gdhcp/server.c b/gdhcp/server.c
index 8574c24c4b72..f7795f7e610d 100644
--- a/gdhcp/server.c
+++ b/gdhcp/server.c
@@ -214,9 +214,6 @@ static struct dhcp_lease *add_lease(GDHCPServer
*dhcp_server, uint32_t expire,
g_hash_table_insert(dhcp_server->nip_lease_hash,
GINT_TO_POINTER((int) lease->lease_nip), lease);
- if (dhcp_server->lease_added_cb)
- dhcp_server->lease_added_cb(lease->lease_mac, yiaddr);
-
return lease;
}
@@ -616,6 +613,9 @@ static void send_ACK(GDHCPServer *dhcp_server,
send_packet_to_client(dhcp_server, &packet);
add_lease(dhcp_server, 0, packet.chaddr, packet.yiaddr);
+
+ if (dhcp_server->lease_added_cb)
+ dhcp_server->lease_added_cb(packet.chaddr, packet.yiaddr);
}
static void send_NAK(GDHCPServer *dhcp_server,
--
2.6.2
------------------------------
Message: 3
Date: Mon, 30 Nov 2015 13:07:48 +0100
From: Michael Olbrich <[email protected]>
To: [email protected]
Subject: [PATCH] agent: avoid recursion in connman_agent_cancel()
Message-ID:
<[email protected]>
It is possible that connman_agent_cancel() from within
connman_agent_cancel():
-> request->callback() == request_peer_authorization_reply()
-> auth_reply->peer_callback() == request_authorization_cb()
-> peer_driver->connect() returns -EBUSY (wifi->p2p_connecting == TRUE)
-> connman_peer_set_state()
with old_state == 2 and new_state == 1
-> peer_disconnect()
-> connman_agent_cancel()
Break the loop by removing the request from the list before calling the
callback funtion.
---
src/agent.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/agent.c b/src/agent.c
index d26d8dcad717..4866c8d99397 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -524,12 +524,12 @@ void connman_agent_cancel(void *user_context)
user_context) {
DBG("cancel pending %p", request);
+ agent->queue = g_list_delete_link(agent->queue,
+ list);
+
request->callback(NULL, request->user_data);
agent_request_free(request);
-
- agent->queue = g_list_delete_link(agent->queue,
- list);
}
list = next;
--
2.6.2
------------------------------
Message: 4
Date: Mon, 30 Nov 2015 13:08:17 +0100
From: Michael Olbrich <[email protected]>
To: [email protected]
Subject: [PATCH] wifi: set interface when added
Message-ID:
<[email protected]>
Otherwise g_supplicant_interface_set_data(interface, NULL) is not called
for the g_suplicant interface when the wifi object is removed. As a result,
the g_suplicant interface may access the wifi object when it is already
deleted.
This is rarely a problem, because the g_suplicant interface is deleted
shortly afterwards, but occasionally a D-Bus signal arrives at the wrong
time and triggers this use after free issue.
---
plugins/wifi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/plugins/wifi.c b/plugins/wifi.c
index 2aeabfd30f3d..a98b68080fca 100644
--- a/plugins/wifi.c
+++ b/plugins/wifi.c
@@ -2169,6 +2169,7 @@ static void interface_added(GSupplicantInterface
*interface)
if (!wifi)
return;
+ wifi->interface = interface;
g_supplicant_interface_set_data(interface, wifi);
p2p_iface_list = g_list_append(p2p_iface_list, wifi);
wifi->p2p_device = true;
--
2.6.2
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 1, Issue 12
**************************************
