d8b43985e4d7 ubus: fix token_create policy
7326459bd743 ubus: dump service information on network_get
6c9c8fbd8128 service: add @all as alias for all members, unless defined differently
Signed-off-by: Felix Fietkau <nbd@nbd.name>
`ucv_array_set` releases the array's reference to the object being cleared.
If this is the last reference to the object, it will be freed, making our
pointer `val` invalid.
To avoid this, we need to obtain our own reference to the object so we
can safely return `val`.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Since `wpa_ucode_registry_add` collects its own reference to the values added, the
two functions `hostapd_ucode_bss_get_uval` and `hostapd_ucode_iface_get_uval` would
sometimes return a referenced object (from `uc_resource_new`) and sometimes return
an unreferenced object (from `wpa_ucode_registry_get`). Now, both functions always
return a referenced object.
This change also indirectly fixes `hostapd_ucode_bss_get_uval`, ensuring it now
always returns a referenced object.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Remove extra ucv_get calls when passing a referenced value to an object
without using it further.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes a common reference counting bug typically along the lines of:
```
uc_value_push(ucv_get(ucv_string_new(...)));
```
This would leave our new string with a reference count of 2, one from
the construction of the string, the other from `ucv_get`. This would
prevent the strings from being correctly cleaned up when it goes out
of scope.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
75a236be122a service: add missing null pointer check
f5341f327539 ubus: add api for generating and validating security tokens
3fab99eab4d5 add udebug support
28d86bd30e97 pex: only respond to update requests when we have network data
8e6f37cc361e pex-msg: ignore no-data responses if version is zero
12e6cf7f63e1 pex: create pex host from update responses
edc8fdae463a ubus: show the local addresses in network status
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This vastly simplifies creating and managing unet networks.
It also adds support for the unetd protocol for onboarding new nodes
over the network.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Depending on the config / circumstances, the get_psk call can be called
multiple times from differnt places, which can lead to wrong sta->psk_idx
values. The correct call is the one that is also interested in the vlan_id,
so use the vlan_id pointer as indication of when to set sta->psk_idx.
Also fix off-by-one error for secondary PSKs
Fixes: b2a2c286170d ("hostapd: add support for authenticating with multiple PSKs via ubus helper")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Unless another toolchain is present (or selected), build the bpf toolchain
whenever a package is selected that needs it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
322500403615 service: add default group @ to match all nodes
5f7860306200 ubus: rename unetd_ubus_notify to unetd_ubus_network_notify
d13752814651 enroll: add PEX sub-protocol to support enrolling new nodes into a network
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The lldp_class and lldp_location config option are only valid when
compiled with LLDP-MED support. If not they will cause lldpd not to
start.
Signed-off-by: Sebastian Pflieger <sebastian@pflieger.email>
Link: https://github.com/openwrt/openwrt/pull/17571
Signed-off-by: Robert Marko <robimarko@gmail.com>
Changes (breaking):
- Remove support for building 802.3bt TLVs (broken).
Fix:
- Fix memory leaks in EDP/FDP decoding when receiving some TLVs twice.
- Do not set interface description continuously.
- Use a different Netlink socket for changes and queries.
Signed-off-by: Sebastian Pflieger <sebastian@pflieger.email>
Link: https://github.com/openwrt/openwrt/pull/17570
Signed-off-by: Robert Marko <robimarko@gmail.com>
Without this patch, we get the following error:
Mon Dec 23 11:35:44 2024 daemon.err hostapd: nl80211: kernel reports: integer out of range
As updating hostapd would be too complex and requires further testing,
we backport this simple upstream fix instead.
Fixes: https://github.com/openwrt/openwrt/issues/16680
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/17590
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This is a minor upgrade that mainly fixes some compilation errors
and remove old unused code.
The Makefile has been reorganized. Now all package make parameters
are passed as configure arguments instead of environment variables.
The compilation dependencies remain the same as ppp v2.5.1 and the
package size changes are negligible.
Change log:
https://github.com/ppp-project/ppp/blob/v2.5.2/README#L70
Upstreamed patches:
101-pppd-crypto-fix-build-without-openssl.patch [1]
102-pppd-make-pid-directory-before-create-the-pid-file.patch [2]
103-pppd-crypto-fix-gcc-14-build.patch [3]
[1] 5f6eabdb66
[2] 734bc0438e
[3] ac269dbf7c
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/17477
Signed-off-by: Nick Hainke <vincent@systemli.org>
access to undeclared variable radio In [anonymous function](), file /usr/share/hostap/hostapd.uc, line 830, byte 45:
Signed-off-by: Florian Maurer <f.maurer@outlook.de>
93461ca4c827 unet-cli: only apply defaults on create
3e5766783d5d unet-tool: add support for confirming password
074d3659ca4a unet-cli: confirm password when creating new seed based key
bf3488a3807a unet-cli: add add/set-local-host command
9eb57c528461 unet-cli: add support for setting interface zone
a0a2d80f3459 ubus: add firewall rules for network port/pex_port via procd
Signed-off-by: Felix Fietkau <nbd@nbd.name>
d22d7db581d5 bpf_skb_utils.h: add missing include to fix build against newer kernel headers
bbd3e0eb1419 host: fix peer routes on a node acting as gateway
b17164751fc7 unet-tool: add support for generating keys from salt + seed passphrase
041e05870c20 unet-tool: add support for dumping pubkey from signed file
b58920d420cb unet-tool: add support for extracting network data from signed bin file
f335f5b40b4e unet-cli: add support for generating key from seed
8b1f1d099352 unet-cli: add support for importing networks from signed data
188ba05eadf2 unet-cli: add missing command line help for import
8f15fc306a40 unet-cli: fix add-ssh-host with seed keys
486bc3b86dc2 pex-msg: enable broadcast for global PEX socket
e4a24cdfbc1c unet-cli: fix defaults on create
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Name the pidfile of each dropbear instance according to the
corresponding uci section name. This enables a 1:1 mapping between the
definition of the service instance and its process.
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
Link: https://github.com/openwrt/openwrt/pull/15177
Signed-off-by: John Crispin <john@phrozen.org>
Initial support for dynamic reload of RxKHs.
In order to check if RxKHs need reloading.
RxKHs defined in the rxkh_file first has to be parsed and formated,
the same way as hostapd will read from the file and also output,
with the command GET_RXKHS.
Then each list of RxKHs can be hashed and compared.
Ucode implementation of hostapds rkh_derive_key() function.
Hostapd converts hex keys with 128-bits or more when less than 256-bits
to 256-bits, and truncates those that are more than 256-bits.
See: https://w1.fi/cgit/hostap/commit/hostapd/config_file.c?id=245fc96e5f4b1c566b7eaa19180c774307ebed79
Signed-off-by: Sybil127 <sybil127@outlook.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
dnsmasq passes a limited amount of information via DHCP script arguments. Much
more information is available through environment variables starting with
DNSMASQ_, such as DNSMASQ_INTERFACE. However, when the dhcp-script builds its
JSON environment and passes it to hotplug, all of this information is discarded
since it is not copied to the JSON environment.
Personally, I have a custom-made set of DDNS scripts and rely on environment
variables such as DNSMASQ_INTERFACE in order to determine which DNS zones
to update. So, not being able to access these variables was detrimental to me.
I patched in a quick copy of all DNSMASQ_ variables to the JSON environment
so that they can be used in hotplug scripts. In order to do so I also copied
/usr/bin/env into dnsmasq's chroot jail.
Signed-off-by: Chuck R <github@chuck.cloud>
Link: https://github.com/openwrt/openwrt/pull/16354
Signed-off-by: John Crispin <john@phrozen.org>
Regarding SAE support in wifi-station:
Important Note: Unlike PSK wifi-stations, both `mac` and `key` options are required
to make it work. With PSK, hostapd used to perform a brute-force match to find which
PSK entry to use, but with SAE this is infeasible due to SAE's design.
When `mac` is omitted, it will allow any MAC address to use the SAE password if it
didn't have a MAC address assigned to it, but this could only be done once.
The last wildcard entry would be used.
Also, unlike "hostapd: add support for SAE in PPSK option" (commit 913368a),
it is not required to set `sae_pwe` to `0`. This gives it a slight advantage
over using PPSK that goes beyond not needing RADIUS.
Example Configuration:
```
config wifi-vlan
option iface default_radio0
option name 999
option vid 999
option network management
config wifi-station
# Allow user with MAC address 00:11:22:33:44:55 and matching
# key "secretadminpass" to access the management network.
option iface default_radio0
option vid 999
option mac '00:11:22:33:44:55'
option key secretadminpass
config wifi-vlan
option iface default_radio0
option name 100
option vid 100
option network guest
config wifi-station
# With SAE, when 'mac' is omitted it will be the fallback in case no
# other MAC address matches. It won't be possible for a user that
# has a matching MAC to use this network (i.e., 00:11:22:33:44:55
# in this example).
option iface default_radio0
option vid 100
option key guestpass
```
Regarding PSK file creation optimization:
This patch now conditionally runs `hostapd_set_psk_file` depending on `auth_type`.
Previously, `hostapd_set_psk` would always execute `hostapd_set_psk_file`, which
would create a new file if `wifi-station` was in use even if PSK was not enabled.
This change checks the `auth_type` to ensure that it is appropriate to parse the
`wifi-station` entries and create those files.
Furthermore, we now only configure `wpa_psk_file` when it is a supported option
(i.e., psk or psk-sae is used). Previously, we used to configure it when it was
not necessary. While it didn't cause any issues, it would litter `/var/run` with
unnecessary files. This patch fixes that case by configuring it depending on the
`auth_type`.
The new SAE support is aligned with these PSK file changes.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/17145
Signed-off-by: John Crispin <john@phrozen.org>
93458ac dns: fix response to TYPE_PTR query
68af311 fix unicast response port and timeout
a2b4979 service: announce all services in single dns answer
4537734 display announced services in ubus call umdns browse
0b50c29 display more srv attributes in output of ubus browse function
Signed-off-by: John Crispin <john@phrozen.org>
The internal hostapd version cannot be built with EAP-pwd support, so
enable it only for the SSL variants.
Fixes: #17163
Fixes: 6365316fab87 ("hostapd: add ubus support for wired driver")
Link: https://github.com/openwrt/openwrt/pull/17164
Signed-off-by: Robert Marko <robimarko@gmail.com>
Use and alternate ubus object when the config contains "driver=wired". This
commit is in preparation of the ieee8021x-wired daemon.
Signed-off-by: John Crispin <john@phrozen.org>
This allows a radius server to send AVPs for client rate control inside the
accept message. Further add the ratelimits to the sta-authorized ubus
notification.
Signed-off-by: John Crispin <john@phrozen.org>
The config_get_bool also works with on/off, yes/no, true/false.
Add 'main' section name. This will make it easier to change settings from uci.
Add a link to documentation.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15579
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The ppp package can support all features since Linux 4.7.0 kernel.
Therefore, most kernel version checks can pass unconditionally on
OpenWrt v18.06 and later version. This patch can reduce the size
of ppp package by approximately 2.5 KB.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16695
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
These two were getting rather long.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Link: https://github.com/openwrt/openwrt/pull/16849
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
