LEAP development assist

From: "Anders Östling" <anders ostling gmail com>
To: networkmanager-list gnome org
Subject: LEAP development assist
Date: Wed, 22 Mar 2006 15:32:46 +0100

Hi list

Since I am very eager to have the LEAP stuff implemented in NM, I decided to dump a complete session log to the developer list (attached). Maybe it can be of some use to someone...

I have tried to get a grip on how NM works (codewise) but there are still a few gray areas. I have got very good help from some of you guys, so now I *think* that I understand how the applet communicates with the backend using dbus. Still not comfortable with the glade/gtk stuff, but I will re-read it again to see if I can add (and invoke) the LEAP dialog from the applet.

From what I understand, nm is talking to wpasupplicant over a control socket, right?, instead of writing a config file. Is this documented somewhere (except the nm code of course...)?

Anders

--
-----------------------------------------
- Nu spelar vi powerplay i numerärt överlage grabbar -
Anders Östling
+46-768-716 165 (Mobil)
+46-42-20 06 14 (Hem)
+46-42-26 43 45 (IKEA IT AB)

Ok, here we go. This is a debug run of how the LEAP authentication is communicated between wpa and our AP's.
The AP is communucating with Cisco ACS (Radius) and our AD domain controllers. When authenticated, a dynamic wep key is obtained from the AP.

The configuration used follows. Note that the network used is called "ICNwireless"

anos zoolog:~$ cat /etc/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=2
network={
        ssid="ICNwireless"
        key_mgmt=IEEE8021X
        eap=LEAP
        identity="AD-DOMAIN\AD-USERID"
        password="AD-PASSWORD"
        priority=5
}
# Shared WEP key connection at home (no WPA, no IEEE 802.1X)
network={
        ssid="HOBBITS"
        key_mgmt=NONE
        wep_key0=51F2947495A92126D096B775AC
        wep_tx_keyidx=0
        priority=4
}

network={
        ssid="default"
        key_mgmt=NONE
        priority=3
}

root zoolog:~# wpa_supplicant -c /etc/wpa_supplicant.conf -i eth1 -dd -D wext
Initializing interface 'eth1' conf '/etc/wpa_supplicant.conf' driver 'wext' ctrl_interface 'N/A'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'

* Parsing of the configuration file *

Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
ap_scan=2
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=11):
     49 43 4e 77 69 72 65 6c 65 73 73                  ICNwireless
key_mgmt: 0x8
eap methods - hexdump(len=2): 11 00
identity - hexdump_ascii(len=9):
     69 6b 65 61 5c 61 6e 6f 73                        AD-DOMAIN\AD-USERID
password - hexdump_ascii(len=7): [REMOVED]
priority=5 (0x5)
Line: 14 - start of a new network block
ssid - hexdump_ascii(len=7):
     48 4f 42 53 41 4c 41                              HOBBITS
key_mgmt: 0x4
wep_key0 - hexdump(len=13): [REMOVED]
wep_tx_keyidx=0 (0x0)
priority=4 (0x4)
Line: 22 - start of a new network block
ssid - hexdump_ascii(len=7):
     64 65 66 61 75 6c 74                              default
key_mgmt: 0x4
priority=3 (0x3)
Priority group 5
   id=0 ssid='ICNwireless'
Priority group 4
   id=1 ssid='HOBBITS'
Priority group 3
   id=2 ssid='default'

* Interface gets init'ed *

Initializing interface (2) 'eth1'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
SIOCGIWRANGE: WE(compiled)=19 WE(source)=18 enc_capa=0xf
  capabilities: key_mgmt 0xf enc 0xf
Own MAC address: 00:04:23:6d:f5:15
wpa_driver_wext_set_wpa
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_countermeasures
wpa_driver_wext_set_drop_unencrypted
Setting scan request: 0 sec 100000 usec
Added interface eth1
Wireless event: cmd=0x8b06 len=8
State: DISCONNECTED -> SCANNING
Trying to associate with SSID 'ICNwireless'
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x4
WPA: clearing AP WPA IE
WPA: clearing AP RSN IE
WPA: clearing own WPA/RSN IE
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: SCANNING -> ASSOCIATING
wpa_driver_wext_associate
Setting authentication timeout: 60 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b06 len=8
Wireless event: cmd=0x8b1a len=20
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:13:60:e8:17:20
State: ASSOCIATING -> ASSOCIATED
Associated to a new BSS: BSSID=00:13:60:e8:17:20

* Now we have found and associated to a nearby AP using ICNwireless *

No keys have been configured - skip key clearing
Network configuration found for the current AP
WPA: clearing AP WPA IE
WPA: clearing AP RSN IE
WPA: clearing own WPA/RSN IE
EAPOL: External notification - portControl=Auto
Associated with 00:13:60:e8:17:20
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL - hexdump(len=4): 01 01 00 00
RX EAPOL from 00:13:60:e8:17:20
RX EAPOL - hexdump(len=60): 01 00 00 38 01 02 00 38 01 00 6e 65 74 77 6f 72 6b 69 64 3d 49 43 4e 77 69 72 65 6c 65 73 73 2c 6e 61 73 69 64 3d 53 57 45 61 2d 54 52 45 54 62 33 2d 31 2c 70 6f 72 74 69 64 3d 30Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=2
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=51):
     00 6e 65 74 77 6f 72 6b 69 64 3d 49 43 4e 77 69   _networkid=ICNwi
     72 65 6c 65 73 73 2c 6e 61 73 69 64 3d 53 57 45   reless,nasid=SWE
     61 2d 54 52 45 54 62 33 2d 31 2c 70 6f 72 74 69   a-TRETb3-1,porti
     64 3d 30                                          d=0
EAP: using real identity - hexdump_ascii(len=9):
     69 6b 65 61 5c 61 6e 6f 73                        AD-DOMAIN\AD-USERID
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=18): 01 00 00 0e 02 02 00 0e 01 69 6b 65 61 5c 61 6e 6f 73
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:13:60:e8:17:20
RX EAPOL - hexdump(len=46): 01 00 00 19 01 f2 00 19 11 01 00 08 3c f8 7b 0f ab 35 1d 33 69 6b 65 61 5c 61 6e 6f 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=17 id=242
EAP: EAP entering state GET_METHOD
EAP: initialize selected EAP method (17, LEAP)
CTRL-EVENT-EAP-METHOD EAP method 17 (LEAP) selected
EAP: EAP entering state METHOD
EAP-LEAP: Processing EAP-Request
EAP-LEAP: Challenge from AP - hexdump(len=8): 3c f8 7b 0f ab 35 1d 33
EAP-LEAP: Generating Challenge Response
EAP-LEAP: Response - hexdump(len=24): e2 66 3f cf c8 6d 46 04 39 22 25 06 bc db da 7d d7 72 b3 aa 49 b3 f1 47
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=45): 01 00 00 29 02 f2 00 29 11 01 00 18 e2 66 3f cf c8 6d 46 04 39 22 25 06 bc db da 7d d7 72 b3 aa 49 b3 f1 47 69 6b 65 61 5c 61 6e 6f 73
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:13:60:e8:17:20
RX EAPOL - hexdump(len=46): 01 00 00 04 03 f2 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: EAP entering state METHOD
EAP-LEAP: Processing EAP-Success
EAP-LEAP: Challenge to AP/AS - hexdump(len=8): dc 72 04 33 b1 e2 37 af
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=29): 01 00 00 19 01 f2 00 19 11 01 00 08 dc 72 04 33 b1 e2 37 af 69 6b 65 61 5c 61 6e 6f 73
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:13:60:e8:17:20
RX EAPOL - hexdump(len=46): 01 00 00 29 02 00 00 29 11 01 00 18 51 0d 4f 52 0b 0f e0 44 62 9b 16 19 4c 02 4a 13 32 38 84 02 59 36 f3 03 69 6b 65 61 5c 61 6e 6f 73 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Response for LEAP method=17 id=0
EAP: EAP entering state METHOD
EAP-LEAP: Processing EAP-Response
EAP-LEAP: Response from AP - hexdump(len=24): 51 0d 4f 52 0b 0f e0 44 62 9b 16 19 4c 02 4a 13 32 38 84 02 59 36 f3 03
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
EAP-LEAP: pw_hash_hash - hexdump(len=16): [REMOVED]
EAP-LEAP: peer_challenge - hexdump(len=8): 3c f8 7b 0f ab 35 1d 33
EAP-LEAP: peer_response - hexdump(len=24): e2 66 3f cf c8 6d 46 04 39 22 25 06 bc db da 7d d7 72 b3 aa 49 b3 f1 47
EAP-LEAP: ap_challenge - hexdump(len=8): dc 72 04 33 b1 e2 37 af
EAP-LEAP: ap_response - hexdump(len=24): 51 0d 4f 52 0b 0f e0 44 62 9b 16 19 4c 02 4a 13 32 38 84 02 59 36 f3 03
EAP-LEAP: master key - hexdump(len=16): [REMOVED]
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAP: EAP entering state SUCCESS
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
RX EAPOL from 00:13:60:e8:17:20
RX EAPOL - hexdump(len=61): 01 03 00 39 01 00 0d 00 00 44 21 5c c0 26 3d 32 57 39 b4 4d e8 45 f7 67 27 03 5a 83 2a 02 68 c2 9f 37 99 d2 05 b4 89 d2 a8 5c 6c 9c 6f fa 26 eb 81 f2 a9 b7 36 a0 05 de 9d eb 17
EAPOL: Received EAPOL-Key frame
EAPOL: KEY_RX entering state KEY_RECEIVE
EAPOL: processKey
EAPOL: RX IEEE 802.1X ver=1 type=3 len=57 EAPOL-Key: type=1 key_length=13 key_index=0x2
EAPOL: EAPOL-Key key signature verified
EAPOL: Decrypted(RC4) key - hexdump(len=13): [REMOVED]
EAPOL: Setting dynamic WEP key: broadcast keyidx 2 len 13
wpa_driver_wext_set_key: alg=1 key_idx=2 set_tx=0 seq_len=0 key_len=13
RX EAPOL from 00:13:60:e8:17:20
RX EAPOL - hexdump(len=48): 01 03 00 2c 01 00 0d 00 00 44 21 5c c0 26 3e 52 c3 69 9f 3e f0 16 b1 21 53 4d f9 aa 0c e8 67 83 2a 37 c8 9f 0e d0 a5 b0 4f 59 3f 70 e2 09 e7 de
EAPOL: Received EAPOL-Key frame
EAPOL: KEY_RX entering state KEY_RECEIVE
EAPOL: processKey
EAPOL: RX IEEE 802.1X ver=1 type=3 len=44 EAPOL-Key: type=1 key_length=13 key_index=0x83
EAPOL: EAPOL-Key key signature verified
EAPOL: using part of EAP keying material data encryption key - hexdump(len=13): [REMOVED]
EAPOL: Setting dynamic WEP key: unicast keyidx 3 len 13
wpa_driver_wext_set_key: alg=1 key_idx=3 set_tx=128 seq_len=0 key_len=13
EAPOL: all required EAPOL-Key frames received
WPA: EAPOL processing complete
Cancelling authentication timeout
State: ASSOCIATED -> COMPLETED
CTRL-EVENT-CONNECTED - Connection to 00:13:60:e8:17:20 completed (auth)
EAPOL: SUPP_PAE entering state AUTHENTICATED

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]