**** BEGIN LOGGING AT Sun Dec 13 02:59:58 2015 Dec 13 08:42:40 Sicelo: weren't you the one fiddling with eap-tls? ^ Dec 13 09:00:26 What I dont get is why Nokia would go to the trouble to backport this stuff then not enable it unless you set a hidden gconf key... Dec 13 09:02:16 Although now that I think about it, what probably happened is that they didn't want to turn it on by default because it hadn't been fully QA tested (e.g. tested across a range of networks etc) Dec 13 09:04:34 definatly something CSSU can turn on though Dec 13 09:16:35 bencoh: eap-peap. my `problem` was not addressed by that bug Dec 13 09:16:52 so i use wpa_supplicant. Dec 13 09:48:00 my problem is that eapd refuses to connect to peap network based on Windows NPS (which we have at work). connects fine with FreeRadius for example. this problem is not exclusing to N900 though .. even all Symbian phones suffered from it, including N9 Dec 13 09:50:06 Nokia blamed Microsoft for bad implementation, and Microsoft blamed Nokia for bad support since all other PEAP-capable devices were connecting fine on Windows NPS Dec 13 09:54:40 Its a pitty osso-wlan-security isn't FOSS (and that no-one has come forward to write a proper replacement for that whole system) otherwise all the problems would go away Dec 13 09:55:13 There are wpa_supplicant based alternatives but those don' Dec 13 09:55:32 don't fit into the rest of the system as well as they could Dec 13 09:57:38 yes. i have the DUMMY connection thing which works .. but some problems Dec 13 09:58:41 1) for example osso-feed-reader can be set to update automatically on wifi .. doesn't work with wpa_supplicant. 2) pidgin doesn't see the connection at all .. keeps saying 'waiting for connection' Dec 13 10:07:05 it should be possible to rip the entire subsystem out and replace it (I have even documented various gconf keys, dbus calls and other interfaces you would need to deal with in doing such a replacement) Dec 13 10:07:37 Its just a matter of finding someone who knows all the relavent software (wpa_supplicant, connman etc) and who can do the work to replace the piece of crap that is icd2 :) Dec 13 10:39:38 Sicelo: Nokia N9 != Symbian. Dec 13 10:43:26 brolin: nokia n9 and symbian => nokia Dec 13 11:09:21 brolin_empey: yes ;) Dec 13 11:09:54 that's not what i said .. i just wanted to point out this problem spanned many years Dec 13 11:11:08 not sure who's more to blame .. MS or Nokia .. but it wouldn't have taken too much for Nokia engineers to workaround the problem and still keep compatibility with other Radius servers Dec 13 11:11:54 Sicelo: You wrote “even all Symbian phones suffered from it, including N9”. Dec 13 11:13:09 yes .. i did :) Dec 13 11:13:44 call it bad English. fwiw, i have N9 sitting in front of me Dec 13 11:16:04 those interested in the 'solution' from Nokia, https://social.technet.microsoft.com/Forums/windowsserver/en-US/bea4eff8-3083-4350-9b29-0b4aac49b93a/nokia-mobile-phones-unable-to-connect-wifi-that-uses-authentication-backend-based-on-nps-and-ad?forum=winserverNAP Dec 13 11:16:19 Sicelo: OK. I have a Samsung Galaxy Note 3 and a Geeksphone Revolution sitting to my left. Dec 13 11:16:52 which is basically useless for the average user .. how many network administrators will accept registry changes from your average Joe. Dec 13 11:54:33 sicelo, depends how many 6packs is it worth to you Dec 13 11:56:27 if only it was that easy. Dec 13 11:57:30 the AD network spans close to 100 locations worldwide. consider it the same as Eduroam. Dec 13 11:58:43 many 6packs then Dec 13 13:28:58 looks like Maemo has bug with certificates, it cannot connect to EAP-TLS network if *user* certificate which is imported into device does not have password Dec 13 13:29:33 maemo certificate manager can import such pkcs12 (pfx) file, can read, parse and use it Dec 13 13:29:54 problem is just with wifi module (osso-wlan-security) or wifi GUI Dec 13 13:30:33 if I encrypt pkcs12 file with some password and then import it into certificate manager, it ask me password and can import and use it Dec 13 13:30:50 but every time when opening that certificate I must enter that password Dec 13 13:31:07 and I can also connect to EAP-TLS wifi AP Dec 13 13:31:16 but every time I must ever password :-( Dec 13 13:31:22 this is stupid Dec 13 13:33:23 private RSA keys for certificates are extracted by someboody from pfx file and stored in: ~/.maemosec-keys/ Dec 13 13:33:54 and are encrypted by some passphrase! (even from certificates without password) Dec 13 13:34:13 looks like some another Nokia (c) security by obscurity! Dec 13 13:34:47 I remember that Nokia reopened certman libs, tools and control panel applet Dec 13 13:35:18 so this could be possible fixed Dec 13 13:35:42 no idea what with Wifi GUI which ask for password also if certificate does not have password Dec 13 13:35:46 DocScrutinizer05: any idea? Dec 13 13:39:08 i would blame osso-wlan-security .. there's all sorts of broken secure wifi things going on it it. Dec 13 13:39:27 and the 'crazy' design for not allowing auto-connect Dec 13 13:40:34 Pali: test the situation with some of the enterprise symbian devices .. you might find it's the same :( Dec 13 14:04:27 this looks like problem with WIFI GUI Dec 13 14:04:40 it ask me password even if there is no password needed Dec 13 14:05:12 Sicelo: and there is another problem wifi select dialog crash if I close (tap behind) window for setting password Dec 13 14:05:28 jonwil could RE that GUI stuff Dec 13 14:06:15 Sicelo: ask jonwil (if you see it) if it is possible to RE dialog for setting WIFI EAP-TLS certificate password Dec 13 14:06:27 I could find out which library is that part doing Dec 13 14:06:50 Sicelo: are you sure that autoconnect stuff is not in osso-wlan (open source wlancond), but in osso-wlan-security? Dec 13 14:19:39 i don't know .. you guys know these better than i do. i'm just an average user ... but the big problems are likely in eapd-->osso-wlan-security Dec 13 14:20:55 i don't have an EAP-TLS network ... when i find time i could reconfigure my Freeradius to EAP-TLS Dec 13 14:21:17 hostapd has integrated EAP server Dec 13 14:21:29 no need to use freeradius :-) Dec 13 14:21:54 :) for some weird reason i use both. i saw that hostapd has it built-in Dec 13 14:37:13 Pali: btw, when you run `strings` on eapd, a lot of other interesting strings show up .. i tried setting some of thoese in gconf .. maybe one of them would cover the issue you face Dec 13 15:00:27 there is gconf key for setting GTG password :-) missing in UI Dec 13 15:01:12 *EAP-GTC Dec 13 15:01:22 generic token card Dec 13 15:46:00 Sicelo: now I know how to enable autoconnect for WPA-EAP on maemo! Dec 13 15:47:54 wut! Dec 13 15:47:56 how? Dec 13 15:48:04 magician :) Dec 13 15:48:24 :) Dec 13 15:51:58 freemangordon: are you there? Dec 13 16:04:51 Pali: a matter of gconf? or some other conf? or needs recompilation of somethign? Dec 13 16:05:06 hexedit of binary :-) Dec 13 16:05:15 haha, ok Dec 13 16:11:15 Pali: yep, what's up? Dec 13 17:06:08 about EAP-TLS and asking for password for certificate Dec 13 17:06:16 looks like it is implemented in file ./usr/lib/conndlgs/libiap_dialog_private_key_pw.so Dec 13 17:06:25 size 6704 bytes Dec 13 17:06:45 but I'm not sure Dec 13 17:06:55 freemangordon: how hard is to RE that file? Dec 13 17:11:20 Pali: need to check, how urgent is that? Dec 13 17:11:29 but 6k should be easy Dec 13 17:11:38 urgent? as any other maemo stuff... Dec 13 17:11:42 :) Dec 13 17:11:57 I meant - how critical is the bugfix? Dec 13 17:12:56 not very critical Dec 13 17:13:05 but something which I would like to have fixed :-) Dec 13 17:13:24 ok, feeding IDA with it Dec 13 17:56:39 maemo-security-certman-applet$ git grep DEFAULT_PASSWORD Dec 13 17:56:39 src/cm_dialogs.c:#define DEFAULT_PASSWORD "AeHi5ied" Dec 13 17:56:45 Nothing it HIDDEN! Dec 13 17:58:01 password for what? Dec 13 17:58:04 every one RSA private key in maemo certman is encrypted with above passprhase Dec 13 17:58:11 oh gosh Dec 13 17:58:18 (if you do not specify your own passphrase) Dec 13 17:59:01 Pali: that .so is the one you hex-patch? Dec 13 17:59:22 no, different Dec 13 17:59:51 Pali: where is that code? Dec 13 18:00:06 maemo-security-certman-applet.git Dec 13 18:00:12 it was on gitorious Dec 13 18:00:41 is there a function called "certmanui_get_privatekey" somewhere there? Dec 13 18:01:06 yes in maemo-security-certman-applet :-) Dec 13 18:01:12 ok :) Dec 13 18:01:13 reason why I'm grepping it Dec 13 18:01:26 already looking at objdump of that binary Dec 13 18:01:43 aaa, we have github backup :-) https://github.com/maemo-foss/maemo-security-certman-applet Dec 13 18:02:22 yeah Dec 13 18:02:28 just found it :D Dec 13 18:46:00 Pali: I can give you the C code of libiap_dialog_private_key_pw, but you'll have to do the packagin etc, ok? Dec 13 18:46:14 ok Dec 13 19:09:17 freemangordon: when you have C code, let me know Dec 13 19:48:20 Pali: http://pastebin.com/N4TdrHnR Dec 13 19:48:41 thanks! Dec 13 19:49:08 currently I found bug in certmanui_get_privatekey() function Dec 13 19:49:16 Pali: not even compile tested, but I doubt there are many errors :) Dec 13 19:49:41 if dialog is closed, then it returns pointer to stack garbage Dec 13 19:50:01 this is probably reason why that WIFI GUI selector crash Dec 13 19:50:21 I will fix this and then push cssu repo Dec 13 19:50:27 good Dec 13 20:09:06 freemangordon: return value from certmanui_get_privatekey is not checked? Dec 13 20:24:31 freemangordon: /* FIXME - why not freeing it if data is NULL? */ because it points to static global structure Dec 13 20:24:37 not dynamically allocated Dec 13 20:25:13 anyway thanks! Now I found why that library freeze WIFI selector! Dec 13 20:25:52 certmanui_get_privatekey does not call callback function if wrong password is specified Dec 13 20:26:05 so wifi selector still waits for signal true/false Dec 13 20:26:21 and thinks that modal UI is still open Dec 13 20:26:26 will fix it Dec 13 21:06:41 Pali: re FIXME - it is "key" that is getting freed, not userdata Dec 13 21:08:14 yes, "key" comes from certman and is dynamically allocated Dec 13 21:08:20 onece it is not needed, we need to free it Dec 13 21:08:26 certman does not free it Dec 13 21:08:42 so we need to free key, but not userdata Dec 13 21:09:13 but - g_return_if_fail(data != NULL); will prevent key to be freed Dec 13 21:09:53 so I guess we should reverse the order - first g_free(key), then check if data is NULL Dec 13 21:12:08 ah, right Dec 13 21:12:20 now I know what you mean with that comment Dec 13 21:12:52 freemangordon: anyway, I have 3 referenced symbols: Dec 13 21:13:01 connui_dbus_send_system_msg, iap_dialog_register_service, iap_dialog_unregister_service Dec 13 21:13:07 any idea where they are? Dec 13 21:13:54 /usr/include/connui/libconnui.h:dbus_bool_t connui_dbus_send_system_msg(DBusMessage *message); Dec 13 21:15:49 Pali: I guess the others are in libiap or somesuch Dec 13 21:15:56 ok Dec 13 21:39:48 freemangordon: that two iap symbols are exported from binary /usr/bin/osso-connectivity-ui-conndlgs.launch Dec 13 21:40:02 and not by library Dec 13 21:44:33 Pali: yeah, makes sense Dec 13 21:58:34 um .. on N900 we have exactly same GPU as N9? Dec 13 21:59:11 both use sgx530 Dec 13 21:59:54 makes sense .. explains how freemangordon was able to get us 720p playback. nice Dec 13 22:02:14 Sicello: In regards to wl1251-cal, I too observed the problem with the MAC address and I dont know why it isn't working. It should be a drop-in replacement for the stock widget. Dec 13 22:02:33 works fine when you run it manually though Dec 13 22:02:39 yeah its weird Dec 13 22:02:51 Sicelo: 720p playback isn't related to gpu afaict (but to DSP) Dec 13 22:03:24 (a TI C64+ on both chips) Dec 13 22:03:25 :nod: Dec 13 22:03:44 ah Dec 13 22:03:45 but on N9 it runs on higher freqs Dec 13 22:04:07 which explains why n9 can play higher res/profile Dec 13 22:04:52 N9 is really nice device. Dec 13 22:05:12 with no keyboard and a capacitive screen, but yeah Dec 13 22:05:36 (I feel like we've already discussed that quite a few times :D) Dec 13 22:05:45 :) Dec 13 22:06:17 anyone here with N9? what pdf reader you use? Dec 13 22:06:37 or epubs Dec 13 22:06:40 Sicelo: the script for wl1251-cal is the same as the one that comes with the stock widget Dec 13 22:08:41 jonwil: ok. i guess for time being one has to remember to run wl1251-cal after every reboot Dec 13 22:09:00 or (like I did) downgrade it back to stock Dec 13 22:10:39 freemangordon: ping Dec 13 22:10:55 jonwil: pong Dec 13 22:11:30 ah .. there is pdf reader in N9, just called Documents. Dec 13 22:12:53 whats this you were talking to merlin1991 about earlier? pap_enabled gconf key? Dec 13 22:13:38 Pali: ^^^ Dec 13 22:35:03 freemangordon: that cloned library has problem in function iap_dialog_private_key_pw_send_reply() Dec 13 22:35:14 in that function it crashes Dec 13 22:35:22 lemme check Dec 13 22:35:33 what crash? Dec 13 22:35:38 segfault? Dec 13 22:35:58 yes, from syslog looks like segfault Dec 13 22:39:41 Pali: maybe dbus_message_append_args is called with wrong parameters, lemme check Dec 13 22:42:00 Pali: can't see anything wrong, could you debug it? Dec 13 22:42:10 will try Dec 13 22:45:29 freemangordon: quick debug: looks like dbus_message_append_args crashing Dec 13 22:45:49 thought so, but can't see why Dec 13 22:45:53 I added syslog() call before and after dbus_message_append_args() Dec 13 22:46:01 before I got output, after not Dec 13 22:49:09 Pali: before you disappear .. mind to share details of the WPA-EAP auto-connect method? which file to hex-patch, and change which bytes to what? Dec 13 22:49:39 Sicelo: looks like it is not so easy, as I thought Dec 13 22:49:58 Pali: could you share the code you work with? Dec 13 22:51:11 I will push code to github Dec 13 22:51:32 ok. goodnight. Dec 13 22:53:54 freemangordon: https://github.com/community-ssu/connui-conndlgs-wlan Dec 13 22:55:11 ok Dec 13 22:59:10 Pali: try to use DBUS_TYPE_INVALID instead of NULL for the last parameter Dec 13 22:59:18 already tried :-( Dec 13 23:00:45 I wonder if those string parameters should be send by address, but all of the examples I look at do it Dec 13 23:02:37 going to start whole process under gdb Dec 13 23:02:54 /usr/bin/maemo-summoner is launcher for .launch applications right? Dec 13 23:03:00 why not just attach to it? Dec 13 23:03:03 gdb --args /usr/bin/maemo-summoner /usr/bin/osso-connectivity-ui-conndlgs.launch Dec 13 23:03:21 Pali: simply attach gdb to already running process Dec 13 23:03:26 because that maemo-launcher doing some special relocation Dec 13 23:03:31 and debugging is not possible Dec 13 23:03:38 it is here Dec 13 23:03:40 addresses in gdb are not correct Dec 13 23:03:44 I've never had any problems Dec 13 23:03:47 maemo-summoner is needed Dec 13 23:03:51 ok Dec 13 23:03:52 IIRC Dec 13 23:04:04 I always attach to the needed process Dec 13 23:04:20 the bigger PID of both Dec 13 23:04:36 never had any problems Dec 13 23:06:45 #0 0x400e94d4 in strlen () from /lib/libc.so.6; warning: Unable to fetch general register.; Cannot access memory at address 0x400e94d0 Dec 13 23:06:54 no more backtrace output Dec 13 23:07:24 hmm, maybe that buffer should be 42, not 41 bytes long Dec 13 23:07:37 I don't know that maemosec_certman_key_id_to_str function Dec 13 23:10:15 hmm, no, it is ok https://github.com/community-ssu/maemo-security-certman/blob/master/include/maemosec_certman.h#L95 Dec 13 23:10:22 ok, that strlen comes from /usr/lib/libdbus-1.so.3 Dec 13 23:10:45 I already looked into certman source and it check len against MAEMOSEC_KEY_ID_STR_LEN Dec 13 23:10:49 41 is OK Dec 13 23:11:25 well, it is either that password is not initialized or those string parameters should e passed as char*, not char** Dec 13 23:14:27 iap_conndlg 2.88+0m5[10259]: iap_dialog_private_key_pw_send_reply: buf='' password='' ok=0 Dec 13 23:14:38 passworrd is emtpy (which I set empty) Dec 13 23:14:42 and hash is also correct Dec 13 23:15:36 Pali: maybe add another const char *tmp = buf; and use &tmp instead of &buf for the firs string argument Dec 13 23:23:27 Pali: did you try ^^^? Dec 13 23:23:36 now going Dec 13 23:24:02 see http://dbus.sourcearchive.com/documentation/1.2.4/dbus-message_8c-source.html Dec 13 23:24:16 search for "@warning in C, given" Dec 13 23:25:31 helped! Dec 13 23:25:33 no crash Dec 13 23:27:00 the fuck, never knew that for gcc "&array == array" :( Dec 13 23:28:11 now I remind that there is such problem Dec 13 23:29:56 Pali: BTW, why did you push .so files? Dec 13 23:30:11 because we need to package all files Dec 13 23:30:31 cannot replace one in deb package easily Dec 13 23:30:44 ah, I see Dec 13 23:30:59 I guess I'll have to RE the others as well :) Dec 13 23:31:51 Pali: and how did you get those 3 nokia commits? Dec 13 23:32:06 I have script deb2dsc Dec 13 23:32:18 it convert binary deb package to debian source package Dec 13 23:32:29 ok :) Dec 13 23:32:41 and next I have script which import dsc packages into git history Dec 13 23:32:44 :-) Dec 13 23:33:05 good to know, will ask for it the next time I am REing some package :) Dec 13 23:33:32 I think I told you this year(s) ago :-) Dec 13 23:34:20 Can't remember Dec 13 23:34:39 anyway, time to have some rest, night Dec 13 23:35:52 now I fixed that freezing bug :-) Dec 13 23:35:59 going to push commits to github Dec 13 23:50:07 FIXED! https://github.com/community-ssu/connui-conndlgs-wlan/commit/2a4b91162e05710ee187fbcc56c1293b5c747169 Dec 13 23:51:02 Sicelo: now when user close password input dialog for EAP-TLS certificate password, then Maemo show error message connection failed Dec 13 23:51:12 and does not freeze and crash whole Maemo system! Dec 13 23:51:33 freemangordon: thanks for clonning that binary! Dec 13 23:51:50 Pali: you're welcome Dec 13 23:52:27 I'll try to find time to clone the other plugins as well Dec 13 23:52:30 now second part, support for EAP-TLS certificates without password... but later Dec 13 23:52:35 now going sleeping... Dec 13 23:52:44 yeah, me too :) Dec 13 23:54:27 https://bugs.maemo.org/show_bug.cgi?id=1574 Dec 13 23:54:29 04Bug 1574: Certificate Manager and WLAN EAP-TLS Dec 13 23:55:03 https://bugs.maemo.org/show_bug.cgi?id=3399 Dec 13 23:55:05 04Bug 3399: Will not auto connect to WPA-Enterprise Dec 13 23:55:15 https://bugs.maemo.org/show_bug.cgi?id=1635 Dec 13 23:55:16 04Bug 1635: Eduroam (EAP-TTLS+PAP) WiFi auth Dec 13 23:56:05 these 3 another bugs (reported in 2007!) we could fix in CSSU Dec 13 23:56:31 last is just setting one gconf key (this can be done in cssu metapackage) **** ENDING LOGGING AT Mon Dec 14 02:59:58 2015