supplicant: early exit if EAP-FAST is not supported by the supplicant

EAP-FAST used to require some patches to OpenSSL which aren't always applied. We can't depend on the supplicant supporting EAP-FAST like we can for EAP methods that don't require any special support from external libraries. To ensure the error gets reported correctly and early, fail the configuration step if EAP-FAST isn't supported by the supplicant but the connection requests it.
author: Dan Williams <dcbw@redhat.com> 2012-02-07 23:46:12 -0600
committer: Dan Williams <dcbw@redhat.com> 2012-02-07 23:52:37 -0600
commit: ef9ef7133f0cccadd0ccd2cf57d9bea8aeebbd41 (patch)
tree: 6f9a8e3f9f15ef0dc4a4317e965caededbb93d2d
parent: a559d0565b0aac9641dd37231cfde7ec26e9954f (diff)
download: NetworkManager-ef9ef7133f0cccadd0ccd2cf57d9bea8aeebbd41.tar.gz
5 files changed, 35 insertions, 5 deletions
diff --git a/src/supplicant-manager/nm-supplicant-config.c b/src/supplicant-manager/nm-supplicant-config.c
index 0dfcaada2b..e9ac130813 100644
--- a/src/supplicant-manager/nm-supplicant-config.c
+++ b/src/supplicant-manager/nm-supplicant-config.c
@@ -54,6 +54,7 @@ typedef struct
 	GHashTable *config;
 	GHashTable *blobs;
 	guint32    ap_scan;
+	gboolean   fast_required;
 	gboolean   dispose_has_run;
 } NMSupplicantConfigPrivate;
 
@@ -278,6 +279,14 @@ nm_supplicant_config_set_ap_scan (NMSupplicantConfig * self,
 	NM_SUPPLICANT_CONFIG_GET_PRIVATE (self)->ap_scan = ap_scan;
 }
 
+gboolean
+nm_supplicant_config_fast_required (NMSupplicantConfig *self)
+{
+	g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE);
+
+	return NM_SUPPLICANT_CONFIG_GET_PRIVATE (self)->fast_required;
+}
+
 static void
 get_hash_cb (gpointer key, gpointer value, gpointer user_data)
 {
@@ -706,6 +715,7 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
                                         const char *connection_uid,
                                         gboolean wired)
 {
+	NMSupplicantConfigPrivate *priv;
 	char *tmp;
 	const char *peapver, *value, *path;
 	gboolean success, added;
@@ -719,6 +729,8 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
 	g_return_val_if_fail (setting != NULL, FALSE);
 	g_return_val_if_fail (connection_uid != NULL, FALSE);
 
+	priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self);
+
 	value = nm_setting_802_1x_get_password (setting);
 	if (!add_string_val (self, value, "password", FALSE, TRUE))
 		return FALSE;
@@ -744,8 +756,10 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
 
 		if (method && (strcasecmp (method, "peap") == 0))
 			peap = TRUE;
-		if (method && (strcasecmp (method, "fast") == 0))
+		if (method && (strcasecmp (method, "fast") == 0)) {
 			fast = TRUE;
+			priv->fast_required = TRUE;
+		}
 	}
 
 	/* When using PEAP-GTC, we're likely using Cisco kit, so we want to turn
diff --git a/src/supplicant-manager/nm-supplicant-config.h b/src/supplicant-manager/nm-supplicant-config.h
index dad23e29f0..cd5572fdc7 100644
--- a/src/supplicant-manager/nm-supplicant-config.h
+++ b/src/supplicant-manager/nm-supplicant-config.h
@@ -57,6 +57,8 @@ guint32 nm_supplicant_config_get_ap_scan (NMSupplicantConfig *self);
 void nm_supplicant_config_set_ap_scan (NMSupplicantConfig *self,
                                        guint32 ap_scan);
 
+gboolean nm_supplicant_config_fast_required (NMSupplicantConfig *self);
+
 GHashTable *nm_supplicant_config_get_hash (NMSupplicantConfig *self);
 
 GHashTable *nm_supplicant_config_get_blobs (NMSupplicantConfig *self);
diff --git a/src/supplicant-manager/nm-supplicant-interface.c b/src/supplicant-manager/nm-supplicant-interface.c
index a65a458f5b..cdd35a166d 100644
--- a/src/supplicant-manager/nm-supplicant-interface.c
+++ b/src/supplicant-manager/nm-supplicant-interface.c
@@ -104,6 +104,7 @@ typedef struct
 	NMDBusManager *       dbus_mgr;
 	char *                dev;
 	gboolean              is_wireless;
+	gboolean              fast_supported;
 
 	char *                object_path;
 	guint32               state;
@@ -205,7 +206,10 @@ nm_supplicant_info_destroy (gpointer user_data)
 
 
 NMSupplicantInterface *
-nm_supplicant_interface_new (NMSupplicantManager * smgr, const char *ifname, gboolean is_wireless)
+nm_supplicant_interface_new (NMSupplicantManager * smgr,
+                             const char *ifname,
+                             gboolean is_wireless,
+                             gboolean fast_supported)
 {
 	NMSupplicantInterface * iface;
 
@@ -218,6 +222,7 @@ nm_supplicant_interface_new (NMSupplicantManager * smgr, const char *ifname, gbo
 	                      NULL);
 	if (iface) {
 		NM_SUPPLICANT_INTERFACE_GET_PRIVATE (iface)->is_wireless = is_wireless;
+		NM_SUPPLICANT_INTERFACE_GET_PRIVATE (iface)->fast_supported = fast_supported;
 		nm_supplicant_interface_start (iface);
 	}
 
@@ -1293,7 +1298,15 @@ nm_supplicant_interface_set_config (NMSupplicantInterface * self,
 	priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
 
 	nm_supplicant_interface_disconnect (self);
-	
+
+	/* Make sure the supplicant supports EAP-FAST before trying to send
+	 * it an EAP-FAST configuration.
+	 */
+	if (nm_supplicant_config_fast_required (cfg) && !priv->fast_supported) {
+		nm_log_warn (LOGD_SUPPLICANT, "EAP-FAST is not supported by the supplicant");
+		return FALSE;
+	}
+
 	if (priv->cfg)
 		g_object_unref (priv->cfg);
 	priv->cfg = cfg;
diff --git a/src/supplicant-manager/nm-supplicant-interface.h b/src/supplicant-manager/nm-supplicant-interface.h
index bee5436f5a..cc1a452f61 100644
--- a/src/supplicant-manager/nm-supplicant-interface.h
+++ b/src/supplicant-manager/nm-supplicant-interface.h
@@ -119,7 +119,8 @@ GType nm_supplicant_interface_get_type (void);
 
 NMSupplicantInterface * nm_supplicant_interface_new (NMSupplicantManager * smgr,
                                                      const char *ifname,
-                                                     gboolean is_wireless);
+                                                     gboolean is_wireless,
+                                                     gboolean fast_supported);
 
 gboolean nm_supplicant_interface_set_config (NMSupplicantInterface * iface,
                                              NMSupplicantConfig * cfg);
diff --git a/src/supplicant-manager/nm-supplicant-manager.c b/src/supplicant-manager/nm-supplicant-manager.c
index 2909548b6c..0ca1ac38fe 100644
--- a/src/supplicant-manager/nm-supplicant-manager.c
+++ b/src/supplicant-manager/nm-supplicant-manager.c
@@ -362,7 +362,7 @@ nm_supplicant_manager_get_iface (NMSupplicantManager * self,
 
 	if (!iface) {
 		nm_log_dbg (LOGD_SUPPLICANT, "(%s): creating new supplicant interface", ifname);
-		iface = nm_supplicant_interface_new (self, ifname, is_wireless);
+		iface = nm_supplicant_interface_new (self, ifname, is_wireless, priv->fast_supported);
 		if (iface)
 			priv->ifaces = g_slist_append (priv->ifaces, iface);
 	} else {
author	Dan Williams <dcbw@redhat.com>	2012-02-07 23:46:12 -0600
committer	Dan Williams <dcbw@redhat.com>	2012-02-07 23:52:37 -0600
commit	ef9ef7133f0cccadd0ccd2cf57d9bea8aeebbd41 (patch)
tree	6f9a8e3f9f15ef0dc4a4317e965caededbb93d2d
parent	a559d0565b0aac9641dd37231cfde7ec26e9954f (diff)
download	NetworkManager-ef9ef7133f0cccadd0ccd2cf57d9bea8aeebbd41.tar.gz