diff options
author | Lubomir Rintel <lkundrak@v3.sk> | 2019-01-25 09:55:42 +0100 |
---|---|---|
committer | Lubomir Rintel <lkundrak@v3.sk> | 2019-07-15 15:15:59 +0000 |
commit | bbaa17d54b8f81bc511481d78ac5e7e6f9d3c909 (patch) | |
tree | b582679c1e12ec3dbd0ea2ae549a92c9e41ffe9d | |
parent | e4494be492d17b39d0217b6c8170c77a9a1d1dd0 (diff) | |
download | NetworkManager-bbaa17d54b8f81bc511481d78ac5e7e6f9d3c909.tar.gz |
wireless-security: ensure Mesh networks can't use anything but SAE
They must be either open or use SAE key management.
-rw-r--r-- | libnm-core/nm-setting-wireless-security.c | 33 |
1 files changed, 25 insertions, 8 deletions
diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c index 09f7bc69b4..bf6023bd88 100644 --- a/libnm-core/nm-setting-wireless-security.c +++ b/libnm-core/nm-setting-wireless-security.c @@ -904,6 +904,11 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) const char *valid_protos[] = { "wpa", "rsn", NULL }; const char *valid_pairwise[] = { "tkip", "ccmp", NULL }; const char *valid_groups[] = { "wep40", "wep104", "tkip", "ccmp", NULL }; + NMSettingWireless *s_wifi; + const char *wifi_mode; + + s_wifi = connection ? nm_connection_get_setting_wireless (connection) : NULL; + wifi_mode = s_wifi ? nm_setting_wireless_get_mode (s_wifi) : NULL; if (!priv->key_mgmt) { g_set_error_literal (error, @@ -914,14 +919,26 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) return FALSE; } - if (!g_strv_contains (valid_key_mgmt, priv->key_mgmt)) { - g_set_error (error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("'%s' is not a valid value for the property"), - priv->key_mgmt); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); - return FALSE; + if (g_strcmp0 (wifi_mode, NM_SETTING_WIRELESS_MODE_MESH) == 0) { + if (strcmp (priv->key_mgmt, "sae") != 0) { + g_set_error (error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("'%s' is not a valid value for '%s' mode connections"), + priv->key_mgmt, NM_SETTING_WIRELESS_MODE_MESH); + g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); + return FALSE; + } + } else { + if (!g_strv_contains (valid_key_mgmt, priv->key_mgmt)) { + g_set_error (error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("'%s' is not a valid value for the property"), + priv->key_mgmt); + g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); + return FALSE; + } } if (priv->auth_alg && !strcmp (priv->auth_alg, "leap")) { |