wifi: detect FT support per interface and avoid enabling it

Previously we only cared whether supplicant is build with support for FT. In that case we would pass FT-PSK to supplicant, like Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 FT-PSK' Supplicant would then always try FT with preference, regardless whether the interface/driver support it. That results in a failure to associate, if the driver does not support it. NetworkManager[1356]: <info> [1566296144.9940] Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 FT-PSK' ... wpa_supplicant[1348]: wlan0: WPA: AP key_mgmt 0x42 network profile key_mgmt 0x142; available key_mgmt 0x42 wpa_supplicant[1348]: wlan0: WPA: using KEY_MGMT FT/PSK ... wpa_supplicant[1348]: * akm=0xfac04 ... kernel: ERROR @wl_set_key_mgmt : kernel: invalid cipher group (1027076) Since we pass a list of acceptable "key_mgmt" options to supplicant, FT-PSK should not be used when supplicant knows it's not supported. That is a supplicant bug. Regardless, work around it by checking the per-interface capability, and avoid it if support is apparently not present.
author: Thomas Haller <thaller@redhat.com> 2019-08-20 15:50:32 +0200
committer: Thomas Haller <thaller@redhat.com> 2019-08-20 16:28:28 +0200
commit: 2f8a4e90f0fd0f900996e3081d49f8799bba4c6f (patch)
tree: 7f7759dbab344f36d93da36a82bd3132d070b496
parent: 0e1748afe149ee75f8047caf1861ec677e7ba988 (diff)
download: NetworkManager-2f8a4e90f0fd0f900996e3081d49f8799bba4c6f.tar.gz
1 files changed, 26 insertions, 9 deletions
diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c
index 079afca3b5..a54b770c35 100644
--- a/src/supplicant/nm-supplicant-interface.c
+++ b/src/supplicant/nm-supplicant-interface.c
@@ -135,7 +135,8 @@ typedef struct {
 	NMSupplicantFeature p2p_support;
 	NMSupplicantFeature mesh_support;
 	NMSupplicantFeature wfd_support;
-	NMSupplicantFeature ft_support;
+	NMSupplicantFeature ft_support_global;
+	NMSupplicantFeature ft_support_per_iface;
 	NMSupplicantFeature sha384_support;
 	guint32        max_scan_ssids;
 	guint32        ready_count;
@@ -609,14 +610,25 @@ static void
 parse_capabilities (NMSupplicantInterface *self, GVariant *capabilities)
 {
 	NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
-	gboolean have_active = FALSE, have_p2p = FALSE, have_ssid = FALSE;
+	gboolean have_active = FALSE;
+	gboolean have_ssid = FALSE;
+	gboolean have_p2p = FALSE;
+	gboolean have_ft = FALSE;
 	gint32 max_scan_ssids = -1;
 	const char **array;
 
 	g_return_if_fail (capabilities && g_variant_is_of_type (capabilities, G_VARIANT_TYPE_VARDICT));
 
-	if (   g_variant_lookup (capabilities, "Modes", "^a&s", &array)
-	    && array) {
+	if (g_variant_lookup (capabilities, "KeyMgmt", "^a&s", &array)) {
+		have_ft = g_strv_contains (array, "wpa-ft-psk");
+		g_free (array);
+	}
+
+	priv->ft_support_per_iface =   have_ft
+	                             ? NM_SUPPLICANT_FEATURE_YES
+	                             : NM_SUPPLICANT_FEATURE_NO;
+
+	if (g_variant_lookup (capabilities, "Modes", "^a&s", &array)) {
 		if (g_strv_contains (array, "p2p"))
 			have_p2p = TRUE;
 		g_free (array);
@@ -627,8 +639,7 @@ parse_capabilities (NMSupplicantInterface *self, GVariant *capabilities)
 		_notify (self, PROP_P2P_AVAILABLE);
 	}
 
-	if (   g_variant_lookup (capabilities, "Scan", "^a&s", &array)
-	    && array) {
+	if (g_variant_lookup (capabilities, "Scan", "^a&s", &array)) {
 		if (g_strv_contains (array, "active"))
 			have_active = TRUE;
 		if (g_strv_contains (array, "ssid"))
@@ -807,7 +818,13 @@ nm_supplicant_interface_get_wfd_support (NMSupplicantInterface *self)
 NMSupplicantFeature
 nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self)
 {
-	return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->ft_support;
+	NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
+
+	if (priv->ft_support_global == NM_SUPPLICANT_FEATURE_NO)
+		return NM_SUPPLICANT_FEATURE_NO;
+	if (priv->ft_support_per_iface != NM_SUPPLICANT_FEATURE_UNKNOWN)
+		return priv->ft_support_per_iface;
+	return priv->ft_support_global;
 }
 
 NMSupplicantFeature
@@ -889,7 +906,7 @@ nm_supplicant_interface_set_ft_support (NMSupplicantInterface *self,
 {
 	NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
 
-	priv->ft_support = ft_support;
+	priv->ft_support_global = ft_support;
 }
 
 void
@@ -2801,7 +2818,7 @@ set_property (GObject *object,
 		break;
 	case PROP_FT_SUPPORT:
 		/* construct-only */
-		priv->ft_support = g_value_get_int (value);
+		priv->ft_support_global = g_value_get_int (value);
 		break;
 	case PROP_SHA384_SUPPORT:
 		/* construct-only */
author	Thomas Haller <thaller@redhat.com>	2019-08-20 15:50:32 +0200
committer	Thomas Haller <thaller@redhat.com>	2019-08-20 16:28:28 +0200
commit	2f8a4e90f0fd0f900996e3081d49f8799bba4c6f (patch)
tree	7f7759dbab344f36d93da36a82bd3132d070b496
parent	0e1748afe149ee75f8047caf1861ec677e7ba988 (diff)
download	NetworkManager-2f8a4e90f0fd0f900996e3081d49f8799bba4c6f.tar.gz