diff options
| author | Beniamino Galvani <bgalvani@redhat.com> | 2021-04-30 08:30:42 +0000 |
|---|---|---|
| committer | Beniamino Galvani <bgalvani@redhat.com> | 2021-04-30 08:30:42 +0000 |
| commit | d65b67e381aa527712f5d5c0840ac2f59e749e2e (patch) | |
| tree | 68c6c2e401abffe78814bda9f18dd5e8b1102553 | |
| parent | 6400c339151fa1053e22c42dd4bd3e73a4267dca (diff) | |
| parent | b876e76518b319a31d87abea7f9ba60bdd366359 (diff) | |
| download | NetworkManager-d65b67e381aa527712f5d5c0840ac2f59e749e2e.tar.gz | |
wifi: merge branch 'wifi-auth-alg-general-fixes'
Some fixes for creating wpa_supplicant config.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/826
| -rw-r--r-- | src/core/supplicant/nm-supplicant-config.c | 64 | ||||
| -rw-r--r-- | src/core/supplicant/tests/test-supplicant-config.c | 3 | ||||
| -rw-r--r-- | src/libnm-core-impl/nm-setting-wireless-security.c | 67 |
3 files changed, 69 insertions, 65 deletions
diff --git a/src/core/supplicant/nm-supplicant-config.c b/src/core/supplicant/nm-supplicant-config.c index c216159ca0..bb6cb6c44a 100644 --- a/src/core/supplicant/nm-supplicant-config.c +++ b/src/core/supplicant/nm-supplicant-config.c @@ -883,9 +883,6 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig * g_string_append(key_mgmt_conf, " ft-sae"); } else if (nm_streq(key_mgmt, "wpa-eap-suite-b-192")) { pmf = NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED; - if (!nm_supplicant_config_add_option(self, "pairwise", "GCMP-256", -1, NULL, error) - || !nm_supplicant_config_add_option(self, "group", "GCMP-256", -1, NULL, error)) - return FALSE; } if (!add_string_val(self, key_mgmt_conf->str, "key_mgmt", TRUE, NULL, error)) @@ -954,10 +951,6 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig * } } - /* Don't try to enable PMF on non-WPA/SAE/OWE networks */ - if (!NM_IN_STRSET(key_mgmt, "wpa-eap", "wpa-eap-suite-b-192", "wpa-psk", "sae", "owe")) - pmf = NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE; - /* Check if we actually support PMF */ set_pmf = TRUE; if (!_get_capability(priv, NM_SUPPL_CAP_TYPE_PMF)) { @@ -972,7 +965,7 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig * } /* Only WPA-specific things when using WPA */ - if (NM_IN_STRSET(key_mgmt, "wpa-psk", "wpa-eap", "sae", "owe")) { + if (NM_IN_STRSET(key_mgmt, "owe", "wpa-psk", "sae", "wpa-eap", "wpa-eap-suite-b-192")) { if (!ADD_STRING_LIST_VAL(self, setting, wireless_security, @@ -984,29 +977,40 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig * NULL, error)) return FALSE; - if (!ADD_STRING_LIST_VAL(self, - setting, - wireless_security, - pairwise, - pairwise, - "pairwise", - ' ', - TRUE, - NULL, - error)) - return FALSE; - if (!ADD_STRING_LIST_VAL(self, - setting, - wireless_security, - group, - groups, - "group", - ' ', - TRUE, - NULL, - error)) - return FALSE; + if (nm_streq(key_mgmt, "wpa-eap-suite-b-192")) { + if (!nm_supplicant_config_add_option(self, "pairwise", "GCMP-256", -1, NULL, error)) + return FALSE; + if (!nm_supplicant_config_add_option(self, "group", "GCMP-256", -1, NULL, error)) + return FALSE; + } else { + if (!ADD_STRING_LIST_VAL(self, + setting, + wireless_security, + pairwise, + pairwise, + "pairwise", + ' ', + TRUE, + NULL, + error)) + return FALSE; + if (!ADD_STRING_LIST_VAL(self, + setting, + wireless_security, + group, + groups, + "group", + ' ', + TRUE, + NULL, + error)) + return FALSE; + } + + /* We set the supplicants global "pmf" config value to "1" (optional), + * so no need to set it network-specific again if PMF_OPTIONAL is set. + */ if (set_pmf && NM_IN_SET(pmf, NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE, diff --git a/src/core/supplicant/tests/test-supplicant-config.c b/src/core/supplicant/tests/test-supplicant-config.c index 2c2d9478e2..3525f99962 100644 --- a/src/core/supplicant/tests/test-supplicant-config.c +++ b/src/core/supplicant/tests/test-supplicant-config.c @@ -815,9 +815,10 @@ test_wifi_eap_suite_b_generation(void) NMTST_EXPECT_NM_INFO("Config: added 'scan_ssid' value '1'*"); NMTST_EXPECT_NM_INFO("Config: added 'bssid' value '11:22:33:44:55:66'*"); NMTST_EXPECT_NM_INFO("Config: added 'freq_list' value *"); + NMTST_EXPECT_NM_INFO("Config: added 'key_mgmt' value 'WPA-EAP-SUITE-B-192'"); NMTST_EXPECT_NM_INFO("Config: added 'pairwise' value 'GCMP-256'"); NMTST_EXPECT_NM_INFO("Config: added 'group' value 'GCMP-256'"); - NMTST_EXPECT_NM_INFO("Config: added 'key_mgmt' value 'WPA-EAP-SUITE-B-192'"); + NMTST_EXPECT_NM_INFO("Config: added 'ieee80211w' value '2'"); NMTST_EXPECT_NM_INFO("Config: added 'eap' value 'TLS'"); NMTST_EXPECT_NM_INFO("Config: added 'fragment_size' value '1086'"); NMTST_EXPECT_NM_INFO("Config: added 'ca_cert' value '*/test-ca-cert.pem'"); diff --git a/src/libnm-core-impl/nm-setting-wireless-security.c b/src/libnm-core-impl/nm-setting-wireless-security.c index 6104aea575..47a9ca3286 100644 --- a/src/libnm-core-impl/nm-setting-wireless-security.c +++ b/src/libnm-core-impl/nm-setting-wireless-security.c @@ -904,33 +904,32 @@ verify(NMSetting *setting, NMConnection *connection, GError **error) return FALSE; } - if (g_strcmp0(wifi_mode, NM_SETTING_WIRELESS_MODE_MESH) == 0) { - if ((strcmp(priv->key_mgmt, "none") == 0) || (strcmp(priv->key_mgmt, "sae") == 0)) { - g_set_error(error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("'%s' is not a valid value for '%s' mode connections"), - priv->key_mgmt, - NM_SETTING_WIRELESS_MODE_MESH); - g_prefix_error(error, - "%s.%s: ", - NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, - NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); - return FALSE; - } - } else { - if (!g_strv_contains(valid_key_mgmt, priv->key_mgmt)) { - g_set_error(error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("'%s' is not a valid value for the property"), - priv->key_mgmt); - g_prefix_error(error, - "%s.%s: ", - NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, - NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); - return FALSE; - } + if (!g_strv_contains(valid_key_mgmt, priv->key_mgmt)) { + g_set_error(error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("'%s' is not a valid value for the property"), + priv->key_mgmt); + g_prefix_error(error, + "%s.%s: ", + NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, + NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); + return FALSE; + } + + if (NM_IN_STRSET(wifi_mode, NM_SETTING_WIRELESS_MODE_MESH) + && !NM_IN_STRSET(priv->key_mgmt, "none", "sae")) { + g_set_error(error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("'%s' is not a valid value for '%s' mode connections"), + priv->key_mgmt, + NM_SETTING_WIRELESS_MODE_MESH); + g_prefix_error(error, + "%s.%s: ", + NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, + NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); + return FALSE; } if (priv->auth_alg && !strcmp(priv->auth_alg, "leap")) { @@ -1104,13 +1103,13 @@ verify(NMSetting *setting, NMConnection *connection, GError **error) "wpa-psk", "sae", "owe")) { - g_set_error( - error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("'%s' can only be used with 'wpa-eap', 'wpa-eap-suite-b-192', 'wpa-psk' or 'sae' key " - "management "), - priv->pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL ? "optional" : "required"); + g_set_error(error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("'%s' can only be used with 'owe', 'wpa-psk', 'sae', 'wpa-eap' " + "or 'wpa-eap-suite-b-192' key management"), + priv->pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL ? "optional" + : "required"); g_prefix_error(error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, |