diff options
author | Thomas Haller <thaller@redhat.com> | 2022-06-17 19:51:06 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2022-06-17 19:52:11 +0200 |
commit | bffb7535150eccc2f85b0d097b141c15c7e597e1 (patch) | |
tree | 8931198a87a05188b588cb9e07c2c491de24b2eb | |
parent | 81b4b87c5909197933a82ea6d4c06314c50c080c (diff) | |
parent | 02e35f5b205445435f293eae959b7a4435b7d807 (diff) | |
download | NetworkManager-bffb7535150eccc2f85b0d097b141c15c7e597e1.tar.gz |
wifi: merge branch 'owe-fixes'
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1259
-rw-r--r-- | src/core/supplicant/nm-supplicant-config.c | 8 | ||||
-rw-r--r-- | src/core/supplicant/nm-supplicant-settings-verify.c | 1 | ||||
-rw-r--r-- | src/libnm-core-impl/nm-setting-wireless.c | 4 | ||||
-rw-r--r-- | src/nmcli/devices.c | 5 |
4 files changed, 16 insertions, 2 deletions
diff --git a/src/core/supplicant/nm-supplicant-config.c b/src/core/supplicant/nm-supplicant-config.c index 3b67c86bd4..7e089ecf93 100644 --- a/src/core/supplicant/nm-supplicant-config.c +++ b/src/core/supplicant/nm-supplicant-config.c @@ -1088,6 +1088,14 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig error)) return FALSE; } + + /* In case the connection is saved as OWE / Enhanced Open, prevent + * unencrypted downgrade + */ + if (nm_streq(key_mgmt, "owe")) { + if (!nm_supplicant_config_add_option(self, "owe_only", "1", -1, NULL, error)) + return FALSE; + } } /* WEP keys if required */ diff --git a/src/core/supplicant/nm-supplicant-settings-verify.c b/src/core/supplicant/nm-supplicant-settings-verify.c index 566173af75..9881c552dc 100644 --- a/src/core/supplicant/nm-supplicant-settings-verify.c +++ b/src/core/supplicant/nm-supplicant-settings-verify.c @@ -92,6 +92,7 @@ static const struct Opt opt_table[] = { OPT_BYTES("mka_cak", 65536), OPT_BYTES("mka_ckn", 65536), OPT_BYTES("nai", 0), + OPT_INT("owe_only", 0, 1), OPT_BYTES("pac_file", 0), OPT_KEYWORD("pairwise", NM_MAKE_STRV("CCMP", "TKIP", "GCMP-256", "NONE", )), OPT_UTF8("password", 0), diff --git a/src/libnm-core-impl/nm-setting-wireless.c b/src/libnm-core-impl/nm-setting-wireless.c index 8f57f69b6a..68cc0e13f0 100644 --- a/src/libnm-core-impl/nm-setting-wireless.c +++ b/src/libnm-core-impl/nm-setting-wireless.c @@ -141,6 +141,10 @@ nm_setting_wireless_ap_security_compatible(NMSettingWireless *s_wireless g_return_val_if_fail(NM_IS_SETTING_WIRELESS(s_wireless), FALSE); if (!s_wireless_sec) { + /* A OWE-TM network can be used w/o security */ + if (ap_wpa == NM_802_11_AP_SEC_KEY_MGMT_OWE_TM + || (ap_rsn == NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) + return TRUE; if ((ap_flags & NM_802_11_AP_FLAGS_PRIVACY) || (ap_wpa != NM_802_11_AP_SEC_NONE) || (ap_rsn != NM_802_11_AP_SEC_NONE)) return FALSE; diff --git a/src/nmcli/devices.c b/src/nmcli/devices.c index 6fce9de731..be51731f6e 100644 --- a/src/nmcli/devices.c +++ b/src/nmcli/devices.c @@ -1343,9 +1343,10 @@ fill_output_access_point(NMAccessPoint *ap, const APInfo *info) if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE) { g_string_append(security_str, "WPA3 "); } - if (NM_FLAGS_ANY(rsn_flags, - NM_802_11_AP_SEC_KEY_MGMT_OWE | NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) { + if (NM_FLAGS_ANY(rsn_flags, NM_802_11_AP_SEC_KEY_MGMT_OWE)) { g_string_append(security_str, "OWE "); + } else if (NM_FLAGS_ANY(rsn_flags, NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) { + g_string_append(security_str, "OWE-TM "); } if ((wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X) || (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) { |