diff options
| author | Masashi Honma <masashi.honma@gmail.com> | 2018-01-16 06:28:37 +0900 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2018-01-16 15:01:59 +0100 |
| commit | 0109615c4eecaea74450b3a97aae42626b648de3 (patch) | |
| tree | 69fb5d9f52677d77e7f90ad5512394ff1170ec57 | |
| parent | 7711d7c87bbd19aca4c3a74c1de8762b947bc6cf (diff) | |
| download | NetworkManager-0109615c4eecaea74450b3a97aae42626b648de3.tar.gz | |
supplicant: enable FILS only when wpa_supplicant supports it
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
| -rw-r--r-- | src/devices/wifi/nm-device-wifi.c | 14 | ||||
| -rw-r--r-- | src/supplicant/nm-supplicant-interface.c | 33 | ||||
| -rw-r--r-- | src/supplicant/nm-supplicant-interface.h | 8 | ||||
| -rw-r--r-- | src/supplicant/nm-supplicant-manager.c | 15 |
4 files changed, 66 insertions, 4 deletions
diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c index 6d6c271e7f..979f309ddb 100644 --- a/src/devices/wifi/nm-device-wifi.c +++ b/src/devices/wifi/nm-device-wifi.c @@ -2467,6 +2467,20 @@ build_supplicant_config (NMDeviceWifi *self, if (!NM_IN_STRSET (nm_setting_wireless_security_get_key_mgmt (s_wireless_sec), "wpa-eap")) fils = NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE; + /* Check if we actually support FILS */ + if (nm_supplicant_interface_get_fils_support (priv->sup_iface) != NM_SUPPLICANT_FEATURE_YES) { + if (fils == NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED) { + g_set_error_literal (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, + "Supplicant does not support FILS"); + goto error; + } else if (fils == NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL) { + /* To be on the safe side, assume no support if we can't determine + * capabilities. + */ + fils = NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE; + } + } + s_8021x = nm_connection_get_setting_802_1x (connection); if (!nm_supplicant_config_add_setting_wireless_security (config, s_wireless_sec, diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c index 5d3362866c..7f251bfff8 100644 --- a/src/supplicant/nm-supplicant-interface.c +++ b/src/supplicant/nm-supplicant-interface.c @@ -93,6 +93,7 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMSupplicantInterface, PROP_FAST_SUPPORT, PROP_AP_SUPPORT, PROP_PMF_SUPPORT, + PROP_FILS_SUPPORT, ); typedef struct { @@ -102,6 +103,7 @@ typedef struct { NMSupplicantFeature fast_support; NMSupplicantFeature ap_support; /* Lightweight AP mode support */ NMSupplicantFeature pmf_support; + NMSupplicantFeature fils_support; guint32 max_scan_ssids; guint32 ready_count; @@ -565,6 +567,12 @@ nm_supplicant_interface_get_pmf_support (NMSupplicantInterface *self) return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->pmf_support; } +NMSupplicantFeature +nm_supplicant_interface_get_fils_support (NMSupplicantInterface *self) +{ + return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->fils_support; +} + void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self, NMSupplicantFeature ap_support) @@ -596,6 +604,15 @@ nm_supplicant_interface_set_pmf_support (NMSupplicantInterface *self, priv->pmf_support = pmf_support; } +void +nm_supplicant_interface_set_fils_support (NMSupplicantInterface *self, + NMSupplicantFeature fils_support) +{ + NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self); + + priv->fils_support = fils_support; +} + /*****************************************************************************/ static void @@ -1898,6 +1915,10 @@ set_property (GObject *object, /* construct-only */ priv->pmf_support = g_value_get_int (value); break; + case PROP_FILS_SUPPORT: + /* construct-only */ + priv->fils_support = g_value_get_int (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -1918,7 +1939,8 @@ nm_supplicant_interface_new (const char *ifname, NMSupplicantDriver driver, NMSupplicantFeature fast_support, NMSupplicantFeature ap_support, - NMSupplicantFeature pmf_support) + NMSupplicantFeature pmf_support, + NMSupplicantFeature fils_support) { g_return_val_if_fail (ifname != NULL, NULL); @@ -1928,6 +1950,7 @@ nm_supplicant_interface_new (const char *ifname, NM_SUPPLICANT_INTERFACE_FAST_SUPPORT, (int) fast_support, NM_SUPPLICANT_INTERFACE_AP_SUPPORT, (int) ap_support, NM_SUPPLICANT_INTERFACE_PMF_SUPPORT, (int) pmf_support, + NM_SUPPLICANT_INTERFACE_FILS_SUPPORT, (int) fils_support, NULL); } @@ -2027,6 +2050,14 @@ nm_supplicant_interface_class_init (NMSupplicantInterfaceClass *klass) G_PARAM_WRITABLE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS); + obj_properties[PROP_FILS_SUPPORT] = + g_param_spec_int (NM_SUPPLICANT_INTERFACE_FILS_SUPPORT, "", "", + NM_SUPPLICANT_FEATURE_UNKNOWN, + NM_SUPPLICANT_FEATURE_YES, + NM_SUPPLICANT_FEATURE_UNKNOWN, + G_PARAM_WRITABLE | + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_STATIC_STRINGS); g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties); diff --git a/src/supplicant/nm-supplicant-interface.h b/src/supplicant/nm-supplicant-interface.h index 567cf96ff5..f32ad8dda2 100644 --- a/src/supplicant/nm-supplicant-interface.h +++ b/src/supplicant/nm-supplicant-interface.h @@ -61,6 +61,7 @@ typedef enum { #define NM_SUPPLICANT_INTERFACE_FAST_SUPPORT "fast-support" #define NM_SUPPLICANT_INTERFACE_AP_SUPPORT "ap-support" #define NM_SUPPLICANT_INTERFACE_PMF_SUPPORT "pmf-support" +#define NM_SUPPLICANT_INTERFACE_FILS_SUPPORT "fils-support" /* Signals */ #define NM_SUPPLICANT_INTERFACE_STATE "state" @@ -79,7 +80,8 @@ NMSupplicantInterface * nm_supplicant_interface_new (const char *ifname, NMSupplicantDriver driver, NMSupplicantFeature fast_support, NMSupplicantFeature ap_support, - NMSupplicantFeature pmf_support); + NMSupplicantFeature pmf_support, + NMSupplicantFeature fils_support); void nm_supplicant_interface_set_supplicant_available (NMSupplicantInterface *self, gboolean available); @@ -123,6 +125,7 @@ gboolean nm_supplicant_interface_credentials_reply (NMSupplicantInterface *self, NMSupplicantFeature nm_supplicant_interface_get_ap_support (NMSupplicantInterface *self); NMSupplicantFeature nm_supplicant_interface_get_pmf_support (NMSupplicantInterface *self); +NMSupplicantFeature nm_supplicant_interface_get_fils_support (NMSupplicantInterface *self); void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self, NMSupplicantFeature apmode); @@ -133,6 +136,9 @@ void nm_supplicant_interface_set_fast_support (NMSupplicantInterface *self, void nm_supplicant_interface_set_pmf_support (NMSupplicantInterface *self, NMSupplicantFeature pmf_support); +void nm_supplicant_interface_set_fils_support (NMSupplicantInterface *self, + NMSupplicantFeature fils_support); + void nm_supplicant_interface_enroll_wps (NMSupplicantInterface *self, const char *const type, const char *bssid, diff --git a/src/supplicant/nm-supplicant-manager.c b/src/supplicant/nm-supplicant-manager.c index 0f2eb63a62..5ab96f88f1 100644 --- a/src/supplicant/nm-supplicant-manager.c +++ b/src/supplicant/nm-supplicant-manager.c @@ -40,6 +40,7 @@ typedef struct { NMSupplicantFeature fast_support; NMSupplicantFeature ap_support; NMSupplicantFeature pmf_support; + NMSupplicantFeature fils_support; guint die_count_reset_id; guint die_count; } NMSupplicantManagerPrivate; @@ -161,7 +162,8 @@ nm_supplicant_manager_create_interface (NMSupplicantManager *self, driver, priv->fast_support, priv->ap_support, - priv->pmf_support); + priv->pmf_support, + priv->fils_support); priv->ifaces = g_slist_prepend (priv->ifaces, iface); g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self); @@ -196,6 +198,7 @@ update_capabilities (NMSupplicantManager *self) */ priv->ap_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN; + priv->fils_support = NM_SUPPLICANT_FEATURE_UNKNOWN; value = g_dbus_proxy_get_cached_property (priv->proxy, "Capabilities"); if (value) { @@ -203,21 +206,25 @@ update_capabilities (NMSupplicantManager *self) array = g_variant_get_strv (value, NULL); priv->ap_support = NM_SUPPLICANT_FEATURE_NO; priv->pmf_support = NM_SUPPLICANT_FEATURE_NO; + priv->fils_support = NM_SUPPLICANT_FEATURE_NO; if (array) { if (g_strv_contains (array, "ap")) priv->ap_support = NM_SUPPLICANT_FEATURE_YES; if (g_strv_contains (array, "pmf")) priv->pmf_support = NM_SUPPLICANT_FEATURE_YES; + if (g_strv_contains (array, "fils")) + priv->fils_support = NM_SUPPLICANT_FEATURE_YES; g_free (array); } } g_variant_unref (value); } - /* Tell all interfaces about results of the AP/PMF check */ + /* Tell all interfaces about results of the AP/PMF/FILS check */ for (ifaces = priv->ifaces; ifaces; ifaces = ifaces->next) { nm_supplicant_interface_set_ap_support (ifaces->data, priv->ap_support); nm_supplicant_interface_set_pmf_support (ifaces->data, priv->pmf_support); + nm_supplicant_interface_set_fils_support (ifaces->data, priv->fils_support); } _LOGD ("AP mode is %ssupported", @@ -226,6 +233,9 @@ update_capabilities (NMSupplicantManager *self) _LOGD ("PMF is %ssupported", (priv->pmf_support == NM_SUPPLICANT_FEATURE_YES) ? "" : (priv->pmf_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly "); + _LOGD ("FILS is %ssupported", + (priv->fils_support == NM_SUPPLICANT_FEATURE_YES) ? "" : + (priv->fils_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly "); /* EAP-FAST */ priv->fast_support = NM_SUPPLICANT_FEATURE_NO; @@ -349,6 +359,7 @@ name_owner_cb (GDBusProxy *proxy, GParamSpec *pspec, gpointer user_data) priv->ap_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->fast_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN; + priv->fils_support = NM_SUPPLICANT_FEATURE_UNKNOWN; set_running (self, FALSE); } |