diff options
author | Masashi Honma <masashi.honma@gmail.com> | 2018-01-16 06:28:32 +0900 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2018-01-16 15:01:35 +0100 |
commit | 87ec5e90fe79fcb2ac315cf1604e757dcab60bb9 (patch) | |
tree | 4c1a0ef271e5abcf3b5ba62d8908956cd3839f9b | |
parent | 0839adc7d766a75af97518a9f6cbdfeed60d7a40 (diff) | |
download | NetworkManager-87ec5e90fe79fcb2ac315cf1604e757dcab60bb9.tar.gz |
supplicant: set key_mgmt independent of pmf value
Previouslly, the value of ieee80211w and key_mgmt field in
wpa_supplicant.conf was defined by the value of pmf.
NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE
ieee80211w=0
key_mgmt=wpa-eap
NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL
ieee80211w=1
key_mgmt=wpa-eap wpa-eap-sha256
NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED
ieee80211w=2
key_mgmt=wpa-eap-sha256
Though these works, these does not include whole combinations.
The key_mgmt could be set independent of ieee80211w value.
For example, management frame protection could be used with
wpa-eap.
ieee80211w=2
key_mgmt=wpa-eap
And wpa-eap-sha256 could be used without management frame
protection.
ieee80211w=0
key_mgmt=wpa-eap-sha256
So this patch uses always key_mgmt=wpa-psk wpa-psk-sha256 or
key_mgmt=wpa-eap wpa-eap-sha256. By this setting, when AP
supports both, stronger algorithm will be chosen (ex. when AP
supports both wpa-eap and wpa-eap-sha256, wpa-eap-sha256 will be
chosen).
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
-rw-r--r-- | src/supplicant/nm-supplicant-config.c | 16 | ||||
-rw-r--r-- | src/supplicant/tests/test-supplicant-config.c | 32 |
2 files changed, 28 insertions, 20 deletions
diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 5650e64a11..e51e8ba4c6 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -744,17 +744,11 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, g_return_val_if_fail (!error || !*error, FALSE); key_mgmt = key_mgmt_conf = nm_setting_wireless_security_get_key_mgmt (setting); - if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL) { - if (nm_streq (key_mgmt_conf, "wpa-psk")) - key_mgmt_conf = "wpa-psk wpa-psk-sha256"; - else if (nm_streq (key_mgmt_conf, "wpa-eap")) - key_mgmt_conf = "wpa-eap wpa-eap-sha256"; - } else if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED) { - if (nm_streq (key_mgmt_conf, "wpa-psk")) - key_mgmt_conf = "wpa-psk-sha256"; - else if (nm_streq (key_mgmt_conf, "wpa-eap")) - key_mgmt_conf = "wpa-eap-sha256"; - } + if (nm_streq (key_mgmt, "wpa-psk")) + key_mgmt_conf = "wpa-psk wpa-psk-sha256"; + else if (nm_streq (key_mgmt, "wpa-eap")) + key_mgmt_conf = "wpa-eap wpa-eap-sha256"; + if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL, error)) return FALSE; diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c index 258ced6b57..f85c137325 100644 --- a/src/supplicant/tests/test-supplicant-config.c +++ b/src/supplicant/tests/test-supplicant-config.c @@ -307,7 +307,8 @@ test_wifi_wpa_psk (const char *detail, OptType key_type, const char *key_data, const unsigned char *expected, - size_t expected_size) + size_t expected_size, + NMSettingWirelessSecurityPmf pmf) { gs_unref_object NMConnection *connection = NULL; gs_unref_variant GVariant *config_dict = NULL; @@ -327,7 +328,7 @@ test_wifi_wpa_psk (const char *detail, g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NM_SETTING_WIRELESS_SECURITY_PSK, key_data, - NM_SETTING_WIRELESS_SECURITY_PMF, (int) NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL, + NM_SETTING_WIRELESS_SECURITY_PMF, (int) pmf, NULL); nm_setting_wireless_security_add_proto (s_wsec, "wpa"); nm_setting_wireless_security_add_proto (s_wsec, "rsn"); @@ -349,7 +350,16 @@ test_wifi_wpa_psk (const char *detail, NMTST_EXPECT_NM_INFO ("Config: added 'proto' value 'WPA RSN'"); NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'"); NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'"); - NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '1'"); + switch (pmf) { + case NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL: + NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '1'"); + break; + case NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED: + NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '2'"); + break; + default: + break; + } config_dict = build_supplicant_config (connection, 1500, 0); g_test_assert_expected_messages (); @@ -380,8 +390,12 @@ test_wifi_wpa_psk_types (void) 0x6c, 0x2f, 0x11, 0x60, 0x5a, 0x16, 0x08, 0x93 }; const char *key2 = "r34lly l33t wp4 p4ssphr4s3 for t3st1ng"; - test_wifi_wpa_psk ("wifi-wpa-psk-hex", TYPE_BYTES, key1, key1_expected, sizeof (key1_expected)); - test_wifi_wpa_psk ("wifi-wep-psk-passphrase", TYPE_STRING, key2, (gconstpointer) key2, strlen (key2)); + test_wifi_wpa_psk ("wifi-wpa-psk-hex", TYPE_BYTES, key1, key1_expected, + sizeof (key1_expected), NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL); + test_wifi_wpa_psk ("wifi-wep-psk-passphrase", TYPE_STRING, key2, + (gconstpointer) key2, strlen (key2), NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED); + test_wifi_wpa_psk ("pmf-disabled", TYPE_STRING, key2, + (gconstpointer) key2, strlen (key2), NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE); } static NMConnection * @@ -439,7 +453,7 @@ test_wifi_eap_locked_bssid (void) NMTST_EXPECT_NM_INFO ("Config: added 'scan_ssid' value '1'*"); NMTST_EXPECT_NM_INFO ("Config: added 'bssid' value '11:22:33:44:55:66'*"); NMTST_EXPECT_NM_INFO ("Config: added 'freq_list' value *"); - NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'WPA-EAP'"); + NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'WPA-EAP WPA-EAP-SHA256'"); NMTST_EXPECT_NM_INFO ("Config: added 'proto' value 'WPA RSN'"); NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'"); NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'"); @@ -455,7 +469,7 @@ test_wifi_eap_locked_bssid (void) validate_opt ("wifi-eap", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1)); validate_opt ("wifi-eap", config_dict, "ssid", TYPE_BYTES, ssid); validate_opt ("wifi-eap", config_dict, "bssid", TYPE_KEYWORD, bssid_str); - validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP"); + validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP WPA-EAP-SHA256"); validate_opt ("wifi-eap", config_dict, "eap", TYPE_KEYWORD, "TLS"); validate_opt ("wifi-eap", config_dict, "proto", TYPE_KEYWORD, "WPA RSN"); validate_opt ("wifi-eap", config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP"); @@ -479,7 +493,7 @@ test_wifi_eap_unlocked_bssid (void) NMTST_EXPECT_NM_INFO ("Config: added 'ssid' value 'Test SSID'*"); NMTST_EXPECT_NM_INFO ("Config: added 'scan_ssid' value '1'*"); NMTST_EXPECT_NM_INFO ("Config: added 'freq_list' value *"); - NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'WPA-EAP'"); + NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'WPA-EAP WPA-EAP-SHA256'"); NMTST_EXPECT_NM_INFO ("Config: added 'proto' value 'WPA RSN'"); NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'"); NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'"); @@ -495,7 +509,7 @@ test_wifi_eap_unlocked_bssid (void) validate_opt ("wifi-eap", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1)); validate_opt ("wifi-eap", config_dict, "ssid", TYPE_BYTES, ssid); - validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP"); + validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP WPA-EAP-SHA256"); validate_opt ("wifi-eap", config_dict, "eap", TYPE_KEYWORD, "TLS"); validate_opt ("wifi-eap", config_dict, "proto", TYPE_KEYWORD, "WPA RSN"); validate_opt ("wifi-eap", config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP"); |