cli: add WPS PIN supportlr/wps

nmcli d wifi connect "My Network" pin 12345670 Also, add a note in the manual that it shouldn't really be used.
author: Lubomir Rintel <lkundrak@v3.sk> 2017-04-21 15:07:26 +0200
committer: Lubomir Rintel <lkundrak@v3.sk> 2017-04-30 13:58:57 +0200
commit: 0d72400ae9e5857997364a4c4574435e22cf902c (patch)
tree: b0ce20ce4d52037b8b18e6847f180091f22041ff
parent: 3380e64afc61bdedb43debb60ea404f98b90e297 (diff)
download: NetworkManager-lr/wps.tar.gz
4 files changed, 39 insertions, 9 deletions
diff --git a/clients/cli/devices.c b/clients/cli/devices.c
index 2b9411e55b..45024d7d5b 100644
--- a/clients/cli/devices.c
+++ b/clients/cli/devices.c
@@ -14,7 +14,7 @@
  * with this program; if not, write to the Free Software Foundation, Inc.,
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  *
- * Copyright 2010 - 2014 Red Hat, Inc.
+ * Copyright 2010 - 2017 Red Hat, Inc.
  */
 
 #include "nm-default.h"
@@ -2819,6 +2819,7 @@ do_device_wifi_connect_network (NmCli *nmc, int argc, char **argv)
 	const char *ifname = NULL;
 	const char *bssid = NULL;
 	const char *password = NULL;
+	const char *pin = NULL;
 	const char *con_name = NULL;
 	gboolean private = FALSE;
 	gboolean hidden = FALSE;
@@ -2866,7 +2867,7 @@ do_device_wifi_connect_network (NmCli *nmc, int argc, char **argv)
 	while (argc > 0) {
 		if (argc == 1 && nmc->complete) {
 			nmc_complete_strings (*argv, "ifname", "bssid", "password", "wep-key-type",
-			                      "name", "private", "hidden", NULL);
+			                      "name", "private", "hidden", "pin", NULL);
 		}
 
 		if (strcmp (*argv, "ifname") == 0) {
@@ -2972,6 +2973,15 @@ do_device_wifi_connect_network (NmCli *nmc, int argc, char **argv)
 				g_clear_error (&err_tmp);
 				goto finish;
 			}
+		} else if (strcmp (*argv, "pin") == 0) {
+			argc--;
+			argv++;
+			if (!argc) {
+				g_string_printf (nmc->return_text, _("Error: %s argument is missing."), *(argv-1));
+				nmc->return_value = NMC_RESULT_ERROR_USER_INPUT;
+				goto finish;
+			}
+			pin = *argv;
 		} else if (!nmc->complete) {
 			g_printerr (_("Unknown parameter: %s\n"), *argv);
 		}
@@ -3059,7 +3069,7 @@ do_device_wifi_connect_network (NmCli *nmc, int argc, char **argv)
 
 	/* If there are some connection data from user, create a connection and
 	 * fill them into proper settings. */
-	if (con_name || private || bssid2_arr || password || hidden)
+	if (con_name || private || bssid2_arr || password || hidden || pin)
 		connection = nm_simple_connection_new ();
 
 	if (con_name || private) {
@@ -3105,17 +3115,19 @@ do_device_wifi_connect_network (NmCli *nmc, int argc, char **argv)
 	ap_rsn_flags = nm_access_point_get_rsn_flags (ap);
 
 	/* Set password for WEP or WPA-PSK. */
-	if (ap_flags & NM_802_11_AP_FLAGS_PRIVACY) {
+	if (ap_flags & NM_802_11_AP_FLAGS_PRIVACY || pin) {
 		/* Ask for missing password when one is expected and '--ask' is used */
 		if (!password && nmc->ask)
 			password = passwd_ask = nmc_readline_echo (nmc->nmc_config.show_secrets, _("Password: "));
 
-		if (password) {
+		if (password || pin) {
 			if (!connection)
 				connection = nm_simple_connection_new ();
 			s_wsec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new ();
 			nm_connection_add_setting (connection, NM_SETTING (s_wsec));
+		}
 
+		if (password) {
 			if (ap_wpa_flags == NM_802_11_AP_SEC_NONE && ap_rsn_flags == NM_802_11_AP_SEC_NONE) {
 				/* WEP */
 				nm_setting_wireless_security_set_wep_key (s_wsec, 0, password);
@@ -3129,6 +3141,9 @@ do_device_wifi_connect_network (NmCli *nmc, int argc, char **argv)
 				g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_PSK, password, NULL);
 			}
 		}
+
+		if (pin)
+			g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_WPS_PIN, pin, NULL);
 	}
 	// FIXME: WPA-Enterprise is not supported yet.
 	// We are not able to determine and fill all the parameters for
diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c
index cef32a4518..d9ffc9b9d3 100644
--- a/clients/common/nm-meta-setting-desc.c
+++ b/clients/common/nm-meta-setting-desc.c
@@ -7004,7 +7004,6 @@ static const NMMetaPropertyInfo *const property_infos_WIRELESS_SECURITY[] = {
 		),
 	),
 	PROPERTY_INFO_WITH_DESC (NM_SETTING_WIRELESS_SECURITY_WPS_PIN,
-		.is_secret =                    TRUE,
 		.property_type =                &_pt_gobject_string,
 	),
 	NULL
diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c
index 5cc3d2fe25..2a3c1e402a 100644
--- a/libnm-core/nm-setting-wireless-security.c
+++ b/libnm-core/nm-setting-wireless-security.c
@@ -1929,8 +1929,12 @@ nm_setting_wireless_security_class_init (NMSettingWirelessSecurityClass *setting
 	 *
 	 * The PIN used for WPS.
 	 *
-	 * NetworkManager will automatically disable WPS and unset this property
-	 * after a successful WPS enrollment.
+	 * Please note that this property is not handled as a secret and will be
+	 * visible to the users of the machine. Aside from that, there's a known
+	 * security flaw in the PIN based method that makes the PIN easy to guess.
+	 *
+	 * Enabling PIN method it on your router introduces a substantial risk that
+	 * unauthorized nodes will join the wireless network.
 	 *
 	 * Since: 1.10
 	 **/
diff --git a/man/nmcli.xml b/man/nmcli.xml
index 8ee7914b15..61c3ca8f22 100644
--- a/man/nmcli.xml
+++ b/man/nmcli.xml
@@ -9,7 +9,7 @@
 <!--
   nmcli(1) manual page
 
-  Copyright 2010 - 2016 Red Hat, Inc.
+  Copyright 2010 - 2017 Red Hat, Inc.
 
   Permission is granted to copy, distribute and/or modify this document
   under the terms of the GNU Free Documentation License, Version 1.1
@@ -1395,6 +1395,7 @@
           <command>connect</command>
           <arg choice='plain'><replaceable>(B)SSID</replaceable></arg>
           <arg><option>password</option> <replaceable>password</replaceable></arg>
+          <arg><option>pin</option> <replaceable>pin</replaceable></arg>
           <arg>
             <option>wep-key-type</option>
             <group choice='req'>
@@ -1445,6 +1446,17 @@
               </listitem>
             </varlistentry>
             <varlistentry>
+              <term><option>pin</option></term>
+              <listitem>
+                <para>PIN for WPA Protected Setup. If this option is set, the PIN will be
+                stored in the connection profile and a PIN-based WPS enrollment will be
+                attempted in case the PSK is required.</para>
+                <para>Please note that there is known security flaw in the PIN based method
+                that makes the PIN easy to guess. Enabling it on your router introduces a
+                substantial risk that unauthorized nodes will join the wireless network.</para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
               <term><option>wep-key-type</option></term>
               <listitem>
                 <para>type of WEP secret, either <option>key</option> for ASCII/HEX key or
author	Lubomir Rintel <lkundrak@v3.sk>	2017-04-21 15:07:26 +0200
committer	Lubomir Rintel <lkundrak@v3.sk>	2017-04-30 13:58:57 +0200
commit	0d72400ae9e5857997364a4c4574435e22cf902c (patch)
tree	b0ce20ce4d52037b8b18e6847f180091f22041ff
parent	3380e64afc61bdedb43debb60ea404f98b90e297 (diff)
download	NetworkManager-lr/wps.tar.gz