diff options
author | Lubomir Rintel <lkundrak@v3.sk> | 2017-04-21 15:07:26 +0200 |
---|---|---|
committer | Lubomir Rintel <lkundrak@v3.sk> | 2017-04-30 13:58:57 +0200 |
commit | 0d72400ae9e5857997364a4c4574435e22cf902c (patch) | |
tree | b0ce20ce4d52037b8b18e6847f180091f22041ff | |
parent | 3380e64afc61bdedb43debb60ea404f98b90e297 (diff) | |
download | NetworkManager-lr/wps.tar.gz |
cli: add WPS PIN supportlr/wps
nmcli d wifi connect "My Network" pin 12345670
Also, add a note in the manual that it shouldn't really be used.
-rw-r--r-- | clients/cli/devices.c | 25 | ||||
-rw-r--r-- | clients/common/nm-meta-setting-desc.c | 1 | ||||
-rw-r--r-- | libnm-core/nm-setting-wireless-security.c | 8 | ||||
-rw-r--r-- | man/nmcli.xml | 14 |
4 files changed, 39 insertions, 9 deletions
diff --git a/clients/cli/devices.c b/clients/cli/devices.c index 2b9411e55b..45024d7d5b 100644 --- a/clients/cli/devices.c +++ b/clients/cli/devices.c @@ -14,7 +14,7 @@ * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * - * Copyright 2010 - 2014 Red Hat, Inc. + * Copyright 2010 - 2017 Red Hat, Inc. */ #include "nm-default.h" @@ -2819,6 +2819,7 @@ do_device_wifi_connect_network (NmCli *nmc, int argc, char **argv) const char *ifname = NULL; const char *bssid = NULL; const char *password = NULL; + const char *pin = NULL; const char *con_name = NULL; gboolean private = FALSE; gboolean hidden = FALSE; @@ -2866,7 +2867,7 @@ do_device_wifi_connect_network (NmCli *nmc, int argc, char **argv) while (argc > 0) { if (argc == 1 && nmc->complete) { nmc_complete_strings (*argv, "ifname", "bssid", "password", "wep-key-type", - "name", "private", "hidden", NULL); + "name", "private", "hidden", "pin", NULL); } if (strcmp (*argv, "ifname") == 0) { @@ -2972,6 +2973,15 @@ do_device_wifi_connect_network (NmCli *nmc, int argc, char **argv) g_clear_error (&err_tmp); goto finish; } + } else if (strcmp (*argv, "pin") == 0) { + argc--; + argv++; + if (!argc) { + g_string_printf (nmc->return_text, _("Error: %s argument is missing."), *(argv-1)); + nmc->return_value = NMC_RESULT_ERROR_USER_INPUT; + goto finish; + } + pin = *argv; } else if (!nmc->complete) { g_printerr (_("Unknown parameter: %s\n"), *argv); } @@ -3059,7 +3069,7 @@ do_device_wifi_connect_network (NmCli *nmc, int argc, char **argv) /* If there are some connection data from user, create a connection and * fill them into proper settings. */ - if (con_name || private || bssid2_arr || password || hidden) + if (con_name || private || bssid2_arr || password || hidden || pin) connection = nm_simple_connection_new (); if (con_name || private) { @@ -3105,17 +3115,19 @@ do_device_wifi_connect_network (NmCli *nmc, int argc, char **argv) ap_rsn_flags = nm_access_point_get_rsn_flags (ap); /* Set password for WEP or WPA-PSK. */ - if (ap_flags & NM_802_11_AP_FLAGS_PRIVACY) { + if (ap_flags & NM_802_11_AP_FLAGS_PRIVACY || pin) { /* Ask for missing password when one is expected and '--ask' is used */ if (!password && nmc->ask) password = passwd_ask = nmc_readline_echo (nmc->nmc_config.show_secrets, _("Password: ")); - if (password) { + if (password || pin) { if (!connection) connection = nm_simple_connection_new (); s_wsec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); nm_connection_add_setting (connection, NM_SETTING (s_wsec)); + } + if (password) { if (ap_wpa_flags == NM_802_11_AP_SEC_NONE && ap_rsn_flags == NM_802_11_AP_SEC_NONE) { /* WEP */ nm_setting_wireless_security_set_wep_key (s_wsec, 0, password); @@ -3129,6 +3141,9 @@ do_device_wifi_connect_network (NmCli *nmc, int argc, char **argv) g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_PSK, password, NULL); } } + + if (pin) + g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_WPS_PIN, pin, NULL); } // FIXME: WPA-Enterprise is not supported yet. // We are not able to determine and fill all the parameters for diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c index cef32a4518..d9ffc9b9d3 100644 --- a/clients/common/nm-meta-setting-desc.c +++ b/clients/common/nm-meta-setting-desc.c @@ -7004,7 +7004,6 @@ static const NMMetaPropertyInfo *const property_infos_WIRELESS_SECURITY[] = { ), ), PROPERTY_INFO_WITH_DESC (NM_SETTING_WIRELESS_SECURITY_WPS_PIN, - .is_secret = TRUE, .property_type = &_pt_gobject_string, ), NULL diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c index 5cc3d2fe25..2a3c1e402a 100644 --- a/libnm-core/nm-setting-wireless-security.c +++ b/libnm-core/nm-setting-wireless-security.c @@ -1929,8 +1929,12 @@ nm_setting_wireless_security_class_init (NMSettingWirelessSecurityClass *setting * * The PIN used for WPS. * - * NetworkManager will automatically disable WPS and unset this property - * after a successful WPS enrollment. + * Please note that this property is not handled as a secret and will be + * visible to the users of the machine. Aside from that, there's a known + * security flaw in the PIN based method that makes the PIN easy to guess. + * + * Enabling PIN method it on your router introduces a substantial risk that + * unauthorized nodes will join the wireless network. * * Since: 1.10 **/ diff --git a/man/nmcli.xml b/man/nmcli.xml index 8ee7914b15..61c3ca8f22 100644 --- a/man/nmcli.xml +++ b/man/nmcli.xml @@ -9,7 +9,7 @@ <!-- nmcli(1) manual page - Copyright 2010 - 2016 Red Hat, Inc. + Copyright 2010 - 2017 Red Hat, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 @@ -1395,6 +1395,7 @@ <command>connect</command> <arg choice='plain'><replaceable>(B)SSID</replaceable></arg> <arg><option>password</option> <replaceable>password</replaceable></arg> + <arg><option>pin</option> <replaceable>pin</replaceable></arg> <arg> <option>wep-key-type</option> <group choice='req'> @@ -1445,6 +1446,17 @@ </listitem> </varlistentry> <varlistentry> + <term><option>pin</option></term> + <listitem> + <para>PIN for WPA Protected Setup. If this option is set, the PIN will be + stored in the connection profile and a PIN-based WPS enrollment will be + attempted in case the PSK is required.</para> + <para>Please note that there is known security flaw in the PIN based method + that makes the PIN easy to guess. Enabling it on your router introduces a + substantial risk that unauthorized nodes will join the wireless network.</para> + </listitem> + </varlistentry> + <varlistentry> <term><option>wep-key-type</option></term> <listitem> <para>type of WEP secret, either <option>key</option> for ASCII/HEX key or |