diff options
Diffstat (limited to 'src/supplicant')
-rw-r--r-- | src/supplicant/nm-supplicant-config.c | 28 | ||||
-rw-r--r-- | src/supplicant/nm-supplicant-config.h | 2 | ||||
-rw-r--r-- | src/supplicant/nm-supplicant-interface.c | 9 | ||||
-rw-r--r-- | src/supplicant/nm-supplicant-settings-verify.c | 4 |
4 files changed, 42 insertions, 1 deletions
diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 1f4c74a5f4..4ff376a5cd 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -1325,3 +1325,31 @@ nm_supplicant_config_add_no_security (NMSupplicantConfig *self, GError **error) return nm_supplicant_config_add_option (self, "key_mgmt", "NONE", -1, NULL, error); } +gboolean +nm_supplicant_config_enable_pmf_akm (NMSupplicantConfig *self, GError **error) +{ + NMSupplicantConfigPrivate *priv; + ConfigOption *option; + + g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE); + g_return_val_if_fail (!error || !*error, FALSE); + + priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); + + option = g_hash_table_lookup (priv->config, "key_mgmt"); + if (!option) + return TRUE; + + if (nm_streq0 (option->value, "WPA-PSK")) { + g_hash_table_remove (priv->config, "key_mgmt"); + if (!nm_supplicant_config_add_option (self, "key_mgmt", "WPA-PSK WPA-PSK-SHA256", -1, NULL, error)) + return FALSE; + } else if (nm_streq0 (option->value, "WPA-EAP")) { + g_hash_table_remove (priv->config, "key_mgmt"); + if (!nm_supplicant_config_add_option (self, "key_mgmt", "WPA-EAP WPA-EAP-SHA256", -1, NULL, error)) + return FALSE; + } + + return TRUE; +} + diff --git a/src/supplicant/nm-supplicant-config.h b/src/supplicant/nm-supplicant-config.h index 6acfb7ee14..705833ff5f 100644 --- a/src/supplicant/nm-supplicant-config.h +++ b/src/supplicant/nm-supplicant-config.h @@ -76,4 +76,6 @@ gboolean nm_supplicant_config_add_setting_macsec (NMSupplicantConfig *self, NMSettingMacsec *setting, GError **error); +gboolean nm_supplicant_config_enable_pmf_akm (NMSupplicantConfig *self, + GError **error); #endif /* __NETWORKMANAGER_SUPPLICANT_CONFIG_H__ */ diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c index e92a57ff86..d3efadf15d 100644 --- a/src/supplicant/nm-supplicant-interface.c +++ b/src/supplicant/nm-supplicant-interface.c @@ -1424,6 +1424,7 @@ nm_supplicant_interface_assoc (NMSupplicantInterface *self, { NMSupplicantInterfacePrivate *priv; AssocData *assoc_data; + GError *error = NULL; g_return_if_fail (NM_IS_SUPPLICANT_INTERFACE (self)); g_return_if_fail (NM_IS_SUPPLICANT_CONFIG (cfg)); @@ -1440,6 +1441,14 @@ nm_supplicant_interface_assoc (NMSupplicantInterface *self, assoc_data->callback = callback; assoc_data->user_data = user_data; + if ( priv->driver == NM_SUPPLICANT_DRIVER_WIRELESS + && priv->pmf_support == NM_SUPPLICANT_FEATURE_YES) { + if (!nm_supplicant_config_enable_pmf_akm (cfg, &error)) { + _LOGW ("could not enable PMF AKMs in config: %s", error->message); + g_error_free (error); + } + } + _LOGD ("assoc[%p]: starting association...", assoc_data); /* Make sure the supplicant supports EAP-FAST before trying to send diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index ce3e46d8dc..fd5b06eacf 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -71,7 +71,9 @@ static const struct validate_entry validate_table[] = { const char * pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL }; const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL }; const char * proto_allowed[] = { "WPA", "RSN", NULL }; -const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-EAP", "IEEE8021X", "WPA-NONE", +const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", + "WPA-EAP", "WPA-EAP-SHA256", + "IEEE8021X", "WPA-NONE", "NONE", NULL }; const char * auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL }; const char * eap_allowed[] = { "LEAP", "MD5", "TLS", "PEAP", "TTLS", "SIM", |