supplicant: set optional PMF using global supplicant property
https://bugzilla.redhat.com/show_bug.cgi?id=1665694
This commit is contained in:
parent
3b04eccd44
commit
7bcff3e30a
|
@ -0,0 +1,159 @@
|
||||||
|
From 2c3014d60d8ec868fd889a906ef8c8ca9b6e8d17 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Beniamino Galvani <bgalvani@redhat.com>
|
||||||
|
Date: Wed, 9 Jan 2019 11:36:52 +0100
|
||||||
|
Subject: [PATCH 1/2] supplicant: set optional PMF using global supplicant
|
||||||
|
property
|
||||||
|
|
||||||
|
wpa_supplicant is going to change the global default for PMF from 0
|
||||||
|
(disabled) to 1 (optional) [1], so NM code needs to be adjusted to
|
||||||
|
work with all wpa_supplicant versions. Furthermore, it is better to
|
||||||
|
set optional PMF using the 'Pmf' property instead of the 'ieee80211w'
|
||||||
|
configuration option because the former better handles missing support
|
||||||
|
in driver [2].
|
||||||
|
|
||||||
|
Note that each interface in wpa_supplicant has its own copy of global
|
||||||
|
configuration and so 'global' options must still be set on each
|
||||||
|
interface. So, let's set Pmf=1 when each interface gets created and
|
||||||
|
override it with ieee80211w={0,2} if needed during association.
|
||||||
|
|
||||||
|
[1] http://lists.infradead.org/pipermail/hostap/2018-November/039009.html
|
||||||
|
[2] http://lists.infradead.org/pipermail/hostap/2019-January/039215.html
|
||||||
|
|
||||||
|
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/104
|
||||||
|
(cherry picked from commit a9ab50efb10dfb50cfe897c58afa300f8b07f6ba)
|
||||||
|
(cherry picked from commit 1110e0bcae7ab5a4fa9df0f8bf9ec62e7ea4a17a)
|
||||||
|
(cherry picked from commit 40adc98a6db593009dc7d92f39af9f4854a61b2a)
|
||||||
|
---
|
||||||
|
src/supplicant/nm-supplicant-config.c | 4 +--
|
||||||
|
src/supplicant/nm-supplicant-interface.c | 34 +++++++++++++++++++
|
||||||
|
src/supplicant/tests/test-supplicant-config.c | 4 +--
|
||||||
|
3 files changed, 38 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c
|
||||||
|
index 22f9a3c02..e3dd55a84 100644
|
||||||
|
--- a/src/supplicant/nm-supplicant-config.c
|
||||||
|
+++ b/src/supplicant/nm-supplicant-config.c
|
||||||
|
@@ -864,11 +864,11 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
|
||||||
|
|
||||||
|
if ( !nm_streq (key_mgmt, "wpa-none")
|
||||||
|
&& NM_IN_SET (pmf,
|
||||||
|
- NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL,
|
||||||
|
+ NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE,
|
||||||
|
NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED)) {
|
||||||
|
if (!nm_supplicant_config_add_option (self,
|
||||||
|
"ieee80211w",
|
||||||
|
- pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL ? "1" : "2",
|
||||||
|
+ pmf == NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE ? "0" : "2",
|
||||||
|
-1,
|
||||||
|
NULL,
|
||||||
|
error))
|
||||||
|
diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c
|
||||||
|
index e16e3130e..b816722d0 100644
|
||||||
|
--- a/src/supplicant/nm-supplicant-interface.c
|
||||||
|
+++ b/src/supplicant/nm-supplicant-interface.c
|
||||||
|
@@ -555,6 +555,26 @@ iface_check_netreply_cb (GDBusProxy *proxy, GAsyncResult *result, gpointer user_
|
||||||
|
iface_check_ready (self);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+iface_set_pmf_cb (GDBusProxy *proxy, GAsyncResult *result, gpointer user_data)
|
||||||
|
+{
|
||||||
|
+ NMSupplicantInterface *self;
|
||||||
|
+ gs_unref_variant GVariant *variant = NULL;
|
||||||
|
+ gs_free_error GError *error = NULL;
|
||||||
|
+
|
||||||
|
+ variant = g_dbus_proxy_call_finish (proxy, result, &error);
|
||||||
|
+ if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ self = NM_SUPPLICANT_INTERFACE (user_data);
|
||||||
|
+
|
||||||
|
+ /* This can fail if the supplicant doesn't support PMF */
|
||||||
|
+ if (error)
|
||||||
|
+ _LOGD ("failed to set Pmf=1: %s", error->message);
|
||||||
|
+
|
||||||
|
+ iface_check_ready (self);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
NMSupplicantFeature
|
||||||
|
nm_supplicant_interface_get_ap_support (NMSupplicantInterface *self)
|
||||||
|
{
|
||||||
|
@@ -1155,6 +1175,20 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_
|
||||||
|
NULL,
|
||||||
|
NULL);
|
||||||
|
|
||||||
|
+ /* Initialize global PMF setting to 'optional' */
|
||||||
|
+ priv->ready_count++;
|
||||||
|
+ g_dbus_proxy_call (priv->iface_proxy,
|
||||||
|
+ DBUS_INTERFACE_PROPERTIES ".Set",
|
||||||
|
+ g_variant_new ("(ssv)",
|
||||||
|
+ WPAS_DBUS_IFACE_INTERFACE,
|
||||||
|
+ "Pmf",
|
||||||
|
+ g_variant_new_string ("1")),
|
||||||
|
+ G_DBUS_CALL_FLAGS_NONE,
|
||||||
|
+ -1,
|
||||||
|
+ priv->init_cancellable,
|
||||||
|
+ (GAsyncReadyCallback) iface_set_pmf_cb,
|
||||||
|
+ self);
|
||||||
|
+
|
||||||
|
/* Check whether NetworkReply and AP mode are supported */
|
||||||
|
priv->ready_count = 1;
|
||||||
|
g_dbus_proxy_call (priv->iface_proxy,
|
||||||
|
diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c
|
||||||
|
index 36831e676..d7ec1fe22 100644
|
||||||
|
--- a/src/supplicant/tests/test-supplicant-config.c
|
||||||
|
+++ b/src/supplicant/tests/test-supplicant-config.c
|
||||||
|
@@ -359,8 +359,8 @@ test_wifi_wpa_psk (const char *detail,
|
||||||
|
NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'");
|
||||||
|
NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'");
|
||||||
|
switch (pmf) {
|
||||||
|
- case NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL:
|
||||||
|
- NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '1'");
|
||||||
|
+ case NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE:
|
||||||
|
+ NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '0'");
|
||||||
|
break;
|
||||||
|
case NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED:
|
||||||
|
NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '2'");
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
||||||
|
|
||||||
|
From 5d0bf9db73fc552fc311d58dd51f0825aa883937 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Beniamino Galvani <bgalvani@redhat.com>
|
||||||
|
Date: Mon, 14 Jan 2019 15:16:09 +0100
|
||||||
|
Subject: [PATCH 2/2] supplicant: fix ready_count assignment
|
||||||
|
|
||||||
|
Fix a wrong backport.
|
||||||
|
|
||||||
|
Fixes: 1110e0bcae7ab5a4fa9df0f8bf9ec62e7ea4a17a
|
||||||
|
(cherry picked from commit d0dd120ab4b5716eec87d65f2a1424718addf600)
|
||||||
|
(cherry picked from commit e511f724584e32cd3e618c47b8a779e7093da6bc)
|
||||||
|
---
|
||||||
|
src/supplicant/nm-supplicant-interface.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c
|
||||||
|
index b816722d0..7450fb823 100644
|
||||||
|
--- a/src/supplicant/nm-supplicant-interface.c
|
||||||
|
+++ b/src/supplicant/nm-supplicant-interface.c
|
||||||
|
@@ -1176,7 +1176,7 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_
|
||||||
|
NULL);
|
||||||
|
|
||||||
|
/* Initialize global PMF setting to 'optional' */
|
||||||
|
- priv->ready_count++;
|
||||||
|
+ priv->ready_count = 1;
|
||||||
|
g_dbus_proxy_call (priv->iface_proxy,
|
||||||
|
DBUS_INTERFACE_PROPERTIES ".Set",
|
||||||
|
g_variant_new ("(ssv)",
|
||||||
|
@@ -1190,7 +1190,7 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_
|
||||||
|
self);
|
||||||
|
|
||||||
|
/* Check whether NetworkReply and AP mode are supported */
|
||||||
|
- priv->ready_count = 1;
|
||||||
|
+ priv->ready_count++;
|
||||||
|
g_dbus_proxy_call (priv->iface_proxy,
|
||||||
|
"NetworkReply",
|
||||||
|
g_variant_new ("(oss)",
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
%global epoch_version 1
|
%global epoch_version 1
|
||||||
%global rpm_version 1.12.6
|
%global rpm_version 1.12.6
|
||||||
%global real_version 1.12.6
|
%global real_version 1.12.6
|
||||||
%global release_version 4
|
%global release_version 5
|
||||||
%global snapshot %{nil}
|
%global snapshot %{nil}
|
||||||
%global git_sha %{nil}
|
%global git_sha %{nil}
|
||||||
|
|
||||||
|
@ -115,6 +115,7 @@ Patch3: 0003-wifi-take-down-device-when-changing-mac.patch
|
||||||
Patch4: 0004-connectivity-check-rh1619873.patch
|
Patch4: 0004-connectivity-check-rh1619873.patch
|
||||||
Patch5: 0005-fix-saving-agent-owned-secrets.patch
|
Patch5: 0005-fix-saving-agent-owned-secrets.patch
|
||||||
Patch6: 0006-cli-fix-cleanup-after-activation-from-editor.patch
|
Patch6: 0006-cli-fix-cleanup-after-activation-from-editor.patch
|
||||||
|
Patch7: 0007-supplicant-global-pmf.patch
|
||||||
|
|
||||||
Requires(post): systemd
|
Requires(post): systemd
|
||||||
Requires(post): /usr/sbin/update-alternatives
|
Requires(post): /usr/sbin/update-alternatives
|
||||||
|
@ -447,6 +448,7 @@ by nm-connection-editor and nm-applet in a non-graphical environment.
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
|
%patch7 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if %{with regen_docs}
|
%if %{with regen_docs}
|
||||||
|
@ -863,6 +865,9 @@ fi
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jan 14 2019 Beniamino Galvani <bgalvani@redhat.com> - 1:1.12.6-5
|
||||||
|
- improve Wi-Fi PMF support (rh #1665694)
|
||||||
|
|
||||||
* Wed Jan 2 2019 Beniamino Galvani <bgalvani@redhat.com> - 1:1.12.6-4
|
* Wed Jan 2 2019 Beniamino Galvani <bgalvani@redhat.com> - 1:1.12.6-4
|
||||||
- fix saving agent-owned secrets
|
- fix saving agent-owned secrets
|
||||||
- cli: fix cleanup after activation from editor (rh #1662766)
|
- cli: fix cleanup after activation from editor (rh #1662766)
|
||||||
|
|
Loading…
Reference in New Issue