160 lines
6.6 KiB
Diff
160 lines
6.6 KiB
Diff
From 2c3014d60d8ec868fd889a906ef8c8ca9b6e8d17 Mon Sep 17 00:00:00 2001
|
|
From: Beniamino Galvani <bgalvani@redhat.com>
|
|
Date: Wed, 9 Jan 2019 11:36:52 +0100
|
|
Subject: [PATCH 1/2] supplicant: set optional PMF using global supplicant
|
|
property
|
|
|
|
wpa_supplicant is going to change the global default for PMF from 0
|
|
(disabled) to 1 (optional) [1], so NM code needs to be adjusted to
|
|
work with all wpa_supplicant versions. Furthermore, it is better to
|
|
set optional PMF using the 'Pmf' property instead of the 'ieee80211w'
|
|
configuration option because the former better handles missing support
|
|
in driver [2].
|
|
|
|
Note that each interface in wpa_supplicant has its own copy of global
|
|
configuration and so 'global' options must still be set on each
|
|
interface. So, let's set Pmf=1 when each interface gets created and
|
|
override it with ieee80211w={0,2} if needed during association.
|
|
|
|
[1] http://lists.infradead.org/pipermail/hostap/2018-November/039009.html
|
|
[2] http://lists.infradead.org/pipermail/hostap/2019-January/039215.html
|
|
|
|
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/104
|
|
(cherry picked from commit a9ab50efb10dfb50cfe897c58afa300f8b07f6ba)
|
|
(cherry picked from commit 1110e0bcae7ab5a4fa9df0f8bf9ec62e7ea4a17a)
|
|
(cherry picked from commit 40adc98a6db593009dc7d92f39af9f4854a61b2a)
|
|
---
|
|
src/supplicant/nm-supplicant-config.c | 4 +--
|
|
src/supplicant/nm-supplicant-interface.c | 34 +++++++++++++++++++
|
|
src/supplicant/tests/test-supplicant-config.c | 4 +--
|
|
3 files changed, 38 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c
|
|
index 22f9a3c02..e3dd55a84 100644
|
|
--- a/src/supplicant/nm-supplicant-config.c
|
|
+++ b/src/supplicant/nm-supplicant-config.c
|
|
@@ -864,11 +864,11 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
|
|
|
|
if ( !nm_streq (key_mgmt, "wpa-none")
|
|
&& NM_IN_SET (pmf,
|
|
- NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL,
|
|
+ NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE,
|
|
NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED)) {
|
|
if (!nm_supplicant_config_add_option (self,
|
|
"ieee80211w",
|
|
- pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL ? "1" : "2",
|
|
+ pmf == NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE ? "0" : "2",
|
|
-1,
|
|
NULL,
|
|
error))
|
|
diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c
|
|
index e16e3130e..b816722d0 100644
|
|
--- a/src/supplicant/nm-supplicant-interface.c
|
|
+++ b/src/supplicant/nm-supplicant-interface.c
|
|
@@ -555,6 +555,26 @@ iface_check_netreply_cb (GDBusProxy *proxy, GAsyncResult *result, gpointer user_
|
|
iface_check_ready (self);
|
|
}
|
|
|
|
+static void
|
|
+iface_set_pmf_cb (GDBusProxy *proxy, GAsyncResult *result, gpointer user_data)
|
|
+{
|
|
+ NMSupplicantInterface *self;
|
|
+ gs_unref_variant GVariant *variant = NULL;
|
|
+ gs_free_error GError *error = NULL;
|
|
+
|
|
+ variant = g_dbus_proxy_call_finish (proxy, result, &error);
|
|
+ if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
|
|
+ return;
|
|
+
|
|
+ self = NM_SUPPLICANT_INTERFACE (user_data);
|
|
+
|
|
+ /* This can fail if the supplicant doesn't support PMF */
|
|
+ if (error)
|
|
+ _LOGD ("failed to set Pmf=1: %s", error->message);
|
|
+
|
|
+ iface_check_ready (self);
|
|
+}
|
|
+
|
|
NMSupplicantFeature
|
|
nm_supplicant_interface_get_ap_support (NMSupplicantInterface *self)
|
|
{
|
|
@@ -1155,6 +1175,20 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_
|
|
NULL,
|
|
NULL);
|
|
|
|
+ /* Initialize global PMF setting to 'optional' */
|
|
+ priv->ready_count++;
|
|
+ g_dbus_proxy_call (priv->iface_proxy,
|
|
+ DBUS_INTERFACE_PROPERTIES ".Set",
|
|
+ g_variant_new ("(ssv)",
|
|
+ WPAS_DBUS_IFACE_INTERFACE,
|
|
+ "Pmf",
|
|
+ g_variant_new_string ("1")),
|
|
+ G_DBUS_CALL_FLAGS_NONE,
|
|
+ -1,
|
|
+ priv->init_cancellable,
|
|
+ (GAsyncReadyCallback) iface_set_pmf_cb,
|
|
+ self);
|
|
+
|
|
/* Check whether NetworkReply and AP mode are supported */
|
|
priv->ready_count = 1;
|
|
g_dbus_proxy_call (priv->iface_proxy,
|
|
diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c
|
|
index 36831e676..d7ec1fe22 100644
|
|
--- a/src/supplicant/tests/test-supplicant-config.c
|
|
+++ b/src/supplicant/tests/test-supplicant-config.c
|
|
@@ -359,8 +359,8 @@ test_wifi_wpa_psk (const char *detail,
|
|
NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'");
|
|
NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'");
|
|
switch (pmf) {
|
|
- case NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL:
|
|
- NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '1'");
|
|
+ case NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE:
|
|
+ NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '0'");
|
|
break;
|
|
case NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED:
|
|
NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '2'");
|
|
--
|
|
2.20.1
|
|
|
|
|
|
From 5d0bf9db73fc552fc311d58dd51f0825aa883937 Mon Sep 17 00:00:00 2001
|
|
From: Beniamino Galvani <bgalvani@redhat.com>
|
|
Date: Mon, 14 Jan 2019 15:16:09 +0100
|
|
Subject: [PATCH 2/2] supplicant: fix ready_count assignment
|
|
|
|
Fix a wrong backport.
|
|
|
|
Fixes: 1110e0bcae7ab5a4fa9df0f8bf9ec62e7ea4a17a
|
|
(cherry picked from commit d0dd120ab4b5716eec87d65f2a1424718addf600)
|
|
(cherry picked from commit e511f724584e32cd3e618c47b8a779e7093da6bc)
|
|
---
|
|
src/supplicant/nm-supplicant-interface.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c
|
|
index b816722d0..7450fb823 100644
|
|
--- a/src/supplicant/nm-supplicant-interface.c
|
|
+++ b/src/supplicant/nm-supplicant-interface.c
|
|
@@ -1176,7 +1176,7 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_
|
|
NULL);
|
|
|
|
/* Initialize global PMF setting to 'optional' */
|
|
- priv->ready_count++;
|
|
+ priv->ready_count = 1;
|
|
g_dbus_proxy_call (priv->iface_proxy,
|
|
DBUS_INTERFACE_PROPERTIES ".Set",
|
|
g_variant_new ("(ssv)",
|
|
@@ -1190,7 +1190,7 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_
|
|
self);
|
|
|
|
/* Check whether NetworkReply and AP mode are supported */
|
|
- priv->ready_count = 1;
|
|
+ priv->ready_count++;
|
|
g_dbus_proxy_call (priv->iface_proxy,
|
|
"NetworkReply",
|
|
g_variant_new ("(oss)",
|
|
--
|
|
2.20.1
|
|
|