diff options
author | David Bauer <mail@david-bauer.net> | 2020-05-09 03:30:21 +0200 |
---|---|---|
committer | Beniamino Galvani <bgalvani@redhat.com> | 2020-06-09 16:07:04 +0200 |
commit | 45ab623c12e5af91eef1a473ab8d03d63c31cb35 (patch) | |
tree | d76f3655a4d2462dece24506c9d610b358ebf6d7 | |
parent | d1e8eb791c21eb0f0a690adbc626e10a7291a918 (diff) | |
download | NetworkManager-45ab623c12e5af91eef1a473ab8d03d63c31cb35.tar.gz |
nm-supplicant-interface: fix removal of OWE flag from non-transition mode BSSIDs
Commit 37e7fa38c2ed ("nm-supplicant-interface: enable OWE security
when transition mode is available") adds the OWE security flag in
case a valid OWE transtition mode IE is present on the beacon.
It also removes the OWE security flag in case the Iinformation elements
of a beacon are updated and a OWE transition mode IE can't be found.
When a pure OWE AP updates it's Information Elements (e.g. BSS Load
Element), the OWE security flag is falsely removed.
Introduce a new NM_802_11_AP_SEC_KEY_MGMT_OWE_TM security flag and use
it exclusively for OWE transition mode. Don't use the
M_802_11_AP_SEC_KEY_MGMT_OWE security flag on transition-mode APs.
Signed-off-by: David Bauer <mail@david-bauer.net>
-rw-r--r-- | clients/cli/devices.c | 12 | ||||
-rw-r--r-- | libnm-core/nm-dbus-interface.h | 3 | ||||
-rw-r--r-- | libnm-core/nm-setting-wireless.c | 4 | ||||
-rw-r--r-- | libnm-core/nm-utils.c | 2 | ||||
-rw-r--r-- | src/devices/wifi/nm-wifi-ap.c | 3 | ||||
-rw-r--r-- | src/devices/wifi/nm-wifi-utils.c | 3 | ||||
-rw-r--r-- | src/supplicant/nm-supplicant-interface.c | 4 |
7 files changed, 20 insertions, 11 deletions
diff --git a/clients/cli/devices.c b/clients/cli/devices.c index 6a9bb77b7c..3e5e49d9a6 100644 --- a/clients/cli/devices.c +++ b/clients/cli/devices.c @@ -53,7 +53,7 @@ ap_wpa_rsn_flags_to_string (NM80211ApSecurityFlags flags, NMMetaAccessorGetType flags_str[i++] = "802.1X"; if (flags & NM_802_11_AP_SEC_KEY_MGMT_SAE) flags_str[i++] = "sae"; - if (flags & NM_802_11_AP_SEC_KEY_MGMT_OWE) + if (NM_FLAGS_ANY (flags, NM_802_11_AP_SEC_KEY_MGMT_OWE |NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) flags_str[i++] = "owe"; /* Make sure you grow flags_str when adding items here. */ @@ -1214,7 +1214,7 @@ fill_output_access_point (gpointer data, gpointer user_data) if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE) { g_string_append (security_str, "WPA3 "); } - if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_OWE) { + if (NM_FLAGS_ANY (rsn_flags, NM_802_11_AP_SEC_KEY_MGMT_OWE | NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) { g_string_append (security_str, "OWE "); } if ( (wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X) @@ -3690,8 +3690,12 @@ do_device_wifi_connect (const NMCCommand *cmd, NmCli *nmc, int argc, const char /* Set password for WEP or WPA-PSK. */ if ( (ap_flags & NM_802_11_AP_FLAGS_PRIVACY) - || (ap_wpa_flags != NM_802_11_AP_SEC_NONE && !(ap_wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_OWE)) - || (ap_rsn_flags != NM_802_11_AP_SEC_NONE && !(ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_OWE))) { + || ( ap_wpa_flags != NM_802_11_AP_SEC_NONE + && !NM_FLAGS_ANY (ap_wpa_flags, NM_802_11_AP_SEC_KEY_MGMT_OWE | + NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) + || ( ap_rsn_flags != NM_802_11_AP_SEC_NONE + && !NM_FLAGS_ANY (ap_rsn_flags, NM_802_11_AP_SEC_KEY_MGMT_OWE | + NM_802_11_AP_SEC_KEY_MGMT_OWE_TM))) { const char *con_password = NULL; NMSettingWirelessSecurity *s_wsec = NULL; diff --git a/libnm-core/nm-dbus-interface.h b/libnm-core/nm-dbus-interface.h index 28ee89bfbe..7d3482622f 100644 --- a/libnm-core/nm-dbus-interface.h +++ b/libnm-core/nm-dbus-interface.h @@ -351,6 +351,8 @@ typedef enum { /*< underscore_name=nm_802_11_ap_flags, flags >*/ * supported * @NM_802_11_AP_SEC_KEY_MGMT_OWE: WPA/RSN Opportunistic Wireless Encryption is * supported + * @NM_802_11_AP_SEC_KEY_MGMT_OWE_TM: WPA/RSN Opportunistic Wireless Encryption + * transition mode is supported. Since: 1.26. * * 802.11 access point security and authentication flags. These flags describe * the current security requirements of an access point as determined from the @@ -370,6 +372,7 @@ typedef enum { /*< underscore_name=nm_802_11_ap_security_flags, flags >*/ NM_802_11_AP_SEC_KEY_MGMT_802_1X = 0x00000200, NM_802_11_AP_SEC_KEY_MGMT_SAE = 0x00000400, NM_802_11_AP_SEC_KEY_MGMT_OWE = 0x00000800, + NM_802_11_AP_SEC_KEY_MGMT_OWE_TM = 0x00001000, } NM80211ApSecurityFlags; /** diff --git a/libnm-core/nm-setting-wireless.c b/libnm-core/nm-setting-wireless.c index 2ef51088ea..124f9c45cf 100644 --- a/libnm-core/nm-setting-wireless.c +++ b/libnm-core/nm-setting-wireless.c @@ -222,8 +222,8 @@ nm_setting_wireless_ap_security_compatible (NMSettingWireless *s_wireless, && !(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_SAE)) return FALSE; } else if (!strcmp (key_mgmt, "owe")) { - if ( !(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_OWE) - && !(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_OWE)) + if ( !NM_FLAGS_ANY (ap_wpa, NM_802_11_AP_SEC_KEY_MGMT_OWE | NM_802_11_AP_SEC_KEY_MGMT_OWE_TM) + && !NM_FLAGS_ANY (ap_rsn, NM_802_11_AP_SEC_KEY_MGMT_OWE | NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) return FALSE; } diff --git a/libnm-core/nm-utils.c b/libnm-core/nm-utils.c index 05846c50aa..c88afb3238 100644 --- a/libnm-core/nm-utils.c +++ b/libnm-core/nm-utils.c @@ -1266,7 +1266,7 @@ nm_utils_security_valid (NMUtilsSecurityType type, return FALSE; if (!have_ap) return TRUE; - if (!(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_OWE)) + if (!NM_FLAGS_ANY (ap_rsn, NM_802_11_AP_SEC_KEY_MGMT_OWE | NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) return FALSE; return TRUE; case NMU_SEC_INVALID: diff --git a/src/devices/wifi/nm-wifi-ap.c b/src/devices/wifi/nm-wifi-ap.c index e427c86fbd..b0aaf3e9b2 100644 --- a/src/devices/wifi/nm-wifi-ap.c +++ b/src/devices/wifi/nm-wifi-ap.c @@ -913,7 +913,8 @@ nm_wifi_ap_class_init (NMWifiAPClass *ap_class) | NM_802_11_AP_SEC_KEY_MGMT_PSK \ | NM_802_11_AP_SEC_KEY_MGMT_802_1X \ | NM_802_11_AP_SEC_KEY_MGMT_SAE \ - | NM_802_11_AP_SEC_KEY_MGMT_OWE ) + | NM_802_11_AP_SEC_KEY_MGMT_OWE \ + | NM_802_11_AP_SEC_KEY_MGMT_OWE_TM) GObjectClass *object_class = G_OBJECT_CLASS (ap_class); NMDBusObjectClass *dbus_object_class = NM_DBUS_OBJECT_CLASS (ap_class); diff --git a/src/devices/wifi/nm-wifi-utils.c b/src/devices/wifi/nm-wifi-utils.c index 0903dc8bba..6853852562 100644 --- a/src/devices/wifi/nm-wifi-utils.c +++ b/src/devices/wifi/nm-wifi-utils.c @@ -760,7 +760,8 @@ nm_wifi_utils_complete_connection (GBytes *ap_ssid, NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "open", NULL); } else if ( (key_mgmt && !strcmp (key_mgmt, "owe")) - || (ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_OWE)) { + || NM_FLAGS_ANY (ap_rsn_flags, NM_802_11_AP_SEC_KEY_MGMT_OWE | + NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) { g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "owe", NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "open", diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c index 1c7b9a4213..136b248afc 100644 --- a/src/supplicant/nm-supplicant-interface.c +++ b/src/supplicant/nm-supplicant-interface.c @@ -715,9 +715,9 @@ _bss_info_properties_changed (NMSupplicantInterface *self, g_variant_unref (v_v); if (p_owe_transition_mode) - bss_info->rsn_flags |= NM_802_11_AP_SEC_KEY_MGMT_OWE; + bss_info->rsn_flags |= NM_802_11_AP_SEC_KEY_MGMT_OWE_TM; else - bss_info->rsn_flags &= ~NM_802_11_AP_SEC_KEY_MGMT_OWE; + bss_info->rsn_flags &= ~NM_802_11_AP_SEC_KEY_MGMT_OWE_TM; bss_info->metered = p_metered; } |