diff options
author | Beniamino Galvani <bgalvani@redhat.com> | 2019-01-09 11:36:52 +0100 |
---|---|---|
committer | Beniamino Galvani <bgalvani@redhat.com> | 2019-01-09 12:54:27 +0100 |
commit | 6583edba2afeb78937d2912a3cd7a354a86c2ed4 (patch) | |
tree | fb223396bf52c63325f3a80dfbf0e61a5871442e | |
parent | e844984a344566a1016c7336b82f6ebec1d77cbf (diff) | |
download | NetworkManager-bg/pmf-global.tar.gz |
supplicant: set optional PMF using global supplicant propertybg/pmf-global
wpa_supplicant is going to change the global default for PMF from 0
(disabled) to 1 (optional) [1], so NM code needs to be adjusted to
work with all wpa_supplicant versions. Furthermore, it is better to
set optional PMF using the 'Pmf' property instead of the 'ieee80211w'
configuration option because the former better handles missing support
in driver [2].
Note that each interface in wpa_supplicant has its own copy of global
configuration and so 'global' options must still be set on each
interface. So, let's set Pmf=1 when each interface gets created and
override it with ieee80211w={0,2} if needed during association.
[1] http://lists.infradead.org/pipermail/hostap/2018-November/039009.html
[2] http://lists.infradead.org/pipermail/hostap/2019-January/039215.html
-rw-r--r-- | src/supplicant/nm-supplicant-config.c | 4 | ||||
-rw-r--r-- | src/supplicant/nm-supplicant-interface.c | 34 | ||||
-rw-r--r-- | src/supplicant/tests/test-supplicant-config.c | 4 |
3 files changed, 38 insertions, 4 deletions
diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 55936ed048..57adc8c133 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -869,11 +869,11 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, if ( !nm_streq (key_mgmt, "wpa-none") && NM_IN_SET (pmf, - NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL, + NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE, NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED)) { if (!nm_supplicant_config_add_option (self, "ieee80211w", - pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL ? "1" : "2", + pmf == NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE ? "0" : "2", -1, NULL, error)) diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c index 6e4d178a05..c30adc58f9 100644 --- a/src/supplicant/nm-supplicant-interface.c +++ b/src/supplicant/nm-supplicant-interface.c @@ -716,6 +716,26 @@ iface_check_netreply_cb (GDBusProxy *proxy, GAsyncResult *result, gpointer user_ iface_check_ready (self); } +static void +iface_set_pmf_cb (GDBusProxy *proxy, GAsyncResult *result, gpointer user_data) +{ + NMSupplicantInterface *self; + gs_unref_variant GVariant *variant = NULL; + gs_free_error GError *error = NULL; + + variant = g_dbus_proxy_call_finish (proxy, result, &error); + if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED)) + return; + + self = NM_SUPPLICANT_INTERFACE (user_data); + + /* This can fail if the supplicant doesn't support PMF */ + if (error) + _LOGD ("failed to set Pmf=1: %s", error->message); + + iface_check_ready (self); +} + gboolean nm_supplicant_interface_get_p2p_group_joined (NMSupplicantInterface *self) { @@ -1619,6 +1639,20 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_ NULL, NULL); + /* Initialize global PMF setting to 'optional' */ + priv->ready_count++; + g_dbus_proxy_call (priv->iface_proxy, + DBUS_INTERFACE_PROPERTIES ".Set", + g_variant_new ("(ssv)", + WPAS_DBUS_IFACE_INTERFACE, + "Pmf", + g_variant_new_string ("1")), + G_DBUS_CALL_FLAGS_NONE, + -1, + priv->init_cancellable, + (GAsyncReadyCallback) iface_set_pmf_cb, + self); + /* Check whether NetworkReply and AP mode are supported */ g_dbus_proxy_call (priv->iface_proxy, "NetworkReply", diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c index 36831e6767..d7ec1fe22f 100644 --- a/src/supplicant/tests/test-supplicant-config.c +++ b/src/supplicant/tests/test-supplicant-config.c @@ -359,8 +359,8 @@ test_wifi_wpa_psk (const char *detail, NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'"); NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'"); switch (pmf) { - case NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL: - NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '1'"); + case NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE: + NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '0'"); break; case NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED: NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '2'"); |