diff options
author | Lubomir Rintel <lkundrak@v3.sk> | 2019-01-25 09:55:42 +0100 |
---|---|---|
committer | Lubomir Rintel <lkundrak@v3.sk> | 2019-07-29 11:00:24 +0200 |
commit | 3ef3733c81395f3edd75e38aabeea74a52ce4d38 (patch) | |
tree | 68826951b94e2cb871f5867fe00d79de9452baad | |
parent | 5874f4e4e935584838e5dfb0e1d983e82cc4e9ed (diff) | |
download | NetworkManager-3ef3733c81395f3edd75e38aabeea74a52ce4d38.tar.gz |
wireless-security: ensure Mesh networks can't use anything but SAE
They must be either open or use SAE key management.
-rw-r--r-- | libnm-core/nm-setting-wireless-security.c | 34 |
1 files changed, 26 insertions, 8 deletions
diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c index 09f7bc69b4..efb4860be1 100644 --- a/libnm-core/nm-setting-wireless-security.c +++ b/libnm-core/nm-setting-wireless-security.c @@ -904,6 +904,11 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) const char *valid_protos[] = { "wpa", "rsn", NULL }; const char *valid_pairwise[] = { "tkip", "ccmp", NULL }; const char *valid_groups[] = { "wep40", "wep104", "tkip", "ccmp", NULL }; + NMSettingWireless *s_wifi; + const char *wifi_mode; + + s_wifi = connection ? nm_connection_get_setting_wireless (connection) : NULL; + wifi_mode = s_wifi ? nm_setting_wireless_get_mode (s_wifi) : NULL; if (!priv->key_mgmt) { g_set_error_literal (error, @@ -914,14 +919,27 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) return FALSE; } - if (!g_strv_contains (valid_key_mgmt, priv->key_mgmt)) { - g_set_error (error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("'%s' is not a valid value for the property"), - priv->key_mgmt); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); - return FALSE; + if (g_strcmp0 (wifi_mode, NM_SETTING_WIRELESS_MODE_MESH) == 0) { + if ( (strcmp (priv->key_mgmt, "none") == 0) + || (strcmp (priv->key_mgmt, "sae") == 0)) { + g_set_error (error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("'%s' is not a valid value for '%s' mode connections"), + priv->key_mgmt, NM_SETTING_WIRELESS_MODE_MESH); + g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); + return FALSE; + } + } else { + if (!g_strv_contains (valid_key_mgmt, priv->key_mgmt)) { + g_set_error (error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("'%s' is not a valid value for the property"), + priv->key_mgmt); + g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); + return FALSE; + } } if (priv->auth_alg && !strcmp (priv->auth_alg, "leap")) { |