diff options
| author | 谢致邦 (XIE Zhibang) <Yeking@Red54.com> | 2022-04-10 20:32:19 +0800 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2022-04-11 18:57:43 +0200 |
| commit | 89e3df41472bd0e2fcb194f306659b9443951e75 (patch) | |
| tree | 834b7959a33b098c9d9a24006f13a4056962bff0 | |
| parent | 6a82dd184cd9df073f7f07434cef22111be8927f (diff) | |
| download | NetworkManager-89e3df41472bd0e2fcb194f306659b9443951e75.tar.gz | |
supplicant: Disable WPA3 transition mode when PMF is set to disabled
According to WPA3_Specification_v3.0 section 2.3, when operating in
WPA3-Personal transition mode an AP:
- shall set MFPC to 1, MFPR to 0.
Therefore, do not operate in WPA3-Personal transition mode when PMF is set to
disabled. This also provides a way to be compatible with some devices that are
not fully compatible with WPA3-Personal transition mode.
Signed-off-by: 谢致邦 (XIE Zhibang) <Yeking@Red54.com>
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1186
(cherry picked from commit b6eb237a271c91f6ca9d74f0db8f7e80b9998d51)
(cherry picked from commit a0988868ba7b4390790cab43cca5103f80a6a300)
| -rw-r--r-- | src/core/supplicant/nm-supplicant-config.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/core/supplicant/nm-supplicant-config.c b/src/core/supplicant/nm-supplicant-config.c index f8b1503ec2..a4e5cc4d4c 100644 --- a/src/core/supplicant/nm-supplicant-config.c +++ b/src/core/supplicant/nm-supplicant-config.c @@ -877,10 +877,21 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig * * Those conditions are met when the interface has capabilities * SAE, PMF, BIP. + * + * According to WPA3_Specification_v3.0 section 2.3, when operating + * in WPA3-Personal transition mode an AP: + * + * - shall set MFPC to 1, MFPR to 0. + * + * Therefore, do not operate in WPA3-Personal transition mode when PMF + * is set to disabled. This also provides a way to be compatible with + * some devices that are not fully compatible with WPA3-Personal + * transition mode. */ if (_get_capability(priv, NM_SUPPL_CAP_TYPE_SAE) && _get_capability(priv, NM_SUPPL_CAP_TYPE_PMF) - && _get_capability(priv, NM_SUPPL_CAP_TYPE_BIP)) { + && _get_capability(priv, NM_SUPPL_CAP_TYPE_BIP) + && (!is_ap || pmf != NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE)) { g_string_append(key_mgmt_conf, " SAE"); if (!is_ap && _get_capability(priv, NM_SUPPL_CAP_TYPE_FT)) g_string_append(key_mgmt_conf, " FT-SAE"); |