supplicant: enable FILS only when wpa_supplicant supports it

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>

src/devices/wifi/nm-device-wifi.c

@@ -2467,6 +2467,20 @@ build_supplicant_config (NMDeviceWifi *self,
 		if (!NM_IN_STRSET (nm_setting_wireless_security_get_key_mgmt (s_wireless_sec),  "wpa-eap"))
 			fils = NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE;
 
+		/* Check if we actually support FILS */
+		if (nm_supplicant_interface_get_fils_support (priv->sup_iface) != NM_SUPPLICANT_FEATURE_YES) {
+			if (fils == NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED) {
+				g_set_error_literal (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG,
+				                     "Supplicant does not support FILS");
+				goto error;
+			} else if (fils == NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL) {
+				/* To be on the safe side, assume no support if we can't determine
+				 * capabilities.
+				 */
+				fils = NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE;
+			}
+		}
+
 		s_8021x = nm_connection_get_setting_802_1x (connection);
 		if (!nm_supplicant_config_add_setting_wireless_security (config,
 		                                                         s_wireless_sec,

src/supplicant/nm-supplicant-interface.c

@@ -93,6 +93,7 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMSupplicantInterface,
 	PROP_FAST_SUPPORT,
 	PROP_AP_SUPPORT,
 	PROP_PMF_SUPPORT,
+	PROP_FILS_SUPPORT,
 );
 
 typedef struct {
@@ -102,6 +103,7 @@ typedef struct {
 	NMSupplicantFeature fast_support;
 	NMSupplicantFeature ap_support;   /* Lightweight AP mode support */
 	NMSupplicantFeature pmf_support;
+	NMSupplicantFeature fils_support;
 	guint32        max_scan_ssids;
 	guint32        ready_count;
 
@@ -565,6 +567,12 @@ nm_supplicant_interface_get_pmf_support (NMSupplicantInterface *self)
 	return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->pmf_support;
 }
 
+NMSupplicantFeature
+nm_supplicant_interface_get_fils_support (NMSupplicantInterface *self)
+{
+	return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->fils_support;
+}
+
 void
 nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self,
                                         NMSupplicantFeature ap_support)
@@ -596,6 +604,15 @@ nm_supplicant_interface_set_pmf_support (NMSupplicantInterface *self,
 	priv->pmf_support = pmf_support;
 }
 
+void
+nm_supplicant_interface_set_fils_support (NMSupplicantInterface *self,
+                                          NMSupplicantFeature fils_support)
+{
+	NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
+
+	priv->fils_support = fils_support;
+}
+
 /*****************************************************************************/
 
 static void
@@ -1898,6 +1915,10 @@ set_property (GObject *object,
 		/* construct-only */
 		priv->pmf_support = g_value_get_int (value);
 		break;
+	case PROP_FILS_SUPPORT:
+		/* construct-only */
+		priv->fils_support = g_value_get_int (value);
+		break;
 	default:
 		G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
 		break;
@@ -1918,7 +1939,8 @@ nm_supplicant_interface_new (const char *ifname,
                              NMSupplicantDriver driver,
                              NMSupplicantFeature fast_support,
                              NMSupplicantFeature ap_support,
-                             NMSupplicantFeature pmf_support)
+                             NMSupplicantFeature pmf_support,
+                             NMSupplicantFeature fils_support)
 {
 	g_return_val_if_fail (ifname != NULL, NULL);
 
@@ -1928,6 +1950,7 @@ nm_supplicant_interface_new (const char *ifname,
 	                     NM_SUPPLICANT_INTERFACE_FAST_SUPPORT, (int) fast_support,
 	                     NM_SUPPLICANT_INTERFACE_AP_SUPPORT, (int) ap_support,
 	                     NM_SUPPLICANT_INTERFACE_PMF_SUPPORT, (int) pmf_support,
+	                     NM_SUPPLICANT_INTERFACE_FILS_SUPPORT, (int) fils_support,
 	                     NULL);
 }
 
@@ -2027,6 +2050,14 @@ nm_supplicant_interface_class_init (NMSupplicantInterfaceClass *klass)
 	                      G_PARAM_WRITABLE |
 	                      G_PARAM_CONSTRUCT_ONLY |
 	                      G_PARAM_STATIC_STRINGS);
+	obj_properties[PROP_FILS_SUPPORT] =
+	    g_param_spec_int (NM_SUPPLICANT_INTERFACE_FILS_SUPPORT, "", "",
+	                      NM_SUPPLICANT_FEATURE_UNKNOWN,
+	                      NM_SUPPLICANT_FEATURE_YES,
+	                      NM_SUPPLICANT_FEATURE_UNKNOWN,
+	                      G_PARAM_WRITABLE |
+	                      G_PARAM_CONSTRUCT_ONLY |
+	                      G_PARAM_STATIC_STRINGS);
 
 	g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties);
 

src/supplicant/nm-supplicant-interface.h

@@ -61,6 +61,7 @@ typedef enum {
 #define NM_SUPPLICANT_INTERFACE_FAST_SUPPORT     "fast-support"
 #define NM_SUPPLICANT_INTERFACE_AP_SUPPORT       "ap-support"
 #define NM_SUPPLICANT_INTERFACE_PMF_SUPPORT      "pmf-support"
+#define NM_SUPPLICANT_INTERFACE_FILS_SUPPORT     "fils-support"
 
 /* Signals */
 #define NM_SUPPLICANT_INTERFACE_STATE            "state"
@@ -79,7 +80,8 @@ NMSupplicantInterface * nm_supplicant_interface_new (const char *ifname,
                                                      NMSupplicantDriver driver,
                                                      NMSupplicantFeature fast_support,
                                                      NMSupplicantFeature ap_support,
-                                                     NMSupplicantFeature pmf_support);
+                                                     NMSupplicantFeature pmf_support,
+                                                     NMSupplicantFeature fils_support);
 
 void nm_supplicant_interface_set_supplicant_available (NMSupplicantInterface *self,
                                                        gboolean available);
@@ -123,6 +125,7 @@ gboolean nm_supplicant_interface_credentials_reply (NMSupplicantInterface *self,
 
 NMSupplicantFeature nm_supplicant_interface_get_ap_support (NMSupplicantInterface *self);
 NMSupplicantFeature nm_supplicant_interface_get_pmf_support (NMSupplicantInterface *self);
+NMSupplicantFeature nm_supplicant_interface_get_fils_support (NMSupplicantInterface *self);
 
 void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self,
                                              NMSupplicantFeature apmode);
@@ -133,6 +136,9 @@ void nm_supplicant_interface_set_fast_support (NMSupplicantInterface *self,
 void nm_supplicant_interface_set_pmf_support (NMSupplicantInterface *self,
                                               NMSupplicantFeature pmf_support);
 
+void nm_supplicant_interface_set_fils_support (NMSupplicantInterface *self,
+                                               NMSupplicantFeature fils_support);
+
 void nm_supplicant_interface_enroll_wps (NMSupplicantInterface *self,
                                          const char *const type,
                                          const char *bssid,

src/supplicant/nm-supplicant-manager.c

@@ -40,6 +40,7 @@ typedef struct {
 	NMSupplicantFeature fast_support;
 	NMSupplicantFeature ap_support;
 	NMSupplicantFeature pmf_support;
+	NMSupplicantFeature fils_support;
 	guint             die_count_reset_id;
 	guint             die_count;
 } NMSupplicantManagerPrivate;
@@ -161,7 +162,8 @@ nm_supplicant_manager_create_interface (NMSupplicantManager *self,
 	                                     driver,
 	                                     priv->fast_support,
 	                                     priv->ap_support,
-	                                     priv->pmf_support);
+	                                     priv->pmf_support,
+	                                     priv->fils_support);
 
 	priv->ifaces = g_slist_prepend (priv->ifaces, iface);
 	g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self);
@@ -196,6 +198,7 @@ update_capabilities (NMSupplicantManager *self)
 	 */
 	priv->ap_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
 	priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
+	priv->fils_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
 
 	value = g_dbus_proxy_get_cached_property (priv->proxy, "Capabilities");
 	if (value) {
@@ -203,21 +206,25 @@ update_capabilities (NMSupplicantManager *self)
 			array = g_variant_get_strv (value, NULL);
 			priv->ap_support = NM_SUPPLICANT_FEATURE_NO;
 			priv->pmf_support = NM_SUPPLICANT_FEATURE_NO;
+			priv->fils_support = NM_SUPPLICANT_FEATURE_NO;
 			if (array) {
 				if (g_strv_contains (array, "ap"))
 					priv->ap_support = NM_SUPPLICANT_FEATURE_YES;
 				if (g_strv_contains (array, "pmf"))
 					priv->pmf_support = NM_SUPPLICANT_FEATURE_YES;
+				if (g_strv_contains (array, "fils"))
+					priv->fils_support = NM_SUPPLICANT_FEATURE_YES;
 				g_free (array);
 			}
 		}
 		g_variant_unref (value);
 	}
 
-	/* Tell all interfaces about results of the AP/PMF check */
+	/* Tell all interfaces about results of the AP/PMF/FILS check */
 	for (ifaces = priv->ifaces; ifaces; ifaces = ifaces->next) {
 		nm_supplicant_interface_set_ap_support (ifaces->data, priv->ap_support);
 		nm_supplicant_interface_set_pmf_support (ifaces->data, priv->pmf_support);
+		nm_supplicant_interface_set_fils_support (ifaces->data, priv->fils_support);
 	}
 
 	_LOGD ("AP mode is %ssupported",
@@ -226,6 +233,9 @@ update_capabilities (NMSupplicantManager *self)
 	_LOGD ("PMF is %ssupported",
 	       (priv->pmf_support == NM_SUPPLICANT_FEATURE_YES) ? "" :
 	           (priv->pmf_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly ");
+	_LOGD ("FILS is %ssupported",
+	       (priv->fils_support == NM_SUPPLICANT_FEATURE_YES) ? "" :
+	           (priv->fils_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly ");
 
 	/* EAP-FAST */
 	priv->fast_support = NM_SUPPLICANT_FEATURE_NO;
@@ -349,6 +359,7 @@ name_owner_cb (GDBusProxy *proxy, GParamSpec *pspec, gpointer user_data)
 		priv->ap_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
 		priv->fast_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
 		priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
+		priv->fils_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
 
 		set_running (self, FALSE);
 	}