fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-05-11 09:18:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

wifi: iwd: Honor passphrase storage option

Browse source 
Newer iwd versions may request PSK secrets through
RequestPassphraseWithOptions. This method lets NetworkManager return the
passphrase together with options that describe how iwd should handle the
secret.

Use the new method to tell iwd whether the PSK may be stored in the iwd
profile. For normal system-owned PSKs, allow storing as before. For
agent-owned or not-saved PSKs, return Store=false so iwd can use the
passphrase for the connection attempt without persisting it under
/var/lib/iwd.
This commit is contained in:
Matthias Kurz 2026-04-23 09:09:09 +02:00
parent 9303996b44
commit 22f4358cf2
No known key found for this signature in database
GPG key ID: 0B4AAA92F1117EF5
2 changed files with 34 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
src/core/devices/wifi/nm-device-iwd.c
View file

@ -1314,6 +1314,8 @@ get_agent_request_network_path(GDBusMethodInvocation *invocation)
if (nm_streq(method_name, "RequestPassphrase"))
g_variant_get(params, "(&o)", &network_path);
else if (nm_streq(method_name, "RequestPassphraseWithOptions"))
g_variant_get(params, "(&o)", &network_path);
else if (nm_streq(method_name, "RequestPrivateKeyPassphrase"))
g_variant_get(params, "(&o)", &network_path);
else if (nm_streq(method_name, "RequestUserNameAndPassword"))
@ -1333,6 +1335,18 @@ get_agent_request_network_path(GDBusMethodInvocation *invocation)
* name and key so the caller can send a NM secrets request with this data.
* Return TRUE in either case, return FALSE if an error is detected.
*/
static gboolean
psk_should_store_in_iwd(NMSettingWirelessSecurity *s_wireless_sec)
{
NMSettingSecretFlags psk_flags;
psk_flags = nm_setting_wireless_security_get_psk_flags(s_wireless_sec);
return !NM_FLAGS_ANY(psk_flags,
NM_SETTING_SECRET_FLAG_AGENT_OWNED
| NM_SETTING_SECRET_FLAG_NOT_SAVED);
}
static gboolean
try_reply_agent_request(NMDeviceIwd *self,
NMConnection *connection,
@ -1351,7 +1365,7 @@ try_reply_agent_request(NMDeviceIwd *self,
*replied = FALSE;
if (nm_streq(method_name, "RequestPassphrase")) {
if (NM_IN_STRSET(method_name, "RequestPassphrase", "RequestPassphraseWithOptions")) {
if (!s_wireless_sec)
return FALSE;
@ -1361,7 +1375,20 @@ try_reply_agent_request(NMDeviceIwd *self,
if (psk) {
_LOGD(LOGD_DEVICE | LOGD_WIFI, "Returning the PSK to the IWD Agent");
g_dbus_method_invocation_return_value(invocation, g_variant_new("(s)", psk));
if (nm_streq(method_name, "RequestPassphraseWithOptions")) {
GVariantBuilder builder;
g_variant_builder_init(&builder, G_VARIANT_TYPE("a{sv}"));
g_variant_builder_add(&builder,
"{sv}",
"Store",
g_variant_new_boolean(psk_should_store_in_iwd(
s_wireless_sec)));
g_dbus_method_invocation_return_value(
invocation,
g_variant_new("(s@a{sv})", psk, g_variant_builder_end(&builder)));
} else
g_dbus_method_invocation_return_value(invocation, g_variant_new("(s)", psk));
*replied = TRUE;
return TRUE;
}

5
src/core/devices/wifi/nm-iwd-manager.c
View file

@ -355,6 +355,11 @@ static const GDBusInterfaceInfo iwd_agent_iface_info = NM_DEFINE_GDBUS_INTERFACE
"RequestPassphrase",
.in_args = NM_DEFINE_GDBUS_ARG_INFOS(NM_DEFINE_GDBUS_ARG_INFO("network", "o"), ),
.out_args = NM_DEFINE_GDBUS_ARG_INFOS(NM_DEFINE_GDBUS_ARG_INFO("passphrase", "s"), ), ),
NM_DEFINE_GDBUS_METHOD_INFO(
"RequestPassphraseWithOptions",
.in_args = NM_DEFINE_GDBUS_ARG_INFOS(NM_DEFINE_GDBUS_ARG_INFO("network", "o"), ),
.out_args = NM_DEFINE_GDBUS_ARG_INFOS(NM_DEFINE_GDBUS_ARG_INFO("passphrase", "s"),
NM_DEFINE_GDBUS_ARG_INFO("options", "a{sv}"), ), ),
NM_DEFINE_GDBUS_METHOD_INFO(
"RequestPrivateKeyPassphrase",
.in_args = NM_DEFINE_GDBUS_ARG_INFOS(NM_DEFINE_GDBUS_ARG_INFO("network", "o"), ),