From 325da5a92c2608bd7f04678497f2ce9025812292 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Wed, 9 Oct 2019 11:55:27 +0200 Subject: [PATCH] supplicant: allow PMF with SAE PMF can be used with SAE, allow it. Actually, it is required according to WPA3 specifications but there are implementations that don't require it (hostapd can be configured in a such way); so let's not make it mandatory for WPA3. Fixes: 6640fb4b3615 ('supplicant: add support for SAE key management') https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/257 (cherry picked from commit e36c297fd8c6b1b57cd120739cc5ee8eab57aa08) (cherry picked from commit 299fbc0888511a6359f9d2acddbcc850f6eb3460) --- src/supplicant/nm-supplicant-config.c | 4 ++-- src/supplicant/tests/test-supplicant-config.c | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 7708224b35..97ca1f0c3c 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -849,8 +849,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, } } - /* Don't try to enable PMF on non-WPA networks */ - if (!NM_IN_STRSET (key_mgmt, "wpa-eap", "wpa-psk")) + /* Don't try to enable PMF on non-WPA/SAE networks */ + if (!NM_IN_STRSET (key_mgmt, "wpa-eap", "wpa-psk", "sae")) pmf = NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE; /* Check if we actually support PMF */ diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c index 2c7a71a3ea..aaf07ce390 100644 --- a/src/supplicant/tests/test-supplicant-config.c +++ b/src/supplicant/tests/test-supplicant-config.c @@ -431,7 +431,6 @@ test_wifi_sae_psk (const char *psk) NMTST_EXPECT_NM_INFO ("Config: added 'proto' value 'RSN'"); NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'"); NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'"); - NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '0'"); config_dict = build_supplicant_config (connection, 1500, 0, TRUE, TRUE); g_test_assert_expected_messages ();