fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-02-11 07:10:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

merge: branch 'lr/wpa-ft'

Browse source 
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/6
This commit is contained in:
Lubomir Rintel 2019-07-25 12:31:36 +02:00
commit 3cfe3c0e35
11 changed files with 151 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/devices/nm-device-ethernet.c
View file

@ -560,7 +560,7 @@ build_supplicant_config (NMDeviceEthernet *self,
mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)),
nm_device_get_ifindex (NM_DEVICE (self)));
config = nm_supplicant_config_new (FALSE, FALSE);
config = nm_supplicant_config_new (FALSE, FALSE, FALSE, FALSE);
security = nm_connection_get_setting_802_1x (connection);
if (!nm_supplicant_config_add_setting_8021x (config, security, con_uuid, mtu, TRUE, error)) {

2
src/devices/nm-device-macsec.c
View file

@ -224,7 +224,7 @@ build_supplicant_config (NMDeviceMacsec *self, GError **error)
mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)),
nm_device_get_ifindex (NM_DEVICE (self)));
config = nm_supplicant_config_new (FALSE, FALSE);
config = nm_supplicant_config_new (FALSE, FALSE, FALSE, FALSE);
s_macsec = nm_device_get_applied_setting (NM_DEVICE (self), NM_TYPE_SETTING_MACSEC);

4
src/devices/wifi/nm-device-wifi.c
View file

@ -2452,7 +2452,9 @@ build_supplicant_config (NMDeviceWifi *self,
config = nm_supplicant_config_new (
nm_supplicant_interface_get_pmf_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES,
nm_supplicant_interface_get_fils_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES);
nm_supplicant_interface_get_fils_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES,
nm_supplicant_interface_get_ft_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES,
nm_supplicant_interface_get_sha384_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES);
/* Warn if AP mode may not be supported */
if ( g_strcmp0 (nm_setting_wireless_get_mode (s_wireless), NM_SETTING_WIRELESS_MODE_AP) == 0

4
src/devices/wifi/nm-wifi-ap.c
View file

@ -417,9 +417,11 @@ security_from_vardict (GVariant *security)
if ( g_variant_lookup (security, "KeyMgmt", "^a&s", &array)
&& array) {
if (g_strv_contains (array, "wpa-psk"))
if (g_strv_contains (array, "wpa-psk") ||
g_strv_contains (array, "wpa-ft-psk"))
flags |= NM_802_11_AP_SEC_KEY_MGMT_PSK;
if (g_strv_contains (array, "wpa-eap") ||
g_strv_contains (array, "wpa-ft-eap") ||
g_strv_contains (array, "wpa-fils-sha256") ||
g_strv_contains (array, "wpa-fils-sha384"))
flags |= NM_802_11_AP_SEC_KEY_MGMT_802_1X;

47
src/supplicant/nm-supplicant-config.c
View file

@ -49,6 +49,8 @@ typedef struct {
gboolean dispose_has_run;
gboolean support_pmf;
gboolean support_fils;
gboolean support_ft;
gboolean support_sha384;
} NMSupplicantConfigPrivate;
struct _NMSupplicantConfig {
@ -67,7 +69,8 @@ G_DEFINE_TYPE (NMSupplicantConfig, nm_supplicant_config, G_TYPE_OBJECT)
/*****************************************************************************/
NMSupplicantConfig *
nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils)
nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils,
gboolean support_ft, gboolean support_sha384)
{
NMSupplicantConfigPrivate *priv;
NMSupplicantConfig *self;
@ -77,6 +80,8 @@ nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils)
priv->support_pmf = support_pmf;
priv->support_fils = support_fils;
priv->support_ft = support_ft;
priv->support_sha384 = support_sha384;
return self;
}
@ -754,7 +759,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
GError **error)
{
NMSupplicantConfigPrivate *priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self);
const char *key_mgmt, *key_mgmt_conf, *auth_alg;
nm_auto_free_gstring GString *key_mgmt_conf = NULL;
const char *key_mgmt, *auth_alg;
const char *psk;
gboolean set_pmf;
@ -773,28 +779,43 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
fils = NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE;
}
key_mgmt = key_mgmt_conf = nm_setting_wireless_security_get_key_mgmt (setting);
key_mgmt = nm_setting_wireless_security_get_key_mgmt (setting);
key_mgmt_conf = g_string_new (key_mgmt);
if (nm_streq (key_mgmt, "wpa-psk")) {
if (priv->support_pmf)
key_mgmt_conf = "wpa-psk wpa-psk-sha256";
g_string_append (key_mgmt_conf, " wpa-psk-sha256");
if (priv->support_ft)
g_string_append (key_mgmt_conf, " ft-psk");
} else if (nm_streq (key_mgmt, "wpa-eap")) {
if (priv->support_pmf)
g_string_append (key_mgmt_conf, " wpa-eap-sha256");
if (priv->support_ft)
g_string_append (key_mgmt_conf, " ft-eap");
if (priv->support_ft && priv->support_sha384)
g_string_append (key_mgmt_conf, " ft-eap-sha384");
switch (fils) {
case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL:
key_mgmt_conf = priv->support_pmf
? "wpa-eap wpa-eap-sha256 fils-sha256 fils-sha384"
: "wpa-eap fils-sha256 fils-sha384";
break;
case NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED:
key_mgmt_conf = "fils-sha256 fils-sha384";
g_string_truncate (key_mgmt_conf, 0);
if (!priv->support_pmf)
g_string_assign (key_mgmt_conf, "fils-sha256 fils-sha384");
/* fall-through */
case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL:
if (priv->support_pmf)
g_string_append (key_mgmt_conf, " fils-sha256 fils-sha384");
if (priv->support_pmf && priv->support_ft)
g_string_append (key_mgmt_conf, " ft-fils-sha256");
if (priv->support_pmf && priv->support_ft & priv->support_sha384)
g_string_append (key_mgmt_conf, " ft-fils-sha384");
break;
default:
if (priv->support_pmf)
key_mgmt_conf = "wpa-eap wpa-eap-sha256";
break;
}
} else if (nm_streq (key_mgmt, "sae")) {
if (priv->support_ft)
g_string_append (key_mgmt_conf, " ft-sae");
}
if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL, error))
if (!add_string_val (self, key_mgmt_conf->str, "key_mgmt", TRUE, NULL, error))
return FALSE;
auth_alg = nm_setting_wireless_security_get_auth_alg (setting);

3
src/supplicant/nm-supplicant-config.h
View file

@ -39,7 +39,8 @@ typedef struct _NMSupplicantConfigClass NMSupplicantConfigClass;
GType nm_supplicant_config_get_type (void);
NMSupplicantConfig *nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils);
NMSupplicantConfig *nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils,
gboolean support_ft, gboolean support_sha384);
guint32 nm_supplicant_config_get_ap_scan (NMSupplicantConfig *self);

64
src/supplicant/nm-supplicant-interface.c
View file

@ -113,6 +113,8 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMSupplicantInterface,
PROP_FILS_SUPPORT,
PROP_P2P_SUPPORT,
PROP_WFD_SUPPORT,
PROP_FT_SUPPORT,
PROP_SHA384_SUPPORT,
);
typedef struct {
@ -125,6 +127,8 @@ typedef struct {
NMSupplicantFeature fils_support;
NMSupplicantFeature p2p_support;
NMSupplicantFeature wfd_support;
NMSupplicantFeature ft_support;
NMSupplicantFeature sha384_support;
guint32 max_scan_ssids;
guint32 ready_count;
@ -786,6 +790,18 @@ nm_supplicant_interface_get_wfd_support (NMSupplicantInterface *self)
return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->wfd_support;
}
NMSupplicantFeature
nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self)
{
return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->ft_support;
}
NMSupplicantFeature
nm_supplicant_interface_get_sha384_support (NMSupplicantInterface *self)
{
return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->sha384_support;
}
void
nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self,
NMSupplicantFeature ap_support)
@ -844,6 +860,24 @@ nm_supplicant_interface_set_wfd_support (NMSupplicantInterface *self,
priv->wfd_support = wfd_support;
}
void
nm_supplicant_interface_set_ft_support (NMSupplicantInterface *self,
NMSupplicantFeature ft_support)
{
NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
priv->ft_support = ft_support;
}
void
nm_supplicant_interface_set_sha384_support (NMSupplicantInterface *self,
NMSupplicantFeature sha384_support)
{
NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
priv->sha384_support = sha384_support;
}
/*****************************************************************************/
static void
@ -2684,6 +2718,14 @@ set_property (GObject *object,
/* construct-only */
priv->wfd_support = g_value_get_int (value);
break;
case PROP_FT_SUPPORT:
/* construct-only */
priv->ft_support = g_value_get_int (value);
break;
case PROP_SHA384_SUPPORT:
/* construct-only */
priv->sha384_support = g_value_get_int (value);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@ -2709,7 +2751,9 @@ nm_supplicant_interface_new (const char *ifname,
NMSupplicantFeature pmf_support,
NMSupplicantFeature fils_support,
NMSupplicantFeature p2p_support,
NMSupplicantFeature wfd_support)
NMSupplicantFeature wfd_support,
NMSupplicantFeature ft_support,
NMSupplicantFeature sha384_support)
{
/* One of ifname or path need to be set */
g_return_val_if_fail (ifname != NULL || object_path != NULL, NULL);
@ -2725,6 +2769,8 @@ nm_supplicant_interface_new (const char *ifname,
NM_SUPPLICANT_INTERFACE_FILS_SUPPORT, (int) fils_support,
NM_SUPPLICANT_INTERFACE_P2P_SUPPORT, (int) p2p_support,
NM_SUPPLICANT_INTERFACE_WFD_SUPPORT, (int) wfd_support,
NM_SUPPLICANT_INTERFACE_FT_SUPPORT, (int) ft_support,
NM_SUPPLICANT_INTERFACE_SHA384_SUPPORT, (int) sha384_support,
NULL);
}
@ -2883,6 +2929,22 @@ nm_supplicant_interface_class_init (NMSupplicantInterfaceClass *klass)
G_PARAM_WRITABLE |
G_PARAM_CONSTRUCT_ONLY |
G_PARAM_STATIC_STRINGS);
obj_properties[PROP_FT_SUPPORT] =
g_param_spec_int (NM_SUPPLICANT_INTERFACE_FT_SUPPORT, "", "",
NM_SUPPLICANT_FEATURE_UNKNOWN,
NM_SUPPLICANT_FEATURE_YES,
NM_SUPPLICANT_FEATURE_UNKNOWN,
G_PARAM_WRITABLE |
G_PARAM_CONSTRUCT_ONLY |
G_PARAM_STATIC_STRINGS);
obj_properties[PROP_SHA384_SUPPORT] =
g_param_spec_int (NM_SUPPLICANT_INTERFACE_SHA384_SUPPORT, "", "",
NM_SUPPLICANT_FEATURE_UNKNOWN,
NM_SUPPLICANT_FEATURE_YES,
NM_SUPPLICANT_FEATURE_UNKNOWN,
G_PARAM_WRITABLE |
G_PARAM_CONSTRUCT_ONLY |
G_PARAM_STATIC_STRINGS);
g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties);

14
src/supplicant/nm-supplicant-interface.h
View file

@ -68,6 +68,8 @@ typedef enum {
#define NM_SUPPLICANT_INTERFACE_FILS_SUPPORT "fils-support"
#define NM_SUPPLICANT_INTERFACE_P2P_SUPPORT "p2p-support"
#define NM_SUPPLICANT_INTERFACE_WFD_SUPPORT "wfd-support"
#define NM_SUPPLICANT_INTERFACE_FT_SUPPORT "ft-support"
#define NM_SUPPLICANT_INTERFACE_SHA384_SUPPORT "sha384-support"
/* Signals */
#define NM_SUPPLICANT_INTERFACE_STATE "state"
@ -95,7 +97,9 @@ NMSupplicantInterface * nm_supplicant_interface_new (const char *ifname,
NMSupplicantFeature pmf_support,
NMSupplicantFeature fils_support,
NMSupplicantFeature p2p_support,
NMSupplicantFeature wfd_support);
NMSupplicantFeature wfd_support,
NMSupplicantFeature ft_support,
NMSupplicantFeature sha384_support);
void nm_supplicant_interface_set_supplicant_available (NMSupplicantInterface *self,
gboolean available);
@ -161,6 +165,8 @@ NMSupplicantFeature nm_supplicant_interface_get_pmf_support (NMSupplicantInterfa
NMSupplicantFeature nm_supplicant_interface_get_fils_support (NMSupplicantInterface *self);
NMSupplicantFeature nm_supplicant_interface_get_p2p_support (NMSupplicantInterface *self);
NMSupplicantFeature nm_supplicant_interface_get_wfd_support (NMSupplicantInterface *self);
NMSupplicantFeature nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self);
NMSupplicantFeature nm_supplicant_interface_get_sha384_support (NMSupplicantInterface *self);
void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self,
NMSupplicantFeature apmode);
@ -180,6 +186,12 @@ void nm_supplicant_interface_set_p2p_support (NMSupplicantInterface *self,
void nm_supplicant_interface_set_wfd_support (NMSupplicantInterface *self,
NMSupplicantFeature wfd_support);
void nm_supplicant_interface_set_ft_support (NMSupplicantInterface *self,
NMSupplicantFeature ft_support);
void nm_supplicant_interface_set_sha384_support (NMSupplicantInterface *self,
NMSupplicantFeature sha384_support);
void nm_supplicant_interface_enroll_wps (NMSupplicantInterface *self,
const char *const type,
const char *bssid,

32
src/supplicant/nm-supplicant-manager.c
View file

@ -40,6 +40,8 @@ typedef struct {
NMSupplicantFeature fils_support;
NMSupplicantFeature p2p_support;
NMSupplicantFeature wfd_support;
NMSupplicantFeature ft_support;
NMSupplicantFeature sha384_support;
guint die_count_reset_id;
guint die_count;
} NMSupplicantManagerPrivate;
@ -231,7 +233,9 @@ nm_supplicant_manager_create_interface (NMSupplicantManager *self,
priv->pmf_support,
priv->fils_support,
priv->p2p_support,
priv->wfd_support);
priv->wfd_support,
priv->ft_support,
priv->sha384_support);
priv->ifaces = g_slist_prepend (priv->ifaces, iface);
g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self);
@ -288,7 +292,9 @@ nm_supplicant_manager_create_interface_from_path (NMSupplicantManager *self,
priv->pmf_support,
priv->fils_support,
priv->p2p_support,
priv->wfd_support);
priv->wfd_support,
priv->ft_support,
priv->sha384_support);
priv->ifaces = g_slist_prepend (priv->ifaces, iface);
g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self);
@ -324,8 +330,10 @@ update_capabilities (NMSupplicantManager *self)
priv->ap_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
priv->fils_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
/* P2P support is newer than the capabilities property */
/* Support for the following is newer than the capabilities property */
priv->p2p_support = NM_SUPPLICANT_FEATURE_NO;
priv->ft_support = NM_SUPPLICANT_FEATURE_NO;
priv->sha384_support = NM_SUPPLICANT_FEATURE_NO;
value = g_dbus_proxy_get_cached_property (priv->proxy, "Capabilities");
if (value) {
@ -335,6 +343,8 @@ update_capabilities (NMSupplicantManager *self)
priv->pmf_support = NM_SUPPLICANT_FEATURE_NO;
priv->fils_support = NM_SUPPLICANT_FEATURE_NO;
priv->p2p_support = NM_SUPPLICANT_FEATURE_NO;
priv->ft_support = NM_SUPPLICANT_FEATURE_NO;
priv->sha384_support = NM_SUPPLICANT_FEATURE_NO;
if (array) {
if (g_strv_contains (array, "ap"))
priv->ap_support = NM_SUPPLICANT_FEATURE_YES;
@ -344,18 +354,24 @@ update_capabilities (NMSupplicantManager *self)
priv->fils_support = NM_SUPPLICANT_FEATURE_YES;
if (g_strv_contains (array, "p2p"))
priv->p2p_support = NM_SUPPLICANT_FEATURE_YES;
if (g_strv_contains (array, "ft"))
priv->ft_support = NM_SUPPLICANT_FEATURE_YES;
if (g_strv_contains (array, "sha384"))
priv->sha384_support = NM_SUPPLICANT_FEATURE_YES;
g_free (array);
}
}
g_variant_unref (value);
}
/* Tell all interfaces about results of the AP/PMF/FILS/P2P check */
/* Tell all interfaces about results of the AP/PMF/FILS/P2P/FT/SHA384 check */
for (ifaces = priv->ifaces; ifaces; ifaces = ifaces->next) {
nm_supplicant_interface_set_ap_support (ifaces->data, priv->ap_support);
nm_supplicant_interface_set_pmf_support (ifaces->data, priv->pmf_support);
nm_supplicant_interface_set_fils_support (ifaces->data, priv->fils_support);
nm_supplicant_interface_set_p2p_support (ifaces->data, priv->p2p_support);
nm_supplicant_interface_set_ft_support (ifaces->data, priv->ft_support);
nm_supplicant_interface_set_sha384_support (ifaces->data, priv->sha384_support);
}
_LOGD ("AP mode is %ssupported",
@ -370,6 +386,12 @@ update_capabilities (NMSupplicantManager *self)
_LOGD ("P2P is %ssupported",
(priv->p2p_support == NM_SUPPLICANT_FEATURE_YES) ? "" :
(priv->p2p_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly ");
_LOGD ("FT is %ssupported",
(priv->ft_support == NM_SUPPLICANT_FEATURE_YES) ? "" :
(priv->ft_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly ");
_LOGD ("SHA384 is %ssupported",
(priv->sha384_support == NM_SUPPLICANT_FEATURE_YES) ? "" :
(priv->sha384_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly ");
/* EAP-FAST */
priv->fast_support = NM_SUPPLICANT_FEATURE_NO;
@ -508,6 +530,8 @@ name_owner_cb (GDBusProxy *proxy, GParamSpec *pspec, gpointer user_data)
priv->fast_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
priv->fils_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
priv->ft_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
priv->sha384_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
set_running (self, FALSE);
}

4
src/supplicant/nm-supplicant-settings-verify.c
View file

@ -66,8 +66,8 @@ static const struct validate_entry validate_table[] = {
const char * pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL };
const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL };
const char * proto_allowed[] = { "WPA", "RSN", NULL };
const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256",
"WPA-EAP", "WPA-EAP-SHA256",
const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "FT-PSK",
"WPA-EAP", "WPA-EAP-SHA256", "FT-EAP", "FT-EAP-SHA384",
"FILS-SHA256", "FILS-SHA384",
"IEEE8021X", "WPA-NONE", "SAE",
"NONE", NULL };

2
src/supplicant/tests/test-supplicant-config.c
View file

@ -110,7 +110,7 @@ build_supplicant_config (NMConnection *connection,
NMSetting8021x *s_8021x;
gboolean success;
config = nm_supplicant_config_new (support_pmf, support_fils);
config = nm_supplicant_config_new (support_pmf, support_fils, FALSE, FALSE);
s_wifi = nm_connection_get_setting_wireless (connection);
g_assert (s_wifi);