supplicant: early exit if EAP-FAST is not supported by the supplicant

EAP-FAST used to require some patches to OpenSSL which aren't always applied. We can't depend on the supplicant supporting EAP-FAST like we can for EAP methods that don't require any special support from external libraries. To ensure the error gets reported correctly and early, fail the configuration step if EAP-FAST isn't supported by the supplicant but the connection requests it.
2026-05-03 14:48:00 +02:00 · 2012-02-07 23:46:12 -06:00 · 2012-02-07 23:46:12 -06:00 · 5581114726
commit 5581114726
parent d501b6a9f6
5 changed files with 31 additions and 3 deletions
--- a/src/supplicant-manager/nm-supplicant-config.c
+++ b/src/supplicant-manager/nm-supplicant-config.c
@ -54,6 +54,7 @@ typedef struct
 	GHashTable *config;
 	GHashTable *blobs;
 	guint32    ap_scan;
+	gboolean   fast_required;
 	gboolean   dispose_has_run;
 } NMSupplicantConfigPrivate;

@ -278,6 +279,14 @@ nm_supplicant_config_set_ap_scan (NMSupplicantConfig * self,
 	NM_SUPPLICANT_CONFIG_GET_PRIVATE (self)->ap_scan = ap_scan;
 }

+gboolean
+nm_supplicant_config_fast_required (NMSupplicantConfig *self)
+{
+	g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE);
+
+	return NM_SUPPLICANT_CONFIG_GET_PRIVATE (self)->fast_required;
+}
+
 static void
 get_hash_cb (gpointer key, gpointer value, gpointer user_data)
 {
@ -715,6 +724,7 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
                                        const char *con_uuid,
                                        gboolean wired)
 {
+	NMSupplicantConfigPrivate *priv;
 	char *tmp;
 	const char *peapver, *value, *path;
 	gboolean success, added;
@ -728,6 +738,8 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
 	g_return_val_if_fail (setting != NULL, FALSE);
 	g_return_val_if_fail (con_uuid != NULL, FALSE);

+	priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self);
+
 	value = nm_setting_802_1x_get_password (setting);
 	if (value) {
 		if (!add_string_val (self, value, "password", FALSE, TRUE))
@ -768,8 +780,10 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,

 		if (method && (strcasecmp (method, "peap") == 0))
 			peap = TRUE;
-		if (method && (strcasecmp (method, "fast") == 0))
+		if (method && (strcasecmp (method, "fast") == 0)) {
 			fast = TRUE;
+			priv->fast_required = TRUE;
+		}
 	}

 	/* When using PEAP-GTC, we're likely using Cisco kit, so we want to turn
--- a/src/supplicant-manager/nm-supplicant-config.h
+++ b/src/supplicant-manager/nm-supplicant-config.h
@ -57,6 +57,8 @@ guint32 nm_supplicant_config_get_ap_scan (NMSupplicantConfig *self);
 void nm_supplicant_config_set_ap_scan (NMSupplicantConfig *self,
                                       guint32 ap_scan);

+gboolean nm_supplicant_config_fast_required (NMSupplicantConfig *self);
+
 GHashTable *nm_supplicant_config_get_hash (NMSupplicantConfig *self);

 GHashTable *nm_supplicant_config_get_blobs (NMSupplicantConfig *self);
--- a/src/supplicant-manager/nm-supplicant-interface.c
+++ b/src/supplicant-manager/nm-supplicant-interface.c
@ -81,6 +81,7 @@ typedef struct {
 	char *                dev;
 	gboolean              is_wireless;
 	gboolean              has_credreq;  /* Whether querying 802.1x credentials is supported */
+	gboolean              fast_supported;

 	char *                object_path;
 	guint32               state;
@ -954,7 +955,15 @@ nm_supplicant_interface_set_config (NMSupplicantInterface * self,
 	priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);

 	nm_supplicant_interface_disconnect (self);
-	
+
+	/* Make sure the supplicant supports EAP-FAST before trying to send
+	 * it an EAP-FAST configuration.
+	 */
+	if (nm_supplicant_config_fast_required (cfg) && !priv->fast_supported) {
+		nm_log_warn (LOGD_SUPPLICANT, "EAP-FAST is not supported by the supplicant");
+		return FALSE;
+	}
+
 	if (priv->cfg)
 		g_object_unref (priv->cfg);
 	priv->cfg = cfg;
@ -1120,6 +1129,7 @@ NMSupplicantInterface *
 nm_supplicant_interface_new (NMSupplicantManager *smgr,
                             const char *ifname,
                             gboolean is_wireless,
+                             gboolean fast_supported,
                             gboolean start_now)
 {
 	NMSupplicantInterface *self;
@ -1142,6 +1152,7 @@ nm_supplicant_interface_new (NMSupplicantManager *smgr,

 		priv->dev = g_strdup (ifname);
 		priv->is_wireless = is_wireless;
+		priv->fast_supported = fast_supported;

 		if (start_now)
 			interface_add (self, priv->is_wireless);
--- a/src/supplicant-manager/nm-supplicant-interface.h
+++ b/src/supplicant-manager/nm-supplicant-interface.h
@ -103,6 +103,7 @@ GType nm_supplicant_interface_get_type (void);
 NMSupplicantInterface * nm_supplicant_interface_new (NMSupplicantManager * smgr,
                                                     const char *ifname,
                                                     gboolean is_wireless,
+                                                     gboolean fast_supported,
                                                     gboolean start_now);

 gboolean nm_supplicant_interface_set_config (NMSupplicantInterface * iface,
--- a/src/supplicant-manager/nm-supplicant-manager.c
+++ b/src/supplicant-manager/nm-supplicant-manager.c
@ -86,7 +86,7 @@ nm_supplicant_manager_iface_get (NMSupplicantManager * self,
 		start_now = !die_count_exceeded (priv->die_count);

 		nm_log_dbg (LOGD_SUPPLICANT, "(%s): creating new supplicant interface", ifname);
-		iface = nm_supplicant_interface_new (self, ifname, is_wireless, start_now);
+		iface = nm_supplicant_interface_new (self, ifname, is_wireless, priv->fast_supported, start_now);
 		if (iface)
 			g_hash_table_insert (priv->ifaces, g_strdup (ifname), iface);
 	} else {