supplicant: fix setting pmf when the supplicant doesn't advertise support

wpa_supplicant only advertises pmf support since commit [1], which is after 2.6. When using a version without that commit (for example, plain 2.6), we would unconditionally set the global Pmf property to 1 (optional) and then skip setting the per-network property. The result was that pmf was enabled without the possibility to disable it by user. The correct behavior is instead to disable pmf on such versions. [1] https://w1.fi/cgit/hostap/commit/?id=3cdb4ac074f76accf24a51d143db545afad2c90b https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/129
2025-12-25 01:20:07 +01:00 · 2019-02-25 08:38:22 +01:00 · 2019-02-25 08:38:22 +01:00 · 560a35dd43
commit 560a35dd43
parent cab17ff8e0
1 changed files with 16 additions and 15 deletions
--- a/src/supplicant/nm-supplicant-interface.c
+++ b/src/supplicant/nm-supplicant-interface.c
@ -728,9 +728,8 @@ iface_set_pmf_cb (GDBusProxy *proxy, GAsyncResult *result, gpointer user_data)

 	self = NM_SUPPLICANT_INTERFACE (user_data);

-	/* This can fail if the supplicant doesn't support PMF */
 	if (error)
-		_LOGD ("failed to set Pmf=1: %s", error->message);
+		_LOGW ("failed to set Pmf=1: %s", error->message);

 	iface_check_ready (self);
 }
@ -1653,19 +1652,21 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_
 	                   (GAsyncReadyCallback) iface_check_netreply_cb,
 	                   self);

-	/* Initialize global PMF setting to 'optional' */
-	priv->ready_count++;
-	g_dbus_proxy_call (priv->iface_proxy,
-	                   DBUS_INTERFACE_PROPERTIES ".Set",
-	                   g_variant_new ("(ssv)",
-	                                  WPAS_DBUS_IFACE_INTERFACE,
-	                                  "Pmf",
-	                                  g_variant_new_string ("1")),
-	                   G_DBUS_CALL_FLAGS_NONE,
-	                   -1,
-	                   priv->init_cancellable,
-	                   (GAsyncReadyCallback) iface_set_pmf_cb,
-	                   self);
+	if (priv->pmf_support == NM_SUPPLICANT_FEATURE_YES) {
+		/* Initialize global PMF setting to 'optional' */
+		priv->ready_count++;
+		g_dbus_proxy_call (priv->iface_proxy,
+		                   DBUS_INTERFACE_PROPERTIES ".Set",
+		                   g_variant_new ("(ssv)",
+		                                  WPAS_DBUS_IFACE_INTERFACE,
+		                                  "Pmf",
+		                                  g_variant_new_string ("1")),
+		                   G_DBUS_CALL_FLAGS_NONE,
+		                   -1,
+		                   priv->init_cancellable,
+		                   (GAsyncReadyCallback) iface_set_pmf_cb,
+		                   self);
+	}

 	if (priv->ap_support == NM_SUPPLICANT_FEATURE_UNKNOWN) {
 		/* If the global supplicant capabilities property is not present, we can