fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-02 12:20:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

merge: support for Wi-Fi Enhanced Open (OWE)

Browse source 
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/345
This commit is contained in:
Beniamino Galvani 2019-12-05 14:00:36 +01:00
commit 8c0e5b323a
20 changed files with 132 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Makefile.am
View file

@ -3073,6 +3073,7 @@ EXTRA_DIST += \
src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-open-ssid-long-hex \
src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-open-ssid-long-quoted \
src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-open-ssid-quoted \
src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-owe \
src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-sae \
src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-wep \
src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-wep-104-ascii \

14
clients/cli/devices.c
View file

@ -28,7 +28,7 @@
static char *
ap_wpa_rsn_flags_to_string (NM80211ApSecurityFlags flags)
{
char *flags_str[13];
char *flags_str[14];
int i = 0;
if (flags & NM_802_11_AP_SEC_PAIR_WEP40)
@ -53,6 +53,8 @@ ap_wpa_rsn_flags_to_string (NM80211ApSecurityFlags flags)
flags_str[i++] = "802.1X";
if (flags & NM_802_11_AP_SEC_KEY_MGMT_SAE)
flags_str[i++] = "sae";
if (flags & NM_802_11_AP_SEC_KEY_MGMT_OWE)
flags_str[i++] = "owe";
/* Make sure you grow flags_str when adding items here. */
if (i == 0)
@ -1204,6 +1206,9 @@ fill_output_access_point (gpointer data, gpointer user_data)
if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE) {
g_string_append (security_str, "WPA3 ");
}
if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_OWE) {
g_string_append (security_str, "OWE ");
}
if ( (wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)
|| (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) {
g_string_append (security_str, "802.1X ");
@ -3558,8 +3563,8 @@ do_device_wifi_connect (NmCli *nmc, int argc, char **argv)
/* Set password for WEP or WPA-PSK. */
if ( (ap_flags & NM_802_11_AP_FLAGS_PRIVACY)
|| ap_wpa_flags != NM_802_11_AP_SEC_NONE
|| ap_rsn_flags != NM_802_11_AP_SEC_NONE) {
|| (ap_wpa_flags != NM_802_11_AP_SEC_NONE && !(ap_wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_OWE))
|| (ap_rsn_flags != NM_802_11_AP_SEC_NONE && !(ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_OWE))) {
const char *con_password = NULL;
NMSettingWirelessSecurity *s_wsec = NULL;
@ -4231,6 +4236,9 @@ print_wifi_connection (const NmcConfig *nmc_config, NMConnection *connection)
|| strcmp (key_mgmt, "sae") == 0) {
type = "WPA";
g_print ("%s: WPA\n", _("Security"));
} else if ( strcmp (key_mgmt, "owe") == 0) {
type = "nopass";
g_print ("%s: OWE\n", _("Security"));
}
if (psk)

2
clients/common/nm-meta-setting-desc.c
View file

@ -7325,7 +7325,7 @@ static const NMMetaPropertyInfo *const property_infos_WIRELESS_SECURITY[] = {
PROPERTY_INFO_WITH_DESC (NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,
.property_type = &_pt_gobject_string,
.property_typ_data = DEFINE_PROPERTY_TYP_DATA (
.values_static = NM_MAKE_STRV ("none", "ieee8021x", "wpa-psk", "wpa-eap", "sae"),
.values_static = NM_MAKE_STRV ("none", "ieee8021x", "wpa-psk", "wpa-eap", "sae", "owe"),
),
),
PROPERTY_INFO_WITH_DESC (NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX,

2
clients/common/nm-secret-agent-simple.c
View file

@ -302,7 +302,7 @@ add_wireless_secrets (RequestData *request,
const char *key_mgmt = nm_setting_wireless_security_get_key_mgmt (s_wsec);
NMSecretAgentSimpleSecret *secret;
if (!key_mgmt)
if (!key_mgmt || nm_streq (key_mgmt, "owe"))
return FALSE;
if (NM_IN_STRSET (key_mgmt, "wpa-psk", "sae")) {

2
clients/common/settings-docs.h.in
View file

@ -24,7 +24,7 @@
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_AUTH_ALG N_("When WEP is used (ie, key-mgmt = \"none\" or \"ieee8021x\") indicate the 802.11 authentication algorithm required by the AP here. One of \"open\" for Open System, \"shared\" for Shared Key, or \"leap\" for Cisco LEAP. When using Cisco LEAP (ie, key-mgmt = \"ieee8021x\" and auth-alg = \"leap\") the \"leap-username\" and \"leap-password\" properties must be specified.")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_FILS N_("Indicates whether Fast Initial Link Setup (802.11ai) must be enabled for the connection. One of NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (0) (use global default value), NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE (1) (disable FILS), NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL (2) (enable FILS if the supplicant and the access point support it) or NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED (3) (enable FILS and fail if not supported). When set to NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (0) and no global default is set, FILS will be optionally enabled.")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_GROUP N_("A list of group/broadcast encryption algorithms which prevents connections to Wi-Fi networks that do not utilize one of the algorithms in the list. For maximum compatibility leave this property empty. Each list element may be one of \"wep40\", \"wep104\", \"tkip\", or \"ccmp\".")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_KEY_MGMT N_("Key management used for the connection. One of \"none\" (WEP), \"ieee8021x\" (Dynamic WEP), \"wpa-psk\" (infrastructure WPA-PSK), \"sae\" (SAE) or \"wpa-eap\" (WPA-Enterprise). This property must be set for any Wi-Fi connection that uses security.")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_KEY_MGMT N_("Key management used for the connection. One of \"none\" (WEP), \"ieee8021x\" (Dynamic WEP), \"wpa-psk\" (infrastructure WPA-PSK), \"sae\" (SAE), \"owe\" (Opportunistic Wireless Encryption) or \"wpa-eap\" (WPA-Enterprise). This property must be set for any Wi-Fi connection that uses security.")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD N_("The login password for legacy LEAP connections (ie, key-mgmt = \"ieee8021x\" and auth-alg = \"leap\").")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD_FLAGS N_("Flags indicating how to handle the \"leap-password\" property.")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME N_("The login username for legacy LEAP connections (ie, key-mgmt = \"ieee8021x\" and auth-alg = \"leap\").")

9
clients/tui/nm-editor-bindings.c
View file

@ -595,6 +595,9 @@ get_security_type (NMEditorWirelessSecurityMethodBinding *binding)
if (!strcmp (key_mgmt, "sae"))
return "wpa3-personal";
if (!strcmp (key_mgmt, "owe"))
return "owe";
if (!strcmp (key_mgmt, "wpa-eap"))
return "wpa-enterprise";
@ -705,6 +708,12 @@ wireless_security_target_changed (GObject *object,
NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, NULL,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY_TYPE, NM_WEP_KEY_TYPE_UNKNOWN,
NULL);
} else if (!strcmp (method, "owe")) {
g_object_set (binding->s_wsec,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "owe",
NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, NULL,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY_TYPE, NM_WEP_KEY_TYPE_UNKNOWN,
NULL);
} else if (!strcmp (method, "wpa-enterprise")) {
g_object_set (binding->s_wsec,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap",

1
clients/tui/nmt-page-wifi.c
View file

@ -72,6 +72,7 @@ static NmtNewtPopupEntry wifi_security[] = {
{ N_("WEP 128-bit Passphrase"), "wep-passphrase" },
{ N_("Dynamic WEP (802.1x)"), "dynamic-wep" },
{ N_("LEAP"), "leap" },
{ N_("Enhanced Open (OWE)"), "owe" },
{ NULL, NULL }
};

3
libnm-core/nm-dbus-interface.h
View file

@ -342,6 +342,8 @@ typedef enum { /*< underscore_name=nm_802_11_ap_flags, flags >*/
* is supported
* @NM_802_11_AP_SEC_KEY_MGMT_SAE: WPA/RSN Simultaneous Authentication of Equals is
* supported
* @NM_802_11_AP_SEC_KEY_MGMT_OWE: WPA/RSN Opportunistic Wireless Encryption is
* supported
*
* 802.11 access point security and authentication flags. These flags describe
* the current security requirements of an access point as determined from the
@ -360,6 +362,7 @@ typedef enum { /*< underscore_name=nm_802_11_ap_security_flags, flags >*/
NM_802_11_AP_SEC_KEY_MGMT_PSK = 0x00000100,
NM_802_11_AP_SEC_KEY_MGMT_802_1X = 0x00000200,
NM_802_11_AP_SEC_KEY_MGMT_SAE = 0x00000400,
NM_802_11_AP_SEC_KEY_MGMT_OWE = 0x00000800,
} NM80211ApSecurityFlags;
/**

10
libnm-core/nm-setting-wireless-security.c
View file

@ -865,7 +865,8 @@ need_secrets (NMSetting *setting)
}
if ( (strcmp (priv->key_mgmt, "ieee8021x") == 0)
|| (strcmp (priv->key_mgmt, "wpa-eap") == 0)) {
|| (strcmp (priv->key_mgmt, "wpa-eap") == 0)
|| (strcmp (priv->key_mgmt, "owe") == 0)) {
/* Let caller check the 802.1x setting for secrets */
goto no_secrets;
}
@ -884,7 +885,7 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
{
NMSettingWirelessSecurity *self = NM_SETTING_WIRELESS_SECURITY (setting);
NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (self);
const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-psk", "wpa-eap", "sae", NULL };
const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-psk", "wpa-eap", "sae", "owe", NULL };
const char *valid_auth_algs[] = { "open", "shared", "leap", NULL };
const char *valid_protos[] = { "wpa", "rsn", NULL };
const char *valid_pairwise[] = { "tkip", "ccmp", NULL };
@ -1054,7 +1055,7 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
if ( NM_IN_SET (priv->pmf,
NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL,
NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED)
&& !NM_IN_STRSET (priv->key_mgmt, "wpa-eap", "wpa-psk", "sae")) {
&& !NM_IN_STRSET (priv->key_mgmt, "wpa-eap", "wpa-psk", "sae", "owe")) {
g_set_error (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
@ -1429,7 +1430,8 @@ nm_setting_wireless_security_class_init (NMSettingWirelessSecurityClass *klass)
*
* Key management used for the connection. One of "none" (WEP),
* "ieee8021x" (Dynamic WEP), "wpa-psk" (infrastructure WPA-PSK), "sae"
* (SAE) or "wpa-eap" (WPA-Enterprise). This property must be set for
* (SAE), "owe" (Opportunistic Wireless Encryption) or "wpa-eap"
* (WPA-Enterprise). This property must be set for
* any Wi-Fi connection that uses security.
**/
/* ---ifcfg-rh---

7
libnm-core/nm-setting-wireless.c
View file

@ -206,7 +206,8 @@ nm_setting_wireless_ap_security_compatible (NMSettingWireless *s_wireless,
/* WPA[2]-PSK and WPA[2] Enterprise */
if ( !strcmp (key_mgmt, "wpa-psk")
|| !strcmp (key_mgmt, "wpa-eap")
|| !strcmp (key_mgmt, "sae")) {
|| !strcmp (key_mgmt, "sae")
|| !strcmp (key_mgmt, "owe")) {
if (!strcmp (key_mgmt, "wpa-psk")) {
if ( !(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_PSK)
@ -220,6 +221,10 @@ nm_setting_wireless_ap_security_compatible (NMSettingWireless *s_wireless,
if ( !(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_SAE)
&& !(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_SAE))
return FALSE;
} else if (!strcmp (key_mgmt, "owe")) {
if ( !(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_OWE)
&& !(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_OWE))
return FALSE;
}
// FIXME: should handle WPA and RSN separately here to ensure that

11
libnm-core/nm-utils.c
View file

@ -1120,6 +1120,7 @@ nm_utils_ap_mode_security_valid (NMUtilsSecurityType type,
case NMU_SEC_WPA_PSK:
case NMU_SEC_WPA2_PSK:
case NMU_SEC_SAE:
case NMU_SEC_OWE:
return TRUE;
default:
break;
@ -1300,6 +1301,16 @@ nm_utils_security_valid (NMUtilsSecurityType type,
return FALSE;
}
break;
case NMU_SEC_OWE:
if (adhoc)
return FALSE;
if (!(wifi_caps & NM_WIFI_DEVICE_CAP_RSN))
return FALSE;
if (have_ap) {
if (!(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_OWE))
return FALSE;
}
break;
default:
good = FALSE;
break;

2
libnm-core/nm-utils.h
View file

@ -51,6 +51,7 @@ char * nm_utils_ssid_to_utf8 (const guint8 *ssid, gsize len);
* @NMU_SEC_WPA2_PSK: WPA2/RSN is used with Pre-Shared Keys (PSK)
* @NMU_SEC_WPA2_ENTERPRISE: WPA2 is used with 802.1x authentication
* @NMU_SEC_SAE: is used with WPA3 Enterprise
* @NMU_SEC_OWE: is used with Enhanced Open
*
* Describes generic security mechanisms that 802.11 access points may offer.
* Used with nm_utils_security_valid() for checking whether a given access
@ -67,6 +68,7 @@ typedef enum {
NMU_SEC_WPA2_PSK,
NMU_SEC_WPA2_ENTERPRISE,
NMU_SEC_SAE,
NMU_SEC_OWE,
} NMUtilsSecurityType;
gboolean nm_utils_security_valid (NMUtilsSecurityType type,

5
src/devices/wifi/nm-wifi-ap.c
View file

@ -422,6 +422,8 @@ security_from_vardict (GVariant *security)
flags |= NM_802_11_AP_SEC_KEY_MGMT_802_1X;
if (g_strv_contains (array, "sae"))
flags |= NM_802_11_AP_SEC_KEY_MGMT_SAE;
if (g_strv_contains (array, "owe"))
flags |= NM_802_11_AP_SEC_KEY_MGMT_OWE;
g_free (array);
}
@ -1394,7 +1396,8 @@ nm_wifi_ap_class_init (NMWifiAPClass *ap_class)
| NM_802_11_AP_SEC_GROUP_CCMP \
| NM_802_11_AP_SEC_KEY_MGMT_PSK \
| NM_802_11_AP_SEC_KEY_MGMT_802_1X \
| NM_802_11_AP_SEC_KEY_MGMT_SAE )
| NM_802_11_AP_SEC_KEY_MGMT_SAE \
| NM_802_11_AP_SEC_KEY_MGMT_OWE )
GObjectClass *object_class = G_OBJECT_CLASS (ap_class);
NMDBusObjectClass *dbus_object_class = NM_DBUS_OBJECT_CLASS (ap_class);

6
src/devices/wifi/nm-wifi-utils.c
View file

@ -759,6 +759,12 @@ nm_wifi_utils_complete_connection (GBytes *ap_ssid,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "sae",
NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "open",
NULL);
} else if ( (key_mgmt && !strcmp (key_mgmt, "owe"))
|| (ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_OWE)) {
g_object_set (s_wsec,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "owe",
NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "open",
NULL);
} else if ( (key_mgmt && !strcmp (key_mgmt, "wpa-psk"))
|| (ap_wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK)
|| (ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK)) {

25
src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
View file

@ -3643,7 +3643,7 @@ make_wpa_setting (shvarFile *ifcfg,
gs_unref_object NMSettingWirelessSecurity *wsec = NULL;
gs_free char *value = NULL;
const char *v;
gboolean wpa_psk = FALSE, wpa_sae = FALSE, wpa_eap = FALSE, ieee8021x = FALSE;
gboolean wpa_psk = FALSE, wpa_sae = FALSE, wpa_owe = FALSE, wpa_eap = FALSE, ieee8021x = FALSE;
int i_val;
GError *local = NULL;
@ -3652,10 +3652,12 @@ make_wpa_setting (shvarFile *ifcfg,
v = svGetValueStr (ifcfg, "KEY_MGMT", &value);
wpa_psk = nm_streq0 (v, "WPA-PSK");
wpa_sae = nm_streq0 (v, "SAE");
wpa_owe = nm_streq0 (v, "OWE");
wpa_eap = nm_streq0 (v, "WPA-EAP");
ieee8021x = nm_streq0 (v, "IEEE8021X");
if ( !wpa_psk
&& !wpa_sae
&& !wpa_owe
&& !wpa_eap
&& !ieee8021x)
return NULL; /* Not WPA or Dynamic WEP */
@ -3671,7 +3673,7 @@ make_wpa_setting (shvarFile *ifcfg,
NULL);
/* Pairwise and Group ciphers (only relevant for WPA/RSN) */
if (wpa_psk || wpa_sae || wpa_eap) {
if (wpa_psk || wpa_sae || wpa_owe || wpa_eap) {
fill_wpa_ciphers (ifcfg, wsec, FALSE, adhoc);
fill_wpa_ciphers (ifcfg, wsec, TRUE, adhoc);
}
@ -3720,7 +3722,7 @@ make_wpa_setting (shvarFile *ifcfg,
g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "sae", NULL);
}
} else {
nm_assert (wpa_eap || ieee8021x);
nm_assert (wpa_eap || ieee8021x || wpa_owe);
/* Adhoc mode is mutually exclusive with any 802.1x-based authentication */
if (adhoc) {
@ -3729,14 +3731,17 @@ make_wpa_setting (shvarFile *ifcfg,
return NULL;
}
*s_8021x = fill_8021x (ifcfg, file, v, TRUE, error);
if (!*s_8021x)
return NULL;
if (wpa_owe) {
g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "owe", NULL);
} else {
*s_8021x = fill_8021x (ifcfg, file, v, TRUE, error);
if (!*s_8021x)
return NULL;
{
gs_free char *lower = g_ascii_strdown (v, -1);
g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, lower, NULL);
{
gs_free char *lower = g_ascii_strdown (v, -1);
g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, lower, NULL);
}
}
}

4
src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
View file

@ -583,6 +583,10 @@ write_wireless_security_setting (NMConnection *connection,
svSetValueStr (ifcfg, "KEY_MGMT", "SAE");
wpa = TRUE;
*no_8021x = TRUE;
} else if (!strcmp (key_mgmt, "owe")) {
svSetValueStr (ifcfg, "KEY_MGMT", "OWE");
wpa = FALSE;
*no_8021x = TRUE;
} else if (!strcmp (key_mgmt, "ieee8021x")) {
svSetValueStr (ifcfg, "KEY_MGMT", "IEEE8021X");
dynamic_wep = TRUE;

5
src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-owe Normal file
View file

@ -0,0 +1,5 @@
TYPE=Wireless
DEVICE=wlan1
ESSID=blahblah_owe
MODE=Managed
KEY_MGMT=OWE

40
src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
View file

@ -3034,6 +3034,45 @@ test_read_wifi_sae (void)
g_assert (!nm_setting_wireless_security_get_auth_alg (s_wsec));
}
static void
test_read_wifi_owe (void)
{
gs_unref_object NMConnection *connection = NULL;
NMSettingConnection *s_con;
NMSettingWireless *s_wireless;
NMSettingWirelessSecurity *s_wsec;
GBytes *ssid;
const char *expected_ssid = "blahblah_owe";
connection = _connection_from_file (TEST_IFCFG_DIR"/ifcfg-test-wifi-owe",
NULL, TYPE_WIRELESS, NULL);
s_con = nm_connection_get_setting_connection (connection);
g_assert (s_con);
g_assert_cmpstr (nm_setting_connection_get_id (s_con), ==, "System blahblah_owe (test-wifi-owe)");
g_assert_cmpint (nm_setting_connection_get_timestamp (s_con), ==, 0);
g_assert (nm_setting_connection_get_autoconnect (s_con));
s_wireless = nm_connection_get_setting_wireless (connection);
g_assert (s_wireless);
g_assert_cmpint (nm_setting_wireless_get_mtu (s_wireless), ==, 0);
ssid = nm_setting_wireless_get_ssid (s_wireless);
g_assert (ssid);
g_assert_cmpmem (g_bytes_get_data (ssid, NULL), g_bytes_get_size (ssid), expected_ssid, strlen (expected_ssid));
g_assert (!nm_setting_wireless_get_bssid (s_wireless));
g_assert_cmpstr (nm_setting_wireless_get_mode (s_wireless), ==, "infrastructure");
s_wsec = nm_connection_get_setting_wireless_security (connection);
g_assert (s_wsec);
g_assert_cmpstr (nm_setting_wireless_security_get_key_mgmt (s_wsec), ==, "owe");
g_assert (!nm_setting_wireless_security_get_psk (s_wsec));
g_assert (!nm_setting_wireless_security_get_auth_alg (s_wsec));
}
static void
test_read_wifi_wpa_psk_2 (void)
{
@ -10322,6 +10361,7 @@ int main (int argc, char **argv)
g_test_add_func (TPATH "wifi/read/wpa-psk/adhoc", test_read_wifi_wpa_psk_adhoc);
g_test_add_func (TPATH "wifi/read/wpa-psk/hex", test_read_wifi_wpa_psk_hex);
g_test_add_func (TPATH "wifi/read/sae", test_read_wifi_sae);
g_test_add_func (TPATH "wifi/read/owe", test_read_wifi_owe);
g_test_add_func (TPATH "wifi/read/dynamic-wep/leap", test_read_wifi_dynamic_wep_leap);
g_test_add_func (TPATH "wifi/read/wpa/eap/tls", test_read_wifi_wpa_eap_tls);
g_test_add_func (TPATH "wifi/read/wpa/eap/ttls/tls", test_read_wifi_wpa_eap_ttls_tls);

7
src/supplicant/nm-supplicant-config.c
View file

@ -867,8 +867,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
}
}
/* Don't try to enable PMF on non-WPA/SAE networks */
if (!NM_IN_STRSET (key_mgmt, "wpa-eap", "wpa-psk", "sae"))
/* Don't try to enable PMF on non-WPA/SAE/OWE networks */
if (!NM_IN_STRSET (key_mgmt, "wpa-eap", "wpa-psk", "sae", "owe"))
pmf = NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE;
/* Check if we actually support PMF */
@ -885,7 +885,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
/* Only WPA-specific things when using WPA */
if ( !strcmp (key_mgmt, "wpa-psk")
|| !strcmp (key_mgmt, "wpa-eap")
|| !strcmp (key_mgmt, "sae")) {
|| !strcmp (key_mgmt, "sae")
|| !strcmp (key_mgmt, "owe")) {
if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, proto, protos, "proto", ' ', TRUE, NULL, error))
return FALSE;
if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, pairwise, pairwise, "pairwise", ' ', TRUE, NULL, error))

2
src/supplicant/nm-supplicant-settings-verify.c
View file

@ -56,7 +56,7 @@ static const char *const key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "FT
"WPA-EAP", "WPA-EAP-SHA256", "FT-EAP", "FT-EAP-SHA384",
"FILS-SHA256", "FILS-SHA384",
"IEEE8021X", "SAE", "FT-SAE",
"NONE", NULL };
"OWE", "NONE", NULL };
static const char *const auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL };
static const char *const eap_allowed[] = { "LEAP", "MD5", "TLS", "PEAP", "TTLS", "SIM",
"PSK", "FAST", "PWD", NULL };