libnm-core: 8021x: Allow a new eap value "external"

To allow connections that mirror IWD's configured WPA-Enterprise networks to be seen as valid by NM, add a new value for the eap key in 802-1x settings. 802-1x.eap stores EAP method names. In the IWD connections we don't know what EAP method is configured and we don't have any of the other 802-1x properties that would be required for the settings to verify. These connections can't be activated on devices managed by wpa_supplicant.
2026-03-26 01:50:39 +01:00 · 2018-06-11 18:14:41 +02:00 · 2018-06-11 18:14:41 +02:00 · 977d298c5f
commit 977d298c5f
parent 43ea446a50
2 changed files with 28 additions and 6 deletions
--- a/libnm-core/nm-setting-8021x.c
+++ b/libnm-core/nm-setting-8021x.c
@ -2804,6 +2804,7 @@ static EAPMethodsTable eap_methods_table[] = {
 	{ "sim", need_secrets_sim, NULL },
 	{ "gtc", need_secrets_password, verify_identity },
 	{ "otp", NULL, NULL },  // FIXME: implement
+	{ "external", NULL, NULL },
 	{ NULL, NULL, NULL }
 };

@ -2812,7 +2813,7 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
 {
 	NMSetting8021x *self = NM_SETTING_802_1X (setting);
 	NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
-	const char *valid_eap[] = { "leap", "md5", "tls", "peap", "ttls", "sim", "fast", "pwd", NULL };
+	const char *valid_eap[] = { "leap", "md5", "tls", "peap", "ttls", "sim", "fast", "pwd", "external", NULL };
 	GSList *iter;

 	if (error)
--- a/src/supplicant/nm-supplicant-config.c
+++ b/src/supplicant/nm-supplicant-config.c
@ -1001,6 +1001,7 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
 	guint32 frag, hdrs;
 	gs_free char *frag_str = NULL;
 	NMSetting8021xAuthFlags phase1_auth_flags;
+	nm_auto_free_gstring GString *eap_str = NULL;

 	g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE);
 	g_return_val_if_fail (setting != NULL, FALSE);
@ -1037,20 +1038,40 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
 		priv->ap_scan = 0;
 	}

-	if (!ADD_STRING_LIST_VAL (self, setting, 802_1x, eap_method, eap_methods, "eap", ' ', TRUE, NULL, error))
-		return FALSE;
-
-	/* Check EAP method for special handling: PEAP + GTC, FAST */
+	/* Build the "eap" option string while we check for EAP methods needing
+	 * special handling: PEAP + GTC, FAST, external */
+	eap_str = g_string_new (NULL);
 	num_eap = nm_setting_802_1x_get_num_eap_methods (setting);
 	for (i = 0; i < num_eap; i++) {
 		const char *method = nm_setting_802_1x_get_eap_method (setting, i);

-		if (method && (strcasecmp (method, "fast") == 0)) {
+		if (!method)
+			continue;
+
+		if (strcasecmp (method, "fast") == 0) {
 			fast = TRUE;
 			priv->fast_required = TRUE;
 		}
+
+		if (nm_streq (method, "external")) {
+			if (num_eap == 1) {
+				g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG,
+				             "Connection settings managed externally to NM, connection"
+					     " cannot be used with wpa_supplicant");
+				return FALSE;
+			}
+			continue;
+		}
+
+		if (eap_str->len)
+			g_string_append_c (eap_str, ' ');
+		g_string_append (eap_str, method);
 	}

+	g_string_ascii_up (eap_str);
+	if (eap_str->len && !nm_supplicant_config_add_option (self, "eap", eap_str->str, -1, NULL, error))
+		return FALSE;
+
 	/* Adjust the fragment size according to MTU, but do not set it higher than 1280-14
 	 * for better compatibility */
 	hdrs = 14; /* EAPOL + EAP-TLS */