From 977d298c5fb79999bbfddcbd758bf1f41824c970 Mon Sep 17 00:00:00 2001 From: Andrew Zaborowski Date: Mon, 11 Jun 2018 18:14:41 +0200 Subject: [PATCH] libnm-core: 8021x: Allow a new eap value "external" To allow connections that mirror IWD's configured WPA-Enterprise networks to be seen as valid by NM, add a new value for the eap key in 802-1x settings. 802-1x.eap stores EAP method names. In the IWD connections we don't know what EAP method is configured and we don't have any of the other 802-1x properties that would be required for the settings to verify. These connections can't be activated on devices managed by wpa_supplicant. --- libnm-core/nm-setting-8021x.c | 3 ++- src/supplicant/nm-supplicant-config.c | 31 ++++++++++++++++++++++----- 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c index 529029de83..7e004c903b 100644 --- a/libnm-core/nm-setting-8021x.c +++ b/libnm-core/nm-setting-8021x.c @@ -2804,6 +2804,7 @@ static EAPMethodsTable eap_methods_table[] = { { "sim", need_secrets_sim, NULL }, { "gtc", need_secrets_password, verify_identity }, { "otp", NULL, NULL }, // FIXME: implement + { "external", NULL, NULL }, { NULL, NULL, NULL } }; @@ -2812,7 +2813,7 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) { NMSetting8021x *self = NM_SETTING_802_1X (setting); NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self); - const char *valid_eap[] = { "leap", "md5", "tls", "peap", "ttls", "sim", "fast", "pwd", NULL }; + const char *valid_eap[] = { "leap", "md5", "tls", "peap", "ttls", "sim", "fast", "pwd", "external", NULL }; GSList *iter; if (error) diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index a0628d74a7..042820708b 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -1001,6 +1001,7 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, guint32 frag, hdrs; gs_free char *frag_str = NULL; NMSetting8021xAuthFlags phase1_auth_flags; + nm_auto_free_gstring GString *eap_str = NULL; g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE); g_return_val_if_fail (setting != NULL, FALSE); @@ -1037,20 +1038,40 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, priv->ap_scan = 0; } - if (!ADD_STRING_LIST_VAL (self, setting, 802_1x, eap_method, eap_methods, "eap", ' ', TRUE, NULL, error)) - return FALSE; - - /* Check EAP method for special handling: PEAP + GTC, FAST */ + /* Build the "eap" option string while we check for EAP methods needing + * special handling: PEAP + GTC, FAST, external */ + eap_str = g_string_new (NULL); num_eap = nm_setting_802_1x_get_num_eap_methods (setting); for (i = 0; i < num_eap; i++) { const char *method = nm_setting_802_1x_get_eap_method (setting, i); - if (method && (strcasecmp (method, "fast") == 0)) { + if (!method) + continue; + + if (strcasecmp (method, "fast") == 0) { fast = TRUE; priv->fast_required = TRUE; } + + if (nm_streq (method, "external")) { + if (num_eap == 1) { + g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, + "Connection settings managed externally to NM, connection" + " cannot be used with wpa_supplicant"); + return FALSE; + } + continue; + } + + if (eap_str->len) + g_string_append_c (eap_str, ' '); + g_string_append (eap_str, method); } + g_string_ascii_up (eap_str); + if (eap_str->len && !nm_supplicant_config_add_option (self, "eap", eap_str->str, -1, NULL, error)) + return FALSE; + /* Adjust the fragment size according to MTU, but do not set it higher than 1280-14 * for better compatibility */ hdrs = 14; /* EAPOL + EAP-TLS */