fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-02-05 22:50:28 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

merge: branch 'lr/wep-cli'

Browse source 
This makes it more obvious in client when a feature that will not work
(now or in future) is being used. The motivation is to phase out WEP nicely.

To keep this simple this does not impose any policy decisions, nor is
configurable (contrary to what i've suggested before).

The policy on whether a connection activation will succeed or not is left
to the daemon. For WEP the idea is to delegate the decision further to the
supplicant while also provide a reasonable error handling [1].

[1] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1138

The lack of configurability is due to the fact that WEP is going away
everywhere, regardless of whether it is enabled at the moment (Fedora 36)
or not (RHEL 9).

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1139
https://bugzilla.redhat.com/show_bug.cgi?id=2030997
This commit is contained in:
Lubomir Rintel 2022-03-13 18:24:10 +01:00
commit 9863475b2d
5 changed files with 140 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
man/nmcli.xml
View file

@ -1880,6 +1880,13 @@
</listitem>
</varlistentry>
<varlistentry>
<term><option>connection-deprecated</option></term>
<listitem>
<para>Connection that uses deprecated settings. It might not be possible to activate it.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>connectivity-full</option></term>
<listitem>
@ -2104,6 +2111,13 @@
</listitem>
</varlistentry>
<varlistentry>
<term><option>wifi-deprecated</option></term>
<listitem>
<para>Wi-Fi network that might be impossible to connect to due to use of deprecated functionality.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>disabled</option></term>
<listitem>

2
src/libnmc-setting/nm-meta-setting-desc.h
View file

@ -91,6 +91,7 @@ typedef enum {
NM_META_COLOR_CONNECTION_INVISIBLE,
NM_META_COLOR_CONNECTION_EXTERNAL,
NM_META_COLOR_CONNECTION_UNKNOWN,
NM_META_COLOR_CONNECTION_DEPRECATED,
NM_META_COLOR_CONNECTIVITY_FULL,
NM_META_COLOR_CONNECTIVITY_LIMITED,
NM_META_COLOR_CONNECTIVITY_NONE,
@ -126,6 +127,7 @@ typedef enum {
NM_META_COLOR_WIFI_SIGNAL_GOOD,
NM_META_COLOR_WIFI_SIGNAL_POOR,
NM_META_COLOR_WIFI_SIGNAL_UNKNOWN,
NM_META_COLOR_WIFI_DEPRECATED,
NM_META_COLOR_DISABLED,
NM_META_COLOR_ENABLED,
_NM_META_COLOR_NUM

108
src/nmcli/connections.c
View file

@ -513,6 +513,40 @@ _con_show_fcn_get_type(NMConnection *c, NMActiveConnection *ac, NMMetaAccessorGe
return connection_type_to_display(s, get_type);
}
static const char *
_connection_check_deprecated(NMConnection *c)
{
NMSettingWirelessSecurity *s_wsec;
const char *key_mgmt;
const char *type;
type = nm_connection_get_connection_type(c);
if (strcmp(type, NM_SETTING_WIMAX_SETTING_NAME) == 0)
return _("WiMax is no longer supported");
s_wsec = nm_connection_get_setting_wireless_security(c);
if (s_wsec) {
key_mgmt = nm_setting_wireless_security_get_key_mgmt(s_wsec);
if (NM_IN_STRSET(key_mgmt, "ieee8021x", "none"))
return _("WEP encryption is known to be insecure");
}
return NULL;
}
static NMMetaColor
_connection_to_color(NMConnection *c, NMActiveConnection *ac)
{
if (ac)
return nmc_active_connection_state_to_color(ac);
if (_connection_check_deprecated(c))
return NM_META_COLOR_CONNECTION_DEPRECATED;
return NM_META_COLOR_CONNECTION_UNKNOWN;
}
static gconstpointer
_metagen_con_show_get_fcn(NMC_META_GENERIC_INFO_GET_FCN_ARGS)
{
@ -523,7 +557,7 @@ _metagen_con_show_get_fcn(NMC_META_GENERIC_INFO_GET_FCN_ARGS)
const char *s;
char *s_mut;
NMC_HANDLE_COLOR(nmc_active_connection_state_to_color(ac));
NMC_HANDLE_COLOR(_connection_to_color(c, ac));
if (c)
s_con = nm_connection_get_setting_connection(c);
@ -1478,9 +1512,6 @@ nmc_active_connection_state_to_color(NMActiveConnection *ac)
{
NMActiveConnectionState state;
if (!ac)
return NM_META_COLOR_CONNECTION_UNKNOWN;
if (NM_FLAGS_HAS(nm_active_connection_get_state_flags(ac), NM_ACTIVATION_STATE_FLAG_EXTERNAL))
return NM_META_COLOR_CONNECTION_EXTERNAL;
@ -1881,6 +1912,7 @@ con_show_get_items_cmp(gconstpointer pa, gconstpointer pb, gpointer user_data)
}
}
NM_CMP_DIRECT(!!_connection_check_deprecated(c_a), !!_connection_check_deprecated(c_b));
NM_CMP_DIRECT_STRCMP0(nm_connection_get_uuid(c_a), nm_connection_get_uuid(c_b));
NM_CMP_DIRECT_STRCMP0(nm_connection_get_path(c_a), nm_connection_get_path(c_b));
}
@ -5208,6 +5240,46 @@ nmc_process_connection_properties(NmCli *nmc,
return TRUE;
}
static void
connection_warnings(NmCli *nmc, NMConnection *connection)
{
const GPtrArray *connections;
guint i, found;
const char *id;
const char *deprecated;
deprecated = _connection_check_deprecated(NM_CONNECTION(connection));
if (deprecated)
g_printerr(_("Warning: %s.\n"), deprecated);
connections = nm_client_get_connections(nmc->client);
if (!connections)
return;
id = nm_connection_get_id(connection);
found = 0;
for (i = 0; i < connections->len; i++) {
NMConnection *candidate = NM_CONNECTION(connections->pdata[i]);
if ((NMConnection *) connection == candidate)
continue;
if (nm_streq0(nm_connection_get_id(candidate), id))
found++;
}
if (found > 0) {
g_printerr(g_dngettext(GETTEXT_PACKAGE,
"Warning: There is another connection with the name '%1$s'. "
"Reference the connection by its uuid '%2$s'\n",
"Warning: There are %3$u other connections with the name "
"'%1$s'. Reference the connection by its uuid '%2$s'\n",
found),
id,
nm_connection_get_uuid(NM_CONNECTION(connection)),
found);
}
}
static void
add_connection_cb(GObject *client, GAsyncResult *result, gpointer user_data)
{
@ -5215,8 +5287,6 @@ add_connection_cb(GObject *client, GAsyncResult *result, gpointer user_data)
NmCli *nmc = info->nmc;
NMRemoteConnection *connection;
GError *error = NULL;
const GPtrArray *connections;
guint i, found;
connection = nm_client_add_connection2_finish(NM_CLIENT(client), result, NULL, &error);
if (error) {
@ -5227,29 +5297,7 @@ add_connection_cb(GObject *client, GAsyncResult *result, gpointer user_data)
g_error_free(error);
nmc->return_value = NMC_RESULT_ERROR_CON_ACTIVATION;
} else {
connections = nm_client_get_connections(nmc->client);
if (connections) {
found = 0;
for (i = 0; i < connections->len; i++) {
NMConnection *candidate = NM_CONNECTION(connections->pdata[i]);
if ((NMConnection *) connection == candidate)
continue;
if (nm_streq0(nm_connection_get_id(candidate), info->new_id))
found++;
}
if (found > 0) {
g_printerr(g_dngettext(GETTEXT_PACKAGE,
"Warning: There is another connection with the name '%1$s'. "
"Reference the connection by its uuid '%2$s'\n",
"Warning: There are %3$u other connections with the name "
"'%1$s'. Reference the connection by its uuid '%2$s'\n",
found),
info->new_id,
nm_connection_get_uuid(NM_CONNECTION(connection)),
found);
}
}
connection_warnings(nmc, NM_CONNECTION(connection));
/* We print here human readable text, but as scripts might parse this output
* (with LANG=C), this is important to not change in the future. At least
@ -8854,6 +8902,8 @@ modify_connection_cb(GObject *connection, GAsyncResult *result, gpointer user_da
error->message);
nmc->return_value = NMC_RESULT_ERROR_UNKNOWN;
} else {
connection_warnings(nmc, NM_CONNECTION(connection));
if (nmc->nmc_config.print_output == NMC_PRINT_PRETTY) {
g_print(_("Connection '%s' (%s) successfully modified.\n"),
nm_connection_get_id(NM_CONNECTION(connection)),

61
src/nmcli/devices.c
View file

@ -1216,12 +1216,30 @@ get_device(NmCli *nmc, int *argc, const char *const **argv, GError **error)
return devices[i];
}
static bool
_ap_is_wep(NMAccessPoint *ap)
{
NM80211ApFlags flags = nm_access_point_get_flags(ap);
NM80211ApSecurityFlags wpa_flags = nm_access_point_get_wpa_flags(ap);
NM80211ApSecurityFlags rsn_flags = nm_access_point_get_rsn_flags(ap);
if ((flags & NM_802_11_AP_FLAGS_PRIVACY) && (wpa_flags == NM_802_11_AP_SEC_NONE)
&& (rsn_flags == NM_802_11_AP_SEC_NONE)) {
return TRUE;
}
return FALSE;
}
static int
compare_aps(gconstpointer a, gconstpointer b, gpointer user_data)
{
NMAccessPoint *apa = *(NMAccessPoint **) a;
NMAccessPoint *apb = *(NMAccessPoint **) b;
/* Sort the deprecated WEP connections last. */
NM_CMP_DIRECT(_ap_is_wep(apb), _ap_is_wep(apa));
NM_CMP_DIRECT(nm_access_point_get_strength(apb), nm_access_point_get_strength(apa));
NM_CMP_DIRECT(nm_access_point_get_frequency(apa), nm_access_point_get_frequency(apb));
NM_CMP_DIRECT(nm_access_point_get_max_bitrate(apb), nm_access_point_get_max_bitrate(apa));
@ -1262,7 +1280,6 @@ fill_output_access_point(NMAccessPoint *ap, const APInfo *info)
{
NmcOutputField *arr;
gboolean active;
NM80211ApFlags flags;
NM80211ApSecurityFlags wpa_flags, rsn_flags;
guint32 freq, bitrate;
guint8 strength;
@ -1285,7 +1302,6 @@ fill_output_access_point(NMAccessPoint *ap, const APInfo *info)
active = (info->active_ap == ap);
/* Get AP properties */
flags = nm_access_point_get_flags(ap);
wpa_flags = nm_access_point_get_wpa_flags(ap);
rsn_flags = nm_access_point_get_rsn_flags(ap);
ssid = nm_access_point_get_ssid(ap);
@ -1314,26 +1330,27 @@ fill_output_access_point(NMAccessPoint *ap, const APInfo *info)
security_str = g_string_new(NULL);
if ((flags & NM_802_11_AP_FLAGS_PRIVACY) && (wpa_flags == NM_802_11_AP_SEC_NONE)
&& (rsn_flags == NM_802_11_AP_SEC_NONE)) {
if (_ap_is_wep(ap)) {
g_string_append(security_str, "WEP ");
}
if (wpa_flags != NM_802_11_AP_SEC_NONE) {
g_string_append(security_str, "WPA1 ");
}
if ((rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK)
|| (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) {
g_string_append(security_str, "WPA2 ");
}
if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE) {
g_string_append(security_str, "WPA3 ");
}
if (NM_FLAGS_ANY(rsn_flags, NM_802_11_AP_SEC_KEY_MGMT_OWE | NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) {
g_string_append(security_str, "OWE ");
}
if ((wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)
|| (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) {
g_string_append(security_str, "802.1X ");
} else {
if (wpa_flags != NM_802_11_AP_SEC_NONE) {
g_string_append(security_str, "WPA1 ");
}
if ((rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK)
|| (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) {
g_string_append(security_str, "WPA2 ");
}
if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE) {
g_string_append(security_str, "WPA3 ");
}
if (NM_FLAGS_ANY(rsn_flags,
NM_802_11_AP_SEC_KEY_MGMT_OWE | NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) {
g_string_append(security_str, "OWE ");
}
if ((wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)
|| (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) {
g_string_append(security_str, "802.1X ");
}
}
if (security_str->len > 0)
@ -1368,6 +1385,8 @@ fill_output_access_point(NMAccessPoint *ap, const APInfo *info)
/* Set colors */
color = wifi_signal_to_color(strength);
if (_ap_is_wep(ap))
color = NM_META_COLOR_WIFI_DEPRECATED;
set_val_color_all(arr, color);
if (active)
arr[15].color = NM_META_COLOR_CONNECTION_ACTIVATED;

6
src/nmcli/nmcli.c
View file

@ -43,6 +43,7 @@
[NM_META_COLOR_CONNECTION_DISCONNECTING] = "31", \
[NM_META_COLOR_CONNECTION_INVISIBLE] = "2", \
[NM_META_COLOR_CONNECTION_EXTERNAL] = "32;2", \
[NM_META_COLOR_CONNECTION_DEPRECATED] = "2", \
[NM_META_COLOR_CONNECTIVITY_FULL] = "32", \
[NM_META_COLOR_CONNECTIVITY_LIMITED] = "33", \
[NM_META_COLOR_CONNECTIVITY_NONE] = "31", \
@ -73,6 +74,7 @@
[NM_META_COLOR_WIFI_SIGNAL_GOOD] = "33", \
[NM_META_COLOR_WIFI_SIGNAL_POOR] = "36", \
[NM_META_COLOR_WIFI_SIGNAL_UNKNOWN] = "2", \
[NM_META_COLOR_WIFI_DEPRECATED] = "2", \
[NM_META_COLOR_ENABLED] = "32", \
[NM_META_COLOR_DISABLED] = "31", \
}, \
@ -549,6 +551,7 @@ static NM_UTILS_STRING_TABLE_LOOKUP_DEFINE(
{"connection-external", NM_META_COLOR_CONNECTION_EXTERNAL},
{"connection-invisible", NM_META_COLOR_CONNECTION_INVISIBLE},
{"connection-unknown", NM_META_COLOR_CONNECTION_UNKNOWN},
{"connection-deprecated", NM_META_COLOR_CONNECTION_DEPRECATED},
{"connectivity-full", NM_META_COLOR_CONNECTIVITY_FULL},
{"connectivity-limited", NM_META_COLOR_CONNECTIVITY_LIMITED},
{"connectivity-none", NM_META_COLOR_CONNECTIVITY_NONE},
@ -585,7 +588,8 @@ static NM_UTILS_STRING_TABLE_LOOKUP_DEFINE(
{"wifi-signal-fair", NM_META_COLOR_WIFI_SIGNAL_FAIR},
{"wifi-signal-good", NM_META_COLOR_WIFI_SIGNAL_GOOD},
{"wifi-signal-poor", NM_META_COLOR_WIFI_SIGNAL_POOR},
{"wifi-signal-unknown", NM_META_COLOR_WIFI_SIGNAL_UNKNOWN}, );
{"wifi-signal-unknown", NM_META_COLOR_WIFI_SIGNAL_UNKNOWN},
{"wifi-deprecated", NM_META_COLOR_WIFI_DEPRECATED}, );
static gboolean
parse_color_scheme(char *palette_buffer, NmcColorPalette *out_palette, GError **error)