diff options
author | 谢致邦 (XIE Zhibang) <Yeking@Red54.com> | 2022-04-10 20:32:19 +0800 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2022-04-11 18:56:51 +0200 |
commit | a0988868ba7b4390790cab43cca5103f80a6a300 (patch) | |
tree | 5f7c8bcb50a221c07f44a5adf24dd262a52ac249 | |
parent | 14052c847c53c79549172f126a8cfb7eaba1049f (diff) |
supplicant: Disable WPA3 transition mode when PMF is set to disabled
According to WPA3_Specification_v3.0 section 2.3, when operating in
WPA3-Personal transition mode an AP:
- shall set MFPC to 1, MFPR to 0.
Therefore, do not operate in WPA3-Personal transition mode when PMF is set to
disabled. This also provides a way to be compatible with some devices that are
not fully compatible with WPA3-Personal transition mode.
Signed-off-by: 谢致邦 (XIE Zhibang) <Yeking@Red54.com>
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1186
(cherry picked from commit b6eb237a271c91f6ca9d74f0db8f7e80b9998d51)
-rw-r--r-- | src/core/supplicant/nm-supplicant-config.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/core/supplicant/nm-supplicant-config.c b/src/core/supplicant/nm-supplicant-config.c index f8b1503ec2..a4e5cc4d4c 100644 --- a/src/core/supplicant/nm-supplicant-config.c +++ b/src/core/supplicant/nm-supplicant-config.c @@ -877,10 +877,21 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig * * Those conditions are met when the interface has capabilities * SAE, PMF, BIP. + * + * According to WPA3_Specification_v3.0 section 2.3, when operating + * in WPA3-Personal transition mode an AP: + * + * - shall set MFPC to 1, MFPR to 0. + * + * Therefore, do not operate in WPA3-Personal transition mode when PMF + * is set to disabled. This also provides a way to be compatible with + * some devices that are not fully compatible with WPA3-Personal + * transition mode. */ if (_get_capability(priv, NM_SUPPL_CAP_TYPE_SAE) && _get_capability(priv, NM_SUPPL_CAP_TYPE_PMF) - && _get_capability(priv, NM_SUPPL_CAP_TYPE_BIP)) { + && _get_capability(priv, NM_SUPPL_CAP_TYPE_BIP) + && (!is_ap || pmf != NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE)) { g_string_append(key_mgmt_conf, " SAE"); if (!is_ap && _get_capability(priv, NM_SUPPL_CAP_TYPE_FT)) g_string_append(key_mgmt_conf, " FT-SAE"); |