diff options
| author | Beniamino Galvani <bgalvani@redhat.com> | 2017-04-15 10:38:39 +0200 |
|---|---|---|
| committer | Beniamino Galvani <bgalvani@redhat.com> | 2017-04-15 10:38:39 +0200 |
| commit | 03c2949a2c1b5d079bc697e177bfde49b3578fa8 (patch) | |
| tree | f9887917e7c8e94e75518849b62f703d0774ae19 | |
| parent | fff918ec5aca2e7c3e661fec3f836d4d63f8a09e (diff) | |
| parent | 72cfa1f45829f70840b8581f8e6d8cb0f057f2de (diff) | |
wifi: merge branch 'bg/wifi-pmf-bgo748367'
Support for 802.11w (Protected Management Frames).
https://bugzilla.gnome.org/show_bug.cgi?id=748367
| -rw-r--r-- | src/supplicant/nm-supplicant-config.c | 28 | ||||
| -rw-r--r-- | src/supplicant/nm-supplicant-config.h | 2 | ||||
| -rw-r--r-- | src/supplicant/nm-supplicant-interface.c | 79 | ||||
| -rw-r--r-- | src/supplicant/nm-supplicant-interface.h | 6 | ||||
| -rw-r--r-- | src/supplicant/nm-supplicant-manager.c | 18 | ||||
| -rw-r--r-- | src/supplicant/nm-supplicant-settings-verify.c | 4 |
6 files changed, 129 insertions, 8 deletions
diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 1f4c74a5f4..4ff376a5cd 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -1325,3 +1325,31 @@ nm_supplicant_config_add_no_security (NMSupplicantConfig *self, GError **error) return nm_supplicant_config_add_option (self, "key_mgmt", "NONE", -1, NULL, error); } +gboolean +nm_supplicant_config_enable_pmf_akm (NMSupplicantConfig *self, GError **error) +{ + NMSupplicantConfigPrivate *priv; + ConfigOption *option; + + g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE); + g_return_val_if_fail (!error || !*error, FALSE); + + priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); + + option = g_hash_table_lookup (priv->config, "key_mgmt"); + if (!option) + return TRUE; + + if (nm_streq0 (option->value, "WPA-PSK")) { + g_hash_table_remove (priv->config, "key_mgmt"); + if (!nm_supplicant_config_add_option (self, "key_mgmt", "WPA-PSK WPA-PSK-SHA256", -1, NULL, error)) + return FALSE; + } else if (nm_streq0 (option->value, "WPA-EAP")) { + g_hash_table_remove (priv->config, "key_mgmt"); + if (!nm_supplicant_config_add_option (self, "key_mgmt", "WPA-EAP WPA-EAP-SHA256", -1, NULL, error)) + return FALSE; + } + + return TRUE; +} + diff --git a/src/supplicant/nm-supplicant-config.h b/src/supplicant/nm-supplicant-config.h index 6acfb7ee14..705833ff5f 100644 --- a/src/supplicant/nm-supplicant-config.h +++ b/src/supplicant/nm-supplicant-config.h @@ -76,4 +76,6 @@ gboolean nm_supplicant_config_add_setting_macsec (NMSupplicantConfig *self, NMSettingMacsec *setting, GError **error); +gboolean nm_supplicant_config_enable_pmf_akm (NMSupplicantConfig *self, + GError **error); #endif /* __NETWORKMANAGER_SUPPLICANT_CONFIG_H__ */ diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c index 71f1f9aa8e..d3efadf15d 100644 --- a/src/supplicant/nm-supplicant-interface.c +++ b/src/supplicant/nm-supplicant-interface.c @@ -80,6 +80,7 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMSupplicantInterface, PROP_DRIVER, PROP_FAST_SUPPORT, PROP_AP_SUPPORT, + PROP_PMF_SUPPORT, ); typedef struct { @@ -88,6 +89,7 @@ typedef struct { gboolean has_credreq; /* Whether querying 802.1x credentials is supported */ NMSupplicantFeature fast_support; NMSupplicantFeature ap_support; /* Lightweight AP mode support */ + NMSupplicantFeature pmf_support; guint32 max_scan_ssids; guint32 ready_count; @@ -470,6 +472,30 @@ iface_check_ready (NMSupplicantInterface *self) } } +static void +set_pmf_cb (GDBusProxy *proxy, GAsyncResult *result, gpointer user_data) +{ + NMSupplicantInterface *self; + NMSupplicantInterfacePrivate *priv; + gs_unref_variant GVariant *reply = NULL; + gs_free_error GError *error = NULL; + + reply = g_dbus_proxy_call_finish (proxy, result, &error); + if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED)) + return; + + self = NM_SUPPLICANT_INTERFACE (user_data); + priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self); + + if (!reply) { + g_dbus_error_strip_remote_error (error); + _LOGW ("couldn't enable PMF: %s", error->message); + return; + } + + _LOGD ("PMF enabled"); +} + gboolean nm_supplicant_interface_credentials_reply (NMSupplicantInterface *self, const char *field, @@ -563,6 +589,15 @@ nm_supplicant_interface_set_fast_support (NMSupplicantInterface *self, priv->fast_support = fast_support; } +void +nm_supplicant_interface_set_pmf_support (NMSupplicantInterface *self, + NMSupplicantFeature pmf_support) +{ + NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self); + + priv->pmf_support = pmf_support; +} + static void iface_introspect_cb (GDBusProxy *proxy, GAsyncResult *result, gpointer user_data) { @@ -784,7 +819,7 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_ /* Scan result aging parameters */ g_dbus_proxy_call (priv->iface_proxy, - "org.freedesktop.DBus.Properties.Set", + DBUS_INTERFACE_PROPERTIES ".Set", g_variant_new ("(ssv)", WPAS_DBUS_IFACE_INTERFACE, "BSSExpireAge", @@ -795,7 +830,7 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_ NULL, NULL); g_dbus_proxy_call (priv->iface_proxy, - "org.freedesktop.DBus.Properties.Set", + DBUS_INTERFACE_PROPERTIES ".Set", g_variant_new ("(ssv)", WPAS_DBUS_IFACE_INTERFACE, "BSSExpireCount", @@ -806,6 +841,21 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_ NULL, NULL); + if ( priv->pmf_support + && priv->driver == NM_SUPPLICANT_DRIVER_WIRELESS) { + g_dbus_proxy_call (priv->iface_proxy, + DBUS_INTERFACE_PROPERTIES ".Set", + g_variant_new ("(ssv)", + WPAS_DBUS_IFACE_INTERFACE, + "Pmf", + g_variant_new_uint32 (1)), + G_DBUS_CALL_FLAGS_NONE, + -1, + priv->init_cancellable, + (GAsyncReadyCallback) set_pmf_cb, + self); + } + /* Check whether NetworkReply and AP mode are supported */ priv->ready_count = 1; g_dbus_proxy_call (priv->iface_proxy, @@ -1374,6 +1424,7 @@ nm_supplicant_interface_assoc (NMSupplicantInterface *self, { NMSupplicantInterfacePrivate *priv; AssocData *assoc_data; + GError *error = NULL; g_return_if_fail (NM_IS_SUPPLICANT_INTERFACE (self)); g_return_if_fail (NM_IS_SUPPLICANT_CONFIG (cfg)); @@ -1390,6 +1441,14 @@ nm_supplicant_interface_assoc (NMSupplicantInterface *self, assoc_data->callback = callback; assoc_data->user_data = user_data; + if ( priv->driver == NM_SUPPLICANT_DRIVER_WIRELESS + && priv->pmf_support == NM_SUPPLICANT_FEATURE_YES) { + if (!nm_supplicant_config_enable_pmf_akm (cfg, &error)) { + _LOGW ("could not enable PMF AKMs in config: %s", error->message); + g_error_free (error); + } + } + _LOGD ("assoc[%p]: starting association...", assoc_data); /* Make sure the supplicant supports EAP-FAST before trying to send @@ -1559,6 +1618,10 @@ set_property (GObject *object, /* construct-only */ priv->ap_support = g_value_get_int (value); break; + case PROP_PMF_SUPPORT: + /* construct-only */ + priv->pmf_support = g_value_get_int (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -1578,7 +1641,8 @@ NMSupplicantInterface * nm_supplicant_interface_new (const char *ifname, NMSupplicantDriver driver, NMSupplicantFeature fast_support, - NMSupplicantFeature ap_support) + NMSupplicantFeature ap_support, + NMSupplicantFeature pmf_support) { g_return_val_if_fail (ifname != NULL, NULL); @@ -1587,6 +1651,7 @@ nm_supplicant_interface_new (const char *ifname, NM_SUPPLICANT_INTERFACE_DRIVER, (guint) driver, NM_SUPPLICANT_INTERFACE_FAST_SUPPORT, (int) fast_support, NM_SUPPLICANT_INTERFACE_AP_SUPPORT, (int) ap_support, + NM_SUPPLICANT_INTERFACE_PMF_SUPPORT, (int) pmf_support, NULL); } @@ -1668,6 +1733,14 @@ nm_supplicant_interface_class_init (NMSupplicantInterfaceClass *klass) G_PARAM_WRITABLE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS); + obj_properties[PROP_PMF_SUPPORT] = + g_param_spec_int (NM_SUPPLICANT_INTERFACE_PMF_SUPPORT, "", "", + NM_SUPPLICANT_FEATURE_UNKNOWN, + NM_SUPPLICANT_FEATURE_YES, + NM_SUPPLICANT_FEATURE_UNKNOWN, + G_PARAM_WRITABLE | + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_STATIC_STRINGS); g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties); diff --git a/src/supplicant/nm-supplicant-interface.h b/src/supplicant/nm-supplicant-interface.h index d60d4a544c..a881ede236 100644 --- a/src/supplicant/nm-supplicant-interface.h +++ b/src/supplicant/nm-supplicant-interface.h @@ -60,6 +60,7 @@ typedef enum { #define NM_SUPPLICANT_INTERFACE_DRIVER "driver" #define NM_SUPPLICANT_INTERFACE_FAST_SUPPORT "fast-support" #define NM_SUPPLICANT_INTERFACE_AP_SUPPORT "ap-support" +#define NM_SUPPLICANT_INTERFACE_PMF_SUPPORT "pmf-support" /* Signals */ #define NM_SUPPLICANT_INTERFACE_STATE "state" @@ -76,7 +77,8 @@ GType nm_supplicant_interface_get_type (void); NMSupplicantInterface * nm_supplicant_interface_new (const char *ifname, NMSupplicantDriver driver, NMSupplicantFeature fast_support, - NMSupplicantFeature ap_support); + NMSupplicantFeature ap_support, + NMSupplicantFeature pmf_support); void nm_supplicant_interface_set_supplicant_available (NMSupplicantInterface *self, gboolean available); @@ -126,4 +128,6 @@ void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self, void nm_supplicant_interface_set_fast_support (NMSupplicantInterface *self, NMSupplicantFeature fast_support); +void nm_supplicant_interface_set_pmf_support (NMSupplicantInterface *self, + NMSupplicantFeature pmf_support); #endif /* __NM_SUPPLICANT_INTERFACE_H__ */ diff --git a/src/supplicant/nm-supplicant-manager.c b/src/supplicant/nm-supplicant-manager.c index 49650ab714..0f2eb63a62 100644 --- a/src/supplicant/nm-supplicant-manager.c +++ b/src/supplicant/nm-supplicant-manager.c @@ -39,6 +39,7 @@ typedef struct { GSList *ifaces; NMSupplicantFeature fast_support; NMSupplicantFeature ap_support; + NMSupplicantFeature pmf_support; guint die_count_reset_id; guint die_count; } NMSupplicantManagerPrivate; @@ -159,7 +160,8 @@ nm_supplicant_manager_create_interface (NMSupplicantManager *self, iface = nm_supplicant_interface_new (ifname, driver, priv->fast_support, - priv->ap_support); + priv->ap_support, + priv->pmf_support); priv->ifaces = g_slist_prepend (priv->ifaces, iface); g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self); @@ -193,28 +195,37 @@ update_capabilities (NMSupplicantManager *self) * dbus: Add global capabilities property */ priv->ap_support = NM_SUPPLICANT_FEATURE_UNKNOWN; + priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN; value = g_dbus_proxy_get_cached_property (priv->proxy, "Capabilities"); if (value) { if (g_variant_is_of_type (value, G_VARIANT_TYPE_STRING_ARRAY)) { array = g_variant_get_strv (value, NULL); priv->ap_support = NM_SUPPLICANT_FEATURE_NO; + priv->pmf_support = NM_SUPPLICANT_FEATURE_NO; if (array) { if (g_strv_contains (array, "ap")) priv->ap_support = NM_SUPPLICANT_FEATURE_YES; + if (g_strv_contains (array, "pmf")) + priv->pmf_support = NM_SUPPLICANT_FEATURE_YES; g_free (array); } } g_variant_unref (value); } - /* Tell all interfaces about results of the AP check */ - for (ifaces = priv->ifaces; ifaces; ifaces = ifaces->next) + /* Tell all interfaces about results of the AP/PMF check */ + for (ifaces = priv->ifaces; ifaces; ifaces = ifaces->next) { nm_supplicant_interface_set_ap_support (ifaces->data, priv->ap_support); + nm_supplicant_interface_set_pmf_support (ifaces->data, priv->pmf_support); + } _LOGD ("AP mode is %ssupported", (priv->ap_support == NM_SUPPLICANT_FEATURE_YES) ? "" : (priv->ap_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly "); + _LOGD ("PMF is %ssupported", + (priv->pmf_support == NM_SUPPLICANT_FEATURE_YES) ? "" : + (priv->pmf_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly "); /* EAP-FAST */ priv->fast_support = NM_SUPPLICANT_FEATURE_NO; @@ -337,6 +348,7 @@ name_owner_cb (GDBusProxy *proxy, GParamSpec *pspec, gpointer user_data) priv->ap_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->fast_support = NM_SUPPLICANT_FEATURE_UNKNOWN; + priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN; set_running (self, FALSE); } diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index ce3e46d8dc..fd5b06eacf 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -71,7 +71,9 @@ static const struct validate_entry validate_table[] = { const char * pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL }; const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL }; const char * proto_allowed[] = { "WPA", "RSN", NULL }; -const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-EAP", "IEEE8021X", "WPA-NONE", +const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", + "WPA-EAP", "WPA-EAP-SHA256", + "IEEE8021X", "WPA-NONE", "NONE", NULL }; const char * auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL }; const char * eap_allowed[] = { "LEAP", "MD5", "TLS", "PEAP", "TTLS", "SIM", |