diff options
author | Lubomir Rintel <lkundrak@v3.sk> | 2022-03-08 12:21:48 +0100 |
---|---|---|
committer | Lubomir Rintel <lkundrak@v3.sk> | 2022-03-17 12:44:53 +0100 |
commit | feee84aac42737ee381b35d4c1bea4927ebbe4e3 (patch) | |
tree | 6ba76d40f0db8fa80723ea8e011d98b03fc60d80 | |
parent | 41d03a1b17ac3119a76f49e2c40f5d12d2cec544 (diff) |
wifi: mark WEP connections incompatible if supplicant lacks capabilitylr/supplicant-wep
This allows us to reject activation of WEP profiles very early,
also providing a reasonable error code to the client:
$ nmcli d wifi connect test
Error: Failed to add/activate new connection: wpa_supplicant does not support WEP encryption
-rw-r--r-- | src/core/devices/wifi/nm-device-wifi.c | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/src/core/devices/wifi/nm-device-wifi.c b/src/core/devices/wifi/nm-device-wifi.c index 314ba56688..5c40df622b 100644 --- a/src/core/devices/wifi/nm-device-wifi.c +++ b/src/core/devices/wifi/nm-device-wifi.c @@ -978,14 +978,16 @@ deactivate_reset_hw_addr(NMDevice *device) static gboolean check_connection_compatible(NMDevice *device, NMConnection *connection, GError **error) { - NMDeviceWifi *self = NM_DEVICE_WIFI(device); - NMDeviceWifiPrivate *priv = NM_DEVICE_WIFI_GET_PRIVATE(self); - NMSettingWireless *s_wireless; - const char *mac; - const char *const *mac_blacklist; - int i; - const char *mode; - const char *perm_hw_addr; + NMDeviceWifi *self = NM_DEVICE_WIFI(device); + NMDeviceWifiPrivate *priv = NM_DEVICE_WIFI_GET_PRIVATE(self); + NMSettingWireless *s_wireless; + NMSettingWirelessSecurity *s_wsec; + const char *mac; + const char *const *mac_blacklist; + int i; + const char *mode; + const char *perm_hw_addr; + const char *key_mgmt; if (!NM_DEVICE_CLASS(nm_device_wifi_parent_class) ->check_connection_compatible(device, connection, error)) @@ -1070,6 +1072,20 @@ check_connection_compatible(NMDevice *device, NMConnection *connection, GError * } } + s_wsec = nm_connection_get_setting_wireless_security(connection); + if (s_wsec) { + key_mgmt = nm_setting_wireless_security_get_key_mgmt(s_wsec); + + if (nm_supplicant_interface_get_capability(priv->sup_iface, NM_SUPPL_CAP_TYPE_WEP) + == NM_TERNARY_FALSE + && NM_IN_STRSET(key_mgmt, "ieee8021x", "none")) { + nm_utils_error_set_literal(error, + NM_UTILS_ERROR_CONNECTION_AVAILABLE_TEMPORARY, + "wpa_supplicant does not support WEP encryption"); + return FALSE; + } + } + // FIXME: check channel/freq/band against bands the hardware supports // FIXME: check encryption against device capabilities // FIXME: check bitrate against device capabilities |