Commit 30fe3e18 authored by Dan Williams's avatar Dan Williams

wifi: only request new secrets during the initial connection

Don't automatically request new secrets just because previous
attempts to connect failed, since this could be due to many
other things than bad secrets.  Only request new secrets if
the caller of handle_auth_or_fail() specifically wants them.

Next, if the supplicant fails the initial association attempt
with an encrypted AP, only ask for new secrets if this is the
first time we're trying to connect to this network.  Otherwise
we assume the secrets good; if they aren't, the user should
change them through a configuration editor.

These changes should dramatically cut down the number of
unwanted secrets requests due to random driver failures, weak
AP signal strength, or out-of-range APs.
parent 85a7286f
...@@ -2518,10 +2518,7 @@ handle_auth_or_fail (NMDeviceWifi *self, ...@@ -2518,10 +2518,7 @@ handle_auth_or_fail (NMDeviceWifi *self,
if (setting_name) { if (setting_name) {
NMSettingsGetSecretsFlags flags = NM_SETTINGS_GET_SECRETS_FLAG_ALLOW_INTERACTION; NMSettingsGetSecretsFlags flags = NM_SETTINGS_GET_SECRETS_FLAG_ALLOW_INTERACTION;
/* If the caller doesn't necessarily want completely new secrets, if (new_secrets)
* only ask for new secrets after the first failure.
*/
if (new_secrets || tries)
flags |= NM_SETTINGS_GET_SECRETS_FLAG_REQUEST_NEW; flags |= NM_SETTINGS_GET_SECRETS_FLAG_REQUEST_NEW;
nm_act_request_get_secrets (req, setting_name, flags, NULL, wifi_secrets_cb, self); nm_act_request_get_secrets (req, setting_name, flags, NULL, wifi_secrets_cb, self);
...@@ -2606,6 +2603,9 @@ supplicant_connection_timeout_cb (gpointer user_data) ...@@ -2606,6 +2603,9 @@ supplicant_connection_timeout_cb (gpointer user_data)
} }
if (is_encrypted (ap, connection)) { if (is_encrypted (ap, connection)) {
guint64 timestamp = 0;
gboolean new_secrets = TRUE;
/* Connection failed; either driver problems, the encryption key is /* Connection failed; either driver problems, the encryption key is
* wrong, or the passwords or certificates were wrong. * wrong, or the passwords or certificates were wrong.
*/ */
...@@ -2613,7 +2613,15 @@ supplicant_connection_timeout_cb (gpointer user_data) ...@@ -2613,7 +2613,15 @@ supplicant_connection_timeout_cb (gpointer user_data)
"Activation (%s/wireless): association took too long.", "Activation (%s/wireless): association took too long.",
nm_device_get_iface (dev)); nm_device_get_iface (dev));
if (handle_auth_or_fail (self, req, TRUE) == NM_ACT_STAGE_RETURN_POSTPONE) { /* Ask for new secrets only if we've never activated this connection
* before. If we've connected before, don't bother the user with
* dialogs, just retry or fail, and if we never connect the user can
* fix the password somewhere else.
*/
if (nm_settings_connection_get_timestamp (NM_SETTINGS_CONNECTION (connection), &timestamp))
new_secrets = !timestamp;
if (handle_auth_or_fail (self, req, new_secrets) == NM_ACT_STAGE_RETURN_POSTPONE) {
nm_log_warn (LOGD_DEVICE | LOGD_WIFI, nm_log_warn (LOGD_DEVICE | LOGD_WIFI,
"Activation (%s/wireless): asking for new secrets", "Activation (%s/wireless): asking for new secrets",
nm_device_get_iface (dev)); nm_device_get_iface (dev));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment