Commit 03c2949a authored by Beniamino Galvani's avatar Beniamino Galvani

wifi: merge branch 'bg/wifi-pmf-bgo748367'

Support for 802.11w (Protected Management Frames).

https://bugzilla.gnome.org/show_bug.cgi?id=748367
parents fff918ec 72cfa1f4
...@@ -1325,3 +1325,31 @@ nm_supplicant_config_add_no_security (NMSupplicantConfig *self, GError **error) ...@@ -1325,3 +1325,31 @@ nm_supplicant_config_add_no_security (NMSupplicantConfig *self, GError **error)
return nm_supplicant_config_add_option (self, "key_mgmt", "NONE", -1, NULL, error); return nm_supplicant_config_add_option (self, "key_mgmt", "NONE", -1, NULL, error);
} }
gboolean
nm_supplicant_config_enable_pmf_akm (NMSupplicantConfig *self, GError **error)
{
NMSupplicantConfigPrivate *priv;
ConfigOption *option;
g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE);
g_return_val_if_fail (!error || !*error, FALSE);
priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self);
option = g_hash_table_lookup (priv->config, "key_mgmt");
if (!option)
return TRUE;
if (nm_streq0 (option->value, "WPA-PSK")) {
g_hash_table_remove (priv->config, "key_mgmt");
if (!nm_supplicant_config_add_option (self, "key_mgmt", "WPA-PSK WPA-PSK-SHA256", -1, NULL, error))
return FALSE;
} else if (nm_streq0 (option->value, "WPA-EAP")) {
g_hash_table_remove (priv->config, "key_mgmt");
if (!nm_supplicant_config_add_option (self, "key_mgmt", "WPA-EAP WPA-EAP-SHA256", -1, NULL, error))
return FALSE;
}
return TRUE;
}
...@@ -76,4 +76,6 @@ gboolean nm_supplicant_config_add_setting_macsec (NMSupplicantConfig *self, ...@@ -76,4 +76,6 @@ gboolean nm_supplicant_config_add_setting_macsec (NMSupplicantConfig *self,
NMSettingMacsec *setting, NMSettingMacsec *setting,
GError **error); GError **error);
gboolean nm_supplicant_config_enable_pmf_akm (NMSupplicantConfig *self,
GError **error);
#endif /* __NETWORKMANAGER_SUPPLICANT_CONFIG_H__ */ #endif /* __NETWORKMANAGER_SUPPLICANT_CONFIG_H__ */
...@@ -80,6 +80,7 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMSupplicantInterface, ...@@ -80,6 +80,7 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMSupplicantInterface,
PROP_DRIVER, PROP_DRIVER,
PROP_FAST_SUPPORT, PROP_FAST_SUPPORT,
PROP_AP_SUPPORT, PROP_AP_SUPPORT,
PROP_PMF_SUPPORT,
); );
typedef struct { typedef struct {
...@@ -88,6 +89,7 @@ typedef struct { ...@@ -88,6 +89,7 @@ typedef struct {
gboolean has_credreq; /* Whether querying 802.1x credentials is supported */ gboolean has_credreq; /* Whether querying 802.1x credentials is supported */
NMSupplicantFeature fast_support; NMSupplicantFeature fast_support;
NMSupplicantFeature ap_support; /* Lightweight AP mode support */ NMSupplicantFeature ap_support; /* Lightweight AP mode support */
NMSupplicantFeature pmf_support;
guint32 max_scan_ssids; guint32 max_scan_ssids;
guint32 ready_count; guint32 ready_count;
...@@ -470,6 +472,30 @@ iface_check_ready (NMSupplicantInterface *self) ...@@ -470,6 +472,30 @@ iface_check_ready (NMSupplicantInterface *self)
} }
} }
static void
set_pmf_cb (GDBusProxy *proxy, GAsyncResult *result, gpointer user_data)
{
NMSupplicantInterface *self;
NMSupplicantInterfacePrivate *priv;
gs_unref_variant GVariant *reply = NULL;
gs_free_error GError *error = NULL;
reply = g_dbus_proxy_call_finish (proxy, result, &error);
if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
return;
self = NM_SUPPLICANT_INTERFACE (user_data);
priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
if (!reply) {
g_dbus_error_strip_remote_error (error);
_LOGW ("couldn't enable PMF: %s", error->message);
return;
}
_LOGD ("PMF enabled");
}
gboolean gboolean
nm_supplicant_interface_credentials_reply (NMSupplicantInterface *self, nm_supplicant_interface_credentials_reply (NMSupplicantInterface *self,
const char *field, const char *field,
...@@ -563,6 +589,15 @@ nm_supplicant_interface_set_fast_support (NMSupplicantInterface *self, ...@@ -563,6 +589,15 @@ nm_supplicant_interface_set_fast_support (NMSupplicantInterface *self,
priv->fast_support = fast_support; priv->fast_support = fast_support;
} }
void
nm_supplicant_interface_set_pmf_support (NMSupplicantInterface *self,
NMSupplicantFeature pmf_support)
{
NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
priv->pmf_support = pmf_support;
}
static void static void
iface_introspect_cb (GDBusProxy *proxy, GAsyncResult *result, gpointer user_data) iface_introspect_cb (GDBusProxy *proxy, GAsyncResult *result, gpointer user_data)
{ {
...@@ -784,7 +819,7 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_ ...@@ -784,7 +819,7 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_
/* Scan result aging parameters */ /* Scan result aging parameters */
g_dbus_proxy_call (priv->iface_proxy, g_dbus_proxy_call (priv->iface_proxy,
"org.freedesktop.DBus.Properties.Set", DBUS_INTERFACE_PROPERTIES ".Set",
g_variant_new ("(ssv)", g_variant_new ("(ssv)",
WPAS_DBUS_IFACE_INTERFACE, WPAS_DBUS_IFACE_INTERFACE,
"BSSExpireAge", "BSSExpireAge",
...@@ -795,7 +830,7 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_ ...@@ -795,7 +830,7 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_
NULL, NULL,
NULL); NULL);
g_dbus_proxy_call (priv->iface_proxy, g_dbus_proxy_call (priv->iface_proxy,
"org.freedesktop.DBus.Properties.Set", DBUS_INTERFACE_PROPERTIES ".Set",
g_variant_new ("(ssv)", g_variant_new ("(ssv)",
WPAS_DBUS_IFACE_INTERFACE, WPAS_DBUS_IFACE_INTERFACE,
"BSSExpireCount", "BSSExpireCount",
...@@ -806,6 +841,21 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_ ...@@ -806,6 +841,21 @@ on_iface_proxy_acquired (GDBusProxy *proxy, GAsyncResult *result, gpointer user_
NULL, NULL,
NULL); NULL);
if ( priv->pmf_support
&& priv->driver == NM_SUPPLICANT_DRIVER_WIRELESS) {
g_dbus_proxy_call (priv->iface_proxy,
DBUS_INTERFACE_PROPERTIES ".Set",
g_variant_new ("(ssv)",
WPAS_DBUS_IFACE_INTERFACE,
"Pmf",
g_variant_new_uint32 (1)),
G_DBUS_CALL_FLAGS_NONE,
-1,
priv->init_cancellable,
(GAsyncReadyCallback) set_pmf_cb,
self);
}
/* Check whether NetworkReply and AP mode are supported */ /* Check whether NetworkReply and AP mode are supported */
priv->ready_count = 1; priv->ready_count = 1;
g_dbus_proxy_call (priv->iface_proxy, g_dbus_proxy_call (priv->iface_proxy,
...@@ -1374,6 +1424,7 @@ nm_supplicant_interface_assoc (NMSupplicantInterface *self, ...@@ -1374,6 +1424,7 @@ nm_supplicant_interface_assoc (NMSupplicantInterface *self,
{ {
NMSupplicantInterfacePrivate *priv; NMSupplicantInterfacePrivate *priv;
AssocData *assoc_data; AssocData *assoc_data;
GError *error = NULL;
g_return_if_fail (NM_IS_SUPPLICANT_INTERFACE (self)); g_return_if_fail (NM_IS_SUPPLICANT_INTERFACE (self));
g_return_if_fail (NM_IS_SUPPLICANT_CONFIG (cfg)); g_return_if_fail (NM_IS_SUPPLICANT_CONFIG (cfg));
...@@ -1390,6 +1441,14 @@ nm_supplicant_interface_assoc (NMSupplicantInterface *self, ...@@ -1390,6 +1441,14 @@ nm_supplicant_interface_assoc (NMSupplicantInterface *self,
assoc_data->callback = callback; assoc_data->callback = callback;
assoc_data->user_data = user_data; assoc_data->user_data = user_data;
if ( priv->driver == NM_SUPPLICANT_DRIVER_WIRELESS
&& priv->pmf_support == NM_SUPPLICANT_FEATURE_YES) {
if (!nm_supplicant_config_enable_pmf_akm (cfg, &error)) {
_LOGW ("could not enable PMF AKMs in config: %s", error->message);
g_error_free (error);
}
}
_LOGD ("assoc[%p]: starting association...", assoc_data); _LOGD ("assoc[%p]: starting association...", assoc_data);
/* Make sure the supplicant supports EAP-FAST before trying to send /* Make sure the supplicant supports EAP-FAST before trying to send
...@@ -1559,6 +1618,10 @@ set_property (GObject *object, ...@@ -1559,6 +1618,10 @@ set_property (GObject *object,
/* construct-only */ /* construct-only */
priv->ap_support = g_value_get_int (value); priv->ap_support = g_value_get_int (value);
break; break;
case PROP_PMF_SUPPORT:
/* construct-only */
priv->pmf_support = g_value_get_int (value);
break;
default: default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break; break;
...@@ -1578,7 +1641,8 @@ NMSupplicantInterface * ...@@ -1578,7 +1641,8 @@ NMSupplicantInterface *
nm_supplicant_interface_new (const char *ifname, nm_supplicant_interface_new (const char *ifname,
NMSupplicantDriver driver, NMSupplicantDriver driver,
NMSupplicantFeature fast_support, NMSupplicantFeature fast_support,
NMSupplicantFeature ap_support) NMSupplicantFeature ap_support,
NMSupplicantFeature pmf_support)
{ {
g_return_val_if_fail (ifname != NULL, NULL); g_return_val_if_fail (ifname != NULL, NULL);
...@@ -1587,6 +1651,7 @@ nm_supplicant_interface_new (const char *ifname, ...@@ -1587,6 +1651,7 @@ nm_supplicant_interface_new (const char *ifname,
NM_SUPPLICANT_INTERFACE_DRIVER, (guint) driver, NM_SUPPLICANT_INTERFACE_DRIVER, (guint) driver,
NM_SUPPLICANT_INTERFACE_FAST_SUPPORT, (int) fast_support, NM_SUPPLICANT_INTERFACE_FAST_SUPPORT, (int) fast_support,
NM_SUPPLICANT_INTERFACE_AP_SUPPORT, (int) ap_support, NM_SUPPLICANT_INTERFACE_AP_SUPPORT, (int) ap_support,
NM_SUPPLICANT_INTERFACE_PMF_SUPPORT, (int) pmf_support,
NULL); NULL);
} }
...@@ -1668,6 +1733,14 @@ nm_supplicant_interface_class_init (NMSupplicantInterfaceClass *klass) ...@@ -1668,6 +1733,14 @@ nm_supplicant_interface_class_init (NMSupplicantInterfaceClass *klass)
G_PARAM_WRITABLE | G_PARAM_WRITABLE |
G_PARAM_CONSTRUCT_ONLY | G_PARAM_CONSTRUCT_ONLY |
G_PARAM_STATIC_STRINGS); G_PARAM_STATIC_STRINGS);
obj_properties[PROP_PMF_SUPPORT] =
g_param_spec_int (NM_SUPPLICANT_INTERFACE_PMF_SUPPORT, "", "",
NM_SUPPLICANT_FEATURE_UNKNOWN,
NM_SUPPLICANT_FEATURE_YES,
NM_SUPPLICANT_FEATURE_UNKNOWN,
G_PARAM_WRITABLE |
G_PARAM_CONSTRUCT_ONLY |
G_PARAM_STATIC_STRINGS);
g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties); g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties);
......
...@@ -60,6 +60,7 @@ typedef enum { ...@@ -60,6 +60,7 @@ typedef enum {
#define NM_SUPPLICANT_INTERFACE_DRIVER "driver" #define NM_SUPPLICANT_INTERFACE_DRIVER "driver"
#define NM_SUPPLICANT_INTERFACE_FAST_SUPPORT "fast-support" #define NM_SUPPLICANT_INTERFACE_FAST_SUPPORT "fast-support"
#define NM_SUPPLICANT_INTERFACE_AP_SUPPORT "ap-support" #define NM_SUPPLICANT_INTERFACE_AP_SUPPORT "ap-support"
#define NM_SUPPLICANT_INTERFACE_PMF_SUPPORT "pmf-support"
/* Signals */ /* Signals */
#define NM_SUPPLICANT_INTERFACE_STATE "state" #define NM_SUPPLICANT_INTERFACE_STATE "state"
...@@ -76,7 +77,8 @@ GType nm_supplicant_interface_get_type (void); ...@@ -76,7 +77,8 @@ GType nm_supplicant_interface_get_type (void);
NMSupplicantInterface * nm_supplicant_interface_new (const char *ifname, NMSupplicantInterface * nm_supplicant_interface_new (const char *ifname,
NMSupplicantDriver driver, NMSupplicantDriver driver,
NMSupplicantFeature fast_support, NMSupplicantFeature fast_support,
NMSupplicantFeature ap_support); NMSupplicantFeature ap_support,
NMSupplicantFeature pmf_support);
void nm_supplicant_interface_set_supplicant_available (NMSupplicantInterface *self, void nm_supplicant_interface_set_supplicant_available (NMSupplicantInterface *self,
gboolean available); gboolean available);
...@@ -126,4 +128,6 @@ void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self, ...@@ -126,4 +128,6 @@ void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self,
void nm_supplicant_interface_set_fast_support (NMSupplicantInterface *self, void nm_supplicant_interface_set_fast_support (NMSupplicantInterface *self,
NMSupplicantFeature fast_support); NMSupplicantFeature fast_support);
void nm_supplicant_interface_set_pmf_support (NMSupplicantInterface *self,
NMSupplicantFeature pmf_support);
#endif /* __NM_SUPPLICANT_INTERFACE_H__ */ #endif /* __NM_SUPPLICANT_INTERFACE_H__ */
...@@ -39,6 +39,7 @@ typedef struct { ...@@ -39,6 +39,7 @@ typedef struct {
GSList *ifaces; GSList *ifaces;
NMSupplicantFeature fast_support; NMSupplicantFeature fast_support;
NMSupplicantFeature ap_support; NMSupplicantFeature ap_support;
NMSupplicantFeature pmf_support;
guint die_count_reset_id; guint die_count_reset_id;
guint die_count; guint die_count;
} NMSupplicantManagerPrivate; } NMSupplicantManagerPrivate;
...@@ -159,7 +160,8 @@ nm_supplicant_manager_create_interface (NMSupplicantManager *self, ...@@ -159,7 +160,8 @@ nm_supplicant_manager_create_interface (NMSupplicantManager *self,
iface = nm_supplicant_interface_new (ifname, iface = nm_supplicant_interface_new (ifname,
driver, driver,
priv->fast_support, priv->fast_support,
priv->ap_support); priv->ap_support,
priv->pmf_support);
priv->ifaces = g_slist_prepend (priv->ifaces, iface); priv->ifaces = g_slist_prepend (priv->ifaces, iface);
g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self); g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self);
...@@ -193,28 +195,37 @@ update_capabilities (NMSupplicantManager *self) ...@@ -193,28 +195,37 @@ update_capabilities (NMSupplicantManager *self)
* dbus: Add global capabilities property * dbus: Add global capabilities property
*/ */
priv->ap_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->ap_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
value = g_dbus_proxy_get_cached_property (priv->proxy, "Capabilities"); value = g_dbus_proxy_get_cached_property (priv->proxy, "Capabilities");
if (value) { if (value) {
if (g_variant_is_of_type (value, G_VARIANT_TYPE_STRING_ARRAY)) { if (g_variant_is_of_type (value, G_VARIANT_TYPE_STRING_ARRAY)) {
array = g_variant_get_strv (value, NULL); array = g_variant_get_strv (value, NULL);
priv->ap_support = NM_SUPPLICANT_FEATURE_NO; priv->ap_support = NM_SUPPLICANT_FEATURE_NO;
priv->pmf_support = NM_SUPPLICANT_FEATURE_NO;
if (array) { if (array) {
if (g_strv_contains (array, "ap")) if (g_strv_contains (array, "ap"))
priv->ap_support = NM_SUPPLICANT_FEATURE_YES; priv->ap_support = NM_SUPPLICANT_FEATURE_YES;
if (g_strv_contains (array, "pmf"))
priv->pmf_support = NM_SUPPLICANT_FEATURE_YES;
g_free (array); g_free (array);
} }
} }
g_variant_unref (value); g_variant_unref (value);
} }
/* Tell all interfaces about results of the AP check */ /* Tell all interfaces about results of the AP/PMF check */
for (ifaces = priv->ifaces; ifaces; ifaces = ifaces->next) for (ifaces = priv->ifaces; ifaces; ifaces = ifaces->next) {
nm_supplicant_interface_set_ap_support (ifaces->data, priv->ap_support); nm_supplicant_interface_set_ap_support (ifaces->data, priv->ap_support);
nm_supplicant_interface_set_pmf_support (ifaces->data, priv->pmf_support);
}
_LOGD ("AP mode is %ssupported", _LOGD ("AP mode is %ssupported",
(priv->ap_support == NM_SUPPLICANT_FEATURE_YES) ? "" : (priv->ap_support == NM_SUPPLICANT_FEATURE_YES) ? "" :
(priv->ap_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly "); (priv->ap_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly ");
_LOGD ("PMF is %ssupported",
(priv->pmf_support == NM_SUPPLICANT_FEATURE_YES) ? "" :
(priv->pmf_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly ");
/* EAP-FAST */ /* EAP-FAST */
priv->fast_support = NM_SUPPLICANT_FEATURE_NO; priv->fast_support = NM_SUPPLICANT_FEATURE_NO;
...@@ -337,6 +348,7 @@ name_owner_cb (GDBusProxy *proxy, GParamSpec *pspec, gpointer user_data) ...@@ -337,6 +348,7 @@ name_owner_cb (GDBusProxy *proxy, GParamSpec *pspec, gpointer user_data)
priv->ap_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->ap_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
priv->fast_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->fast_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
set_running (self, FALSE); set_running (self, FALSE);
} }
......
...@@ -71,7 +71,9 @@ static const struct validate_entry validate_table[] = { ...@@ -71,7 +71,9 @@ static const struct validate_entry validate_table[] = {
const char * pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL }; const char * pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL };
const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL }; const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL };
const char * proto_allowed[] = { "WPA", "RSN", NULL }; const char * proto_allowed[] = { "WPA", "RSN", NULL };
const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-EAP", "IEEE8021X", "WPA-NONE", const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256",
"WPA-EAP", "WPA-EAP-SHA256",
"IEEE8021X", "WPA-NONE",
"NONE", NULL }; "NONE", NULL };
const char * auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL }; const char * auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL };
const char * eap_allowed[] = { "LEAP", "MD5", "TLS", "PEAP", "TTLS", "SIM", const char * eap_allowed[] = { "LEAP", "MD5", "TLS", "PEAP", "TTLS", "SIM",
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment