From: Nicolas Cavallari <caval...@lri.fr> This completely removes Ad-Hoc WPA-None support, as it is not supported by the linux kernel since a long time, have never been standardized and other vendors already removed support for it since a long time. The security of the protocol is also comparable to WEP, especially when used with TKIP.
Instead, the standard-compliant WPA2/RSN protocol is used for IBSS/Ad-Hoc mode. Compared to WPA-None, this protocol uses the classical Four Way Handshake for security association and features replay protection. IBSS RSN-PSK requires wpa_supplicant 1.0 and a recent enough kernel (best with >= 3.2, 3.0 is still fine) wpa_supplicant only supports the CCMP cipher when operating in Ad-Hoc mode; if another cipher is requested, wpa_supplicant will use CCMP anyway). IBSS RSN will only be used when mode=adhoc and key_mgmt=wpa-psk and only if the device claims support for it via nl80211. --- I tested most of it, but haven't tested everything, especially the various settings plugins. include/NetworkManager.h | 4 +- libnm-glib/nm-device-wifi.c | 3 +- libnm-util/nm-setting-wireless-security.c | 49 +++++--------------- libnm-util/nm-setting-wireless.c | 13 +++--- libnm-util/nm-utils.c | 29 ++++-------- src/nm-wifi-ap-utils.c | 47 +++++++------------ src/nm-wifi-ap.c | 41 +++++++--------- src/settings/plugins/ifcfg-rh/reader.c | 13 ++---- src/settings/plugins/ifcfg-rh/writer.c | 2 +- src/settings/plugins/ifnet/connection_parser.c | 48 ++++++++----------- .../plugins/ifnet/tests/wpa_supplicant.conf | 10 ++-- src/supplicant-manager/nm-supplicant-config.c | 3 +- .../nm-supplicant-settings-verify.c | 2 +- src/wifi/wifi-utils-nl80211.c | 3 ++ 14 files changed, 101 insertions(+), 166 deletions(-) diff --git a/include/NetworkManager.h b/include/NetworkManager.h index bb67b8f..b35c097 100644 --- a/include/NetworkManager.h +++ b/include/NetworkManager.h @@ -155,6 +155,7 @@ typedef enum { * @NM_WIFI_DEVICE_CAP_WPA: device supports WPA1 authentication * @NM_WIFI_DEVICE_CAP_RSN: device supports WPA2/RSN authentication * @NM_WIFI_DEVICE_CAP_AP: device supports Access Point mode + * @NM_WIFI_DEVICE_CAP_IBSS_RSN: device supports WPA2/RSN in an IBSS network. * * 802.11 specific device encryption and authentication capabilities. **/ @@ -166,7 +167,8 @@ typedef enum { NM_WIFI_DEVICE_CAP_CIPHER_CCMP = 0x00000008, NM_WIFI_DEVICE_CAP_WPA = 0x00000010, NM_WIFI_DEVICE_CAP_RSN = 0x00000020, - NM_WIFI_DEVICE_CAP_AP = 0x00000040 + NM_WIFI_DEVICE_CAP_AP = 0x00000040, + NM_WIFI_DEVICE_CAP_IBSS_RSN = 0x00000080 } NMDeviceWifiCapabilities; diff --git a/libnm-glib/nm-device-wifi.c b/libnm-glib/nm-device-wifi.c index 0058fd1..3e0fac2 100644 --- a/libnm-glib/nm-device-wifi.c +++ b/libnm-glib/nm-device-wifi.c @@ -463,8 +463,7 @@ connection_compatible (NMDevice *device, NMConnection *connection, GError **erro if (s_wsec) { /* Connection has security, verify it against the device's capabilities */ key_mgmt = nm_setting_wireless_security_get_key_mgmt (s_wsec); - if ( !g_strcmp0 (key_mgmt, "wpa-none") - || !g_strcmp0 (key_mgmt, "wpa-psk") + if ( !g_strcmp0 (key_mgmt, "wpa-psk") || !g_strcmp0 (key_mgmt, "wpa-eap")) { /* Is device only WEP capable? */ diff --git a/libnm-util/nm-setting-wireless-security.c b/libnm-util/nm-setting-wireless-security.c index 336773c..3372394 100644 --- a/libnm-util/nm-setting-wireless-security.c +++ b/libnm-util/nm-setting-wireless-security.c @@ -785,8 +785,7 @@ need_secrets (NMSetting *setting) } /* WPA-PSK infrastructure and adhoc */ - if ( (strcmp (priv->key_mgmt, "wpa-none") == 0) - || (strcmp (priv->key_mgmt, "wpa-psk") == 0)) { + if (strcmp (priv->key_mgmt, "wpa-psk") == 0) { if (!verify_wpa_psk (priv->psk)) { g_ptr_array_add (secrets, NM_SETTING_WIRELESS_SECURITY_PSK); return secrets; @@ -834,7 +833,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) { NMSettingWirelessSecurity *self = NM_SETTING_WIRELESS_SECURITY (setting); NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (self); - const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-none", "wpa-psk", "wpa-eap", NULL }; + const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-psk", "wpa-eap", NULL }; const char *valid_auth_algs[] = { "open", "shared", "leap", NULL }; const char *valid_protos[] = { "wpa", "rsn", NULL }; const char *valid_pairwise[] = { "wep40", "wep104", "tkip", "ccmp", NULL }; @@ -970,38 +969,12 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) return FALSE; } - if (priv->pairwise) { - const char *wpa_none[] = { "wpa-none", NULL }; - - /* For ad-hoc connections, pairwise must be "none" */ - if (_nm_utils_string_in_list (priv->key_mgmt, wpa_none)) { - GSList *iter; - gboolean found = FALSE; - - for (iter = priv->pairwise; iter; iter = g_slist_next (iter)) { - if (!strcmp ((char *) iter->data, "none")) { - found = TRUE; - break; - } - } - - /* pairwise cipher list didn't contain "none", which is invalid - * for WPA adhoc connections. - */ - if (!found) { - g_set_error (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - NM_SETTING_WIRELESS_SECURITY_PAIRWISE); - return FALSE; - } - } else if (!_nm_utils_string_slist_validate (priv->pairwise, valid_pairwise)) { - g_set_error (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - NM_SETTING_WIRELESS_SECURITY_PAIRWISE); - return FALSE; - } + if (priv->pairwise && !_nm_utils_string_slist_validate (priv->pairwise, valid_pairwise)) { + g_set_error (error, + NM_SETTING_WIRELESS_SECURITY_ERROR, + NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, + NM_SETTING_WIRELESS_SECURITY_PAIRWISE); + return FALSE; } if (priv->group && !_nm_utils_string_slist_validate (priv->group, valid_groups)) { @@ -1273,7 +1246,7 @@ nm_setting_wireless_security_class_init (NMSettingWirelessSecurityClass *setting * NMSettingWirelessSecurity:key-mgmt: * * Key management used for the connection. One of 'none' (WEP), 'ieee8021x' - * (Dynamic WEP), 'wpa-none' (Ad-Hoc WPA-PSK), 'wpa-psk' (infrastructure + * (Dynamic WEP), 'wpa-psk' (infrastructure or Ad-Hoc * WPA-PSK), or 'wpa-eap' (WPA-Enterprise). This property must be set for * any WiFi connection that uses security. **/ @@ -1282,8 +1255,8 @@ nm_setting_wireless_security_class_init (NMSettingWirelessSecurityClass *setting g_param_spec_string (NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "Key management", "Key management used for the connection. One of " - "'none' (WEP), 'ieee8021x' (Dynamic WEP), 'wpa-none' " - "(WPA-PSK Ad-Hoc), 'wpa-psk' (infrastructure WPA-PSK), " + "'none' (WEP), 'ieee8021x' (Dynamic WEP), 'wpa-psk' " + "(infrastructure or Ad-Hoc WPA-PSK), " "or 'wpa-eap' (WPA-Enterprise). This property must " "be set for any WiFi connection that uses security.", NULL, diff --git a/libnm-util/nm-setting-wireless.c b/libnm-util/nm-setting-wireless.c index f9ed310..a0af1fe 100644 --- a/libnm-util/nm-setting-wireless.c +++ b/libnm-util/nm-setting-wireless.c @@ -184,12 +184,13 @@ nm_setting_wireless_ap_security_compatible (NMSettingWireless *s_wireless, } /* Adhoc WPA */ - if (!strcmp (key_mgmt, "wpa-none")) { - if (ap_mode != NM_802_11_MODE_ADHOC) - return FALSE; - // FIXME: validate ciphers if the BSSID actually puts WPA/RSN IE in - // it's beacon - return TRUE; + if (ap_mode == NM_802_11_MODE_ADHOC) { + if (!strcmp (key_mgmt, "wpa-psk")) { + // FIXME: validate ciphers if the BSSID actually puts WPA/RSN IE in + // it's beacon + return TRUE; + } + return FALSE; } /* Stuff after this point requires infrastructure */ diff --git a/libnm-util/nm-utils.c b/libnm-util/nm-utils.c index 607c0e6..fe1726f 100644 --- a/libnm-util/nm-utils.c +++ b/libnm-util/nm-utils.c @@ -1287,25 +1287,16 @@ nm_utils_security_valid (NMUtilsSecurityType type, case NMU_SEC_WPA_PSK: if (!(wifi_caps & NM_WIFI_DEVICE_CAP_WPA)) return FALSE; + if (adhoc) + return FALSE; if (have_ap) { - /* Ad-Hoc WPA APs won't necessarily have the PSK flag set, and - * they don't have any pairwise ciphers. */ - if (adhoc) { - if ( (ap_wpa & NM_802_11_AP_SEC_GROUP_TKIP) + if (ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_PSK) { + if ( (ap_wpa & NM_802_11_AP_SEC_PAIR_TKIP) && (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_TKIP)) return TRUE; - if ( (ap_wpa & NM_802_11_AP_SEC_GROUP_CCMP) + if ( (ap_wpa & NM_802_11_AP_SEC_PAIR_CCMP) && (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP)) return TRUE; - } else { - if (ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_PSK) { - if ( (ap_wpa & NM_802_11_AP_SEC_PAIR_TKIP) - && (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_TKIP)) - return TRUE; - if ( (ap_wpa & NM_802_11_AP_SEC_PAIR_CCMP) - && (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP)) - return TRUE; - } } return FALSE; } @@ -1314,12 +1305,12 @@ nm_utils_security_valid (NMUtilsSecurityType type, if (!(wifi_caps & NM_WIFI_DEVICE_CAP_RSN)) return FALSE; if (have_ap) { - /* Ad-Hoc WPA APs won't necessarily have the PSK flag set, and - * they don't have any pairwise ciphers, nor any RSA flags yet. */ if (adhoc) { - if (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_TKIP) - return TRUE; - if (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP) + if (!(wifi_caps & NM_WIFI_DEVICE_CAP_IBSS_RSN)) + return FALSE; + /* Ad-Hoc RSN peers may support TKIP, but we don't. */ + if ( (ap_rsn & NM_802_11_AP_SEC_PAIR_CCMP) + && (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP)) return TRUE; } else { if (ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_PSK) { diff --git a/src/nm-wifi-ap-utils.c b/src/nm-wifi-ap-utils.c index 215c493..ca0f47f 100644 --- a/src/nm-wifi-ap-utils.c +++ b/src/nm-wifi-ap-utils.c @@ -271,7 +271,7 @@ verify_wpa_psk (NMSettingWirelessSecurity *s_wsec, auth_alg = nm_setting_wireless_security_get_auth_alg (s_wsec); if (key_mgmt) { - if (!strcmp (key_mgmt, "wpa-psk") || !strcmp (key_mgmt, "wpa-none")) { + if (!strcmp (key_mgmt, "wpa-psk")) { if (s_8021x) { g_set_error_literal (error, NM_SETTING_WIRELESS_SECURITY_ERROR, @@ -290,43 +290,36 @@ verify_wpa_psk (NMSettingWirelessSecurity *s_wsec, } } - if (!strcmp (key_mgmt, "wpa-none")) { - if (!adhoc) { - g_set_error_literal (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - "WPA Ad-Hoc requires an Ad-Hoc mode AP"); - return FALSE; - } + if (adhoc && !strcmp(key_mgmt, "wpa-psk")) { - /* Ad-Hoc WPA requires 'wpa' proto, 'none' pairwise, and 'tkip' group */ + /* Ad-Hoc RSN requires 'rsn' proto, 'ccmp' pairwise, and 'ccmp' group */ n = nm_setting_wireless_security_get_num_protos (s_wsec); tmp = (n > 0) ? nm_setting_wireless_security_get_proto (s_wsec, 0) : NULL; - if (n > 1 || strcmp (tmp, "wpa")) { + if (n > 1 || strcmp (tmp, "rsn")) { g_set_error_literal (error, NM_SETTING_WIRELESS_SECURITY_ERROR, NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - "WPA Ad-Hoc requires 'wpa' proto"); + "WPA Ad-Hoc requires 'rsn' proto"); return FALSE; } n = nm_setting_wireless_security_get_num_pairwise (s_wsec); tmp = (n > 0) ? nm_setting_wireless_security_get_pairwise (s_wsec, 0) : NULL; - if (n > 1 || strcmp (tmp, "none")) { + if (n > 1 || strcmp (tmp, "ccmp")) { g_set_error_literal (error, NM_SETTING_WIRELESS_SECURITY_ERROR, NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - "WPA Ad-Hoc requires 'none' pairwise cipher"); + "WPA Ad-Hoc requires 'ccmp' pairwise cipher"); return FALSE; } n = nm_setting_wireless_security_get_num_groups (s_wsec); tmp = (n > 0) ? nm_setting_wireless_security_get_group (s_wsec, 0) : NULL; - if (n > 1 || strcmp (tmp, "tkip")) { + if (n > 1 || strcmp (tmp, "ccmp")) { g_set_error_literal (error, NM_SETTING_WIRELESS_SECURITY_ERROR, NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - "WPA Ad-Hoc requires 'tkip' group cipher"); + "WPA Ad-Hoc requires 'ccmp' group cipher"); return FALSE; } } @@ -419,7 +412,7 @@ verify_adhoc (NMSettingWirelessSecurity *s_wsec, } if (adhoc) { - if (key_mgmt && strcmp (key_mgmt, "wpa-none") && strcmp (key_mgmt, "none")) { + if (key_mgmt && strcmp (key_mgmt, "wpa-psk") && strcmp (key_mgmt, "none")) { g_set_error_literal (error, NM_SETTING_WIRELESS_SECURITY_ERROR, NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, @@ -450,14 +443,6 @@ verify_adhoc (NMSettingWirelessSecurity *s_wsec, "Ad-Hoc mode requires 'open' authentication"); return FALSE; } - } else { - if (key_mgmt && !strcmp (key_mgmt, "wpa-none")) { - g_set_error_literal (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - "AP mode is Infrastructure but setting requires Ad-Hoc security"); - return FALSE; - } } return TRUE; @@ -665,11 +650,13 @@ nm_ap_utils_complete_connection (const GByteArray *ap_ssid, return FALSE; if (adhoc) { - g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-none", NULL); - /* Ad-Hoc does not support RSN/WPA2 */ - nm_setting_wireless_security_add_proto (s_wsec, "wpa"); - nm_setting_wireless_security_add_pairwise (s_wsec, "none"); - nm_setting_wireless_security_add_group (s_wsec, "tkip"); + g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", + NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "open", + NULL); + /* Ad-Hoc does not support WPA-none anymore */ + nm_setting_wireless_security_add_proto (s_wsec, "rsn"); + nm_setting_wireless_security_add_pairwise (s_wsec, "ccmp"); + nm_setting_wireless_security_add_group (s_wsec, "ccmp"); } else if (s_8021x) { g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", diff --git a/src/nm-wifi-ap.c b/src/nm-wifi-ap.c index 6a60796..0a89bb6 100644 --- a/src/nm-wifi-ap.c +++ b/src/nm-wifi-ap.c @@ -628,6 +628,7 @@ nm_ap_new_fake_from_connection (NMConnection *connection) guint32 channel; NM80211ApSecurityFlags flags; gboolean psk = FALSE, eap = FALSE; + gboolean adhoc = FALSE; g_return_val_if_fail (connection != NULL, NULL); @@ -648,9 +649,10 @@ nm_ap_new_fake_from_connection (NMConnection *connection) if (mode) { if (!strcmp (mode, "infrastructure")) nm_ap_set_mode (ap, NM_802_11_MODE_INFRA); - else if (!strcmp (mode, "adhoc")) + else if (!strcmp (mode, "adhoc")) { nm_ap_set_mode (ap, NM_802_11_MODE_ADHOC); - else + adhoc = TRUE; + } else goto error; } else { nm_ap_set_mode (ap, NM_802_11_MODE_INFRA); @@ -684,7 +686,7 @@ nm_ap_new_fake_from_connection (NMConnection *connection) psk = !strcmp (key_mgmt, "wpa-psk"); eap = !strcmp (key_mgmt, "wpa-eap"); - if (psk || eap) { + if (!adhoc && (psk || eap)) { if (has_proto (s_wireless_sec, PROTO_WPA)) { flags = nm_ap_get_wpa_flags (ap); flags |= eap ? NM_802_11_AP_SEC_KEY_MGMT_802_1X : NM_802_11_AP_SEC_KEY_MGMT_PSK; @@ -698,42 +700,33 @@ nm_ap_new_fake_from_connection (NMConnection *connection) add_pair_ciphers (ap, s_wireless_sec); add_group_ciphers (ap, s_wireless_sec); - } else if (!strcmp (key_mgmt, "wpa-none")) { + } else if (adhoc && psk) { guint32 i; - /* Ad-Hoc has special requirements: proto=WPA, pairwise=(none), and - * group=TKIP/CCMP (but not both). + /* Ad-Hoc has special requirements: proto=RSN, pairwise=CCMP, and + * group=CCMP. */ flags = nm_ap_get_wpa_flags (ap); flags |= NM_802_11_AP_SEC_KEY_MGMT_PSK; - /* Clear ciphers; pairwise must be unset anyway, and group gets set below */ + /* Clear ciphers; only ccmp is supported anyway */ flags &= ~( NM_802_11_AP_SEC_PAIR_WEP40 | NM_802_11_AP_SEC_PAIR_WEP104 | NM_802_11_AP_SEC_PAIR_TKIP - | NM_802_11_AP_SEC_PAIR_CCMP | NM_802_11_AP_SEC_GROUP_WEP40 | NM_802_11_AP_SEC_GROUP_WEP104 - | NM_802_11_AP_SEC_GROUP_TKIP - | NM_802_11_AP_SEC_GROUP_CCMP); + | NM_802_11_AP_SEC_GROUP_TKIP); - for (i = 0; i < nm_setting_wireless_security_get_num_groups (s_wireless_sec); i++) { - if (!strcmp (nm_setting_wireless_security_get_group (s_wireless_sec, i), "ccmp")) { - flags |= NM_802_11_AP_SEC_GROUP_CCMP; - break; - } - } + flags |= NM_802_11_AP_SEC_GROUP_CCMP; + flags |= NM_802_11_AP_SEC_PAIR_CCMP; - /* Default to TKIP since not all WPA-capable cards can do CCMP */ - if (!(flags & NM_802_11_AP_SEC_GROUP_CCMP)) - flags |= NM_802_11_AP_SEC_GROUP_TKIP; + nm_ap_set_rsn_flags (ap, flags); - nm_ap_set_wpa_flags (ap, flags); - - /* Don't use Ad-Hoc RSN yet */ - nm_ap_set_rsn_flags (ap, NM_802_11_AP_SEC_NONE); - } + /* Don't use Ad-Hoc WPA anymore */ + nm_ap_set_wpa_flags (ap, NM_802_11_AP_SEC_NONE); + } else + goto error; done: return ap; diff --git a/src/settings/plugins/ifcfg-rh/reader.c b/src/settings/plugins/ifcfg-rh/reader.c index 6aa97f1..3fea7cd 100644 --- a/src/settings/plugins/ifcfg-rh/reader.c +++ b/src/settings/plugins/ifcfg-rh/reader.c @@ -1920,8 +1920,8 @@ fill_wpa_ciphers (shvarFile *ifcfg, PLUGIN_WARN (IFCFG_PLUGIN_NAME, " warning: ignoring group cipher '%s' (only one group cipher allowed in Ad-Hoc mode)", *iter); continue; - } else if (!group) { - PLUGIN_WARN (IFCFG_PLUGIN_NAME, " warning: ignoring pairwise cipher '%s' (pairwise not used in Ad-Hoc mode)", + } else if (!group && (i > 0)) { + PLUGIN_WARN (IFCFG_PLUGIN_NAME, " warning: ignoring pairwise cipher '%s' (only one pairwise cipher allowed in Ad-Hoc mode)", *iter); continue; } @@ -2707,8 +2707,8 @@ make_wpa_setting (shvarFile *ifcfg, /* WPA and/or RSN */ if (adhoc) { - /* Ad-Hoc mode only supports WPA proto for now */ - nm_setting_wireless_security_add_proto (wsec, "wpa"); + /* Ad-Hoc mode only supports RSN proto */ + nm_setting_wireless_security_add_proto (wsec, "rsn"); } else { char *allow_wpa, *allow_rsn; @@ -2747,10 +2747,7 @@ make_wpa_setting (shvarFile *ifcfg, } } - if (adhoc) - g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-none", NULL); - else - g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL); + g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL); } else if (!strcmp (value, "WPA-EAP") || !strcmp (value, "IEEE8021X")) { /* Adhoc mode is mutually exclusive with any 802.1x-based authentication */ if (adhoc) { diff --git a/src/settings/plugins/ifcfg-rh/writer.c b/src/settings/plugins/ifcfg-rh/writer.c index 26a1585..e4e719d 100644 --- a/src/settings/plugins/ifcfg-rh/writer.c +++ b/src/settings/plugins/ifcfg-rh/writer.c @@ -592,7 +592,7 @@ write_wireless_security_setting (NMConnection *connection, svSetValue (ifcfg, "KEY_MGMT", NULL, FALSE); wep = TRUE; *no_8021x = TRUE; - } else if (!strcmp (key_mgmt, "wpa-none") || !strcmp (key_mgmt, "wpa-psk")) { + } else if (!strcmp (key_mgmt, "wpa-psk")) { svSetValue (ifcfg, "KEY_MGMT", "WPA-PSK", FALSE); wpa = TRUE; *no_8021x = TRUE; diff --git a/src/settings/plugins/ifnet/connection_parser.c b/src/settings/plugins/ifnet/connection_parser.c index 78812f9..36af48b 100644 --- a/src/settings/plugins/ifnet/connection_parser.c +++ b/src/settings/plugins/ifnet/connection_parser.c @@ -1333,23 +1333,6 @@ fill_wpa_ciphers (const char *ssid, list = g_strsplit_set (value, " ", 0); for (iter = list; iter && *iter; iter++, i++) { - /* Ad-Hoc configurations cannot have pairwise ciphers, and can only - * have one group cipher. Ignore any additional group ciphers and - * any pairwise ciphers specified. - */ - if (adhoc) { - if (group && (i > 0)) { - PLUGIN_WARN (IFNET_PLUGIN_NAME, - " warning: ignoring group cipher '%s' (only one group cipher allowed in Ad-Hoc mode)", - *iter); - continue; - } else if (!group) { - PLUGIN_WARN (IFNET_PLUGIN_NAME, - " warning: ignoring pairwise cipher '%s' (pairwise not used in Ad-Hoc mode)", - *iter); - continue; - } - } if (!strcmp (*iter, "CCMP")) { if (group) @@ -1358,6 +1341,19 @@ fill_wpa_ciphers (const char *ssid, else nm_setting_wireless_security_add_pairwise (wsec, "ccmp"); + } else if (adhoc) { + /* Ad-Hoc configurations only support CCMP cipher for + * pairwise and group. + * Ignore any other group or pairwise ciphers specified. + */ + if (group) + PLUGIN_WARN (IFNET_PLUGIN_NAME, + " warning: ignoring group cipher '%s' (only ccmp cipher allowed in Ad-Hoc mode)", + eiter); + else if (!group) + PLUGIN_WARN (IFNET_PLUGIN_NAME, + " warning: ignoring pairwise cipher '%s' (only ccmp cipher allowed in Ad-Hoc mode)", + *iter); } else if (!strcmp (*iter, "TKIP")) { if (group) nm_setting_wireless_security_add_group (wsec, @@ -1498,8 +1494,8 @@ make_wpa_setting (const char *ssid, /* WPA and/or RSN */ if (adhoc) { - /* Ad-Hoc mode only supports WPA proto for now */ - nm_setting_wireless_security_add_proto (wsec, "wpa"); + /* Ad-Hoc mode only supports RSN proto */ + nm_setting_wireless_security_add_proto (wsec, "rsn"); } else { nm_setting_wireless_security_add_proto (wsec, "wpa"); nm_setting_wireless_security_add_proto (wsec, "rsn"); @@ -1515,14 +1511,9 @@ make_wpa_setting (const char *ssid, NULL); g_free (psk); - if (adhoc) - g_object_set (wsec, - NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, - "wpa-none", NULL); - else - g_object_set (wsec, - NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, - "wpa-psk", NULL); + g_object_set (wsec, + NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, + "wpa-psk", NULL); } else if (!strcmp (value, "WPA-EAP") || !strcmp (value, "IEEE8021X")) { if (adhoc) { g_set_error (error, ifnet_plugin_error_quark (), 0, @@ -2115,8 +2106,7 @@ write_wireless_security_setting (NMConnection * connection, wpa_set_data (conn_name, "key_mgmt", "NONE"); wep = TRUE; *no_8021x = TRUE; - } else if (!strcmp (key_mgmt, "wpa-none") - || !strcmp (key_mgmt, "wpa-psk")) { + } else if (!strcmp (key_mgmt, "wpa-psk")) { wpa_set_data (conn_name, "key_mgmt", "WPA-PSK"); wpa = TRUE; *no_8021x = TRUE; diff --git a/src/settings/plugins/ifnet/tests/wpa_supplicant.conf b/src/settings/plugins/ifnet/tests/wpa_supplicant.conf index 609ee0e..3a9f167 100644 --- a/src/settings/plugins/ifnet/tests/wpa_supplicant.conf +++ b/src/settings/plugins/ifnet/tests/wpa_supplicant.conf @@ -752,15 +752,15 @@ network={ } -# IBSS/ad-hoc network with WPA-None/TKIP. +# IBSS/ad-hoc network with IBSS RSN. network={ ssid="test adhoc" mode=1 frequency=2412 - proto=WPA - key_mgmt=WPA-NONE - pairwise=NONE - group=TKIP + proto=RSN + key_mgmt=WPA-PSK + pairwise=CCMP + group=CCMP psk="secret passphrase" } diff --git a/src/supplicant-manager/nm-supplicant-config.c b/src/supplicant-manager/nm-supplicant-config.c index a8e4ab9..187118b 100644 --- a/src/supplicant-manager/nm-supplicant-config.c +++ b/src/supplicant-manager/nm-supplicant-config.c @@ -643,8 +643,7 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, } /* Only WPA-specific things when using WPA */ - if ( !strcmp (key_mgmt, "wpa-none") - || !strcmp (key_mgmt, "wpa-psk") + if ( !strcmp (key_mgmt, "wpa-psk") || !strcmp (key_mgmt, "wpa-eap")) { ADD_STRING_LIST_VAL (setting, wireless_security, proto, protos, "proto", ' ', TRUE, FALSE); ADD_STRING_LIST_VAL (setting, wireless_security, pairwise, pairwise, "pairwise", ' ', TRUE, FALSE); diff --git a/src/supplicant-manager/nm-supplicant-settings-verify.c b/src/supplicant-manager/nm-supplicant-settings-verify.c index 76de84d..d71ddf3 100644 --- a/src/supplicant-manager/nm-supplicant-settings-verify.c +++ b/src/supplicant-manager/nm-supplicant-settings-verify.c @@ -70,7 +70,7 @@ static const struct validate_entry validate_table[] = { const char * pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL }; const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL }; const char * proto_allowed[] = { "WPA", "RSN", NULL }; -const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-EAP", "IEEE8021X", "WPA-NONE", +const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-EAP", "IEEE8021X", "NONE", NULL }; const char * auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL }; const char * eap_allowed[] = { "LEAP", "MD5", "TLS", "PEAP", "TTLS", "SIM", diff --git a/src/wifi/wifi-utils-nl80211.c b/src/wifi/wifi-utils-nl80211.c index 663cbc2..17f7f72 100644 --- a/src/wifi/wifi-utils-nl80211.c +++ b/src/wifi/wifi-utils-nl80211.c @@ -684,6 +684,9 @@ static int nl80211_wiphy_info_handler (struct nl_msg *msg, void *arg) } } + if (tb[NL80211_ATTR_SUPPORT_IBSS_RSN]) + info->caps |= NM_WIFI_DEVICE_CAP_IBSS_RSN; + info->success = TRUE; return NL_SKIP; -- 1.7.10.4 _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list