Re: [PATCH] wifi: enable WPA-*-SHA256 AKMs only when the supplicant supports them
On 2018/01/18 05:52, Masashi Honma wrote: > On 2018/01/18 02:06, Beniamino Galvani wrote: >> Commit 87ec5e90fe79 ("supplicant: set key_mgmt independent of pmf >> value") enabled WPA-PSK-SHA256 or WPA-EAP-SHA256 even when the >> supplicant didn't support them, potentially causing connection >> failures. Instead, use the 'pmf' capability to detect when they can >> be enabled. >> >> Fixes: 87ec5e90fe79fcb2ac315cf1604e757dcab60bb9 >> --- >> >> Hi, >> >> this patch fixes regressions discovered after the merge of FILS >> patches by our nightly CI that runs on CentOS where wpa_supplicant is >> compiled without 802.11w support. >> >> This patch fixes those regression. Comments welcome. > Hi, > > I am sorry for regression... > > Though indeed using pmf capability works, I think using key_mgmt > capability is better. I will try this at this week end. By watching wpa_supplicant code, the pmf capability exists if and only if WPA-PSK-SHA256 and WPA-EAP-SHA256 exists. So your patch looks nice to me. Thanks ! Masashi Honma. ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [PATCH] wifi: enable WPA-*-SHA256 AKMs only when the supplicant supports them
On 2018/01/18 02:06, Beniamino Galvani wrote: > Commit 87ec5e90fe79 ("supplicant: set key_mgmt independent of pmf > value") enabled WPA-PSK-SHA256 or WPA-EAP-SHA256 even when the > supplicant didn't support them, potentially causing connection > failures. Instead, use the 'pmf' capability to detect when they can > be enabled. > > Fixes: 87ec5e90fe79fcb2ac315cf1604e757dcab60bb9 > --- > > Hi, > > this patch fixes regressions discovered after the merge of FILS > patches by our nightly CI that runs on CentOS where wpa_supplicant is > compiled without 802.11w support. > > This patch fixes those regression. Comments welcome. Hi, I am sorry for regression... Though indeed using pmf capability works, I think using key_mgmt capability is better. I will try this at this week end. Masashi Honma. ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
[PATCH v3 6/6] supplicant: enable FILS only when wpa_supplicant supports it
Signed-off-by: Masashi Honma --- src/devices/wifi/nm-device-wifi.c| 14 ++ src/supplicant/nm-supplicant-interface.c | 33 +++- src/supplicant/nm-supplicant-interface.h | 8 +++- src/supplicant/nm-supplicant-manager.c | 15 +-- 4 files changed, 66 insertions(+), 4 deletions(-) diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c index 6d6c271..979f309 100644 --- a/src/devices/wifi/nm-device-wifi.c +++ b/src/devices/wifi/nm-device-wifi.c @@ -2467,6 +2467,20 @@ build_supplicant_config (NMDeviceWifi *self, if (!NM_IN_STRSET (nm_setting_wireless_security_get_key_mgmt (s_wireless_sec), "wpa-eap")) fils = NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE; + /* Check if we actually support FILS */ + if (nm_supplicant_interface_get_fils_support (priv->sup_iface) != NM_SUPPLICANT_FEATURE_YES) { + if (fils == NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED) { + g_set_error_literal (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, +"Supplicant does not support FILS"); + goto error; + } else if (fils == NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL) { + /* To be on the safe side, assume no support if we can't determine +* capabilities. +*/ + fils = NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE; + } + } + s_8021x = nm_connection_get_setting_802_1x (connection); if (!nm_supplicant_config_add_setting_wireless_security (config, s_wireless_sec, diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c index 5d33628..7f251bf 100644 --- a/src/supplicant/nm-supplicant-interface.c +++ b/src/supplicant/nm-supplicant-interface.c @@ -93,6 +93,7 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMSupplicantInterface, PROP_FAST_SUPPORT, PROP_AP_SUPPORT, PROP_PMF_SUPPORT, + PROP_FILS_SUPPORT, ); typedef struct { @@ -102,6 +103,7 @@ typedef struct { NMSupplicantFeature fast_support; NMSupplicantFeature ap_support; /* Lightweight AP mode support */ NMSupplicantFeature pmf_support; + NMSupplicantFeature fils_support; guint32max_scan_ssids; guint32ready_count; @@ -565,6 +567,12 @@ nm_supplicant_interface_get_pmf_support (NMSupplicantInterface *self) return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->pmf_support; } +NMSupplicantFeature +nm_supplicant_interface_get_fils_support (NMSupplicantInterface *self) +{ + return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->fils_support; +} + void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self, NMSupplicantFeature ap_support) @@ -596,6 +604,15 @@ nm_supplicant_interface_set_pmf_support (NMSupplicantInterface *self, priv->pmf_support = pmf_support; } +void +nm_supplicant_interface_set_fils_support (NMSupplicantInterface *self, + NMSupplicantFeature fils_support) +{ + NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self); + + priv->fils_support = fils_support; +} + /*/ static void @@ -1898,6 +1915,10 @@ set_property (GObject *object, /* construct-only */ priv->pmf_support = g_value_get_int (value); break; + case PROP_FILS_SUPPORT: + /* construct-only */ + priv->fils_support = g_value_get_int (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -1918,7 +1939,8 @@ nm_supplicant_interface_new (const char *ifname, NMSupplicantDriver driver, NMSupplicantFeature fast_support, NMSupplicantFeature ap_support, - NMSupplicantFeature pmf_support) + NMSupplicantFeature pmf_support, + NMSupplicantFeature fils_support) { g_return_val_if_fail (ifname != NULL, NULL); @@ -1928,6 +1950,7 @@ nm_supplicant_interface_new (const char *ifname, NM_SUPPLICANT_INTERFACE_FAST_SUPPORT, (int) fast_support, NM_SUPPLICANT_INTERFACE_AP_SUPPORT, (int) ap_support, NM_SUPPLI
[PATCH v3 4/6] ifcfg-rh/tests: add Wi-Fi FILS test
Signed-off-by: Masashi Honma --- src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c index 70b762c..40c5404 100644 --- a/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c +++ b/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c @@ -6276,7 +6276,9 @@ test_write_wifi_wpa_eap_tls (void) s_wsec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); nm_connection_add_setting (connection, NM_SETTING (s_wsec)); - g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", NULL); + g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", + NM_SETTING_WIRELESS_SECURITY_FILS, (int) NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED, + NULL); nm_setting_wireless_security_add_proto (s_wsec, "wpa"); nm_setting_wireless_security_add_pairwise (s_wsec, "tkip"); nm_setting_wireless_security_add_group (s_wsec, "tkip"); -- 2.7.4 ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
[PATCH v3 5/6] cli: add support for FILS
Signed-off-by: Masashi Honma --- clients/common/nm-meta-setting-desc.c | 8 1 file changed, 8 insertions(+) diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c index a028c9a..3faadd7 100644 --- a/clients/common/nm-meta-setting-desc.c +++ b/clients/common/nm-meta-setting-desc.c @@ -7391,6 +7391,14 @@ static const NMMetaPropertyInfo *const property_infos_WIRELESS_SECURITY[] = { ), ), ), + PROPERTY_INFO_WITH_DESC (NM_SETTING_WIRELESS_SECURITY_FILS, + .property_type =&_pt_gobject_enum, + .property_typ_data = DEFINE_PROPERTY_TYP_DATA ( + PROPERTY_TYP_DATA_SUBTYPE (gobject_enum, + .get_gtype = nm_setting_wireless_security_fils_get_type, + ), + ), + ), NULL }; -- 2.7.4 ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
[PATCH v3 3/6] supplicant/tests: add FILS test
Signed-off-by: Masashi Honma --- src/supplicant/tests/test-supplicant-config.c | 53 --- 1 file changed, 48 insertions(+), 5 deletions(-) diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c index 9420860..3f43046 100644 --- a/src/supplicant/tests/test-supplicant-config.c +++ b/src/supplicant/tests/test-supplicant-config.c @@ -401,7 +401,7 @@ test_wifi_wpa_psk_types (void) } static NMConnection * -generate_wifi_eap_connection (const char *id, GBytes *ssid, const char *bssid_str) +generate_wifi_eap_connection (const char *id, GBytes *ssid, const char *bssid_str, NMSettingWirelessSecurityFils fils) { NMConnection *connection = NULL; NMSettingWirelessSecurity *s_wsec; @@ -416,6 +416,7 @@ generate_wifi_eap_connection (const char *id, GBytes *ssid, const char *bssid_st nm_connection_add_setting (connection, NM_SETTING (s_wsec)); g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", + NM_SETTING_WIRELESS_SECURITY_FILS, (int) fils, NULL); nm_setting_wireless_security_add_proto (s_wsec, "wpa"); nm_setting_wireless_security_add_proto (s_wsec, "rsn"); @@ -449,13 +450,13 @@ test_wifi_eap_locked_bssid (void) const char *bssid_str = "11:22:33:44:55:66"; guint32 mtu = 1100; - connection = generate_wifi_eap_connection ("Test Wifi EAP-TLS Locked", ssid, bssid_str); + connection = generate_wifi_eap_connection ("Test Wifi EAP-TLS Locked", ssid, bssid_str, NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL); NMTST_EXPECT_NM_INFO ("Config: added 'ssid' value 'Test SSID'*"); NMTST_EXPECT_NM_INFO ("Config: added 'scan_ssid' value '1'*"); NMTST_EXPECT_NM_INFO ("Config: added 'bssid' value '11:22:33:44:55:66'*"); NMTST_EXPECT_NM_INFO ("Config: added 'freq_list' value *"); - NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'WPA-EAP WPA-EAP-SHA256'"); + NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'WPA-EAP WPA-EAP-SHA256 FILS-SHA256 FILS-SHA384'"); NMTST_EXPECT_NM_INFO ("Config: added 'proto' value 'WPA RSN'"); NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'"); NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'"); @@ -471,7 +472,7 @@ test_wifi_eap_locked_bssid (void) validate_opt ("wifi-eap", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1)); validate_opt ("wifi-eap", config_dict, "ssid", TYPE_BYTES, ssid); validate_opt ("wifi-eap", config_dict, "bssid", TYPE_KEYWORD, bssid_str); - validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP WPA-EAP-SHA256"); + validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP WPA-EAP-SHA256 FILS-SHA256 FILS-SHA384"); validate_opt ("wifi-eap", config_dict, "eap", TYPE_KEYWORD, "TLS"); validate_opt ("wifi-eap", config_dict, "proto", TYPE_KEYWORD, "WPA RSN"); validate_opt ("wifi-eap", config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP"); @@ -490,7 +491,48 @@ test_wifi_eap_unlocked_bssid (void) gs_unref_bytes GBytes *bgscan = g_bytes_new (bgscan_data, strlen (bgscan_data)); guint32 mtu = 1100; - connection = generate_wifi_eap_connection ("Test Wifi EAP-TLS Unlocked", ssid, NULL); + connection = generate_wifi_eap_connection ("Test Wifi EAP-TLS Unlocked", ssid, NULL, NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED); + + NMTST_EXPECT_NM_INFO ("Config: added 'ssid' value 'Test SSID'*"); + NMTST_EXPECT_NM_INFO ("Config: added 'scan_ssid' value '1'*"); + NMTST_EXPECT_NM_INFO ("Config: added 'freq_list' value *"); + NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'FILS-SHA256 FILS-SHA384'"); + NMTST_EXPECT_NM_INFO ("Config: added 'proto' value 'WPA RSN'"); + NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'"); + NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'"); + NMTST_EXPECT_NM_INFO ("Config: added 'eap' value 'TLS'"); + NMTST_EXPECT_NM_INFO ("Config: adde
[PATCH v3 2/6] wifi: add support for FILS
The FILS(Fast Initial Link Setup) is a specification defined by IEEE 802.11ai to speed up roaming. This patch adds support of it. I have tested with these cases. +-+-++ | STA |AP || |FILS | key-mgmt| result | +-+-++ | 1 | WPA-EAP | O| +-+-++ | 1 | WPA-EAP-SHA256 | O| +-+-++ | 1 | FILS-SHA256 | X| +-+-++ | 1 | FILS-SHA384 | X| +-+-++ | 1 | WPA-EAP WPA-EAP-SHA256 | O| | | FILS-SHA256 FILS-SHA384 | WPA-EAP-SHA256 | +-+-++ | 2 | WPA-EAP | O| +-+-++ | 2 | WPA-EAP-SHA256 | O| +-+-++ | 2 | FILS-SHA256 | O| +-+-++ | 2 | FILS-SHA384 | O| +-+-++ | 2 | WPA-EAP WPA-EAP-SHA256 | O| | | FILS-SHA256 FILS-SHA384 | FILS-SHA384| +-+-++ | 3 | WPA-EAP | X| +-+-++ | 3 | WPA-EAP-SHA256 | X| +-+-++ | 3 | FILS-SHA256 | O| +-+-++ | 3 | FILS-SHA384 | O| +-+-++ | 3 | WPA-EAP WPA-EAP-SHA256 | O| | | FILS-SHA256 FILS-SHA384 | FILS-SHA384| +-+-++ Signed-off-by: Masashi Honma --- clients/common/settings-docs.h.in | 1 + libnm-core/nm-setting-wireless-security.c | 57 ++ libnm-core/nm-setting-wireless-security.h | 26 ++ libnm/libnm.ver| 2 + man/NetworkManager.conf.xml| 5 ++ src/devices/wifi/nm-device-wifi.c | 18 +++ src/devices/wifi/nm-wifi-ap.c | 4 +- .../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 7 +++ .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 7 +++ src/supplicant/nm-supplicant-config.c | 13 - src/supplicant/nm-supplicant-config.h | 1 + src/supplicant/nm-supplicant-settings-verify.c | 1 + src/supplicant/tests/test-supplicant-config.c | 2 + 13 files changed, 142 insertions(+), 2 deletions(-) diff --git a/clients/common/settings-docs.h.in b/clients/common/settings-docs.h.in index a53c230..4a295a4 100644 --- a/clients/common/settings-docs.h.in +++ b/clients/common/settings-docs.h.in @@ -22,6 +22,7 @@ #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SSID N_("SSID of the Wi-Fi network. Must be specified.") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_TX_POWER N_("If non-zero, directs the device to use the specified transmit power. Units are dBm. This property is highly driver dependent and not all devices support setting a static transmit power.") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_AUTH_ALG N_("When WEP is used (ie, key-mgmt = \"none\" or \"ieee8021x\") indicate the 802.11 authentication algorithm required by the AP here. One of \"open\" for Open System, \"shared\" for Shared Key, or \"leap\" for Cisco LEAP. When using Cisco LEAP (ie, key-mgmt = \"ieee8021x\" and auth-alg = \"leap\") the \"leap-username\" and \"leap-password\" properties must be specified.") +#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_FILS N_("Indicates whether Fast Initial Link Setup (802.11ai) must be enabled for the connection. One of NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (0) (use global default value), NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE (1) (disable FILS), NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL (2) (enable FILS if the supplicant and the access point support it) or NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED (3) (enable FILS and fail if not supported). When set to NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (0) and no global default is set, FILS will be optionally enabled.") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_GROUP N_("A list of group/broadcast encryption algorithms which prevents connections to Wi-Fi networks that do not utilize one of the algorithms in the list. For maximum compatibility leave this property empty. Each list ele
[PATCH v3 1/6] supplicant: set key_mgmt independent of pmf value
Previouslly, the value of ieee80211w and key_mgmt field in wpa_supplicant.conf was defined by the value of pmf. NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE ieee80211w=0 key_mgmt=wpa-eap NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL ieee80211w=1 key_mgmt=wpa-eap wpa-eap-sha256 NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED ieee80211w=2 key_mgmt=wpa-eap-sha256 Though these works, these does not include whole combinations. The key_mgmt could be set independent of ieee80211w value. For example, management frame protection could be used with wpa-eap. ieee80211w=2 key_mgmt=wpa-eap And wpa-eap-sha256 could be used without management frame protection. ieee80211w=0 key_mgmt=wpa-eap-sha256 So this patch uses always key_mgmt=wpa-psk wpa-psk-sha256 or key_mgmt=wpa-eap wpa-eap-sha256. By this setting, when AP supports both, stronger algorithm will be chosen (ex. when AP supports both wpa-eap and wpa-eap-sha256, wpa-eap-sha256 will be chosen). Signed-off-by: Masashi Honma --- src/supplicant/nm-supplicant-config.c | 16 +- src/supplicant/tests/test-supplicant-config.c | 32 +++ 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 5650e64..e51e8ba 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -744,17 +744,11 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, g_return_val_if_fail (!error || !*error, FALSE); key_mgmt = key_mgmt_conf = nm_setting_wireless_security_get_key_mgmt (setting); - if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL) { - if (nm_streq (key_mgmt_conf, "wpa-psk")) - key_mgmt_conf = "wpa-psk wpa-psk-sha256"; - else if (nm_streq (key_mgmt_conf, "wpa-eap")) - key_mgmt_conf = "wpa-eap wpa-eap-sha256"; - } else if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED) { - if (nm_streq (key_mgmt_conf, "wpa-psk")) - key_mgmt_conf = "wpa-psk-sha256"; - else if (nm_streq (key_mgmt_conf, "wpa-eap")) - key_mgmt_conf = "wpa-eap-sha256"; - } + if (nm_streq (key_mgmt, "wpa-psk")) + key_mgmt_conf = "wpa-psk wpa-psk-sha256"; + else if (nm_streq (key_mgmt, "wpa-eap")) + key_mgmt_conf = "wpa-eap wpa-eap-sha256"; + if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL, error)) return FALSE; diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c index 258ced6..f85c137 100644 --- a/src/supplicant/tests/test-supplicant-config.c +++ b/src/supplicant/tests/test-supplicant-config.c @@ -307,7 +307,8 @@ test_wifi_wpa_psk (const char *detail, OptType key_type, const char *key_data, const unsigned char *expected, - size_t expected_size) + size_t expected_size, + NMSettingWirelessSecurityPmf pmf) { gs_unref_object NMConnection *connection = NULL; gs_unref_variant GVariant *config_dict = NULL; @@ -327,7 +328,7 @@ test_wifi_wpa_psk (const char *detail, g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NM_SETTING_WIRELESS_SECURITY_PSK, key_data, - NM_SETTING_WIRELESS_SECURITY_PMF, (int) NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL, + NM_SETTING_WIRELESS_SECURITY_PMF, (int) pmf, NULL); nm_setting_wireless_security_add_proto (s_wsec, "wpa"); nm_setting_wireless_security_add_proto (s_wsec, "rsn"); @@ -349,7 +350,16 @@ test_wifi_wpa_psk (const char *detail, NMTST_EXPECT_NM_INFO ("Config: added 'proto' value 'WPA RSN'"); NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'"); NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'"); - NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '1'"); + switch (pmf) { + case NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL: + NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '1'"); + break; + case NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED: + NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '2'"); + break; + default: + break; + } config_dict = build_supplicant_config (connection, 1
Re: [PATCH v2 1/7] supplicant: set key_mgmt independent of pmf value
On 2018/01/16 00:56, Thomas Haller wrote: > On Mon, 2018-01-15 at 15:46 +0100, Beniamino Galvani wrote: >> On Sun, Jan 14, 2018 at 09:33:50AM +0900, Masashi Honma wrote: >>> Previouslly, the value of ieee80211w and key_mgmt field in >>> wpa_supplicant.conf was defined by the value of pmf. >>> >>> NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE >>> ieee80211w=0 >>> key_mgmt=wpa-eap >>> NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL >>> ieee80211w=1 >>> key_mgmt=wpa-eap wpa-eap-sha256 >>> NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED >>> ieee80211w=2 >>> key_mgmt=wpa-eap-sha256 >>> >>> Though these works, these does not include whole combinations. >>> The key_mgmt could be set independent of ieee80211w value. >>> For example, management frame protection could be used with >>> wpa-eap. >>> ieee80211w=2 >>> key_mgmt=wpa-eap >>> >>> And wpa-eap-sha256 could be used without management frame >>> protection. >>> ieee80211w=0 >>> key_mgmt=wpa-eap-sha256 >>> >>> So this patch uses always key_mgmt=wpa-psk wpa-psk-sha256 or >>> key_mgmt=wpa-eap wpa-eap-sha256. By this setting, when AP >>> supports both, stronger algorithm will be chosen (ex. when AP >>> supports both wpa-eap and wpa-eap-sha256, wpa-eap-sha256 will be >>> chosen). >> >> Hi, >> >> the series now looks very good to me, thanks! >> > > hi, > > me too, only minor complains. > Great work! > > could you adjust the remaining points? > > Thank you, > Thomas > Thanks, Beniamino and Thomas ! I will send fixed patches soon. Masashi Honma. signature.asc Description: OpenPGP digital signature ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
[PATCH v2 6/7] cli: add support for FILS
Signed-off-by: Masashi Honma --- clients/common/nm-meta-setting-desc.c | 8 clients/common/settings-docs.h.in | 1 + 2 files changed, 9 insertions(+) diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c index a028c9a..3faadd7 100644 --- a/clients/common/nm-meta-setting-desc.c +++ b/clients/common/nm-meta-setting-desc.c @@ -7391,6 +7391,14 @@ static const NMMetaPropertyInfo *const property_infos_WIRELESS_SECURITY[] = { ), ), ), + PROPERTY_INFO_WITH_DESC (NM_SETTING_WIRELESS_SECURITY_FILS, + .property_type =&_pt_gobject_enum, + .property_typ_data = DEFINE_PROPERTY_TYP_DATA ( + PROPERTY_TYP_DATA_SUBTYPE (gobject_enum, + .get_gtype = nm_setting_wireless_security_fils_get_type, + ), + ), + ), NULL }; diff --git a/clients/common/settings-docs.h.in b/clients/common/settings-docs.h.in index a53c230..4a295a4 100644 --- a/clients/common/settings-docs.h.in +++ b/clients/common/settings-docs.h.in @@ -22,6 +22,7 @@ #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SSID N_("SSID of the Wi-Fi network. Must be specified.") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_TX_POWER N_("If non-zero, directs the device to use the specified transmit power. Units are dBm. This property is highly driver dependent and not all devices support setting a static transmit power.") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_AUTH_ALG N_("When WEP is used (ie, key-mgmt = \"none\" or \"ieee8021x\") indicate the 802.11 authentication algorithm required by the AP here. One of \"open\" for Open System, \"shared\" for Shared Key, or \"leap\" for Cisco LEAP. When using Cisco LEAP (ie, key-mgmt = \"ieee8021x\" and auth-alg = \"leap\") the \"leap-username\" and \"leap-password\" properties must be specified.") +#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_FILS N_("Indicates whether Fast Initial Link Setup (802.11ai) must be enabled for the connection. One of NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (0) (use global default value), NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE (1) (disable FILS), NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL (2) (enable FILS if the supplicant and the access point support it) or NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED (3) (enable FILS and fail if not supported). When set to NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (0) and no global default is set, FILS will be optionally enabled.") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_GROUP N_("A list of group/broadcast encryption algorithms which prevents connections to Wi-Fi networks that do not utilize one of the algorithms in the list. For maximum compatibility leave this property empty. Each list element may be one of \"wep40\", \"wep104\", \"tkip\", or \"ccmp\".") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_KEY_MGMT N_("Key management used for the connection. One of \"none\" (WEP), \"ieee8021x\" (Dynamic WEP), \"wpa-none\" (Ad-Hoc WPA-PSK), \"wpa-psk\" (infrastructure WPA-PSK), or \"wpa-eap\" (WPA-Enterprise). This property must be set for any Wi-Fi connection that uses security.") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD N_("The login password for legacy LEAP connections (ie, key-mgmt = \"ieee8021x\" and auth-alg = \"leap\").") -- 2.7.4 ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
[PATCH v2 7/7] supplicant: enable FILS only when wpa_supplicant supports it
Signed-off-by: Masashi Honma --- src/devices/wifi/nm-device-wifi.c| 14 ++ src/supplicant/nm-supplicant-interface.c | 33 +++- src/supplicant/nm-supplicant-interface.h | 8 +++- src/supplicant/nm-supplicant-manager.c | 15 +-- 4 files changed, 66 insertions(+), 4 deletions(-) diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c index e3593dc..7fad75c 100644 --- a/src/devices/wifi/nm-device-wifi.c +++ b/src/devices/wifi/nm-device-wifi.c @@ -2467,6 +2467,20 @@ build_supplicant_config (NMDeviceWifi *self, if (!NM_IN_STRSET (nm_setting_wireless_security_get_key_mgmt (s_wireless_sec), "wpa-eap")) fils = NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE; + /* Check if we actually support FILS */ + if (nm_supplicant_interface_get_fils_support (priv->sup_iface) != NM_SUPPLICANT_FEATURE_YES) { + if (fils == NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED) { + g_set_error_literal (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, +"Supplicant does not support FILS"); + goto error; + } else if (fils == NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL) { + /* To be on the safe side, assume no support if we can't determine +* capabilities. +*/ + fils = NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE; + } + } + s_8021x = nm_connection_get_setting_802_1x (connection); if (!nm_supplicant_config_add_setting_wireless_security (config, s_wireless_sec, diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c index 5d33628..7f251bf 100644 --- a/src/supplicant/nm-supplicant-interface.c +++ b/src/supplicant/nm-supplicant-interface.c @@ -93,6 +93,7 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMSupplicantInterface, PROP_FAST_SUPPORT, PROP_AP_SUPPORT, PROP_PMF_SUPPORT, + PROP_FILS_SUPPORT, ); typedef struct { @@ -102,6 +103,7 @@ typedef struct { NMSupplicantFeature fast_support; NMSupplicantFeature ap_support; /* Lightweight AP mode support */ NMSupplicantFeature pmf_support; + NMSupplicantFeature fils_support; guint32max_scan_ssids; guint32ready_count; @@ -565,6 +567,12 @@ nm_supplicant_interface_get_pmf_support (NMSupplicantInterface *self) return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->pmf_support; } +NMSupplicantFeature +nm_supplicant_interface_get_fils_support (NMSupplicantInterface *self) +{ + return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->fils_support; +} + void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self, NMSupplicantFeature ap_support) @@ -596,6 +604,15 @@ nm_supplicant_interface_set_pmf_support (NMSupplicantInterface *self, priv->pmf_support = pmf_support; } +void +nm_supplicant_interface_set_fils_support (NMSupplicantInterface *self, + NMSupplicantFeature fils_support) +{ + NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self); + + priv->fils_support = fils_support; +} + /*/ static void @@ -1898,6 +1915,10 @@ set_property (GObject *object, /* construct-only */ priv->pmf_support = g_value_get_int (value); break; + case PROP_FILS_SUPPORT: + /* construct-only */ + priv->fils_support = g_value_get_int (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -1918,7 +1939,8 @@ nm_supplicant_interface_new (const char *ifname, NMSupplicantDriver driver, NMSupplicantFeature fast_support, NMSupplicantFeature ap_support, - NMSupplicantFeature pmf_support) + NMSupplicantFeature pmf_support, + NMSupplicantFeature fils_support) { g_return_val_if_fail (ifname != NULL, NULL); @@ -1928,6 +1950,7 @@ nm_supplicant_interface_new (const char *ifname, NM_SUPPLICANT_INTERFACE_FAST_SUPPORT, (int) fast_support, NM_SUPPLICANT_INTERFACE_AP_SUPPORT, (int) ap_support, NM_SUPPLI
[PATCH v2 3/7] wifi: add support for FILS
The FILS(Fast Initial Link Setup) is a specification defined by IEEE 802.11ai to speed up roaming. This patch adds support of it. I have tested with these cases. +-+-++ | STA |AP || |FILS | key-mgmt| result | +-+-++ | 1 | WPA-EAP | O| +-+-++ | 1 | WPA-EAP-SHA256 | O| +-+-++ | 1 | FILS-SHA256 | X| +-+-++ | 1 | FILS-SHA384 | X| +-+-++ | 1 | WPA-EAP WPA-EAP-SHA256 | O| | | FILS-SHA256 FILS-SHA384 | WPA-EAP-SHA256 | +-+-++ | 2 | WPA-EAP | O| +-+-++ | 2 | WPA-EAP-SHA256 | O| +-+-++ | 2 | FILS-SHA256 | O| +-+-++ | 2 | FILS-SHA384 | O| +-+-++ | 2 | WPA-EAP WPA-EAP-SHA256 | O| | | FILS-SHA256 FILS-SHA384 | FILS-SHA384| +-+-++ | 3 | WPA-EAP | X| +-+-++ | 3 | WPA-EAP-SHA256 | X| +-+-++ | 3 | FILS-SHA256 | O| +-+-++ | 3 | FILS-SHA384 | O| +-+-++ | 3 | WPA-EAP WPA-EAP-SHA256 | O| | | FILS-SHA256 FILS-SHA384 | FILS-SHA384| +-+-++ Signed-off-by: Masashi Honma --- libnm-core/nm-setting-wireless-security.c | 57 ++ libnm-core/nm-setting-wireless-security.h | 26 ++ libnm/libnm.ver| 2 + man/NetworkManager.conf.xml| 5 ++ src/devices/wifi/nm-device-wifi.c | 18 +++ src/devices/wifi/nm-wifi-ap.c | 4 +- .../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 7 +++ .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 7 +++ src/supplicant/nm-supplicant-config.c | 13 - src/supplicant/nm-supplicant-config.h | 1 + src/supplicant/nm-supplicant-settings-verify.c | 1 + src/supplicant/tests/test-supplicant-config.c | 2 + 12 files changed, 141 insertions(+), 2 deletions(-) diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c index de77a49..31e386f 100644 --- a/libnm-core/nm-setting-wireless-security.c +++ b/libnm-core/nm-setting-wireless-security.c @@ -87,6 +87,9 @@ typedef struct { /* WPS */ NMSettingWirelessSecurityWpsMethod wps_method; + + /* FILS */ + NMSettingWirelessSecurityFils fils; } NMSettingWirelessSecurityPrivate; enum { @@ -110,6 +113,7 @@ enum { PROP_LEAP_PASSWORD, PROP_LEAP_PASSWORD_FLAGS, PROP_WPS_METHOD, + PROP_FILS, LAST_PROP }; @@ -814,6 +818,22 @@ nm_setting_wireless_security_get_wps_method (NMSettingWirelessSecurity *setting) return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->wps_method; } +/* + * nm_setting_wireless_security_get_fils: + * @setting: the #NMSettingWirelessSecurity + * + * Returns: the #NMSettingWirelessSecurity:fils property of the setting + * + * Since: 1.12 + **/ +NMSettingWirelessSecurityFils +nm_setting_wireless_security_get_fils (NMSettingWirelessSecurity *setting) +{ + g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), 0); + + return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->fils; +} + static GPtrArray * need_secrets (NMSetting *setting) { @@ -1327,6 +1347,9 @@ set_property (GObject *object, guint prop_id, case PROP_WPS_METHOD: priv->wps_method = g_value_get_uint (value); break; + case PROP_FILS: + priv->fils = g_value_get_int (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -1398,6 +1421,9 @@ get_property (GObject *object, guint prop_id, case PROP_WPS_METHOD: g_value_set_uint (value, priv->wps_method); break; + case PROP_FILS: + g_value_set_int (value, nm_setting_wireless_security_get_fils (setting)); + break; default: G_OBJECT_WARN_INVALID_PROP
[PATCH v2 5/7] ifcfg-rh/tests: add Wi-Fi FILS test
Signed-off-by: Masashi Honma --- src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c index 70b762c..40c5404 100644 --- a/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c +++ b/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c @@ -6276,7 +6276,9 @@ test_write_wifi_wpa_eap_tls (void) s_wsec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); nm_connection_add_setting (connection, NM_SETTING (s_wsec)); - g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", NULL); + g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", + NM_SETTING_WIRELESS_SECURITY_FILS, (int) NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED, + NULL); nm_setting_wireless_security_add_proto (s_wsec, "wpa"); nm_setting_wireless_security_add_pairwise (s_wsec, "tkip"); nm_setting_wireless_security_add_group (s_wsec, "tkip"); -- 2.7.4 ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
[PATCH v2 2/7] supplicant/tests: modify PMF test
Signed-off-by: Masashi Honma --- src/supplicant/tests/test-supplicant-config.c | 32 +++ 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c index 258ced6..f85c137 100644 --- a/src/supplicant/tests/test-supplicant-config.c +++ b/src/supplicant/tests/test-supplicant-config.c @@ -307,7 +307,8 @@ test_wifi_wpa_psk (const char *detail, OptType key_type, const char *key_data, const unsigned char *expected, - size_t expected_size) + size_t expected_size, + NMSettingWirelessSecurityPmf pmf) { gs_unref_object NMConnection *connection = NULL; gs_unref_variant GVariant *config_dict = NULL; @@ -327,7 +328,7 @@ test_wifi_wpa_psk (const char *detail, g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NM_SETTING_WIRELESS_SECURITY_PSK, key_data, - NM_SETTING_WIRELESS_SECURITY_PMF, (int) NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL, + NM_SETTING_WIRELESS_SECURITY_PMF, (int) pmf, NULL); nm_setting_wireless_security_add_proto (s_wsec, "wpa"); nm_setting_wireless_security_add_proto (s_wsec, "rsn"); @@ -349,7 +350,16 @@ test_wifi_wpa_psk (const char *detail, NMTST_EXPECT_NM_INFO ("Config: added 'proto' value 'WPA RSN'"); NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'"); NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'"); - NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '1'"); + switch (pmf) { + case NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL: + NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '1'"); + break; + case NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED: + NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '2'"); + break; + default: + break; + } config_dict = build_supplicant_config (connection, 1500, 0); g_test_assert_expected_messages (); @@ -380,8 +390,12 @@ test_wifi_wpa_psk_types (void) 0x6c, 0x2f, 0x11, 0x60, 0x5a, 0x16, 0x08, 0x93 }; const char *key2 = "r34lly l33t wp4 p4ssphr4s3 for t3st1ng"; - test_wifi_wpa_psk ("wifi-wpa-psk-hex", TYPE_BYTES, key1, key1_expected, sizeof (key1_expected)); - test_wifi_wpa_psk ("wifi-wep-psk-passphrase", TYPE_STRING, key2, (gconstpointer) key2, strlen (key2)); + test_wifi_wpa_psk ("wifi-wpa-psk-hex", TYPE_BYTES, key1, key1_expected, + sizeof (key1_expected), NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL); + test_wifi_wpa_psk ("wifi-wep-psk-passphrase", TYPE_STRING, key2, + (gconstpointer) key2, strlen (key2), NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED); + test_wifi_wpa_psk ("pmf-disabled", TYPE_STRING, key2, + (gconstpointer) key2, strlen (key2), NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE); } static NMConnection * @@ -439,7 +453,7 @@ test_wifi_eap_locked_bssid (void) NMTST_EXPECT_NM_INFO ("Config: added 'scan_ssid' value '1'*"); NMTST_EXPECT_NM_INFO ("Config: added 'bssid' value '11:22:33:44:55:66'*"); NMTST_EXPECT_NM_INFO ("Config: added 'freq_list' value *"); - NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'WPA-EAP'"); + NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'WPA-EAP WPA-EAP-SHA256'"); NMTST_EXPECT_NM_INFO ("Config: added 'proto' value 'WPA RSN'"); NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'"); NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'"); @@ -455,7 +469,7 @@ test_wifi_eap_locked_bssid (void) validate_opt ("wifi-eap", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1)); validate_opt ("wifi-eap", config_dict, "ssid", TYPE_BYTES, ssid); validate_opt ("wifi-eap", config_dict, "bssid", TYPE_KEYWORD, bssid_str); - validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP"); + validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYW
[PATCH v2 4/7] supplicant/tests: add FILS test
Signed-off-by: Masashi Honma --- src/supplicant/tests/test-supplicant-config.c | 53 --- 1 file changed, 48 insertions(+), 5 deletions(-) diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c index 9420860..3f43046 100644 --- a/src/supplicant/tests/test-supplicant-config.c +++ b/src/supplicant/tests/test-supplicant-config.c @@ -401,7 +401,7 @@ test_wifi_wpa_psk_types (void) } static NMConnection * -generate_wifi_eap_connection (const char *id, GBytes *ssid, const char *bssid_str) +generate_wifi_eap_connection (const char *id, GBytes *ssid, const char *bssid_str, NMSettingWirelessSecurityFils fils) { NMConnection *connection = NULL; NMSettingWirelessSecurity *s_wsec; @@ -416,6 +416,7 @@ generate_wifi_eap_connection (const char *id, GBytes *ssid, const char *bssid_st nm_connection_add_setting (connection, NM_SETTING (s_wsec)); g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", + NM_SETTING_WIRELESS_SECURITY_FILS, (int) fils, NULL); nm_setting_wireless_security_add_proto (s_wsec, "wpa"); nm_setting_wireless_security_add_proto (s_wsec, "rsn"); @@ -449,13 +450,13 @@ test_wifi_eap_locked_bssid (void) const char *bssid_str = "11:22:33:44:55:66"; guint32 mtu = 1100; - connection = generate_wifi_eap_connection ("Test Wifi EAP-TLS Locked", ssid, bssid_str); + connection = generate_wifi_eap_connection ("Test Wifi EAP-TLS Locked", ssid, bssid_str, NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL); NMTST_EXPECT_NM_INFO ("Config: added 'ssid' value 'Test SSID'*"); NMTST_EXPECT_NM_INFO ("Config: added 'scan_ssid' value '1'*"); NMTST_EXPECT_NM_INFO ("Config: added 'bssid' value '11:22:33:44:55:66'*"); NMTST_EXPECT_NM_INFO ("Config: added 'freq_list' value *"); - NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'WPA-EAP WPA-EAP-SHA256'"); + NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'WPA-EAP WPA-EAP-SHA256 FILS-SHA256 FILS-SHA384'"); NMTST_EXPECT_NM_INFO ("Config: added 'proto' value 'WPA RSN'"); NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'"); NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'"); @@ -471,7 +472,7 @@ test_wifi_eap_locked_bssid (void) validate_opt ("wifi-eap", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1)); validate_opt ("wifi-eap", config_dict, "ssid", TYPE_BYTES, ssid); validate_opt ("wifi-eap", config_dict, "bssid", TYPE_KEYWORD, bssid_str); - validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP WPA-EAP-SHA256"); + validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP WPA-EAP-SHA256 FILS-SHA256 FILS-SHA384"); validate_opt ("wifi-eap", config_dict, "eap", TYPE_KEYWORD, "TLS"); validate_opt ("wifi-eap", config_dict, "proto", TYPE_KEYWORD, "WPA RSN"); validate_opt ("wifi-eap", config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP"); @@ -490,7 +491,48 @@ test_wifi_eap_unlocked_bssid (void) gs_unref_bytes GBytes *bgscan = g_bytes_new (bgscan_data, strlen (bgscan_data)); guint32 mtu = 1100; - connection = generate_wifi_eap_connection ("Test Wifi EAP-TLS Unlocked", ssid, NULL); + connection = generate_wifi_eap_connection ("Test Wifi EAP-TLS Unlocked", ssid, NULL, NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED); + + NMTST_EXPECT_NM_INFO ("Config: added 'ssid' value 'Test SSID'*"); + NMTST_EXPECT_NM_INFO ("Config: added 'scan_ssid' value '1'*"); + NMTST_EXPECT_NM_INFO ("Config: added 'freq_list' value *"); + NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'FILS-SHA256 FILS-SHA384'"); + NMTST_EXPECT_NM_INFO ("Config: added 'proto' value 'WPA RSN'"); + NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'"); + NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'"); + NMTST_EXPECT_NM_INFO ("Config: added 'eap' value 'TLS'"); + NMTST_EXPECT_NM_INFO ("Config: adde
[PATCH v2 1/7] supplicant: set key_mgmt independent of pmf value
Previouslly, the value of ieee80211w and key_mgmt field in wpa_supplicant.conf was defined by the value of pmf. NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE ieee80211w=0 key_mgmt=wpa-eap NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL ieee80211w=1 key_mgmt=wpa-eap wpa-eap-sha256 NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED ieee80211w=2 key_mgmt=wpa-eap-sha256 Though these works, these does not include whole combinations. The key_mgmt could be set independent of ieee80211w value. For example, management frame protection could be used with wpa-eap. ieee80211w=2 key_mgmt=wpa-eap And wpa-eap-sha256 could be used without management frame protection. ieee80211w=0 key_mgmt=wpa-eap-sha256 So this patch uses always key_mgmt=wpa-psk wpa-psk-sha256 or key_mgmt=wpa-eap wpa-eap-sha256. By this setting, when AP supports both, stronger algorithm will be chosen (ex. when AP supports both wpa-eap and wpa-eap-sha256, wpa-eap-sha256 will be chosen). Signed-off-by: Masashi Honma --- src/supplicant/nm-supplicant-config.c | 16 +--- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 5650e64..e51e8ba 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -744,17 +744,11 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, g_return_val_if_fail (!error || !*error, FALSE); key_mgmt = key_mgmt_conf = nm_setting_wireless_security_get_key_mgmt (setting); - if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL) { - if (nm_streq (key_mgmt_conf, "wpa-psk")) - key_mgmt_conf = "wpa-psk wpa-psk-sha256"; - else if (nm_streq (key_mgmt_conf, "wpa-eap")) - key_mgmt_conf = "wpa-eap wpa-eap-sha256"; - } else if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED) { - if (nm_streq (key_mgmt_conf, "wpa-psk")) - key_mgmt_conf = "wpa-psk-sha256"; - else if (nm_streq (key_mgmt_conf, "wpa-eap")) - key_mgmt_conf = "wpa-eap-sha256"; - } + if (nm_streq (key_mgmt, "wpa-psk")) + key_mgmt_conf = "wpa-psk wpa-psk-sha256"; + else if (nm_streq (key_mgmt, "wpa-eap")) + key_mgmt_conf = "wpa-eap wpa-eap-sha256"; + if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL, error)) return FALSE; -- 2.7.4 ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [PATCH 1/4] wifi: add support for FILS
On 2018/01/04 17:58, Beniamino Galvani wrote: > nm-setting-wireless-security.c. At the bottom there is the list of > properties and each property is documented. I got it, thanks ! Masashi Honma. ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [PATCH 1/4] wifi: add support for FILS
On 2018/01/03 22:39, Beniamino Galvani wrote: > Hi, > > please also update the documentation comment of the key-mgmt property > at the end of the file. Which file do you mean ? > > I have found little information about FILS, but I guess a valid use > case would be to optionally enable it by passing "key_mgmt=FILS-SHA256 > FILS-SHA384 WPA-EAP" to wpa_supplicant, so that the supplicant will > fall back to WPA-EAP if the AP doesn't support FILS. Do you think this > configuration is useful at all? If so, we shouldn't have a new > key-mgmt value 'wpa-fils' but perhaps we should add a new > wifi-sec.fils boolean (or tristate) property. Thanks, I will re-write and test these patches based on your idea. Masashi Honma. ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
[PATCH 1/4] wifi: add support for FILS
The FILS(Fast Initial Link Setup) is a specification defined by IEEE 802.11ai to speed up roaming. This patch adds support of it. I have tested with both FILS-SHA256 and FILS-SHA384 by PEAP. Signed-off-by: Masashi Honma --- libnm-core/nm-setting-wireless-security.c | 9 ++--- libnm-core/nm-setting-wireless.c| 5 +++-- src/devices/wifi/nm-wifi-ap.c | 6 -- src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 2 +- src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 3 +++ src/supplicant/nm-supplicant-config.c | 13 + src/supplicant/nm-supplicant-settings-verify.c | 1 + 7 files changed, 27 insertions(+), 12 deletions(-) diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c index de77a49..eea0581 100644 --- a/libnm-core/nm-setting-wireless-security.c +++ b/libnm-core/nm-setting-wireless-security.c @@ -868,7 +868,8 @@ need_secrets (NMSetting *setting) } if ( (strcmp (priv->key_mgmt, "ieee8021x") == 0) - || (strcmp (priv->key_mgmt, "wpa-eap") == 0)) { + || (strcmp (priv->key_mgmt, "wpa-eap") == 0) + || (strcmp (priv->key_mgmt, "wpa-fils") == 0)) { /* Let caller check the 802.1x setting for secrets */ goto no_secrets; } @@ -887,7 +888,8 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) { NMSettingWirelessSecurity *self = NM_SETTING_WIRELESS_SECURITY (setting); NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (self); - const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-none", "wpa-psk", "wpa-eap", NULL }; + const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-none", + "wpa-psk", "wpa-eap", "wpa-fils", NULL }; const char *valid_auth_algs[] = { "open", "shared", "leap", NULL }; const char *valid_protos[] = { "wpa", "rsn", NULL }; const char *valid_pairwise[] = { "tkip", "ccmp", NULL }; @@ -933,7 +935,8 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) } } else { if ( (strcmp (priv->key_mgmt, "ieee8021x") == 0) - || (strcmp (priv->key_mgmt, "wpa-eap") == 0)) { + || (strcmp (priv->key_mgmt, "wpa-eap") == 0) + || (strcmp (priv->key_mgmt, "wpa-fils") == 0)) { /* Need an 802.1x setting too */ if (connection && !nm_connection_get_setting_802_1x (connection)) { g_set_error (error, diff --git a/libnm-core/nm-setting-wireless.c b/libnm-core/nm-setting-wireless.c index 0a3915b..df5499d 100644 --- a/libnm-core/nm-setting-wireless.c +++ b/libnm-core/nm-setting-wireless.c @@ -229,13 +229,14 @@ nm_setting_wireless_ap_security_compatible (NMSettingWireless *s_wireless, /* WPA[2]-PSK and WPA[2] Enterprise */ if ( !strcmp (key_mgmt, "wpa-psk") - || !strcmp (key_mgmt, "wpa-eap")) { + || !strcmp (key_mgmt, "wpa-eap") + || !strcmp (key_mgmt, "wpa-fils")) { if (!strcmp (key_mgmt, "wpa-psk")) { if ( !(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_PSK) && !(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_PSK)) return FALSE; - } else if (!strcmp (key_mgmt, "wpa-eap")) { + } else { if ( !(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_802_1X) && !(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) return FALSE; diff --git a/src/devices/wifi/nm-wifi-ap.c b/src/devices/wifi/nm-wifi-ap.c index 603eb57..195cffa 100644 --- a/src/devices/wifi/nm-wifi-ap.c +++ b/src/devices/wifi/nm-wifi-ap.c @@ -415,7 +415,9 @@ security_from_vardict (GVariant *security) && array) { if (g_strv_contains (array, "wpa-psk")) flags |= NM_802_11_AP_SEC_KEY_MGMT_PSK; - if (g_strv_contains (array, "wpa-eap")) + if (g_strv_contains (array, "wpa-eap") || + g_strv_contains (array, "wpa-fils-sha256") || + g_strv_contains (array, "wpa-fils-sha384")) flags |= NM_802_11_AP_SEC_KEY_MGMT_802_1X; g_free (array); } @@ -1271,7 +1273,7 @@ nm_wifi_ap_new_fake_from_connection (NMConnection *conne
[PATCH 2/4] cli: add support for FILS
Signed-off-by: Masashi Honma --- clients/common/nm-meta-setting-desc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c index b2e8b9b..14c4876 100644 --- a/clients/common/nm-meta-setting-desc.c +++ b/clients/common/nm-meta-setting-desc.c @@ -7254,7 +7254,7 @@ static const NMMetaPropertyInfo *const property_infos_WIRELESS_SECURITY[] = { PROPERTY_INFO_WITH_DESC (NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, .property_type =&_pt_gobject_string, .property_typ_data = DEFINE_PROPERTY_TYP_DATA ( - .values_static =VALUES_STATIC ("none", "ieee8021x", "wpa-none", "wpa-psk", "wpa-eap"), + .values_static =VALUES_STATIC ("none", "ieee8021x", "wpa-none", "wpa-psk", "wpa-eap", "wpa-fils"), ), ), PROPERTY_INFO_WITH_DESC (NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX, -- 2.7.4 ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
[PATCH 4/4] ifcfg-rh/tests: add Wi-Fi FILS test
Signed-off-by: Masashi Honma --- Makefile.am| 1 + .../tests/network-scripts/ifcfg-test-wifi-wpa-fils | 24 +++ .../tests/network-scripts/keys-test-wifi-wpa-fils | 1 + .../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 78 ++ 4 files changed, 104 insertions(+) create mode 100644 src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-wpa-fils create mode 100644 src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wpa-fils diff --git a/Makefile.am b/Makefile.am index 8b442dc..c43dcaf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2248,6 +2248,7 @@ EXTRA_DIST += \ src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wep-passphrase \ src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wpa-eap-tls \ src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wpa-eap-ttls-tls \ + src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wpa-fils \ src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wpa-psk \ src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wpa-psk-2 \ src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wpa-psk-adhoc \ diff --git a/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-wpa-fils b/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-wpa-fils new file mode 100644 index 000..9593177 --- /dev/null +++ b/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-wpa-fils @@ -0,0 +1,24 @@ +# Intel Corporation 82540EP Gigabit Ethernet Controller (Mobile) +TYPE=Wireless +DEVICE=eth2 +HWADDR=00:16:41:11:22:33 +BOOTPROTO=dhcp +ONBOOT=yes +ONBOOT=yes +USERCTL=yes +IPV6INIT=no +NM_CONTROLLED=yes +PEERDNS=yes +ESSID=blahblah +MODE=Managed +RATE=auto +CIPHER_PAIRWISE="TKIP CCMP" +CIPHER_GROUP="TKIP CCMP WEP40 WEP104" +KEY_MGMT=WPA-FILS +WPA_ALLOW_WPA=yes +WPA_ALLOW_WPA2=yes +IEEE_8021X_EAP_METHODS=TLS +IEEE_8021X_IDENTITY="Bill Smith" +IEEE_8021X_CA_CERT=test_ca_cert.pem +IEEE_8021X_CLIENT_CERT=test1_key_and_cert.pem +IEEE_8021X_PRIVATE_KEY=test1_key_and_cert.pem diff --git a/src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wpa-fils b/src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wpa-fils new file mode 100644 index 000..788b7b8 --- /dev/null +++ b/src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wpa-fils @@ -0,0 +1 @@ +IEEE_8021X_PRIVATE_KEY_PASSWORD="test1" diff --git a/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c index 61a9b84..b708f9b 100644 --- a/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c +++ b/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c @@ -3149,6 +3149,7 @@ test_read_wifi_wpa_eap_tls (void) { NMConnection *connection; NMSettingWireless *s_wireless; + NMSettingWirelessSecurity *s_wsec; NMSettingIPConfig *s_ip4; NMSetting8021x *s_8021x; char *unmanaged = NULL; @@ -3163,6 +3164,12 @@ test_read_wifi_wpa_eap_tls (void) s_wireless = nm_connection_get_setting_wireless (connection); g_assert (s_wireless); + /* = WIRELESS SECURITY SETTING = */ + + s_wsec = nm_connection_get_setting_wireless_security (connection); + g_assert (s_wsec); + g_assert_cmpstr (nm_setting_wireless_security_get_key_mgmt (s_wsec), ==, "wpa-eap"); + /* = IPv4 SETTING = */ s_ip4 = nm_connection_get_setting_ip4_config (connection); @@ -3207,6 +3214,7 @@ test_read_wifi_wpa_eap_ttls_tls (void) { NMConnection *connection; NMSettingWireless *s_wireless; + NMSettingWirelessSecurity *s_wsec; NMSettingIPConfig *s_ip4; NMSetting8021x *s_8021x; char *unmanaged = NULL; @@ -3221,6 +3229,12 @@ test_read_wifi_wpa_eap_ttls_tls (void) s_wireless = nm_connection_get_setting_wireless (connection); g_assert (s_wireless); + /* = WIRELESS SECURITY SETTING = */ + + s_wsec = nm_connection_get_setting_wireless_security (connection); + g_assert (s_wsec); + g_assert_cmpstr (nm_setting_wireless_security_get_key_mgmt (s_wsec), ==, "wpa-eap"); + /* = IPv4 SETTING = */ s_ip4 = nm_connection_get_setting_ip4_config (connection); @@ -3268,6 +3282,69 @@ test_read_wifi_wpa_eap_ttls_tls (void) } static void +test_read_wifi_wpa_fils (void) +{ + NMConnection *connection; + NMSettingWireless *s_wireless; + NMSettingWirelessSecurity *s_wsec; + NMSettingIPConfig *s_ip4; + NMSetting8021x *s_8021x; + char *unmanaged = NULL; + const char *expected_privkey_password = "test1"; + + connection = _connection_from_file (TEST_IFCFG_DIR "/network-scripts/
[PATCH 0/4] add support for FILS
This series of patch adds support for FILS(Fast Initial Link Setup). The FILS is a specification defined by IEEE 802.11ai to speed up roaming. This patch requires latest wpa_supplicant which includes related patch. https://w1.fi/cgit/hostap/commit/?id=6240424a76b75da4e1fba8adc853f6e64e924715 This patch requires newer Linux kernel also. For example, I have tested with Fedora 26(Linux kernel 4.13.9-200). Any advice and suggestions will be appreciated because I am a beginner of NetworkManager! Masashi Honma (4): wifi: add support for FILS cli: add support for FILS supplicant/tests: add FILS test ifcfg-rh/tests: add Wi-Fi FILS test Makefile.am| 1 + clients/common/nm-meta-setting-desc.c | 2 +- libnm-core/nm-setting-wireless-security.c | 9 ++- libnm-core/nm-setting-wireless.c | 5 +- src/devices/wifi/nm-wifi-ap.c | 6 +- .../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 2 +- .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 3 + .../tests/network-scripts/ifcfg-test-wifi-wpa-fils | 24 +++ .../tests/network-scripts/keys-test-wifi-wpa-fils | 1 + .../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 78 ++ src/supplicant/nm-supplicant-config.c | 13 ++-- src/supplicant/nm-supplicant-settings-verify.c | 1 + src/supplicant/tests/test-supplicant-config.c | 50 -- 13 files changed, 178 insertions(+), 17 deletions(-) create mode 100644 src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-wpa-fils create mode 100644 src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wpa-fils -- 2.7.4 ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
[PATCH 3/4] supplicant/tests: add FILS test
Signed-off-by: Masashi Honma --- src/supplicant/tests/test-supplicant-config.c | 50 --- 1 file changed, 46 insertions(+), 4 deletions(-) diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c index 4b4a493..31d2b87 100644 --- a/src/supplicant/tests/test-supplicant-config.c +++ b/src/supplicant/tests/test-supplicant-config.c @@ -386,7 +386,7 @@ test_wifi_wpa_psk_types (void) } static NMConnection * -generate_wifi_eap_connection (const char *id, GBytes *ssid, const char *bssid_str) +generate_wifi_eap_connection (const char *id, GBytes *ssid, const char *bssid_str, const char *key_mgmt) { NMConnection *connection = NULL; NMSettingWirelessSecurity *s_wsec; @@ -400,7 +400,7 @@ generate_wifi_eap_connection (const char *id, GBytes *ssid, const char *bssid_st s_wsec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); nm_connection_add_setting (connection, NM_SETTING (s_wsec)); g_object_set (s_wsec, - NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", + NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, key_mgmt, NULL); nm_setting_wireless_security_add_proto (s_wsec, "wpa"); nm_setting_wireless_security_add_proto (s_wsec, "rsn"); @@ -434,7 +434,7 @@ test_wifi_eap_locked_bssid (void) const char *bssid_str = "11:22:33:44:55:66"; guint32 mtu = 1100; - connection = generate_wifi_eap_connection ("Test Wifi EAP-TLS Locked", ssid, bssid_str); + connection = generate_wifi_eap_connection ("Test Wifi EAP-TLS Locked", ssid, bssid_str, "wpa-eap"); EXPECT ("*added 'ssid' value 'Test SSID'*"); EXPECT ("*added 'scan_ssid' value '1'*"); @@ -475,7 +475,7 @@ test_wifi_eap_unlocked_bssid (void) gs_unref_bytes GBytes *bgscan = g_bytes_new (bgscan_data, strlen (bgscan_data)); guint32 mtu = 1100; - connection = generate_wifi_eap_connection ("Test Wifi EAP-TLS Unlocked", ssid, NULL); + connection = generate_wifi_eap_connection ("Test Wifi EAP-TLS Unlocked", ssid, NULL, "wpa-eap"); EXPECT ("*added 'ssid' value 'Test SSID'*"); EXPECT ("*added 'scan_ssid' value '1'*"); @@ -505,6 +505,47 @@ test_wifi_eap_unlocked_bssid (void) validate_opt ("wifi-eap", config_dict, "bgscan", TYPE_BYTES, bgscan); } +static void +test_wifi_fils (void) +{ + gs_unref_object NMConnection *connection = NULL; + gs_unref_variant GVariant *config_dict = NULL; + const unsigned char ssid_data[] = { 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x53, 0x49, 0x44 }; + gs_unref_bytes GBytes *ssid = g_bytes_new (ssid_data, sizeof (ssid_data)); + const char *bgscan_data = "simple:30:-65:300"; + gs_unref_bytes GBytes *bgscan = g_bytes_new (bgscan_data, strlen (bgscan_data)); + guint32 mtu = 1100; + + connection = generate_wifi_eap_connection ("Test Wifi FILS", ssid, NULL, "wpa-fils"); + + EXPECT ("*added 'ssid' value 'Test SSID'*"); + EXPECT ("*added 'scan_ssid' value '1'*"); + EXPECT ("*added 'freq_list' value *"); + EXPECT ("*added 'key_mgmt' value 'FILS-SHA256 FILS-SHA384'"); + EXPECT ("*added 'proto' value 'WPA RSN'"); + EXPECT ("*added 'pairwise' value 'TKIP CCMP'"); + EXPECT ("*added 'group' value 'TKIP CCMP'"); + EXPECT ("*Config: added 'eap' value 'TLS'"); + EXPECT ("*Config: added 'fragment_size' value '1086'"); + EXPECT ("* Config: added 'ca_cert' value '*/test-ca-cert.pem'"); + EXPECT ("* Config: added 'private_key' value '*/test-cert.p12'"); + EXPECT ("*Config: added 'proactive_key_caching' value '1'"); + EXPECT ("*Config: added 'bgscan' value 'simple:30:-65:300'"); + config_dict = build_supplicant_config (connection, mtu, 0); + g_test_assert_expected_messages (); + g_assert (config_dict); + + validate_opt ("wifi-fils", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1)); + validate_opt ("wifi-fils", config_dict, "ssid", TYPE_BYTES, ssid); + validate_opt ("wifi-fils", config_dict, "key_mgmt", TYPE_KEYWORD, "FILS-SHA256 FILS-SHA384"); + validate_opt ("wifi-fils", c
Re: [PATCH] main: Fix running with --run-from-build-dir
On 2017/11/10 07:38, Masashi Honma wrote: > Previously, NM failed to find out plugins with --run-from-build-dir option. > This patch fixes the issue. > > Signed-off-by: Masashi Honma I drop this patch because it does not work on Wi-Fi network. The plugins exists at other path. Masashi Honma. ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
[PATCH] main: Fix running with --run-from-build-dir
Previously, NM failed to find out plugins with --run-from-build-dir option. This patch fixes the issue. Signed-off-by: Masashi Honma --- src/main.c | 8 ++-- src/nm-manager.c | 10 ++ src/nm-manager.h | 1 + src/settings/nm-settings.c | 15 ++- src/settings/nm-settings.h | 2 ++ 5 files changed, 33 insertions(+), 3 deletions(-) diff --git a/src/main.c b/src/main.c index d59da05..8b5e533 100644 --- a/src/main.c +++ b/src/main.c @@ -198,7 +198,7 @@ do_early_setup (int *argc, char **argv[], NMConfigCmdLineOptions *config_cli) "PLATFORM,RFKILL,WIFI" }, { "g-fatal-warnings", 0, 0, G_OPTION_ARG_NONE, &global_opt.g_fatal_warnings, N_("Make all warnings fatal"), NULL }, { "pid-file", 'p', 0, G_OPTION_ARG_FILENAME, &global_opt.pidfile, N_("Specify the location of a PID file"), NM_DEFAULT_PID_FILE }, - { "run-from-build-dir", 0, 0, G_OPTION_ARG_NONE, &global_opt.run_from_build_dir, "Run from build directory", NULL }, + { "run-from-build-dir", 0, 0, G_OPTION_ARG_NONE, &global_opt.run_from_build_dir, "Run from build directory (Before using this option, disable AppArmor)", NULL }, { "print-config", 0, 0, G_OPTION_ARG_NONE, &global_opt.print_config, N_("Print NetworkManager configuration and exit"), NULL }, {NULL} }; @@ -227,6 +227,7 @@ main (int argc, char *argv[]) GError *error = NULL; gboolean wrote_pidfile = FALSE; char *bad_domains = NULL; + char *plugin_path = NULL; NMConfigCmdLineOptions *config_cli; guint sd_id = 0; @@ -282,7 +283,7 @@ main (int argc, char *argv[]) * the last three components */ path = realpath ("/proc/self/exe", NULL); g_assert (path != NULL); - for (g = 0; g < 3; ++g) { + for (g = 0; g < 2; ++g) { slash = strrchr (path, '/'); g_assert (slash != NULL); *slash = '\0'; @@ -291,6 +292,7 @@ main (int argc, char *argv[]) /* don't free these strings, we need them for the entire * process lifetime */ nm_dhcp_helper_path = g_strdup_printf ("%s/src/dhcp/nm-dhcp-helper", path); + plugin_path = g_strdup_printf ("%s/src/settings/plugins/ifupdown/.libs", path); g_free (path); } @@ -396,6 +398,8 @@ main (int argc, char *argv[]) nm_manager_setup (); + nm_manager_set_plugin_path(nm_manager_get (), plugin_path); + if (!nm_bus_manager_get_connection (nm_bus_manager_get ())) { nm_log_warn (LOGD_CORE, "Failed to connect to D-Bus; only private bus is available"); } else { diff --git a/src/nm-manager.c b/src/nm-manager.c index 3b2b486..146f88e 100644 --- a/src/nm-manager.c +++ b/src/nm-manager.c @@ -152,6 +152,7 @@ typedef struct { GSList *auth_chains; GHashTable *sleep_devices; + const char *plugin_path; /* Firmware dir monitor */ GFileMonitor *fw_monitor; @@ -5198,6 +5199,7 @@ nm_manager_start (NMManager *self, GError **error) gs_free NMSettingsConnection **connections = NULL; guint i; + nm_settings_set_plugin_path(priv->settings, priv->plugin_path); if (!nm_settings_start (priv->settings, error)) return FALSE; @@ -6069,6 +6071,14 @@ nm_manager_set_capability (NMManager *self, _notify (self, PROP_CAPABILITIES); } +void +nm_manager_set_plugin_path (NMManager *self, const char *plugin_path) +{ + NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self); + + priv->plugin_path = plugin_path; +} + /*/ NM_DEFINE_SINGLETON_REGISTER (NMManager); diff --git a/src/nm-manager.h b/src/nm-manager.h index 622edb5..8b661e7 100644 --- a/src/nm-manager.h +++ b/src/nm-manager.h @@ -125,6 +125,7 @@ gbooleannm_manager_deactivate_connection (NMManager *manager, GError **error); voidnm_manager_set_capability (NMManager *self, NMCapability cap); +voidnm_manager_set_plugin_path (NMManager *self, const char *plugin_path); NMDevice * nm_manager_get_device(NMManager *self, const char *ifname, diff --git a/src/settings/nm-settings.c b/src/settings/nm-settings.c index e2b467a..979c51e 100644 --- a/src/settings/nm-settings.c +++ b/src/settings/nm-settings.c @@ -154,6 +154,7 @@ typedef struct { NMHostnameManager *hostname_man
Re: How to start NetworkManager development
On 2017/11/06 19:17, Thomas Haller wrote: > Hi, > > I think, --run-from-build-dir is not used much (anybody?). > So, while it fixes the path to nm-dhcp-helper, there might be other > bugs with it, which nobody noticed, because usually we don't run NM > that way. I have tried to use --run-from-build-dir. But it does not work for me. So I made a patch. Could you review this ? Masashi Honma. ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to start NetworkManager development
On 2017/11/04 18:13, Thomas Haller wrote: > Hi, > > it's not clear why you would need that. > > When you build NM from source, you also build and install nm-dhcp- > helper (in libexecdir, whatever that directory is). And if you run > NetworkManager, it will spawn dhclient in a way that makes use of the > right nm-dhcp-helper. Because I'm not doing "make install". Masashi Honma. ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to start NetworkManager development
On 2017/11/01 17:10, Masashi Honma wrote: > The built NetworkManager looks not working on my environment(Ubuntu 16.04). > > I'm using commit be320e2be7a6bb8837abbe3a07981a261b1656c6. > > It stops with the message "dhclient started with pid 15852". > The ethernet interface could not be assinged an IPv4 address even though > it received DHCPv4 ACK (I watched it with wireshark). > > I have killed existing NetworkManager and mask it with "sudo systemctl mask > NetworkManager". > I have killed nm-applet. (This could occur even if the nm-applet is alive.) > > The full messages is below. > > Is there any idea ? I found the reason why the dhcpv4 fails. The execution of /usr/libexec/nm-dhcp-helper fails because the binary file is at the /usr/lib/NetworkManager/nm-dhcp-helper on Ubuntu 16.04. So I used --libexecdir=, then execution error solved but still dhcpv4 fails... ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libexecdir=/usr/lib/NetworkManager Now, I switched to Fedora 26 and it works ! Thanks. Masashi Honma. ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to start NetworkManager development
state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external') [1509522940.4947] manager: (virbr0): new Bridge device (/org/freedesktop/NetworkManager/Devices/3) [1509522940.4960] keyfile: add connection in-memory (d1fa76e1-c47b-48fc-a8ac-64c1fb9acd93,"virbr0") [1509522940.4971] device (virbr0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external') [1509522940.4973] device (virbr0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external') [1509522940.4981] device (virbr0): Activation: starting connection 'virbr0' (d1fa76e1-c47b-48fc-a8ac-64c1fb9acd93) [1509522940.4989] manager: (virbr0-nic): new Tun device (/org/freedesktop/NetworkManager/Devices/4) [1509522940.5020] device (virbr0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external') [1509522940.5025] device (enp2s0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'managed') [1509522940.5030] device (virbr0): state change: prepare -> config (reason 'none', sys-iface-state: 'external') [1509522940.5033] policy: auto-activating connection 'Wired connection 1' [1509522940.5037] device (virbr0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external') [1509522940.5057] device (virbr0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external') [1509522940.5064] device (enp2s0): Activation: starting connection 'Wired connection 1' (9309b806-36f1-3138-ac34-2b2271c1208a) [1509522940.5067] device (enp2s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') [1509522940.5068] manager: NetworkManager state is now CONNECTING [1509522940.5070] device (virbr0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external') [1509522940.5073] device (enp2s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') [1509522940.5076] device (virbr0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external') [1509522940.5504] device (virbr0): Activation: successful, device activated. [1509522940.5515] device (enp2s0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') [1509522940.5522] dhcp4 (enp2s0): activation: beginning transaction (timeout in 45 seconds) [1509522940.6180] dhcp4 (enp2s0): dhclient started with pid 15852 - Regards, Masashi Honma. ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to start NetworkManager development
On 2017/10/30 18:34, Thomas Haller wrote:> check https://wiki.gnome.org/Projects/NetworkManager/Hacking > > > You don't need to rebuild the applet, unless you have specific reasons > to do so. Either don't use the applet at all (nmcli), or just use the > one provided by your installation. Older client versions are compatible > with newer server versions, so, the applet provided by your > distribution will work, unless you want to work on a server version > that is older (which would be odd to do). > > > NetworkManager gets D-Bus activated. So, if you just `systemctl disable > NetworkManager` in order to start the version that you built on your > own, then it might be restarted again, and conflict. You could for > example `systemctl mask NetworkManager`. See `man systemctl`. > > > You can install NM in a separate path, and run it from the terminal > with --debug option, so that it doesn't fork to background. > > You could configure with > --prefix=/opt/test \ > --localstatedir=/var \ > --sysconfdir=/etc \ > > There is also --run-from-build-dir configure option, so you can run it > from the build directory. Thank you Thomas! I will try. Masashi Honma. ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
How to start NetworkManager development
I'm interested in NetworkManager development. Now I could build NetworkManager and start it by this command. # Then I stop the existing NetworkManager by service command. $ ./src/NetworkManager # I do not run "make install" because I do not want to over write existing NetworkManager installed with apt get(I'm on Ubuntu 16.04). And I think I should build network-manager-applet from this git also. git://git.gnome.org/network-manager-applet But before building the network-manager-applet, the existing network-manager-applet looks boot when I start the NetworkManager which I built. Could I use built NetworkManager and network-manager-applet without over writing existing them ? If it could, how to use it ? Regards, Masashi Honma. ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list