wifi: merge branch 'owe-fixes'

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1259
2024-10-14 20:18:39 +00:00 · 2022-06-17 19:51:06 +02:00 · 2022-06-17 19:51:06 +02:00 · bffb753515
parent 81b4b87c59 02e35f5b20
commit bffb753515
4 changed files with 16 additions and 2 deletions
--- a/src/core/supplicant/nm-supplicant-config.c
+++ b/src/core/supplicant/nm-supplicant-config.c
@ -1088,6 +1088,14 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig
                    error))
                return FALSE;
        }
+
+        /* In case the connection is saved as OWE / Enhanced Open, prevent
+         * unencrypted downgrade
+         */
+        if (nm_streq(key_mgmt, "owe")) {
+            if (!nm_supplicant_config_add_option(self, "owe_only", "1", -1, NULL, error))
+                return FALSE;
+        }
    }

    /* WEP keys if required */
--- a/src/core/supplicant/nm-supplicant-settings-verify.c
+++ b/src/core/supplicant/nm-supplicant-settings-verify.c
@ -92,6 +92,7 @@ static const struct Opt opt_table[] = {
    OPT_BYTES("mka_cak", 65536),
    OPT_BYTES("mka_ckn", 65536),
    OPT_BYTES("nai", 0),
+    OPT_INT("owe_only", 0, 1),
    OPT_BYTES("pac_file", 0),
    OPT_KEYWORD("pairwise", NM_MAKE_STRV("CCMP", "TKIP", "GCMP-256", "NONE", )),
    OPT_UTF8("password", 0),
--- a/src/libnm-core-impl/nm-setting-wireless.c
+++ b/src/libnm-core-impl/nm-setting-wireless.c
@ -141,6 +141,10 @@ nm_setting_wireless_ap_security_compatible(NMSettingWireless         *s_wireless
    g_return_val_if_fail(NM_IS_SETTING_WIRELESS(s_wireless), FALSE);

    if (!s_wireless_sec) {
+        /* A OWE-TM network can be used w/o security */
+        if (ap_wpa == NM_802_11_AP_SEC_KEY_MGMT_OWE_TM
+            || (ap_rsn == NM_802_11_AP_SEC_KEY_MGMT_OWE_TM))
+            return TRUE;
        if ((ap_flags & NM_802_11_AP_FLAGS_PRIVACY) || (ap_wpa != NM_802_11_AP_SEC_NONE)
            || (ap_rsn != NM_802_11_AP_SEC_NONE))
            return FALSE;
--- a/src/nmcli/devices.c
+++ b/src/nmcli/devices.c
@ -1343,9 +1343,10 @@ fill_output_access_point(NMAccessPoint *ap, const APInfo *info)
        if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE) {
            g_string_append(security_str, "WPA3 ");
        }
-        if (NM_FLAGS_ANY(rsn_flags,
-                         NM_802_11_AP_SEC_KEY_MGMT_OWE | NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) {
+        if (NM_FLAGS_ANY(rsn_flags, NM_802_11_AP_SEC_KEY_MGMT_OWE)) {
            g_string_append(security_str, "OWE ");
+        } else if (NM_FLAGS_ANY(rsn_flags, NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) {
+            g_string_append(security_str, "OWE-TM ");
        }
        if ((wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)
            || (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) {