mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-11-29 13:59:24 +01:00
wiphy: add check for CMD_AUTH/CMD_ASSOC support
If the AP only supports an AKM which requires an auth protocol CMD_AUTHENTICATE/CMD_ASSOCIATE must be supported or else the auth protocol cannot be run. All the auth protocols are started assuming that the card supports these commands, but the support was never checked when parsing supported commands. This patch will prevent any fullMAC cards from using SAE/FILS/OWE. This was the same behavior as before, just an earlier failure path.
This commit is contained in:
parent
59a7f2e681
commit
6e8b765278
42
src/wiphy.c
42
src/wiphy.c
@ -86,6 +86,7 @@ struct wiphy {
|
|||||||
bool support_rekey_offload:1;
|
bool support_rekey_offload:1;
|
||||||
bool support_adhoc_rsn:1;
|
bool support_adhoc_rsn:1;
|
||||||
bool support_qos_set_map:1;
|
bool support_qos_set_map:1;
|
||||||
|
bool support_cmds_auth_assoc:1;
|
||||||
bool soft_rfkill : 1;
|
bool soft_rfkill : 1;
|
||||||
bool hard_rfkill : 1;
|
bool hard_rfkill : 1;
|
||||||
bool offchannel_tx_ok : 1;
|
bool offchannel_tx_ok : 1;
|
||||||
@ -328,16 +329,32 @@ bool wiphy_can_connect(struct wiphy *wiphy, struct scan_bss *bss)
|
|||||||
rsn_info.group_management_cipher))
|
rsn_info.group_management_cipher))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
|
||||||
|
switch (rsn_info.akm_suites) {
|
||||||
|
case IE_RSN_AKM_SUITE_SAE_SHA256:
|
||||||
|
case IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256:
|
||||||
/*
|
/*
|
||||||
* if the AP ONLY supports SAE/WPA3, then we can only connect
|
* if the AP ONLY supports SAE/WPA3, then we can only
|
||||||
* if the wiphy feature is supported. Otherwise the AP may list
|
* connect if the wiphy feature is supported. Otherwise
|
||||||
* SAE as one of the AKM's but also support PSK (hybrid). In
|
* the AP may list SAE as one of the AKM's but also
|
||||||
* this case we still want to allow a connection even if SAE
|
* support PSK (hybrid). In this case we still want to
|
||||||
* is not supported.
|
* allow a connection even if SAE is not supported.
|
||||||
*/
|
*/
|
||||||
if (IE_AKM_IS_SAE(rsn_info.akm_suites) &&
|
if (!wiphy_has_feature(wiphy, NL80211_FEATURE_SAE) ||
|
||||||
!wiphy_has_feature(wiphy, NL80211_FEATURE_SAE))
|
!wiphy->support_cmds_auth_assoc)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
break;
|
||||||
|
case IE_RSN_AKM_SUITE_OWE:
|
||||||
|
case IE_RSN_AKM_SUITE_FILS_SHA256:
|
||||||
|
case IE_RSN_AKM_SUITE_FILS_SHA384:
|
||||||
|
case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256:
|
||||||
|
case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384:
|
||||||
|
if (!wiphy->support_cmds_auth_assoc)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
} else if (r != -ENOENT)
|
} else if (r != -ENOENT)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
@ -614,6 +631,8 @@ static void parse_supported_commands(struct wiphy *wiphy,
|
|||||||
{
|
{
|
||||||
uint16_t type, len;
|
uint16_t type, len;
|
||||||
const void *data;
|
const void *data;
|
||||||
|
bool auth = false;
|
||||||
|
bool assoc = false;
|
||||||
|
|
||||||
while (l_genl_attr_next(attr, &type, &len, &data)) {
|
while (l_genl_attr_next(attr, &type, &len, &data)) {
|
||||||
uint32_t cmd = *(uint32_t *)data;
|
uint32_t cmd = *(uint32_t *)data;
|
||||||
@ -628,8 +647,17 @@ static void parse_supported_commands(struct wiphy *wiphy,
|
|||||||
case NL80211_CMD_SET_QOS_MAP:
|
case NL80211_CMD_SET_QOS_MAP:
|
||||||
wiphy->support_qos_set_map = true;
|
wiphy->support_qos_set_map = true;
|
||||||
break;
|
break;
|
||||||
|
case NL80211_CMD_AUTHENTICATE:
|
||||||
|
auth = true;
|
||||||
|
break;
|
||||||
|
case NL80211_CMD_ASSOCIATE:
|
||||||
|
assoc = true;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (auth && assoc)
|
||||||
|
wiphy->support_cmds_auth_assoc = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void parse_supported_ciphers(struct wiphy *wiphy, const void *data,
|
static void parse_supported_ciphers(struct wiphy *wiphy, const void *data,
|
||||||
|
Loading…
Reference in New Issue
Block a user