mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-11-22 06:29:23 +01:00
device: Support iwd.conf mfp settings
This adds support for iwd.conf 'ManagementFrameProtection' setting. This setting has the following semantics, with '1' being the default: 0 - MFP off, even if hardware is capable 1 - Use MFP if available 2 - MFP required. If the hardware is not capable, no connections will be possible. Use at your own risk.
This commit is contained in:
parent
3f3e60e415
commit
edfbd81ea2
58
src/device.c
58
src/device.c
@ -692,10 +692,12 @@ void device_connect_network(struct device *device, struct network *network,
|
|||||||
hs = handshake_state_new(netdev_get_ifindex(device->netdev));
|
hs = handshake_state_new(netdev_get_ifindex(device->netdev));
|
||||||
|
|
||||||
if (security == SECURITY_PSK || security == SECURITY_8021X) {
|
if (security == SECURITY_PSK || security == SECURITY_8021X) {
|
||||||
|
const struct l_settings *settings = iwd_get_config();
|
||||||
struct ie_rsn_info bss_info;
|
struct ie_rsn_info bss_info;
|
||||||
uint8_t rsne_buf[256];
|
uint8_t rsne_buf[256];
|
||||||
struct ie_rsn_info info;
|
struct ie_rsn_info info;
|
||||||
const char *ssid;
|
const char *ssid;
|
||||||
|
uint32_t mfp_setting;
|
||||||
|
|
||||||
memset(&info, 0, sizeof(info));
|
memset(&info, 0, sizeof(info));
|
||||||
|
|
||||||
@ -705,28 +707,54 @@ void device_connect_network(struct device *device, struct network *network,
|
|||||||
info.akm_suites = device_select_akm_suite(network, bss,
|
info.akm_suites = device_select_akm_suite(network, bss,
|
||||||
&bss_info);
|
&bss_info);
|
||||||
|
|
||||||
if (!info.akm_suites) {
|
if (!info.akm_suites)
|
||||||
l_dbus_send(dbus, dbus_error_not_supported(message));
|
goto not_supported;
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
info.pairwise_ciphers = wiphy_select_cipher(wiphy,
|
info.pairwise_ciphers = wiphy_select_cipher(wiphy,
|
||||||
bss_info.pairwise_ciphers);
|
bss_info.pairwise_ciphers);
|
||||||
info.group_cipher = wiphy_select_cipher(wiphy,
|
info.group_cipher = wiphy_select_cipher(wiphy,
|
||||||
bss_info.group_cipher);
|
bss_info.group_cipher);
|
||||||
info.group_management_cipher = wiphy_select_cipher(wiphy,
|
|
||||||
bss_info.group_management_cipher);
|
|
||||||
|
|
||||||
if (!info.pairwise_ciphers || !info.group_cipher) {
|
if (!info.pairwise_ciphers || !info.group_cipher)
|
||||||
l_dbus_send(dbus, dbus_error_not_supported(message));
|
goto not_supported;
|
||||||
return;
|
|
||||||
|
if (!l_settings_get_uint(settings, "General",
|
||||||
|
"ManagementFrameProtection", &mfp_setting))
|
||||||
|
mfp_setting = 1;
|
||||||
|
|
||||||
|
if (mfp_setting > 2) {
|
||||||
|
l_error("Invalid MFP value, using default of 1");
|
||||||
|
mfp_setting = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (info.group_management_cipher == 0 && bss_info.mfpr) {
|
switch (mfp_setting) {
|
||||||
l_dbus_send(dbus, dbus_error_not_supported(message));
|
case 0:
|
||||||
return;
|
break;
|
||||||
} else if (info.group_management_cipher != 0)
|
case 1:
|
||||||
|
info.group_management_cipher =
|
||||||
|
wiphy_select_cipher(wiphy,
|
||||||
|
bss_info.group_management_cipher);
|
||||||
|
info.mfpc = info.group_management_cipher != 0;
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
info.group_management_cipher =
|
||||||
|
wiphy_select_cipher(wiphy,
|
||||||
|
bss_info.group_management_cipher);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* MFP required on our side, but AP doesn't support MFP
|
||||||
|
* or cipher mismatch
|
||||||
|
*/
|
||||||
|
if (info.group_management_cipher == 0)
|
||||||
|
goto not_supported;
|
||||||
|
|
||||||
info.mfpc = true;
|
info.mfpc = true;
|
||||||
|
info.mfpr = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (bss_info.mfpr && !info.mfpc)
|
||||||
|
goto not_supported;
|
||||||
|
|
||||||
ssid = network_get_ssid(network);
|
ssid = network_get_ssid(network);
|
||||||
handshake_state_set_ssid(hs, (void *) ssid, strlen(ssid));
|
handshake_state_set_ssid(hs, (void *) ssid, strlen(ssid));
|
||||||
@ -792,6 +820,10 @@ void device_connect_network(struct device *device, struct network *network,
|
|||||||
IWD_DEVICE_INTERFACE, "ConnectedNetwork");
|
IWD_DEVICE_INTERFACE, "ConnectedNetwork");
|
||||||
l_dbus_property_changed(dbus, network_get_path(network),
|
l_dbus_property_changed(dbus, network_get_path(network),
|
||||||
IWD_NETWORK_INTERFACE, "Connected");
|
IWD_NETWORK_INTERFACE, "Connected");
|
||||||
|
return;
|
||||||
|
|
||||||
|
not_supported:
|
||||||
|
l_dbus_send(dbus, dbus_error_not_supported(message));
|
||||||
}
|
}
|
||||||
|
|
||||||
static void device_scan_triggered(int err, void *user_data)
|
static void device_scan_triggered(int err, void *user_data)
|
||||||
|
Loading…
Reference in New Issue
Block a user