2008-09-18 Dan Williams <dcbw@redhat.com>

* libnm-util/nm-setting-wireless.c
		- (nm_setting_wireless_ap_security_compatible): only verify pairwise and
			group ciphers if the wireless-security setting explicitly specified
			them, effectively making the default be "all ciphers"  (idea from
			Alexander Sack)



git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4076 4912f4e0-d625-0410-9fb7-b9a5a253dbdc

ChangeLog

@@ -1,3 +1,11 @@
+2008-09-18  Dan Williams  <dcbw@redhat.com>
+
+	* libnm-util/nm-setting-wireless.c
+		- (nm_setting_wireless_ap_security_compatible): only verify pairwise and
+			group ciphers if the wireless-security setting explicitly specified
+			them, effectively making the default be "all ciphers"  (idea from
+			Alexander Sack)
+
 2008-09-15  Dan Williams  <dcbw@redhat.com>
 
 	Patch from Alexander Sack <asac@ubuntu.com>

libnm-util/nm-setting-wireless.c

@@ -174,25 +174,33 @@ nm_setting_wireless_ap_security_compatible (NMSettingWireless *s_wireless,
 			    || !(ap_wpa & (NM_802_11_AP_SEC_GROUP_WEP40 | NM_802_11_AP_SEC_GROUP_WEP104)))
 				return FALSE;
 
-			/* Match at least one pairwise cipher with AP's capability */
+			/* Match at least one pairwise cipher with AP's capability if the
-			for (iter = s_wireless_sec->pairwise; iter; iter = g_slist_next (iter)) {
+			 * wireless-security setting explicitly lists pairwise ciphers
-				if ((found = match_cipher (iter->data, "wep40", ap_wpa, ap_wpa, NM_802_11_AP_SEC_PAIR_WEP40)))
+			 */
-					break;
+			if (s_wireless_sec->pairwise) {
-				if ((found = match_cipher (iter->data, "wep104", ap_wpa, ap_wpa, NM_802_11_AP_SEC_PAIR_WEP104)))
+				for (iter = s_wireless_sec->pairwise; iter; iter = g_slist_next (iter)) {
-					break;
+					if ((found = match_cipher (iter->data, "wep40", ap_wpa, ap_wpa, NM_802_11_AP_SEC_PAIR_WEP40)))
+						break;
+					if ((found = match_cipher (iter->data, "wep104", ap_wpa, ap_wpa, NM_802_11_AP_SEC_PAIR_WEP104)))
+						break;
+				}
+				if (!found)
+					return FALSE;
 			}
-			if (!found)
-				return FALSE;
 
-			/* Match at least one group cipher with AP's capability */
+			/* Match at least one group cipher with AP's capability if the
-			for (iter = s_wireless_sec->group; iter; iter = g_slist_next (iter)) {
+			 * wireless-security setting explicitly lists group ciphers
-				if ((found = match_cipher (iter->data, "wep40", ap_wpa, ap_wpa, NM_802_11_AP_SEC_GROUP_WEP40)))
+			 */
-					break;
+			if (s_wireless_sec->group) {
-				if ((found = match_cipher (iter->data, "wep104", ap_wpa, ap_wpa, NM_802_11_AP_SEC_GROUP_WEP104)))
+				for (iter = s_wireless_sec->group; iter; iter = g_slist_next (iter)) {
-					break;
+					if ((found = match_cipher (iter->data, "wep40", ap_wpa, ap_wpa, NM_802_11_AP_SEC_GROUP_WEP40)))
+						break;
+					if ((found = match_cipher (iter->data, "wep104", ap_wpa, ap_wpa, NM_802_11_AP_SEC_GROUP_WEP104)))
+						break;
+				}
+				if (!found)
+					return FALSE;
 			}
-			if (!found)
-				return FALSE;
 		}
 		return TRUE;
 	}
@@ -206,9 +214,6 @@ nm_setting_wireless_ap_security_compatible (NMSettingWireless *s_wireless,
 		if (!(ap_flags & NM_802_11_AP_FLAGS_PRIVACY))
 			return FALSE;
 
-		if (!s_wireless_sec->pairwise || !s_wireless_sec->group)
-			return FALSE;
-
 		if (!strcmp (s_wireless_sec->key_mgmt, "wpa-psk")) {
 			if (   !(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_PSK)
 			    && !(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_PSK))
@@ -223,29 +228,37 @@ nm_setting_wireless_ap_security_compatible (NMSettingWireless *s_wireless,
 		// if the Connection only uses WPA we don't match a cipher against
 		// the AP's RSN IE instead
 
-		/* Match at least one pairwise cipher with AP's capability */
+		/* Match at least one pairwise cipher with AP's capability if the
-		for (elt = s_wireless_sec->pairwise; elt; elt = g_slist_next (elt)) {
+		 * wireless-security setting explicitly lists pairwise ciphers
-			if ((found = match_cipher (elt->data, "tkip", ap_wpa, ap_rsn, NM_802_11_AP_SEC_PAIR_TKIP)))
+		 */
-				break;
+		if (s_wireless_sec->pairwise) {
-			if ((found = match_cipher (elt->data, "ccmp", ap_wpa, ap_rsn, NM_802_11_AP_SEC_PAIR_CCMP)))
+			for (elt = s_wireless_sec->pairwise; elt; elt = g_slist_next (elt)) {
-				break;
+				if ((found = match_cipher (elt->data, "tkip", ap_wpa, ap_rsn, NM_802_11_AP_SEC_PAIR_TKIP)))
+					break;
+				if ((found = match_cipher (elt->data, "ccmp", ap_wpa, ap_rsn, NM_802_11_AP_SEC_PAIR_CCMP)))
+					break;
+			}
+			if (!found)
+				return FALSE;
 		}
-		if (!found)
-			return FALSE;
 
-		/* Match at least one group cipher with AP's capability */
+		/* Match at least one group cipher with AP's capability if the
-		for (elt = s_wireless_sec->group; elt; elt = g_slist_next (elt)) {
+		 * wireless-security setting explicitly lists group ciphers
-			if ((found = match_cipher (elt->data, "wep40", ap_wpa, ap_rsn, NM_802_11_AP_SEC_GROUP_WEP40)))
+		 */
-				break;
+		if (s_wireless_sec->group) {
-			if ((found = match_cipher (elt->data, "wep104", ap_wpa, ap_rsn, NM_802_11_AP_SEC_GROUP_WEP104)))
+			for (elt = s_wireless_sec->group; elt; elt = g_slist_next (elt)) {
-				break;
+				if ((found = match_cipher (elt->data, "wep40", ap_wpa, ap_rsn, NM_802_11_AP_SEC_GROUP_WEP40)))
-			if ((found = match_cipher (elt->data, "tkip", ap_wpa, ap_rsn, NM_802_11_AP_SEC_GROUP_TKIP)))
+					break;
-				break;
+				if ((found = match_cipher (elt->data, "wep104", ap_wpa, ap_rsn, NM_802_11_AP_SEC_GROUP_WEP104)))
-			if ((found = match_cipher (elt->data, "ccmp", ap_wpa, ap_rsn, NM_802_11_AP_SEC_GROUP_CCMP)))
+					break;
-				break;
+				if ((found = match_cipher (elt->data, "tkip", ap_wpa, ap_rsn, NM_802_11_AP_SEC_GROUP_TKIP)))
+					break;
+				if ((found = match_cipher (elt->data, "ccmp", ap_wpa, ap_rsn, NM_802_11_AP_SEC_GROUP_CCMP)))
+					break;
+			}
+			if (!found)
+				return FALSE;
 		}
-		if (!found)
-			return FALSE;
 
 		return TRUE;
 	}