colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libnm: merge branch 'th/utils-security-valid'

Browse Source 
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/382
This commit is contained in:
Thomas Haller
2020-01-08 10:14:15 +01:00
parent fa144b5ae9 4e9119c52e
commit 6da9e06508
1 changed files with 87 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

184
libnm-core/nm-utils.c
View File

@@ -1122,7 +1122,12 @@ nm_utils_ap_mode_security_valid (NMUtilsSecurityType type,
case NMU_SEC_SAE: case NMU_SEC_SAE:
case NMU_SEC_OWE: case NMU_SEC_OWE:
return TRUE; return TRUE;
default: case NMU_SEC_LEAP:
case NMU_SEC_DYNAMIC_WEP:
case NMU_SEC_WPA_ENTERPRISE:
case NMU_SEC_WPA2_ENTERPRISE:
return FALSE;
case NMU_SEC_INVALID:
break; break;
} }
return FALSE; return FALSE;
@@ -1161,48 +1166,46 @@ nm_utils_security_valid (NMUtilsSecurityType type,
NM80211ApSecurityFlags ap_wpa, NM80211ApSecurityFlags ap_wpa,
NM80211ApSecurityFlags ap_rsn) NM80211ApSecurityFlags ap_rsn)
{ {
gboolean good = TRUE;
if (!have_ap) {
if (type == NMU_SEC_NONE)
return TRUE;
if ( (type == NMU_SEC_STATIC_WEP)
|| ((type == NMU_SEC_DYNAMIC_WEP) && !adhoc)
|| ((type == NMU_SEC_LEAP) && !adhoc)) {
if (wifi_caps & (NM_WIFI_DEVICE_CAP_CIPHER_WEP40 | NM_WIFI_DEVICE_CAP_CIPHER_WEP104))
return TRUE;
else
return FALSE;
}
}
switch (type) { switch (type) {
case NMU_SEC_NONE: case NMU_SEC_NONE:
g_assert (have_ap); if (!have_ap)
return TRUE;
if (ap_flags & NM_802_11_AP_FLAGS_PRIVACY) if (ap_flags & NM_802_11_AP_FLAGS_PRIVACY)
return FALSE; return FALSE;
if (ap_wpa || ap_rsn) if ( ap_wpa
|| ap_rsn)
return FALSE; return FALSE;
break; return TRUE;
case NMU_SEC_LEAP: /* require PRIVACY bit for LEAP? */ case NMU_SEC_LEAP: /* require PRIVACY bit for LEAP? */
if (adhoc) if (adhoc)
return FALSE; return FALSE;
/* fall through */ /* fall through */
case NMU_SEC_STATIC_WEP: case NMU_SEC_STATIC_WEP:
g_assert (have_ap); if (!have_ap) {
if (wifi_caps & (NM_WIFI_DEVICE_CAP_CIPHER_WEP40 | NM_WIFI_DEVICE_CAP_CIPHER_WEP104))
return TRUE;
return FALSE;
}
if (!(ap_flags & NM_802_11_AP_FLAGS_PRIVACY)) if (!(ap_flags & NM_802_11_AP_FLAGS_PRIVACY))
return FALSE; return FALSE;
if (ap_wpa || ap_rsn) { if ( ap_wpa
if (!device_supports_ap_ciphers (wifi_caps, ap_wpa, TRUE)) || ap_rsn) {
if (!device_supports_ap_ciphers (wifi_caps, ap_wpa, TRUE)) {
if (!device_supports_ap_ciphers (wifi_caps, ap_rsn, TRUE)) if (!device_supports_ap_ciphers (wifi_caps, ap_rsn, TRUE))
return FALSE; return FALSE;
}
} }
break; return TRUE;
case NMU_SEC_DYNAMIC_WEP: case NMU_SEC_DYNAMIC_WEP:
if (adhoc) if (adhoc)
return FALSE; return FALSE;
g_assert (have_ap); if (!have_ap) {
if (ap_rsn || !(ap_flags & NM_802_11_AP_FLAGS_PRIVACY)) if (wifi_caps & (NM_WIFI_DEVICE_CAP_CIPHER_WEP40 | NM_WIFI_DEVICE_CAP_CIPHER_WEP104))
return TRUE;
return FALSE;
}
if ( ap_rsn
|| !(ap_flags & NM_802_11_AP_FLAGS_PRIVACY))
return FALSE; return FALSE;
/* Some APs broadcast minimal WPA-enabled beacons that must be handled */ /* Some APs broadcast minimal WPA-enabled beacons that must be handled */
if (ap_wpa) { if (ap_wpa) {
@@ -1211,112 +1214,99 @@ nm_utils_security_valid (NMUtilsSecurityType type,
if (!device_supports_ap_ciphers (wifi_caps, ap_wpa, FALSE)) if (!device_supports_ap_ciphers (wifi_caps, ap_wpa, FALSE))
return FALSE; return FALSE;
} }
break; return TRUE;
case NMU_SEC_WPA_PSK: case NMU_SEC_WPA_PSK:
if (adhoc) if (adhoc)
return FALSE; return FALSE;
if (!(wifi_caps & NM_WIFI_DEVICE_CAP_WPA)) if (!(wifi_caps & NM_WIFI_DEVICE_CAP_WPA))
return FALSE; return FALSE;
if (have_ap) { if (!have_ap)
if (ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_PSK) { return TRUE;
if ( (ap_wpa & NM_802_11_AP_SEC_PAIR_TKIP) if (ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_PSK) {
&& (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_TKIP)) if ( (ap_wpa & NM_802_11_AP_SEC_PAIR_TKIP)
return TRUE; && (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_TKIP))
if ( (ap_wpa & NM_802_11_AP_SEC_PAIR_CCMP) return TRUE;
&& (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP)) if ( (ap_wpa & NM_802_11_AP_SEC_PAIR_CCMP)
return TRUE; && (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP))
} return TRUE;
return FALSE;
} }
break; return FALSE;
case NMU_SEC_WPA2_PSK: case NMU_SEC_WPA2_PSK:
if (!(wifi_caps & NM_WIFI_DEVICE_CAP_RSN)) if (!(wifi_caps & NM_WIFI_DEVICE_CAP_RSN))
return FALSE; return FALSE;
if (have_ap) { if (!have_ap)
if (adhoc) { return TRUE;
if (!(wifi_caps & NM_WIFI_DEVICE_CAP_IBSS_RSN)) if (adhoc) {
return FALSE; if (!(wifi_caps & NM_WIFI_DEVICE_CAP_IBSS_RSN))
if ( (ap_rsn & NM_802_11_AP_SEC_PAIR_CCMP) return FALSE;
&& (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP)) if ( (ap_rsn & NM_802_11_AP_SEC_PAIR_CCMP)
return TRUE; && (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP))
} else { return TRUE;
if (ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_PSK) {
if ( (ap_rsn & NM_802_11_AP_SEC_PAIR_TKIP)
&& (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_TKIP))
return TRUE;
if ( (ap_rsn & NM_802_11_AP_SEC_PAIR_CCMP)
&& (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP))
return TRUE;
}
}
return FALSE; return FALSE;
} }
break; if (ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_PSK) {
if ( (ap_rsn & NM_802_11_AP_SEC_PAIR_TKIP)
&& (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_TKIP))
return TRUE;
if ( (ap_rsn & NM_802_11_AP_SEC_PAIR_CCMP)
&& (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP))
return TRUE;
}
return FALSE;
case NMU_SEC_WPA_ENTERPRISE: case NMU_SEC_WPA_ENTERPRISE:
if (adhoc) if (adhoc)
return FALSE; return FALSE;
if (!(wifi_caps & NM_WIFI_DEVICE_CAP_WPA)) if (!(wifi_caps & NM_WIFI_DEVICE_CAP_WPA))
return FALSE; return FALSE;
if (have_ap) { if (!have_ap)
if (!(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) return TRUE;
return FALSE; if (!(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_802_1X))
/* Ensure at least one WPA cipher is supported */ return FALSE;
if (!device_supports_ap_ciphers (wifi_caps, ap_wpa, FALSE)) /* Ensure at least one WPA cipher is supported */
return FALSE; if (!device_supports_ap_ciphers (wifi_caps, ap_wpa, FALSE))
} return FALSE;
break; return TRUE;
case NMU_SEC_WPA2_ENTERPRISE: case NMU_SEC_WPA2_ENTERPRISE:
if (adhoc) if (adhoc)
return FALSE; return FALSE;
if (!(wifi_caps & NM_WIFI_DEVICE_CAP_RSN)) if (!(wifi_caps & NM_WIFI_DEVICE_CAP_RSN))
return FALSE; return FALSE;
if (have_ap) { if (!have_ap)
if (!(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) return TRUE;
return FALSE; if (!(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_802_1X))
/* Ensure at least one WPA cipher is supported */ return FALSE;
if (!device_supports_ap_ciphers (wifi_caps, ap_rsn, FALSE)) /* Ensure at least one WPA cipher is supported */
return FALSE; if (!device_supports_ap_ciphers (wifi_caps, ap_rsn, FALSE))
} return FALSE;
break; return TRUE;
case NMU_SEC_SAE: case NMU_SEC_SAE:
if (!(wifi_caps & NM_WIFI_DEVICE_CAP_RSN)) if (!(wifi_caps & NM_WIFI_DEVICE_CAP_RSN))
return FALSE; return FALSE;
if (have_ap) { if (adhoc)
if (adhoc) {
if (!(wifi_caps & NM_WIFI_DEVICE_CAP_IBSS_RSN))
return FALSE;
if ( (ap_rsn & NM_802_11_AP_SEC_PAIR_CCMP)
&& (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP))
return TRUE;
} else {
if (ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_SAE) {
if ( (ap_rsn & NM_802_11_AP_SEC_PAIR_TKIP)
&& (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_TKIP))
return TRUE;
if ( (ap_rsn & NM_802_11_AP_SEC_PAIR_CCMP)
&& (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP))
return TRUE;
}
}
return FALSE; return FALSE;
if (!have_ap)
return TRUE;
if (ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_SAE) {
if ( (ap_rsn & NM_802_11_AP_SEC_PAIR_CCMP)
&& (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP))
return TRUE;
} }
break; return FALSE;
case NMU_SEC_OWE: case NMU_SEC_OWE:
if (adhoc) if (adhoc)
return FALSE; return FALSE;
if (!(wifi_caps & NM_WIFI_DEVICE_CAP_RSN)) if (!(wifi_caps & NM_WIFI_DEVICE_CAP_RSN))
return FALSE; return FALSE;
if (have_ap) { if (!have_ap)
if (!(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_OWE)) return TRUE;
return FALSE; if (!(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_OWE))
} return FALSE;
break; return TRUE;
default: case NMU_SEC_INVALID:
good = FALSE;
break; break;
} }
return good; return FALSE;
} }
/** /**