[PATCH 2/3 v3] Replace Ad-Hoc WPA-None support with IBSS RSN-PSK.



From: Nicolas Cavallari <cavallar lri fr>

This completely removes Ad-Hoc WPA-None support, as it is
not supported by the linux kernel since a long time,
have never been standardized and other vendors already
removed support for it since a long time.  The security
of the protocol is also comparable to WEP, especially
when used with TKIP.

Instead, the standard-compliant WPA2/RSN protocol
is used for IBSS/Ad-Hoc mode.  Compared to WPA-None,
this protocol uses the classical Four Way Handshake
for security association and features replay protection.

IBSS RSN-PSK requires wpa_supplicant 1.0 and a recent enough
kernel (best with >= 3.2, 3.0 is still fine)
wpa_supplicant only supports the CCMP cipher when
operating in Ad-Hoc mode; if another cipher is requested,
wpa_supplicant will use CCMP anyway).

IBSS RSN will only be used when mode=adhoc and key_mgmt=wpa-psk
and only if the device claims support for it via nl80211.

--
Please drop the previous patch, as it didn't compile with the
default -Werror=unused-variable flag.

please drop v2, as it was identical to v1, sorry for the noise.
---
 include/NetworkManager.h                           |    4 +-
 libnm-glib/nm-device-wifi.c                        |    3 +-
 libnm-util/nm-setting-wireless-security.c          |   49 +++++---------------
 libnm-util/nm-setting-wireless.c                   |   13 +++---
 libnm-util/nm-utils.c                              |   29 ++++--------
 src/nm-wifi-ap-utils.c                             |   47 +++++++------------
 src/nm-wifi-ap.c                                   |   43 +++++++----------
 src/settings/plugins/ifcfg-rh/reader.c             |   13 ++----
 src/settings/plugins/ifcfg-rh/writer.c             |    2 +-
 src/settings/plugins/ifnet/connection_parser.c     |   48 ++++++++-----------
 .../plugins/ifnet/tests/wpa_supplicant.conf        |   10 ++--
 src/supplicant-manager/nm-supplicant-config.c      |    3 +-
 .../nm-supplicant-settings-verify.c                |    2 +-
 src/wifi/wifi-utils-nl80211.c                      |    3 ++
 14 files changed, 101 insertions(+), 168 deletions(-)

diff --git a/include/NetworkManager.h b/include/NetworkManager.h
index bb67b8f..b35c097 100644
--- a/include/NetworkManager.h
+++ b/include/NetworkManager.h
@@ -155,6 +155,7 @@ typedef enum {
  * @NM_WIFI_DEVICE_CAP_WPA: device supports WPA1 authentication
  * @NM_WIFI_DEVICE_CAP_RSN: device supports WPA2/RSN authentication
  * @NM_WIFI_DEVICE_CAP_AP: device supports Access Point mode
+ * @NM_WIFI_DEVICE_CAP_IBSS_RSN: device supports WPA2/RSN in an IBSS network.
  *
  * 802.11 specific device encryption and authentication capabilities.
  **/
@@ -166,7 +167,8 @@ typedef enum {
 	NM_WIFI_DEVICE_CAP_CIPHER_CCMP   = 0x00000008,
 	NM_WIFI_DEVICE_CAP_WPA           = 0x00000010,
 	NM_WIFI_DEVICE_CAP_RSN           = 0x00000020,
-	NM_WIFI_DEVICE_CAP_AP            = 0x00000040
+	NM_WIFI_DEVICE_CAP_AP            = 0x00000040,
+	NM_WIFI_DEVICE_CAP_IBSS_RSN      = 0x00000080
 } NMDeviceWifiCapabilities;
 
 
diff --git a/libnm-glib/nm-device-wifi.c b/libnm-glib/nm-device-wifi.c
index 0058fd1..3e0fac2 100644
--- a/libnm-glib/nm-device-wifi.c
+++ b/libnm-glib/nm-device-wifi.c
@@ -463,8 +463,7 @@ connection_compatible (NMDevice *device, NMConnection *connection, GError **erro
 	if (s_wsec) {
 		/* Connection has security, verify it against the device's capabilities */
 		key_mgmt = nm_setting_wireless_security_get_key_mgmt (s_wsec);
-		if (   !g_strcmp0 (key_mgmt, "wpa-none")
-		    || !g_strcmp0 (key_mgmt, "wpa-psk")
+		if (   !g_strcmp0 (key_mgmt, "wpa-psk")
 		    || !g_strcmp0 (key_mgmt, "wpa-eap")) {
 
 			/* Is device only WEP capable? */
diff --git a/libnm-util/nm-setting-wireless-security.c b/libnm-util/nm-setting-wireless-security.c
index 336773c..3372394 100644
--- a/libnm-util/nm-setting-wireless-security.c
+++ b/libnm-util/nm-setting-wireless-security.c
@@ -785,8 +785,7 @@ need_secrets (NMSetting *setting)
 	}
 
 	/* WPA-PSK infrastructure and adhoc */
-	if (   (strcmp (priv->key_mgmt, "wpa-none") == 0)
-	    || (strcmp (priv->key_mgmt, "wpa-psk") == 0)) {
+	if (strcmp (priv->key_mgmt, "wpa-psk") == 0) {
 		if (!verify_wpa_psk (priv->psk)) {
 			g_ptr_array_add (secrets, NM_SETTING_WIRELESS_SECURITY_PSK);
 			return secrets;
@@ -834,7 +833,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
 {
 	NMSettingWirelessSecurity *self = NM_SETTING_WIRELESS_SECURITY (setting);
 	NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (self);
-	const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-none", "wpa-psk", "wpa-eap", NULL };
+	const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-psk", "wpa-eap", NULL };
 	const char *valid_auth_algs[] = { "open", "shared", "leap", NULL };
 	const char *valid_protos[] = { "wpa", "rsn", NULL };
 	const char *valid_pairwise[] = { "wep40", "wep104", "tkip", "ccmp", NULL };
@@ -970,38 +969,12 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
 		return FALSE;
 	}
 
-	if (priv->pairwise) {
-		const char *wpa_none[] = { "wpa-none", NULL };
-
-		/* For ad-hoc connections, pairwise must be "none" */
-		if (_nm_utils_string_in_list (priv->key_mgmt, wpa_none)) {
-			GSList *iter;
-			gboolean found = FALSE;
-
-			for (iter = priv->pairwise; iter; iter = g_slist_next (iter)) {
-				if (!strcmp ((char *) iter->data, "none")) {
-					found = TRUE;
-					break;
-				}
-			}
-
-			/* pairwise cipher list didn't contain "none", which is invalid
-			 * for WPA adhoc connections.
-			 */
-			if (!found) {
-				g_set_error (error,
-				             NM_SETTING_WIRELESS_SECURITY_ERROR,
-				             NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
-				             NM_SETTING_WIRELESS_SECURITY_PAIRWISE);
-				return FALSE;
-			}
-		} else if (!_nm_utils_string_slist_validate (priv->pairwise, valid_pairwise)) {
-			g_set_error (error,
-			             NM_SETTING_WIRELESS_SECURITY_ERROR,
-			             NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
-			             NM_SETTING_WIRELESS_SECURITY_PAIRWISE);
-			return FALSE;
-		}
+	if (priv->pairwise && !_nm_utils_string_slist_validate (priv->pairwise, valid_pairwise)) {
+		g_set_error (error,
+		             NM_SETTING_WIRELESS_SECURITY_ERROR,
+		             NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
+		             NM_SETTING_WIRELESS_SECURITY_PAIRWISE);
+		return FALSE;
 	}
 
 	if (priv->group && !_nm_utils_string_slist_validate (priv->group, valid_groups)) {
@@ -1273,7 +1246,7 @@ nm_setting_wireless_security_class_init (NMSettingWirelessSecurityClass *setting
 	 * NMSettingWirelessSecurity:key-mgmt:
 	 *
 	 * Key management used for the connection.  One of 'none' (WEP), 'ieee8021x'
-	 * (Dynamic WEP), 'wpa-none' (Ad-Hoc WPA-PSK), 'wpa-psk' (infrastructure
+	 * (Dynamic WEP), 'wpa-psk' (infrastructure or Ad-Hoc
 	 * WPA-PSK), or 'wpa-eap' (WPA-Enterprise).  This property must be set for
 	 * any WiFi connection that uses security.
 	 **/
@@ -1282,8 +1255,8 @@ nm_setting_wireless_security_class_init (NMSettingWirelessSecurityClass *setting
 		 g_param_spec_string (NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,
 						  "Key management",
 						  "Key management used for the connection.  One of "
-						  "'none' (WEP), 'ieee8021x' (Dynamic WEP), 'wpa-none' "
-						  "(WPA-PSK Ad-Hoc), 'wpa-psk' (infrastructure WPA-PSK), "
+						  "'none' (WEP), 'ieee8021x' (Dynamic WEP), 'wpa-psk' "
+						  "(infrastructure or Ad-Hoc WPA-PSK), "
 						  "or 'wpa-eap' (WPA-Enterprise).  This property must "
 						  "be set for any WiFi connection that uses security.",
 						  NULL,
diff --git a/libnm-util/nm-setting-wireless.c b/libnm-util/nm-setting-wireless.c
index f9ed310..a0af1fe 100644
--- a/libnm-util/nm-setting-wireless.c
+++ b/libnm-util/nm-setting-wireless.c
@@ -184,12 +184,13 @@ nm_setting_wireless_ap_security_compatible (NMSettingWireless *s_wireless,
 	}
 
 	/* Adhoc WPA */
-	if (!strcmp (key_mgmt, "wpa-none")) {
-		if (ap_mode != NM_802_11_MODE_ADHOC)
-			return FALSE;
-		// FIXME: validate ciphers if the BSSID actually puts WPA/RSN IE in
-		// it's beacon
-		return TRUE;
+	if (ap_mode == NM_802_11_MODE_ADHOC) {
+		if (!strcmp (key_mgmt, "wpa-psk")) {
+			// FIXME: validate ciphers if the BSSID actually puts WPA/RSN IE in
+			// it's beacon
+			return TRUE;
+		}
+		return FALSE;
 	}
 
 	/* Stuff after this point requires infrastructure */
diff --git a/libnm-util/nm-utils.c b/libnm-util/nm-utils.c
index 607c0e6..fe1726f 100644
--- a/libnm-util/nm-utils.c
+++ b/libnm-util/nm-utils.c
@@ -1287,25 +1287,16 @@ nm_utils_security_valid (NMUtilsSecurityType type,
 	case NMU_SEC_WPA_PSK:
 		if (!(wifi_caps & NM_WIFI_DEVICE_CAP_WPA))
 			return FALSE;
+		if (adhoc)
+			return FALSE;
 		if (have_ap) {
-			/* Ad-Hoc WPA APs won't necessarily have the PSK flag set, and
-			 * they don't have any pairwise ciphers. */
-			if (adhoc) {
-				if (   (ap_wpa & NM_802_11_AP_SEC_GROUP_TKIP)
+			if (ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_PSK) {
+				if (   (ap_wpa & NM_802_11_AP_SEC_PAIR_TKIP)
 				    && (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_TKIP))
 					return TRUE;
-				if (   (ap_wpa & NM_802_11_AP_SEC_GROUP_CCMP)
+				if (   (ap_wpa & NM_802_11_AP_SEC_PAIR_CCMP)
 				    && (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP))
 					return TRUE;
-			} else {
-				if (ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_PSK) {
-					if (   (ap_wpa & NM_802_11_AP_SEC_PAIR_TKIP)
-					    && (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_TKIP))
-						return TRUE;
-					if (   (ap_wpa & NM_802_11_AP_SEC_PAIR_CCMP)
-					    && (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP))
-						return TRUE;
-				}
 			}
 			return FALSE;
 		}
@@ -1314,12 +1305,12 @@ nm_utils_security_valid (NMUtilsSecurityType type,
 		if (!(wifi_caps & NM_WIFI_DEVICE_CAP_RSN))
 			return FALSE;
 		if (have_ap) {
-			/* Ad-Hoc WPA APs won't necessarily have the PSK flag set, and
-			 * they don't have any pairwise ciphers, nor any RSA flags yet. */
 			if (adhoc) {
-				if (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_TKIP)
-					return TRUE;
-				if (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP)
+				if (!(wifi_caps & NM_WIFI_DEVICE_CAP_IBSS_RSN))
+					return FALSE;
+				/* Ad-Hoc RSN peers may support TKIP, but we don't. */
+				if (   (ap_rsn & NM_802_11_AP_SEC_PAIR_CCMP)
+				    && (wifi_caps & NM_WIFI_DEVICE_CAP_CIPHER_CCMP))
 					return TRUE;
 			} else {
 				if (ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_PSK) {
diff --git a/src/nm-wifi-ap-utils.c b/src/nm-wifi-ap-utils.c
index 215c493..ca0f47f 100644
--- a/src/nm-wifi-ap-utils.c
+++ b/src/nm-wifi-ap-utils.c
@@ -271,7 +271,7 @@ verify_wpa_psk (NMSettingWirelessSecurity *s_wsec,
 	auth_alg = nm_setting_wireless_security_get_auth_alg (s_wsec);
 
 	if (key_mgmt) {
-		if (!strcmp (key_mgmt, "wpa-psk") || !strcmp (key_mgmt, "wpa-none")) {
+		if (!strcmp (key_mgmt, "wpa-psk")) {
 			if (s_8021x) {
 				g_set_error_literal (error,
 				                     NM_SETTING_WIRELESS_SECURITY_ERROR,
@@ -290,43 +290,36 @@ verify_wpa_psk (NMSettingWirelessSecurity *s_wsec,
 			}
 		}
 
-		if (!strcmp (key_mgmt, "wpa-none")) {
-			if (!adhoc) {
-				g_set_error_literal (error,
-				                     NM_SETTING_WIRELESS_SECURITY_ERROR,
-				                     NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
-				                     "WPA Ad-Hoc requires an Ad-Hoc mode AP");
-				return FALSE;
-			}
+		if (adhoc && !strcmp(key_mgmt, "wpa-psk")) {
 
-			/* Ad-Hoc WPA requires 'wpa' proto, 'none' pairwise, and 'tkip' group */
+			/* Ad-Hoc RSN requires 'rsn' proto, 'ccmp' pairwise, and 'ccmp' group */
 			n = nm_setting_wireless_security_get_num_protos (s_wsec);
 			tmp = (n > 0) ? nm_setting_wireless_security_get_proto (s_wsec, 0) : NULL;
-			if (n > 1 || strcmp (tmp, "wpa")) {
+			if (n > 1 || strcmp (tmp, "rsn")) {
 				g_set_error_literal (error,
 				                     NM_SETTING_WIRELESS_SECURITY_ERROR,
 				                     NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
-				                     "WPA Ad-Hoc requires 'wpa' proto");
+				                     "WPA Ad-Hoc requires 'rsn' proto");
 				return FALSE;
 			}
 
 			n = nm_setting_wireless_security_get_num_pairwise (s_wsec);
 			tmp = (n > 0) ? nm_setting_wireless_security_get_pairwise (s_wsec, 0) : NULL;
-			if (n > 1 || strcmp (tmp, "none")) {
+			if (n > 1 || strcmp (tmp, "ccmp")) {
 				g_set_error_literal (error,
 				                     NM_SETTING_WIRELESS_SECURITY_ERROR,
 				                     NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
-				                     "WPA Ad-Hoc requires 'none' pairwise cipher");
+				                     "WPA Ad-Hoc requires 'ccmp' pairwise cipher");
 				return FALSE;
 			}
 
 			n = nm_setting_wireless_security_get_num_groups (s_wsec);
 			tmp = (n > 0) ? nm_setting_wireless_security_get_group (s_wsec, 0) : NULL;
-			if (n > 1 || strcmp (tmp, "tkip")) {
+			if (n > 1 || strcmp (tmp, "ccmp")) {
 				g_set_error_literal (error,
 				                     NM_SETTING_WIRELESS_SECURITY_ERROR,
 				                     NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
-				                     "WPA Ad-Hoc requires 'tkip' group cipher");
+				                     "WPA Ad-Hoc requires 'ccmp' group cipher");
 				return FALSE;
 			}
 		}
@@ -419,7 +412,7 @@ verify_adhoc (NMSettingWirelessSecurity *s_wsec,
 	}
 
 	if (adhoc) {
-		if (key_mgmt && strcmp (key_mgmt, "wpa-none") && strcmp (key_mgmt, "none")) {
+		if (key_mgmt && strcmp (key_mgmt, "wpa-psk") && strcmp (key_mgmt, "none")) {
 			g_set_error_literal (error,
 			                     NM_SETTING_WIRELESS_SECURITY_ERROR,
 			                     NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
@@ -450,14 +443,6 @@ verify_adhoc (NMSettingWirelessSecurity *s_wsec,
 			                     "Ad-Hoc mode requires 'open' authentication");
 			return FALSE;
 		}
-	} else {
-		if (key_mgmt && !strcmp (key_mgmt, "wpa-none")) {
-			g_set_error_literal (error,
-			                     NM_SETTING_WIRELESS_SECURITY_ERROR,
-			                     NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
-			                     "AP mode is Infrastructure but setting requires Ad-Hoc security");
-			return FALSE;
-		}
 	}
 
 	return TRUE;
@@ -665,11 +650,13 @@ nm_ap_utils_complete_connection (const GByteArray *ap_ssid,
 		return FALSE;
 
 	if (adhoc) {
-		g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-none", NULL);
-		/* Ad-Hoc does not support RSN/WPA2 */
-		nm_setting_wireless_security_add_proto (s_wsec, "wpa");
-		nm_setting_wireless_security_add_pairwise (s_wsec, "none");
-		nm_setting_wireless_security_add_group (s_wsec, "tkip");
+		g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk",
+		              NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "open",
+		              NULL);
+		/* Ad-Hoc does not support WPA-none anymore */
+		nm_setting_wireless_security_add_proto (s_wsec, "rsn");
+		nm_setting_wireless_security_add_pairwise (s_wsec, "ccmp");
+		nm_setting_wireless_security_add_group (s_wsec, "ccmp");
 	} else if (s_8021x) {
 		g_object_set (s_wsec,
 		              NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap",
diff --git a/src/nm-wifi-ap.c b/src/nm-wifi-ap.c
index 6a60796..1ecc836 100644
--- a/src/nm-wifi-ap.c
+++ b/src/nm-wifi-ap.c
@@ -628,6 +628,7 @@ nm_ap_new_fake_from_connection (NMConnection *connection)
 	guint32 channel;
 	NM80211ApSecurityFlags flags;
 	gboolean psk = FALSE, eap = FALSE;
+	gboolean adhoc = FALSE;
 
 	g_return_val_if_fail (connection != NULL, NULL);
 
@@ -648,9 +649,10 @@ nm_ap_new_fake_from_connection (NMConnection *connection)
 	if (mode) {
 		if (!strcmp (mode, "infrastructure"))
 			nm_ap_set_mode (ap, NM_802_11_MODE_INFRA);
-		else if (!strcmp (mode, "adhoc"))
+		else if (!strcmp (mode, "adhoc")) {
 			nm_ap_set_mode (ap, NM_802_11_MODE_ADHOC);
-		else
+			adhoc = TRUE;
+		} else
 			goto error;
 	} else {
 		nm_ap_set_mode (ap, NM_802_11_MODE_INFRA);
@@ -684,7 +686,7 @@ nm_ap_new_fake_from_connection (NMConnection *connection)
 
 	psk = !strcmp (key_mgmt, "wpa-psk");
 	eap = !strcmp (key_mgmt, "wpa-eap");
-	if (psk || eap) {
+	if (!adhoc && (psk || eap)) {
 		if (has_proto (s_wireless_sec, PROTO_WPA)) {
 			flags = nm_ap_get_wpa_flags (ap);
 			flags |= eap ? NM_802_11_AP_SEC_KEY_MGMT_802_1X : NM_802_11_AP_SEC_KEY_MGMT_PSK;
@@ -698,42 +700,31 @@ nm_ap_new_fake_from_connection (NMConnection *connection)
 
 		add_pair_ciphers (ap, s_wireless_sec);
 		add_group_ciphers (ap, s_wireless_sec);
-	} else if (!strcmp (key_mgmt, "wpa-none")) {
-		guint32 i;
-
-		/* Ad-Hoc has special requirements: proto=WPA, pairwise=(none), and
-		 * group=TKIP/CCMP (but not both).
+	} else if (adhoc && psk) {
+		/* Ad-Hoc has special requirements: proto=RSN, pairwise=CCMP, and
+		 * group=CCMP.
 		 */
 
 		flags = nm_ap_get_wpa_flags (ap);
 		flags |= NM_802_11_AP_SEC_KEY_MGMT_PSK;
 
-		/* Clear ciphers; pairwise must be unset anyway, and group gets set below */
+		/* Clear ciphers; only ccmp is supported anyway */
 		flags &= ~(  NM_802_11_AP_SEC_PAIR_WEP40
 		           | NM_802_11_AP_SEC_PAIR_WEP104
 		           | NM_802_11_AP_SEC_PAIR_TKIP
-		           | NM_802_11_AP_SEC_PAIR_CCMP
 		           | NM_802_11_AP_SEC_GROUP_WEP40
 		           | NM_802_11_AP_SEC_GROUP_WEP104
-		           | NM_802_11_AP_SEC_GROUP_TKIP
-		           | NM_802_11_AP_SEC_GROUP_CCMP);
-
-		for (i = 0; i < nm_setting_wireless_security_get_num_groups (s_wireless_sec); i++) {
-			if (!strcmp (nm_setting_wireless_security_get_group (s_wireless_sec, i), "ccmp")) {
-				flags |= NM_802_11_AP_SEC_GROUP_CCMP;
-				break;
-			}
-		}
+		           | NM_802_11_AP_SEC_GROUP_TKIP);
 
-		/* Default to TKIP since not all WPA-capable cards can do CCMP */
-		if (!(flags & NM_802_11_AP_SEC_GROUP_CCMP))
-			flags |= NM_802_11_AP_SEC_GROUP_TKIP;
+		flags |= NM_802_11_AP_SEC_GROUP_CCMP;
+		flags |= NM_802_11_AP_SEC_PAIR_CCMP;
 
-		nm_ap_set_wpa_flags (ap, flags);
+		nm_ap_set_rsn_flags (ap, flags);
 
-		/* Don't use Ad-Hoc RSN yet */
-		nm_ap_set_rsn_flags (ap, NM_802_11_AP_SEC_NONE);
-	}
+		/* Don't use Ad-Hoc WPA anymore */
+		nm_ap_set_wpa_flags (ap, NM_802_11_AP_SEC_NONE);
+	} else
+		goto error;
 
 done:
 	return ap;
diff --git a/src/settings/plugins/ifcfg-rh/reader.c b/src/settings/plugins/ifcfg-rh/reader.c
index 6aa97f1..3fea7cd 100644
--- a/src/settings/plugins/ifcfg-rh/reader.c
+++ b/src/settings/plugins/ifcfg-rh/reader.c
@@ -1920,8 +1920,8 @@ fill_wpa_ciphers (shvarFile *ifcfg,
 				PLUGIN_WARN (IFCFG_PLUGIN_NAME, "    warning: ignoring group cipher '%s' (only one group cipher allowed in Ad-Hoc mode)",
 				             *iter);
 				continue;
-			} else if (!group) {
-				PLUGIN_WARN (IFCFG_PLUGIN_NAME, "    warning: ignoring pairwise cipher '%s' (pairwise not used in Ad-Hoc mode)",
+			} else if (!group && (i > 0)) {
+				PLUGIN_WARN (IFCFG_PLUGIN_NAME, "    warning: ignoring pairwise cipher '%s' (only one pairwise cipher allowed in Ad-Hoc mode)",
 				             *iter);
 				continue;
 			}
@@ -2707,8 +2707,8 @@ make_wpa_setting (shvarFile *ifcfg,
 
 	/* WPA and/or RSN */
 	if (adhoc) {
-		/* Ad-Hoc mode only supports WPA proto for now */
-		nm_setting_wireless_security_add_proto (wsec, "wpa");
+		/* Ad-Hoc mode only supports RSN proto */
+		nm_setting_wireless_security_add_proto (wsec, "rsn");
 	} else {
 		char *allow_wpa, *allow_rsn;
 
@@ -2747,10 +2747,7 @@ make_wpa_setting (shvarFile *ifcfg,
 			}
 		}
 
-		if (adhoc)
-			g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-none", NULL);
-		else
-			g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL);
+		g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL);
 	} else if (!strcmp (value, "WPA-EAP") || !strcmp (value, "IEEE8021X")) {
 		/* Adhoc mode is mutually exclusive with any 802.1x-based authentication */
 		if (adhoc) {
diff --git a/src/settings/plugins/ifcfg-rh/writer.c b/src/settings/plugins/ifcfg-rh/writer.c
index 26a1585..e4e719d 100644
--- a/src/settings/plugins/ifcfg-rh/writer.c
+++ b/src/settings/plugins/ifcfg-rh/writer.c
@@ -592,7 +592,7 @@ write_wireless_security_setting (NMConnection *connection,
 		svSetValue (ifcfg, "KEY_MGMT", NULL, FALSE);
 		wep = TRUE;
 		*no_8021x = TRUE;
-	} else if (!strcmp (key_mgmt, "wpa-none") || !strcmp (key_mgmt, "wpa-psk")) {
+	} else if (!strcmp (key_mgmt, "wpa-psk")) {
 		svSetValue (ifcfg, "KEY_MGMT", "WPA-PSK", FALSE);
 		wpa = TRUE;
 		*no_8021x = TRUE;
diff --git a/src/settings/plugins/ifnet/connection_parser.c b/src/settings/plugins/ifnet/connection_parser.c
index 78812f9..36af48b 100644
--- a/src/settings/plugins/ifnet/connection_parser.c
+++ b/src/settings/plugins/ifnet/connection_parser.c
@@ -1333,23 +1333,6 @@ fill_wpa_ciphers (const char *ssid,
 
 	list = g_strsplit_set (value, " ", 0);
 	for (iter = list; iter && *iter; iter++, i++) {
-		/* Ad-Hoc configurations cannot have pairwise ciphers, and can only
-		 * have one group cipher.  Ignore any additional group ciphers and
-		 * any pairwise ciphers specified.
-		 */
-		if (adhoc) {
-			if (group && (i > 0)) {
-				PLUGIN_WARN (IFNET_PLUGIN_NAME,
-					     "    warning: ignoring group cipher '%s' (only one group cipher allowed in Ad-Hoc mode)",
-					     *iter);
-				continue;
-			} else if (!group) {
-				PLUGIN_WARN (IFNET_PLUGIN_NAME,
-					     "    warning: ignoring pairwise cipher '%s' (pairwise not used in Ad-Hoc mode)",
-					     *iter);
-				continue;
-			}
-		}
 
 		if (!strcmp (*iter, "CCMP")) {
 			if (group)
@@ -1358,6 +1341,19 @@ fill_wpa_ciphers (const char *ssid,
 			else
 				nm_setting_wireless_security_add_pairwise (wsec,
 									   "ccmp");
+		} else if (adhoc) {
+			/* Ad-Hoc configurations only support CCMP cipher for
+			 * pairwise and group.
+			 * Ignore any other group or pairwise ciphers specified.
+			 */
+			if (group)
+				PLUGIN_WARN (IFNET_PLUGIN_NAME,
+					     "    warning: ignoring group cipher '%s' (only ccmp cipher allowed in Ad-Hoc mode)",
+					     eiter);
+			else if (!group)
+				PLUGIN_WARN (IFNET_PLUGIN_NAME,
+					     "    warning: ignoring pairwise cipher '%s' (only ccmp cipher allowed in Ad-Hoc mode)",
+					     *iter);
 		} else if (!strcmp (*iter, "TKIP")) {
 			if (group)
 				nm_setting_wireless_security_add_group (wsec,
@@ -1498,8 +1494,8 @@ make_wpa_setting (const char *ssid,
 
 	/* WPA and/or RSN */
 	if (adhoc) {
-		/* Ad-Hoc mode only supports WPA proto for now */
-		nm_setting_wireless_security_add_proto (wsec, "wpa");
+		/* Ad-Hoc mode only supports RSN proto */
+		nm_setting_wireless_security_add_proto (wsec, "rsn");
 	} else {
 		nm_setting_wireless_security_add_proto (wsec, "wpa");
 		nm_setting_wireless_security_add_proto (wsec, "rsn");
@@ -1515,14 +1511,9 @@ make_wpa_setting (const char *ssid,
 			      NULL);
 		g_free (psk);
 
-		if (adhoc)
-			g_object_set (wsec,
-				      NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,
-				      "wpa-none", NULL);
-		else
-			g_object_set (wsec,
-				      NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,
-				      "wpa-psk", NULL);
+		g_object_set (wsec,
+			      NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,
+			      "wpa-psk", NULL);
 	} else if (!strcmp (value, "WPA-EAP") || !strcmp (value, "IEEE8021X")) {
 		if (adhoc) {
 			g_set_error (error, ifnet_plugin_error_quark (), 0,
@@ -2115,8 +2106,7 @@ write_wireless_security_setting (NMConnection * connection,
 		wpa_set_data (conn_name, "key_mgmt", "NONE");
 		wep = TRUE;
 		*no_8021x = TRUE;
-	} else if (!strcmp (key_mgmt, "wpa-none")
-		   || !strcmp (key_mgmt, "wpa-psk")) {
+	} else if (!strcmp (key_mgmt, "wpa-psk")) {
 		wpa_set_data (conn_name, "key_mgmt", "WPA-PSK");
 		wpa = TRUE;
 		*no_8021x = TRUE;
diff --git a/src/settings/plugins/ifnet/tests/wpa_supplicant.conf b/src/settings/plugins/ifnet/tests/wpa_supplicant.conf
index 609ee0e..3a9f167 100644
--- a/src/settings/plugins/ifnet/tests/wpa_supplicant.conf
+++ b/src/settings/plugins/ifnet/tests/wpa_supplicant.conf
@@ -752,15 +752,15 @@ network={
 }
 
 
-# IBSS/ad-hoc network with WPA-None/TKIP.
+# IBSS/ad-hoc network with IBSS RSN.
 network={
 	ssid="test adhoc"
 	mode=1
 	frequency=2412
-	proto=WPA
-	key_mgmt=WPA-NONE
-	pairwise=NONE
-	group=TKIP
+	proto=RSN
+	key_mgmt=WPA-PSK
+	pairwise=CCMP
+	group=CCMP
 	psk="secret passphrase"
 }
 
diff --git a/src/supplicant-manager/nm-supplicant-config.c b/src/supplicant-manager/nm-supplicant-config.c
index a8e4ab9..187118b 100644
--- a/src/supplicant-manager/nm-supplicant-config.c
+++ b/src/supplicant-manager/nm-supplicant-config.c
@@ -643,8 +643,7 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
 	}
 
 	/* Only WPA-specific things when using WPA */
-	if (   !strcmp (key_mgmt, "wpa-none")
-	    || !strcmp (key_mgmt, "wpa-psk")
+	if (   !strcmp (key_mgmt, "wpa-psk")
 	    || !strcmp (key_mgmt, "wpa-eap")) {
 		ADD_STRING_LIST_VAL (setting, wireless_security, proto, protos, "proto", ' ', TRUE, FALSE);
 		ADD_STRING_LIST_VAL (setting, wireless_security, pairwise, pairwise, "pairwise", ' ', TRUE, FALSE);
diff --git a/src/supplicant-manager/nm-supplicant-settings-verify.c b/src/supplicant-manager/nm-supplicant-settings-verify.c
index 76de84d..d71ddf3 100644
--- a/src/supplicant-manager/nm-supplicant-settings-verify.c
+++ b/src/supplicant-manager/nm-supplicant-settings-verify.c
@@ -70,7 +70,7 @@ static const struct validate_entry validate_table[] = {
 const char * pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL };
 const char * group_allowed[] =    { "CCMP", "TKIP", "WEP104", "WEP40", NULL };
 const char * proto_allowed[] =    { "WPA", "RSN", NULL };
-const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-EAP", "IEEE8021X", "WPA-NONE",
+const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-EAP", "IEEE8021X",
                                     "NONE", NULL };
 const char * auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL };
 const char * eap_allowed[] =      { "LEAP", "MD5", "TLS", "PEAP", "TTLS", "SIM",
diff --git a/src/wifi/wifi-utils-nl80211.c b/src/wifi/wifi-utils-nl80211.c
index 663cbc2..17f7f72 100644
--- a/src/wifi/wifi-utils-nl80211.c
+++ b/src/wifi/wifi-utils-nl80211.c
@@ -684,6 +684,9 @@ static int nl80211_wiphy_info_handler (struct nl_msg *msg, void *arg)
 		}
 	}
 
+	if (tb[NL80211_ATTR_SUPPORT_IBSS_RSN])
+		info->caps |= NM_WIFI_DEVICE_CAP_IBSS_RSN;
+
 	info->success = TRUE;
 
 	return NL_SKIP;
-- 
1.7.10.4



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]