Re: WPA2 Enterprise (and other things)

[Jon Escombe <lists dresco co uk>]

Apologies for creating a new thread, but was the only way I could post 
an attachment...

> If I select "connect to other wireless network" and enter the full details for
> my WPA2 network (ssid, wpa2 enterprise, tls, identity, private key file,
> password) then I see the following output from NM and the connection succeeds:

<snip>

> If I then (for example) switch away from this connection and back again, I see
> only the following output. Doesn't prompt me for any credentials, just waits at
> this point:

<snip>

I've found an issue which I think may be at the root of all this..

nm_ap_security_new_from_ap() appears to match on *any* of the capabilities
defined for each encryption type. In my case, my WPA2-EAP network was being
configured as a WPA2_CCMP_PSK network, due to the presence of the
NM_802_11_CAP_PROTO_WPA2 capability. I believe the attached patch solves 
this
problem by requiring the reported capabilities to match *all* of the defined
capabilities.

I can test further when I'm back in the office tomorrow, but I'm hopeful 
that is
what was preventing the stored credentials from being retrieved..

Regards,
Jon.

diff -urN NetworkManager.orig/src/nm-ap-security.c NetworkManager.patches/src/nm-ap-security.c
--- NetworkManager.orig/src/nm-ap-security.c	2006-03-08 18:33:44.000000000 +0000
+++ NetworkManager.patches/src/nm-ap-security.c	2006-03-23 20:23:28.000000000 +0000
@@ -125,15 +125,15 @@
 
 	/* Deteremine best encryption algorithm to use */
 	caps = nm_ap_get_capabilities (ap);
-	if ((caps & WPA_CCMP_PSK) || (caps & WPA2_CCMP_PSK))
+	if (((caps & WPA_CCMP_PSK) == WPA_CCMP_PSK) || ((caps & WPA2_CCMP_PSK) == WPA2_CCMP_PSK))
 		security = NM_AP_SECURITY (nm_ap_security_wpa_psk_new_from_ap (ap, IW_AUTH_CIPHER_CCMP));
-	else if ((caps & WPA_TKIP_PSK) || (caps & WPA2_TKIP_PSK))
+	else if (((caps & WPA_TKIP_PSK) == WPA_TKIP_PSK) || ((caps & WPA2_TKIP_PSK) == WPA2_TKIP_PSK))
 		security = NM_AP_SECURITY (nm_ap_security_wpa_psk_new_from_ap (ap, IW_AUTH_CIPHER_TKIP));
-	else if ((caps & WPA_EAP) || (caps & WPA2_EAP))
+	else if (((caps & WPA_EAP) == WPA_EAP) || ((caps & WPA2_EAP) == WPA2_EAP))
 		security = NM_AP_SECURITY (nm_ap_security_wpa_eap_new_from_ap (ap));
-	else if (caps & WEP_WEP104)
+	else if ((caps & WEP_WEP104) == WEP_WEP104)
 		security = NM_AP_SECURITY (nm_ap_security_wep_new_from_ap (ap, IW_AUTH_CIPHER_WEP104));
-	else if (caps & WEP_WEP40)
+	else if ((caps & WEP_WEP40) == WEP_WEP40)
 		security = NM_AP_SECURITY (nm_ap_security_wep_new_from_ap (ap, IW_AUTH_CIPHER_WEP40));
 	else if (!nm_ap_get_encrypted (ap))
 		security = nm_ap_security_new (IW_AUTH_CIPHER_NONE);