diff options
| author | rnhmjoj <rnhmjoj@inventati.org> | 2022-02-04 08:45:28 +0100 |
|---|---|---|
| committer | rnhmjoj <rnhmjoj@inventati.org> | 2022-02-04 08:46:32 +0100 |
| commit | 3b8fa47f58bd96b59bdcd9a14b36ad2ee9d0d8f0 (patch) | |
| tree | 7cde7c6d56fdc9df6bb5e3f86c8826582280470c | |
| parent | d67ad28fc301305baeeb364a04f0565c5f5118c8 (diff) | |
| download | nixpkgs-3b8fa47f58bd96b59bdcd9a14b36ad2ee9d0d8f0.tar nixpkgs-3b8fa47f58bd96b59bdcd9a14b36ad2ee9d0d8f0.tar.gz nixpkgs-3b8fa47f58bd96b59bdcd9a14b36ad2ee9d0d8f0.tar.bz2 nixpkgs-3b8fa47f58bd96b59bdcd9a14b36ad2ee9d0d8f0.tar.lz nixpkgs-3b8fa47f58bd96b59bdcd9a14b36ad2ee9d0d8f0.tar.xz nixpkgs-3b8fa47f58bd96b59bdcd9a14b36ad2ee9d0d8f0.tar.zst nixpkgs-3b8fa47f58bd96b59bdcd9a14b36ad2ee9d0d8f0.zip | |
nixos/wireless: don't attempt fallback on WPA3 only networks
| -rw-r--r-- | nixos/modules/services/networking/wpa_supplicant.nix | 10 | ||||
| -rw-r--r-- | nixos/tests/wpa_supplicant.nix | 19 |
2 files changed, 24 insertions, 5 deletions
diff --git a/nixos/modules/services/networking/wpa_supplicant.nix b/nixos/modules/services/networking/wpa_supplicant.nix index 9989b6df659..c2e1d37e28b 100644 --- a/nixos/modules/services/networking/wpa_supplicant.nix +++ b/nixos/modules/services/networking/wpa_supplicant.nix @@ -11,11 +11,15 @@ let opt = options.networking.wireless; wpa3Protocols = [ "SAE" "FT-SAE" ]; - hasWPA3 = opts: !mutuallyExclusive opts.authProtocols wpa3Protocols; + hasMixedWPA = opts: + let + hasWPA3 = !mutuallyExclusive opts.authProtocols wpa3Protocols; + others = subtractLists wpa3Protocols opts.authProtocols; + in hasWPA3 && others != []; # Gives a WPA3 network higher priority increaseWPA3Priority = opts: - opts // optionalAttrs (hasWPA3 opts) + opts // optionalAttrs (hasMixedWPA opts) { priority = if opts.priority == null then 1 else opts.priority + 1; @@ -33,7 +37,7 @@ let allNetworks = if cfg.fallbackToWPA2 then map increaseWPA3Priority networkList - ++ map mkWPA2Fallback (filter hasWPA3 networkList) + ++ map mkWPA2Fallback (filter hasMixedWPA networkList) else networkList; # Content of wpa_supplicant.conf diff --git a/nixos/tests/wpa_supplicant.nix b/nixos/tests/wpa_supplicant.nix index 1d669d5016a..40d934b8e1d 100644 --- a/nixos/tests/wpa_supplicant.nix +++ b/nixos/tests/wpa_supplicant.nix @@ -27,8 +27,19 @@ import ./make-test-python.nix ({ pkgs, lib, ...}: enable = lib.mkOverride 0 true; userControlled.enable = true; interfaces = [ "wlan1" ]; + fallbackToWPA2 = true; networks = { + # test WPA2 fallback + mixed-wpa = { + psk = "password"; + authProtocols = [ "WPA-PSK" "SAE" ]; + }; + sae-only = { + psk = "password"; + authProtocols = [ "SAE" ]; + }; + # test network nixos-test.psk = "@PSK_NIXOS_TEST@"; @@ -64,8 +75,12 @@ import ./make-test-python.nix ({ pkgs, lib, ...}: machine.succeed(f"grep -q @PSK_MISSING@ {config_file}") machine.succeed(f"grep -q P@ssowrdWithSome@tSymbol {config_file}") - # save file for manual inspection - machine.copy_from_vm(config_file) + with subtest("WPA2 fallbacks have been generated"): + assert int(machine.succeed(f"grep -c sae-only {config_file}")) == 1 + assert int(machine.succeed(f"grep -c mixed-wpa {config_file}")) == 2 + + # save file for manual inspection + machine.copy_from_vm(config_file) with subtest("Daemon is running and accepting connections"): machine.wait_for_unit("wpa_supplicant-wlan1.service") |