Ubuntu
network-manager package

Merge ~mitchellaugustin/ubuntu/+source/network-manager:noble-wpa3-fix into ubuntu/+source/network-manager:ubuntu/noble-devel

  1. Git
  2. lp:~mitchellaugustin/ubuntu/+source/network-manager
  3. noble-wpa3-fix
  4. Merge into ubuntu/noble-devel
Proposed by Mitchell Augustin
Status: Needs review
Proposed branch: ~mitchellaugustin/ubuntu/+source/network-manager:noble-wpa3-fix
Merge into: ubuntu/+source/network-manager:ubuntu/noble-devel
Diff against target: 221 lines (+193/-0)
4 files modified
debian/10-default-firewall-use-iptables.conf (+2/-0)
debian/changelog (+13/-0)
debian/patches/core-add-handlers-for-SaePasswordMismatch-signal.patch (+177/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Ubuntu Sponsors Pending
git-ubuntu import Pending
Review via email: mp+497190@code.launchpad.net

Commit message

Show incorrect password re-entry prompt for WPA3 networks (LP: #2122458)

Description of the change

Show incorrect password re-entry prompt for WPA3 networks (LP: #2122458)

To post a comment you must log in.
Revision history for this message
Mitchell Augustin (mitchellaugustin) wrote :

Tested via https://launchpad.net/~mitchellaugustin/+archive/ubuntu/wpa-sae-fixes-dec9/+packages

Reply

Unmerged commits

2f17e0a... by Mitchell Augustin

Show incorrect password re-entry prompt for WPA3 networks (LP: #2122458)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/10-default-firewall-use-iptables.conf b/debian/10-default-firewall-use-iptables.conf
2new file mode 100644
3index 0000000..0adacde
4--- /dev/null
5+++ b/debian/10-default-firewall-use-iptables.conf
6@@ -0,0 +1,2 @@
7+[main]
8+firewall-backend = iptables
9diff --git a/debian/changelog b/debian/changelog
10index 3ebc9ad..6405816 100644
11--- a/debian/changelog
12+++ b/debian/changelog
13@@ -1,3 +1,16 @@
14+network-manager (1.46.0-1ubuntu2.6) noble; urgency=medium
15+
16+ * Show incorrect password re-entry prompt for WPA3 networks (LP: #2122458)
17+
18+ -- Mitchell Augustin <mitchell.augustin@canonical.com> Tue, 9 Dec 2025 14:11:00 -0600
19+
20+network-manager (1.46.0-1ubuntu2.5) noble; urgency=medium
21+
22+ * Use iptables instead of nftables as firewall backend, to match UFW
23+ (LP: #2128668)
24+
25+ -- Mitchell Augustin <mitchell.augustin@canonical.com> Mon, 27 Oct 2025 14:11:40 -0500
26+
27 network-manager (1.46.0-1ubuntu2.4) noble; urgency=medium
28
29 * d/p/lp2127925-fix-autoreconnect-blocker.patch: unblock autoreconnect when a previously failed
30diff --git a/debian/patches/core-add-handlers-for-SaePasswordMismatch-signal.patch b/debian/patches/core-add-handlers-for-SaePasswordMismatch-signal.patch
31new file mode 100644
32index 0000000..39b6a29
33--- /dev/null
34+++ b/debian/patches/core-add-handlers-for-SaePasswordMismatch-signal.patch
35@@ -0,0 +1,177 @@
36+From: Mitchell Augustin <mitchell.augustin@canonical.com>
37+Date: Fri, 3 Oct 2025 11:32:34 -0500
38+Subject: core: add handlers for SaePasswordMismatch signal
39+
40+Trigger a new auth request to the user when the SaePasswordMismatch
41+signal is received from wpa_supplicant.
42+
43+Closes #904
44+
45+Origin: upstream, https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/bcb96a1b19dae7306be0b373f0cf76660499ac61
46+---
47+ src/core/devices/wifi/nm-device-wifi.c | 70 +++++++++++++++++++++++++++
48+ src/core/supplicant/nm-supplicant-interface.c | 30 ++++++++++++
49+ src/core/supplicant/nm-supplicant-interface.h | 2 +
50+ 3 files changed, 102 insertions(+)
51+
52+diff --git a/src/core/devices/wifi/nm-device-wifi.c b/src/core/devices/wifi/nm-device-wifi.c
53+index 2cd41b2..5e1729b 100644
54+--- a/src/core/devices/wifi/nm-device-wifi.c
55++++ b/src/core/devices/wifi/nm-device-wifi.c
56+@@ -191,6 +191,12 @@ static void supplicant_iface_notify_p2p_available(NMSupplicantInterface *iface,
57+ GParamSpec *pspec,
58+ NMDeviceWifi *self);
59+
60++static void supplicant_iface_notify_wpa_psk_mismatch_cb(NMSupplicantInterface *iface,
61++ NMDeviceWifi *self);
62++
63++static void supplicant_iface_notify_wpa_sae_mismatch_cb(NMSupplicantInterface *iface,
64++ NMDeviceWifi *self);
65++
66+ static void periodic_update(NMDeviceWifi *self);
67+
68+ static void ap_add_remove(NMDeviceWifi *self,
69+@@ -621,6 +627,14 @@ supplicant_interface_acquire_cb(NMSupplicantManager *supplicant_manager,
70+ "notify::" NM_SUPPLICANT_INTERFACE_P2P_AVAILABLE,
71+ G_CALLBACK(supplicant_iface_notify_p2p_available),
72+ self);
73++ g_signal_connect(priv->sup_iface,
74++ NM_SUPPLICANT_INTERFACE_PSK_MISMATCH,
75++ G_CALLBACK(supplicant_iface_notify_wpa_psk_mismatch_cb),
76++ self);
77++ g_signal_connect(priv->sup_iface,
78++ NM_SUPPLICANT_INTERFACE_SAE_MISMATCH,
79++ G_CALLBACK(supplicant_iface_notify_wpa_sae_mismatch_cb),
80++ self);
81+
82+ _scan_notify_is_scanning(self);
83+
84+@@ -2829,6 +2843,62 @@ handle_auth_or_fail(NMDeviceWifi *self, NMActRequest *req, gboolean new_secrets)
85+ return TRUE;
86+ }
87+
88++static void
89++supplicant_iface_notify_wpa_psk_mismatch_cb(NMSupplicantInterface *iface, NMDeviceWifi *self)
90++{
91++ NMDevice *device = NM_DEVICE(self);
92++ NMActRequest *req;
93++ const char *setting_name = NM_SETTING_WIRELESS_SECURITY_SETTING_NAME;
94++
95++ if (nm_device_get_state(device) != NM_DEVICE_STATE_CONFIG)
96++ return;
97++
98++ _LOGI(LOGD_DEVICE | LOGD_WIFI,
99++ "Activation: (wifi) psk mismatch reported by supplicant, asking for new key");
100++
101++ req = nm_device_get_act_request(NM_DEVICE(self));
102++ g_return_if_fail(req != NULL);
103++
104++ nm_act_request_clear_secrets(req);
105++
106++ cleanup_association_attempt(self, TRUE);
107++ nm_device_state_changed(device,
108++ NM_DEVICE_STATE_NEED_AUTH,
109++ NM_DEVICE_STATE_REASON_SUPPLICANT_DISCONNECT);
110++ wifi_secrets_get_secrets(self,
111++ setting_name,
112++ NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION
113++ | NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW);
114++}
115++
116++static void
117++supplicant_iface_notify_wpa_sae_mismatch_cb(NMSupplicantInterface *iface, NMDeviceWifi *self)
118++{
119++ NMDevice *device = NM_DEVICE(self);
120++ NMActRequest *req;
121++ const char *setting_name = NM_SETTING_WIRELESS_SECURITY_SETTING_NAME;
122++
123++ if (nm_device_get_state(device) != NM_DEVICE_STATE_CONFIG)
124++ return;
125++
126++ _LOGI(LOGD_DEVICE | LOGD_WIFI,
127++ "Activation: (wifi) SAE password mismatch reported by supplicant, asking for new key");
128++
129++ req = nm_device_get_act_request(NM_DEVICE(self));
130++ g_return_if_fail(req != NULL);
131++
132++ nm_act_request_clear_secrets(req);
133++
134++ cleanup_association_attempt(self, TRUE);
135++ nm_device_state_changed(device,
136++ NM_DEVICE_STATE_NEED_AUTH,
137++ NM_DEVICE_STATE_REASON_SUPPLICANT_DISCONNECT);
138++ wifi_secrets_get_secrets(self,
139++ setting_name,
140++ NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION
141++ | NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW);
142++}
143++
144+ /*
145+ * supplicant_connection_timeout_cb
146+ *
147+diff --git a/src/core/supplicant/nm-supplicant-interface.c b/src/core/supplicant/nm-supplicant-interface.c
148+index eb7a40a..992dc91 100644
149+--- a/src/core/supplicant/nm-supplicant-interface.c
150++++ b/src/core/supplicant/nm-supplicant-interface.c
151+@@ -65,6 +65,8 @@ enum {
152+ WPS_CREDENTIALS, /* WPS credentials received */
153+ GROUP_STARTED, /* a new Group (interface) was created */
154+ GROUP_FINISHED, /* a Group (interface) has been finished */
155++ PSK_MISMATCH, /* supplicant reported incorrect PSK */
156++ SAE_MISMATCH, /* supplicant reported incorrect SAE Password */
157+ LAST_SIGNAL
158+ };
159+
160+@@ -3105,6 +3107,15 @@ _signal_handle(NMSupplicantInterface *self,
161+ return;
162+ }
163+
164++ if (nm_streq(signal_name, "PskMismatch")) {
165++ g_signal_emit(self, signals[PSK_MISMATCH], 0);
166++ return;
167++ }
168++
169++ if (nm_streq(signal_name, "SaePasswordMismatch")) {
170++ g_signal_emit(self, signals[SAE_MISMATCH], 0);
171++ return;
172++ }
173+ return;
174+ }
175+
176+@@ -3737,4 +3748,23 @@ nm_supplicant_interface_class_init(NMSupplicantInterfaceClass *klass)
177+ G_TYPE_NONE,
178+ 1,
179+ G_TYPE_STRING);
180++
181++ signals[PSK_MISMATCH] = g_signal_new(NM_SUPPLICANT_INTERFACE_PSK_MISMATCH,
182++ G_OBJECT_CLASS_TYPE(object_class),
183++ G_SIGNAL_RUN_LAST,
184++ 0,
185++ NULL,
186++ NULL,
187++ NULL,
188++ G_TYPE_NONE,
189++ 0);
190++ signals[SAE_MISMATCH] = g_signal_new(NM_SUPPLICANT_INTERFACE_SAE_MISMATCH,
191++ G_OBJECT_CLASS_TYPE(object_class),
192++ G_SIGNAL_RUN_LAST,
193++ 0,
194++ NULL,
195++ NULL,
196++ NULL,
197++ G_TYPE_NONE,
198++ 0);
199+ }
200+diff --git a/src/core/supplicant/nm-supplicant-interface.h b/src/core/supplicant/nm-supplicant-interface.h
201+index b8d9b01..e77f5a4 100644
202+--- a/src/core/supplicant/nm-supplicant-interface.h
203++++ b/src/core/supplicant/nm-supplicant-interface.h
204+@@ -86,6 +86,8 @@ typedef enum {
205+ #define NM_SUPPLICANT_INTERFACE_WPS_CREDENTIALS "wps-credentials"
206+ #define NM_SUPPLICANT_INTERFACE_GROUP_STARTED "group-started"
207+ #define NM_SUPPLICANT_INTERFACE_GROUP_FINISHED "group-finished"
208++#define NM_SUPPLICANT_INTERFACE_PSK_MISMATCH "wpa-psk-mismatch"
209++#define NM_SUPPLICANT_INTERFACE_SAE_MISMATCH "wpa-sae-password-mismatch"
210+
211+ typedef struct _NMSupplicantInterfaceClass NMSupplicantInterfaceClass;
212+
213diff --git a/debian/patches/series b/debian/patches/series
214index 1f623bd..6f8de85 100644
215--- a/debian/patches/series
216+++ b/debian/patches/series
217@@ -11,3 +11,4 @@ wifi-fix-the-ranges-of-5-GHz-and-6-GHz-bands.patch
218 wifi-fix-enumeration-of-6-GHz-channels-from-wiphy.patch
219 lp2116940-wifi-fix-6ghz-channels.patch
220 lp2127925-fix-autoreconnect-blocker.patch
221+core-add-handlers-for-SaePasswordMismatch-signal.patch

Subscribers

People subscribed via source and target branches