On Fri, 2019-09-13 at 09:47 +0200, Alfonso Sanchez-Beato via networkmanager-list wrote: > Hi,
Hi, > We have found a problem by which a buggy access point rejects a valid > passphrase in the 4-Way Handshake phase. This happens just after the > AP has rebooted - a few seconds later the AP accepts the passphrase > again. > > The problem is that NetworkManager drops the passphrase after the > failure to connect ( see > https://github.com/NetworkManager/NetworkManager/blob/master/src/devices/wifi/nm-device-wifi.c#L1969 > ), and then it tries to call an agent to get another passphrase. In > this set-up, we do not have that agent, and then the connection stays > there and there are no more connection retries. > > It does not look like NM has currently a way to force retries in this > case, although I would be happy to be proven wrong. What you describe is a problem, with nasty effects. - the user gets repeatedly prompt for a password, although the password is right. - if no agent is available, the connection gets blocked from autoconnect. That's especially problematic, if the user is not available to manually re-trigger an authentication. > So, I have thought of some possible ways to solve this and would > appreciate your feedback on what would be the best approach and what > would be acceptable to be merged: > > 1. Do some retries before calling the agent Does that solve the problem? Also, I don't think this should be done by default, because the user might get blocked. Also, doing this unconditionally, adds quite a delay in the common case where the password is indeed wrong. > 2. Do not drop the secret if there is no agent registered Not "dropping" the secret does not seem to be a solution. It's merely part of a possible solution. > 3. Have a new property for the connection that forbids dropping > secrets While it's ugly to do this, I think it's the only solution. We could add a connection property to the connection profile that says "assume- the-secret-is-correct-for-n-times". The current behavior is like "1". "0" means forever (with some ratelimiting). best, Thomas
signature.asc
Description: This is a digitally signed message part
_______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
