get_network requests yield poor informatoin for preseeding networkconfig form

Jouni Malinen j
Thu Jan 24 19:19:26 PST 2008 

On Thu, Jan 24, 2008 at 12:27:52AM +1000, Kel Modderman wrote:

> When doing some work on wpa_gui, I noticed that when editing a network 
> configuration that uses no wep, pre-shared key or other means of 
> authentication, the network form preselects WEP Encryption in the combobox 
> (and other enabling of widgets).

> When investigating why, I see that NetworkConfig::paramsFromConfig() calls a 
> few GET_NETWORK requests for group, pairwise, key_mgmt and so on, but these 
> seem to be returning information that is not really true for the network in 
> question in most cases.

The GET_NETWORK values are by design.. The configuration file you used
here leaves out many options and that will make wpa_supplicant use
default values for them. wpa_gui does not know that you actually meant
to use a subset of the enabled options and guesses wrong on what to show
when more than one option is enabled. One part of the problem here is in
wpa_supplicant.conf supporting combinations that wpa_gui does not
support and the impossible task of somehow mapping an unsupported
combination into a single selection in the GUI..

The particular example of plaintext network showing up as if it were
using WEP is a bug in wpa_gui, though. encr is used somewhat confusing
in NetworkConfig::paramsFromConfig() and the default pairwise value
(TKIP CCMP) ends up setting encr to 1 even for non-WPA networks and that
is interpreted as WEP being used.. I fixed this so that network editing
for a plaintext network understand that this is not the case and leaves
the encryption option to None.

> I tried to edit a WPA-PSK2 config:
> 
> network={
>         ssid="wpanetwork"
>         psk="abcdefghijklmnop"
> }
> 
> And it preselects WPA2-EAP, disables PSK input field, until correct settings 
> are chosen from Authentication combobox.

Since key_mgmt was left out from the configuration, the default value
(WPA-PSK WPA-EAP) is used and wpa_gui tries to pick one of these.. It
ends up selecting the wrong one (WPA-EAP is preferred as a more secure
option). In this particular case, it would be possible to determine that
this is indeed for WPA-PSK since only PSK was configured, but that is
not as trivial in many other cases.. It is perfectly valid to configure
a network block that allows both WPA-EAP and WPA-PSK; wpa_gui just does
not know how to do this or how to handle a network that has been
configured in such way..

Unfortunately, I do not see an easy fix for this.. Everything should
work fine as long as the network configuration is created with wpa_gui
and not with manual editing of the configuration file. As a workaround
for manual editing option, specifying all parameters explicitly should
make the issue go away, too.

-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list