[PATCH] dbus: add a new property SAENeedAuth

Jouni Malinen j at w1.fi
Mon Dec 23 05:47:00 PST 2024 

On Mon, Dec 23, 2024 at 09:10:03PM +0800, xinpeng wang wrote:
> Add a new dbus property SAENeedAuth to notify the desktop that a
> password dialog needs to pop up for the user to enter the correct
> password

What does "SAENeedAuth" mean? That feels like a strange name for this.

> diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
> +dbus_bool_t wpas_dbus_getter_sae_need_auth(
> +	const struct wpa_dbus_property_desc *property_desc,
> +	DBusMessageIter *iter, DBusError *error, void *user_data)
> +{
> +	struct wpa_supplicant *wpa_s = user_data;
> +	dbus_bool_t sae_need_auth = wpa_s->sme.sae.sae_need_auth ? TRUE : FALSE;

This would break compilation without CONFIG_SME=y.

> diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
> @@ -1913,8 +1913,12 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
>  		if (sae_check_confirm(&wpa_s->sme.sae, data, len,
> -				      ie_offset) < 0)
> +				      ie_offset) < 0) {
> +			wpa_s->sme.sae.sae_need_auth = 1;
> +			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Notifying SAENeedAuth attribute changes");
> +			wpas_notify_sae_need_auth(wpa_s);
>  			return -1;
> +		}

This would not work for cases where the AP sends out its SAE Confirm
message only after having received a valid SAE Confirm from the STA.
Furthermore, this would have no impact for drivers that use
SME-in-driver design. In either of these cases, the new property would
confusingly show FALSE regardless of what happened with SAE
authentication.

sae_check_confirm() can fail for a number of reasons and only the actual
mismatch in the verifier value might be of reason to consider whether
the configured password would need to be changed. It should also be
noted that it could be a bad idea to automatically pop up a new dialog
to the user whenever this happens if that operation would end up
replacing the currently configured password since there is no
authentication of this information and it would be trivial for attackers
to force this to happen. In other words, the commit message should be
much more careful in implying that this should always result in user
dialog and a new password being entered.
 
-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list