[PATCH] wpa_supplicant: Add SaePasswordMismatch dbus signal
Mitchell Augustin
mitchell.augustin at canonical.com
Fri Nov 14 10:08:34 PST 2025
Hi, would it be possible to get a review on this patch (to allow the
proper signal to be sent when a wpa3 password is incorrect)?
(https://lists.infradead.org/pipermail/hostap/2025-October/043819.html)
I think it is fully in line with Jouni's suggestion in
https://lists.infradead.org/pipermail/hostap/2025-October/043817.html,
but let me know if you see anything that needs changing.
Thanks,
Mitchell Augustin
On Thu, Oct 16, 2025 at 1:04 PM Mitchell Augustin
<mitchell.augustin at canonical.com> wrote:
>
> Hi Jouni,
>
> What do you think about this patch that I submitted to the mailing list a couple weeks ago (regarding the wpa3 password mismatch signal)? I believe it is fully aligned with your preferred approach now, but let me know if you think it needs changes.
>
> Thanks,
> -Mitchell Augustin
>
> ---------- Forwarded message ---------
> From: Mitchell Augustin <mitchell.augustin at canonical.com>
> Date: Fri, Oct 3, 2025 at 12:57 PM
> Subject: [PATCH] wpa_supplicant: Add SaePasswordMismatch dbus signal
> To: <hostap at lists.infradead.org>
>
>
> Per the IEEE 802.11 standard, status code 15 (WLAN_STATUS_CHALLENGE_FAIL),
> when returned during an authentication frame of an SAE connection, is
> indicative of a password mismatch.
>
> Add a new dbus signal "SaePasswordMismatch" and emit it when a password
> mismatch is detected as defined by that scenario.
>
> Discussion: https://lists.infradead.org/pipermail/hostap/2025-October/043817.html
>
> Signed-off-by: Mitchell Augustin <mitchell.augustin at canonical.com>
> ---
> wpa_supplicant/dbus/dbus_new.c | 23 +++++++++++++++++++++++
> wpa_supplicant/dbus/dbus_new.h | 5 +++++
> wpa_supplicant/notify.c | 4 ++++
> wpa_supplicant/notify.h | 1 +
> wpa_supplicant/sme.c | 3 +++
> 5 files changed, 36 insertions(+)
>
> diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
> index 2d623fe8d..007e4ce56 100644
> --- a/wpa_supplicant/dbus/dbus_new.c
> +++ b/wpa_supplicant/dbus/dbus_new.c
> @@ -1159,6 +1159,29 @@ void wpas_dbus_signal_psk_mismatch(struct wpa_supplicant *wpa_s)
> }
>
>
> +void wpas_dbus_signal_sae_password_mismatch(struct wpa_supplicant *wpa_s)
> +{
> + struct wpas_dbus_priv *iface;
> + DBusMessage *msg;
> +
> + iface = wpa_s->global->dbus;
> +
> + /* Do nothing if the control interface is not turned on */
> + if (!iface || !wpa_s->dbus_new_path)
> + return;
> +
> + msg = dbus_message_new_signal(wpa_s->dbus_new_path,
> + WPAS_DBUS_NEW_IFACE_INTERFACE,
> + "SaePasswordMismatch");
> + if (!msg)
> + return;
> +
> + dbus_connection_send(iface->con, msg, NULL);
> +
> + dbus_message_unref(msg);
> +}
> +
> +
> /**
> * wpas_dbus_signal_sta - Send a station related event signal
> * @wpa_s: %wpa_supplicant network interface data
> diff --git a/wpa_supplicant/dbus/dbus_new.h b/wpa_supplicant/dbus/dbus_new.h
> index d64843568..5e5a6f60e 100644
> --- a/wpa_supplicant/dbus/dbus_new.h
> +++ b/wpa_supplicant/dbus/dbus_new.h
> @@ -258,6 +258,7 @@ void wpas_dbus_signal_preq(struct wpa_supplicant *wpa_s,
> void wpas_dbus_signal_eap_status(struct wpa_supplicant *wpa_s,
> const char *status, const char *parameter);
> void wpas_dbus_signal_psk_mismatch(struct wpa_supplicant *wpa_s);
> +void wpas_dbus_signal_sae_password_mismatch(struct wpa_supplicant *wpa_s);
> void wpas_dbus_signal_sta_authorized(struct wpa_supplicant *wpa_s,
> const u8 *sta);
> void wpas_dbus_signal_sta_deauthorized(struct wpa_supplicant *wpa_s,
> @@ -624,6 +625,10 @@ static inline void wpas_dbus_signal_psk_mismatch(struct wpa_supplicant *wpa_s)
> {
> }
>
> +static inline void wpas_dbus_signal_sae_password_mismatch(struct wpa_supplicant *wpa_s)
> +{
> +}
> +
> static inline
> void wpas_dbus_signal_sta_authorized(struct wpa_supplicant *wpa_s,
> const u8 *sta)
> diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c
> index 0827e51de..dd8fd2af7 100644
> --- a/wpa_supplicant/notify.c
> +++ b/wpa_supplicant/notify.c
> @@ -942,6 +942,10 @@ void wpas_notify_psk_mismatch(struct wpa_supplicant *wpa_s)
> wpas_dbus_signal_psk_mismatch(wpa_s);
> }
>
> +void wpas_notify_sae_password_mismatch(struct wpa_supplicant *wpa_s)
> +{
> + wpas_dbus_signal_sae_password_mismatch(wpa_s);
> +}
>
> void wpas_notify_network_bssid_set_changed(struct wpa_supplicant *wpa_s,
> struct wpa_ssid *ssid)
> diff --git a/wpa_supplicant/notify.h b/wpa_supplicant/notify.h
> index 9e5047c81..a72cb1b08 100644
> --- a/wpa_supplicant/notify.h
> +++ b/wpa_supplicant/notify.h
> @@ -149,6 +149,7 @@ void wpas_notify_eap_status(struct wpa_supplicant *wpa_s, const char *status,
> const char *parameter);
> void wpas_notify_eap_error(struct wpa_supplicant *wpa_s, int error_code);
> void wpas_notify_psk_mismatch(struct wpa_supplicant *wpa_s);
> +void wpas_notify_sae_password_mismatch(struct wpa_supplicant *wpa_s);
> void wpas_notify_network_bssid_set_changed(struct wpa_supplicant *wpa_s,
> struct wpa_ssid *ssid);
> void wpas_notify_network_type_changed(struct wpa_supplicant *wpa_s,
> diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
> index 55dcf41ef..c0b2c317e 100644
> --- a/wpa_supplicant/sme.c
> +++ b/wpa_supplicant/sme.c
> @@ -2065,6 +2065,9 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
> data->auth.ies_len, 0, data->auth.peer,
> &ie_offset);
> if (res < 0) {
> + if (data->auth.auth_transaction == 2 && data->auth.status_code == WLAN_STATUS_CHALLENGE_FAIL) {
> + wpas_notify_sae_password_mismatch(wpa_s);
> + }
> wpas_connection_failed(wpa_s, wpa_s->pending_bssid,
> NULL);
> wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
> --
> 2.43.0
>
>
>
> --
> Mitchell Augustin
> Software Engineer - Ubuntu Partner Engineering
> Email:mitchell.augustin at canonical.com
> Location:United States of America (Central Time)
>
>
> canonical.com
> ubuntu.com
--
Mitchell Augustin
Software Engineer - Ubuntu Partner Engineering
Email:mitchell.augustin at canonical.com
Location:United States of America (Central Time)
canonical.com
ubuntu.com
More information about the Hostap
mailing list