Keyfile parser will not generate the correct configuration for unsupported EAP methods
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
netplan.io (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Mantic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
When a Network Manager connection that uses EAP for authentication is created, libnetplan's keyfile parser
(the code that loads Network Manager's keyfile into Netplan state), will end up generating a broken
configuration when the EAP method is not supported. Unsupported EAP methods will be handled as if EAP were not
used by the connection. When libnetplan emits the final keyfile, the [802-1x] section (where the EAP configuration
is supposed to be added) will be missing and Network Manager will error out.
This SRU includes a patch that implements support for two additional EAP methods so
the connection will be properly generated when they are used.
This SRU is important for Ubuntu Mantic due to the new integration between Network Manager and libnetplan.
Users that hit the conditions aforementioned are experiencing crashes in the Network Manager daemon.
[ Test Plan ]
How to reproduce the issues.
1) Launch a Mantic desktop instance on LXD (or any Mantic desktop installation)
$ lxc launch images:
2) Open the "Advanced Network Configuration" application
3) Add a new connection of type "Wifi"
4) In the Wi-Fi tab, set an SSID and a fake Device
5) In the Wi-Fi Security tab
a) Set Security to WPA/WPA3 Enterprise
b) Set Authentication to LEAP
c) Set random Identity and Password values and click on Save
6) You will get an error message and will find the errors below in the Network Manager's journal:
Oct 20 10:52:45 mantic-desktop NetworkManager[
Oct 20 10:52:45 mantic-desktop NetworkManager[
Oct 20 10:52:45 mantic-desktop NetworkManager[
Oct 20 10:52:45 mantic-desktop NetworkManager[
Oct 20 10:52:45 mantic-desktop systemd[1]: NetworkManager.
Oct 20 10:52:45 mantic-desktop systemd[1]: NetworkManager.
Testing the fixes
1) Add the PPA repository with the updated package and upgrade netplan
$ sudo add-apt-repository ppa:danilogondo
$ sudo apt update && sudo apt upgrade -y
3) Restart Network Manager
$ sudo systemctl restart NetworkManager
4) Run the test described above again and check they will not cause any crashes
[ Where problems could occur ]
As we are only adding two new EAP methods to the methods list we are not expecting any regressions caused
by these changes. There are no intended changes in behavior introduced by these changes.
All the autopkgtests from netplan.io and network-manager are still passing with this patch.
[ Other Info ]
There are still some (less common we believe) situations that can lead to crashes. They involve the use
of both PSK and EAP identity keys simultaneously. This is a small design issue in Netplan where it was
assumed that both keys wouldn't be used at the same time. The attempts to address this issue for this SRU
resulted in small changes in behavior so we decided to not include it. We are planning to add this fix as part
of netplan.io 0.107.1 early when the new ubuntu-devel is available. More details about this issue can
be found here https:/
--- Original description ---
This is causing problems with Netplan everywhere as it ends up generating invalid Network Manager configuration (that will not be accepted by it) and lead to a failure.
This problem is partially addresses by this patch https:/
A more complete solution is being worked here https:/
This problem is related to this LP bug https:/
Related branches
- Lukas Märdian: Approve
- Ubuntu Core Development Team: Pending requested
-
Diff: 544 lines (+506/-1)5 files modifieddebian/changelog (+14/-0)
debian/control (+2/-1)
debian/patches/lp2039821/0008-wireguard-ignore-empty-endpoints.patch (+117/-0)
debian/patches/lp2039825/0009-auth-add-support-for-LEAP-and-EAP-PWD.patch (+371/-0)
debian/patches/series (+2/-0)
description: | updated |
description: | updated |
tags: |
added: verification-done-mantic removed: verification-needed-mantic |
I staged the changes for Noble /git.launchpad. net/~ubuntu- core-dev/ netplan/ +git/ubuntu/ log/?h= ubuntu- noble
- https:/
And sponsored the SRU into Mantic: /launchpad. net/ubuntu/ mantic/ +queue? queue_state= 1&queue_ text=netplan /git.launchpad. net/~ubuntu- core-dev/ netplan/ +git/ubuntu/ log/?h= ubuntu- mantic
- https:/
- https:/