Ubuntu
netplan.io package

Keyfile parser will not generate the correct configuration for unsupported EAP methods

Bug #2039825 reported by Danilo Egea Gondolfo on 2023-10-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	netplan.io (Ubuntu)	Fix Released	Undecided	Unassigned
	Mantic	Fix Released	Undecided	Unassigned

Bug Description

[ Impact ]

When a Network Manager connection that uses EAP for authentication is created, libnetplan's keyfile parser
(the code that loads Network Manager's keyfile into Netplan state), will end up generating a broken
configuration when the EAP method is not supported. Unsupported EAP methods will be handled as if EAP were not
used by the connection. When libnetplan emits the final keyfile, the [802-1x] section (where the EAP configuration
is supposed to be added) will be missing and Network Manager will error out.

This SRU includes a patch that implements support for two additional EAP methods so
the connection will be properly generated when they are used.

This SRU is important for Ubuntu Mantic due to the new integration between Network Manager and libnetplan.
Users that hit the conditions aforementioned are experiencing crashes in the Network Manager daemon.

[ Test Plan ]

How to reproduce the issues.

1) Launch a Mantic desktop instance on LXD (or any Mantic desktop installation)

$ lxc launch images:ubuntu/mantic/desktop mantic-desktop --vm -c limits.memory=2GiB --console=vga

2) Open the "Advanced Network Configuration" application

3) Add a new connection of type "Wifi"

4) In the Wi-Fi tab, set an SSID and a fake Device

5) In the Wi-Fi Security tab
  a) Set Security to WPA/WPA3 Enterprise
  b) Set Authentication to LEAP
  c) Set random Identity and Password values and click on Save

6) You will get an error message and will find the errors below in the Network Manager's journal:

Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: <error> [1697799165.1861] BUG: the profile cannot be stored in keyfile format without becoming unusable: invalid connection: 802-1x: 'wpa-eap' security requires '802-1x' setting presence
Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: **
Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: Bail out! nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
Oct 20 10:52:45 mantic-desktop systemd[1]: NetworkManager.service: Main process exited, code=dumped, status=6/ABRT
Oct 20 10:52:45 mantic-desktop systemd[1]: NetworkManager.service: Failed with result 'core-dump'.

Testing the fixes

1) Add the PPA repository with the updated package and upgrade netplan

$ sudo add-apt-repository ppa:danilogondolfo/netplan-sru
$ sudo apt update && sudo apt upgrade -y

3) Restart Network Manager

$ sudo systemctl restart NetworkManager

4) Run the test described above again and check they will not cause any crashes

[ Where problems could occur ]

As we are only adding two new EAP methods to the methods list we are not expecting any regressions caused
by these changes. There are no intended changes in behavior introduced by these changes.

All the autopkgtests from netplan.io and network-manager are still passing with this patch.

[ Other Info ]

There are still some (less common we believe) situations that can lead to crashes. They involve the use
of both PSK and EAP identity keys simultaneously. This is a small design issue in Netplan where it was
assumed that both keys wouldn't be used at the same time. The attempts to address this issue for this SRU
resulted in small changes in behavior so we decided to not include it. We are planning to add this fix as part
of netplan.io 0.107.1 early when the new ubuntu-devel is available. More details about this issue can
be found here https://github.com/canonical/netplan/pull/416

--- Original description ---

This is causing problems with Netplan everywhere as it ends up generating invalid Network Manager configuration (that will not be accepted by it) and lead to a failure.

This problem is partially addresses by this patch https://github.com/canonical/netplan/pull/415

A more complete solution is being worked here https://github.com/canonical/netplan/pull/416. As it might cause changes in behavior and/or libnetplan ABI breakages, we are working on it separately.

This problem is related to this LP bug https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2038811

See original description

Tags:

Related branches

~danilogondolfo/netplan:lp2038811_1

Merged into ~ubuntu-core-dev/netplan/+git/ubuntu:ubuntu-mantic at revision d62b1fc301f4bb9c3a246112fbc27f03a5c99cc3

Lukas Märdian: Approve on 2023-10-26

Ubuntu Core Development Team: Pending requested 2023-10-19

Danilo Egea Gondolfo (danilogondolfo) on 2023-10-23

description:

updated

Danilo Egea Gondolfo (danilogondolfo) on 2023-10-26

description:

updated

Revision history for this message

Lukas Märdian (slyon) wrote on 2023-10-26:

I staged the changes for Noble
- https://git.launchpad.net/~ubuntu-core-dev/netplan/+git/ubuntu/log/?h=ubuntu-noble

And sponsored the SRU into Mantic:
- https://launchpad.net/ubuntu/mantic/+queue?queue_state=1&queue_text=netplan
- https://git.launchpad.net/~ubuntu-core-dev/netplan/+git/ubuntu/log/?h=ubuntu-mantic

Changed in netplan.io (Ubuntu):
status:	New → In Progress
Changed in netplan.io (Ubuntu Mantic):
status:	New → In Progress

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-31:

This bug was fixed in the package netplan.io - 0.107-5ubuntu1

---------------
netplan.io (0.107-5ubuntu1) noble; urgency=medium

  * d/p/lp2039821/0008-wireguard-ignore-empty-endpoints.patch (LP: #2039821)
    Network Manager GUIs might emit a Wireguard endpoint as an empty string
    when it's omitted. Netplan is rejecting the generated YAML. With this
    patch Netplan will just ignore empty endpoints.
  * d/p/lp2039825/0009-auth-add-support-for-LEAP-and-EAP-PWD.patch
    Netplan's keyfile parser will generate incorrect configuration when
    unsupported EAP method are used. It ends up generating invalid Network
    Manager configuration. This patch implements support for LEAP and PWD
    methods. (LP: #2039825)

-- Danilo Egea Gondolfo <email address hidden> Thu, 26 Oct 2023 11:21:56 +0100

Changed in netplan.io (Ubuntu):
status:	In Progress → Fix Released

Revision history for this message

Steve Langasek (vorlon) wrote on 2023-11-05: Please test proposed package

Hello Danilo, or anyone else affected,

Accepted netplan.io into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/netplan.io/0.107-5ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-mantic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in netplan.io (Ubuntu Mantic):
status:	In Progress → Fix Committed
tags:	added: verification-needed verification-needed-mantic

Revision history for this message

Danilo Egea Gondolfo (danilogondolfo) wrote on 2023-11-08:

I can confirm the test cases below are now working on netplan.io 0.107-5ubuntu0.1 on Mantic.

nmcli con add type wifi ifname wlan0 ssid asdasd wifi-sec.key-mgmt ieee8021x 802-1x.eap leap 802-1x.identity username 802-1x.password aaaaaaaa

nmcli con add type wifi ifname wlan0 ssid asdasd wifi-sec.key-mgmt wpa-eap 802-1x.eap leap 802-1x.identity username 802-1x.password aaaaaaaa

Previously these cases were failing as described here https://github.com/canonical/netplan/pull/415

The new netplan.io package in -proposed is passing all the autopkgtests https://autopkgtest.ubuntu.com/packages/netplan.io

Danilo Egea Gondolfo (danilogondolfo) on 2023-11-14

tags:

added: verification-done-mantic
removed: verification-needed-mantic

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-11-20:

This bug was fixed in the package netplan.io - 0.107-5ubuntu0.1

---------------
netplan.io (0.107-5ubuntu0.1) mantic; urgency=medium

-- Danilo Egea Gondolfo <email address hidden> Thu, 19 Oct 2023 15:14:56 +0100

Changed in netplan.io (Ubuntu Mantic):
status:	Fix Committed → Fix Released

Revision history for this message

Łukasz Zemczak (sil2100) wrote on 2023-11-20: Update Released

The verification of the Stable Release Update for netplan.io has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntunetplan.io package

Keyfile parser will not generate the correct configuration for unsupported EAP methods

Bug Description

Related branches

Other bug subscribers

Remote bug watches

Ubuntu
netplan.io package