[FFe] Enable RSN (WPA2) encryption support for IBSS (ad-hoc)

Bug #1046918 reported by Mathieu Trudel-Lapierre on 2012-09-06
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Medium
Mathieu Trudel-Lapierre
network-manager-applet (Ubuntu)
Medium
Mathieu Trudel-Lapierre
networkmanagement (Ubuntu)
Medium
Mathieu Trudel-Lapierre
wpa (Ubuntu)
Medium
Mathieu Trudel-Lapierre

Bug Description

In Precise; WPA/WPA2 was disabled for ad-hoc networks because a bug in the kernel breaks WPA-None support (and actually creates networks unsecured rather than encrypted with WPA).

We now have support for actual IBSS-RSN (WPA2 security on ad-hoc) in wpasupplicant and it can be enabled in wpasupplicant, network-manager, nm-applet...

We should make use of this feature to offer our users a way to create properly secured IBSS networks rather than relying on WEP or using unsecured networks.

It will require modifications in three packages:

 - network-manager: drop the patch that disables WPA-None (if any) and add the necessary backend bits for using IBSS-RSN.
 - network-manager-applet: drop the patch that disables WPA-None (if any) and add the necessary frontend bits to not disable WPA/WPA2; and use IBSS-RSN when WPA/WPA2 is selected for ad-hoc networks.
 - wpa: build with CONFIG_IBSS_RSN=y so that IBSS-RSN support gets enabled.

*** While this involves some form of UI changes there is no UIFe request because there are no string changes; the option for WPA/WPA2 has been available since about Maverick, and the change only involves making it sensitive (clickable) again.

Testing was done between two systems; the created network appears secured from both systems and on an external device (used Android phone to detect the network from outside the tested systems; using Wifi-Radar). I've been running the test packages for 6 days; testing was done following the plan at http://wiki.ubuntu.com/NetworkManager/DistroTesting.

Availability of IBSS-RSN can still be dependent on hardware support; in the cases where hardware doesn't support IBSS-RSN; the option will remain disabled in UI.

Changed in network-manager (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
Changed in network-manager-applet (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
Changed in wpa (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
summary: - [FFe] Enable WPA2 for IBSS (ad-hoc)
+ [FFe] Enable RSN (WPA2) encryption support for IBSS (ad-hoc)

Since this affects the NM applet, does it also affect the KDE NM widget?

Scott; the KDE NM applet was AFAIK never set to disable the WPA/WPA2 option. I think it will still try to create ad-hoc networks as WPA-None. But that would be a separate bug, I think.

I'm going to need to do some additional testing with the plasma applet. Looks unaffected by this (aside from the fact that using wpa-psk would now work for adhoc), meaning that using WPA-None was never disabled in the UI and will remain available; but it deserves a bit more testing just to be safe.

So there's a small patch needed to networkmanagement to get it to use rsn/psk/ccmp for the protocol, pairwise and ciphers so that it creates the adhoc networks properly too.

Changed in networkmanagement (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)

Diff for networkmanagement.

Scott Kitterman (kitterman) wrote :

Ack. Approved.

Changed in networkmanagement (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Changed in network-manager (Ubuntu):
status: New → Triaged
Changed in network-manager-applet (Ubuntu):
status: New → Triaged
Changed in wpa (Ubuntu):
status: New → Triaged
Changed in network-manager (Ubuntu):
importance: Undecided → Medium
Changed in network-manager-applet (Ubuntu):
importance: Undecided → Medium
Changed in wpa (Ubuntu):
importance: Undecided → Medium
Changed in networkmanagement (Ubuntu):
milestone: none → ubuntu-12.10-beta-2
Changed in network-manager (Ubuntu):
milestone: none → ubuntu-12.10-beta-2
Changed in network-manager-applet (Ubuntu):
milestone: none → ubuntu-12.10-beta-2
Changed in wpa (Ubuntu):
milestone: none → ubuntu-12.10-beta-2
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wpa - 1.0-2ubuntu4

---------------
wpa (1.0-2ubuntu4) quantal; urgency=low

  * Enable CONFIG_IBSS_RSN, so that we can turn back on "secure" adhoc support
    in NetworkManager using IBSS RSN (WPA2). (LP: #1046918)
 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 07 Sep 2012 15:49:45 -0400

Changed in wpa (Ubuntu):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager - 0.9.6.0-0ubuntu6

---------------
network-manager (0.9.6.0-0ubuntu6) quantal; urgency=low

  * debian/patches/adhoc_use_wpa_rsn_part1.patch,
    debian/patches/adhoc_use_wpa_rsn_part2.patch: Re-enable WPA for Adhoc; but
    use WPA2/RSN for encryption rather than WPA-None, which is clearly broken.
    (LP: #1046918)
  * debian/tests/nm: drop the test testNMConnected; in a build environment it
    tends to be racy; sometimes NM isn't quite ready to transition to the
    CONNECTING or CONNECTED states, we don't want to hold things up because of
    it. (LP: #1047224)
  * debian/tests/dnsmasq: update the test to correctly point to the new DBus
    address for NetworkManager's dnsmasq instance. (LP: #1047221)
 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 07 Sep 2012 15:48:24 -0400

Changed in network-manager (Ubuntu):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package networkmanagement - 0.9.0.4-0ubuntu2

---------------
networkmanagement (0.9.0.4-0ubuntu2) quantal; urgency=low

  * debian/patches/use_ibss_rsn_instead_of_wpa-none.patch: Use IBSS-RSN rather
    than WPA-None when creating ad-hoc networks; WPA-None is broken in the
    kernel anyway. (LP: #1046918)
 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 07 Sep 2012 16:10:28 -0400

Changed in networkmanagement (Ubuntu):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager-applet - 0.9.6.2-0ubuntu3

---------------
network-manager-applet (0.9.6.2-0ubuntu3) quantal; urgency=low

  * debian/patches/applet_adhoc_use_wpa_rsn_part1.patch: enable the use of
    WPA2/RSN for adhoc again, instead of WPA-None; to provide a way to get a
    "good" encryption method available for adhoc networks. (LP: #1046918)
 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 07 Sep 2012 16:06:37 -0400

Changed in network-manager-applet (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers