dbus: Add SaePasswordMismatch signal on AP indication of failed SAE auth

author Mitchell Augustin <mitchell.augustin@canonical.com>

Fri, 3 Oct 2025 17:57:58 +0000 (12:57 -0500)

committer Jouni Malinen <j@w1.fi>

Tue, 2 Dec 2025 13:14:12 +0000 (15:14 +0200)
author Mitchell Augustin <mitchell.augustin@canonical.com>
Fri, 3 Oct 2025 17:57:58 +0000 (12:57 -0500)
committer Jouni Malinen <j@w1.fi>
Tue, 2 Dec 2025 13:14:12 +0000 (15:14 +0200)
diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c

index 6ae6fa74ffb51579a633291d532e7ec126033c05..2989002e4a3fc3f8b2da3d4f17e978c66c970f1f 100644 (file)
--- a/wpa_supplicant/dbus/dbus_new.c
+++ b/wpa_supplicant/dbus/dbus_new.c
@@ -1159,6 +1159,29 @@ void wpas_dbus_signal_psk_mismatch(struct wpa_supplicant *wpa_s)
  }
  
  
+void wpas_dbus_signal_sae_password_mismatch(struct wpa_supplicant *wpa_s)
+{
+       struct wpas_dbus_priv *iface;
+       DBusMessage *msg;
+
+       iface = wpa_s->global->dbus;
+
+       /* Do nothing if the control interface is not turned on */
+       if (!iface || !wpa_s->dbus_new_path)
+               return;
+
+       msg = dbus_message_new_signal(wpa_s->dbus_new_path,
+                                     WPAS_DBUS_NEW_IFACE_INTERFACE,
+                                     "SaePasswordMismatch");
+       if (!msg)
+               return;
+
+       dbus_connection_send(iface->con, msg, NULL);
+
+       dbus_message_unref(msg);
+}
+
+
  /**
   * wpas_dbus_signal_sta - Send a station related event signal
   * @wpa_s: %wpa_supplicant network interface data
diff --git a/wpa_supplicant/dbus/dbus_new.h b/wpa_supplicant/dbus/dbus_new.h

index d648435688d3efc808d8de86141e1eca729479be..92b0c70b4e537ba9f63b1c9ef0eb1936e993d7d3 100644 (file)
--- a/wpa_supplicant/dbus/dbus_new.h
+++ b/wpa_supplicant/dbus/dbus_new.h
@@ -258,6 +258,7 @@ void wpas_dbus_signal_preq(struct wpa_supplicant *wpa_s,
  void wpas_dbus_signal_eap_status(struct wpa_supplicant *wpa_s,
                                  const char *status, const char *parameter);
  void wpas_dbus_signal_psk_mismatch(struct wpa_supplicant *wpa_s);
+void wpas_dbus_signal_sae_password_mismatch(struct wpa_supplicant *wpa_s);
  void wpas_dbus_signal_sta_authorized(struct wpa_supplicant *wpa_s,
                                      const u8 *sta);
  void wpas_dbus_signal_sta_deauthorized(struct wpa_supplicant *wpa_s,
@@ -624,6 +625,11 @@ static inline void wpas_dbus_signal_psk_mismatch(struct wpa_supplicant *wpa_s)
  {
  }
  
+static inline void
+wpas_dbus_signal_sae_password_mismatch(struct wpa_supplicant *wpa_s)
+{
+}
+
  static inline
  void wpas_dbus_signal_sta_authorized(struct wpa_supplicant *wpa_s,
                                      const u8 *sta)
diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c

index 1d8d6bf4e5cedd0bfca19ad916bd8d6c5d899141..c79f0fca5b0c33c923108cf72cbbe36c7f821b7d 100644 (file)
--- a/wpa_supplicant/notify.c
+++ b/wpa_supplicant/notify.c
@@ -943,6 +943,12 @@ void wpas_notify_psk_mismatch(struct wpa_supplicant *wpa_s)
  }
  
  
+void wpas_notify_sae_password_mismatch(struct wpa_supplicant *wpa_s)
+{
+       wpas_dbus_signal_sae_password_mismatch(wpa_s);
+}
+
+
  void wpas_notify_network_bssid_set_changed(struct wpa_supplicant *wpa_s,
                                            struct wpa_ssid *ssid)
  {
diff --git a/wpa_supplicant/notify.h b/wpa_supplicant/notify.h

index b3c204e4f75f38fae06be719664752d32154ad48..79d7abd564a29d36c4384de752cb5923922f30b3 100644 (file)
--- a/wpa_supplicant/notify.h
+++ b/wpa_supplicant/notify.h
@@ -149,6 +149,7 @@ void wpas_notify_eap_status(struct wpa_supplicant *wpa_s, const char *status,
                             const char *parameter);
  void wpas_notify_eap_error(struct wpa_supplicant *wpa_s, int error_code);
  void wpas_notify_psk_mismatch(struct wpa_supplicant *wpa_s);
+void wpas_notify_sae_password_mismatch(struct wpa_supplicant *wpa_s);
  void wpas_notify_network_bssid_set_changed(struct wpa_supplicant *wpa_s,
                                            struct wpa_ssid *ssid);
  void wpas_notify_network_type_changed(struct wpa_supplicant *wpa_s,
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c

index f9f5fd4a5bb6a71081a08682fdcee3e34940718d..51dc3b386317eaac565ead0504036cb252b382ad 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -2090,6 +2090,10 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
                                    data->auth.ies_len, 0, data->auth.peer,
                                    &ie_offset);
                 if (res < 0) {
+                       if (data->auth.auth_transaction == 2 &&
+                           data->auth.status_code ==
+                           WLAN_STATUS_CHALLENGE_FAIL)
+                               wpas_notify_sae_password_mismatch(wpa_s);
                         wpas_connection_failed(wpa_s, wpa_s->pending_bssid,
                                                NULL);
                         wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
author	Mitchell Augustin <mitchell.augustin@canonical.com>
	Fri, 3 Oct 2025 17:57:58 +0000 (12:57 -0500)
committer	Jouni Malinen <j@w1.fi>
	Tue, 2 Dec 2025 13:14:12 +0000 (15:14 +0200)
wpa_supplicant/dbus/dbus_new.c		patch \| blob \| blame \| history
wpa_supplicant/dbus/dbus_new.h		patch \| blob \| blame \| history
wpa_supplicant/notify.c		patch \| blob \| blame \| history
wpa_supplicant/notify.h		patch \| blob \| blame \| history
wpa_supplicant/sme.c		patch \| blob \| blame \| history