diff options
| author | Jouni Malinen <jouni@qca.qualcomm.com> | 2016-05-05 18:07:03 (GMT) |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2016-05-05 18:09:08 (GMT) |
| commit | 22950049e40696ea1d578be54c217942be285b63 (patch) | |
| tree | 67bc86c3faf40a608ac65636dbbdd7d856b40d06 | |
| parent | 2dc754e170edf305c17d6264dbcc428ac4afdbc3 (diff) | |
| download | hostap-22950049e40696ea1d578be54c217942be285b63.zip hostap-22950049e40696ea1d578be54c217942be285b63.tar.gz hostap-22950049e40696ea1d578be54c217942be285b63.tar.bz2 | |
Ignore pmf=1/2 parameter for non-RSN networks
PMF is available only with RSN and pmf=2 could have prevented open
network connections. Change the global wpa_supplicant pmf parameter to
be interpreted as applying only to RSN cases to allow it to be used with
open networks.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
| -rw-r--r-- | wpa_supplicant/config.h | 3 | ||||
| -rw-r--r-- | wpa_supplicant/wpa_supplicant.c | 13 | ||||
| -rw-r--r-- | wpa_supplicant/wpa_supplicant.conf | 10 |
3 files changed, 21 insertions, 5 deletions
diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h index 9a13f5f..786b85a 100644 --- a/wpa_supplicant/config.h +++ b/wpa_supplicant/config.h @@ -1039,7 +1039,8 @@ struct wpa_config { * * By default, PMF is disabled unless enabled by the per-network * ieee80211w=1 or ieee80211w=2 parameter. pmf=1/2 can be used to change - * this default behavior. + * this default behavior for RSN network (this is not applicable for + * non-RSN cases). */ enum mfp_options pmf; diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index bf6dfff..aa785bd 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -5825,6 +5825,19 @@ int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) return NO_MGMT_FRAME_PROTECTION; } + if (ssid && + (ssid->key_mgmt & + ~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS | + WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) { + /* + * Do not use the default PMF value for non-RSN networks + * since PMF is available only with RSN and pmf=2 + * configuration would otherwise prevent connections to + * all open networks. + */ + return NO_MGMT_FRAME_PROTECTION; + } + return wpa_s->conf->pmf; } diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf index a385694..45bf518 100644 --- a/wpa_supplicant/wpa_supplicant.conf +++ b/wpa_supplicant/wpa_supplicant.conf @@ -360,10 +360,12 @@ fast_reauth=1 # Protected Management Frames default # This parameter can be used to set the default behavior for the ieee80211w -# parameter. By default, PMF is disabled unless enabled with the global pmf=1/2 -# parameter or with the per-network ieee80211w=1/2 parameter. With pmf=1/2, PMF -# is enabled/required by default, but can be disabled with the per-network -# ieee80211w parameter. +# parameter for RSN networks. By default, PMF is disabled unless enabled with +# the global pmf=1/2 parameter or with the per-network ieee80211w=1/2 parameter. +# With pmf=1/2, PMF is enabled/required by default, but can be disabled with the +# per-network ieee80211w parameter. This global default value does not apply +# for non-RSN networks (key_mgmt=NONE) since PMF is available only when using +# RSN. #pmf=0 # Enabled SAE finite cyclic groups in preference order |