aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2016-05-05 18:07:03 (GMT)
committerJouni Malinen <j@w1.fi>2016-05-05 18:09:08 (GMT)
commit22950049e40696ea1d578be54c217942be285b63 (patch)
tree67bc86c3faf40a608ac65636dbbdd7d856b40d06 /wpa_supplicant
parent2dc754e170edf305c17d6264dbcc428ac4afdbc3 (diff)
downloadhostap-22950049e40696ea1d578be54c217942be285b63.zip
hostap-22950049e40696ea1d578be54c217942be285b63.tar.gz
hostap-22950049e40696ea1d578be54c217942be285b63.tar.bz2
Ignore pmf=1/2 parameter for non-RSN networks
PMF is available only with RSN and pmf=2 could have prevented open network connections. Change the global wpa_supplicant pmf parameter to be interpreted as applying only to RSN cases to allow it to be used with open networks. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'wpa_supplicant')
-rw-r--r--wpa_supplicant/config.h3
-rw-r--r--wpa_supplicant/wpa_supplicant.c13
-rw-r--r--wpa_supplicant/wpa_supplicant.conf10
3 files changed, 21 insertions, 5 deletions
diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h
index 9a13f5f..786b85a 100644
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@@ -1039,7 +1039,8 @@ struct wpa_config {
*
* By default, PMF is disabled unless enabled by the per-network
* ieee80211w=1 or ieee80211w=2 parameter. pmf=1/2 can be used to change
- * this default behavior.
+ * this default behavior for RSN network (this is not applicable for
+ * non-RSN cases).
*/
enum mfp_options pmf;
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index bf6dfff..aa785bd 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -5825,6 +5825,19 @@ int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
return NO_MGMT_FRAME_PROTECTION;
}
+ if (ssid &&
+ (ssid->key_mgmt &
+ ~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
+ WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
+ /*
+ * Do not use the default PMF value for non-RSN networks
+ * since PMF is available only with RSN and pmf=2
+ * configuration would otherwise prevent connections to
+ * all open networks.
+ */
+ return NO_MGMT_FRAME_PROTECTION;
+ }
+
return wpa_s->conf->pmf;
}
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index a385694..45bf518 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -360,10 +360,12 @@ fast_reauth=1
# Protected Management Frames default
# This parameter can be used to set the default behavior for the ieee80211w
-# parameter. By default, PMF is disabled unless enabled with the global pmf=1/2
-# parameter or with the per-network ieee80211w=1/2 parameter. With pmf=1/2, PMF
-# is enabled/required by default, but can be disabled with the per-network
-# ieee80211w parameter.
+# parameter for RSN networks. By default, PMF is disabled unless enabled with
+# the global pmf=1/2 parameter or with the per-network ieee80211w=1/2 parameter.
+# With pmf=1/2, PMF is enabled/required by default, but can be disabled with the
+# per-network ieee80211w parameter. This global default value does not apply
+# for non-RSN networks (key_mgmt=NONE) since PMF is available only when using
+# RSN.
#pmf=0
# Enabled SAE finite cyclic groups in preference order