Ignore pmf=1/2 parameter for non-RSN networks

PMF is available only with RSN and pmf=2 could have prevented open
network connections. Change the global wpa_supplicant pmf parameter to
be interpreted as applying only to RSN cases to allow it to be used with
open networks.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2016-05-05 21:07:03 +03:00 committed by Jouni Malinen
parent 2dc754e170
commit 22950049e4
3 changed files with 21 additions and 5 deletions

View file

@ -1039,7 +1039,8 @@ struct wpa_config {
* *
* By default, PMF is disabled unless enabled by the per-network * By default, PMF is disabled unless enabled by the per-network
* ieee80211w=1 or ieee80211w=2 parameter. pmf=1/2 can be used to change * ieee80211w=1 or ieee80211w=2 parameter. pmf=1/2 can be used to change
* this default behavior. * this default behavior for RSN network (this is not applicable for
* non-RSN cases).
*/ */
enum mfp_options pmf; enum mfp_options pmf;

View file

@ -5825,6 +5825,19 @@ int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
return NO_MGMT_FRAME_PROTECTION; return NO_MGMT_FRAME_PROTECTION;
} }
if (ssid &&
(ssid->key_mgmt &
~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
/*
* Do not use the default PMF value for non-RSN networks
* since PMF is available only with RSN and pmf=2
* configuration would otherwise prevent connections to
* all open networks.
*/
return NO_MGMT_FRAME_PROTECTION;
}
return wpa_s->conf->pmf; return wpa_s->conf->pmf;
} }

View file

@ -360,10 +360,12 @@ fast_reauth=1
# Protected Management Frames default # Protected Management Frames default
# This parameter can be used to set the default behavior for the ieee80211w # This parameter can be used to set the default behavior for the ieee80211w
# parameter. By default, PMF is disabled unless enabled with the global pmf=1/2 # parameter for RSN networks. By default, PMF is disabled unless enabled with
# parameter or with the per-network ieee80211w=1/2 parameter. With pmf=1/2, PMF # the global pmf=1/2 parameter or with the per-network ieee80211w=1/2 parameter.
# is enabled/required by default, but can be disabled with the per-network # With pmf=1/2, PMF is enabled/required by default, but can be disabled with the
# ieee80211w parameter. # per-network ieee80211w parameter. This global default value does not apply
# for non-RSN networks (key_mgmt=NONE) since PMF is available only when using
# RSN.
#pmf=0 #pmf=0
# Enabled SAE finite cyclic groups in preference order # Enabled SAE finite cyclic groups in preference order