Ignore pmf=1/2 parameter for non-RSN networks
PMF is available only with RSN and pmf=2 could have prevented open network connections. Change the global wpa_supplicant pmf parameter to be interpreted as applying only to RSN cases to allow it to be used with open networks. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
2dc754e170
commit
22950049e4
3 changed files with 21 additions and 5 deletions
|
@ -1039,7 +1039,8 @@ struct wpa_config {
|
||||||
*
|
*
|
||||||
* By default, PMF is disabled unless enabled by the per-network
|
* By default, PMF is disabled unless enabled by the per-network
|
||||||
* ieee80211w=1 or ieee80211w=2 parameter. pmf=1/2 can be used to change
|
* ieee80211w=1 or ieee80211w=2 parameter. pmf=1/2 can be used to change
|
||||||
* this default behavior.
|
* this default behavior for RSN network (this is not applicable for
|
||||||
|
* non-RSN cases).
|
||||||
*/
|
*/
|
||||||
enum mfp_options pmf;
|
enum mfp_options pmf;
|
||||||
|
|
||||||
|
|
|
@ -5825,6 +5825,19 @@ int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
|
||||||
return NO_MGMT_FRAME_PROTECTION;
|
return NO_MGMT_FRAME_PROTECTION;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ssid &&
|
||||||
|
(ssid->key_mgmt &
|
||||||
|
~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
|
||||||
|
WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
|
||||||
|
/*
|
||||||
|
* Do not use the default PMF value for non-RSN networks
|
||||||
|
* since PMF is available only with RSN and pmf=2
|
||||||
|
* configuration would otherwise prevent connections to
|
||||||
|
* all open networks.
|
||||||
|
*/
|
||||||
|
return NO_MGMT_FRAME_PROTECTION;
|
||||||
|
}
|
||||||
|
|
||||||
return wpa_s->conf->pmf;
|
return wpa_s->conf->pmf;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -360,10 +360,12 @@ fast_reauth=1
|
||||||
|
|
||||||
# Protected Management Frames default
|
# Protected Management Frames default
|
||||||
# This parameter can be used to set the default behavior for the ieee80211w
|
# This parameter can be used to set the default behavior for the ieee80211w
|
||||||
# parameter. By default, PMF is disabled unless enabled with the global pmf=1/2
|
# parameter for RSN networks. By default, PMF is disabled unless enabled with
|
||||||
# parameter or with the per-network ieee80211w=1/2 parameter. With pmf=1/2, PMF
|
# the global pmf=1/2 parameter or with the per-network ieee80211w=1/2 parameter.
|
||||||
# is enabled/required by default, but can be disabled with the per-network
|
# With pmf=1/2, PMF is enabled/required by default, but can be disabled with the
|
||||||
# ieee80211w parameter.
|
# per-network ieee80211w parameter. This global default value does not apply
|
||||||
|
# for non-RSN networks (key_mgmt=NONE) since PMF is available only when using
|
||||||
|
# RSN.
|
||||||
#pmf=0
|
#pmf=0
|
||||||
|
|
||||||
# Enabled SAE finite cyclic groups in preference order
|
# Enabled SAE finite cyclic groups in preference order
|
||||||
|
|
Loading…
Reference in a new issue