hostapd: Work around an interop connection issue in FT-PSK + WPA-PSK
While the AP is configured to enable both FT-PSK and WPA-PSK, an HP printer request both AKMs (copied from AP?) in Association Request frame, but don't add MDIE and don't use FT. This results in the connection failing. Next in logs we see: RSN: Trying to use FT, but MDIE not included IE - hexdump(len=26): 30 18 01 00 00 0f ac 04 01 00 00 0f ac 04 02 00 00 0f ac 02 00 0f ac 04 00 00 This is seen with some HP and Epson printers. Work around this by stripping FT AKM(s) when MDE is not present and there is still a non-FT AKM available. Signed-off-by: Janusz Dziedzic <janusz@plumewifi.com>
This commit is contained in:
parent
2e71d0415b
commit
bb35e2d214
2 changed files with 28 additions and 6 deletions
|
@ -561,6 +561,19 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
||||||
if (version == WPA_PROTO_RSN) {
|
if (version == WPA_PROTO_RSN) {
|
||||||
res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
|
res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
|
||||||
|
|
||||||
|
if (wpa_key_mgmt_ft(data.key_mgmt) && !mdie &&
|
||||||
|
!wpa_key_mgmt_only_ft(data.key_mgmt)) {
|
||||||
|
/* Workaround for some HP and Epson printers that seem
|
||||||
|
* to incorrectly copy the FT-PSK + WPA-PSK AKMs from AP
|
||||||
|
* advertised RSNE to Association Request frame. */
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"RSN: FT set in RSNE AKM but MDE is missing from "
|
||||||
|
MACSTR
|
||||||
|
" - ignore FT AKM(s) because there's also a non-FT AKM",
|
||||||
|
MAC2STR(sm->addr));
|
||||||
|
data.key_mgmt &= ~WPA_KEY_MGMT_FT;
|
||||||
|
}
|
||||||
|
|
||||||
selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
|
selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
|
||||||
if (0) {
|
if (0) {
|
||||||
}
|
}
|
||||||
|
|
|
@ -59,6 +59,13 @@ typedef enum { FALSE = 0, TRUE = 1 } Boolean;
|
||||||
#define WPA_KEY_MGMT_DPP BIT(23)
|
#define WPA_KEY_MGMT_DPP BIT(23)
|
||||||
#define WPA_KEY_MGMT_FT_IEEE8021X_SHA384 BIT(24)
|
#define WPA_KEY_MGMT_FT_IEEE8021X_SHA384 BIT(24)
|
||||||
|
|
||||||
|
#define WPA_KEY_MGMT_FT (WPA_KEY_MGMT_FT_PSK | \
|
||||||
|
WPA_KEY_MGMT_FT_IEEE8021X | \
|
||||||
|
WPA_KEY_MGMT_FT_IEEE8021X_SHA384 | \
|
||||||
|
WPA_KEY_MGMT_FT_SAE | \
|
||||||
|
WPA_KEY_MGMT_FT_FILS_SHA256 | \
|
||||||
|
WPA_KEY_MGMT_FT_FILS_SHA384)
|
||||||
|
|
||||||
static inline int wpa_key_mgmt_wpa_ieee8021x(int akm)
|
static inline int wpa_key_mgmt_wpa_ieee8021x(int akm)
|
||||||
{
|
{
|
||||||
return !!(akm & (WPA_KEY_MGMT_IEEE8021X |
|
return !!(akm & (WPA_KEY_MGMT_IEEE8021X |
|
||||||
|
@ -86,12 +93,14 @@ static inline int wpa_key_mgmt_wpa_psk(int akm)
|
||||||
|
|
||||||
static inline int wpa_key_mgmt_ft(int akm)
|
static inline int wpa_key_mgmt_ft(int akm)
|
||||||
{
|
{
|
||||||
return !!(akm & (WPA_KEY_MGMT_FT_PSK |
|
return !!(akm & WPA_KEY_MGMT_FT);
|
||||||
WPA_KEY_MGMT_FT_IEEE8021X |
|
}
|
||||||
WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
|
|
||||||
WPA_KEY_MGMT_FT_SAE |
|
static inline int wpa_key_mgmt_only_ft(int akm)
|
||||||
WPA_KEY_MGMT_FT_FILS_SHA256 |
|
{
|
||||||
WPA_KEY_MGMT_FT_FILS_SHA384));
|
int ft = wpa_key_mgmt_ft(akm);
|
||||||
|
akm &= ~WPA_KEY_MGMT_FT;
|
||||||
|
return ft && !akm;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int wpa_key_mgmt_ft_psk(int akm)
|
static inline int wpa_key_mgmt_ft_psk(int akm)
|
||||||
|
|
Loading…
Reference in a new issue