Allow PMKSA caching to be disabled on Authenticator

A new hostapd configuration parameter, disable_pmksa_caching=1, can now
be used to disable PMKSA caching on the Authenticator. This forces the
stations to complete EAP authentication on every association when WPA2
is being used.

src/ap/ap_config.h

@@ -288,6 +288,7 @@ struct hostapd_bss_config {
 	 */
 	u16 max_listen_interval;
 
+	int disable_pmksa_caching;
 	int okc; /* Opportunistic Key Caching */
 
 	int wps_state;

src/ap/wpa_auth.c

@@ -2727,7 +2727,8 @@ const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
 		       int session_timeout, struct eapol_state_machine *eapol)
 {
-	if (sm == NULL || sm->wpa != WPA_VERSION_WPA2)
+	if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
+	    sm->wpa_auth->conf.disable_pmksa_caching)
 		return -1;
 
 	if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,

src/ap/wpa_auth.h

@@ -143,6 +143,7 @@ struct wpa_auth_config {
 	int peerkey;
 	int wmm_enabled;
 	int wmm_uapsd;
+	int disable_pmksa_caching;
 	int okc;
 	int tx_status;
 #ifdef CONFIG_IEEE80211W

src/ap/wpa_auth_glue.c

@@ -48,6 +48,7 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
 	wconf->peerkey = conf->peerkey;
 	wconf->wmm_enabled = conf->wmm_enabled;
 	wconf->wmm_uapsd = conf->wmm_uapsd;
+	wconf->disable_pmksa_caching = conf->disable_pmksa_caching;
 	wconf->okc = conf->okc;
 #ifdef CONFIG_IEEE80211W
 	wconf->ieee80211w = conf->ieee80211w;