AP: Reorder WPA/Beacon initialization
Split WPA initialization into two parts so that the Beacon frames can be configured fully before the initial keys (GTK/IGTK) are configured. This makes it easier for drivers that depend on the AP security mode being fully set before the keys are configured.
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
bc45d4279f
commit
bdffdc5ddb
3 changed files with 33 additions and 8 deletions
|
|
@ -61,9 +61,11 @@ static void hostapd_reload_bss(struct hostapd_data *hapd)
|
||||||
else
|
else
|
||||||
hostapd_set_drv_ieee8021x(hapd, hapd->conf->iface, 0);
|
hostapd_set_drv_ieee8021x(hapd, hapd->conf->iface, 0);
|
||||||
|
|
||||||
if (hapd->conf->wpa && hapd->wpa_auth == NULL)
|
if (hapd->conf->wpa && hapd->wpa_auth == NULL) {
|
||||||
hostapd_setup_wpa(hapd);
|
hostapd_setup_wpa(hapd);
|
||||||
else if (hapd->conf->wpa) {
|
if (hapd->wpa_auth)
|
||||||
|
wpa_init_keys(hapd->wpa_auth);
|
||||||
|
} else if (hapd->conf->wpa) {
|
||||||
const u8 *wpa_ie;
|
const u8 *wpa_ie;
|
||||||
size_t wpa_ie_len;
|
size_t wpa_ie_len;
|
||||||
hostapd_reconfig_wpa(hapd);
|
hostapd_reconfig_wpa(hapd);
|
||||||
|
|
@ -639,6 +641,9 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first)
|
||||||
|
|
||||||
ieee802_11_set_beacon(hapd);
|
ieee802_11_set_beacon(hapd);
|
||||||
|
|
||||||
|
if (hapd->wpa_auth && wpa_init_keys(hapd->wpa_auth) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
if (hapd->driver && hapd->driver->set_operstate)
|
if (hapd->driver && hapd->driver->set_operstate)
|
||||||
hapd->driver->set_operstate(hapd->drv_priv, 1);
|
hapd->driver->set_operstate(hapd->drv_priv, 1);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -332,7 +332,7 @@ static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
|
||||||
|
|
||||||
|
|
||||||
static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
|
static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
|
||||||
int vlan_id)
|
int vlan_id, int delay_init)
|
||||||
{
|
{
|
||||||
struct wpa_group *group;
|
struct wpa_group *group;
|
||||||
|
|
||||||
|
|
@ -365,9 +365,15 @@ static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
|
||||||
}
|
}
|
||||||
|
|
||||||
group->GInit = TRUE;
|
group->GInit = TRUE;
|
||||||
wpa_group_sm_step(wpa_auth, group);
|
if (delay_init) {
|
||||||
group->GInit = FALSE;
|
wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
|
||||||
wpa_group_sm_step(wpa_auth, group);
|
"until Beacon frames have been configured");
|
||||||
|
/* Initialization is completed in wpa_init_keys(). */
|
||||||
|
} else {
|
||||||
|
wpa_group_sm_step(wpa_auth, group);
|
||||||
|
group->GInit = FALSE;
|
||||||
|
wpa_group_sm_step(wpa_auth, group);
|
||||||
|
}
|
||||||
|
|
||||||
return group;
|
return group;
|
||||||
}
|
}
|
||||||
|
|
@ -399,7 +405,7 @@ struct wpa_authenticator * wpa_init(const u8 *addr,
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
wpa_auth->group = wpa_group_init(wpa_auth, 0);
|
wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
|
||||||
if (wpa_auth->group == NULL) {
|
if (wpa_auth->group == NULL) {
|
||||||
os_free(wpa_auth->wpa_ie);
|
os_free(wpa_auth->wpa_ie);
|
||||||
os_free(wpa_auth);
|
os_free(wpa_auth);
|
||||||
|
|
@ -440,6 +446,19 @@ struct wpa_authenticator * wpa_init(const u8 *addr,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int wpa_init_keys(struct wpa_authenticator *wpa_auth)
|
||||||
|
{
|
||||||
|
struct wpa_group *group = wpa_auth->group;
|
||||||
|
|
||||||
|
wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
|
||||||
|
"keys");
|
||||||
|
wpa_group_sm_step(wpa_auth, group);
|
||||||
|
group->GInit = FALSE;
|
||||||
|
wpa_group_sm_step(wpa_auth, group);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* wpa_deinit - Deinitialize WPA authenticator
|
* wpa_deinit - Deinitialize WPA authenticator
|
||||||
* @wpa_auth: Pointer to WPA authenticator data from wpa_init()
|
* @wpa_auth: Pointer to WPA authenticator data from wpa_init()
|
||||||
|
|
@ -2767,7 +2786,7 @@ wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
|
wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
|
||||||
vlan_id);
|
vlan_id);
|
||||||
group = wpa_group_init(wpa_auth, vlan_id);
|
group = wpa_group_init(wpa_auth, vlan_id, 0);
|
||||||
if (group == NULL)
|
if (group == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -208,6 +208,7 @@ struct wpa_auth_callbacks {
|
||||||
struct wpa_authenticator * wpa_init(const u8 *addr,
|
struct wpa_authenticator * wpa_init(const u8 *addr,
|
||||||
struct wpa_auth_config *conf,
|
struct wpa_auth_config *conf,
|
||||||
struct wpa_auth_callbacks *cb);
|
struct wpa_auth_callbacks *cb);
|
||||||
|
int wpa_init_keys(struct wpa_authenticator *wpa_auth);
|
||||||
void wpa_deinit(struct wpa_authenticator *wpa_auth);
|
void wpa_deinit(struct wpa_authenticator *wpa_auth);
|
||||||
int wpa_reconfig(struct wpa_authenticator *wpa_auth,
|
int wpa_reconfig(struct wpa_authenticator *wpa_auth,
|
||||||
struct wpa_auth_config *conf);
|
struct wpa_auth_config *conf);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue