Allow PMKSA caching to be disabled on Authenticator
A new hostapd configuration parameter, disable_pmksa_caching=1, can now be used to disable PMKSA caching on the Authenticator. This forces the stations to complete EAP authentication on every association when WPA2 is being used.
This commit is contained in:
parent
2db9174503
commit
cb465555d4
6 changed files with 14 additions and 1 deletions
|
@ -1904,6 +1904,8 @@ struct hostapd_config * hostapd_config_read(const char *fname)
|
||||||
#endif /* CONFIG_IEEE80211N */
|
#endif /* CONFIG_IEEE80211N */
|
||||||
} else if (os_strcmp(buf, "max_listen_interval") == 0) {
|
} else if (os_strcmp(buf, "max_listen_interval") == 0) {
|
||||||
bss->max_listen_interval = atoi(pos);
|
bss->max_listen_interval = atoi(pos);
|
||||||
|
} else if (os_strcmp(buf, "disable_pmksa_caching") == 0) {
|
||||||
|
bss->disable_pmksa_caching = atoi(pos);
|
||||||
} else if (os_strcmp(buf, "okc") == 0) {
|
} else if (os_strcmp(buf, "okc") == 0) {
|
||||||
bss->okc = atoi(pos);
|
bss->okc = atoi(pos);
|
||||||
#ifdef CONFIG_WPS
|
#ifdef CONFIG_WPS
|
||||||
|
|
|
@ -770,6 +770,13 @@ own_ip_addr=127.0.0.1
|
||||||
# dot11AssociationSAQueryRetryTimeout, 1...4294967295
|
# dot11AssociationSAQueryRetryTimeout, 1...4294967295
|
||||||
#assoc_sa_query_retry_timeout=201
|
#assoc_sa_query_retry_timeout=201
|
||||||
|
|
||||||
|
# disable_pmksa_caching: Disable PMKSA caching
|
||||||
|
# This parameter can be used to disable caching of PMKSA created through EAP
|
||||||
|
# authentication. RSN preauthentication may still end up using PMKSA caching if
|
||||||
|
# it is enabled (rsn_preauth=1).
|
||||||
|
# 0 = PMKSA caching enabled (default)
|
||||||
|
# 1 = PMKSA caching disabled
|
||||||
|
#disable_pmksa_caching=0
|
||||||
|
|
||||||
# okc: Opportunistic Key Caching (aka Proactive Key Caching)
|
# okc: Opportunistic Key Caching (aka Proactive Key Caching)
|
||||||
# Allow PMK cache to be shared opportunistically among configured interfaces
|
# Allow PMK cache to be shared opportunistically among configured interfaces
|
||||||
|
|
|
@ -288,6 +288,7 @@ struct hostapd_bss_config {
|
||||||
*/
|
*/
|
||||||
u16 max_listen_interval;
|
u16 max_listen_interval;
|
||||||
|
|
||||||
|
int disable_pmksa_caching;
|
||||||
int okc; /* Opportunistic Key Caching */
|
int okc; /* Opportunistic Key Caching */
|
||||||
|
|
||||||
int wps_state;
|
int wps_state;
|
||||||
|
|
|
@ -2727,7 +2727,8 @@ const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
|
||||||
int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
|
int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
|
||||||
int session_timeout, struct eapol_state_machine *eapol)
|
int session_timeout, struct eapol_state_machine *eapol)
|
||||||
{
|
{
|
||||||
if (sm == NULL || sm->wpa != WPA_VERSION_WPA2)
|
if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
|
||||||
|
sm->wpa_auth->conf.disable_pmksa_caching)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
|
if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
|
||||||
|
|
|
@ -143,6 +143,7 @@ struct wpa_auth_config {
|
||||||
int peerkey;
|
int peerkey;
|
||||||
int wmm_enabled;
|
int wmm_enabled;
|
||||||
int wmm_uapsd;
|
int wmm_uapsd;
|
||||||
|
int disable_pmksa_caching;
|
||||||
int okc;
|
int okc;
|
||||||
int tx_status;
|
int tx_status;
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
|
|
|
@ -48,6 +48,7 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
|
||||||
wconf->peerkey = conf->peerkey;
|
wconf->peerkey = conf->peerkey;
|
||||||
wconf->wmm_enabled = conf->wmm_enabled;
|
wconf->wmm_enabled = conf->wmm_enabled;
|
||||||
wconf->wmm_uapsd = conf->wmm_uapsd;
|
wconf->wmm_uapsd = conf->wmm_uapsd;
|
||||||
|
wconf->disable_pmksa_caching = conf->disable_pmksa_caching;
|
||||||
wconf->okc = conf->okc;
|
wconf->okc = conf->okc;
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
wconf->ieee80211w = conf->ieee80211w;
|
wconf->ieee80211w = conf->ieee80211w;
|
||||||
|
|
Loading…
Reference in a new issue