Allow PMKSA caching to be disabled on Authenticator

A new hostapd configuration parameter, disable_pmksa_caching=1, can now
be used to disable PMKSA caching on the Authenticator. This forces the
stations to complete EAP authentication on every association when WPA2
is being used.
This commit is contained in:
Jouni Malinen 2011-07-05 17:13:04 +03:00
parent 2db9174503
commit cb465555d4
6 changed files with 14 additions and 1 deletions

View file

@ -1904,6 +1904,8 @@ struct hostapd_config * hostapd_config_read(const char *fname)
#endif /* CONFIG_IEEE80211N */ #endif /* CONFIG_IEEE80211N */
} else if (os_strcmp(buf, "max_listen_interval") == 0) { } else if (os_strcmp(buf, "max_listen_interval") == 0) {
bss->max_listen_interval = atoi(pos); bss->max_listen_interval = atoi(pos);
} else if (os_strcmp(buf, "disable_pmksa_caching") == 0) {
bss->disable_pmksa_caching = atoi(pos);
} else if (os_strcmp(buf, "okc") == 0) { } else if (os_strcmp(buf, "okc") == 0) {
bss->okc = atoi(pos); bss->okc = atoi(pos);
#ifdef CONFIG_WPS #ifdef CONFIG_WPS

View file

@ -770,6 +770,13 @@ own_ip_addr=127.0.0.1
# dot11AssociationSAQueryRetryTimeout, 1...4294967295 # dot11AssociationSAQueryRetryTimeout, 1...4294967295
#assoc_sa_query_retry_timeout=201 #assoc_sa_query_retry_timeout=201
# disable_pmksa_caching: Disable PMKSA caching
# This parameter can be used to disable caching of PMKSA created through EAP
# authentication. RSN preauthentication may still end up using PMKSA caching if
# it is enabled (rsn_preauth=1).
# 0 = PMKSA caching enabled (default)
# 1 = PMKSA caching disabled
#disable_pmksa_caching=0
# okc: Opportunistic Key Caching (aka Proactive Key Caching) # okc: Opportunistic Key Caching (aka Proactive Key Caching)
# Allow PMK cache to be shared opportunistically among configured interfaces # Allow PMK cache to be shared opportunistically among configured interfaces

View file

@ -288,6 +288,7 @@ struct hostapd_bss_config {
*/ */
u16 max_listen_interval; u16 max_listen_interval;
int disable_pmksa_caching;
int okc; /* Opportunistic Key Caching */ int okc; /* Opportunistic Key Caching */
int wps_state; int wps_state;

View file

@ -2727,7 +2727,8 @@ const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
int session_timeout, struct eapol_state_machine *eapol) int session_timeout, struct eapol_state_machine *eapol)
{ {
if (sm == NULL || sm->wpa != WPA_VERSION_WPA2) if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
sm->wpa_auth->conf.disable_pmksa_caching)
return -1; return -1;
if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN, if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,

View file

@ -143,6 +143,7 @@ struct wpa_auth_config {
int peerkey; int peerkey;
int wmm_enabled; int wmm_enabled;
int wmm_uapsd; int wmm_uapsd;
int disable_pmksa_caching;
int okc; int okc;
int tx_status; int tx_status;
#ifdef CONFIG_IEEE80211W #ifdef CONFIG_IEEE80211W

View file

@ -48,6 +48,7 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
wconf->peerkey = conf->peerkey; wconf->peerkey = conf->peerkey;
wconf->wmm_enabled = conf->wmm_enabled; wconf->wmm_enabled = conf->wmm_enabled;
wconf->wmm_uapsd = conf->wmm_uapsd; wconf->wmm_uapsd = conf->wmm_uapsd;
wconf->disable_pmksa_caching = conf->disable_pmksa_caching;
wconf->okc = conf->okc; wconf->okc = conf->okc;
#ifdef CONFIG_IEEE80211W #ifdef CONFIG_IEEE80211W
wconf->ieee80211w = conf->ieee80211w; wconf->ieee80211w = conf->ieee80211w;