1
From d8a790b9228ca91eadc8f26faf87287c330510a1 Mon Sep 17 00:00:00 2001
2
From: Jouni Malinen <jouni@qca.qualcomm.com>
3
Date: Wed, 7 Sep 2011 17:46:00 +0300
4
Subject: [PATCH] Flush PMKSA cache entries and invalidate EAP state on
7
If a network configuration block is removed or modified, flush
8
all PMKSA cache entries that were created using that network
9
configuration. Similarly, invalidate EAP state (fast re-auth).
11
The special case for OKC on wpa_supplicant reconfiguration
12
(network_ctx pointer change) is now addressed as part of the
13
PMKSA cache flushing, so it does not need a separate mechanism
14
for clearing the network_ctx values in the PMKSA cache.
16
src/rsn_supp/pmksa_cache.c | 50 ++++++++++++++++++++++++++------------
17
src/rsn_supp/pmksa_cache.h | 11 ++++----
18
src/rsn_supp/wpa.c | 10 ++++++-
19
src/rsn_supp/wpa.h | 7 +++++
20
wpa_supplicant/ctrl_iface.c | 17 ++++++++----
21
wpa_supplicant/notify.c | 2 +
22
wpa_supplicant/wpa_supplicant.c | 1 +
23
7 files changed, 69 insertions(+), 29 deletions(-)
25
diff -up wpa_supplicant-0.7.3/src/rsn_supp/pmksa_cache.c.flush-pmksa wpa_supplicant-0.7.3/src/rsn_supp/pmksa_cache.c
26
--- wpa_supplicant-0.7.3/src/rsn_supp/pmksa_cache.c.flush-pmksa 2012-06-08 12:13:07.876107152 -0500
27
+++ wpa_supplicant-0.7.3/src/rsn_supp/pmksa_cache.c 2012-06-08 12:13:07.879107115 -0500
28
@@ -230,6 +230,40 @@ pmksa_cache_add(struct rsn_pmksa_cache *
32
+ * pmksa_cache_flush - Flush PMKSA cache entries for a specific network
33
+ * @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
34
+ * @network_ctx: Network configuration context or %NULL to flush all entries
36
+void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx)
38
+ struct rsn_pmksa_cache_entry *entry, *prev = NULL, *tmp;
41
+ entry = pmksa->pmksa;
43
+ if (entry->network_ctx == network_ctx || network_ctx == NULL) {
44
+ wpa_printf(MSG_DEBUG, "RSN: Flush PMKSA cache entry "
45
+ "for " MACSTR, MAC2STR(entry->aa));
47
+ prev->next = entry->next;
49
+ pmksa->pmksa = entry->next;
51
+ entry = entry->next;
52
+ wpa_sm_remove_pmkid(pmksa->sm, tmp->aa, tmp->pmkid);
53
+ pmksa_cache_free_entry(pmksa, tmp, 0);
57
+ entry = entry->next;
61
+ pmksa_cache_set_expiration(pmksa);
66
* pmksa_cache_deinit - Free all entries in PMKSA cache
67
* @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
69
@@ -274,22 +308,6 @@ struct rsn_pmksa_cache_entry * pmksa_cac
74
- * pmksa_cache_notify_reconfig - Reconfiguration notification for PMKSA cache
75
- * @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
77
- * Clear references to old data structures when wpa_supplicant is reconfigured.
79
-void pmksa_cache_notify_reconfig(struct rsn_pmksa_cache *pmksa)
81
- struct rsn_pmksa_cache_entry *entry = pmksa->pmksa;
83
- entry->network_ctx = NULL;
84
- entry = entry->next;
89
static struct rsn_pmksa_cache_entry *
90
pmksa_cache_clone_entry(struct rsn_pmksa_cache *pmksa,
91
const struct rsn_pmksa_cache_entry *old_entry,
92
diff -up wpa_supplicant-0.7.3/src/rsn_supp/pmksa_cache.h.flush-pmksa wpa_supplicant-0.7.3/src/rsn_supp/pmksa_cache.h
93
--- wpa_supplicant-0.7.3/src/rsn_supp/pmksa_cache.h.flush-pmksa 2010-09-07 10:43:39.000000000 -0500
94
+++ wpa_supplicant-0.7.3/src/rsn_supp/pmksa_cache.h 2012-06-08 12:13:07.879107115 -0500
95
@@ -57,7 +57,6 @@ int pmksa_cache_list(struct rsn_pmksa_ca
96
struct rsn_pmksa_cache_entry *
97
pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
98
const u8 *aa, const u8 *spa, void *network_ctx, int akmp);
99
-void pmksa_cache_notify_reconfig(struct rsn_pmksa_cache *pmksa);
100
struct rsn_pmksa_cache_entry * pmksa_cache_get_current(struct wpa_sm *sm);
101
void pmksa_cache_clear_current(struct wpa_sm *sm);
102
int pmksa_cache_set_current(struct wpa_sm *sm, const u8 *pmkid,
103
@@ -66,6 +65,7 @@ int pmksa_cache_set_current(struct wpa_s
104
struct rsn_pmksa_cache_entry *
105
pmksa_cache_get_opportunistic(struct rsn_pmksa_cache *pmksa,
106
void *network_ctx, const u8 *aa);
107
+void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx);
109
#else /* IEEE8021X_EAPOL and !CONFIG_NO_WPA2 */
111
@@ -106,10 +106,6 @@ pmksa_cache_add(struct rsn_pmksa_cache *
115
-static inline void pmksa_cache_notify_reconfig(struct rsn_pmksa_cache *pmksa)
119
static inline void pmksa_cache_clear_current(struct wpa_sm *sm)
122
@@ -122,6 +118,11 @@ static inline int pmksa_cache_set_curren
126
+static inline void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa,
131
#endif /* IEEE8021X_EAPOL and !CONFIG_NO_WPA2 */
133
#endif /* PMKSA_CACHE_H */
134
diff -up wpa_supplicant-0.7.3/src/rsn_supp/wpa.c.flush-pmksa wpa_supplicant-0.7.3/src/rsn_supp/wpa.c
135
--- wpa_supplicant-0.7.3/src/rsn_supp/wpa.c.flush-pmksa 2010-09-07 10:43:39.000000000 -0500
136
+++ wpa_supplicant-0.7.3/src/rsn_supp/wpa.c 2012-06-08 12:50:17.761229751 -0500
137
@@ -2191,8 +2191,6 @@ void wpa_sm_set_config(struct wpa_sm *sm
139
sm->wpa_ptk_rekey = 0;
141
- if (config == NULL || config->network_ctx != sm->network_ctx)
142
- pmksa_cache_notify_reconfig(sm->pmksa);
146
@@ -2564,3 +2562,11 @@ int wpa_sm_has_ptk(struct wpa_sm *sm)
152
+void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
154
+#ifndef CONFIG_NO_WPA2
155
+ pmksa_cache_flush(sm->pmksa, network_ctx);
156
+#endif /* CONFIG_NO_WPA2 */
158
diff -up wpa_supplicant-0.7.3/src/rsn_supp/wpa.h.flush-pmksa wpa_supplicant-0.7.3/src/rsn_supp/wpa.h
159
--- wpa_supplicant-0.7.3/src/rsn_supp/wpa.h.flush-pmksa 2010-09-07 10:43:39.000000000 -0500
160
+++ wpa_supplicant-0.7.3/src/rsn_supp/wpa.h 2012-06-08 12:50:50.525820138 -0500
161
@@ -126,6 +126,8 @@ int wpa_sm_pmksa_cache_list(struct wpa_s
162
void wpa_sm_drop_sa(struct wpa_sm *sm);
163
int wpa_sm_has_ptk(struct wpa_sm *sm);
165
+void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx);
167
#else /* CONFIG_NO_WPA */
169
static inline struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
170
@@ -271,6 +273,11 @@ static inline int wpa_sm_has_ptk(struct
174
+static inline void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm,
179
#endif /* CONFIG_NO_WPA */
181
#ifdef CONFIG_PEERKEY
182
diff -up wpa_supplicant-0.7.3/wpa_supplicant/ctrl_iface.c.flush-pmksa wpa_supplicant-0.7.3/wpa_supplicant/ctrl_iface.c
183
--- wpa_supplicant-0.7.3/wpa_supplicant/ctrl_iface.c.flush-pmksa 2012-06-08 12:13:07.872107201 -0500
184
+++ wpa_supplicant-0.7.3/wpa_supplicant/ctrl_iface.c 2012-06-08 12:13:07.882107076 -0500
185
@@ -1018,8 +1018,8 @@ static int wpa_supplicant_ctrl_iface_rem
186
wpas_notify_network_removed(wpa_s, remove_ssid);
187
wpa_config_remove_network(wpa_s->conf, id);
189
+ eapol_sm_invalidate_cached_session(wpa_s->eapol);
190
if (wpa_s->current_ssid) {
191
- eapol_sm_invalidate_cached_session(wpa_s->eapol);
192
wpa_sm_set_config(wpa_s->wpa, NULL);
193
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
194
wpa_supplicant_disassociate(wpa_s,
195
@@ -1039,12 +1039,15 @@ static int wpa_supplicant_ctrl_iface_rem
199
- if (ssid == wpa_s->current_ssid) {
200
+ if (ssid == wpa_s->current_ssid || wpa_s->current_ssid == NULL) {
202
- * Invalidate the EAP session cache if the current network is
204
+ * Invalidate the EAP session cache if the current or
205
+ * previously used network is removed.
207
eapol_sm_invalidate_cached_session(wpa_s->eapol);
210
+ if (ssid == wpa_s->current_ssid) {
211
wpa_sm_set_config(wpa_s->wpa, NULL);
212
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
214
@@ -1092,10 +1095,12 @@ static int wpa_supplicant_ctrl_iface_set
218
- if (wpa_s->current_ssid == ssid) {
219
+ wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
221
+ if (wpa_s->current_ssid == ssid || wpa_s->current_ssid == NULL) {
223
* Invalidate the EAP session cache if anything in the current
224
- * configuration changes.
225
+ * or previously used configuration changes.
227
eapol_sm_invalidate_cached_session(wpa_s->eapol);
229
diff -up wpa_supplicant-0.7.3/wpa_supplicant/notify.c.flush-pmksa wpa_supplicant-0.7.3/wpa_supplicant/notify.c
230
--- wpa_supplicant-0.7.3/wpa_supplicant/notify.c.flush-pmksa 2012-06-08 12:13:07.000000000 -0500
231
+++ wpa_supplicant-0.7.3/wpa_supplicant/notify.c 2012-06-08 12:51:21.230436277 -0500
232
@@ -192,6 +192,7 @@ void wpas_notify_network_added(struct wp
233
void wpas_notify_network_removed(struct wpa_supplicant *wpa_s,
234
struct wpa_ssid *ssid)
236
+ wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
237
wpas_dbus_unregister_network(wpa_s, ssid->id);
240
diff -up wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c.flush-pmksa wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c
241
--- wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c.flush-pmksa 2012-06-08 12:13:07.860107352 -0500
242
+++ wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c 2012-06-08 12:13:07.884107051 -0500
243
@@ -686,6 +686,7 @@ int wpa_supplicant_reload_configuration(
245
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
246
wpa_sm_set_config(wpa_s->wpa, NULL);
247
+ wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
248
wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
249
rsn_preauth_deinit(wpa_s->wpa);