FT: Force key configuration after association in FT-over-DS

This seems to be needed at least with mac80211 when a STA is using
FT-over-DS to reassociate back to the AP when the AP still has the
previous association state.

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 7e32051d896de4293faaecc9c1d43e52ea1607df..2299c0e6351915f2763ed05b041cfd28313e709e 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1208,7 +1208,7 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
                break;
        case WPA_ASSOC_FT:
 #ifdef CONFIG_IEEE80211R
-               if (!sm->pairwise_set) {
+               if (!sm->pairwise_set || sm->ft_over_ds) {
                        wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
                                   "after association");
                        wpa_ft_install_ptk(sm);

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 2bf646b160100022841c29541023e5fc276d5c3b..11bb88a57f3220cbc474130a75e279c9a00ab33e 100644 (file)
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -1227,6 +1227,7 @@ static int wpa_ft_rrb_rx_request(struct wpa_authenticator *wpa_auth,
                           "RRB Request");
                return -1;
        }
+       sm->ft_over_ds = 1;
 
        wpa_hexdump(MSG_MSGDUMP, "FT: RRB Request Frame body", body, len);
 

diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index 86df3a4914f469d86af0b85e3ad7728ac5f0d7b7..3901c7dd2f82fe357f0327b4b307d8de85dcc1e3 100644 (file)
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -116,6 +116,7 @@ struct wpa_state_machine {
                                           * Request */
        u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; /* R0KH-ID from FT Auth Request */
        size_t r0kh_id_len;
+       int ft_over_ds;
 #endif /* CONFIG_IEEE80211R */
 };