wpa_supplicant: Handle MAC address randomization changes for same ESS

When MAC address randomization settings change we should use a new MAC
address even if we are associating to the same ESS.

For example, consider this scenario:
- hardware MAC is being used,
- we disconnect from the network,
- policy/style is changed via D-Bus to turn randomization on,
- we reconnect to the same network.

In the last step a randomized MAC address should be used.

Changes to the randomization settings include both changes to the
policy/style to be used and changes to the pregenerated MAC address
value in case of mac_addr==3.

Signed-off-by: Andrzej Ostruszka <amo@semihalf.com>

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 5364424629a21c27a13a02c6b2335563e3b9c669..370668a30ee2b3b4ef52a3d9cf391f620b8e6a18 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2237,15 +2237,24 @@ int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style,
        u8 addr[ETH_ALEN];
 
        os_get_reltime(&now);
-       if (wpa_s->last_mac_addr_style == style &&
-           /* Pregenerated addresses do not expire */
-           wpa_s->last_mac_addr_style != 3 &&
-           wpa_s->last_mac_addr_change.sec != 0 &&
-           !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
-                               wpa_s->conf->rand_addr_lifetime)) {
-               wpa_msg(wpa_s, MSG_DEBUG,
-                       "Previously selected random MAC address has not yet expired");
-               return 0;
+       /* Random addresses are valid within a given ESS so check
+        * expiration/value only when continuing to use the same ESS. */
+       if (wpa_s->last_mac_addr_style == style && wpa_s->reassoc_same_ess) {
+               if (style == 3) {
+                       /* Pregenerated addresses do not expire but their value
+                        * might have changed, so let's check that. */
+                       if (os_memcmp(wpa_s->own_addr, ssid->mac_value,
+                                     ETH_ALEN) == 0)
+                               return 0;
+               } else if (wpa_s->last_mac_addr_change.sec != 0 &&
+                          !os_reltime_expired(
+                                  &now,
+                                  &wpa_s->last_mac_addr_change,
+                                  wpa_s->conf->rand_addr_lifetime)) {
+                       wpa_msg(wpa_s, MSG_DEBUG,
+                               "Previously selected random MAC address has not yet expired");
+                       return 0;
+               }
        }
 
        switch (style) {
@@ -2289,7 +2298,7 @@ int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style,
        wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
                MAC2STR(addr));
 
-       return 0;
+       return 1;
 }
 
 
@@ -2436,10 +2445,13 @@ void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
        wpa_s_setup_sae_pt(wpa_s->conf, ssid);
 #endif /* CONFIG_SAE */
 
-       if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
-               if (wpas_update_random_addr(wpa_s, rand_style, ssid) < 0)
+       if (rand_style > 0) {
+               int status = wpas_update_random_addr(wpa_s, rand_style, ssid);
+
+               if (status < 0)
                        return;
-               wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
+               if (status > 0) /* MAC changed */
+                       wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
        } else if (rand_style == 0 && wpa_s->mac_addr_changed) {
                if (wpas_restore_permanent_mac_addr(wpa_s) < 0)
                        return;