RSNO: Allow RSN overriding to be enabled for a specific network

The new ssid block configuration parameter rsn_overriding can now be
used to override the value of the global rsn_overriding parameter.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>

diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index 35b62cbe945ade7da90786392bbf8b7babf5104f..2bf97652d3b141da6f3e06becfa4423487db9744 100644 (file)
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -1712,11 +1712,11 @@ int wpa_bss_parse_basic_ml_element(struct wpa_supplicant *wpa_s,
                const u8 *rsne;
                size_t rsne_len;
 
-               if (elems.rsne_override_2 && wpas_rsn_overriding(wpa_s)) {
+               if (elems.rsne_override_2 && wpas_rsn_overriding(wpa_s, ssid)) {
                        rsne = elems.rsne_override_2;
                        rsne_len = elems.rsne_override_2_len;
                } else if (elems.rsne_override &&
-                          wpas_rsn_overriding(wpa_s)) {
+                          wpas_rsn_overriding(wpa_s, ssid)) {
                        rsne = elems.rsne_override;
                        rsne_len = elems.rsne_override_len;
                } else {
@@ -2064,7 +2064,7 @@ const u8 * wpa_bss_get_rsne(struct wpa_supplicant *wpa_s,
 {
        const u8 *ie;
 
-       if (wpas_rsn_overriding(wpa_s)) {
+       if (wpas_rsn_overriding(wpa_s, ssid)) {
                if (!ssid)
                        ssid = wpa_s->current_ssid;
 
@@ -2099,7 +2099,7 @@ const u8 * wpa_bss_get_rsnxe(struct wpa_supplicant *wpa_s,
 {
        const u8 *ie;
 
-       if (wpas_rsn_overriding(wpa_s)) {
+       if (wpas_rsn_overriding(wpa_s, ssid)) {
                ie = wpa_bss_get_vendor_ie(bss, RSNXE_OVERRIDE_IE_VENDOR_TYPE);
                if (ie) {
                        const u8 *tmp;

diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index 675559d493c0b7506943d91d8375908c3dc47a7d..9c5382f65ee374dede3a86e412889405c9cbfd36 100644 (file)
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -2757,6 +2757,7 @@ static const struct parse_data ssid_fields[] = {
        { INT_RANGE(enable_4addr_mode, 0, 1)},
        { INT_RANGE(max_idle, 0, 65535)},
        { INT_RANGE(ssid_protection, 0, 1)},
+       { INT_RANGE(rsn_overriding, 0, 2)},
 };
 
 #undef OFFSET
@@ -3292,6 +3293,7 @@ void wpa_config_set_network_defaults(struct wpa_ssid *ssid)
 #endif /* CONFIG_MACSEC */
        ssid->mac_addr = WPAS_MAC_ADDR_STYLE_NOT_SET;
        ssid->max_oper_chwidth = DEFAULT_MAX_OPER_CHWIDTH;
+       ssid->rsn_overriding = RSN_OVERRIDING_NOT_SET;
 }
 
 

diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h
index 8b76ff7204ab6ca404ae5356d5e55976049a45c7..8df9eb583b377a9e800aa282da86ba57fe0e7f6d 100644 (file)
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@@ -1825,17 +1825,9 @@ struct wpa_config {
        int wowlan_disconnect_on_deinit;
 
        /**
-        * rsn_overriding - RSN overriding
-        *
-        * 0 = Disabled
-        * 1 = Enabled automatically if the driver indicates support
-        * 2 = Forced to be enabled even without driver capability indication
+        * rsn_overriding - RSN overriding (default behavior)
         */
-       enum rsn_overriding {
-               RSN_OVERRIDING_DISABLED = 0,
-               RSN_OVERRIDING_AUTO = 1,
-               RSN_OVERRIDING_ENABLED = 2,
-       } rsn_overriding;
+       enum wpas_rsn_overriding rsn_overriding;
 
 #ifdef CONFIG_PASN
 #ifdef CONFIG_TESTING_OPTIONS

diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index 5d60af04adb2b7e6b7d52477fbb2b04059850e86..6a4d4c9eee76e38d3e7f03a392f52e90845c0ee5 100644 (file)
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -976,6 +976,7 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
        INT(enable_4addr_mode);
        INT(max_idle);
        INT(ssid_protection);
+       INT_DEF(rsn_overriding, RSN_OVERRIDING_NOT_SET);
 
 #undef STR
 #undef INT

diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 71dba9ea088195990d22359c0924953b9c6d5108..b280258a4653a69293b2088010df495fbae64a87 100644 (file)
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -79,6 +79,20 @@ enum wpas_mac_addr_style {
        WPAS_MAC_ADDR_STYLE_DEDICATED_PER_ESS = 3,
 };
 
+/**
+ * rsn_overriding - RSN overriding
+ *
+ * 0 = Disabled
+ * 1 = Enabled automatically if the driver indicates support
+ * 2 = Forced to be enabled even without driver capability indication
+ */
+enum wpas_rsn_overriding {
+       RSN_OVERRIDING_NOT_SET = -1,
+       RSN_OVERRIDING_DISABLED = 0,
+       RSN_OVERRIDING_AUTO = 1,
+       RSN_OVERRIDING_ENABLED = 2,
+};
+
 /**
  * struct wpa_ssid - Network configuration data
  *
@@ -1288,6 +1302,12 @@ struct wpa_ssid {
         * ssid_protection - Whether to use SSID protection in 4-way handshake
         */
        bool ssid_protection;
+
+       /**
+        * rsn_overriding - RSN overriding (per-network override for the global
+        *      parameter with the same name)
+        */
+       enum wpas_rsn_overriding rsn_overriding;
 };
 
 #endif /* CONFIG_SSID_H */

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index eb7516e36ddd824c53f0b51b6650f7296dce59e9..2b758939d32c65637edc937f6db4156bacbb0733 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -2502,10 +2502,10 @@ mscs_fail:
        }
 
        wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_OVERRIDE_SUPPORT,
-                        wpas_rsn_overriding(wpa_s));
+                        wpas_rsn_overriding(wpa_s, ssid));
        wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_OVERRIDE,
                         RSN_OVERRIDE_NOT_USED);
-       if (wpas_rsn_overriding(wpa_s) &&
+       if (wpas_rsn_overriding(wpa_s, ssid) &&
            wpas_ap_supports_rsn_overriding(wpa_s, wpa_s->current_bss) &&
            wpa_s->sme.assoc_req_ie_len + 2 + 4 <=
            sizeof(wpa_s->sme.assoc_req_ie)) {

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 858529e0e9a20f525aa96286189360ec9f003de1..4184ae780e9d42d32e3cb78c89b1d7691bee6514 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -4150,10 +4150,10 @@ mscs_end:
        }
 
        wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_OVERRIDE_SUPPORT,
-                        wpas_rsn_overriding(wpa_s));
+                        wpas_rsn_overriding(wpa_s, ssid));
        wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_OVERRIDE,
                         RSN_OVERRIDE_NOT_USED);
-       if (wpas_rsn_overriding(wpa_s) &&
+       if (wpas_rsn_overriding(wpa_s, ssid) &&
            wpas_ap_supports_rsn_overriding(wpa_s, bss) &&
            wpa_ie_len + 2 + 4 + 1 <= max_wpa_ie_len) {
                u8 *pos = wpa_ie + wpa_ie_len, *start = pos;
@@ -4190,7 +4190,7 @@ mscs_end:
                wpa_ie_len += pos - start;
        }
 
-       params->rsn_overriding = wpas_rsn_overriding(wpa_s);
+       params->rsn_overriding = wpas_rsn_overriding(wpa_s, ssid);
        params->wpa_ie = wpa_ie;
        params->wpa_ie_len = wpa_ie_len;
        params->auth_alg = algs;
@@ -8833,12 +8833,19 @@ static bool wpas_driver_rsn_override(struct wpa_supplicant *wpa_s)
 }
 
 
-bool wpas_rsn_overriding(struct wpa_supplicant *wpa_s)
+bool wpas_rsn_overriding(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
 {
-       if (wpa_s->conf->rsn_overriding == RSN_OVERRIDING_DISABLED)
+       enum wpas_rsn_overriding rsno;
+
+       if (ssid && ssid->rsn_overriding != RSN_OVERRIDING_NOT_SET)
+               rsno = ssid->rsn_overriding;
+       else
+               rsno = wpa_s->conf->rsn_overriding;
+
+       if (rsno == RSN_OVERRIDING_DISABLED)
                return false;
 
-       if (wpa_s->conf->rsn_overriding == RSN_OVERRIDING_ENABLED)
+       if (rsno == RSN_OVERRIDING_ENABLED)
                return true;
 
        if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||

diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index a1b6a9188f28135410e3831f751fef96f9ceee40..40c5ff57db72fd3bb4f58881d01bcaa64a06ec2d 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -954,6 +954,8 @@ fast_reauth=1
 # NOTE: The protocol used for this mechanism is still subject to change and as
 # such, this should not yet be enabled for production uses to avoid issues if
 # something were to change.
+# A per-network block parameter with the same name can be used to override this
+# global parameter.
 # 0 = Disabled (default)
 # 1 = Enabled automatically if the driver indicates support
 # 2 = Forced to be enabled even without driver capability indication

diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 030ceec14cad10c6a338acfd902033a60145f166..c500a6c652194c3e5dc81ebb74ccb2bd68aca0cd 100644 (file)
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -1741,7 +1741,7 @@ void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid,
 void fils_connection_failure(struct wpa_supplicant *wpa_s);
 void fils_pmksa_cache_flush(struct wpa_supplicant *wpa_s);
 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s);
-bool wpas_rsn_overriding(struct wpa_supplicant *wpa_s);
+bool wpas_rsn_overriding(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid);
 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s);
 void wpas_auth_failed(struct wpa_supplicant *wpa_s, const char *reason,
                      const u8 *bssid);