Fix wpa_key_mgmt and wpa_pairwise configuration for non-WPA

These hostapd configuration parameter was left at the default values
(WPA-PSK/TKIP) even for cases where WPA was disabled. While these
parameters are not really used much in non-WPA cases, they do get used
for one corner case in nl80211 configuration to disable encryption of
EAPOL frames in IEEE 802.1X WEP case.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index a69d8bc8ee67fa4b54462ceda7911721a7491179..5bc468a08fd993473e73c5465241b6d2c7b92a1d 100644 (file)
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -890,12 +890,20 @@ void hostapd_set_security_params(struct hostapd_bss_config *bss,
                int cipher = WPA_CIPHER_NONE;
                bss->ssid.security_policy = SECURITY_IEEE_802_1X;
                bss->ssid.wep.default_len = bss->default_wep_key_len;
-               if (bss->default_wep_key_len)
+               if (full_config && bss->default_wep_key_len) {
                        cipher = bss->default_wep_key_len >= 13 ?
                                WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
+               } else if (full_config && bss->ssid.wep.keys_set) {
+                       if (bss->ssid.wep.len[0] >= 13)
+                               cipher = WPA_CIPHER_WEP104;
+                       else
+                               cipher = WPA_CIPHER_WEP40;
+               }
                bss->wpa_group = cipher;
                bss->wpa_pairwise = cipher;
                bss->rsn_pairwise = cipher;
+               if (full_config)
+                       bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
        } else if (bss->ssid.wep.keys_set) {
                int cipher = WPA_CIPHER_WEP40;
                if (bss->ssid.wep.len[0] >= 13)
@@ -904,6 +912,8 @@ void hostapd_set_security_params(struct hostapd_bss_config *bss,
                bss->wpa_group = cipher;
                bss->wpa_pairwise = cipher;
                bss->rsn_pairwise = cipher;
+               if (full_config)
+                       bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
        } else if (bss->osen) {
                bss->ssid.security_policy = SECURITY_OSEN;
                bss->wpa_group = WPA_CIPHER_CCMP;
@@ -914,5 +924,7 @@ void hostapd_set_security_params(struct hostapd_bss_config *bss,
                bss->wpa_group = WPA_CIPHER_NONE;
                bss->wpa_pairwise = WPA_CIPHER_NONE;
                bss->rsn_pairwise = WPA_CIPHER_NONE;
+               if (full_config)
+                       bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
        }
 }