Allow non-WPA IEEE 802.1X to be select even if WPA is also enabled

If key_mgmt was set to allow both WPA and non-WPA IEEE 802.1X (i.e., to
IEEE8021X WPA-EAP), non-WPA IEEE 802.1X was rejected while preparing
association parameters. Allow this special case to be handled by
selecting non-WPA case if the scan results for the AP do not include
either WPA or RSN elements.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 5b706705ee18313d615ce5671a0f4cde76a6ecc4..0c5c07c9fdeacdc35f4a8913a7e9e31b97978604 100644 (file)
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -448,6 +448,12 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
                return 1;
        }
 
+       if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && !wpa_ie &&
+           !rsn_ie) {
+               wpa_dbg(wpa_s, MSG_DEBUG, "   allow for non-WPA IEEE 802.1X");
+               return 1;
+       }
+
        if ((ssid->proto & (WPA_PROTO_WPA | WPA_PROTO_RSN)) &&
            wpa_key_mgmt_wpa(ssid->key_mgmt) && proto_match == 0) {
                wpa_dbg(wpa_s, MSG_DEBUG, "   skip - no WPA/RSN proto match");

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 31491e5b109525ec9ecbfff86f5ae4b6e99dac24..b09e5f180209577e2f8d96e86128c69332dcdcad 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -127,6 +127,15 @@ void sme_authenticate(struct wpa_supplicant *wpa_s,
                                "key management and encryption suites");
                        return;
                }
+       } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
+                  wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
+               /*
+                * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
+                * use non-WPA since the scan results did not indicate that the
+                * AP is using WPA or WPA2.
+                */
+               wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
+               wpa_s->sme.assoc_req_ie_len = 0;
        } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
                wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
                if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 9a4257050556d7a374ac95e3184c6c5549c67c34..99454c407b26321389e767cb0a19e05ddb5879fb 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1309,6 +1309,16 @@ void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
                                "key management and encryption suites");
                        return;
                }
+       } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
+                  wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
+               /*
+                * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
+                * use non-WPA since the scan results did not indicate that the
+                * AP is using WPA or WPA2.
+                */
+               wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
+               wpa_ie_len = 0;
+               wpa_s->wpa_proto = 0;
        } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
                wpa_ie_len = sizeof(wpa_ie);
                if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,