HS 2.0: Use global pmf=2 for the created network block

Previously, PMF support was enabled in optional mode (ieee80211w=1) for
Hotspot 2.0 network blocks automatically. This did not consider the
global PMF parameter and unconditionally changed that value to optional.
Since the newly added network block had an explicit ieee80211w
parameter, this overrode the global parameter. To make this less
surprising, use the global pmf parameter value to select whether to add
network blocks for Hotspot 2.0 with PMF being optionally enabled (pmf=0
or pmf=1) or required (pmf=2).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
index a380123b3efb13cdbe07c1f8ba437e8cdeba94b2..b1ddd0925fd198618ca3487581f52d0754124798 100644 (file)
--- a/wpa_supplicant/interworking.c
+++ b/wpa_supplicant/interworking.c
@@ -959,7 +959,9 @@ static int interworking_set_hs20_params(struct wpa_supplicant *wpa_s,
                        "WPA-EAP WPA-EAP-SHA256" : "WPA-EAP";
        if (wpa_config_set(ssid, "key_mgmt", key_mgmt, 0) < 0 ||
            wpa_config_set(ssid, "proto", "RSN", 0) < 0 ||
-           wpa_config_set(ssid, "ieee80211w", "1", 0) < 0 ||
+           wpa_config_set(ssid, "ieee80211w",
+                          wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_REQUIRED ?
+                          "2" : "1", 0) < 0 ||
            wpa_config_set(ssid, "pairwise", "CCMP", 0) < 0)
                return -1;
        return 0;