wpa_supplicant: Clear blacklist when SSID configs change

If the stored configurations for an SSID have changed, we can no longer
trust the current blacklist state of that SSID, since the updated
configs could change the behavior of the network. E.g., the BSS could be
blacklisted due to a bad password, and the config could be updated to
store the correct password. In this case, keeping the BSS in the
blacklist will prevent the user from connecting to the BSS after the
correct password has been updated.

Add the value was_changed_recently to the wpa_ssid struct. Update this
value every time a config is changed through wpa_set_config(). Check
this value in wpa_blacklist_get() to clear the blacklist whenever the
configs of current_ssid have changed.

This solution was chosen over simply clearing the blacklist whenever
configs change because the user should be able to change configs on an
inactive SSID without affecting the blacklist for the currently active
SSID. This way, the blacklist won't be cleared until the user attempts
to connect to the inactive network again. Furthermore, the blacklist is
stored per-BSSID while configs are stored per-SSID, so we don't have the
option to just clear out certain blacklist entries that would be
affected by the configs.

Finally, the function wpa_supplicant_reload_configuration() causes the
configs to be reloaded from scratch, so after a call to this function
all bets are off as to the relevance of our current blacklist state.
Thus, we clear the entire blacklist within this function.

Signed-off-by: Kevin Lund <kglund@google.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>

diff --git a/wpa_supplicant/blacklist.c b/wpa_supplicant/blacklist.c
index fa2ad11eead2a269893434d8da481ada57b990d1..2f326444bcbc2caf82d197801e6525e44a6b34c2 100644 (file)
--- a/wpa_supplicant/blacklist.c
+++ b/wpa_supplicant/blacklist.c
@@ -26,6 +26,13 @@ struct wpa_blacklist * wpa_blacklist_get(struct wpa_supplicant *wpa_s,
        if (wpa_s == NULL || bssid == NULL)
                return NULL;
 
+       if (wpa_s->current_ssid &&
+           wpa_s->current_ssid->was_recently_reconfigured) {
+               wpa_blacklist_clear(wpa_s);
+               wpa_s->current_ssid->was_recently_reconfigured = false;
+               return NULL;
+       }
+
        wpa_blacklist_update(wpa_s);
 
        e = wpa_s->blacklist;

diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index 8e79cab20d12bd2be58943fe72f6a2421f00e7d3..e3c12d8b3ab814fde82feab160d8fa2cb047905b 100644 (file)
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -3142,6 +3142,7 @@ int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value,
                }
                ret = -1;
        }
+       ssid->was_recently_reconfigured = true;
 
        return ret;
 }

diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 2c08c0218e0f5ebdc3289e1cc8558889b4038731..ff9cdf4f61fe020f14f174bdcdce2dc65692998d 100644 (file)
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -1137,6 +1137,15 @@ struct wpa_ssid {
         * 2 = disable SAE-PK (allow SAE authentication only without SAE-PK)
         */
        enum sae_pk_mode sae_pk;
+
+       /**
+        * was_recently_reconfigured - Whether this SSID config has been changed
+        * recently
+        *
+        * This is an internally used variable, i.e., not used in external
+        * configuration.
+        */
+       bool was_recently_reconfigured;
 };
 
 #endif /* CONFIG_SSID_H */

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 30fb04786efca628fea0e7b616284cb6f120ea93..3404f7d01dcb490132f9328ec4f1f339cf799068 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1189,6 +1189,7 @@ int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
                wpa_s->reassociate = 1;
                wpa_supplicant_req_scan(wpa_s, 0, 0);
        }
+       wpa_blacklist_clear(wpa_s);
        wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
        return 0;
 }