From: Kevin Lund <kglund@xxxxxxxxxx>
If the stored configurations for an SSID have changed, we can no longer
trust the current blacklist state of that SSID, since the updated
configs could change the behavior of the network. E.g. the station could be
blacklisted due to a bad password, and the config could be updated to
store the correct password. In this case, keeping the station in the
blacklist will prevent the user from connecting to the station after the
correct password has been updated.
Add the value was_changed_recently to the wpa_ssid struct. Update this
value every time a config is changed through wpa_set_config. Check this
value in wpa_blacklist_get() to clear the blacklist whenever the
configs of current_ssid have changed.
This solution was chosen over simply clearing the blacklist whenever
configs change because the user should be able to change configs on an
inactive SSID without affecting the blacklist for the currently active
SSID. This way, the blacklist won't be cleared until the user attempts
to connect to the innactive network again. Furthermore, the blacklist is
stored per-BSSID while configs are stored per-SSID, so we don't have the
option to just clear out certain blacklist entries that would be
affected by the configs.
Finally, the function wpa_supplicant_reload_configuration() causes the
configs to be reloaded from scratch, so after a call to this function
all bets are off as to the relevance of our current blacklist state.
Thus, we clear the entire blacklist within this function.
Signed-off-by: Kevin Lund <kglund@xxxxxxxxxx>
Signed-off-by: Brian Norris <briannorris@xxxxxxxxxxxx>
---
v3:
- rebased (refactored patch 2/5 to fit with new scan_res_ok() function)
- added patch to clear blacklist on config changes
---
wpa_supplicant/blacklist.c | 6 ++++++
wpa_supplicant/config.c | 2 +-
wpa_supplicant/config_ssid.h | 6 ++++++
wpa_supplicant/wpa_supplicant.c | 1 +
4 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/wpa_supplicant/blacklist.c b/wpa_supplicant/blacklist.c
index 03e5d44b2..98721e144 100644
--- a/wpa_supplicant/blacklist.c
+++ b/wpa_supplicant/blacklist.c
@@ -26,6 +26,12 @@ struct wpa_blacklist * wpa_blacklist_get(struct wpa_supplicant *wpa_s,
if (wpa_s == NULL || bssid == NULL)
return NULL;
+ if (wpa_s->current_ssid->was_recently_reconfigured) {
+ wpa_blacklist_clear(wpa_s);
+ wpa_s->current_ssid->was_recently_reconfigured = 0;
+ return NULL;
+ }
+
wpa_blacklist_update(wpa_s);
e = wpa_s->blacklist;
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index 0b4a66ad7..ff237c20b 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -3107,7 +3107,6 @@ int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value,
{
size_t i;
int ret = 0;
-
if (ssid == NULL || var == NULL || value == NULL)
return -1;
@@ -3142,6 +3141,7 @@ int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value,
}
ret = -1;
}
+ ssid->was_recently_reconfigured = 1;
return ret;
}
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 2c08c0218..895fe2c20 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -1137,6 +1137,12 @@ struct wpa_ssid {
* 2 = disable SAE-PK (allow SAE authentication only without SAE-PK)
*/
enum sae_pk_mode sae_pk;
+
+ /**
+ * was_recently_reconfigured - Whether this SSID config has been changed
+ * recently
+ */
+ int was_recently_reconfigured;
};
#endif /* CONFIG_SSID_H */
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index d65dd852a..8aeb24afc 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1183,6 +1183,7 @@ int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
wpa_s->reassociate = 1;
wpa_supplicant_req_scan(wpa_s, 0, 0);
}
+ wpa_blacklist_clear(wpa_s);
wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
return 0;
}
--
2.26.2
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
