hostapd: Force PSK to be derived again on BSS reload

This may be needed if the wpa_psk information for previously derived
from passphrase and either the SSID or the passphrase has changed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

hostapd/config_file.c

@@ -2181,8 +2181,11 @@ static int hostapd_config_fill(struct hostapd_config *conf,
 			} else {
 				os_free(bss->ssid.wpa_passphrase);
 				bss->ssid.wpa_passphrase = os_strdup(pos);
-				os_free(bss->ssid.wpa_psk);
-				bss->ssid.wpa_psk = NULL;
+				if (bss->ssid.wpa_passphrase) {
+					os_free(bss->ssid.wpa_psk);
+					bss->ssid.wpa_psk = NULL;
+					bss->ssid.wpa_passphrase_set = 1;
+				}
 			}
 		} else if (os_strcmp(buf, "wpa_psk") == 0) {
 			os_free(bss->ssid.wpa_psk);
@@ -2200,6 +2203,7 @@ static int hostapd_config_fill(struct hostapd_config *conf,
 				bss->ssid.wpa_psk->group = 1;
 				os_free(bss->ssid.wpa_passphrase);
 				bss->ssid.wpa_passphrase = NULL;
+				bss->ssid.wpa_psk_set = 1;
 			}
 		} else if (os_strcmp(buf, "wpa_psk_file") == 0) {
 			os_free(bss->ssid.wpa_psk_file);

src/ap/ap_config.h

@@ -53,6 +53,8 @@ struct hostapd_ssid {
 	size_t ssid_len;
 	unsigned int ssid_set:1;
 	unsigned int utf8_ssid:1;
+	unsigned int wpa_passphrase_set:1;
+	unsigned int wpa_psk_set:1;
 
 	char vlan[IFNAMSIZ + 1];
 	secpolicy security_policy;

src/ap/hostapd.c

@@ -62,10 +62,22 @@ int hostapd_for_each_interface(struct hapd_interfaces *interfaces,
 
 static void hostapd_reload_bss(struct hostapd_data *hapd)
 {
+	struct hostapd_ssid *ssid;
+
 #ifndef CONFIG_NO_RADIUS
 	radius_client_reconfig(hapd->radius, hapd->conf->radius);
 #endif /* CONFIG_NO_RADIUS */
 
+	ssid = &hapd->conf->ssid;
+	if (!ssid->wpa_psk_set && ssid->wpa_psk && !ssid->wpa_psk->next &&
+	    ssid->wpa_passphrase_set && ssid->wpa_passphrase) {
+		/*
+		 * Force PSK to be derived again since SSID or passphrase may
+		 * have changed.
+		 */
+		os_free(ssid->wpa_psk);
+		ssid->wpa_psk = NULL;
+	}
 	if (hostapd_setup_wpa_psk(hapd->conf)) {
 		wpa_printf(MSG_ERROR, "Failed to re-configure WPA PSK "
 			   "after reloading configuration");