shill: Clear PMKSA cached credentials on unload
When an 802.1x WiFi service Unload()s, ask wpa_supplicant to clear
all cached credentials. This is a workaround for dropping PMKSA
cache entries in wpa_supplicant when the user logs ouut. Newer
versions of wpa_supplicant will support dropping cache entries
automatically when netblocks are changed. This will allow more
granular key clearing.
BUG=chromium-os:23367
TEST=New unit test
Change-Id: I94d69b6943d69c7f5f31ed7846d908b38ce8e6c8
Reviewed-on: https://gerrit.chromium.org/gerrit/15163
Commit-Ready: Paul Stewart <pstew@chromium.org>
Reviewed-by: Paul Stewart <pstew@chromium.org>
Tested-by: Paul Stewart <pstew@chromium.org>
diff --git a/wifi_service.cc b/wifi_service.cc
index e2fd9c6..b4ef8bb 100644
--- a/wifi_service.cc
+++ b/wifi_service.cc
@@ -281,6 +281,17 @@
hidden_ssid_ = false;
passphrase_ = "";
UpdateConnectable();
+ if (security_ == flimflam::kSecurity8021x) {
+ // TODO(pstew): 802.1x/RSN networks (as opposed to 802.1x/WPA or
+ // 802.1x/WEP) have the ability to cache WPA PMK credentials.
+ // Make sure that these are cleared when credentials for networks
+ // of this type goes away.
+ //
+ // When wpa_supplicant gains the ability, do this credential
+ // clearing on a per-service basis. Also do this whenever the credentials
+ // for a service changes. crosbug.com/25670
+ wifi_->ClearCachedCredentials();
+ }
}
bool WiFiService::IsSecurityMatch(const string &security) const {