aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server/eap.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2009-03-02 17:06:23 (GMT)
committerJouni Malinen <j@w1.fi>2009-03-11 19:17:03 (GMT)
commit678f634d2d917e66174dac8968e78151b552381c (patch)
treedf6cbb12fc16cfa61c017871f55c3e2902ccf41a /src/eap_server/eap.c
parent8b19cc2d8c6aa9f7a3dc4feb120e4753a459a736 (diff)
downloadhostap-06-678f634d2d917e66174dac8968e78151b552381c.zip
hostap-06-678f634d2d917e66174dac8968e78151b552381c.tar.gz
hostap-06-678f634d2d917e66174dac8968e78151b552381c.tar.bz2
Fix EAPOL/EAP reauthentication with external RADIUS server
The EAP server state machine will need to have special code in getDecision() to avoid starting passthrough operations before having completed Identity round in the beginning of reauthentication. This was broken when moving into using the full authenticator state machine from RFC 4137 in 0.6.x. (cherry picked from commit 1fd4b0db7c1dc82e09234f33d798bd07a69ab0c7) Conflicts: hostapd/ChangeLog
Diffstat (limited to 'src/eap_server/eap.c')
-rw-r--r--src/eap_server/eap.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/src/eap_server/eap.c b/src/eap_server/eap.c
index dea91e6..d23ae2f 100644
--- a/src/eap_server/eap.c
+++ b/src/eap_server/eap.c
@@ -573,6 +573,13 @@ SM_STATE(EAP, SUCCESS2)
}
sm->eap_if.eapSuccess = TRUE;
+
+ /*
+ * Start reauthentication with identity request even though we know the
+ * previously used identity. This is needed to get reauthentication
+ * started properly.
+ */
+ sm->start_reauth = TRUE;
}
@@ -1070,7 +1077,7 @@ static EapType eap_sm_Policy_getNextMethod(struct eap_sm *sm, int *vendor)
static int eap_sm_Policy_getDecision(struct eap_sm *sm)
{
- if (!sm->eap_server && sm->identity) {
+ if (!sm->eap_server && sm->identity && !sm->start_reauth) {
wpa_printf(MSG_DEBUG, "EAP: getDecision: -> PASSTHROUGH");
return DECISION_PASSTHROUGH;
}
@@ -1091,7 +1098,8 @@ static int eap_sm_Policy_getDecision(struct eap_sm *sm)
return DECISION_FAILURE;
}
- if ((sm->user == NULL || sm->update_user) && sm->identity) {
+ if ((sm->user == NULL || sm->update_user) && sm->identity &&
+ !sm->start_reauth) {
/*
* Allow Identity method to be started once to allow identity
* selection hint to be sent from the authentication server,
@@ -1118,6 +1126,7 @@ static int eap_sm_Policy_getDecision(struct eap_sm *sm)
}
sm->update_user = FALSE;
}
+ sm->start_reauth = FALSE;
if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
(sm->user->methods[sm->user_eap_method_index].vendor !=