aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2010-11-07 14:25:35 (GMT)
committerJouni Malinen <j@w1.fi>2010-11-07 14:25:35 (GMT)
commit6fc58a89e1dc41a315b15c8e067dc50f30dd741e (patch)
tree66db870a55f573385ac81fc9435812f8e3a528cc
parenteacc12bfbbefc2742b90286063aa8668a1eafc1f (diff)
downloadhostap-6fc58a89e1dc41a315b15c8e067dc50f30dd741e.zip
hostap-6fc58a89e1dc41a315b15c8e067dc50f30dd741e.tar.gz
hostap-6fc58a89e1dc41a315b15c8e067dc50f30dd741e.tar.bz2
Fix EAP standalone server
Commit c3fc47ea8e1d3730e11eb9978d13831212727902 fixed EAP passthrough server to allow Logoff/Re-authentication to be used. However, it broke EAP standalone server while doing that. Fix this by reverting the earlier fix and by clearing the EAP Identity information in the EAP server code whenever an EAPOL-Start or EAPOL-Logoff packet is received.
-rw-r--r--src/ap/ieee802_1x.c2
-rw-r--r--src/eap_server/eap.h1
-rw-r--r--src/eap_server/eap_server.c22
3 files changed, 18 insertions, 7 deletions
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 1c9ee7b..3e4aa0f 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -776,6 +776,7 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
}
sta->eapol_sm->eapolStart = TRUE;
sta->eapol_sm->dot1xAuthEapolStartFramesRx++;
+ eap_server_clear_identity(sta->eapol_sm->eap);
wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH_EAPOL);
break;
@@ -788,6 +789,7 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
accounting_sta_stop(hapd, sta);
sta->eapol_sm->eapolLogoff = TRUE;
sta->eapol_sm->dot1xAuthEapolLogoffFramesRx++;
+ eap_server_clear_identity(sta->eapol_sm->eap);
break;
case IEEE802_1X_TYPE_EAPOL_KEY:
diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h
index 0c09923..6b29075 100644
--- a/src/eap_server/eap.h
+++ b/src/eap_server/eap.h
@@ -123,5 +123,6 @@ void eap_sm_pending_cb(struct eap_sm *sm);
int eap_sm_method_pending(struct eap_sm *sm);
const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
+void eap_server_clear_identity(struct eap_sm *sm);
#endif /* EAP_H */
diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index 6dae69b..41416b1 100644
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -147,13 +147,6 @@ SM_STATE(EAP, INITIALIZE)
sm->eap_if.eapRestart = FALSE;
/*
- * Start reauthentication with identity request even if we know the
- * previously used identity. This is needed to get reauthentication
- * started properly.
- */
- sm->start_reauth = TRUE;
-
- /*
* This is not defined in RFC 4137, but method state needs to be
* reseted here so that it does not remain in success state when
* re-authentication starts.
@@ -1374,3 +1367,18 @@ struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm)
{
return &sm->eap_if;
}
+
+
+/**
+ * eap_server_clear_identity - Clear EAP identity information
+ * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
+ *
+ * This function can be used to clear the EAP identity information in the EAP
+ * server context. This allows the EAP/Identity method to be used again after
+ * EAPOL-Start or EAPOL-Logoff.
+ */
+void eap_server_clear_identity(struct eap_sm *sm)
+{
+ os_free(sm->identity);
+ sm->identity = NULL;
+}