aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2012-10-27 08:52:43 (GMT)
committerJouni Malinen <j@w1.fi>2012-10-27 08:52:43 (GMT)
commit86cf382b80b9cf0ea116d39f1a56669197651917 (patch)
treebea6db424c22f3076923b757bc2795c4e3658fc6
parent04a3e69dd18d2d0f48fc9365a8f9d1907d18ec07 (diff)
downloadhostap-86cf382b80b9cf0ea116d39f1a56669197651917.zip
hostap-86cf382b80b9cf0ea116d39f1a56669197651917.tar.gz
hostap-86cf382b80b9cf0ea116d39f1a56669197651917.tar.bz2
Fix EAPOL supplicant port authorization with PMKSA caching
The previous eapol_sm_notify_cached() implementation forced the port to be authorized when receiving EAPOL-Key msg 1/4 that included a matching PMKID in cases when PMKSA caching is used. This is too early since the port should really be authorized only after the PTK has been configured which is the case when PMKSA caching is not used. Fix this by using the EAPOL supplicant PAE state machine to go through the AUTHENTICATING and AUTHENTICATED states instead of forcing a jump to AUTHENTICATED without performing full state machine steps. This can be achieved simply by marking eapSuccess TRUE at least with the current version of EAP and EAPOL state machines (the earlier commits in this function seemed to indicate that this may have not been that easy in the older versions due to the hacks needed here). This addresses an issue with nl80211-based driver interface when the driver depends on the STA Authorized flag being used to prevent unprotected frames from being accepted (both TX and RX) prior to PTK configuration. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1
-rw-r--r--src/eapol_supp/eapol_supp_sm.c5
1 files changed, 1 insertions, 4 deletions
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 851cf49..f90fb62 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -1469,10 +1469,7 @@ void eapol_sm_notify_cached(struct eapol_sm *sm)
if (sm == NULL)
return;
wpa_printf(MSG_DEBUG, "EAPOL: PMKSA caching was used - skip EAPOL");
- sm->SUPP_PAE_state = SUPP_PAE_AUTHENTICATED;
- sm->suppPortStatus = Authorized;
- eapol_sm_set_port_authorized(sm);
- sm->portValid = TRUE;
+ sm->eapSuccess = TRUE;
eap_notify_success(sm->eap);
eapol_sm_step(sm);
}