aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2019-08-07 08:51:44 (GMT)
committerJouni Malinen <j@w1.fi>2019-08-07 16:24:06 (GMT)
commitb0b25c5bbc52a6af3b1cbb38b125ad659e90f446 (patch)
treee575b8b74c76bc69dc903be07aa7e2e359db5a97
parentfa1d5ec182f7102b6d9d57685477de457c6b0b9f (diff)
downloadhostap-b0b25c5bbc52a6af3b1cbb38b125ad659e90f446.zip
hostap-b0b25c5bbc52a6af3b1cbb38b125ad659e90f446.tar.gz
hostap-b0b25c5bbc52a6af3b1cbb38b125ad659e90f446.tar.bz2
Clear external eapSuccess setting in driver-authorized cases
The conditions for the eapol_sm_notify_eap_success(FALSE) calls did not cover the case where eapol_sm_notify_eap_success(TRUE) had been called based on offloaded 4-way handshake and driver notification of authorization in wpa_supplicant_event_port_authorized(). This could result in eapSuccess and altSuccess state machine variables being left TRUE when roaming to another BSS and that results in EAP failure if the following roaming case does not get fully authorized through the driver offload. Fix this by clearing eapSuccess/altSuccess when processing a new association (including roaming) event and also when disconnecting from the network. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-rw-r--r--wpa_supplicant/events.c6
-rw-r--r--wpa_supplicant/wpa_supplicant_i.h1
2 files changed, 5 insertions, 2 deletions
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 87dad08..89c9452 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -316,8 +316,9 @@ void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s)
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
- wpa_s->key_mgmt == WPA_KEY_MGMT_DPP)
+ wpa_s->key_mgmt == WPA_KEY_MGMT_DPP || wpa_s->drv_authorized_port)
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
+ wpa_s->drv_authorized_port = 0;
wpa_s->ap_ies_from_associnfo = 0;
wpa_s->current_ssid = NULL;
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
@@ -2831,7 +2832,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
wpa_s->key_mgmt == WPA_KEY_MGMT_DPP ||
wpa_s->key_mgmt == WPA_KEY_MGMT_OWE || ft_completed ||
- already_authorized)
+ already_authorized || wpa_s->drv_authorized_port)
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
/* 802.1X::portControl = Auto */
eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);
@@ -3935,6 +3936,7 @@ static void wpa_supplicant_event_port_authorized(struct wpa_supplicant *wpa_s)
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
+ wpa_s->drv_authorized_port = 1;
}
}
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 8a4bdf8..32f390f 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -1254,6 +1254,7 @@ struct wpa_supplicant {
unsigned int ieee80211ac:1;
unsigned int enabled_4addr_mode:1;
unsigned int multi_bss_support:1;
+ unsigned int drv_authorized_port:1;
};