aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/events.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2016-08-10 20:51:21 (GMT)
committerJouni Malinen <j@w1.fi>2016-08-11 13:05:45 (GMT)
commite07adb7faa46de96172594bf9cd3600933daf18b (patch)
treea957131cb7a2be50af0695820953006d812618bf /wpa_supplicant/events.c
parent2d6a526ac3885605f34df4037fc79ad330565b23 (diff)
downloadhostap-e07adb7faa46de96172594bf9cd3600933daf18b.zip
hostap-e07adb7faa46de96172594bf9cd3600933daf18b.tar.gz
hostap-e07adb7faa46de96172594bf9cd3600933daf18b.tar.bz2
Fix EAP state machine reset with offloaded roaming and authorization
If the driver indicates a roamed event with already completed authorization, altAccept = TRUE could have resulted in the EAP state machine ending up in the FAILURE state from the INITIALIZE state. This is not correct behavior and similar cases were already addressed for FT and WPA-PSK. Fix the offloaded roamed+authorized (EAP/PMKSA caching) case by doing similar changes to EAPOL/EAP state variable updates during association event handling. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'wpa_supplicant/events.c')
-rw-r--r--wpa_supplicant/events.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 50461b6..08ff672 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -2234,7 +2234,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
u8 bssid[ETH_ALEN];
- int ft_completed;
+ int ft_completed, already_authorized;
int new_bss = 0;
#ifdef CONFIG_AP
@@ -2310,6 +2310,8 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
if (wpa_s->l2)
l2_packet_notify_auth_start(wpa_s->l2);
+ already_authorized = data && data->assoc_info.authorized;
+
/*
* Set portEnabled first to FALSE in order to get EAP state machine out
* of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE
@@ -2318,11 +2320,12 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
* AUTHENTICATED without ever giving chance to EAP state machine to
* reset the state.
*/
- if (!ft_completed) {
+ if (!ft_completed && !already_authorized) {
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
}
- if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || ft_completed)
+ if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || ft_completed ||
+ already_authorized)
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
/* 802.1X::portControl = Auto */
eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);