aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-01-08 08:24:05 (GMT)
committerJouni Malinen <j@w1.fi>2014-01-08 14:42:15 (GMT)
commitc60ba9f7abfcd294c7403f54dd53641eafc7d15a (patch)
treec33242730292cf5d4ff096e65cdd6f0f64cbf270 /wpa_supplicant
parent7185e16a91b600f4d9976118af6844e8cf8526f5 (diff)
downloadhostap-c60ba9f7abfcd294c7403f54dd53641eafc7d15a.zip
hostap-c60ba9f7abfcd294c7403f54dd53641eafc7d15a.tar.gz
hostap-c60ba9f7abfcd294c7403f54dd53641eafc7d15a.tar.bz2
Skip network disabling on expected EAP failure
Some EAP methods can go through a step that is expected to fail and as such, should not trigger temporary network disabling when processing EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as a special case, but similar behavior is needed for EAP-FAST with unauthenticated provisioning. Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wpa_supplicant')
-rw-r--r--wpa_supplicant/eapol_test.c5
-rw-r--r--wpa_supplicant/events.c9
-rw-r--r--wpa_supplicant/wpa_supplicant.c1
-rw-r--r--wpa_supplicant/wpa_supplicant_i.h1
-rw-r--r--wpa_supplicant/wpas_glue.c29
5 files changed, 34 insertions, 11 deletions
diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c
index cb71475..ac0ab0b 100644
--- a/wpa_supplicant/eapol_test.c
+++ b/wpa_supplicant/eapol_test.c
@@ -365,10 +365,11 @@ static int eapol_test_compare_pmk(struct eapol_test_data *e)
}
-static void eapol_sm_cb(struct eapol_sm *eapol, int success, void *ctx)
+static void eapol_sm_cb(struct eapol_sm *eapol, enum eapol_supp_result result,
+ void *ctx)
{
struct eapol_test_data *e = ctx;
- printf("eapol_sm_cb: success=%d\n", success);
+ printf("eapol_sm_cb: result=%d\n", result);
e->eapol_test_num_reauths--;
if (e->eapol_test_num_reauths < 0)
eloop_terminate();
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index abd27d8..632f0fe 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -2547,10 +2547,11 @@ static void wpas_event_disconnect(struct wpa_supplicant *wpa_s, const u8 *addr,
wpa_supplicant_event_disassoc(wpa_s, reason_code, locally_generated);
- if (reason_code == WLAN_REASON_IEEE_802_1X_AUTH_FAILED ||
- ((wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
- (wpa_s->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) &&
- eapol_sm_failed(wpa_s->eapol)))
+ if (((reason_code == WLAN_REASON_IEEE_802_1X_AUTH_FAILED ||
+ ((wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
+ (wpa_s->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) &&
+ eapol_sm_failed(wpa_s->eapol))) &&
+ !wpa_s->eap_expected_failure))
wpas_auth_failed(wpa_s);
#ifdef CONFIG_P2P
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 187e5d9..78e2749 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1410,6 +1410,7 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
os_memset(&params, 0, sizeof(params));
wpa_s->reassociate = 0;
+ wpa_s->eap_expected_failure = 0;
if (bss && !wpas_driver_bss_selection(wpa_s)) {
#ifdef CONFIG_IEEE80211R
const u8 *ie, *md = NULL;
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index d1ea77b..0130f81 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -571,6 +571,7 @@ struct wpa_supplicant {
struct os_reltime pending_eapol_rx_time;
u8 pending_eapol_rx_src[ETH_ALEN];
unsigned int last_eapol_matches_bssid:1;
+ unsigned int eap_expected_failure:1;
struct ibss_rsn *ibss_rsn;
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index ab6cdca..999d667 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -216,20 +216,38 @@ static void wpa_supplicant_aborted_cached(void *ctx)
}
-static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, int success,
+static const char * result_str(enum eapol_supp_result result)
+{
+ switch (result) {
+ case EAPOL_SUPP_RESULT_FAILURE:
+ return "FAILURE";
+ case EAPOL_SUPP_RESULT_SUCCESS:
+ return "SUCCESS";
+ case EAPOL_SUPP_RESULT_EXPECTED_FAILURE:
+ return "EXPECTED_FAILURE";
+ }
+ return "?";
+}
+
+
+static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
+ enum eapol_supp_result result,
void *ctx)
{
struct wpa_supplicant *wpa_s = ctx;
int res, pmk_len;
u8 pmk[PMK_LEN];
- wpa_printf(MSG_DEBUG, "EAPOL authentication completed %ssuccessfully",
- success ? "" : "un");
+ wpa_printf(MSG_DEBUG, "EAPOL authentication completed - result=%s",
+ result_str(result));
if (wpas_wps_eapol_cb(wpa_s) > 0)
return;
- if (!success) {
+ wpa_s->eap_expected_failure = result ==
+ EAPOL_SUPP_RESULT_EXPECTED_FAILURE;
+
+ if (result != EAPOL_SUPP_RESULT_SUCCESS) {
/*
* Make sure we do not get stuck here waiting for long EAPOL
* timeout if the AP does not disconnect in case of
@@ -238,7 +256,8 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, int success,
wpa_supplicant_req_auth_timeout(wpa_s, 2, 0);
}
- if (!success || !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
+ if (result != EAPOL_SUPP_RESULT_SUCCESS ||
+ !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
return;
if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt))