aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2005-06-27 02:30:59 (GMT)
committerJouni Malinen <j@w1.fi>2005-06-27 02:30:59 (GMT)
commitb4c94d8fcf54310b8340785dd958db1778c807fb (patch)
treecff08f175d91bb7a9f3934ad600631895ceeedcb
parent7fbafa439d74dd4d0f7249226e17c943676dc060 (diff)
downloadhostap-history-b4c94d8fcf54310b8340785dd958db1778c807fb.zip
hostap-history-b4c94d8fcf54310b8340785dd958db1778c807fb.tar.gz
hostap-history-b4c94d8fcf54310b8340785dd958db1778c807fb.tar.bz2
Fixed PMKSA caching for the case where STA (re)associates without
first disassociating. Based on comments and patch from Divy Le Ray <dleray@atheros.com>: It seems the last changes regarding PMKSA caching fixed pre-authentication, but broke PMKSA caching on re-authentication. I collected the attached traces against hostapd-0.4.2. On re-authentication, the WPA state machine will not move to INITPMK, as keyRun is FALSE. The WPA exchange won't start and a full 802.1x session will run. I applied the fix in attachement to the madwifi driver: on a re-auth event, let the 802.1x state machine decide if it can bypass a full authentication, and set its flags accordingly. Then kick the WPA state machine. It gives good results for both PMK caching usage on re-auth and pre-auth. jkm: cleaned up the changes in the patch and applied the same fix for other driver interfaces
-rw-r--r--hostapd/ChangeLog2
-rw-r--r--hostapd/driver_madwifi.c5
-rw-r--r--hostapd/driver_prism54.c5
-rw-r--r--hostapd/driver_test.c5
-rw-r--r--hostapd/driver_wired.c2
-rw-r--r--hostapd/hostapd.c7
-rw-r--r--hostapd/hostapd.h2
-rw-r--r--hostapd/ieee802_11.c5
-rw-r--r--hostapd/ieee802_1x.c24
9 files changed, 24 insertions, 33 deletions
diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index 6a941a4..24ea126 100644
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -5,6 +5,8 @@ ChangeLog for hostapd
RADIUS accounting gets correct information
* start RADIUS accounting only after successful completion of WPA
4-Way Handshake if WPA-PSK is used
+ * fixed PMKSA caching for the case where STA (re)associates without
+ first disassociating
2005-06-12 - v0.4.2
* EAP-PAX is now registered as EAP type 46
diff --git a/hostapd/driver_madwifi.c b/hostapd/driver_madwifi.c
index 60734e2..9ed9393 100644
--- a/hostapd/driver_madwifi.c
+++ b/hostapd/driver_madwifi.c
@@ -730,10 +730,7 @@ madwifi_new_sta(struct madwifi_driver_data *drv, u8 addr[IEEE80211_ADDR_LEN])
new_assoc = (sta->flags & WLAN_STA_ASSOC) == 0;
sta->flags |= WLAN_STA_ASSOC;
wpa_sm_event(hapd, sta, WPA_ASSOC);
- if (new_assoc)
- hostapd_new_assoc_sta(hapd, sta);
- else
- wpa_sm_event(hapd, sta, WPA_REAUTH);
+ hostapd_new_assoc_sta(hapd, sta, !new_assoc);
ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
return 0;
}
diff --git a/hostapd/driver_prism54.c b/hostapd/driver_prism54.c
index 15d3e63..6486bfe 100644
--- a/hostapd/driver_prism54.c
+++ b/hostapd/driver_prism54.c
@@ -806,10 +806,7 @@ static void prism54_handle_assoc(struct prism54_driver_data *drv,
new_assoc = (sta->flags & WLAN_STA_ASSOC) == 0;
sta->flags |= WLAN_STA_ASSOC;
wpa_sm_event(drv->hapd, sta, WPA_ASSOC);
- if (new_assoc)
- hostapd_new_assoc_sta(drv->hapd, sta);
- else
- wpa_sm_event(drv->hapd, sta, WPA_REAUTH);
+ hostapd_new_assoc_sta(drv->hapd, sta, !new_assoc);
ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
sta->timeout_next = STA_NULLFUNC;
return;
diff --git a/hostapd/driver_test.c b/hostapd/driver_test.c
index 7db3521..259d3cc 100644
--- a/hostapd/driver_test.c
+++ b/hostapd/driver_test.c
@@ -196,10 +196,7 @@ static int test_driver_new_sta(struct test_driver_data *drv, const u8 *addr,
sta->flags |= WLAN_STA_ASSOC;
wpa_sm_event(hapd, sta, WPA_ASSOC);
- if (new_assoc)
- hostapd_new_assoc_sta(hapd, sta);
- else
- wpa_sm_event(hapd, sta, WPA_REAUTH);
+ hostapd_new_assoc_sta(hapd, sta, !new_assoc);
ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
diff --git a/hostapd/driver_wired.c b/hostapd/driver_wired.c
index 3e21268..3fe969d 100644
--- a/hostapd/driver_wired.c
+++ b/hostapd/driver_wired.c
@@ -95,7 +95,7 @@ static void wired_possible_new_sta(struct hostapd_data *hapd, u8 *addr)
MACSTR " - adding a new STA\n", MAC2STR(addr));
sta = ap_sta_add(hapd, addr);
if (sta) {
- hostapd_new_assoc_sta(hapd, sta);
+ hostapd_new_assoc_sta(hapd, sta, 0);
accounting_sta_get_id(hapd, sta);
} else {
HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Failed to add STA entry "
diff --git a/hostapd/hostapd.c b/hostapd/hostapd.c
index 98808d3..e98f162 100644
--- a/hostapd/hostapd.c
+++ b/hostapd/hostapd.c
@@ -199,7 +199,7 @@ static void hostapd_deauth_all_stas(hostapd *hapd)
/* This function will be called whenever a station associates with the AP */
-void hostapd_new_assoc_sta(hostapd *hapd, struct sta_info *sta)
+void hostapd_new_assoc_sta(hostapd *hapd, struct sta_info *sta, int reassoc)
{
/* IEEE 802.11F (IAPP) */
if (hapd->conf->ieee802_11f)
@@ -213,7 +213,10 @@ void hostapd_new_assoc_sta(hostapd *hapd, struct sta_info *sta)
/* Start IEEE 802.1X authentication process for new stations */
ieee802_1x_new_station(hapd, sta);
- wpa_new_station(hapd, sta);
+ if (reassoc)
+ wpa_sm_event(hapd, sta, WPA_REAUTH);
+ else
+ wpa_new_station(hapd, sta);
}
diff --git a/hostapd/hostapd.h b/hostapd/hostapd.h
index 3dea92e..77907e4 100644
--- a/hostapd/hostapd.h
+++ b/hostapd/hostapd.h
@@ -118,7 +118,7 @@ struct hostapd_data {
struct radius_server_data *radius_srv;
};
-void hostapd_new_assoc_sta(hostapd *hapd, struct sta_info *sta);
+void hostapd_new_assoc_sta(hostapd *hapd, struct sta_info *sta, int reassoc);
void hostapd_logger(struct hostapd_data *hapd, const u8 *addr,
unsigned int module, int level, const char *fmt,
...) __attribute__ ((format (printf, 5, 6)));
diff --git a/hostapd/ieee802_11.c b/hostapd/ieee802_11.c
index 22901fc..2c2f7db 100644
--- a/hostapd/ieee802_11.c
+++ b/hostapd/ieee802_11.c
@@ -1094,10 +1094,7 @@ static void handle_assoc_cb(hostapd *hapd, struct ieee80211_mgmt *mgmt,
}
wpa_sm_event(hapd, sta, WPA_ASSOC);
- if (new_assoc)
- hostapd_new_assoc_sta(hapd, sta);
- else
- wpa_sm_event(hapd, sta, WPA_REAUTH);
+ hostapd_new_assoc_sta(hapd, sta, !new_assoc);
ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
diff --git a/hostapd/ieee802_1x.c b/hostapd/ieee802_1x.c
index 865acb8..4457fa2 100644
--- a/hostapd/ieee802_1x.c
+++ b/hostapd/ieee802_1x.c
@@ -805,20 +805,17 @@ void ieee802_1x_new_station(hostapd *hapd, struct sta_info *sta)
if (!hapd->conf->ieee802_1x || sta->wpa_key_mgmt == WPA_KEY_MGMT_PSK)
return;
- if (sta->eapol_sm) {
- sta->eapol_sm->portEnabled = TRUE;
- eapol_sm_step(sta->eapol_sm);
- return;
- }
-
- hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
- HOSTAPD_LEVEL_DEBUG, "start authentication");
- sta->eapol_sm = eapol_sm_alloc(hapd, sta);
if (sta->eapol_sm == NULL) {
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
- HOSTAPD_LEVEL_INFO, "failed to allocate "
- "state machine");
- return;
+ HOSTAPD_LEVEL_DEBUG, "start authentication");
+ sta->eapol_sm = eapol_sm_alloc(hapd, sta);
+ if (sta->eapol_sm == NULL) {
+ hostapd_logger(hapd, sta->addr,
+ HOSTAPD_MODULE_IEEE8021X,
+ HOSTAPD_LEVEL_INFO,
+ "failed to allocate state machine");
+ return;
+ }
}
sta->eapol_sm->portEnabled = TRUE;
@@ -836,7 +833,8 @@ void ieee802_1x_new_station(hostapd *hapd, struct sta_info *sta)
sta->eapol_sm->authSuccess = TRUE;
if (sta->eapol_sm->eap)
eap_sm_notify_cached(sta->eapol_sm->eap);
- }
+ } else
+ eapol_sm_step(sta->eapol_sm);
}