path: root/wpa_supplicant
diff options
authorJouni Malinen <jouni@qca.qualcomm.com>2016-08-10 20:51:21 (GMT)
committerJouni Malinen <j@w1.fi>2016-08-11 13:05:45 (GMT)
commite07adb7faa46de96172594bf9cd3600933daf18b (patch)
treea957131cb7a2be50af0695820953006d812618bf /wpa_supplicant
parent2d6a526ac3885605f34df4037fc79ad330565b23 (diff)
Fix EAP state machine reset with offloaded roaming and authorization
If the driver indicates a roamed event with already completed authorization, altAccept = TRUE could have resulted in the EAP state machine ending up in the FAILURE state from the INITIALIZE state. This is not correct behavior and similar cases were already addressed for FT and WPA-PSK. Fix the offloaded roamed+authorized (EAP/PMKSA caching) case by doing similar changes to EAPOL/EAP state variable updates during association event handling. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'wpa_supplicant')
1 files changed, 6 insertions, 3 deletions
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 50461b6..08ff672 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -2234,7 +2234,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
u8 bssid[ETH_ALEN];
- int ft_completed;
+ int ft_completed, already_authorized;
int new_bss = 0;
#ifdef CONFIG_AP
@@ -2310,6 +2310,8 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
if (wpa_s->l2)
+ already_authorized = data && data->assoc_info.authorized;
* Set portEnabled first to FALSE in order to get EAP state machine out
* of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE
@@ -2318,11 +2320,12 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
* AUTHENTICATED without ever giving chance to EAP state machine to
* reset the state.
- if (!ft_completed) {
+ if (!ft_completed && !already_authorized) {
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
- if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || ft_completed)
+ if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || ft_completed ||
+ already_authorized)
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
/* 802.1X::portControl = Auto */
eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);