EAP server: Force identity request after INITIALIZE for passthrough
Previously, sm->start_reauth was set to TRUE in SUCCESS2 state to force reauthentication to start with EAP identity request. This works fine for the case of EAP success through the AAA passthrough authentication, but is not enough to handle passthrough authentication failure. sm->identity is set in that case and getDecision would return PASSTHROUGH instead of CONTINUE (to Identity method). Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
bfba8deb8b
commit
204dd3f420
1 changed files with 7 additions and 7 deletions
|
@ -169,6 +169,13 @@ SM_STATE(EAP, INITIALIZE)
|
||||||
sm->num_rounds = 0;
|
sm->num_rounds = 0;
|
||||||
sm->method_pending = METHOD_PENDING_NONE;
|
sm->method_pending = METHOD_PENDING_NONE;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Start reauthentication with identity request even though we know the
|
||||||
|
* previously used identity. This is needed to get reauthentication
|
||||||
|
* started properly.
|
||||||
|
*/
|
||||||
|
sm->start_reauth = TRUE;
|
||||||
|
|
||||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_STARTED
|
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_STARTED
|
||||||
MACSTR, MAC2STR(sm->peer_addr));
|
MACSTR, MAC2STR(sm->peer_addr));
|
||||||
}
|
}
|
||||||
|
@ -589,13 +596,6 @@ SM_STATE(EAP, SUCCESS2)
|
||||||
}
|
}
|
||||||
|
|
||||||
sm->eap_if.eapSuccess = TRUE;
|
sm->eap_if.eapSuccess = TRUE;
|
||||||
|
|
||||||
/*
|
|
||||||
* Start reauthentication with identity request even though we know the
|
|
||||||
* previously used identity. This is needed to get reauthentication
|
|
||||||
* started properly.
|
|
||||||
*/
|
|
||||||
sm->start_reauth = TRUE;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue