EAP server: Force identity request after INITIALIZE for passthrough

Previously, sm->start_reauth was set to TRUE in SUCCESS2 state to force
reauthentication to start with EAP identity request. This works fine for
the case of EAP success through the AAA passthrough authentication, but
is not enough to handle passthrough authentication failure. sm->identity
is set in that case and getDecision would return PASSTHROUGH instead of
CONTINUE (to Identity method).

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2011-12-03 17:37:48 +02:00
parent bfba8deb8b
commit 204dd3f420

View file

@ -169,6 +169,13 @@ SM_STATE(EAP, INITIALIZE)
sm->num_rounds = 0; sm->num_rounds = 0;
sm->method_pending = METHOD_PENDING_NONE; sm->method_pending = METHOD_PENDING_NONE;
/*
* Start reauthentication with identity request even though we know the
* previously used identity. This is needed to get reauthentication
* started properly.
*/
sm->start_reauth = TRUE;
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_STARTED wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_STARTED
MACSTR, MAC2STR(sm->peer_addr)); MACSTR, MAC2STR(sm->peer_addr));
} }
@ -589,13 +596,6 @@ SM_STATE(EAP, SUCCESS2)
} }
sm->eap_if.eapSuccess = TRUE; sm->eap_if.eapSuccess = TRUE;
/*
* Start reauthentication with identity request even though we know the
* previously used identity. This is needed to get reauthentication
* started properly.
*/
sm->start_reauth = TRUE;
} }