Fix full EAP authentication after PMKSA cache add failure

Need to get EAP state machine into a state where it is willing to proceed with a new EAP-Request/Identity if PMKSA cache addition fails after a successful EAP authentication before the initial 4-way handshake can be completed. Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 13:36:55 +02:00 · 2021-03-20 13:36:55 +02:00 · 6c8842f0e0
commit 6c8842f0e0
parent be06fd5b02
1 changed files with 4 additions and 0 deletions
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@ -451,6 +451,10 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
 		buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
 					 NULL, 0, &buflen, NULL);
 		if (buf) {
+			/* Set and reset eapFail to allow EAP state machine to
+			 * proceed with new authentication. */
+			eapol_sm_notify_eap_fail(sm->eapol, true);
+			eapol_sm_notify_eap_fail(sm->eapol, false);
 			wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
 					  buf, buflen);
 			os_free(buf);