Fix EAP standalone server

Commit c3fc47ea8e fixed EAP passthrough
server to allow Logoff/Re-authentication to be used. However, it
broke EAP standalone server while doing that. Fix this by reverting
the earlier fix and by clearing the EAP Identity information in the
EAP server code whenever an EAPOL-Start or EAPOL-Logoff packet is
received.
This commit is contained in:
Jouni Malinen 2010-11-07 16:25:35 +02:00
parent eacc12bfbb
commit 6fc58a89e1
3 changed files with 18 additions and 7 deletions

View file

@ -776,6 +776,7 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
} }
sta->eapol_sm->eapolStart = TRUE; sta->eapol_sm->eapolStart = TRUE;
sta->eapol_sm->dot1xAuthEapolStartFramesRx++; sta->eapol_sm->dot1xAuthEapolStartFramesRx++;
eap_server_clear_identity(sta->eapol_sm->eap);
wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH_EAPOL); wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH_EAPOL);
break; break;
@ -788,6 +789,7 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
accounting_sta_stop(hapd, sta); accounting_sta_stop(hapd, sta);
sta->eapol_sm->eapolLogoff = TRUE; sta->eapol_sm->eapolLogoff = TRUE;
sta->eapol_sm->dot1xAuthEapolLogoffFramesRx++; sta->eapol_sm->dot1xAuthEapolLogoffFramesRx++;
eap_server_clear_identity(sta->eapol_sm->eap);
break; break;
case IEEE802_1X_TYPE_EAPOL_KEY: case IEEE802_1X_TYPE_EAPOL_KEY:

View file

@ -123,5 +123,6 @@ void eap_sm_pending_cb(struct eap_sm *sm);
int eap_sm_method_pending(struct eap_sm *sm); int eap_sm_method_pending(struct eap_sm *sm);
const u8 * eap_get_identity(struct eap_sm *sm, size_t *len); const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm); struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
void eap_server_clear_identity(struct eap_sm *sm);
#endif /* EAP_H */ #endif /* EAP_H */

View file

@ -146,13 +146,6 @@ SM_STATE(EAP, INITIALIZE)
sm->eap_if.eapKeyAvailable = FALSE; sm->eap_if.eapKeyAvailable = FALSE;
sm->eap_if.eapRestart = FALSE; sm->eap_if.eapRestart = FALSE;
/*
* Start reauthentication with identity request even if we know the
* previously used identity. This is needed to get reauthentication
* started properly.
*/
sm->start_reauth = TRUE;
/* /*
* This is not defined in RFC 4137, but method state needs to be * This is not defined in RFC 4137, but method state needs to be
* reseted here so that it does not remain in success state when * reseted here so that it does not remain in success state when
@ -1374,3 +1367,18 @@ struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm)
{ {
return &sm->eap_if; return &sm->eap_if;
} }
/**
* eap_server_clear_identity - Clear EAP identity information
* @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
*
* This function can be used to clear the EAP identity information in the EAP
* server context. This allows the EAP/Identity method to be used again after
* EAPOL-Start or EAPOL-Logoff.
*/
void eap_server_clear_identity(struct eap_sm *sm)
{
os_free(sm->identity);
sm->identity = NULL;
}