Disconnect the STA if EAP timeout is reached

There is not really much else the Authenticator can do if it does not
receive valid EAP response from the Supplicant/EAP peer. EAP-Failure
would need to be sent before trying to start again with
EAP-Request/Identity, but that is not allowed before the EAP peer
actually replies. Anyway, forcing a new association is likely to clean
up peer state, too, so it can help fixing some issues that could have
caused the peer not to be able to reply in the first place.
This commit is contained in:
Jouni Malinen 2008-12-29 19:16:48 +02:00 committed by Jouni Malinen
parent 98de443890
commit 805e6dc663

View file

@ -1361,6 +1361,22 @@ void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta)
os_free(sm->last_recv_radius);
sm->last_recv_radius = NULL;
}
if (sm->eap_if->eapTimeout) {
/*
* Disconnect the STA since it did not reply to the last EAP
* request and we cannot continue EAP processing (EAP-Failure
* could only be sent if the EAP peer actually replied).
*/
sm->eap_if->portEnabled = FALSE;
hostapd_sta_deauth(hapd, sta->addr,
WLAN_REASON_PREV_AUTH_NOT_VALID);
sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
WLAN_STA_AUTHORIZED);
eloop_cancel_timeout(ap_handle_timer, hapd, sta);
eloop_register_timeout(0, 0, ap_handle_timer, hapd, sta);
sta->timeout_next = STA_REMOVE;
}
}