From c167662d731eb3882d79c89d6b4d12625c51661c Mon Sep 17 00:00:00 2001 From: Purushottam Kushwaha Date: Thu, 29 Dec 2016 12:21:33 +0530 Subject: [PATCH] eap_proxy: On SIM error flush PMKSAs only for SIM/AKA/AKA' networks Previously, SIM state change with SIM_STATE_ERROR cleared all PMKSA entries (including non-SIM networks). Limit this to networks which use SIM-based authentication methods to avoid unnecessarily removal of PMKSA entries. Signed-off-by: Jouni Malinen --- wpa_supplicant/wpas_glue.c | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c index 6b4d81f62..16ffc7f60 100644 --- a/wpa_supplicant/wpas_glue.c +++ b/wpa_supplicant/wpas_glue.c @@ -10,6 +10,7 @@ #include "common.h" #include "eapol_supp/eapol_supp_sm.h" +#include "eap_peer/eap.h" #include "rsn_supp/wpa.h" #include "eloop.h" #include "config.h" @@ -911,6 +912,33 @@ static void wpa_supplicant_eap_proxy_cb(void *ctx) } +static void wpa_sm_sim_state_error_handler(struct wpa_supplicant *wpa_s) +{ + int i; + struct wpa_ssid *ssid; + const struct eap_method_type *eap_methods; + + if (!wpa_s->conf) + return; + + for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { + eap_methods = ssid->eap.eap_methods; + if (!eap_methods) + continue; + + for (i = 0; eap_methods[i].method != EAP_TYPE_NONE; i++) { + if (eap_methods[i].vendor == EAP_VENDOR_IETF && + (eap_methods[i].method == EAP_TYPE_SIM || + eap_methods[i].method == EAP_TYPE_AKA || + eap_methods[i].method == EAP_TYPE_AKA_PRIME)) { + wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid); + break; + } + } + } +} + + static void wpa_supplicant_eap_proxy_notify_sim_status(void *ctx, enum eap_proxy_sim_state sim_state) @@ -920,7 +948,7 @@ wpa_supplicant_eap_proxy_notify_sim_status(void *ctx, wpa_printf(MSG_DEBUG, "eap_proxy: SIM card status %u", sim_state); switch (sim_state) { case SIM_STATE_ERROR: - wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL); + wpa_sm_sim_state_error_handler(wpa_s); break; default: wpa_printf(MSG_DEBUG, "eap_proxy: SIM card status unknown");