Fix EAP state machine reset with offloaded roaming and authorization
If the driver indicates a roamed event with already completed authorization, altAccept = TRUE could have resulted in the EAP state machine ending up in the FAILURE state from the INITIALIZE state. This is not correct behavior and similar cases were already addressed for FT and WPA-PSK. Fix the offloaded roamed+authorized (EAP/PMKSA caching) case by doing similar changes to EAPOL/EAP state variable updates during association event handling. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
2d6a526ac3
commit
e07adb7faa
1 changed files with 6 additions and 3 deletions
|
@ -2234,7 +2234,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
|
||||||
union wpa_event_data *data)
|
union wpa_event_data *data)
|
||||||
{
|
{
|
||||||
u8 bssid[ETH_ALEN];
|
u8 bssid[ETH_ALEN];
|
||||||
int ft_completed;
|
int ft_completed, already_authorized;
|
||||||
int new_bss = 0;
|
int new_bss = 0;
|
||||||
|
|
||||||
#ifdef CONFIG_AP
|
#ifdef CONFIG_AP
|
||||||
|
@ -2310,6 +2310,8 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
|
||||||
if (wpa_s->l2)
|
if (wpa_s->l2)
|
||||||
l2_packet_notify_auth_start(wpa_s->l2);
|
l2_packet_notify_auth_start(wpa_s->l2);
|
||||||
|
|
||||||
|
already_authorized = data && data->assoc_info.authorized;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Set portEnabled first to FALSE in order to get EAP state machine out
|
* Set portEnabled first to FALSE in order to get EAP state machine out
|
||||||
* of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE
|
* of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE
|
||||||
|
@ -2318,11 +2320,12 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
|
||||||
* AUTHENTICATED without ever giving chance to EAP state machine to
|
* AUTHENTICATED without ever giving chance to EAP state machine to
|
||||||
* reset the state.
|
* reset the state.
|
||||||
*/
|
*/
|
||||||
if (!ft_completed) {
|
if (!ft_completed && !already_authorized) {
|
||||||
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
|
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
|
||||||
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
|
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
|
||||||
}
|
}
|
||||||
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || ft_completed)
|
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || ft_completed ||
|
||||||
|
already_authorized)
|
||||||
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
|
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
|
||||||
/* 802.1X::portControl = Auto */
|
/* 802.1X::portControl = Auto */
|
||||||
eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);
|
eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);
|
||||||
|
|
Loading…
Reference in a new issue