Fix EAP state machine reset with offloaded roaming and authorization

If the driver indicates a roamed event with already completed
authorization, altAccept = TRUE could have resulted in the EAP state
machine ending up in the FAILURE state from the INITIALIZE state. This
is not correct behavior and similar cases were already addressed for FT
and WPA-PSK. Fix the offloaded roamed+authorized (EAP/PMKSA caching)
case by doing similar changes to EAPOL/EAP state variable updates during
association event handling.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2016-08-10 23:51:21 +03:00 committed by Jouni Malinen
parent 2d6a526ac3
commit e07adb7faa

View file

@ -2234,7 +2234,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
union wpa_event_data *data) union wpa_event_data *data)
{ {
u8 bssid[ETH_ALEN]; u8 bssid[ETH_ALEN];
int ft_completed; int ft_completed, already_authorized;
int new_bss = 0; int new_bss = 0;
#ifdef CONFIG_AP #ifdef CONFIG_AP
@ -2310,6 +2310,8 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
if (wpa_s->l2) if (wpa_s->l2)
l2_packet_notify_auth_start(wpa_s->l2); l2_packet_notify_auth_start(wpa_s->l2);
already_authorized = data && data->assoc_info.authorized;
/* /*
* Set portEnabled first to FALSE in order to get EAP state machine out * Set portEnabled first to FALSE in order to get EAP state machine out
* of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE * of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE
@ -2318,11 +2320,12 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
* AUTHENTICATED without ever giving chance to EAP state machine to * AUTHENTICATED without ever giving chance to EAP state machine to
* reset the state. * reset the state.
*/ */
if (!ft_completed) { if (!ft_completed && !already_authorized) {
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
eapol_sm_notify_portValid(wpa_s->eapol, FALSE); eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
} }
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || ft_completed) if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || ft_completed ||
already_authorized)
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE); eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
/* 802.1X::portControl = Auto */ /* 802.1X::portControl = Auto */
eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE); eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);