diff options
author | Jouni Malinen <jouni@qca.qualcomm.com> | 2016-08-10 23:51:21 +0300 |
---|---|---|
committer | Linux Build Service Account <lnxbuild@localhost> | 2016-08-24 08:07:47 -0600 |
commit | 80a9f110460cc0f92e82d2e4feab93cabcae84d2 (patch) | |
tree | 1c18fa60e5ddd43bf399bab4bd8f5945d2d620ee | |
parent | 3183f42e0c027e75d23715927099ad7880cadef3 (diff) | |
download | android_external_wpa_supplicant_8-80a9f110460cc0f92e82d2e4feab93cabcae84d2.tar.gz android_external_wpa_supplicant_8-80a9f110460cc0f92e82d2e4feab93cabcae84d2.tar.bz2 android_external_wpa_supplicant_8-80a9f110460cc0f92e82d2e4feab93cabcae84d2.zip |
Fix EAP state machine reset with offloaded roaming and authorization
If the driver indicates a roamed event with already completed
authorization, altAccept = TRUE could have resulted in the EAP state
machine ending up in the FAILURE state from the INITIALIZE state. This
is not correct behavior and similar cases were already addressed for FT
and WPA-PSK. Fix the offloaded roamed+authorized (EAP/PMKSA caching)
case by doing similar changes to EAPOL/EAP state variable updates during
association event handling.
Change-Id: Id18b3fdb9736cec068d6abb6ec65c4640dfbc5a3
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Git-commit: e07adb7faa46de96172594bf9cd3600933daf18b
Git-repo: git://w1.fi/srv/git/hostap.git
CRs-fixed: 1053416
-rw-r--r-- | wpa_supplicant/events.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index 34ea74fe..d11d5646 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -2210,7 +2210,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, union wpa_event_data *data) { u8 bssid[ETH_ALEN]; - int ft_completed; + int ft_completed, already_authorized; int new_bss = 0; #ifdef CONFIG_AP @@ -2290,6 +2290,8 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, if (wpa_s->l2) l2_packet_notify_auth_start(wpa_s->l2); + already_authorized = data && data->assoc_info.authorized; + /* * Set portEnabled first to FALSE in order to get EAP state machine out * of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE @@ -2298,11 +2300,12 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, * AUTHENTICATED without ever giving chance to EAP state machine to * reset the state. */ - if (!ft_completed) { + if (!ft_completed && !already_authorized) { eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); eapol_sm_notify_portValid(wpa_s->eapol, FALSE); } - if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || ft_completed) + if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || ft_completed || + already_authorized) eapol_sm_notify_eap_success(wpa_s->eapol, FALSE); /* 802.1X::portControl = Auto */ eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE); |