Fix EAP/WPS to PSK transition on reassociation in authenticator
A station may move from EAP/WPS key_mgmt to PSK using re-association. In practice, this can happen most likely with WPS when the station runs through the provisioning step (EAP/WPS) followed by PSK authentication. If a deauthentication event is missed from the station for whatever reason, the EAPOL authenticator state machine could have been left running. This can result in various issues, including unexpected disconnection of the station while both the 4-way handshake and EAPOL authenticator state machines (EAP) are running at the same time when the supplicant is trying to use PSK. Fix this by explicitly clearing EAPOL authenticator state machine on (re)association if the new association does not use it. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com> intended-for: hostap-1
This commit is contained in:
parent
d3bd0f057c
commit
31b4961f02
1 changed files with 10 additions and 0 deletions
|
@ -861,12 +861,22 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
|
|||
if (!force_1x && !hapd->conf->ieee802_1x) {
|
||||
wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore STA - "
|
||||
"802.1X not enabled or forced for WPS");
|
||||
/*
|
||||
* Clear any possible EAPOL authenticator state to support
|
||||
* reassociation change from WPS to PSK.
|
||||
*/
|
||||
ieee802_1x_free_station(sta);
|
||||
return;
|
||||
}
|
||||
|
||||
key_mgmt = wpa_auth_sta_key_mgmt(sta->wpa_sm);
|
||||
if (key_mgmt != -1 && wpa_key_mgmt_wpa_psk(key_mgmt)) {
|
||||
wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore STA - using PSK");
|
||||
/*
|
||||
* Clear any possible EAPOL authenticator state to support
|
||||
* reassociation change from WPA-EAP to PSK.
|
||||
*/
|
||||
ieee802_1x_free_station(sta);
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue