Clear external eapSuccess setting in driver-authorized cases

The conditions for the eapol_sm_notify_eap_success(FALSE) calls did not
cover the case where eapol_sm_notify_eap_success(TRUE) had been called
based on offloaded 4-way handshake and driver notification of
authorization in wpa_supplicant_event_port_authorized(). This could
result in eapSuccess and altSuccess state machine variables being left
TRUE when roaming to another BSS and that results in EAP failure if the
following roaming case does not get fully authorized through the driver
offload.

Fix this by clearing eapSuccess/altSuccess when processing a new
association (including roaming) event and also when disconnecting from
the network.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-08-07 11:51:44 +03:00 committed by Jouni Malinen
parent fa1d5ec182
commit b0b25c5bbc
2 changed files with 5 additions and 2 deletions

View file

@ -316,8 +316,9 @@ void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s)
eapol_sm_notify_portValid(wpa_s->eapol, FALSE); eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
wpa_s->key_mgmt == WPA_KEY_MGMT_OWE || wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) wpa_s->key_mgmt == WPA_KEY_MGMT_DPP || wpa_s->drv_authorized_port)
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE); eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
wpa_s->drv_authorized_port = 0;
wpa_s->ap_ies_from_associnfo = 0; wpa_s->ap_ies_from_associnfo = 0;
wpa_s->current_ssid = NULL; wpa_s->current_ssid = NULL;
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL); eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
@ -2831,7 +2832,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
wpa_s->key_mgmt == WPA_KEY_MGMT_DPP || wpa_s->key_mgmt == WPA_KEY_MGMT_DPP ||
wpa_s->key_mgmt == WPA_KEY_MGMT_OWE || ft_completed || wpa_s->key_mgmt == WPA_KEY_MGMT_OWE || ft_completed ||
already_authorized) already_authorized || wpa_s->drv_authorized_port)
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE); eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
/* 802.1X::portControl = Auto */ /* 802.1X::portControl = Auto */
eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE); eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);
@ -3935,6 +3936,7 @@ static void wpa_supplicant_event_port_authorized(struct wpa_supplicant *wpa_s)
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
eapol_sm_notify_portValid(wpa_s->eapol, TRUE); eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
eapol_sm_notify_eap_success(wpa_s->eapol, TRUE); eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
wpa_s->drv_authorized_port = 1;
} }
} }

View file

@ -1254,6 +1254,7 @@ struct wpa_supplicant {
unsigned int ieee80211ac:1; unsigned int ieee80211ac:1;
unsigned int enabled_4addr_mode:1; unsigned int enabled_4addr_mode:1;
unsigned int multi_bss_support:1; unsigned int multi_bss_support:1;
unsigned int drv_authorized_port:1;
}; };