Fix fallback from failed PMKSA caching into full EAP authentication
Commit 83935317a7 added forced
disconnection in case of 4-way handshake failures. However, it should
not have changed the case where the supplicant is requesting fallback
to full EAP authentication if the PMKID in EAPOL-Key message 1/4 is
not know. This case needs to send an EAPOL-Start frame instead of
EAPOL-Key message 2/4.
This works around a problem with APs that try to force PMKSA caching
even when the client does not include PMKID in (re)association request
frame to request it. [Bug 355]
This commit is contained in:
Jouni Malinen
parent
439d4bf960
commit
b4a1256d36
1 changed files with 9 additions and 1 deletions
|
|
@ -231,6 +231,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
|
|||
wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
|
||||
buf, buflen);
|
||||
os_free(buf);
|
||||
return -2;
|
||||
}
|
||||
|
||||
return -1;
|
||||
|
|
@ -361,6 +362,7 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
|
|||
struct wpa_eapol_ie_parse ie;
|
||||
struct wpa_ptk *ptk;
|
||||
u8 buf[8];
|
||||
int res;
|
||||
|
||||
if (wpa_sm_get_network_ctx(sm) == NULL) {
|
||||
wpa_printf(MSG_WARNING, "WPA: No SSID info found (msg 1 of "
|
||||
|
|
@ -388,7 +390,13 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
|
|||
}
|
||||
#endif /* CONFIG_NO_WPA2 */
|
||||
|
||||
if (wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid))
|
||||
res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
|
||||
if (res == -2) {
|
||||
wpa_printf(MSG_DEBUG, "RSN: Do not reply to msg 1/4 - "
|
||||
"requesting full EAP authentication");
|
||||
return;
|
||||
}
|
||||
if (res)
|
||||
goto failed;
|
||||
|
||||
if (sm->renew_snonce) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue