DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Skip network disabling on expected EAP failure

Browse source 
Some EAP methods can go through a step that is expected to fail and as
such, should not trigger temporary network disabling when processing
EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as
a special case, but similar behavior is needed for EAP-FAST with
unauthenticated provisioning.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-01-08 10:24:05 +02:00
parent 7185e16a91
commit c60ba9f7ab
12 changed files with 69 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/eap_peer/eap.c
View file

@ -179,6 +179,7 @@ SM_STATE(EAP, INITIALIZE)
eapol_set_bool(sm, EAPOL_eapNoResp, FALSE);
sm->num_rounds = 0;
sm->prev_failure = 0;
sm->expected_failure = 0;
}
@ -2417,3 +2418,9 @@ void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len)
if (sm->eapol_cb->set_anon_id)
sm->eapol_cb->set_anon_id(sm->eapol_ctx, id, len);
}
int eap_peer_was_failure_expected(struct eap_sm *sm)
{
return sm->expected_failure;
}

1
src/eap_peer/eap.h
View file

@ -320,6 +320,7 @@ int eap_is_wps_pin_enrollee(struct eap_peer_config *conf);
struct ext_password_data;
void eap_sm_set_ext_pw_ctx(struct eap_sm *sm, struct ext_password_data *ext);
void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len);
int eap_peer_was_failure_expected(struct eap_sm *sm);
#endif /* IEEE8021X_EAPOL */

2
src/eap_peer/eap_fast.c
View file

@ -1055,6 +1055,7 @@ static struct wpabuf * eap_fast_process_pac(struct eap_sm *sm,
}
wpa_printf(MSG_DEBUG, "EAP-FAST: Send PAC-Acknowledgement TLV "
"- Provisioning completed successfully");
sm->expected_failure = 1;
} else {
/*
* This is PAC refreshing, i.e., normal authentication that is
@ -1252,6 +1253,7 @@ static int eap_fast_process_decrypted(struct eap_sm *sm,
"provisioning completed successfully.");
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
sm->expected_failure = 1;
} else {
wpa_printf(MSG_DEBUG, "EAP-FAST: Authentication "
"completed successfully.");

2
src/eap_peer/eap_i.h
View file

@ -350,6 +350,8 @@ struct eap_sm {
struct wpabuf *ext_pw_buf;
int external_sim;
unsigned int expected_failure:1;
};
const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);