From f2d8fc3d9670ae90a04f38d4344d8dfc0f0929ab Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 15 Feb 2009 17:36:49 +0200 Subject: [PATCH] Do not try session resumption after EAP failure If session resumption fails for any reason, do not try it again because that is just likely to fail. Instead, drop back to using full authentication which may work. This is a workaround for servers that do not like session resumption, but do not know how to fall back to full authentication properly. --- src/eap_peer/eap.c | 6 +++++- src/eap_peer/eap_i.h | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c index 5f1c9e04e..e8e504af5 100644 --- a/src/eap_peer/eap.c +++ b/src/eap_peer/eap.c @@ -134,7 +134,8 @@ SM_STATE(EAP, INITIALIZE) { SM_ENTRY(EAP, INITIALIZE); if (sm->fast_reauth && sm->m && sm->m->has_reauth_data && - sm->m->has_reauth_data(sm, sm->eap_method_priv)) { + sm->m->has_reauth_data(sm, sm->eap_method_priv) && + !sm->prev_failure) { wpa_printf(MSG_DEBUG, "EAP: maintaining EAP method data for " "fast reauthentication"); sm->m->deinit_for_reauth(sm, sm->eap_method_priv); @@ -165,6 +166,7 @@ SM_STATE(EAP, INITIALIZE) eapol_set_bool(sm, EAPOL_eapResp, FALSE); eapol_set_bool(sm, EAPOL_eapNoResp, FALSE); sm->num_rounds = 0; + sm->prev_failure = 0; } @@ -505,6 +507,8 @@ SM_STATE(EAP, FAILURE) wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE "EAP authentication failed"); + + sm->prev_failure = 1; } diff --git a/src/eap_peer/eap_i.h b/src/eap_peer/eap_i.h index 4b7029ee5..e7c826ee8 100644 --- a/src/eap_peer/eap_i.h +++ b/src/eap_peer/eap_i.h @@ -333,6 +333,8 @@ struct eap_sm { int force_disabled; struct wps_context *wps; + + int prev_failure; }; const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);