Do not try session resumption after EAP failure

If session resumption fails for any reason, do not try it again because
that is just likely to fail. Instead, drop back to using full
authentication which may work. This is a workaround for servers that do
not like session resumption, but do not know how to fall back to full
authentication properly.
This commit is contained in:
Jouni Malinen 2009-02-15 17:36:49 +02:00
parent c511c8c6e0
commit f2d8fc3d96
2 changed files with 7 additions and 1 deletions

View file

@ -134,7 +134,8 @@ SM_STATE(EAP, INITIALIZE)
{ {
SM_ENTRY(EAP, INITIALIZE); SM_ENTRY(EAP, INITIALIZE);
if (sm->fast_reauth && sm->m && sm->m->has_reauth_data && if (sm->fast_reauth && sm->m && sm->m->has_reauth_data &&
sm->m->has_reauth_data(sm, sm->eap_method_priv)) { sm->m->has_reauth_data(sm, sm->eap_method_priv) &&
!sm->prev_failure) {
wpa_printf(MSG_DEBUG, "EAP: maintaining EAP method data for " wpa_printf(MSG_DEBUG, "EAP: maintaining EAP method data for "
"fast reauthentication"); "fast reauthentication");
sm->m->deinit_for_reauth(sm, sm->eap_method_priv); sm->m->deinit_for_reauth(sm, sm->eap_method_priv);
@ -165,6 +166,7 @@ SM_STATE(EAP, INITIALIZE)
eapol_set_bool(sm, EAPOL_eapResp, FALSE); eapol_set_bool(sm, EAPOL_eapResp, FALSE);
eapol_set_bool(sm, EAPOL_eapNoResp, FALSE); eapol_set_bool(sm, EAPOL_eapNoResp, FALSE);
sm->num_rounds = 0; sm->num_rounds = 0;
sm->prev_failure = 0;
} }
@ -505,6 +507,8 @@ SM_STATE(EAP, FAILURE)
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
"EAP authentication failed"); "EAP authentication failed");
sm->prev_failure = 1;
} }

View file

@ -333,6 +333,8 @@ struct eap_sm {
int force_disabled; int force_disabled;
struct wps_context *wps; struct wps_context *wps;
int prev_failure;
}; };
const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len); const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);