Do not try session resumption after EAP failure
If session resumption fails for any reason, do not try it again because that is just likely to fail. Instead, drop back to using full authentication which may work. This is a workaround for servers that do not like session resumption, but do not know how to fall back to full authentication properly.
This commit is contained in:
parent
c511c8c6e0
commit
f2d8fc3d96
2 changed files with 7 additions and 1 deletions
|
@ -134,7 +134,8 @@ SM_STATE(EAP, INITIALIZE)
|
||||||
{
|
{
|
||||||
SM_ENTRY(EAP, INITIALIZE);
|
SM_ENTRY(EAP, INITIALIZE);
|
||||||
if (sm->fast_reauth && sm->m && sm->m->has_reauth_data &&
|
if (sm->fast_reauth && sm->m && sm->m->has_reauth_data &&
|
||||||
sm->m->has_reauth_data(sm, sm->eap_method_priv)) {
|
sm->m->has_reauth_data(sm, sm->eap_method_priv) &&
|
||||||
|
!sm->prev_failure) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP: maintaining EAP method data for "
|
wpa_printf(MSG_DEBUG, "EAP: maintaining EAP method data for "
|
||||||
"fast reauthentication");
|
"fast reauthentication");
|
||||||
sm->m->deinit_for_reauth(sm, sm->eap_method_priv);
|
sm->m->deinit_for_reauth(sm, sm->eap_method_priv);
|
||||||
|
@ -165,6 +166,7 @@ SM_STATE(EAP, INITIALIZE)
|
||||||
eapol_set_bool(sm, EAPOL_eapResp, FALSE);
|
eapol_set_bool(sm, EAPOL_eapResp, FALSE);
|
||||||
eapol_set_bool(sm, EAPOL_eapNoResp, FALSE);
|
eapol_set_bool(sm, EAPOL_eapNoResp, FALSE);
|
||||||
sm->num_rounds = 0;
|
sm->num_rounds = 0;
|
||||||
|
sm->prev_failure = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -505,6 +507,8 @@ SM_STATE(EAP, FAILURE)
|
||||||
|
|
||||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
|
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
|
||||||
"EAP authentication failed");
|
"EAP authentication failed");
|
||||||
|
|
||||||
|
sm->prev_failure = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -333,6 +333,8 @@ struct eap_sm {
|
||||||
int force_disabled;
|
int force_disabled;
|
||||||
|
|
||||||
struct wps_context *wps;
|
struct wps_context *wps;
|
||||||
|
|
||||||
|
int prev_failure;
|
||||||
};
|
};
|
||||||
|
|
||||||
const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);
|
const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);
|
||||||
|
|
Loading…
Reference in a new issue