Clear EAPOL authenticator authFail for PMKSA caching/FT

This fixes a corner case where a STA that has PMKSA cache entry (or
valid FT keys) could try to use full EAPOL/EAP authentication and fail.
If the STA will then try to use the still valid PMKSA cache entry (or
FT) before the STA entry has been cleared, authFail could have been left
to TRUE. That will make EAPOL authenticator PAE state machine enter HELD
state even though authSuccess was already forced to TRUE. This results
in the STA getting disconnected even though it should be allowed to
continue with 4-way handshake. While this is unlikely to happen in
practice, it is better to get this fixed by clearing authFail when
setting authSuccess.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
This commit is contained in:
Jouni Malinen 2012-02-04 12:21:42 +02:00
parent d9a38716cc
commit c7bce24dc9

View File

@ -1,6 +1,6 @@
/* /*
* hostapd / IEEE 802.1X-2004 Authenticator * hostapd / IEEE 802.1X-2004 Authenticator
* Copyright (c) 2002-2011, Jouni Malinen <j@w1.fi> * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -918,6 +918,7 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING; sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING;
sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS; sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS;
sta->eapol_sm->authSuccess = TRUE; sta->eapol_sm->authSuccess = TRUE;
sta->eapol_sm->authFail = FALSE;
if (sta->eapol_sm->eap) if (sta->eapol_sm->eap)
eap_sm_notify_cached(sta->eapol_sm->eap); eap_sm_notify_cached(sta->eapol_sm->eap);
/* TODO: get vlan_id from R0KH using RRB message */ /* TODO: get vlan_id from R0KH using RRB message */
@ -939,6 +940,7 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING; sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING;
sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS; sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS;
sta->eapol_sm->authSuccess = TRUE; sta->eapol_sm->authSuccess = TRUE;
sta->eapol_sm->authFail = FALSE;
if (sta->eapol_sm->eap) if (sta->eapol_sm->eap)
eap_sm_notify_cached(sta->eapol_sm->eap); eap_sm_notify_cached(sta->eapol_sm->eap);
old_vlanid = sta->vlan_id; old_vlanid = sta->vlan_id;