diff options
author | Jouni Malinen <j@w1.fi> | 2010-06-23 15:35:12 -0700 |
---|---|---|
committer | Dmitry Shmidt <dimitrysh@google.com> | 2010-06-24 11:08:12 -0700 |
commit | 34c53d409e7b538d90037d0048f6a1828d2dcbb8 (patch) | |
tree | 238526089ca31e5d3fdd27de5c37a4ab939691bb | |
parent | d82128d89c860044606cabe00169738f4bf0c800 (diff) | |
download | wpa_supplicant_6-34c53d409e7b538d90037d0048f6a1828d2dcbb8.tar.gz |
Fix fallback from failed PMKSA caching into full EAP authentication (DO NOT MERGE)
Commit 83935317a78fb4157eb6e5134527b9311dbf7b8c added forced
disconnection in case of 4-way handshake failures. However, it should
not have changed the case where the supplicant is requesting fallback
to full EAP authentication if the PMKID in EAPOL-Key message 1/4 is
not know. This case needs to send an EAPOL-Start frame instead of
EAPOL-Key message 2/4.
This works around a problem with APs that try to force PMKSA caching
even when the client does not include PMKID in (re)association request
frame to request it. [Bug 355]
Change-Id: Ib0175ccddbc961583b2662abc1e21c95927b084a
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
-rw-r--r-- | wpa_supplicant/src/rsn_supp/wpa.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/wpa_supplicant/src/rsn_supp/wpa.c b/wpa_supplicant/src/rsn_supp/wpa.c index f73a770..33e558c 100644 --- a/wpa_supplicant/src/rsn_supp/wpa.c +++ b/wpa_supplicant/src/rsn_supp/wpa.c @@ -285,6 +285,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm, wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, buf, buflen); os_free(buf); + return -2; } return -1; @@ -380,6 +381,7 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, struct wpa_eapol_ie_parse ie; struct wpa_ptk *ptk; u8 buf[8]; + int res; if (wpa_sm_get_network_ctx(sm) == NULL) { wpa_printf(MSG_WARNING, "WPA: No SSID info found (msg 1 of " @@ -407,7 +409,13 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, } #endif /* CONFIG_NO_WPA2 */ - if (wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid)) + res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); + if (res == -2) { + wpa_printf(MSG_DEBUG, "RSN: Do not reply to msg 1/4 - " + "requesting full EAP authentication"); + return; + } + if (res) goto failed; if (sm->renew_snonce) { |