Clear external eapSuccess setting in driver-authorized cases

The conditions for the eapol_sm_notify_eap_success(FALSE) calls did not
cover the case where eapol_sm_notify_eap_success(TRUE) had been called
based on offloaded 4-way handshake and driver notification of
authorization in wpa_supplicant_event_port_authorized(). This could
result in eapSuccess and altSuccess state machine variables being left
TRUE when roaming to another BSS and that results in EAP failure if the
following roaming case does not get fully authorized through the driver
offload.

Fix this by clearing eapSuccess/altSuccess when processing a new
association (including roaming) event and also when disconnecting from
the network.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 87dad0811e3039d3951e9b728fe655765d972e98..89c9452f7a7021f63f49a5ad1cbd7f0a722b1a9a 100644 (file)
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -316,8 +316,9 @@ void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s)
        eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
        if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
            wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
-           wpa_s->key_mgmt == WPA_KEY_MGMT_DPP)
+           wpa_s->key_mgmt == WPA_KEY_MGMT_DPP || wpa_s->drv_authorized_port)
                eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
+       wpa_s->drv_authorized_port = 0;
        wpa_s->ap_ies_from_associnfo = 0;
        wpa_s->current_ssid = NULL;
        eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
@@ -2831,7 +2832,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
        if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
            wpa_s->key_mgmt == WPA_KEY_MGMT_DPP ||
            wpa_s->key_mgmt == WPA_KEY_MGMT_OWE || ft_completed ||
-           already_authorized)
+           already_authorized || wpa_s->drv_authorized_port)
                eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
        /* 802.1X::portControl = Auto */
        eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);
@@ -3935,6 +3936,7 @@ static void wpa_supplicant_event_port_authorized(struct wpa_supplicant *wpa_s)
                wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
                eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
                eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
+               wpa_s->drv_authorized_port = 1;
        }
 }
 

diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 8a4bdf8cbc334e60df0271ff2c5b5efbe9e654b3..32f390fd9864b89854661171f6004c409e91c382 100644 (file)
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -1254,6 +1254,7 @@ struct wpa_supplicant {
        unsigned int ieee80211ac:1;
        unsigned int enabled_4addr_mode:1;
        unsigned int multi_bss_support:1;
+       unsigned int drv_authorized_port:1;
 };