eapol_set_bool(sm, EAPOL_eapNoResp, FALSE);
sm->num_rounds = 0;
sm->prev_failure = 0;
+ sm->expected_failure = 0;
}
if (sm->eapol_cb->set_anon_id)
sm->eapol_cb->set_anon_id(sm->eapol_ctx, id, len);
}
+
+
+int eap_peer_was_failure_expected(struct eap_sm *sm)
+{
+ return sm->expected_failure;
+}
struct ext_password_data;
void eap_sm_set_ext_pw_ctx(struct eap_sm *sm, struct ext_password_data *ext);
void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len);
+int eap_peer_was_failure_expected(struct eap_sm *sm);
#endif /* IEEE8021X_EAPOL */
}
wpa_printf(MSG_DEBUG, "EAP-FAST: Send PAC-Acknowledgement TLV "
"- Provisioning completed successfully");
+ sm->expected_failure = 1;
} else {
/*
* This is PAC refreshing, i.e., normal authentication that is
"provisioning completed successfully.");
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
+ sm->expected_failure = 1;
} else {
wpa_printf(MSG_DEBUG, "EAP-FAST: Authentication "
"completed successfully.");
struct wpabuf *ext_pw_buf;
int external_sim;
+
+ unsigned int expected_failure:1;
};
const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);
}
if (sm->ctx->cb && sm->cb_status != EAPOL_CB_IN_PROGRESS) {
- int success = sm->cb_status == EAPOL_CB_SUCCESS ? 1 : 0;
+ enum eapol_supp_result result;
+ if (sm->cb_status == EAPOL_CB_SUCCESS)
+ result = EAPOL_SUPP_RESULT_SUCCESS;
+ else if (eap_peer_was_failure_expected(sm->eap))
+ result = EAPOL_SUPP_RESULT_EXPECTED_FAILURE;
+ else
+ result = EAPOL_SUPP_RESULT_FAILURE;
sm->cb_status = EAPOL_CB_IN_PROGRESS;
- sm->ctx->cb(sm, success, sm->ctx->cb_ctx);
+ sm->ctx->cb(sm, result, sm->ctx->cb_ctx);
}
}
struct eapol_sm;
struct wpa_config_blob;
+enum eapol_supp_result {
+ EAPOL_SUPP_RESULT_FAILURE,
+ EAPOL_SUPP_RESULT_SUCCESS,
+ EAPOL_SUPP_RESULT_EXPECTED_FAILURE
+};
+
/**
* struct eapol_ctx - Global (for all networks) EAPOL state machine context
*/
/**
* cb - Function to be called when EAPOL negotiation has been completed
* @eapol: Pointer to EAPOL state machine data
- * @success: Whether the authentication was completed successfully
+ * @result: Whether the authentication was completed successfully
* @ctx: Pointer to context data (cb_ctx)
*
* This optional callback function will be called when the EAPOL
* EAPOL state machine to process the key and terminate the EAPOL state
* machine. Currently, this is used only in RSN pre-authentication.
*/
- void (*cb)(struct eapol_sm *eapol, int success, void *ctx);
+ void (*cb)(struct eapol_sm *eapol, enum eapol_supp_result result,
+ void *ctx);
/**
* cb_ctx - Callback context for cb()
}
-static void rsn_preauth_eapol_cb(struct eapol_sm *eapol, int success,
+static void rsn_preauth_eapol_cb(struct eapol_sm *eapol,
+ enum eapol_supp_result result,
void *ctx)
{
struct wpa_sm *sm = ctx;
u8 pmk[PMK_LEN];
- if (success) {
+ if (result == EAPOL_SUPP_RESULT_SUCCESS) {
int res, pmk_len;
pmk_len = PMK_LEN;
res = eapol_sm_get_key(eapol, pmk, PMK_LEN);
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"RSN: failed to get master session key from "
"pre-auth EAPOL state machines");
- success = 0;
+ result = EAPOL_SUPP_RESULT_FAILURE;
}
}
wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "RSN: pre-authentication with "
MACSTR " %s", MAC2STR(sm->preauth_bssid),
- success ? "completed successfully" : "failed");
+ result == EAPOL_SUPP_RESULT_SUCCESS ? "completed successfully" :
+ "failed");
rsn_preauth_deinit(sm);
rsn_preauth_candidate_process(sm);
}
-static void eapol_sm_cb(struct eapol_sm *eapol, int success, void *ctx)
+static void eapol_sm_cb(struct eapol_sm *eapol, enum eapol_supp_result result,
+ void *ctx)
{
struct eapol_test_data *e = ctx;
- printf("eapol_sm_cb: success=%d\n", success);
+ printf("eapol_sm_cb: result=%d\n", result);
e->eapol_test_num_reauths--;
if (e->eapol_test_num_reauths < 0)
eloop_terminate();
wpa_supplicant_event_disassoc(wpa_s, reason_code, locally_generated);
- if (reason_code == WLAN_REASON_IEEE_802_1X_AUTH_FAILED ||
- ((wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
- (wpa_s->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) &&
- eapol_sm_failed(wpa_s->eapol)))
+ if (((reason_code == WLAN_REASON_IEEE_802_1X_AUTH_FAILED ||
+ ((wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
+ (wpa_s->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) &&
+ eapol_sm_failed(wpa_s->eapol))) &&
+ !wpa_s->eap_expected_failure))
wpas_auth_failed(wpa_s);
#ifdef CONFIG_P2P
os_memset(¶ms, 0, sizeof(params));
wpa_s->reassociate = 0;
+ wpa_s->eap_expected_failure = 0;
if (bss && !wpas_driver_bss_selection(wpa_s)) {
#ifdef CONFIG_IEEE80211R
const u8 *ie, *md = NULL;
struct os_reltime pending_eapol_rx_time;
u8 pending_eapol_rx_src[ETH_ALEN];
unsigned int last_eapol_matches_bssid:1;
+ unsigned int eap_expected_failure:1;
struct ibss_rsn *ibss_rsn;
}
-static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, int success,
+static const char * result_str(enum eapol_supp_result result)
+{
+ switch (result) {
+ case EAPOL_SUPP_RESULT_FAILURE:
+ return "FAILURE";
+ case EAPOL_SUPP_RESULT_SUCCESS:
+ return "SUCCESS";
+ case EAPOL_SUPP_RESULT_EXPECTED_FAILURE:
+ return "EXPECTED_FAILURE";
+ }
+ return "?";
+}
+
+
+static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
+ enum eapol_supp_result result,
void *ctx)
{
struct wpa_supplicant *wpa_s = ctx;
int res, pmk_len;
u8 pmk[PMK_LEN];
- wpa_printf(MSG_DEBUG, "EAPOL authentication completed %ssuccessfully",
- success ? "" : "un");
+ wpa_printf(MSG_DEBUG, "EAPOL authentication completed - result=%s",
+ result_str(result));
if (wpas_wps_eapol_cb(wpa_s) > 0)
return;
- if (!success) {
+ wpa_s->eap_expected_failure = result ==
+ EAPOL_SUPP_RESULT_EXPECTED_FAILURE;
+
+ if (result != EAPOL_SUPP_RESULT_SUCCESS) {
/*
* Make sure we do not get stuck here waiting for long EAPOL
* timeout if the AP does not disconnect in case of
wpa_supplicant_req_auth_timeout(wpa_s, 2, 0);
}
- if (!success || !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
+ if (result != EAPOL_SUPP_RESULT_SUCCESS ||
+ !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
return;
if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt))