Fix full EAP authentication after PMKSA cache add failure

Need to get EAP state machine into a state where it is willing to
proceed with a new EAP-Request/Identity if PMKSA cache addition fails
after a successful EAP authentication before the initial 4-way handshake
can be completed.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 9a5ba7b877c5851e74357d6194a08121b53d6753..672d66428cfc6deafc04aeff211867112e5833b3 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -451,6 +451,10 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
                buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
                                         NULL, 0, &buflen, NULL);
                if (buf) {
+                       /* Set and reset eapFail to allow EAP state machine to
+                        * proceed with new authentication. */
+                       eapol_sm_notify_eap_fail(sm->eapol, true);
+                       eapol_sm_notify_eap_fail(sm->eapol, false);
                        wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
                                          buf, buflen);
                        os_free(buf);