Fix EAP standalone server

Commit c3fc47ea8e1d3730e11eb9978d13831212727902 fixed EAP passthrough
server to allow Logoff/Re-authentication to be used. However, it
broke EAP standalone server while doing that. Fix this by reverting
the earlier fix and by clearing the EAP Identity information in the
EAP server code whenever an EAPOL-Start or EAPOL-Logoff packet is
received.

diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 1c9ee7baf78b08dd7259dd835c893e4bc6a2adf0..3e4aa0f82e17d5aaafcc1cb66765dc7bd5356d7f 100644 (file)
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -776,6 +776,7 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
                }
                sta->eapol_sm->eapolStart = TRUE;
                sta->eapol_sm->dot1xAuthEapolStartFramesRx++;
+               eap_server_clear_identity(sta->eapol_sm->eap);
                wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH_EAPOL);
                break;
 
@@ -788,6 +789,7 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
                accounting_sta_stop(hapd, sta);
                sta->eapol_sm->eapolLogoff = TRUE;
                sta->eapol_sm->dot1xAuthEapolLogoffFramesRx++;
+               eap_server_clear_identity(sta->eapol_sm->eap);
                break;
 
        case IEEE802_1X_TYPE_EAPOL_KEY:

diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h
index 0c09923506b09c6572e48b9cc7f9b607459fb174..6b2907519e148320746fdfa0314634f5bc969223 100644 (file)
--- a/src/eap_server/eap.h
+++ b/src/eap_server/eap.h
@@ -123,5 +123,6 @@ void eap_sm_pending_cb(struct eap_sm *sm);
 int eap_sm_method_pending(struct eap_sm *sm);
 const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
 struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
+void eap_server_clear_identity(struct eap_sm *sm);
 
 #endif /* EAP_H */

diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index 6dae69b90ed1ad7137d8512793302378341dcf54..41416b1de92c48c9582372d1e5632288524f8b3b 100644 (file)
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -146,13 +146,6 @@ SM_STATE(EAP, INITIALIZE)
        sm->eap_if.eapKeyAvailable = FALSE;
        sm->eap_if.eapRestart = FALSE;
 
-       /*
-        * Start reauthentication with identity request even if we know the
-        * previously used identity. This is needed to get reauthentication
-        * started properly.
-        */
-       sm->start_reauth = TRUE;
-
        /*
         * This is not defined in RFC 4137, but method state needs to be
         * reseted here so that it does not remain in success state when
@@ -1374,3 +1367,18 @@ struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm)
 {
        return &sm->eap_if;
 }
+
+
+/**
+ * eap_server_clear_identity - Clear EAP identity information
+ * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
+ *
+ * This function can be used to clear the EAP identity information in the EAP
+ * server context. This allows the EAP/Identity method to be used again after
+ * EAPOL-Start or EAPOL-Logoff.
+ */
+void eap_server_clear_identity(struct eap_sm *sm)
+{
+       os_free(sm->identity);
+       sm->identity = NULL;
+}