Fix WPS AP mode regression

Commit 03d3f28a698ec2c269fed35b88be30373595eee2 broke initialization of
EAPOL authenticator state machines since an error value from
wpa_auth_sta_key_mgmt() (-1) was not handled properly and the fixed
wpa_key_mgmt_wpa_psk() identified the value as a PSK-based AKM because
of all bits being set to 1. The special error value needs to handled
separately to avoid skipping EAPOL state machine initialization.

diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 28e08b9ae0c997764f9c74fe5399fd4ee43ad96c..ac0c1270010875be7f150ec253a8f62409809ff9 100644 (file)
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -680,6 +680,7 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
        struct ieee802_1x_eapol_key *key;
        u16 datalen;
        struct rsn_pmksa_cache_entry *pmksa;
+       int key_mgmt;
 
        if (!hapd->conf->ieee802_1x && !hapd->conf->wpa &&
            !hapd->conf->wps_state)
@@ -731,10 +732,19 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
                return;
        }
 
-       if ((!hapd->conf->ieee802_1x &&
-            !(sta->flags & (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS))) ||
-           wpa_key_mgmt_wpa_psk(wpa_auth_sta_key_mgmt(sta->wpa_sm)))
+       if (!hapd->conf->ieee802_1x &&
+           !(sta->flags & (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS))) {
+               wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore EAPOL message - "
+                          "802.1X not enabled and WPS not used");
                return;
+       }
+
+       key_mgmt = wpa_auth_sta_key_mgmt(sta->wpa_sm);
+       if (key_mgmt != -1 && wpa_key_mgmt_wpa_psk(key_mgmt)) {
+               wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore EAPOL message - "
+                          "STA is using PSK");
+               return;
+       }
 
        if (!sta->eapol_sm) {
                sta->eapol_sm = ieee802_1x_alloc_eapol_sm(hapd, sta);
@@ -836,6 +846,7 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
        struct rsn_pmksa_cache_entry *pmksa;
        int reassoc = 1;
        int force_1x = 0;
+       int key_mgmt;
 
 #ifdef CONFIG_WPS
        if (hapd->conf->wps_state && hapd->conf->wpa &&
@@ -849,9 +860,17 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
        }
 #endif /* CONFIG_WPS */
 
-       if ((!force_1x && !hapd->conf->ieee802_1x) ||
-           wpa_key_mgmt_wpa_psk(wpa_auth_sta_key_mgmt(sta->wpa_sm)))
+       if (!force_1x && !hapd->conf->ieee802_1x) {
+               wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore STA - "
+                          "802.1X not enabled or forced for WPS");
                return;
+       }
+
+       key_mgmt = wpa_auth_sta_key_mgmt(sta->wpa_sm);
+       if (key_mgmt != -1 && wpa_key_mgmt_wpa_psk(key_mgmt)) {
+               wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore STA - using PSK");
+               return;
+       }
 
        if (sta->eapol_sm == NULL) {
                hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,