From: Jouni Malinen <j@w1.fi>
Date: Sat, 20 Mar 2021 11:36:55 +0000 (+0200)
Subject: Fix full EAP authentication after PMKSA cache add failure
X-Git-Tag: hostap_2_10~363
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c8842f0e025a3cb08cb2d47db154e0eaeaa0706;p=thirdparty%2Fhostap.git

Fix full EAP authentication after PMKSA cache add failure

Need to get EAP state machine into a state where it is willing to
proceed with a new EAP-Request/Identity if PMKSA cache addition fails
after a successful EAP authentication before the initial 4-way handshake
can be completed.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 9a5ba7b87..672d66428 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -451,6 +451,10 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
 		buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
 					 NULL, 0, &buflen, NULL);
 		if (buf) {
+			/* Set and reset eapFail to allow EAP state machine to
+			 * proceed with new authentication. */
+			eapol_sm_notify_eap_fail(sm->eapol, true);
+			eapol_sm_notify_eap_fail(sm->eapol, false);
 			wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
 					  buf, buflen);
 			os_free(buf);