From: Jouni Malinen Date: Sat, 1 May 2010 14:35:28 +0000 (+0300) Subject: Fix fallback from failed PMKSA caching into full EAP authentication X-Git-Tag: hostap-1-bp~1307 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b4a1256d3660a2b5239062a9b42de79b8a34286a;p=thirdparty%2Fhostap.git Fix fallback from failed PMKSA caching into full EAP authentication Commit 83935317a78fb4157eb6e5134527b9311dbf7b8c added forced disconnection in case of 4-way handshake failures. However, it should not have changed the case where the supplicant is requesting fallback to full EAP authentication if the PMKID in EAPOL-Key message 1/4 is not know. This case needs to send an EAPOL-Start frame instead of EAPOL-Key message 2/4. This works around a problem with APs that try to force PMKSA caching even when the client does not include PMKID in (re)association request frame to request it. [Bug 355] --- diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 885d17326..9439f9721 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -231,6 +231,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm, wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, buf, buflen); os_free(buf); + return -2; } return -1; @@ -361,6 +362,7 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, struct wpa_eapol_ie_parse ie; struct wpa_ptk *ptk; u8 buf[8]; + int res; if (wpa_sm_get_network_ctx(sm) == NULL) { wpa_printf(MSG_WARNING, "WPA: No SSID info found (msg 1 of " @@ -388,7 +390,13 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, } #endif /* CONFIG_NO_WPA2 */ - if (wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid)) + res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); + if (res == -2) { + wpa_printf(MSG_DEBUG, "RSN: Do not reply to msg 1/4 - " + "requesting full EAP authentication"); + return; + } + if (res) goto failed; if (sm->renew_snonce) {