From: Jouni Malinen Date: Sun, 15 Feb 2009 15:36:49 +0000 (+0200) Subject: Do not try session resumption after EAP failure X-Git-Tag: hostap_0_7_0~516 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f2d8fc3d9670ae90a04f38d4344d8dfc0f0929ab;p=thirdparty%2Fhostap.git Do not try session resumption after EAP failure If session resumption fails for any reason, do not try it again because that is just likely to fail. Instead, drop back to using full authentication which may work. This is a workaround for servers that do not like session resumption, but do not know how to fall back to full authentication properly. --- diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c index 5f1c9e04e..e8e504af5 100644 --- a/src/eap_peer/eap.c +++ b/src/eap_peer/eap.c @@ -134,7 +134,8 @@ SM_STATE(EAP, INITIALIZE) { SM_ENTRY(EAP, INITIALIZE); if (sm->fast_reauth && sm->m && sm->m->has_reauth_data && - sm->m->has_reauth_data(sm, sm->eap_method_priv)) { + sm->m->has_reauth_data(sm, sm->eap_method_priv) && + !sm->prev_failure) { wpa_printf(MSG_DEBUG, "EAP: maintaining EAP method data for " "fast reauthentication"); sm->m->deinit_for_reauth(sm, sm->eap_method_priv); @@ -165,6 +166,7 @@ SM_STATE(EAP, INITIALIZE) eapol_set_bool(sm, EAPOL_eapResp, FALSE); eapol_set_bool(sm, EAPOL_eapNoResp, FALSE); sm->num_rounds = 0; + sm->prev_failure = 0; } @@ -505,6 +507,8 @@ SM_STATE(EAP, FAILURE) wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE "EAP authentication failed"); + + sm->prev_failure = 1; } diff --git a/src/eap_peer/eap_i.h b/src/eap_peer/eap_i.h index 4b7029ee5..e7c826ee8 100644 --- a/src/eap_peer/eap_i.h +++ b/src/eap_peer/eap_i.h @@ -333,6 +333,8 @@ struct eap_sm { int force_disabled; struct wps_context *wps; + + int prev_failure; }; const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);