EAP server: Force identity request after INITIALIZE for passthrough

Previously, sm->start_reauth was set to TRUE in SUCCESS2 state to force
reauthentication to start with EAP identity request. This works fine for
the case of EAP success through the AAA passthrough authentication, but
is not enough to handle passthrough authentication failure. sm->identity
is set in that case and getDecision would return PASSTHROUGH instead of
CONTINUE (to Identity method).

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index 4483508..0f4284f 100644 (file)
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -169,6 +169,13 @@ SM_STATE(EAP, INITIALIZE)
        sm->num_rounds = 0;
        sm->method_pending = METHOD_PENDING_NONE;
 
+       /*
+        * Start reauthentication with identity request even though we know the
+        * previously used identity. This is needed to get reauthentication
+        * started properly.
+        */
+       sm->start_reauth = TRUE;
+
        wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_STARTED
                MACSTR, MAC2STR(sm->peer_addr));
 }
@@ -589,13 +596,6 @@ SM_STATE(EAP, SUCCESS2)
        }
 
        sm->eap_if.eapSuccess = TRUE;
-
-       /*
-        * Start reauthentication with identity request even though we know the
-        * previously used identity. This is needed to get reauthentication
-        * started properly.
-        */
-       sm->start_reauth = TRUE;
 }