EAP server: Allow reauth to be started with passthrough

Some sequencies of EAPOL logoff/logon/start messages seem to be
able to get the previous implementation into state where hostapd
would not be able to start reauthentication when external
authentication server is used. The EAP server code would bypass
the initial Identity Request generation and EAPOL code would not
be able to send anything to the authentication server or supplicant
at that point. Work around this by forcing EAP server code to
start with Identity Request after INITIALIZE state even if the
Identity is known.

diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index 5812b33..6dae69b 100644 (file)
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -147,6 +147,13 @@ SM_STATE(EAP, INITIALIZE)
        sm->eap_if.eapRestart = FALSE;
 
        /*
        sm->eap_if.eapRestart = FALSE;
 
        /*

+        * Start reauthentication with identity request even if we know the
+        * previously used identity. This is needed to get reauthentication
+        * started properly.
+        */
+       sm->start_reauth = TRUE;
+
+       /*

         * This is not defined in RFC 4137, but method state needs to be
         * reseted here so that it does not remain in success state when
         * re-authentication starts.
         * This is not defined in RFC 4137, but method state needs to be
         * reseted here so that it does not remain in success state when
         * re-authentication starts.