From: Jouni Malinen Date: Mon, 29 Dec 2008 17:16:48 +0000 (+0200) Subject: Disconnect the STA if EAP timeout is reached X-Git-Tag: hostap_0_6_7~47 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=libeap.git;a=commitdiff_plain;h=805e6dc66326764b3d20c5113fb538b2be6aa662 Disconnect the STA if EAP timeout is reached There is not really much else the Authenticator can do if it does not receive valid EAP response from the Supplicant/EAP peer. EAP-Failure would need to be sent before trying to start again with EAP-Request/Identity, but that is not allowed before the EAP peer actually replies. Anyway, forcing a new association is likely to clean up peer state, too, so it can help fixing some issues that could have caused the peer not to be able to reply in the first place. --- diff --git a/hostapd/ieee802_1x.c b/hostapd/ieee802_1x.c index 17c743f..eddc82f 100644 --- a/hostapd/ieee802_1x.c +++ b/hostapd/ieee802_1x.c @@ -1361,6 +1361,22 @@ void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta) os_free(sm->last_recv_radius); sm->last_recv_radius = NULL; } + + if (sm->eap_if->eapTimeout) { + /* + * Disconnect the STA since it did not reply to the last EAP + * request and we cannot continue EAP processing (EAP-Failure + * could only be sent if the EAP peer actually replied). + */ + sm->eap_if->portEnabled = FALSE; + hostapd_sta_deauth(hapd, sta->addr, + WLAN_REASON_PREV_AUTH_NOT_VALID); + sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | + WLAN_STA_AUTHORIZED); + eloop_cancel_timeout(ap_handle_timer, hapd, sta); + eloop_register_timeout(0, 0, ap_handle_timer, hapd, sta); + sta->timeout_next = STA_REMOVE; + } }