SM_STATE(AUTH_PAE, HELD)
{
if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATING && sm->authFail)
sm->authAuthFailWhileAuthenticating++;
SM_ENTRY_MA(AUTH_PAE, HELD, auth_pae);
sm->authPortStatus = Unauthorized;
setPortUnauthorized();
sm->quietWhile = sm->quietPeriod;
sm->eapolLogoff = FALSE;
eapol_auth_vlogger(sm->eapol, sm->addr, EAPOL_LOGGER_WARNING,
"authentication failed - EAP type: %d (%s)",
sm->eap_type_authsrv,
eap_server_get_name(0, sm->eap_type_authsrv));
if (sm->eap_type_authsrv != sm->eap_type_supp) {
eapol_auth_vlogger(sm->eapol, sm->addr, EAPOL_LOGGER_INFO,
"Supplicant used different EAP type: "
"%d (%s)", sm->eap_type_supp,
eap_server_get_name(0, sm->eap_type_supp));
}
sm->eapol->cb.finished(sm->eapol->conf.ctx, sm->sta, 0,
sm->flags & EAPOL_SM_PREAUTH);
}
static void eapol_auth_tx_req(struct eapol_state_machine *sm)
{
if (sm->eap_if->eapReqData == NULL ||
wpabuf_len(sm->eap_if->eapReqData) < sizeof(struct eap_hdr)) {
eapol_auth_logger(sm->eapol, sm->addr,
EAPOL_LOGGER_DEBUG,
"TxReq called, but there is no EAP request "
"from authentication server");
return;
}
if (sm->flags & EAPOL_SM_WAIT_START) {
wpa_printf(MSG_DEBUG, "EAPOL: Drop EAPOL TX to " MACSTR
" while waiting for EAPOL-Start",
MAC2STR(sm->addr));
return;
}
sm->last_eap_id = eap_get_id(sm->eap_if->eapReqData);
eapol_auth_vlogger(sm->eapol, sm->addr, EAPOL_LOGGER_DEBUG,
"Sending EAP Packet (identifier %d)",
sm->last_eap_id);
sm->eapol->cb.eapol_send(sm->eapol->conf.ctx, sm->sta,
IEEE802_1X_TYPE_EAP_PACKET,
wpabuf_head(sm->eap_if->eapReqData),
wpabuf_len(sm->eap_if->eapReqData));
sm->dot1xAuthEapolFramesTx++;
if (eap_get_type(sm->eap_if->eapReqData) == EAP_TYPE_IDENTITY)
sm->dot1xAuthEapolReqIdFramesTx++;
else
sm->dot1xAuthEapolReqFramesTx++;
}
static void eapol_auth_tx_canned_eap(struct eapol_state_machine *sm, int success)
{
struct eap_hdr eap;
os_memset(&eap, 0, sizeof(eap));
eap.code = success ? EAP_CODE_SUCCESS : EAP_CODE_FAILURE;
eap.identifier = ++sm->last_eap_id;
eap.length = host_to_be16(sizeof(eap));
eapol_auth_vlogger(sm->eapol, sm->addr, EAPOL_LOGGER_DEBUG, "Sending canned EAP packet %s (identifier %d)", success ? "SUCCESS" : "FAILURE", eap.identifier);
sm->eapol->cb.eapol_send(sm->eapol->conf.ctx, sm->sta, IEEE802_1X_TYPE_EAP_PACKET, (u8 *)&eap, sizeof(eap));
sm->dot1xAuthEapolFramesTx++;
}
SM_STATE(AUTH_PAE, AUTHENTICATED)
{
char *extra = "";
if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATING && sm->authSuccess) {
sm->authAuthSuccessesWhileAuthenticating++;
}
SM_ENTRY_MA(AUTH_PAE, AUTHENTICATED, auth_pae);
sm->authPortStatus = Authorized;
setPortAuthorized();
sm->reAuthCount = 0;
if (sm->flags & EAPOL_SM_PREAUTH) {
extra = " (pre-authentication)";
} else if (sm->flags & EAPOL_SM_FROM_PMKSA_CACHE) {
extra = " (PMKSA cache)";
}
eapol_auth_vlogger(sm->eapol, sm->addr, EAPOL_LOGGER_INFO, "authenticated - EAP type: %d (%s)%s", sm->eap_type_authsrv, eap_server_get_name(0, sm->eap_type_authsrv), extra);
sm->eapol->cb.finished(sm->eapol->conf.ctx, sm->sta, 1, sm->flags & EAPOL_SM_PREAUTH, sm->remediation);
}
