SM_STATE(AUTH_PAE, DISCONNECTED)
{
int from_initialize = sm->auth_pae.state == AUTH_PAE_INITIALIZE;
if (sm->auth_pae.state == AUTH_PAE_CONNECTING &&
sm->auth_pae.eapLogoff)
sm->auth_pae.authEapLogoffsWhileConnecting++;
SM_ENTRY(AUTH_PAE, DISCONNECTED, auth_pae);
sm->portStatus = Unauthorized;
setPortUnauthorized();
sm->auth_pae.eapLogoff = FALSE;
sm->auth_pae.reAuthCount = 0;
/* IEEE 802.1X state machine uses txCannedFail() always in this state.
* However, sending EAP packet with failure code seems to cause WinXP
* Supplicant to deauthenticate, which will set portEnabled = FALSE and
* state machines end back to INITIALIZE and then back here to send
* canned failure, and so on.. Avoid this by not sending failure packet
* when DISCONNECTED state is entered from INITIALIZE state. */
if (!from_initialize) {
txCannedFail(sm->currentId);
sm->currentId++;
}
}
SM_STATE(AUTH_PAE, HELD)
{
if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATING && sm->authFail)
sm->authAuthFailWhileAuthenticating++;
SM_ENTRY_MA(AUTH_PAE, HELD, auth_pae);
sm->authPortStatus = Unauthorized;
setPortUnauthorized();
sm->quietWhile = sm->quietPeriod;
sm->eapolLogoff = FALSE;
eapol_auth_vlogger(sm->eapol, sm->addr, EAPOL_LOGGER_WARNING,
"authentication failed - EAP type: %d (%s)",
sm->eap_type_authsrv,
eap_server_get_name(0, sm->eap_type_authsrv));
if (sm->eap_type_authsrv != sm->eap_type_supp) {
eapol_auth_vlogger(sm->eapol, sm->addr, EAPOL_LOGGER_INFO,
"Supplicant used different EAP type: "
"%d (%s)", sm->eap_type_supp,
eap_server_get_name(0, sm->eap_type_supp));
}
sm->eapol->cb.finished(sm->eapol->conf.ctx, sm->sta, 0,
sm->flags & EAPOL_SM_PREAUTH);
}
SM_STATE(AUTH_PAE, FORCE_UNAUTH)
{
SM_ENTRY_MA(AUTH_PAE, FORCE_UNAUTH, auth_pae);
sm->authPortStatus = Unauthorized;
setPortUnauthorized();
sm->portMode = ForceUnauthorized;
sm->eapolStart = FALSE;
txCannedFail();
}
SM_STATE(AUTH_PAE, FORCE_UNAUTH)
{
SM_ENTRY(AUTH_PAE, FORCE_UNAUTH, auth_pae);
sm->portStatus = Unauthorized;
setPortUnauthorized();
sm->auth_pae.portMode = ForceUnauthorized;
sm->auth_pae.eapStart = FALSE;
txCannedFail(sm->currentId);
sm->currentId++;
}
SM_STATE(AUTH_PAE, HELD)
{
if (sm->auth_pae.state == AUTH_PAE_AUTHENTICATING && sm->authFail)
sm->auth_pae.authAuthFailWhileAuthenticating++;
SM_ENTRY(AUTH_PAE, HELD, auth_pae);
sm->portStatus = Unauthorized;
setPortUnauthorized();
sm->quietWhile = sm->auth_pae.quietPeriod;
sm->auth_pae.eapLogoff = FALSE;
sm->currentId++;
}
SM_STATE(AUTH_PAE, DISCONNECTED)
{
int from_initialize = sm->auth_pae_state == AUTH_PAE_INITIALIZE;
if (sm->eapolLogoff) {
if (sm->auth_pae_state == AUTH_PAE_CONNECTING)
sm->authEapLogoffsWhileConnecting++;
else if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATED)
sm->authAuthEapLogoffWhileAuthenticated++;
}
SM_ENTRY_MA(AUTH_PAE, DISCONNECTED, auth_pae);
sm->authPortStatus = Unauthorized;
setPortUnauthorized();
sm->reAuthCount = 0;
sm->eapolLogoff = FALSE;
if (!from_initialize) {
sm->eapol->cb.finished(sm->eapol->conf.ctx, sm->sta, 0,
sm->flags & EAPOL_SM_PREAUTH);
}
}