From 3580ed8266f673b41ba494b1b2c823d145064439 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Tue, 9 Apr 2019 00:10:20 +0300
Subject: [PATCH] RADIUS server: Accept ERP keyName-NAI as user identity

Previously the EAP user database had to include a wildcard entry for ERP
to work since the keyName-NAI as User-Name in Access-Request would not
be recognized without such wildcard entry (that could point to any EAP
method). This is not ideal, so add a separate check to allow any stored
ERP keyName-NAI to be used for ERP without any requirement for the EAP
user database to contain a matching entry.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
 src/radius/radius_server.c | 39 ++++++++++++++++++++++++++++++--------
 1 file changed, 31 insertions(+), 8 deletions(-)

diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 095144d8d..b621ada55 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -676,6 +676,23 @@ static void radius_server_testing_options(struct radius_session *sess,
 }
 
 
+#ifdef CONFIG_ERP
+static struct eap_server_erp_key *
+radius_server_erp_find_key(struct radius_server_data *data, const char *keyname)
+{
+	struct eap_server_erp_key *erp;
+
+	dl_list_for_each(erp, &data->erp_keys, struct eap_server_erp_key,
+			 list) {
+		if (os_strcmp(erp->keyname_nai, keyname) == 0)
+			return erp;
+	}
+
+	return NULL;
+}
+#endif /* CONFIG_ERP */
+
+
 static struct radius_session *
 radius_server_get_new_session(struct radius_server_data *data,
 			      struct radius_client *client,
@@ -702,6 +719,19 @@ radius_server_get_new_session(struct radius_server_data *data,
 		return NULL;
 
 	res = data->get_eap_user(data->conf_ctx, user, user_len, 0, tmp);
+#ifdef CONFIG_ERP
+	if (res != 0 && data->erp) {
+		char *username;
+
+		username = os_zalloc(user_len + 1);
+		if (username) {
+			os_memcpy(username, user, user_len);
+			if (radius_server_erp_find_key(data, username))
+				res = 0;
+			os_free(username);
+		}
+	}
+#endif /* CONFIG_ERP */
 	if (res != 0) {
 		RADIUS_DEBUG("User-Name not found from user database");
 		eap_user_free(tmp);
@@ -2706,15 +2736,8 @@ radius_server_erp_get_key(void *ctx, const char *keyname)
 {
 	struct radius_session *sess = ctx;
 	struct radius_server_data *data = sess->server;
-	struct eap_server_erp_key *erp;
 
-	dl_list_for_each(erp, &data->erp_keys, struct eap_server_erp_key,
-			 list) {
-		if (os_strcmp(erp->keyname_nai, keyname) == 0)
-			return erp;
-	}
-
-	return NULL;
+	return radius_server_erp_find_key(data, keyname);
 }