EAP: Make method and IMSI available from server structures

Expose EAP method and IMSI from the completed (or ongoing) EAP
authentication session. These are needed for implementing Hotspot 2.0
SIM provisioning.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2018-12-14 15:56:16 +02:00 committed by Jouni Malinen
parent fb2dc898d6
commit 79fec6a92d
5 changed files with 36 additions and 0 deletions

View file

@ -153,6 +153,8 @@ void eap_sm_pending_cb(struct eap_sm *sm);
int eap_sm_method_pending(struct eap_sm *sm); int eap_sm_method_pending(struct eap_sm *sm);
const u8 * eap_get_identity(struct eap_sm *sm, size_t *len); const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
const char * eap_get_serial_num(struct eap_sm *sm); const char * eap_get_serial_num(struct eap_sm *sm);
const char * eap_get_method(struct eap_sm *sm);
const char * eap_get_imsi(struct eap_sm *sm);
struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm); struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
void eap_server_clear_identity(struct eap_sm *sm); void eap_server_clear_identity(struct eap_sm *sm);
void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source, void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,

View file

@ -160,6 +160,7 @@ struct eap_sm {
u8 *identity; u8 *identity;
size_t identity_len; size_t identity_len;
char *serial_num; char *serial_num;
char imsi[20];
/* Whether Phase 2 method should validate identity match */ /* Whether Phase 2 method should validate identity match */
int require_identity_match; int require_identity_match;
int lastId; /* Identifier used in the last EAP-Packet */ int lastId; /* Identifier used in the last EAP-Packet */

View file

@ -2003,6 +2003,32 @@ const char * eap_get_serial_num(struct eap_sm *sm)
} }
/**
* eap_get_method - Get the used EAP method
* @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
* Returns: Pointer to the method name or %NULL if not available
*/
const char * eap_get_method(struct eap_sm *sm)
{
if (!sm || !sm->m)
return NULL;
return sm->m->name;
}
/**
* eap_get_imsi - Get IMSI of the user
* @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
* Returns: Pointer to IMSI or %NULL if not available
*/
const char * eap_get_imsi(struct eap_sm *sm)
{
if (!sm || sm->imsi[0] == '\0')
return NULL;
return sm->imsi;
}
void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len) void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len)
{ {
#ifdef CONFIG_ERP #ifdef CONFIG_ERP

View file

@ -796,6 +796,10 @@ static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data)
return; return;
} }
if (data->permanent[0] == EAP_AKA_PERMANENT_PREFIX ||
data->permanent[0] == EAP_AKA_PRIME_PERMANENT_PREFIX)
os_strlcpy(sm->imsi, &data->permanent[1], sizeof(sm->imsi));
#ifdef EAP_SERVER_AKA_PRIME #ifdef EAP_SERVER_AKA_PRIME
if (data->eap_method == EAP_TYPE_AKA_PRIME) { if (data->eap_method == EAP_TYPE_AKA_PRIME) {
/* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the /* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the

View file

@ -535,6 +535,9 @@ skip_id_update:
goto failed; goto failed;
} }
if (data->permanent[0] == EAP_SIM_PERMANENT_PREFIX)
os_strlcpy(sm->imsi, &data->permanent[1], sizeof(sm->imsi));
identity_len = sm->identity_len; identity_len = sm->identity_len;
while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') { while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
wpa_printf(MSG_DEBUG, "EAP-SIM: Workaround - drop last null " wpa_printf(MSG_DEBUG, "EAP-SIM: Workaround - drop last null "