DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP-SIM peer: Append realm when learning the pseudonym

Browse source 
The pseudonym identity should use a realm in environments where a realm is
used. Thus, the realm of the permanent identity is added to the pseudonym
username sent by the server.

Signed-hostap: Simon Baatz <gmbnomis@gmail.com>
This commit is contained in:
Simon Baatz 2012-01-28 19:38:46 +02:00 committed by Jouni Malinen
parent 3d0a843823
commit a6689be84f
1 changed files with 30 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
src/eap_peer/eap_sim.c
View file

@ -287,24 +287,44 @@ static void eap_sim_clear_identities(struct eap_sim_data *data, int id)
} }
static int eap_sim_learn_ids(struct eap_sim_data *data, static int eap_sim_learn_ids(struct eap_sm *sm, struct eap_sim_data *data,
struct eap_sim_attrs *attr) struct eap_sim_attrs *attr)
{ {
if (attr->next_pseudonym) { if (attr->next_pseudonym) {
const u8 *identity = NULL;
size_t identity_len = 0;
const u8 *realm = NULL;
size_t realm_len = 0;
wpa_hexdump_ascii(MSG_DEBUG,
"EAP-SIM: (encr) AT_NEXT_PSEUDONYM",
attr->next_pseudonym,
attr->next_pseudonym_len);
os_free(data->pseudonym); os_free(data->pseudonym);
data->pseudonym = os_malloc(attr->next_pseudonym_len); /* Look for the realm of the permanent identity */
identity = eap_get_config_identity(sm, &identity_len);
if (identity) {
for (realm = identity, realm_len = identity_len;
realm_len > 0; realm_len--, realm++) {
if (*realm == '@')
break;
}
}
data->pseudonym = os_malloc(attr->next_pseudonym_len +
realm_len);
if (data->pseudonym == NULL) { if (data->pseudonym == NULL) {
wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for " wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for "
"next pseudonym"); "next pseudonym");
data->pseudonym_len = 0;
return -1; return -1;
} }
os_memcpy(data->pseudonym, attr->next_pseudonym, os_memcpy(data->pseudonym, attr->next_pseudonym,
attr->next_pseudonym_len); attr->next_pseudonym_len);
data->pseudonym_len = attr->next_pseudonym_len; if (realm_len) {
wpa_hexdump_ascii(MSG_DEBUG, os_memcpy(data->pseudonym + attr->next_pseudonym_len,
"EAP-SIM: (encr) AT_NEXT_PSEUDONYM", realm, realm_len);
data->pseudonym, }
data->pseudonym_len); data->pseudonym_len = attr->next_pseudonym_len + realm_len;
} }
if (attr->next_reauth_id) { if (attr->next_reauth_id) {
@ -313,6 +333,7 @@ static int eap_sim_learn_ids(struct eap_sim_data *data,
if (data->reauth_id == NULL) { if (data->reauth_id == NULL) {
wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for " wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for "
"next reauth_id"); "next reauth_id");
data->reauth_id_len = 0;
return -1; return -1;
} }
os_memcpy(data->reauth_id, attr->next_reauth_id, os_memcpy(data->reauth_id, attr->next_reauth_id,
@ -663,7 +684,7 @@ static struct wpabuf * eap_sim_process_challenge(struct eap_sm *sm,
return eap_sim_client_error( return eap_sim_client_error(
data, id, EAP_SIM_UNABLE_TO_PROCESS_PACKET); data, id, EAP_SIM_UNABLE_TO_PROCESS_PACKET);
} }
eap_sim_learn_ids(data, &eattr); eap_sim_learn_ids(sm, data, &eattr);
os_free(decrypted); os_free(decrypted);
} }
@ -861,7 +882,7 @@ static struct wpabuf * eap_sim_process_reauthentication(
data->nonce_s, data->mk, data->msk, data->nonce_s, data->mk, data->msk,
data->emsk); data->emsk);
eap_sim_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID); eap_sim_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
eap_sim_learn_ids(data, &eattr); eap_sim_learn_ids(sm, data, &eattr);
if (data->result_ind && attr->result_ind) if (data->result_ind && attr->result_ind)
data->use_result_ind = 1; data->use_result_ind = 1;