diff options
| author | Simon Baatz <gmbnomis@gmail.com> | 2012-01-28 19:38:46 +0200 |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2012-01-28 19:38:46 +0200 |
| commit | a6689be84fdeb0caa8c5bf1a730c18d47bd12859 (patch) | |
| tree | f1e63b0047ef884b6492666c31c2f8c8f18f91bf /src/eap_peer | |
| parent | 3d0a843823a05b159eeaa47b59f9e4ec66e74a8f (diff) | |
| download | external_wpa_supplicant_8_ti-a6689be84fdeb0caa8c5bf1a730c18d47bd12859.zip external_wpa_supplicant_8_ti-a6689be84fdeb0caa8c5bf1a730c18d47bd12859.tar.gz external_wpa_supplicant_8_ti-a6689be84fdeb0caa8c5bf1a730c18d47bd12859.tar.bz2 | |
EAP-SIM peer: Append realm when learning the pseudonym
The pseudonym identity should use a realm in environments where a realm is
used. Thus, the realm of the permanent identity is added to the pseudonym
username sent by the server.
Signed-hostap: Simon Baatz <gmbnomis@gmail.com>
Diffstat (limited to 'src/eap_peer')
| -rw-r--r-- | src/eap_peer/eap_sim.c | 39 |
1 files changed, 30 insertions, 9 deletions
diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c index 06fbc5b..2e81850 100644 --- a/src/eap_peer/eap_sim.c +++ b/src/eap_peer/eap_sim.c @@ -287,24 +287,44 @@ static void eap_sim_clear_identities(struct eap_sim_data *data, int id) } -static int eap_sim_learn_ids(struct eap_sim_data *data, +static int eap_sim_learn_ids(struct eap_sm *sm, struct eap_sim_data *data, struct eap_sim_attrs *attr) { if (attr->next_pseudonym) { + const u8 *identity = NULL; + size_t identity_len = 0; + const u8 *realm = NULL; + size_t realm_len = 0; + + wpa_hexdump_ascii(MSG_DEBUG, + "EAP-SIM: (encr) AT_NEXT_PSEUDONYM", + attr->next_pseudonym, + attr->next_pseudonym_len); os_free(data->pseudonym); - data->pseudonym = os_malloc(attr->next_pseudonym_len); + /* Look for the realm of the permanent identity */ + identity = eap_get_config_identity(sm, &identity_len); + if (identity) { + for (realm = identity, realm_len = identity_len; + realm_len > 0; realm_len--, realm++) { + if (*realm == '@') + break; + } + } + data->pseudonym = os_malloc(attr->next_pseudonym_len + + realm_len); if (data->pseudonym == NULL) { wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for " "next pseudonym"); + data->pseudonym_len = 0; return -1; } os_memcpy(data->pseudonym, attr->next_pseudonym, attr->next_pseudonym_len); - data->pseudonym_len = attr->next_pseudonym_len; - wpa_hexdump_ascii(MSG_DEBUG, - "EAP-SIM: (encr) AT_NEXT_PSEUDONYM", - data->pseudonym, - data->pseudonym_len); + if (realm_len) { + os_memcpy(data->pseudonym + attr->next_pseudonym_len, + realm, realm_len); + } + data->pseudonym_len = attr->next_pseudonym_len + realm_len; } if (attr->next_reauth_id) { @@ -313,6 +333,7 @@ static int eap_sim_learn_ids(struct eap_sim_data *data, if (data->reauth_id == NULL) { wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for " "next reauth_id"); + data->reauth_id_len = 0; return -1; } os_memcpy(data->reauth_id, attr->next_reauth_id, @@ -663,7 +684,7 @@ static struct wpabuf * eap_sim_process_challenge(struct eap_sm *sm, return eap_sim_client_error( data, id, EAP_SIM_UNABLE_TO_PROCESS_PACKET); } - eap_sim_learn_ids(data, &eattr); + eap_sim_learn_ids(sm, data, &eattr); os_free(decrypted); } @@ -861,7 +882,7 @@ static struct wpabuf * eap_sim_process_reauthentication( data->nonce_s, data->mk, data->msk, data->emsk); eap_sim_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID); - eap_sim_learn_ids(data, &eattr); + eap_sim_learn_ids(sm, data, &eattr); if (data->result_ind && attr->result_ind) data->use_result_ind = 1; |