diff options
author | Etan Cohen <etancohen@google.com> | 2019-05-30 17:34:24 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2019-05-30 17:34:24 +0000 |
commit | 811b01bb75c67c51e1c0a34a94ded69858043dcd (patch) | |
tree | 91bdb74b1545eaa7d73e6dd7e686fcb2f243fa8a | |
parent | 6690473353af45e9c6572aa3fc575ef954c0f39b (diff) | |
parent | ce6fb5bb0770d9848911fe81c99cefd642433c25 (diff) | |
download | wpa_supplicant_8-811b01bb75c67c51e1c0a34a94ded69858043dcd.tar.gz |
Merge "[wpa_supplicant] Add support for anonymous@<realm>" into qt-dev
-rw-r--r-- | src/eap_peer/eap_aka.c | 15 | ||||
-rw-r--r-- | src/eap_peer/eap_sim.c | 17 |
2 files changed, 27 insertions, 5 deletions
diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c index a4441413..a96a39f4 100644 --- a/src/eap_peer/eap_aka.c +++ b/src/eap_peer/eap_aka.c @@ -57,6 +57,7 @@ struct eap_aka_data { u16 last_kdf_attrs[EAP_AKA_PRIME_KDF_MAX]; size_t last_kdf_count; int error_code; + int anonymous_flag; }; @@ -93,6 +94,7 @@ static void * eap_aka_init(struct eap_sm *sm) struct eap_aka_data *data; const char *phase1 = eap_get_config_phase1(sm); struct eap_peer_config *config = eap_get_config(sm); + static const char *anonymous_id_prefix = "anonymous@"; data = os_zalloc(sizeof(*data)); if (data == NULL) @@ -107,6 +109,7 @@ static void * eap_aka_init(struct eap_sm *sm) data->prev_id = -1; data->result_ind = phase1 && os_strstr(phase1, "result_ind=1") != NULL; + data->anonymous_flag = 0; data->use_pseudonym = !sm->init_phase2; if (config && config->anonymous_identity && data->use_pseudonym) { @@ -115,6 +118,13 @@ static void * eap_aka_init(struct eap_sm *sm) os_memcpy(data->pseudonym, config->anonymous_identity, config->anonymous_identity_len); data->pseudonym_len = config->anonymous_identity_len; + if (data->pseudonym_len > os_strlen(anonymous_id_prefix) && + !os_memcmp(data->pseudonym, anonymous_id_prefix, + os_strlen(anonymous_id_prefix))) { + data->anonymous_flag = 1; + wpa_printf(MSG_DEBUG, + "EAP-AKA: Setting anonymous@realm flag"); + } } } @@ -417,6 +427,7 @@ static int eap_aka_learn_ids(struct eap_sm *sm, struct eap_aka_data *data, if (data->use_pseudonym) eap_set_anon_id(sm, data->pseudonym, data->pseudonym_len); + data->anonymous_flag = 0; } if (attr->next_reauth_id) { @@ -622,7 +633,7 @@ static struct wpabuf * eap_aka_response_identity(struct eap_sm *sm, identity_len = data->reauth_id_len; data->reauth = 1; } else if ((id_req == ANY_ID || id_req == FULLAUTH_ID) && - data->pseudonym) { + data->pseudonym && !data->anonymous_flag) { identity = data->pseudonym; identity_len = data->pseudonym_len; eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID); @@ -1026,7 +1037,7 @@ static struct wpabuf * eap_aka_process_challenge(struct eap_sm *sm, if (data->last_eap_identity) { identity = data->last_eap_identity; identity_len = data->last_eap_identity_len; - } else if (data->pseudonym) { + } else if (data->pseudonym && !data->anonymous_flag) { identity = data->pseudonym; identity_len = data->pseudonym_len; } else { diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c index ba5eea9d..6989aa88 100644 --- a/src/eap_peer/eap_sim.c +++ b/src/eap_peer/eap_sim.c @@ -48,6 +48,7 @@ struct eap_sim_data { int result_ind, use_result_ind; int use_pseudonym; int error_code; + int anonymous_flag; }; @@ -83,6 +84,7 @@ static void * eap_sim_init(struct eap_sm *sm) { struct eap_sim_data *data; struct eap_peer_config *config = eap_get_config(sm); + static const char *anonymous_id_prefix = "anonymous@"; data = os_zalloc(sizeof(*data)); if (data == NULL) @@ -97,7 +99,7 @@ static void * eap_sim_init(struct eap_sm *sm) /* Zero is a valid error code, so we need to initialize */ data->error_code = NO_EAP_METHOD_ERROR; - + data->anonymous_flag = 0; data->min_num_chal = 2; if (config && config->phase1) { char *pos = os_strstr(config->phase1, "sim_min_num_chal="); @@ -127,6 +129,14 @@ static void * eap_sim_init(struct eap_sm *sm) os_memcpy(data->pseudonym, config->anonymous_identity, config->anonymous_identity_len); data->pseudonym_len = config->anonymous_identity_len; + if (data->pseudonym_len > os_strlen(anonymous_id_prefix) && + !os_memcmp(data->pseudonym, anonymous_id_prefix, + os_strlen(anonymous_id_prefix))) { + data->anonymous_flag = 1; + wpa_printf(MSG_DEBUG, + "EAP-SIM: Setting anonymous@realm flag"); + } + } } @@ -437,6 +447,7 @@ static int eap_sim_learn_ids(struct eap_sm *sm, struct eap_sim_data *data, if (data->use_pseudonym) eap_set_anon_id(sm, data->pseudonym, data->pseudonym_len); + data->anonymous_flag = 0; } if (attr->next_reauth_id) { @@ -492,7 +503,7 @@ static struct wpabuf * eap_sim_response_start(struct eap_sm *sm, identity_len = data->reauth_id_len; data->reauth = 1; } else if ((id_req == ANY_ID || id_req == FULLAUTH_ID) && - data->pseudonym) { + data->pseudonym && !data->anonymous_flag) { identity = data->pseudonym; identity_len = data->pseudonym_len; eap_sim_clear_identities(sm, data, CLEAR_REAUTH_ID); @@ -768,7 +779,7 @@ static struct wpabuf * eap_sim_process_challenge(struct eap_sm *sm, if (data->last_eap_identity) { identity = data->last_eap_identity; identity_len = data->last_eap_identity_len; - } else if (data->pseudonym) { + } else if (data->pseudonym && !data->anonymous_flag) { identity = data->pseudonym; identity_len = data->pseudonym_len; } else { |