EAP: Make method and IMSI available from server structures

Expose EAP method and IMSI from the completed (or ongoing) EAP
authentication session. These are needed for implementing Hotspot 2.0
SIM provisioning.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h
index 4fbc661c22fe258e35ea9d0bfca2e36fc6aa54c5..45e1212cff44d50085aac4afc74b60efad8804cf 100644 (file)
--- a/src/eap_server/eap.h
+++ b/src/eap_server/eap.h
@@ -153,6 +153,8 @@ void eap_sm_pending_cb(struct eap_sm *sm);
 int eap_sm_method_pending(struct eap_sm *sm);
 const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
 const char * eap_get_serial_num(struct eap_sm *sm);
+const char * eap_get_method(struct eap_sm *sm);
+const char * eap_get_imsi(struct eap_sm *sm);
 struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
 void eap_server_clear_identity(struct eap_sm *sm);
 void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,

diff --git a/src/eap_server/eap_i.h b/src/eap_server/eap_i.h
index cf8a9f0d98e1fda835594394fd3acffaee5644fc..1cade10bee554f31fbcd4096a7419d686674efd8 100644 (file)
--- a/src/eap_server/eap_i.h
+++ b/src/eap_server/eap_i.h
@@ -160,6 +160,7 @@ struct eap_sm {
        u8 *identity;
        size_t identity_len;
        char *serial_num;
+       char imsi[20];
        /* Whether Phase 2 method should validate identity match */
        int require_identity_match;
        int lastId; /* Identifier used in the last EAP-Packet */

diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index 38a1b5c9ee220402b13a2025f4a3c91340af2553..b33f6324e604824d6b5e66b7a87a2ff992941943 100644 (file)
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -2003,6 +2003,32 @@ const char * eap_get_serial_num(struct eap_sm *sm)
 }
 
 
+/**
+ * eap_get_method - Get the used EAP method
+ * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
+ * Returns: Pointer to the method name or %NULL if not available
+ */
+const char * eap_get_method(struct eap_sm *sm)
+{
+       if (!sm || !sm->m)
+               return NULL;
+       return sm->m->name;
+}
+
+
+/**
+ * eap_get_imsi - Get IMSI of the user
+ * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
+ * Returns: Pointer to IMSI or %NULL if not available
+ */
+const char * eap_get_imsi(struct eap_sm *sm)
+{
+       if (!sm || sm->imsi[0] == '\0')
+               return NULL;
+       return sm->imsi;
+}
+
+
 void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len)
 {
 #ifdef CONFIG_ERP

diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c
index 175021163c1df188b06c2aecb662815746ca9c95..1bea706d4990e24f4551b7daa3950c445822ea4b 100644 (file)
--- a/src/eap_server/eap_server_aka.c
+++ b/src/eap_server/eap_server_aka.c
@@ -796,6 +796,10 @@ static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data)
                return;
        }
 
+       if (data->permanent[0] == EAP_AKA_PERMANENT_PREFIX ||
+           data->permanent[0] == EAP_AKA_PRIME_PERMANENT_PREFIX)
+               os_strlcpy(sm->imsi, &data->permanent[1], sizeof(sm->imsi));
+
 #ifdef EAP_SERVER_AKA_PRIME
        if (data->eap_method == EAP_TYPE_AKA_PRIME) {
                /* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the

diff --git a/src/eap_server/eap_server_sim.c b/src/eap_server/eap_server_sim.c
index 10637d4c66b9096b569b1c422d62ebf629c24421..128782735fb3822dbadb31d96a47338e79bdf0cf 100644 (file)
--- a/src/eap_server/eap_server_sim.c
+++ b/src/eap_server/eap_server_sim.c
@@ -535,6 +535,9 @@ skip_id_update:
                goto failed;
        }
 
+       if (data->permanent[0] == EAP_SIM_PERMANENT_PREFIX)
+               os_strlcpy(sm->imsi, &data->permanent[1], sizeof(sm->imsi));
+
        identity_len = sm->identity_len;
        while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
                wpa_printf(MSG_DEBUG, "EAP-SIM: Workaround - drop last null "