RADIUS server: Accept ERP keyName-NAI as user identity

Previously the EAP user database had to include a wildcard entry for ERP
to work since the keyName-NAI as User-Name in Access-Request would not
be recognized without such wildcard entry (that could point to any EAP
method). This is not ideal, so add a separate check to allow any stored
ERP keyName-NAI to be used for ERP without any requirement for the EAP
user database to contain a matching entry.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 095144d8d6998bdca4da938c87c3ce45d1603710..b621ada554ee918048f3e23e21a005cdcc308542 100644 (file)
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -676,6 +676,23 @@ static void radius_server_testing_options(struct radius_session *sess,
 }
 
 
+#ifdef CONFIG_ERP
+static struct eap_server_erp_key *
+radius_server_erp_find_key(struct radius_server_data *data, const char *keyname)
+{
+       struct eap_server_erp_key *erp;
+
+       dl_list_for_each(erp, &data->erp_keys, struct eap_server_erp_key,
+                        list) {
+               if (os_strcmp(erp->keyname_nai, keyname) == 0)
+                       return erp;
+       }
+
+       return NULL;
+}
+#endif /* CONFIG_ERP */
+
+
 static struct radius_session *
 radius_server_get_new_session(struct radius_server_data *data,
                              struct radius_client *client,
@@ -702,6 +719,19 @@ radius_server_get_new_session(struct radius_server_data *data,
                return NULL;
 
        res = data->get_eap_user(data->conf_ctx, user, user_len, 0, tmp);
+#ifdef CONFIG_ERP
+       if (res != 0 && data->erp) {
+               char *username;
+
+               username = os_zalloc(user_len + 1);
+               if (username) {
+                       os_memcpy(username, user, user_len);
+                       if (radius_server_erp_find_key(data, username))
+                               res = 0;
+                       os_free(username);
+               }
+       }
+#endif /* CONFIG_ERP */
        if (res != 0) {
                RADIUS_DEBUG("User-Name not found from user database");
                eap_user_free(tmp);
@@ -2706,15 +2736,8 @@ radius_server_erp_get_key(void *ctx, const char *keyname)
 {
        struct radius_session *sess = ctx;
        struct radius_server_data *data = sess->server;
-       struct eap_server_erp_key *erp;
 
-       dl_list_for_each(erp, &data->erp_keys, struct eap_server_erp_key,
-                        list) {
-               if (os_strcmp(erp->keyname_nai, keyname) == 0)
-                       return erp;
-       }
-
-       return NULL;
+       return radius_server_erp_find_key(data, keyname);
 }