EAP-SIM peer: Append realm when learning the pseudonym

The pseudonym identity should use a realm in environments where a realm is
used. Thus, the realm of the permanent identity is added to the pseudonym
username sent by the server.

Signed-hostap: Simon Baatz <gmbnomis@gmail.com>

diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index 06fbc5bdb576803601189e50e6b398ef5db86717..2e81850d0cdc42dd3e9e25db2d6091929ac37e62 100644 (file)
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -287,24 +287,44 @@ static void eap_sim_clear_identities(struct eap_sim_data *data, int id)
 }
 
 
-static int eap_sim_learn_ids(struct eap_sim_data *data,
+static int eap_sim_learn_ids(struct eap_sm *sm, struct eap_sim_data *data,
                             struct eap_sim_attrs *attr)
 {
        if (attr->next_pseudonym) {
+               const u8 *identity = NULL;
+               size_t identity_len = 0;
+               const u8 *realm = NULL;
+               size_t realm_len = 0;
+
+               wpa_hexdump_ascii(MSG_DEBUG,
+                                 "EAP-SIM: (encr) AT_NEXT_PSEUDONYM",
+                                 attr->next_pseudonym,
+                                 attr->next_pseudonym_len);
                os_free(data->pseudonym);
-               data->pseudonym = os_malloc(attr->next_pseudonym_len);
+               /* Look for the realm of the permanent identity */
+               identity = eap_get_config_identity(sm, &identity_len);
+               if (identity) {
+                       for (realm = identity, realm_len = identity_len;
+                            realm_len > 0; realm_len--, realm++) {
+                               if (*realm == '@')
+                                       break;
+                       }
+               }
+               data->pseudonym = os_malloc(attr->next_pseudonym_len +
+                                           realm_len);
                if (data->pseudonym == NULL) {
                        wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for "
                                   "next pseudonym");
+                       data->pseudonym_len = 0;
                        return -1;
                }
                os_memcpy(data->pseudonym, attr->next_pseudonym,
                          attr->next_pseudonym_len);
-               data->pseudonym_len = attr->next_pseudonym_len;
-               wpa_hexdump_ascii(MSG_DEBUG,
-                                 "EAP-SIM: (encr) AT_NEXT_PSEUDONYM",
-                                 data->pseudonym,
-                                 data->pseudonym_len);
+               if (realm_len) {
+                       os_memcpy(data->pseudonym + attr->next_pseudonym_len,
+                                 realm, realm_len);
+               }
+               data->pseudonym_len = attr->next_pseudonym_len + realm_len;
        }
 
        if (attr->next_reauth_id) {
@@ -313,6 +333,7 @@ static int eap_sim_learn_ids(struct eap_sim_data *data,
                if (data->reauth_id == NULL) {
                        wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for "
                                   "next reauth_id");
+                       data->reauth_id_len = 0;
                        return -1;
                }
                os_memcpy(data->reauth_id, attr->next_reauth_id,
@@ -663,7 +684,7 @@ static struct wpabuf * eap_sim_process_challenge(struct eap_sm *sm,
                        return eap_sim_client_error(
                                data, id, EAP_SIM_UNABLE_TO_PROCESS_PACKET);
                }
-               eap_sim_learn_ids(data, &eattr);
+               eap_sim_learn_ids(sm, data, &eattr);
                os_free(decrypted);
        }
 
@@ -861,7 +882,7 @@ static struct wpabuf * eap_sim_process_reauthentication(
                                   data->nonce_s, data->mk, data->msk,
                                   data->emsk);
        eap_sim_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
-       eap_sim_learn_ids(data, &eattr);
+       eap_sim_learn_ids(sm, data, &eattr);
 
        if (data->result_ind && attr->result_ind)
                data->use_result_ind = 1;