Interworking: Add credential realm to EAP-TLS identity

If the configured credential includes a username without '@' (i.e., no
realm) in it and a realm, combine these to form the EAP-Request/Identity
value as "<username>@<realm>" for EAP-TLS. This was already done for
EAP-TTLS as part of the anonymous NAI conversion, but EAP-TLS could have
ended up using a username without any realm information which would be
unlikely to work properly with roaming cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
index 9df1607e8eacb286dbe93e9751df5e0ffd867165..589ee57b0455c00b7122047d45d58ee2b606094b 100644 (file)
--- a/wpa_supplicant/interworking.c
+++ b/wpa_supplicant/interworking.c
@@ -1451,7 +1451,24 @@ static int interworking_set_eap_params(struct wpa_ssid *ssid,
                os_free(anon);
        }
 
-       if (cred->username && cred->username[0] &&
+       if (!ttls && cred->username && cred->username[0] && cred->realm &&
+           !os_strchr(cred->username, '@')) {
+               char *id;
+               size_t buflen;
+               int res;
+
+               buflen = os_strlen(cred->username) + 1 +
+                       os_strlen(cred->realm) + 1;
+
+               id = os_malloc(buflen);
+               if (!id)
+                       return -1;
+               os_snprintf(id, buflen, "%s@%s", cred->username, cred->realm);
+               res = wpa_config_set_quoted(ssid, "identity", id);
+               os_free(id);
+               if (res < 0)
+                       return -1;
+       } else if (cred->username && cred->username[0] &&
            wpa_config_set_quoted(ssid, "identity", cred->username) < 0)
                return -1;