EAP-SIM/AKA server: Allow pseudonym to be used after unknown reauth id

author Jouni Malinen <jouni@qca.qualcomm.com>

Fri, 15 Jun 2012 15:49:54 +0000 (18:49 +0300)

committer Jouni Malinen <j@w1.fi>

Fri, 15 Jun 2012 15:49:54 +0000 (18:49 +0300)
author Jouni Malinen <jouni@qca.qualcomm.com>
Fri, 15 Jun 2012 15:49:54 +0000 (18:49 +0300)
committer Jouni Malinen <j@w1.fi>
Fri, 15 Jun 2012 15:49:54 +0000 (18:49 +0300)
diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c

index de05dd5a4607001e1df11bc39145dd4ecf3b969d..9cd550936128e47f6748faceaf7a0699de058145 100644 (file)
--- a/src/eap_server/eap_server_aka.c
+++ b/src/eap_server/eap_server_aka.c
@@ -266,8 +266,18 @@ static struct wpabuf * eap_aka_build_identity(struct eap_sm *sm,
                                EAP_AKA_SUBTYPE_IDENTITY);
         if (eap_sim_db_identity_known(sm->eap_sim_db_priv, sm->identity,
                                       sm->identity_len)) {
-               wpa_printf(MSG_DEBUG, "   AT_PERMANENT_ID_REQ");
-               eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0);
+               if (sm->identity_len > 0 &&
+                   (sm->identity[0] == EAP_AKA_REAUTH_ID_PREFIX ||
+                    sm->identity[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX)) {
+                       /* Reauth id may have expired - try fullauth */
+                       wpa_printf(MSG_DEBUG, "   AT_FULLAUTH_ID_REQ");
+                       eap_sim_msg_add(msg, EAP_SIM_AT_FULLAUTH_ID_REQ, 0,
+                                       NULL, 0);
+               } else {
+                       wpa_printf(MSG_DEBUG, "   AT_PERMANENT_ID_REQ");
+                       eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0,
+                                       NULL, 0);
+               }
         } else {
                 /*
                  * RFC 4187, Chap. 4.1.4 recommends that identity from EAP is
diff --git a/src/eap_server/eap_server_sim.c b/src/eap_server/eap_server_sim.c

index 60ab0d4c4111d8e11db04bfd0896121f0f481704..6658d9c1e1dfbef9fd061121463d1a919ce50430 100644 (file)
--- a/src/eap_server/eap_server_sim.c
+++ b/src/eap_server/eap_server_sim.c
@@ -107,8 +107,17 @@ static struct wpabuf * eap_sim_build_start(struct eap_sm *sm,
                                EAP_SIM_SUBTYPE_START);
         if (eap_sim_db_identity_known(sm->eap_sim_db_priv, sm->identity,
                                       sm->identity_len)) {
-               wpa_printf(MSG_DEBUG, "   AT_PERMANENT_ID_REQ");
-               eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0);
+               if (sm->identity_len > 0 &&
+                   sm->identity[0] == EAP_SIM_REAUTH_ID_PREFIX) {
+                       /* Reauth id may have expired - try fullauth */
+                       wpa_printf(MSG_DEBUG, "   AT_FULLAUTH_ID_REQ");
+                       eap_sim_msg_add(msg, EAP_SIM_AT_FULLAUTH_ID_REQ, 0,
+                                       NULL, 0);
+               } else {
+                       wpa_printf(MSG_DEBUG, "   AT_PERMANENT_ID_REQ");
+                       eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0,
+                                       NULL, 0);
+               }
         } else {
                 /*
                  * RFC 4186, Chap. 4.2.4 recommends that identity from EAP is
author	Jouni Malinen <jouni@qca.qualcomm.com>
	Fri, 15 Jun 2012 15:49:54 +0000 (18:49 +0300)
committer	Jouni Malinen <j@w1.fi>
	Fri, 15 Jun 2012 15:49:54 +0000 (18:49 +0300)
src/eap_server/eap_server_aka.c		patch \| blob \| blame \| history
src/eap_server/eap_server_sim.c		patch \| blob \| blame \| history