Commit
61b2ed701291 ("Interworking: Use anonymous NAI in EAP-TTLS Phase
1") introduced a mechanism for generating an anonymous NAI specifically
for EAP-TTLS Phase 1. However, it was implemented before Passpoint R2
rules were defined for this and the implementation was not updated to
match the rules. The implementation uses the realm from the
cred::username, if present, over the separate cred::realm parameter.
However, the current Passpoint spec mandates realm from
PPS/<X+>/Credential/Realm (i.e., cred::realm in wpa_supplicant
configuration) to be used for this.
Reorder the priorities for the first two options for constructing the
anonymous identity when generating a network profile from a credential,
i.e., use cred::realm, if set, regardless of whether cred::username
contains a realm. cred::username is used as-is in Phase 2 which means
the inner and outer identities can now be configured to use different
realms.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
char *anon;
/* Use anonymous NAI in Phase 1 */
pos = os_strchr(cred->username, '@');
- if (pos) {
- size_t buflen = 9 + os_strlen(pos) + 1;
+ if (cred->realm) {
+ size_t buflen = 10 + os_strlen(cred->realm) + 1;
anon = os_malloc(buflen);
if (anon == NULL)
return -1;
- os_snprintf(anon, buflen, "anonymous%s", pos);
- } else if (cred->realm) {
- size_t buflen = 10 + os_strlen(cred->realm) + 1;
+ os_snprintf(anon, buflen, "anonymous@%s", cred->realm);
+ } else if (pos) {
+ size_t buflen = 9 + os_strlen(pos) + 1;
anon = os_malloc(buflen);
if (anon == NULL)
return -1;
- os_snprintf(anon, buflen, "anonymous@%s", cred->realm);
+ os_snprintf(anon, buflen, "anonymous%s", pos);
} else {
anon = os_strdup("anonymous");
if (anon == NULL)
projects / thirdparty / hostap.git / commitdiff
