EAP-SIM: Keep pseudonym identity

The pseudonym is a temporary identity, but is no one-time identifier (like
the fast re-authentication identity). Thus, do not forget it if the server
does not include it in every challenge. There are servers that include the
pseudonym identity only at full-auth. [Bug 424]

diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index 6677063a7bea970dad67acfabfcd0600989e8310..f65802e22bab2e0704de3a51b7dd374ee405e466 100644 (file)
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -649,11 +649,11 @@ static struct wpabuf * eap_sim_process_challenge(struct eap_sm *sm,
                                            EAP_SIM_UNABLE_TO_PROCESS_PACKET);
        }
 
-       /* Old reauthentication and pseudonym identities must not be used
-        * anymore. In other words, if no new identities are received, full
-        * authentication will be used on next reauthentication. */
-       eap_sim_clear_identities(data, CLEAR_PSEUDONYM | CLEAR_REAUTH_ID |
-                                CLEAR_EAP_ID);
+       /* Old reauthentication identity must not be used anymore. In
+        * other words, if no new reauth identity is received, full
+        * authentication will be used on next reauthentication (using
+        * pseudonym identity or permanent identity). */
+       eap_sim_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
 
        if (attr->encr_data) {
                u8 *decrypted;