From: Paul Stewart Date: Thu, 9 Feb 2017 00:46:41 +0000 (-0800) Subject: EAP peer: Cache decrypted requests for EAP-SIM/AKA/AKA' X-Git-Tag: hostap_2_7~1629 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed9b1c16d5278b69790b636d6e98ed22ef520923;p=thirdparty%2Fhostap.git EAP peer: Cache decrypted requests for EAP-SIM/AKA/AKA' Add an internal flag which indicates to tunneled EAP methods (FAST, PEAP, TTLS) that they should cache decrypted EAP-SIM/AKA/AKA' requests. This allows EAP-SIM/AKA/AKA' to be tunneled within these outer methods while using an external SIM authenticator over the control interface. Signed-off-by: Paul Stewart --- diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c index 15584a478..bc90c7af9 100644 --- a/src/eap_peer/eap.c +++ b/src/eap_peer/eap.c @@ -2246,6 +2246,7 @@ static void eap_sm_request(struct eap_sm *sm, enum wpa_ctrl_req_type field, config->pending_req_passphrase++; break; case WPA_CTRL_REQ_SIM: + config->pending_req_sim++; txt = msg; break; case WPA_CTRL_REQ_EXT_CERT_CHECK: diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h index f98007263..16521c3a1 100644 --- a/src/eap_peer/eap_config.h +++ b/src/eap_peer/eap_config.h @@ -627,6 +627,15 @@ struct eap_peer_config { */ int pending_req_passphrase; + /** + * pending_req_sim - Pending SIM request + * + * This field should not be set in configuration step. It is only used + * internally when control interface is used to request needed + * information. + */ + int pending_req_sim; + /** * pending_req_otp - Whether there is a pending OTP request * diff --git a/src/eap_peer/eap_fast.c b/src/eap_peer/eap_fast.c index 964ebe74f..6f2b2a257 100644 --- a/src/eap_peer/eap_fast.c +++ b/src/eap_peer/eap_fast.c @@ -484,7 +484,8 @@ static int eap_fast_phase2_request(struct eap_sm *sm, if (*resp == NULL && config && (config->pending_req_identity || config->pending_req_password || - config->pending_req_otp || config->pending_req_new_password)) { + config->pending_req_otp || config->pending_req_new_password || + config->pending_req_sim)) { wpabuf_free(data->pending_phase2_req); data->pending_phase2_req = wpabuf_alloc_copy(hdr, len); } else if (*resp == NULL) diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c index efeddb853..2d79f1c3b 100644 --- a/src/eap_peer/eap_peap.c +++ b/src/eap_peer/eap_peap.c @@ -726,7 +726,8 @@ static int eap_peap_phase2_request(struct eap_sm *sm, if (*resp == NULL && (config->pending_req_identity || config->pending_req_password || - config->pending_req_otp || config->pending_req_new_password)) { + config->pending_req_otp || config->pending_req_new_password || + config->pending_req_sim)) { wpabuf_free(data->pending_phase2_req); data->pending_phase2_req = wpabuf_alloc_copy(hdr, len); } diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c index e4bc22fcc..ea4946ab5 100644 --- a/src/eap_peer/eap_ttls.c +++ b/src/eap_peer/eap_ttls.c @@ -458,7 +458,7 @@ static int eap_ttls_phase2_request_eap(struct eap_sm *sm, if (*resp == NULL && (config->pending_req_identity || config->pending_req_password || - config->pending_req_otp)) { + config->pending_req_otp || config->pending_req_sim)) { return 0; } @@ -1280,7 +1280,8 @@ static int eap_ttls_process_decrypted(struct eap_sm *sm, } else if (config->pending_req_identity || config->pending_req_password || config->pending_req_otp || - config->pending_req_new_password) { + config->pending_req_new_password || + config->pending_req_sim) { wpabuf_free(data->pending_phase2_req); data->pending_phase2_req = wpabuf_dup(in_decrypted); } @@ -1317,7 +1318,8 @@ static int eap_ttls_implicit_identity_request(struct eap_sm *sm, (config->pending_req_identity || config->pending_req_password || config->pending_req_otp || - config->pending_req_new_password)) { + config->pending_req_new_password || + config->pending_req_sim)) { /* * Use empty buffer to force implicit request * processing when EAP request is re-processed after diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index f89a71a61..11bb7b93c 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -5974,6 +5974,7 @@ int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s, case WPA_CTRL_REQ_SIM: str_clear_free(eap->external_sim_resp); eap->external_sim_resp = os_strdup(value); + eap->pending_req_sim = 0; break; case WPA_CTRL_REQ_PSK_PASSPHRASE: if (wpa_config_set(ssid, "psk", value, 0) < 0)