]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
Fix 3gpp_temporary_id to use request.EAP-Type
authorArran Cudbard-Bell <a.cudbardb@freeradius.org>
Sat, 10 Apr 2021 00:02:12 +0000 (01:02 +0100)
committerArran Cudbard-Bell <a.cudbardb@freeradius.org>
Sat, 10 Apr 2021 00:02:12 +0000 (01:02 +0100)
src/lib/eap_aka_sim/xlat.c

index ad38c06d5c2bb937d58c1073ee14a3a37321bf8c..c5acace2a8e47bf3be2197ef1dd2454d0d7cf1c3 100644 (file)
@@ -238,6 +238,7 @@ static xlat_action_t aka_sim_3gpp_temporary_id_decrypt_xlat(TALLOC_CTX *ctx, fr_
        size_t          key_len = key_vb->vb_length;
 
        fr_value_box_t  *vb;
+       fr_pair_t       *eap_type;
 
        if (id_len != (AKA_SIM_3GPP_PSEUDONYM_LEN)) {
                REDEBUG2("3gpp pseudonym incorrect length, expected %i bytes, got %zu bytes",
@@ -251,26 +252,43 @@ static xlat_action_t aka_sim_3gpp_temporary_id_decrypt_xlat(TALLOC_CTX *ctx, fr_
                goto error;
        }
 
-       tag = fr_aka_sim_id_3gpp_pseudonym_tag(id);
-       switch (tag) {
-       case ID_TAG_SIM_PSEUDONYM_B64:
-       case ID_TAG_SIM_FASTAUTH_B64:
-               out_tag = ID_TAG_SIM_PERMANENT;
-               break;
+       /*
+        *      Figure out what tag we should add to the permanent id
+        */
+       eap_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_type);
+       if (eap_type) {
+               if (eap_type->vp_uint32 == enum_eap_type_sim->vb_uint32) {
+                       out_tag = ID_TAG_SIM_PERMANENT;
+               } else if (eap_type->vp_uint32 == enum_eap_type_aka->vb_uint32) {
+                       out_tag = ID_TAG_AKA_PERMANENT;
+               } else if (eap_type->vp_uint32 == enum_eap_type_aka_prime->vb_uint32) {
+                       out_tag = ID_TAG_AKA_PRIME_PERMANENT;
+               } else {
+                       goto use_existing_tag;
+               }
+       } else {
+       use_existing_tag:
+               tag = fr_aka_sim_id_3gpp_pseudonym_tag(id);
+               switch (tag) {
+               case ID_TAG_SIM_PSEUDONYM_B64:
+               case ID_TAG_SIM_FASTAUTH_B64:
+                       out_tag = ID_TAG_SIM_PERMANENT;
+                       break;
 
-       case ID_TAG_AKA_PSEUDONYM_B64:
-       case ID_TAG_AKA_FASTAUTH_B64:
-               out_tag = ID_TAG_AKA_PERMANENT;
-               break;
+               case ID_TAG_AKA_PSEUDONYM_B64:
+               case ID_TAG_AKA_FASTAUTH_B64:
+                       out_tag = ID_TAG_AKA_PERMANENT;
+                       break;
 
-       case ID_TAG_AKA_PRIME_PSEUDONYM_B64:
-       case ID_TAG_AKA_PRIME_FASTAUTH_B64:
-               out_tag = ID_TAG_AKA_PRIME_PERMANENT;
-               break;
+               case ID_TAG_AKA_PRIME_PSEUDONYM_B64:
+               case ID_TAG_AKA_PRIME_FASTAUTH_B64:
+                       out_tag = ID_TAG_AKA_PRIME_PERMANENT;
+                       break;
 
-       default:
-               REDEBUG2("Unexpected tag value (%u) in AKA/SIM Id \"%pV\"", tag, fr_box_strvalue_len(id, id_len));
-               goto error;
+               default:
+                       REDEBUG2("Unexpected tag value (%u) in AKA/SIM Id \"%pV\"", tag, fr_box_strvalue_len(id, id_len));
+                       goto error;
+               }
        }
 
        RDEBUG2("Decrypting \"%pV\"", fr_box_strvalue_len(id, id_len));
@@ -415,14 +433,14 @@ static xlat_action_t aka_sim_3gpp_temporary_id_encrypt_xlat(TALLOC_CTX *ctx, fr_
                id_p = id + 1;
                id_end = (id_p + id_len) - 1;
        /*
-        *      ID lacks a hint byte, figure it out from &control.EAP-Type
+        *      ID lacks a hint byte, figure it out from &request.EAP-Type
         */
        } else if ((id_len >= AKA_SIM_IMSI_MIN_LEN) && (id_len <= AKA_SIM_IMSI_MAX_LEN)) {
                fr_pair_t *eap_type;
 
-               eap_type = fr_pair_find_by_da(&request->control_pairs, attr_eap_type);
+               eap_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_type);
                if (!eap_type) {
-                       REDEBUG("SIM ID does not contain method hint, and no &control.EAP-Type found.  "
+                       REDEBUG("SIM ID does not contain method hint, and no &request.EAP-Type found.  "
                                "Don't know what tag to prepend to encrypted identity");
                        goto error;
                }
@@ -434,7 +452,7 @@ static xlat_action_t aka_sim_3gpp_temporary_id_encrypt_xlat(TALLOC_CTX *ctx, fr_
                } else if (eap_type->vp_uint32 == enum_eap_type_aka_prime->vb_uint32) {
                        tag = !fastauth ? ID_TAG_AKA_PRIME_PSEUDONYM_B64 : ID_TAG_AKA_PRIME_FASTAUTH_B64;
                } else {
-                       REDEBUG("&control.EAP-Type does not match a SIM based EAP-Type (SIM, AKA, AKA-Prime)");
+                       REDEBUG("&request.EAP-Type does not match a SIM based EAP-Type (SIM, AKA, AKA-Prime)");
                }
 
                id_p = id;