From: Arran Cudbard-Bell Date: Sat, 10 Apr 2021 00:02:12 +0000 (+0100) Subject: Fix 3gpp_temporary_id to use request.EAP-Type X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=816e31efc1d8a3a7aaf1a84afb060167f2b09602;p=thirdparty%2Ffreeradius-server.git Fix 3gpp_temporary_id to use request.EAP-Type --- diff --git a/src/lib/eap_aka_sim/xlat.c b/src/lib/eap_aka_sim/xlat.c index ad38c06d5c2..c5acace2a8e 100644 --- a/src/lib/eap_aka_sim/xlat.c +++ b/src/lib/eap_aka_sim/xlat.c @@ -238,6 +238,7 @@ static xlat_action_t aka_sim_3gpp_temporary_id_decrypt_xlat(TALLOC_CTX *ctx, fr_ size_t key_len = key_vb->vb_length; fr_value_box_t *vb; + fr_pair_t *eap_type; if (id_len != (AKA_SIM_3GPP_PSEUDONYM_LEN)) { REDEBUG2("3gpp pseudonym incorrect length, expected %i bytes, got %zu bytes", @@ -251,26 +252,43 @@ static xlat_action_t aka_sim_3gpp_temporary_id_decrypt_xlat(TALLOC_CTX *ctx, fr_ goto error; } - tag = fr_aka_sim_id_3gpp_pseudonym_tag(id); - switch (tag) { - case ID_TAG_SIM_PSEUDONYM_B64: - case ID_TAG_SIM_FASTAUTH_B64: - out_tag = ID_TAG_SIM_PERMANENT; - break; + /* + * Figure out what tag we should add to the permanent id + */ + eap_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_type); + if (eap_type) { + if (eap_type->vp_uint32 == enum_eap_type_sim->vb_uint32) { + out_tag = ID_TAG_SIM_PERMANENT; + } else if (eap_type->vp_uint32 == enum_eap_type_aka->vb_uint32) { + out_tag = ID_TAG_AKA_PERMANENT; + } else if (eap_type->vp_uint32 == enum_eap_type_aka_prime->vb_uint32) { + out_tag = ID_TAG_AKA_PRIME_PERMANENT; + } else { + goto use_existing_tag; + } + } else { + use_existing_tag: + tag = fr_aka_sim_id_3gpp_pseudonym_tag(id); + switch (tag) { + case ID_TAG_SIM_PSEUDONYM_B64: + case ID_TAG_SIM_FASTAUTH_B64: + out_tag = ID_TAG_SIM_PERMANENT; + break; - case ID_TAG_AKA_PSEUDONYM_B64: - case ID_TAG_AKA_FASTAUTH_B64: - out_tag = ID_TAG_AKA_PERMANENT; - break; + case ID_TAG_AKA_PSEUDONYM_B64: + case ID_TAG_AKA_FASTAUTH_B64: + out_tag = ID_TAG_AKA_PERMANENT; + break; - case ID_TAG_AKA_PRIME_PSEUDONYM_B64: - case ID_TAG_AKA_PRIME_FASTAUTH_B64: - out_tag = ID_TAG_AKA_PRIME_PERMANENT; - break; + case ID_TAG_AKA_PRIME_PSEUDONYM_B64: + case ID_TAG_AKA_PRIME_FASTAUTH_B64: + out_tag = ID_TAG_AKA_PRIME_PERMANENT; + break; - default: - REDEBUG2("Unexpected tag value (%u) in AKA/SIM Id \"%pV\"", tag, fr_box_strvalue_len(id, id_len)); - goto error; + default: + REDEBUG2("Unexpected tag value (%u) in AKA/SIM Id \"%pV\"", tag, fr_box_strvalue_len(id, id_len)); + goto error; + } } RDEBUG2("Decrypting \"%pV\"", fr_box_strvalue_len(id, id_len)); @@ -415,14 +433,14 @@ static xlat_action_t aka_sim_3gpp_temporary_id_encrypt_xlat(TALLOC_CTX *ctx, fr_ id_p = id + 1; id_end = (id_p + id_len) - 1; /* - * ID lacks a hint byte, figure it out from &control.EAP-Type + * ID lacks a hint byte, figure it out from &request.EAP-Type */ } else if ((id_len >= AKA_SIM_IMSI_MIN_LEN) && (id_len <= AKA_SIM_IMSI_MAX_LEN)) { fr_pair_t *eap_type; - eap_type = fr_pair_find_by_da(&request->control_pairs, attr_eap_type); + eap_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_type); if (!eap_type) { - REDEBUG("SIM ID does not contain method hint, and no &control.EAP-Type found. " + REDEBUG("SIM ID does not contain method hint, and no &request.EAP-Type found. " "Don't know what tag to prepend to encrypted identity"); goto error; } @@ -434,7 +452,7 @@ static xlat_action_t aka_sim_3gpp_temporary_id_encrypt_xlat(TALLOC_CTX *ctx, fr_ } else if (eap_type->vp_uint32 == enum_eap_type_aka_prime->vb_uint32) { tag = !fastauth ? ID_TAG_AKA_PRIME_PSEUDONYM_B64 : ID_TAG_AKA_PRIME_FASTAUTH_B64; } else { - REDEBUG("&control.EAP-Type does not match a SIM based EAP-Type (SIM, AKA, AKA-Prime)"); + REDEBUG("&request.EAP-Type does not match a SIM based EAP-Type (SIM, AKA, AKA-Prime)"); } id_p = id;