aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server/eap_server_aka.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2013-01-08 13:45:05 (GMT)
committerJouni Malinen <j@w1.fi>2013-01-08 13:45:05 (GMT)
commit9bb1025a2e95b010e1220519dae1721cfd0dbd70 (patch)
tree2112f3decbc455ea0e7239297b9cf6836d3066be /src/eap_server/eap_server_aka.c
parentc0810ddb3c905733bd3210d670a387af27e67f28 (diff)
downloadhostap-9bb1025a2e95b010e1220519dae1721cfd0dbd70.zip
hostap-9bb1025a2e95b010e1220519dae1721cfd0dbd70.tar.gz
hostap-9bb1025a2e95b010e1220519dae1721cfd0dbd70.tar.bz2
EAP-AKA server: Fix fallback to full auth
Commit 68a41bbb44ac78087076ce65e6c1803d036bc4a2 broke fallback from reauth id to fullauth id by not allowing a second AKA/Identity round to be used after having received unrecognized reauth_id in the first round. Fix this by allowing fullauth id to be requested in such a case. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src/eap_server/eap_server_aka.c')
-rw-r--r--src/eap_server/eap_server_aka.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c
index 177b58d..469b9a0 100644
--- a/src/eap_server/eap_server_aka.c
+++ b/src/eap_server/eap_server_aka.c
@@ -731,6 +731,17 @@ static void eap_aka_determine_identity(struct eap_sm *sm,
return;
}
+ if (((data->eap_method == EAP_TYPE_AKA_PRIME &&
+ username[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX) ||
+ (data->eap_method == EAP_TYPE_AKA &&
+ username[0] == EAP_AKA_REAUTH_ID_PREFIX)) &&
+ data->identity_round == 1) {
+ /* Remain in IDENTITY state for another round to request full
+ * auth identity since we did not recognize reauth id */
+ os_free(username);
+ return;
+ }
+
if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
username[0] == EAP_AKA_PRIME_PSEUDONYM_PREFIX) ||
(data->eap_method == EAP_TYPE_AKA &&