aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server/eap_server_sim.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2019-07-31 21:02:02 (GMT)
committerJouni Malinen <j@w1.fi>2019-08-01 07:36:11 (GMT)
commit6bb11c7a405616de9a2b3af395117ebe7bdc7047 (patch)
tree18da671f57314bee1c5d7e6614b146d3722de16c /src/eap_server/eap_server_sim.c
parentc1b2365214beacd834811fad2774e03177e008ce (diff)
downloadhostap-6bb11c7a405616de9a2b3af395117ebe7bdc7047.zip
hostap-6bb11c7a405616de9a2b3af395117ebe7bdc7047.tar.gz
hostap-6bb11c7a405616de9a2b3af395117ebe7bdc7047.tar.bz2
EAP-SIM/AKA server: Allow pseudonym/fast reauth to be disabled
The new hostapd configuration option eap_sim_id can now be used to disable use of pseudonym and/or fast reauthentication with EAP-SIM, EAP-AKA, and EAP-AKA'. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'src/eap_server/eap_server_sim.c')
-rw-r--r--src/eap_server/eap_server_sim.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/eap_server/eap_server_sim.c b/src/eap_server/eap_server_sim.c
index f8aa508..5243568 100644
--- a/src/eap_server/eap_server_sim.c
+++ b/src/eap_server/eap_server_sim.c
@@ -150,7 +150,10 @@ static int eap_sim_build_encr(struct eap_sm *sm, struct eap_sim_data *data,
const u8 *nonce_s)
{
os_free(data->next_pseudonym);
- if (nonce_s == NULL) {
+ if (!(sm->eap_sim_id & 0x01)) {
+ /* Use of pseudonyms disabled in configuration */
+ data->next_pseudonym = NULL;
+ } else if (!nonce_s) {
data->next_pseudonym =
eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv,
EAP_SIM_DB_SIM);
@@ -159,7 +162,10 @@ static int eap_sim_build_encr(struct eap_sm *sm, struct eap_sim_data *data,
data->next_pseudonym = NULL;
}
os_free(data->next_reauth_id);
- if (data->counter <= EAP_SIM_MAX_FAST_REAUTHS) {
+ if (!(sm->eap_sim_id & 0x02)) {
+ /* Use of fast reauth disabled in configuration */
+ data->next_reauth_id = NULL;
+ } else if (data->counter <= EAP_SIM_MAX_FAST_REAUTHS) {
data->next_reauth_id =
eap_sim_db_get_next_reauth_id(sm->eap_sim_db_priv,
EAP_SIM_DB_SIM);