aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-02-03 03:37:14 (GMT)
committerJouni Malinen <j@w1.fi>2008-02-03 03:37:14 (GMT)
commit986aadcf6d3f21f5ff8a4dd649e84ba9ba05c3f7 (patch)
treeceeb66014c1334ae80979c46dcfbf38032152909 /src/eap_server
parentf6417bcf58bd6e3c0a231bc8b3ba450265e5a2fe (diff)
downloadhostap-history-986aadcf6d3f21f5ff8a4dd649e84ba9ba05c3f7.zip
hostap-history-986aadcf6d3f21f5ff8a4dd649e84ba9ba05c3f7.tar.gz
hostap-history-986aadcf6d3f21f5ff8a4dd649e84ba9ba05c3f7.tar.bz2
Include AT_ANY_ID_REQ in EAP-SIM/AKA start/identity per RFC recommendation
This identity request is not really needed if EAP-Response/Identity already includes the correct identity. However, since the RFC 4186/4187 recommend that the EAP identity is ignored, it is safer to do that here should some peer implementations behave incorrectly.
Diffstat (limited to 'src/eap_server')
-rw-r--r--src/eap_server/eap_aka.c8
-rw-r--r--src/eap_server/eap_sim.c7
2 files changed, 15 insertions, 0 deletions
diff --git a/src/eap_server/eap_aka.c b/src/eap_server/eap_aka.c
index df21a85..aba2c72 100644
--- a/src/eap_server/eap_aka.c
+++ b/src/eap_server/eap_aka.c
@@ -219,6 +219,14 @@ static struct wpabuf * eap_aka_build_identity(struct eap_sm *sm,
sm->identity_len)) {
wpa_printf(MSG_DEBUG, " AT_PERMANENT_ID_REQ");
eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0);
+ } else {
+ /*
+ * RFC 4187, Chap. 4.1.4 recommends that identity from EAP is
+ * ignored and the AKA/Identity is used to request the
+ * identity.
+ */
+ wpa_printf(MSG_DEBUG, " AT_ANY_ID_REQ");
+ eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
}
buf = eap_sim_msg_finish(msg, NULL, NULL, 0);
if (eap_aka_add_id_msg(data, buf) < 0) {
diff --git a/src/eap_server/eap_sim.c b/src/eap_server/eap_sim.c
index 40886b2..6abcd43 100644
--- a/src/eap_server/eap_sim.c
+++ b/src/eap_server/eap_sim.c
@@ -114,6 +114,13 @@ static struct wpabuf * eap_sim_build_start(struct eap_sm *sm,
sm->identity_len)) {
wpa_printf(MSG_DEBUG, " AT_PERMANENT_ID_REQ");
eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0);
+ } else {
+ /*
+ * RFC 4186, Chap. 4.2.4 recommends that identity from EAP is
+ * ignored and the SIM/Start is used to request the identity.
+ */
+ wpa_printf(MSG_DEBUG, " AT_ANY_ID_REQ");
+ eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
}
wpa_printf(MSG_DEBUG, " AT_VERSION_LIST");
ver[0] = 0;