aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2017-02-10 16:54:20 (GMT)
committerJouni Malinen <j@w1.fi>2017-02-10 17:48:12 (GMT)
commit02156b98b7aa4fefbf93879897d4f7dfe7cfef25 (patch)
tree6661c28d466d0e87f1869b6b3c1703b1abd75a4c
parentf22bc11846ed2ffd419527022919d30e93ef3aca (diff)
downloadhostap-02156b98b7aa4fefbf93879897d4f7dfe7cfef25.zip
hostap-02156b98b7aa4fefbf93879897d4f7dfe7cfef25.tar.gz
hostap-02156b98b7aa4fefbf93879897d4f7dfe7cfef25.tar.bz2
EAP-AKA: Don't use anonymous identity in phase2
This adds the same changes to EAP-AKA that were previous done for EAP-SIM to allow functionality within an EAP-TTLS/PEAP/FAST tunnel without causing issues to the phase 1 identity string. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
-rw-r--r--src/eap_peer/eap_aka.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c
index 0bac62d..4188817 100644
--- a/src/eap_peer/eap_aka.c
+++ b/src/eap_peer/eap_aka.c
@@ -48,6 +48,7 @@ struct eap_aka_data {
struct wpabuf *id_msgs;
int prev_id;
int result_ind, use_result_ind;
+ int use_pseudonym;
u8 eap_method;
u8 *network_name;
size_t network_name_len;
@@ -101,7 +102,8 @@ static void * eap_aka_init(struct eap_sm *sm)
data->result_ind = phase1 && os_strstr(phase1, "result_ind=1") != NULL;
- if (config && config->anonymous_identity) {
+ data->use_pseudonym = !sm->init_phase2;
+ if (config && config->anonymous_identity && data->use_pseudonym) {
data->pseudonym = os_malloc(config->anonymous_identity_len);
if (data->pseudonym) {
os_memcpy(data->pseudonym, config->anonymous_identity,
@@ -350,7 +352,8 @@ static void eap_aka_clear_identities(struct eap_sm *sm,
os_free(data->pseudonym);
data->pseudonym = NULL;
data->pseudonym_len = 0;
- eap_set_anon_id(sm, NULL, 0);
+ if (data->use_pseudonym)
+ eap_set_anon_id(sm, NULL, 0);
}
if ((id & CLEAR_REAUTH_ID) && data->reauth_id) {
wpa_printf(MSG_DEBUG, "EAP-AKA: forgetting old reauth_id");
@@ -405,7 +408,9 @@ static int eap_aka_learn_ids(struct eap_sm *sm, struct eap_aka_data *data,
realm, realm_len);
}
data->pseudonym_len = attr->next_pseudonym_len + realm_len;
- eap_set_anon_id(sm, data->pseudonym, data->pseudonym_len);
+ if (data->use_pseudonym)
+ eap_set_anon_id(sm, data->pseudonym,
+ data->pseudonym_len);
}
if (attr->next_reauth_id) {