aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2016-03-11 18:18:51 (GMT)
committerJouni Malinen <j@w1.fi>2016-03-11 19:06:15 (GMT)
commitc6c29be1bdc56bfd3a748f06063b1ba0aa80dc94 (patch)
tree1ec18372631d97c37b0f8cad13fa84acdc4a7d66
parent8b29661192a86f56d78160cf176f3426fa37400e (diff)
downloadhostap-c6c29be1bdc56bfd3a748f06063b1ba0aa80dc94.zip
hostap-c6c29be1bdc56bfd3a748f06063b1ba0aa80dc94.tar.gz
hostap-c6c29be1bdc56bfd3a748f06063b1ba0aa80dc94.tar.bz2
Interworking: Add credential realm to EAP-TLS identity
If the configured credential includes a username without '@' (i.e., no realm) in it and a realm, combine these to form the EAP-Request/Identity value as "<username>@<realm>" for EAP-TLS. This was already done for EAP-TTLS as part of the anonymous NAI conversion, but EAP-TLS could have ended up using a username without any realm information which would be unlikely to work properly with roaming cases. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
-rw-r--r--wpa_supplicant/interworking.c19
1 files changed, 18 insertions, 1 deletions
diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
index 9df1607..589ee57 100644
--- a/wpa_supplicant/interworking.c
+++ b/wpa_supplicant/interworking.c
@@ -1451,7 +1451,24 @@ static int interworking_set_eap_params(struct wpa_ssid *ssid,
os_free(anon);
}
- if (cred->username && cred->username[0] &&
+ if (!ttls && cred->username && cred->username[0] && cred->realm &&
+ !os_strchr(cred->username, '@')) {
+ char *id;
+ size_t buflen;
+ int res;
+
+ buflen = os_strlen(cred->username) + 1 +
+ os_strlen(cred->realm) + 1;
+
+ id = os_malloc(buflen);
+ if (!id)
+ return -1;
+ os_snprintf(id, buflen, "%s@%s", cred->username, cred->realm);
+ res = wpa_config_set_quoted(ssid, "identity", id);
+ os_free(id);
+ if (res < 0)
+ return -1;
+ } else if (cred->username && cred->username[0] &&
wpa_config_set_quoted(ssid, "identity", cred->username) < 0)
return -1;