EAP-SIM server: Use simpler SIM/Start identity request determination

There is no need to use eap_sim_db_identity_known() here since a new
SIM/Start message is built only if the identity in the previous response
was not recognized. The first round will always request AT_ANY_ID_REQ to
meet the RFC 4186 recommendation on EAP method specific identity request
being used.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2012-09-01 18:51:09 +03:00
parent e87982ea4c
commit 336a46aeda

View file

@ -1,6 +1,6 @@
/* /*
* hostapd / EAP-SIM (RFC 4186) * hostapd / EAP-SIM (RFC 4186)
* Copyright (c) 2005-2008, Jouni Malinen <j@w1.fi> * Copyright (c) 2005-2012, Jouni Malinen <j@w1.fi>
* *
* This software may be distributed under the terms of the BSD license. * This software may be distributed under the terms of the BSD license.
* See README for more details. * See README for more details.
@ -36,6 +36,7 @@ struct eap_sim_data {
struct eap_sim_reauth *reauth; struct eap_sim_reauth *reauth;
u16 notification; u16 notification;
int use_result_ind; int use_result_ind;
int start_round;
}; };
@ -105,26 +106,25 @@ static struct wpabuf * eap_sim_build_start(struct eap_sm *sm,
wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Start"); wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Start");
msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_SIM, msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_SIM,
EAP_SIM_SUBTYPE_START); EAP_SIM_SUBTYPE_START);
if (eap_sim_db_identity_known(sm->eap_sim_db_priv, sm->identity, data->start_round++;
sm->identity_len)) { if (data->start_round == 1) {
if (sm->identity_len > 0 &&
sm->identity[0] == EAP_SIM_REAUTH_ID_PREFIX) {
/* Reauth id may have expired - try fullauth */
wpa_printf(MSG_DEBUG, " AT_FULLAUTH_ID_REQ");
eap_sim_msg_add(msg, EAP_SIM_AT_FULLAUTH_ID_REQ, 0,
NULL, 0);
} else {
wpa_printf(MSG_DEBUG, " AT_PERMANENT_ID_REQ");
eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0,
NULL, 0);
}
} else {
/* /*
* RFC 4186, Chap. 4.2.4 recommends that identity from EAP is * RFC 4186, Chap. 4.2.4 recommends that identity from EAP is
* ignored and the SIM/Start is used to request the identity. * ignored and the SIM/Start is used to request the identity.
*/ */
wpa_printf(MSG_DEBUG, " AT_ANY_ID_REQ"); wpa_printf(MSG_DEBUG, " AT_ANY_ID_REQ");
eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0); eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
} else if (data->start_round > 3) {
/* Cannot use more than three rounds of Start messages */
return NULL;
} else if (sm->identity && sm->identity_len > 0 &&
sm->identity[0] == EAP_SIM_REAUTH_ID_PREFIX) {
/* Reauth id may have expired - try fullauth */
wpa_printf(MSG_DEBUG, " AT_FULLAUTH_ID_REQ");
eap_sim_msg_add(msg, EAP_SIM_AT_FULLAUTH_ID_REQ, 0, NULL, 0);
} else {
wpa_printf(MSG_DEBUG, " AT_PERMANENT_ID_REQ");
eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0);
} }
wpa_printf(MSG_DEBUG, " AT_VERSION_LIST"); wpa_printf(MSG_DEBUG, " AT_VERSION_LIST");
ver[0] = 0; ver[0] = 0;