From 9bb1025a2e95b010e1220519dae1721cfd0dbd70 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 8 Jan 2013 15:45:05 +0200 Subject: [PATCH] EAP-AKA server: Fix fallback to full auth Commit 68a41bbb44ac78087076ce65e6c1803d036bc4a2 broke fallback from reauth id to fullauth id by not allowing a second AKA/Identity round to be used after having received unrecognized reauth_id in the first round. Fix this by allowing fullauth id to be requested in such a case. Signed-hostap: Jouni Malinen --- src/eap_server/eap_server_aka.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c index 177b58dac..469b9a0fa 100644 --- a/src/eap_server/eap_server_aka.c +++ b/src/eap_server/eap_server_aka.c @@ -731,6 +731,17 @@ static void eap_aka_determine_identity(struct eap_sm *sm, return; } + if (((data->eap_method == EAP_TYPE_AKA_PRIME && + username[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX) || + (data->eap_method == EAP_TYPE_AKA && + username[0] == EAP_AKA_REAUTH_ID_PREFIX)) && + data->identity_round == 1) { + /* Remain in IDENTITY state for another round to request full + * auth identity since we did not recognize reauth id */ + os_free(username); + return; + } + if ((data->eap_method == EAP_TYPE_AKA_PRIME && username[0] == EAP_AKA_PRIME_PSEUDONYM_PREFIX) || (data->eap_method == EAP_TYPE_AKA &&