jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

EAP-AKA server: Fix fallback to full auth

Browse source 
Commit 68a41bbb44 broke fallback from
reauth id to fullauth id by not allowing a second AKA/Identity round to
be used after having received unrecognized reauth_id in the first round.
Fix this by allowing fullauth id to be requested in such a case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2013-01-08 15:45:05 +02:00 committed by Jouni Malinen
parent c0810ddb3c
commit 9bb1025a2e
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/eap_server/eap_server_aka.c
View file

@ -731,6 +731,17 @@ static void eap_aka_determine_identity(struct eap_sm *sm,
return; return;
} }
if (((data->eap_method == EAP_TYPE_AKA_PRIME &&
username[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX) ||
(data->eap_method == EAP_TYPE_AKA &&
username[0] == EAP_AKA_REAUTH_ID_PREFIX)) &&
data->identity_round == 1) {
/* Remain in IDENTITY state for another round to request full
* auth identity since we did not recognize reauth id */
os_free(username);
return;
}
if ((data->eap_method == EAP_TYPE_AKA_PRIME && if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
username[0] == EAP_AKA_PRIME_PSEUDONYM_PREFIX) || username[0] == EAP_AKA_PRIME_PSEUDONYM_PREFIX) ||
(data->eap_method == EAP_TYPE_AKA && (data->eap_method == EAP_TYPE_AKA &&