EAP-AKA server: Fix fallback to full auth
Commit 68a41bbb44
broke fallback from
reauth id to fullauth id by not allowing a second AKA/Identity round to
be used after having received unrecognized reauth_id in the first round.
Fix this by allowing fullauth id to be requested in such a case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
c0810ddb3c
commit
9bb1025a2e
1 changed files with 11 additions and 0 deletions
|
@ -731,6 +731,17 @@ static void eap_aka_determine_identity(struct eap_sm *sm,
|
|||
return;
|
||||
}
|
||||
|
||||
if (((data->eap_method == EAP_TYPE_AKA_PRIME &&
|
||||
username[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX) ||
|
||||
(data->eap_method == EAP_TYPE_AKA &&
|
||||
username[0] == EAP_AKA_REAUTH_ID_PREFIX)) &&
|
||||
data->identity_round == 1) {
|
||||
/* Remain in IDENTITY state for another round to request full
|
||||
* auth identity since we did not recognize reauth id */
|
||||
os_free(username);
|
||||
return;
|
||||
}
|
||||
|
||||
if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
|
||||
username[0] == EAP_AKA_PRIME_PSEUDONYM_PREFIX) ||
|
||||
(data->eap_method == EAP_TYPE_AKA &&
|
||||
|
|
Loading…
Reference in a new issue