Snap for 5801051 from ef6ae566f2444bff52e4b3f009f8d0be4976019d to qt-c2f2-release
Change-Id: I55ab1bd89b19932d1326f0da9f997d0973d4ec2d
diff --git a/src/eap_common/eap_sim_common.c b/src/eap_common/eap_sim_common.c
index 6290c35..cfdd1bf 100644
--- a/src/eap_common/eap_sim_common.c
+++ b/src/eap_common/eap_sim_common.c
@@ -1203,3 +1203,19 @@
}
}
}
+
+
+int eap_sim_anonymous_username(const u8 *id, size_t id_len)
+{
+ static const char *anonymous_id_prefix = "anonymous@";
+ size_t anonymous_id_len = os_strlen(anonymous_id_prefix);
+
+ if (id_len > anonymous_id_len &&
+ os_memcmp(id, anonymous_id_prefix, anonymous_id_len) == 0)
+ return 1; /* 'anonymous@realm' */
+
+ if (id_len > 1 && id[0] == '@')
+ return 1; /* '@realm' */
+
+ return 0;
+}
diff --git a/src/eap_common/eap_sim_common.h b/src/eap_common/eap_sim_common.h
index daeb0e2..7142b94 100644
--- a/src/eap_common/eap_sim_common.h
+++ b/src/eap_common/eap_sim_common.h
@@ -226,5 +226,6 @@
int attr_pad);
void eap_sim_report_notification(void *msg_ctx, int notification, int aka);
+int eap_sim_anonymous_username(const u8 *id, size_t id_len);
#endif /* EAP_SIM_COMMON_H */
diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c
index a96a39f..ff88cf8 100644
--- a/src/eap_peer/eap_aka.c
+++ b/src/eap_peer/eap_aka.c
@@ -57,7 +57,6 @@
u16 last_kdf_attrs[EAP_AKA_PRIME_KDF_MAX];
size_t last_kdf_count;
int error_code;
- int anonymous_flag;
};
@@ -94,7 +93,6 @@
struct eap_aka_data *data;
const char *phase1 = eap_get_config_phase1(sm);
struct eap_peer_config *config = eap_get_config(sm);
- static const char *anonymous_id_prefix = "anonymous@";
data = os_zalloc(sizeof(*data));
if (data == NULL)
@@ -109,7 +107,6 @@
data->prev_id = -1;
data->result_ind = phase1 && os_strstr(phase1, "result_ind=1") != NULL;
- data->anonymous_flag = 0;
data->use_pseudonym = !sm->init_phase2;
if (config && config->anonymous_identity && data->use_pseudonym) {
@@ -118,13 +115,6 @@
os_memcpy(data->pseudonym, config->anonymous_identity,
config->anonymous_identity_len);
data->pseudonym_len = config->anonymous_identity_len;
- if (data->pseudonym_len > os_strlen(anonymous_id_prefix) &&
- !os_memcmp(data->pseudonym, anonymous_id_prefix,
- os_strlen(anonymous_id_prefix))) {
- data->anonymous_flag = 1;
- wpa_printf(MSG_DEBUG,
- "EAP-AKA: Setting anonymous@realm flag");
- }
}
}
@@ -427,7 +417,6 @@
if (data->use_pseudonym)
eap_set_anon_id(sm, data->pseudonym,
data->pseudonym_len);
- data->anonymous_flag = 0;
}
if (attr->next_reauth_id) {
@@ -633,15 +622,22 @@
identity_len = data->reauth_id_len;
data->reauth = 1;
} else if ((id_req == ANY_ID || id_req == FULLAUTH_ID) &&
- data->pseudonym && !data->anonymous_flag) {
+ data->pseudonym &&
+ !eap_sim_anonymous_username(data->pseudonym,
+ data->pseudonym_len)) {
identity = data->pseudonym;
identity_len = data->pseudonym_len;
eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID);
} else if (id_req != NO_ID_REQ) {
identity = eap_get_config_identity(sm, &identity_len);
if (identity) {
- eap_aka_clear_identities(sm, data, CLEAR_PSEUDONYM |
- CLEAR_REAUTH_ID);
+ int ids = CLEAR_PSEUDONYM | CLEAR_REAUTH_ID;
+
+ if (data->pseudonym &&
+ eap_sim_anonymous_username(data->pseudonym,
+ data->pseudonym_len))
+ ids &= ~CLEAR_PSEUDONYM;
+ eap_aka_clear_identities(sm, data, ids);
}
}
if (id_req != NO_ID_REQ)
@@ -1037,7 +1033,9 @@
if (data->last_eap_identity) {
identity = data->last_eap_identity;
identity_len = data->last_eap_identity_len;
- } else if (data->pseudonym && !data->anonymous_flag) {
+ } else if (data->pseudonym &&
+ !eap_sim_anonymous_username(data->pseudonym,
+ data->pseudonym_len)) {
identity = data->pseudonym;
identity_len = data->pseudonym_len;
} else {
diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index 6989aa8..b5811a8 100644
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -48,7 +48,6 @@
int result_ind, use_result_ind;
int use_pseudonym;
int error_code;
- int anonymous_flag;
};
@@ -84,7 +83,6 @@
{
struct eap_sim_data *data;
struct eap_peer_config *config = eap_get_config(sm);
- static const char *anonymous_id_prefix = "anonymous@";
data = os_zalloc(sizeof(*data));
if (data == NULL)
@@ -99,7 +97,7 @@
/* Zero is a valid error code, so we need to initialize */
data->error_code = NO_EAP_METHOD_ERROR;
- data->anonymous_flag = 0;
+
data->min_num_chal = 2;
if (config && config->phase1) {
char *pos = os_strstr(config->phase1, "sim_min_num_chal=");
@@ -129,14 +127,6 @@
os_memcpy(data->pseudonym, config->anonymous_identity,
config->anonymous_identity_len);
data->pseudonym_len = config->anonymous_identity_len;
- if (data->pseudonym_len > os_strlen(anonymous_id_prefix) &&
- !os_memcmp(data->pseudonym, anonymous_id_prefix,
- os_strlen(anonymous_id_prefix))) {
- data->anonymous_flag = 1;
- wpa_printf(MSG_DEBUG,
- "EAP-SIM: Setting anonymous@realm flag");
- }
-
}
}
@@ -447,7 +437,6 @@
if (data->use_pseudonym)
eap_set_anon_id(sm, data->pseudonym,
data->pseudonym_len);
- data->anonymous_flag = 0;
}
if (attr->next_reauth_id) {
@@ -503,15 +492,22 @@
identity_len = data->reauth_id_len;
data->reauth = 1;
} else if ((id_req == ANY_ID || id_req == FULLAUTH_ID) &&
- data->pseudonym && !data->anonymous_flag) {
+ data->pseudonym &&
+ !eap_sim_anonymous_username(data->pseudonym,
+ data->pseudonym_len)) {
identity = data->pseudonym;
identity_len = data->pseudonym_len;
eap_sim_clear_identities(sm, data, CLEAR_REAUTH_ID);
} else if (id_req != NO_ID_REQ) {
identity = eap_get_config_identity(sm, &identity_len);
if (identity) {
- eap_sim_clear_identities(sm, data, CLEAR_PSEUDONYM |
- CLEAR_REAUTH_ID);
+ int ids = CLEAR_PSEUDONYM | CLEAR_REAUTH_ID;
+
+ if (data->pseudonym &&
+ eap_sim_anonymous_username(data->pseudonym,
+ data->pseudonym_len))
+ ids &= ~CLEAR_PSEUDONYM;
+ eap_sim_clear_identities(sm, data, ids);
}
}
if (id_req != NO_ID_REQ)
@@ -779,7 +775,9 @@
if (data->last_eap_identity) {
identity = data->last_eap_identity;
identity_len = data->last_eap_identity_len;
- } else if (data->pseudonym && !data->anonymous_flag) {
+ } else if (data->pseudonym &&
+ !eap_sim_anonymous_username(data->pseudonym,
+ data->pseudonym_len)) {
identity = data->pseudonym;
identity_len = data->pseudonym_len;
} else {
