Accueil Explorer Aide
S'inscrire Connexion
wareck
/
krackattacks
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

EAP-SIM server: Use simpler SIM/Start identity request determination

There is no need to use eap_sim_db_identity_known() here since a new
SIM/Start message is built only if the identity in the previous response
was not recognized. The first round will always request AT_ANY_ID_REQ to
meet the RFC 4186 recommendation on EAP method specific identity request
being used.

Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen il y a 12 ans
Parent
e87982ea4c
commit
336a46aeda
1 fichiers modifiés avec 15 ajouts et 15 suppressions
Vue séparée Afficher les stats Diff
  1. 15 15
      src/eap_server/eap_server_sim.c

+ 15 - 15
src/eap_server/eap_server_sim.c
Voir le fichier 

@@ -1,6 +1,6 @@
 
 /*
 
  * hostapd / EAP-SIM (RFC 4186)
 
- * Copyright (c) 2005-2008, Jouni Malinen <j@w1.fi>
 
+ * Copyright (c) 2005-2012, Jouni Malinen <j@w1.fi>
 
  *
 
  * This software may be distributed under the terms of the BSD license.
 
  * See README for more details.
 
@@ -36,6 +36,7 @@ struct eap_sim_data {
 
 	struct eap_sim_reauth *reauth;
 
 	u16 notification;
 
 	int use_result_ind;
 
+	int start_round;
 
 };
 
 
 
@@ -105,26 +106,25 @@ static struct wpabuf * eap_sim_build_start(struct eap_sm *sm,
 
 	wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Start");
 
 	msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_SIM,
 
 			       EAP_SIM_SUBTYPE_START);
 
-	if (eap_sim_db_identity_known(sm->eap_sim_db_priv, sm->identity,
 
-				      sm->identity_len)) {
 
-		if (sm->identity_len > 0 &&
 
-		    sm->identity[0] == EAP_SIM_REAUTH_ID_PREFIX) {
 
-			/* Reauth id may have expired - try fullauth */
 
-			wpa_printf(MSG_DEBUG, "   AT_FULLAUTH_ID_REQ");
 
-			eap_sim_msg_add(msg, EAP_SIM_AT_FULLAUTH_ID_REQ, 0,
 
-					NULL, 0);
 
-		} else {
 
-			wpa_printf(MSG_DEBUG, "   AT_PERMANENT_ID_REQ");
 
-			eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0,
 
-					NULL, 0);
 
-		}
 
-	} else {
 
+	data->start_round++;
 
+	if (data->start_round == 1) {
 
 		/*
 
 		 * RFC 4186, Chap. 4.2.4 recommends that identity from EAP is
 
 		 * ignored and the SIM/Start is used to request the identity.
 
 		 */
 
 		wpa_printf(MSG_DEBUG, "   AT_ANY_ID_REQ");
 
 		eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
 
+	} else if (data->start_round > 3) {
 
+		/* Cannot use more than three rounds of Start messages */
 
+		return NULL;
 
+	} else if (sm->identity && sm->identity_len > 0 &&
 
+		   sm->identity[0] == EAP_SIM_REAUTH_ID_PREFIX) {
 
+		/* Reauth id may have expired - try fullauth */
 
+		wpa_printf(MSG_DEBUG, "   AT_FULLAUTH_ID_REQ");
 
+		eap_sim_msg_add(msg, EAP_SIM_AT_FULLAUTH_ID_REQ, 0, NULL, 0);
 
+	} else {
 
+		wpa_printf(MSG_DEBUG, "   AT_PERMANENT_ID_REQ");
 
+		eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0);
 
 	}
 
 	wpa_printf(MSG_DEBUG, "   AT_VERSION_LIST");
 
 	ver[0] = 0;