Add an internal flag which indicates to tunneled EAP methods
(FAST, PEAP, TTLS) that they should cache decrypted EAP-SIM
requests. This allows EAP-SIM to be tunneled within these
outer methods while using an external SIM authenticator over
the control interface.
Signed-off-by: Paul Stewart <pstew@xxxxxxxxxx>
---
src/eap_peer/eap.c | 1 +
src/eap_peer/eap_config.h | 9 +++++++++
src/eap_peer/eap_fast.c | 3 ++-
src/eap_peer/eap_peap.c | 3 ++-
src/eap_peer/eap_ttls.c | 6 ++++--
wpa_supplicant/wpa_supplicant.c | 1 +
6 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 15584a478..bc90c7af9 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -2246,6 +2246,7 @@ static void eap_sm_request(struct eap_sm *sm, enum wpa_ctrl_req_type field,
config->pending_req_passphrase++;
break;
case WPA_CTRL_REQ_SIM:
+ config->pending_req_sim++;
txt = msg;
break;
case WPA_CTRL_REQ_EXT_CERT_CHECK:
diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
index f98007263..16521c3a1 100644
--- a/src/eap_peer/eap_config.h
+++ b/src/eap_peer/eap_config.h
@@ -628,6 +628,15 @@ struct eap_peer_config {
int pending_req_passphrase;
/**
+ * pending_req_sim - Pending SIM request
+ *
+ * This field should not be set in configuration step. It is only used
+ * internally when control interface is used to request needed
+ * information.
+ */
+ int pending_req_sim;
+
+ /**
* pending_req_otp - Whether there is a pending OTP request
*
* This field should not be set in configuration step. It is only used
diff --git a/src/eap_peer/eap_fast.c b/src/eap_peer/eap_fast.c
index 964ebe74f..6f2b2a257 100644
--- a/src/eap_peer/eap_fast.c
+++ b/src/eap_peer/eap_fast.c
@@ -484,7 +484,8 @@ static int eap_fast_phase2_request(struct eap_sm *sm,
if (*resp == NULL && config &&
(config->pending_req_identity || config->pending_req_password ||
- config->pending_req_otp || config->pending_req_new_password)) {
+ config->pending_req_otp || config->pending_req_new_password ||
+ config->pending_req_sim)) {
wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = wpabuf_alloc_copy(hdr, len);
} else if (*resp == NULL)
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index efeddb853..2d79f1c3b 100644
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -726,7 +726,8 @@ static int eap_peap_phase2_request(struct eap_sm *sm,
if (*resp == NULL &&
(config->pending_req_identity || config->pending_req_password ||
- config->pending_req_otp || config->pending_req_new_password)) {
+ config->pending_req_otp || config->pending_req_new_password ||
+ config->pending_req_sim)) {
wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = wpabuf_alloc_copy(hdr, len);
}
diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
index e4bc22fcc..618303981 100644
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@@ -1280,7 +1280,8 @@ static int eap_ttls_process_decrypted(struct eap_sm *sm,
} else if (config->pending_req_identity ||
config->pending_req_password ||
config->pending_req_otp ||
- config->pending_req_new_password) {
+ config->pending_req_new_password ||
+ config->pending_req_sim) {
wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = wpabuf_dup(in_decrypted);
}
@@ -1317,7 +1318,8 @@ static int eap_ttls_implicit_identity_request(struct eap_sm *sm,
(config->pending_req_identity ||
config->pending_req_password ||
config->pending_req_otp ||
- config->pending_req_new_password)) {
+ config->pending_req_new_password ||
+ config->pending_req_sim)) {
/*
* Use empty buffer to force implicit request
* processing when EAP request is re-processed after
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index f89a71a61..11bb7b93c 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -5974,6 +5974,7 @@ int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
case WPA_CTRL_REQ_SIM:
str_clear_free(eap->external_sim_resp);
eap->external_sim_resp = os_strdup(value);
+ eap->pending_req_sim = 0;
break;
case WPA_CTRL_REQ_PSK_PASSPHRASE:
if (wpa_config_set(ssid, "psk", value, 0) < 0)
--
2.11.0.483.g087da7b7c-goog
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
