From 79fec6a92d69654af8b90715e7fd41e49238bbfa Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Fri, 14 Dec 2018 15:56:16 +0200
Subject: [PATCH] EAP: Make method and IMSI available from server structures

Expose EAP method and IMSI from the completed (or ongoing) EAP
authentication session. These are needed for implementing Hotspot 2.0
SIM provisioning.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
 src/eap_server/eap.h            |  2 ++
 src/eap_server/eap_i.h          |  1 +
 src/eap_server/eap_server.c     | 26 ++++++++++++++++++++++++++
 src/eap_server/eap_server_aka.c |  4 ++++
 src/eap_server/eap_server_sim.c |  3 +++
 5 files changed, 36 insertions(+)

diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h
index 4fbc661c2..45e1212cf 100644
--- a/src/eap_server/eap.h
+++ b/src/eap_server/eap.h
@@ -153,6 +153,8 @@ void eap_sm_pending_cb(struct eap_sm *sm);
 int eap_sm_method_pending(struct eap_sm *sm);
 const u8 * eap_get_identity(struct eap_sm *sm, size_t *len);
 const char * eap_get_serial_num(struct eap_sm *sm);
+const char * eap_get_method(struct eap_sm *sm);
+const char * eap_get_imsi(struct eap_sm *sm);
 struct eap_eapol_interface * eap_get_interface(struct eap_sm *sm);
 void eap_server_clear_identity(struct eap_sm *sm);
 void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
diff --git a/src/eap_server/eap_i.h b/src/eap_server/eap_i.h
index cf8a9f0d9..1cade10be 100644
--- a/src/eap_server/eap_i.h
+++ b/src/eap_server/eap_i.h
@@ -160,6 +160,7 @@ struct eap_sm {
 	u8 *identity;
 	size_t identity_len;
 	char *serial_num;
+	char imsi[20];
 	/* Whether Phase 2 method should validate identity match */
 	int require_identity_match;
 	int lastId; /* Identifier used in the last EAP-Packet */
diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index 38a1b5c9e..b33f6324e 100644
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -2003,6 +2003,32 @@ const char * eap_get_serial_num(struct eap_sm *sm)
 }
 
 
+/**
+ * eap_get_method - Get the used EAP method
+ * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
+ * Returns: Pointer to the method name or %NULL if not available
+ */
+const char * eap_get_method(struct eap_sm *sm)
+{
+	if (!sm || !sm->m)
+		return NULL;
+	return sm->m->name;
+}
+
+
+/**
+ * eap_get_imsi - Get IMSI of the user
+ * @sm: Pointer to EAP state machine allocated with eap_server_sm_init()
+ * Returns: Pointer to IMSI or %NULL if not available
+ */
+const char * eap_get_imsi(struct eap_sm *sm)
+{
+	if (!sm || sm->imsi[0] == '\0')
+		return NULL;
+	return sm->imsi;
+}
+
+
 void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len)
 {
 #ifdef CONFIG_ERP
diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c
index 175021163..1bea706d4 100644
--- a/src/eap_server/eap_server_aka.c
+++ b/src/eap_server/eap_server_aka.c
@@ -796,6 +796,10 @@ static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data)
 		return;
 	}
 
+	if (data->permanent[0] == EAP_AKA_PERMANENT_PREFIX ||
+	    data->permanent[0] == EAP_AKA_PRIME_PERMANENT_PREFIX)
+		os_strlcpy(sm->imsi, &data->permanent[1], sizeof(sm->imsi));
+
 #ifdef EAP_SERVER_AKA_PRIME
 	if (data->eap_method == EAP_TYPE_AKA_PRIME) {
 		/* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the
diff --git a/src/eap_server/eap_server_sim.c b/src/eap_server/eap_server_sim.c
index 10637d4c6..128782735 100644
--- a/src/eap_server/eap_server_sim.c
+++ b/src/eap_server/eap_server_sim.c
@@ -535,6 +535,9 @@ skip_id_update:
 		goto failed;
 	}
 
+	if (data->permanent[0] == EAP_SIM_PERMANENT_PREFIX)
+		os_strlcpy(sm->imsi, &data->permanent[1], sizeof(sm->imsi));
+
 	identity_len = sm->identity_len;
 	while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
 		wpa_printf(MSG_DEBUG, "EAP-SIM: Workaround - drop last null "