From c6c29be1bdc56bfd3a748f06063b1ba0aa80dc94 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 11 Mar 2016 20:18:51 +0200 Subject: [PATCH] Interworking: Add credential realm to EAP-TLS identity If the configured credential includes a username without '@' (i.e., no realm) in it and a realm, combine these to form the EAP-Request/Identity value as "@" for EAP-TLS. This was already done for EAP-TTLS as part of the anonymous NAI conversion, but EAP-TLS could have ended up using a username without any realm information which would be unlikely to work properly with roaming cases. Signed-off-by: Jouni Malinen --- wpa_supplicant/interworking.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c index 9df1607e8..589ee57b0 100644 --- a/wpa_supplicant/interworking.c +++ b/wpa_supplicant/interworking.c @@ -1451,7 +1451,24 @@ static int interworking_set_eap_params(struct wpa_ssid *ssid, os_free(anon); } - if (cred->username && cred->username[0] && + if (!ttls && cred->username && cred->username[0] && cred->realm && + !os_strchr(cred->username, '@')) { + char *id; + size_t buflen; + int res; + + buflen = os_strlen(cred->username) + 1 + + os_strlen(cred->realm) + 1; + + id = os_malloc(buflen); + if (!id) + return -1; + os_snprintf(id, buflen, "%s@%s", cred->username, cred->realm); + res = wpa_config_set_quoted(ssid, "identity", id); + os_free(id); + if (res < 0) + return -1; + } else if (cred->username && cred->username[0] && wpa_config_set_quoted(ssid, "identity", cred->username) < 0) return -1;