Do not clear anonymous id when anonymous@<realm> is used
If the EAP-SIM/AKA server does not provide a new pseudonym and the
locally configured "pseudonym" in anonymous_identity is actually
an anonymous identity instead of a real EAP-SIM/AKA pseudonym, do
not clear the anonymous_identity network profile parameter.
This is needed to avoid forgetting the anonymous identity when
going through EAP-SIM/AKA authentication and then reverting back
to using IMSI-based (e.g., encrypted) identity.
Bug: 138610772
Test: Associate to <carrier> AP, get out of range, reassociate
Test: Associate to <carrier> AP, pop SIM, reinsert, reassociate
Change-Id: I511575aa0bf5e43809f0bcea756822f221453a83
diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c
index f5abb79..d50bc61 100644
--- a/src/eap_peer/eap_aka.c
+++ b/src/eap_peer/eap_aka.c
@@ -632,8 +632,13 @@
} else if (id_req != NO_ID_REQ) {
identity = eap_get_config_identity(sm, &identity_len);
if (identity) {
- eap_aka_clear_identities(sm, data, CLEAR_PSEUDONYM |
- CLEAR_REAUTH_ID);
+ int ids = CLEAR_PSEUDONYM | CLEAR_REAUTH_ID;
+
+ if (data->pseudonym &&
+ eap_sim_anonymous_username(data->pseudonym,
+ data->pseudonym_len))
+ ids &= ~CLEAR_PSEUDONYM;
+ eap_aka_clear_identities(sm, data, ids);
}
}
if (id_req != NO_ID_REQ)
diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index c4070ab..2ea4efd 100644
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -502,8 +502,13 @@
} else if (id_req != NO_ID_REQ) {
identity = eap_get_config_identity(sm, &identity_len);
if (identity) {
- eap_sim_clear_identities(sm, data, CLEAR_PSEUDONYM |
- CLEAR_REAUTH_ID);
+ int ids = CLEAR_PSEUDONYM | CLEAR_REAUTH_ID;
+
+ if (data->pseudonym &&
+ eap_sim_anonymous_username(data->pseudonym,
+ data->pseudonym_len))
+ ids &= ~CLEAR_PSEUDONYM;
+ eap_sim_clear_identities(sm, data, ids);
}
}
if (id_req != NO_ID_REQ)