}
if (t->copy_request_to_tunnel) {
- eapfast_copy_request_to_tunnel(request, fake);
- }
+ eapfast_copy_request_to_tunnel(request, fake);
+ }
if ((vp = fr_pair_find_by_num(request->config, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
fake->server = vp->vp_strvalue;
/*
* RFC 5422 section 3.5 - Network Access after EAP-FAST Provisioning
*/
- if ((t->pac.type && t->pac.expired) || t->mode == EAP_FAST_PROVISIONING_ANON) {
- RDEBUG("Rejecting expired PAC or unauthenticated provisioning");
+ if (t->pac.type && t->pac.expired) {
+ REDEBUG("Rejecting expired PAC.");
+ code = PW_CODE_ACCESS_REJECT;
+ break;
+ }
+
+ if (t->mode == EAP_FAST_PROVISIONING_ANON) {
+ REDEBUG("Rejecting unauthenticated provisioning");
code = PW_CODE_ACCESS_REJECT;
break;
}
eap_add_reply(request, "EAP-EMSK", t->emsk, EAP_EMSK_LEN);
break;
+
default:
- RERROR("no idea! %d", t->stage);
+ RERROR("Internal sanity check failed in EAP-FAST at %d", t->stage);
code = PW_CODE_ACCESS_REJECT;
}
projects / freeradius.git / blobdiff