* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*
* Copyright 2003 Alan DeKok <aland@freeradius.org>
+ * Copyright 2006 The FreeRADIUS server project
*/
+
+#include <freeradius-devel/ident.h>
+RCSID("$Id$")
+
#include "eap_ttls.h"
/*
vp = NULL;
pairmove2(&vp, &reply->vps, PW_MSCHAP2_SUCCESS);
if (vp) {
-#if 1
- /*
- * FIXME: Tunneling MS-CHAP2-Success causes
- * the only client we have access to, to die.
- *
- * We don't want that...
- */
- pairfree(&vp);
-#else
DEBUG2(" TTLS: Got MS-CHAP2-Success, tunneling it to the client in a challenge.");
rcode = RLM_MODULE_HANDLED;
t->authenticated = TRUE;
-#endif
+
+ /*
+ * Delete MPPE keys & encryption policy. We don't
+ * want these here.
+ */
+ pairdelete(&reply->vps, ((311 << 16) | 7));
+ pairdelete(&reply->vps, ((311 << 16) | 8));
+ pairdelete(&reply->vps, ((311 << 16) | 16));
+ pairdelete(&reply->vps, ((311 << 16) | 17));
+
+ /*
+ * Use the tunneled reply, but not now.
+ */
+ if (t->use_tunneled_reply) {
+ t->reply = reply->vps;
+ reply->vps = NULL;
+ }
+
} else { /* no MS-CHAP2-Success */
/*
* Can only have EAP-Message if there's
* Update other items in the REQUEST data structure.
*/
fake->username = pairfind(fake->packet->vps, PW_USER_NAME);
- fake->password = pairfind(fake->packet->vps, PW_PASSWORD);
+ fake->password = pairfind(fake->packet->vps, PW_USER_PASSWORD);
/*
* No User-Name, try to create one from stored data.