From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 7 Apr 2011 14:29:20 +0000 (+0200)
Subject: Handle failures
X-Git-Tag: release_2_1_11~59
X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=b810fd2f3cc2bddb69a540126016aeff6d14231f;p=freeradius.git

Handle failures
---

diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
index bdf4668..91b50bc 100644
--- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
+++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
@@ -195,7 +195,7 @@ static int eapmschapv2_compose(EAP_HANDLER *handler, VALUE_PAIR *reply)
 
 	case PW_MSCHAP_ERROR:
 		DEBUG2("MSCHAP Failure\n");
-		length = 4 + MSCHAPV2_FAILURE_MESSAGE_LEN;
+		length = 4 + reply->length - 1;
 		eap_ds->request->type.data = malloc(length);
 
 		/*
@@ -212,7 +212,11 @@ static int eapmschapv2_compose(EAP_HANDLER *handler, VALUE_PAIR *reply)
 		eap_ds->request->type.data[1] = eap_ds->response->id;
 		length = htons(length);
 		memcpy((eap_ds->request->type.data + 2), &length, sizeof(uint16_t));
-		memcpy((eap_ds->request->type.data + 4), MSCHAPV2_FAILURE_MESSAGE, MSCHAPV2_FAILURE_MESSAGE_LEN);
+		/*
+		 *	Copy the entire failure message.
+		 */
+		memcpy((eap_ds->request->type.data + 4),
+		       reply->vp_strvalue + 1, reply->length - 1);
 		break;
 
 	default:
@@ -486,6 +490,19 @@ static int mschapv2_authenticate(void *arg, EAP_HANDLER *handler)
 		break;
 
 		/*
+		 *	Ack of a failure message
+		 */
+        case PW_EAP_MSCHAPV2_FAILURE:
+		if (data->code != PW_EAP_MSCHAPV2_FAILURE) {
+			radlog(L_ERR, "rlm_eap_mschapv2: Unexpected FAILURE received");
+			return 0;
+		}
+
+                handler->request->options &= ~RAD_REQUEST_OPTION_PROXY_EAP;
+                eap_ds->request->code = PW_EAP_FAILURE;
+                return 1;
+
+		/*
 		 *	Something else, we don't know what it is.
 		 */
 	default:
@@ -653,16 +670,10 @@ static int mschapv2_authenticate(void *arg, EAP_HANDLER *handler)
 			 PW_MSCHAP2_SUCCESS);
 		data->code = PW_EAP_MSCHAPV2_SUCCESS;
 	} else {
-		/*
-		 *	Don't return anything in the error message.
-		 */
 		eap_ds->request->code = PW_EAP_FAILURE;
-		return 1;
-#if 0
-		pairmove2(&handler->request->reply->vps, &response
+		pairmove2(&handler->request->reply->vps, &response,
 			  PW_MSCHAP_ERROR);
 		data->code = PW_EAP_MSCHAPV2_FAILURE;
-#endif
 	}
 
 	/*