projects / freeradius.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2b2c793)
Ensure that EAP-TNC can only run AFTER the user has been
authoraland <aland>
Wed, 9 Jan 2008 10:34:40 +0000 (10:34 +0000)
committeraland <aland>
Wed, 9 Jan 2008 10:34:40 +0000 (10:34 +0000)
authenticated.  This prevents people from using it as an
authentication method.

src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c patch | blob | history

diff --git a/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c b/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c
index f57ddf4..985ac01 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c
+++ b/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c
@@ -59,7 +59,18 @@ static int tnc_initiate(void *type_data, EAP_HANDLER *handler)
        TNC_PACKET *reply;
 
        if (!handler->request || !handler->request->parent) {
-               DEBUG2("rlm_eap_tnc: Must be run inside of a TLS method");
+               DEBUG("rlm_eap_tnc: EAP-TNC can only be run inside of a TLS-based method.");
+               return 0;
+       }
+
+       /*
+        *      FIXME: Update this when the TTLS and PEAP methods can
+        *      run EAP-TLC *after* the user has been authenticated.
+        *      This likely means moving the phase2 handlers to a
+        *      common code base.
+        */
+       if (1) {
+               DEBUG("rlm-eap_tnc: EAP-TNC can only be run after the user has been authenticated.");
                return 0;
        }
 
Unnamed repository; edit this file 'description' to name the repository.