/*
* RFC 5422 section 3.5 - Network Access after EAP-FAST Provisioning
*/
- if ((t->pac.type && t->pac.expired) || t->mode == EAP_FAST_PROVISIONING_ANON) {
- RDEBUG("Rejecting expired PAC or unauthenticated provisioning");
+ if (t->pac.type && t->pac.expired) {
+ REDEBUG("Rejecting expired PAC.");
+ code = PW_CODE_ACCESS_REJECT;
+ break;
+ }
+
+ if (t->mode == EAP_FAST_PROVISIONING_ANON) {
+ REDEBUG("Rejecting unauthenticated provisioning");
code = PW_CODE_ACCESS_REJECT;
break;
}
eap_add_reply(request, "EAP-EMSK", t->emsk, EAP_EMSK_LEN);
break;
+
default:
- RERROR("no idea! %d", t->stage);
+ RERROR("Internal sanity check failed in EAP-FAST at %d", t->stage);
code = PW_CODE_ACCESS_REJECT;
}