}
#endif
+static int eap_post_auth(void *instance, REQUEST *request)
+{
+ rlm_eap_t *inst = instance;
+ VALUE_PAIR *vp;
+ EAP_HANDLER *handler;
+ eap_packet_t *eap_packet;
+
+ /*
+ * Only build a failure message if something previously rejected the request
+ */
+ vp = pairfind(request->config_items, PW_POSTAUTHTYPE, 0);
+
+ if (!vp || (vp->vp_integer != PW_POSTAUTHTYPE_REJECT)) return RLM_MODULE_NOOP;
+
+ if (!pairfind(request->packet->vps, PW_EAP_MESSAGE, 0)) {
+ RDEBUG2("Request didn't contain an EAP-Message, not inserting EAP-Failure");
+ return RLM_MODULE_NOOP;
+ }
+
+ if (pairfind(request->reply->vps, PW_EAP_MESSAGE, 0)) {
+ RDEBUG2("Reply already contained an EAP-Message, not inserting EAP-Failure");
+ return RLM_MODULE_NOOP;
+ }
+
+ eap_packet = eap_vp2packet(request->packet->vps);
+ if (eap_packet == NULL) {
+ radlog_request(L_ERR, 0, request, "Malformed EAP Message");
+ return RLM_MODULE_FAIL;
+ }
+
+ handler = eap_handler(inst, &eap_packet, request);
+ if (handler == NULL) {
+ RDEBUG2("Failed to get handler, probably already removed, not inserting EAP-Failure");
+ return RLM_MODULE_NOOP;
+ }
+
+ RDEBUG2("Request was previously rejected, inserting EAP-Failure");
+ eap_fail(handler);
+ eap_handler_free(inst, handler);
+
+ return RLM_MODULE_UPDATED;
+}
+
/*
* The module name should be the only globally exported symbol.
* That is, everything else should be 'static'.
#else
NULL,
#endif
- NULL /* post-auth */
+ eap_post_auth /* post-auth */
},
};