TNC can only be run inside of a tunneled method.

diff --git a/src/modules/rlm_eap/eap.c b/src/modules/rlm_eap/eap.c
index efd6922..fcd5245 100644 (file)
--- a/src/modules/rlm_eap/eap.c
+++ b/src/modules/rlm_eap/eap.c
@@ -260,6 +260,12 @@ int eaptype_select(rlm_eap_t *inst, EAP_HANDLER *handler)
                        DEBUG2(" rlm_eap: WARNING: Tunnelling TLS inside of a TLS will probably not work.");
                }
 
+               if ((default_eap_type == PW_EAP_TNC) &&
+                   !handler->request->parent) {
+                       DEBUG2(" rlm_eap: ERROR: EAP-TNC must be run inside of a TLS method.");
+                       return EAP_INVALID;
+               }
+
                if (eaptype_call(inst->types[default_eap_type],
                                 handler) == 0) {
                        DEBUG2(" rlm_eap: Default EAP type %s failed in initiate",

diff --git a/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c b/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c
index 2b9d488..73bf36a 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c
+++ b/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c
@@ -100,6 +100,11 @@ static void init(void){
  */
 static int tnc_initiate(void *type_data, EAP_HANDLER *handler)
 {
+       if (!handler->request || !handler->request->parent) {
+               DEBUG2("rlm_eap_tnc: Must be run inside of a TLS method");
+               return 0;
+       }
+
        DEBUG("tnc_initiate: %ld", handler->timestamp);
     if(vlanAccess==0 || vlanIsolate==0 || pathToSO==0){
         init();