projects
/
freeradius.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
aef76d1
)
ttls: return channel bindings on half round trip success
eap-chbind2
author
Sam Hartman
<hartmans@debian.org>
Mon, 25 Mar 2013 23:41:44 +0000
(19:41 -0400)
committer
Sam Hartman
<hartmans@debian.org>
Mon, 25 Mar 2013 23:41:44 +0000
(19:41 -0400)
If we get a channel binding request at the same time we'd like to
return an access accept, return a challenge instead.
src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
patch
|
blob
|
history
diff --git
a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
index
e342a9e
..
f981dfe
100644
(file)
--- a/
src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
+++ b/
src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
@@
-740,7
+740,18
@@
static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session,
/* move channel binding responses; we need to send them */
pairmove2(&vp, &reply->vps, PW_UKERNA_CHBIND, VENDORPEC_UKERNA, TAG_ANY);
-
+ if (pairfind(vp, PW_UKERNA_CHBIND, VENDORPEC_UKERNA, TAG_ANY) != NULL) {
+ t->authenticated = TRUE;
+ /*
+ * Use the tunneled reply, but not now.
+ */
+ if (t->use_tunneled_reply) {
+ t->accept_vps = reply->vps;
+ reply->vps = NULL;
+ }
+ rcode = RLM_MODULE_HANDLED;
+ }
+
/*
* Handle the ACK, by tunneling any necessary reply
* VP's back to the client.