Fix TNC with EAP-TTLS

This was broken by 510c02d4a362cd572303fa845b139eacb2dab387 which added
validation of eap_ttls_phase2_eap_init() return value. The main problem
in the code trying to initialize a new phase 2 EAP method
unconditionally; this should only happen if there is a new method in the
inner method sequence.

diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index 1c8be84..c0e1915 100644 (file)
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -12,6 +12,7 @@ ChangeLog for hostapd
          Drives (UFD) (CONFIG_WPS_UFD=y)
        * fixed EAPOL/EAP reauthentication when using an external RADIUS
          authentication server
+       * fixed TNC with EAP-TTLS
 
 2009-01-06 - v0.6.7
        * added support for Wi-Fi Protected Setup (WPS)

diff --git a/src/eap_server/eap_ttls.c b/src/eap_server/eap_ttls.c
index d04f4f6..21e4b21 100644 (file)
--- a/src/eap_server/eap_ttls.c
+++ b/src/eap_server/eap_ttls.c
@@ -1045,6 +1045,11 @@ static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm,
                next_type = sm->user->methods[0].method;
                sm->user_eap_method_index = 1;
                wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d", next_type);
+               if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
+                       wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize "
+                                  "EAP type %d", next_type);
+                       eap_ttls_state(data, FAILURE);
+               }
                break;
        case PHASE2_METHOD:
                if (data->ttls_version > 0) {
@@ -1066,12 +1071,6 @@ static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm,
                           __func__, data->state);
                break;
        }
-
-       if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
-               wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize EAP "
-                          "type %d", next_type);
-               eap_ttls_state(data, FAILURE);
-       }
 }