sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-08 00:02:03 -04:00
Code Issues Projects Releases Wiki Activity

Handle type of first EAP-RADIUS response more sophisticated

Browse Source
This commit is contained in:
Tobias Brunner 2012-10-16 16:39:49 +02:00
parent a5436657e9
commit d2c8bc4df0
1 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/libcharon/plugins/eap_radius/eap_radius.c
View File

@ -181,9 +181,23 @@ METHOD(eap_method_t, initiate, status_t,
if (response) if (response)
{ {
eap_radius_forward_to_ike(response); eap_radius_forward_to_ike(response);
if (radius2ike(this, response, out)) switch (response->get_code(response))
{ {
status = NEED_MORE; case RMC_ACCESS_CHALLENGE:
if (radius2ike(this, response, out))
{
status = NEED_MORE;
}
break;
case RMC_ACCESS_ACCEPT:
/* Microsoft RADIUS servers can run in a mode where they respond
* like this on the first request (i.e. without authentication),
* we treat this as Access-Reject */
case RMC_ACCESS_REJECT:
default:
DBG1(DBG_IKE, "RADIUS authentication of '%Y' failed",
this->peer);
break;
} }
response->destroy(response); response->destroy(response);
} }
@ -365,7 +379,8 @@ METHOD(eap_method_t, process, status_t,
break; break;
case RMC_ACCESS_REJECT: case RMC_ACCESS_REJECT:
default: default:
DBG1(DBG_IKE, "RADIUS authentication of '%Y' failed", this->peer); DBG1(DBG_IKE, "RADIUS authentication of '%Y' failed",
this->peer);
status = FAILED; status = FAILED;
break; break;
} }