From 35f39ac4c9a30b4adb8d0387c289d0ba8ab0d21f Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 9 Mar 2008 12:04:10 +0200 Subject: [PATCH] TNC: Fixed TNC when using EAP-TTLS with non-EAP Phase 2 Need to process EAP AVP after the non-EAP Phase 2 method. In addition, EAP-TTLS/MSCHAPv2 needs special code for handling the starting of TNC after extra roundtrip of MSCHAPv2 success message. --- src/eap_peer/eap_ttls.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c index a3ded89ac..39a9f0a35 100644 --- a/src/eap_peer/eap_ttls.c +++ b/src/eap_peer/eap_ttls.c @@ -991,7 +991,7 @@ static int eap_ttls_phase2_request(struct eap_sm *sm, } } - switch (data->phase2_type) { + switch (phase2_type) { case EAP_TTLS_PHASE2_EAP: res = eap_ttls_phase2_request_eap(sm, data, ret, hdr, resp); break; @@ -1334,6 +1334,15 @@ static int eap_ttls_process_phase2_mschapv2(struct eap_sm *sm, } if (parse->mschapv2 == NULL) { +#ifdef EAP_TNC + if (data->phase2_success && parse->eapdata) { + /* + * Allow EAP-TNC to be started after successfully + * completed MSCHAPV2. + */ + return 1; + } +#endif /* EAP_TNC */ wpa_printf(MSG_WARNING, "EAP-TTLS: no MS-CHAP2-Success AVP " "received for Phase2 MSCHAPV2"); return -1; @@ -1435,9 +1444,7 @@ static int eap_ttls_process_decrypted(struct eap_sm *sm, case EAP_TTLS_PHASE2_MSCHAPV2: res = eap_ttls_process_phase2_mschapv2(sm, data, ret, parse); #ifdef EAP_TNC - if (res == 1 && parse->eapdata && - ret->methodState == METHOD_DONE && - ret->decision == DECISION_UNCOND_SUCC) { + if (res == 1 && parse->eapdata && data->phase2_success) { /* * TNC may be required as the next * authentication method within the tunnel.