diff --git a/src/eap_peer/eap_fast.c b/src/eap_peer/eap_fast.c index bf94e0f0c..33e523208 100644 --- a/src/eap_peer/eap_fast.c +++ b/src/eap_peer/eap_fast.c @@ -358,6 +358,9 @@ static int eap_fast_select_phase2_method(struct eap_fast_data *data, u8 type) { size_t i; + /* TODO: TNC with anonymous provisioning; need to require both + * completed MSCHAPv2 and TNC */ + if (data->anon_provisioning && type != EAP_TYPE_MSCHAPV2) { wpa_printf(MSG_INFO, "EAP-FAST: Only EAP-MSCHAPv2 is allowed " "during unauthenticated provisioning; reject phase2" @@ -365,6 +368,18 @@ static int eap_fast_select_phase2_method(struct eap_fast_data *data, u8 type) return -1; } +#ifdef EAP_TNC + if (type == EAP_TYPE_TNC) { + data->phase2_type.vendor = EAP_VENDOR_IETF; + data->phase2_type.method = EAP_TYPE_TNC; + wpa_printf(MSG_DEBUG, "EAP-FAST: Selected Phase 2 EAP " + "vendor %d method %d for TNC", + data->phase2_type.vendor, + data->phase2_type.method); + return 0; + } +#endif /* EAP_TNC */ + for (i = 0; i < data->num_phase2_types; i++) { if (data->phase2_types[i].vendor != EAP_VENDOR_IETF || data->phase2_types[i].method != type) @@ -410,6 +425,17 @@ static int eap_fast_phase2_request(struct eap_sm *sm, return 0; } + if (data->phase2_priv && data->phase2_method && + *pos != data->phase2_type.method) { + wpa_printf(MSG_DEBUG, "EAP-FAST: Phase 2 EAP sequence - " + "deinitialize previous method"); + data->phase2_method->deinit(sm, data->phase2_priv); + data->phase2_method = NULL; + data->phase2_priv = NULL; + data->phase2_type.vendor = EAP_VENDOR_IETF; + data->phase2_type.method = EAP_TYPE_NONE; + } + if (data->phase2_type.vendor == EAP_VENDOR_IETF && data->phase2_type.method == EAP_TYPE_NONE && eap_fast_select_phase2_method(data, *pos) < 0) { diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog index 8e80802ef..947b6e1cb 100644 --- a/wpa_supplicant/ChangeLog +++ b/wpa_supplicant/ChangeLog @@ -2,6 +2,7 @@ ChangeLog for wpa_supplicant ????-??-?? - v0.6.4 * added support for EAP Sequences in EAP-FAST Phase 2 + * added support for using TNC with EAP-FAST 2008-02-22 - v0.6.3 * removed 'nai' and 'eappsk' network configuration variables that were