diff --git a/src/eap_server/eap_ttls.c b/src/eap_server/eap_ttls.c index 63b274552..545958dfa 100644 --- a/src/eap_server/eap_ttls.c +++ b/src/eap_server/eap_ttls.c @@ -55,6 +55,7 @@ struct eap_ttls_data { u8 mschapv2_ident; int tls_ia_configured; struct wpabuf *pending_phase2_eap_resp; + int tnc_started; }; @@ -1244,6 +1245,15 @@ static void eap_ttls_process_phase2(struct eap_sm *sm, } } +#ifdef EAP_TNC + if (data->tnc_started && parse.eap == NULL) { + wpa_printf(MSG_DEBUG, "EAP-TTLS: TNC started but no EAP " + "response from peer"); + eap_ttls_state(data, FAILURE); + goto done; + } +#endif /* EAP_TNC */ + if (parse.eap) { eap_ttls_process_phase2_eap(sm, data, parse.eap, parse.eap_len); @@ -1276,6 +1286,25 @@ done: } +static void eap_ttls_start_tnc(struct eap_sm *sm, struct eap_ttls_data *data) +{ +#ifdef EAP_TNC + if (!sm->tnc || data->state != SUCCESS || data->tnc_started) + return; + + wpa_printf(MSG_DEBUG, "EAP-TTLS: Initialize TNC"); + if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_TNC)) { + wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize TNC"); + eap_ttls_state(data, FAILURE); + return; + } + + data->tnc_started = 1; + eap_ttls_state(data, PHASE2_METHOD); +#endif /* EAP_TNC */ +} + + static void eap_ttls_process(struct eap_sm *sm, void *priv, struct wpabuf *respData) { @@ -1348,6 +1377,7 @@ static void eap_ttls_process(struct eap_sm *sm, void *priv, case PHASE_FINISHED: /* FIX: get rid of const->non-const typecast */ eap_ttls_process_phase2(sm, data, (u8 *) pos, left); + eap_ttls_start_tnc(sm, data); break; case PHASE2_MSCHAPV2_RESP: if (data->mschapv2_resp_ok && left == 0) { @@ -1366,6 +1396,7 @@ static void eap_ttls_process(struct eap_sm *sm, void *priv, (unsigned long) left); eap_ttls_state(data, FAILURE); } + eap_ttls_start_tnc(sm, data); break; default: wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected state %d in %s",