From: Tobias Brunner Date: Tue, 16 Oct 2012 14:39:49 +0000 (+0200) Subject: Handle type of first EAP-RADIUS response more sophisticated X-Git-Tag: 5.0.2dr4~341 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d2c8bc4df0eb8bb2ed5e3f70bbcb334f90591a23;p=thirdparty%2Fstrongswan.git Handle type of first EAP-RADIUS response more sophisticated --- diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c index 870ed1fc0c..6009d3a1f1 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius.c +++ b/src/libcharon/plugins/eap_radius/eap_radius.c @@ -181,9 +181,23 @@ METHOD(eap_method_t, initiate, status_t, if (response) { eap_radius_forward_to_ike(response); - if (radius2ike(this, response, out)) + switch (response->get_code(response)) { - status = NEED_MORE; + case RMC_ACCESS_CHALLENGE: + if (radius2ike(this, response, out)) + { + status = NEED_MORE; + } + break; + case RMC_ACCESS_ACCEPT: + /* Microsoft RADIUS servers can run in a mode where they respond + * like this on the first request (i.e. without authentication), + * we treat this as Access-Reject */ + case RMC_ACCESS_REJECT: + default: + DBG1(DBG_IKE, "RADIUS authentication of '%Y' failed", + this->peer); + break; } response->destroy(response); } @@ -365,7 +379,8 @@ METHOD(eap_method_t, process, status_t, break; case RMC_ACCESS_REJECT: default: - DBG1(DBG_IKE, "RADIUS authentication of '%Y' failed", this->peer); + DBG1(DBG_IKE, "RADIUS authentication of '%Y' failed", + this->peer); status = FAILED; break; }