int ready_for_tnc;
int tnc_started;
#endif /* EAP_TNC */
+
+ enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth;
};
+static void eap_ttls_parse_phase1(struct eap_ttls_data *data,
+ const char *phase1)
+{
+ if (os_strstr(phase1, "phase2_auth=0")) {
+ data->phase2_auth = NO_AUTH;
+ wpa_printf(MSG_DEBUG,
+ "EAP-TTLS: Do not require Phase 2 authentication");
+ } else if (os_strstr(phase1, "phase2_auth=1")) {
+ data->phase2_auth = FOR_INITIAL;
+ wpa_printf(MSG_DEBUG,
+ "EAP-TTLS: Require Phase 2 authentication for initial connection");
+ } else if (os_strstr(phase1, "phase2_auth=2")) {
+ data->phase2_auth = ALWAYS;
+ wpa_printf(MSG_DEBUG,
+ "EAP-TTLS: Require Phase 2 authentication for all cases");
+ }
+}
+
+
static void * eap_ttls_init(struct eap_sm *sm)
{
struct eap_ttls_data *data;
selected = "EAP";
selected_non_eap = 0;
data->phase2_type = EAP_TTLS_PHASE2_EAP;
+ data->phase2_auth = FOR_INITIAL;
+
+ if (config && config->phase1)
+ eap_ttls_parse_phase1(data, config->phase1);
/*
* Either one auth= type or one or more autheap= methods can be
static bool eap_ttls_has_reauth_data(struct eap_sm *sm, void *priv)
{
struct eap_ttls_data *data = priv;
+
return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
- data->phase2_success;
+ data->phase2_success && data->phase2_auth != ALWAYS;
}
projects / thirdparty / hostap.git / commitdiff
