From: Alan T. DeKok <aland@freeradius.org>
Date: Tue, 19 Jan 2016 20:37:00 +0000 (-0500)
Subject: Move run-time error to run-time warning
X-Git-Tag: release_3_0_11~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=68fe8220ecf6338e94eed48a6670ab6e35ad37f1;p=thirdparty%2Ffreeradius-server.git

Move run-time error to run-time warning
---

diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c
index 06677cd8827..a41f7812e5a 100644
--- a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c
+++ b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c
@@ -1023,6 +1023,13 @@ rlm_rcode_t eappeap_process(eap_handler_t *handler, tls_session_t *tls_session,
 		if (vp) {
 			eap_tunnel_data_t *tunnel;
 
+			if (!auth_type_eap) {
+				RERROR("You must set 'inner_eap_module' in the 'peap' configuration");
+				RERROR("This is required in order to proxy the inner EAP session.");
+				rcode = RLM_MODULE_REJECT;
+				goto done;
+			}
+
 			/*
 			 *	The tunneled request was NOT handled,
 			 *	it has to be proxied.  This means that
diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c
index ce0a965bd38..b5b90da898a 100644
--- a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c
+++ b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c
@@ -55,7 +55,7 @@ static CONF_PARSER module_config[] = {
 
 	{ "default_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_peap_t, default_method_name), "mschapv2" },
 
-	{ "inner_eap_module", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_peap_t, inner_eap_module), "eap" },
+	{ "inner_eap_module", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_peap_t, inner_eap_module), NULL },
 
 	{ "copy_request_to_tunnel", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_peap_t, copy_request_to_tunnel), "no" },
 
@@ -122,15 +122,18 @@ static int mod_instantiate(CONF_SECTION *cs, void **instance)
 		return -1;
 	}
 
+	/*
+	 *	Don't expose this if we don't need it.
+	 */
+	if (!inst->inner_eap_module) inst->inner_eap_module = "eap";
 
 	dv = dict_valbyname(PW_AUTH_TYPE, 0, inst->inner_eap_module);
 	if (!dv) {
-		cf_log_err_cs(cs, "Failed to find 'Auth-Type %s' section in virtual server %s.  Cannot authenticate users.",
-			      inst->inner_eap_module, inst->virtual_server);
-		return -1;
+		WARN("Failed to find 'Auth-Type %s' section in virtual server %s.  The server cannot proxy inner-tunnel EAP packets.",
+		     inst->inner_eap_module, inst->virtual_server);
+		inst->auth_type_eap = dv->value;
 	}
 
-	inst->auth_type_eap = dv->value;
 	return 0;
 }