From: Alan T. DeKok <aland@freeradius.org>
Date: Tue, 3 Apr 2012 10:31:33 +0000 (+0100)
Subject: Allow for new state transition on failure
X-Git-Tag: release_3_0_0_beta0~241
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4aca1d5273c6cd78a817033bbb2cc940fa7f7e9;p=thirdparty%2Ffreeradius-server.git

Allow for new state transition on failure

if our RESPONSE gets a FAILURE message, it means that the
supplicant doesn't like our password.  Rather than complaining
about unexpected response, just send failure.

Manual pull of f26dcc5f45
---

diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
index 2d000e53cb3..a0401e1ac5b 100644
--- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
+++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
@@ -476,8 +476,6 @@ static int mschapv2_authenticate(void *arg, EAP_HANDLER *handler)
 				 * jump to "authentication"
 				 */
 				goto packet_ready;
-
-
 			}
 
 			/*
@@ -488,6 +486,7 @@ static int mschapv2_authenticate(void *arg, EAP_HANDLER *handler)
 				return 0;
 			}
 
+	failure:
 			handler->request->options &= ~RAD_REQUEST_OPTION_PROXY_EAP;
 			eap_ds->request->code = PW_EAP_FAILURE;
 	                return 1;
@@ -521,6 +520,8 @@ static int mschapv2_authenticate(void *arg, EAP_HANDLER *handler)
 			return 0;
 
 		case PW_EAP_MSCHAPV2_CHALLENGE:
+			if (ccode == PW_EAP_MSCHAPV2_FAILURE) goto failure;
+
 			/*
 			 * we sent a challenge, expecting a response
 			 */