From: Alan T. DeKok <aland@freeradius.org>
Date: Tue, 3 Apr 2012 10:22:06 +0000 (+0100)
Subject: Allow for new state transition on failure
X-Git-Tag: release_2_2_0~147
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f26dcc5f458b02433281413613ad418120474e22;p=thirdparty%2Ffreeradius-server.git

Allow for new state transition on failure

if our RESPONSE gets a FAILURE message, it means that the
supplicant doesn't like our password.  Rather than complaining
about unexpected response, just send failure.
---

diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
index 2b20d769d26..2774809e906 100644
--- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
+++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
@@ -442,6 +442,8 @@ static int mschapv2_authenticate(void *arg, EAP_HANDLER *handler)
 		 *	a challenge.
 		 */
 	case PW_EAP_MSCHAPV2_RESPONSE:
+		if (data->code == PW_EAP_MSCHAPV2_FAILURE) goto failure;
+
 		if (data->code != PW_EAP_MSCHAPV2_CHALLENGE) {
 			radlog(L_ERR, "rlm_eap_mschapv2: Unexpected response received");
 			return 0;
@@ -514,6 +516,7 @@ static int mschapv2_authenticate(void *arg, EAP_HANDLER *handler)
 			return 0;
 		}
 
+	failure:
                 handler->request->options &= ~RAD_REQUEST_OPTION_PROXY_EAP;
                 eap_ds->request->code = PW_EAP_FAILURE;
                 return 1;