Skip to content

Commit

Permalink
separate messages for separate error cases
Browse files Browse the repository at this point in the history
  • Loading branch information
@alandekok
alandekok committed Sep 19, 2016
1 parent 40b402c commit 3426892
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
View file
Expand Up @@ -1160,8 +1160,14 @@ PW_CODE eap_fast_process(eap_session_t *eap_session, tls_session_t *tls_session)
/*
* RFC 5422 section 3.5 - Network Access after EAP-FAST Provisioning
*/
if ((t->pac.type && t->pac.expired) || t->mode == EAP_FAST_PROVISIONING_ANON) {
RDEBUG("Rejecting expired PAC or unauthenticated provisioning");
if (t->pac.type && t->pac.expired) {
REDEBUG("Rejecting expired PAC.");
code = PW_CODE_ACCESS_REJECT;
break;
}

if (t->mode == EAP_FAST_PROVISIONING_ANON) {
REDEBUG("Rejecting unauthenticated provisioning");
code = PW_CODE_ACCESS_REJECT;
break;
}
Expand All @@ -1177,8 +1183,9 @@ PW_CODE eap_fast_process(eap_session_t *eap_session, tls_session_t *tls_session)
eap_add_reply(request, "EAP-EMSK", t->emsk, EAP_EMSK_LEN);

break;

default:
RERROR("no idea! %d", t->stage);
RERROR("Internal sanity check failed in EAP-FAST at %d", t->stage);
code = PW_CODE_ACCESS_REJECT;
}

Expand Down

0 comments on commit 3426892

Please sign in to comment.