On 20/10/2016 20:01, Alan DeKok wrote:
I couldn't find any reference to return codes, or "ok" or "updated", in either of these. As always, patches are welcome.
Would this be an acceptable? diff --git a/raddb/sites-available/default b/raddb/sites-available/default index 0834075..f047979 100644 --- a/raddb/sites-available/default +++ b/raddb/sites-available/default @@ -347,9 +347,9 @@ authorize { # It also sets the EAP-Type attribute in the request # attribute list to the EAP type from the packet. # - # The EAP module returns "ok" if it is not yet ready to + # The EAP module returns "ok" or "updated" if it is not yet ready to # authenticate the user. The configuration below checks for - # that code, and stops processing the "authorize" section if + # those codes, and stops processing the "authorize" section if # so. # # Any LDAP and/or SQL servers will not be queried for the @@ -358,6 +358,7 @@ authorize { # eap { ok = return + updated = return } # If yes, I'll reformat as a pull request. I believe that is accurate. Looking at rlm_eap.c, the EAP responses are mapped to the following return values in the authorize handler: EAP_NOOP -> RLM_MODULE_NOOP EAP_FAIL -> RLM_MODULE_FAIL EAP_FOUND -> RLM_MODULE_HANDLED (if it gets this far, control:Auth-Type := eap is set) EAP_OK -> RLM_MODULE_OK anything else* -> RLM_MODULE_UPDATED *the remaining enum values are EAP_NOTFOUND, EAP_INVALID or EAP_VALID. Regards, Brian.