hook up Challenge for Post-Auth-Type for inner tunnel processing

author Alexander Clouter <alex@digriz.org.uk>

Thu, 16 May 2024 12:10:59 +0000 (13:10 +0100)

committer Matthew Newton <matthew-git@newtoncomputing.co.uk>

Tue, 28 May 2024 20:05:11 +0000 (21:05 +0100)
author Alexander Clouter <alex@digriz.org.uk>
Thu, 16 May 2024 12:10:59 +0000 (13:10 +0100)
committer Matthew Newton <matthew-git@newtoncomputing.co.uk>
Tue, 28 May 2024 20:05:11 +0000 (21:05 +0100)
diff --git a/src/main/auth.c b/src/main/auth.c

index 84889b8c6fe6037af4f97b9d64e3850a9b7ae530..2dc3e602322c8dc1e61ac64f350834b37ce6613d 100644 (file)
--- a/src/main/auth.c
+++ b/src/main/auth.c
@@ -850,8 +850,8 @@ int rad_virtual_server(REQUEST *request)
                         break;
  
                 case PW_AUTH_TYPE_REJECT:
-                               request->reply->code = PW_CODE_ACCESS_REJECT;
-                               break;
+                       request->reply->code = PW_CODE_ACCESS_REJECT;
+                       break;
  
                 default:
                         break;
@@ -864,6 +864,12 @@ int rad_virtual_server(REQUEST *request)
                 if (vp) rad_postauth(request);
         }
  
+       if (request->reply->code == PW_CODE_ACCESS_CHALLENGE) {
+               fr_pair_delete_by_num(&request->config, PW_POST_AUTH_TYPE, 0, TAG_ANY);
+               vp = pair_make_config("Post-Auth-Type", "Challenge", T_OP_SET);
+               if (vp) rad_postauth(request);
+       }
+
         if (request->reply->code == PW_CODE_ACCESS_ACCEPT) {
                 /*
                  *      Check that there is a name which can be used
author	Alexander Clouter <alex@digriz.org.uk>
	Thu, 16 May 2024 12:10:59 +0000 (13:10 +0100)
committer	Matthew Newton <matthew-git@newtoncomputing.co.uk>
	Tue, 28 May 2024 20:05:11 +0000 (21:05 +0100)