save all attributes in the Access-Accept when proxying EAP-MSCHAPv2 as plain MSCHAP...

author Phil Mayers <p.mayers@imperial.ac.uk>

Thu, 7 Jul 2011 15:39:11 +0000 (16:39 +0100)

committer Alan T. DeKok <aland@freeradius.org>

Fri, 8 Jul 2011 11:18:34 +0000 (13:18 +0200)
author Phil Mayers <p.mayers@imperial.ac.uk>
Thu, 7 Jul 2011 15:39:11 +0000 (16:39 +0100)
committer Alan T. DeKok <aland@freeradius.org>
Fri, 8 Jul 2011 11:18:34 +0000 (13:18 +0200)
diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/eap_mschapv2.h b/src/modules/rlm_eap/types/rlm_eap_mschapv2/eap_mschapv2.h

index abe9d39a7e988b2178d002589b9c269ed227decd..b5a25e766950c567974bd70508501593cac64898 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/eap_mschapv2.h
+++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/eap_mschapv2.h
@@ -46,6 +46,7 @@ typedef struct mschapv2_opaque_t {
         int             code;
         uint8_t         challenge[MSCHAPV2_CHALLENGE_LEN];
         VALUE_PAIR      *mppe_keys;
+       VALUE_PAIR      *reply;
  } mschapv2_opaque_t;
  
  #endif /*_EAP_MSCHAPV2_H*/
diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c

index 53fba8498e76b041167ed617f5ef363a896122f2..4f600cf53132e9a80681cd3f77aaaeb28fe06527 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
+++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
@@ -61,6 +61,7 @@ static void free_data(void *ptr)
         mschapv2_opaque_t *data = ptr;
  
         pairfree(&data->mppe_keys);
+       pairfree(&data->reply);
         free(data);
  }
  
@@ -270,6 +271,7 @@ static int mschapv2_initiate(void *type_data, EAP_HANDLER *handler)
         data->code = PW_EAP_MSCHAPV2_CHALLENGE;
         memcpy(data->challenge, challenge->vp_strvalue, MSCHAPV2_CHALLENGE_LEN);
         data->mppe_keys = NULL;
+       data->reply = NULL;
  
         handler->opaque = data;
         handler->free_opaque = free_data;
@@ -365,6 +367,13 @@ static int mschap_postproxy(EAP_HANDLER *handler, void *tunnel_data)
          */
         fix_mppe_keys(handler, data);
  
+       /*
+        * save any other attributes for re-use in the final
+        * access-accept e.g. vlan, etc. This lets the PEAP
+        * use_tunneled_reply code work
+        */
+       data->reply = paircopy(handler->request->reply->vps);
+
         /*
          *      And we need to challenge the user, not ack/reject them,
          *      so we re-write the ACK to a challenge.  Yuck.
@@ -504,6 +513,8 @@ static int mschapv2_authenticate(void *arg, EAP_HANDLER *handler)
                                          */
                                         handler->request->options &= ~RAD_REQUEST_OPTION_PROXY_EAP;
  #endif
+                                       pairadd(&handler->request->reply->vps, data->reply);
+                                       data->reply = NULL;
                                         return 1;
                         }
                         radlog(L_ERR, "rlm_eap_mschapv2: Sent SUCCESS expecting SUCCESS (or ACK) but got %d", ccode);
author	Phil Mayers <p.mayers@imperial.ac.uk>
	Thu, 7 Jul 2011 15:39:11 +0000 (16:39 +0100)
committer	Alan T. DeKok <aland@freeradius.org>
	Fri, 8 Jul 2011 11:18:34 +0000 (13:18 +0200)
src/modules/rlm_eap/types/rlm_eap_mschapv2/eap_mschapv2.h		patch \| blob \| blame \| history
src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c		patch \| blob \| blame \| history