From: Nick Porter <nick@portercomputing.co.uk>
Date: Mon, 5 May 2025 08:54:36 +0000 (+0100)
Subject: Call `new session` if configured when starting TLS session for PEAP
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3d5dc8a92076fae214ea4e8d4a860b6ae0db93c4;p=thirdparty%2Ffreeradius-server.git

Call `new session` if configured when starting TLS session for PEAP
---

diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c
index abca7b08acb..7f62c61c94f 100644
--- a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c
+++ b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c
@@ -268,10 +268,7 @@ static unlang_action_t mod_handshake_process(UNUSED rlm_rcode_t *p_result, UNUSE
 	return eap_tls_process(request, eap_session);
 }
 
-/*
- *	Send an initial eap-tls request to the peer, using the libeap functions.
- */
-static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_session_init_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
 {
 	rlm_eap_peap_t		*inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_peap_t);
 	rlm_eap_peap_thread_t	*t = talloc_get_type_abort(mctx->thread, rlm_eap_peap_thread_t);
@@ -282,8 +279,6 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons
 	fr_pair_t		*vp;
 	bool			client_cert;
 
-	eap_session->tls = true;
-
 	/*
 	 *	EAP-TLS-Require-Client-Cert attribute will override
 	 *	the require_client_cert configuration option.
@@ -338,6 +333,23 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons
 	RETURN_MODULE_HANDLED;
 }
 
+/*
+ *	Send an initial eap-tls request to the peer, using the libeap functions.
+ */
+static unlang_action_t mod_session_init(UNUSED rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+{
+	rlm_eap_peap_t		*inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_peap_t);
+	eap_session_t		*eap_session = eap_session_get(request->parent);
+
+	eap_session->tls = true;
+
+	(void) unlang_module_yield(request, mod_session_init_resume, NULL, 0, NULL);
+
+	if (inst->tls_conf->new_session) return fr_tls_new_session_push(request, inst->tls_conf);
+
+	return UNLANG_ACTION_CALCULATE_RESULT;
+}
+
 static int mod_thread_instantiate(module_thread_inst_ctx_t const *mctx)
 {
 	rlm_eap_peap_t		*inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_peap_t);