From: Alexander Clouter <alex@digriz.org.uk>
Date: Thu, 16 May 2024 12:10:59 +0000 (+0100)
Subject: hook up Challenge for Post-Auth-Type for inner tunnel processing
X-Git-Tag: release_3_2_4~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9448cb12c06ca2ca7cd6b3df74f41974822580da;p=thirdparty%2Ffreeradius-server.git

hook up Challenge for Post-Auth-Type for inner tunnel processing
---

diff --git a/src/main/auth.c b/src/main/auth.c
index 84889b8c6fe..2dc3e602322 100644
--- a/src/main/auth.c
+++ b/src/main/auth.c
@@ -850,8 +850,8 @@ int rad_virtual_server(REQUEST *request)
 			break;
 
 		case PW_AUTH_TYPE_REJECT:
-				request->reply->code = PW_CODE_ACCESS_REJECT;
-				break;
+			request->reply->code = PW_CODE_ACCESS_REJECT;
+			break;
 
 		default:
 			break;
@@ -864,6 +864,12 @@ int rad_virtual_server(REQUEST *request)
 		if (vp) rad_postauth(request);
 	}
 
+	if (request->reply->code == PW_CODE_ACCESS_CHALLENGE) {
+		fr_pair_delete_by_num(&request->config, PW_POST_AUTH_TYPE, 0, TAG_ANY);
+		vp = pair_make_config("Post-Auth-Type", "Challenge", T_OP_SET);
+		if (vp) rad_postauth(request);
+	}
+
 	if (request->reply->code == PW_CODE_ACCESS_ACCEPT) {
 		/*
 		 *	Check that there is a name which can be used