From: Phil Mayers Date: Thu, 7 Jul 2011 15:39:11 +0000 (+0100) Subject: save all attributes in the Access-Accept when proxying EAP-MSCHAPv2 as plain MSCHAP... X-Git-Tag: release_2_1_12~67 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e9f3ba7c4a7d1294f6fa2bc6e73a07c65eeae26;p=thirdparty%2Ffreeradius-server.git save all attributes in the Access-Accept when proxying EAP-MSCHAPv2 as plain MSCHAP, and restore on the final Access-Accept --- diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/eap_mschapv2.h b/src/modules/rlm_eap/types/rlm_eap_mschapv2/eap_mschapv2.h index 96cba416f6f..cc027bd846d 100644 --- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/eap_mschapv2.h +++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/eap_mschapv2.h @@ -45,6 +45,7 @@ typedef struct mschapv2_opaque_t { int code; uint8_t challenge[MSCHAPV2_CHALLENGE_LEN]; VALUE_PAIR *mppe_keys; + VALUE_PAIR *reply; } mschapv2_opaque_t; #endif /*_EAP_MSCHAPV2_H*/ diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c index b217db916b3..94819cb64ea 100644 --- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c +++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c @@ -62,6 +62,7 @@ static void free_data(void *ptr) mschapv2_opaque_t *data = ptr; pairfree(&data->mppe_keys); + pairfree(&data->reply); free(data); } @@ -271,6 +272,7 @@ static int mschapv2_initiate(void *type_data, EAP_HANDLER *handler) data->code = PW_EAP_MSCHAPV2_CHALLENGE; memcpy(data->challenge, challenge->vp_strvalue, MSCHAPV2_CHALLENGE_LEN); data->mppe_keys = NULL; + data->reply = NULL; handler->opaque = data; handler->free_opaque = free_data; @@ -366,6 +368,13 @@ static int mschap_postproxy(EAP_HANDLER *handler, void *tunnel_data) */ fix_mppe_keys(handler, data); + /* + * save any other attributes for re-use in the final + * access-accept e.g. vlan, etc. This lets the PEAP + * use_tunneled_reply code work + */ + data->reply = paircopy(handler->request->reply->vps); + /* * And we need to challenge the user, not ack/reject them, * so we re-write the ACK to a challenge. Yuck. @@ -486,6 +495,8 @@ static int mschapv2_authenticate(void *arg, EAP_HANDLER *handler) */ handler->request->options &= ~RAD_REQUEST_OPTION_PROXY_EAP; #endif + pairadd(&handler->request->reply->vps, data->reply); + data->reply = NULL; eap_ds->request->code = PW_EAP_SUCCESS;