From: Phil Mayers Date: Thu, 7 Jul 2011 15:39:11 +0000 (+0100) Subject: save all attributes in the Access-Accept when proxying EAP-MSCHAPv2 as plain MSCHAP... X-Git-Tag: release_3_0_0_beta0~717 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fa1e29889f60fc5bc759cbc69b05c77a35f800d6;p=thirdparty%2Ffreeradius-server.git save all attributes in the Access-Accept when proxying EAP-MSCHAPv2 as plain MSCHAP, and restore on the final Access-Accept --- diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/eap_mschapv2.h b/src/modules/rlm_eap/types/rlm_eap_mschapv2/eap_mschapv2.h index abe9d39a7e9..b5a25e76695 100644 --- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/eap_mschapv2.h +++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/eap_mschapv2.h @@ -46,6 +46,7 @@ typedef struct mschapv2_opaque_t { int code; uint8_t challenge[MSCHAPV2_CHALLENGE_LEN]; VALUE_PAIR *mppe_keys; + VALUE_PAIR *reply; } mschapv2_opaque_t; #endif /*_EAP_MSCHAPV2_H*/ diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c index 53fba8498e7..4f600cf5313 100644 --- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c +++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c @@ -61,6 +61,7 @@ static void free_data(void *ptr) mschapv2_opaque_t *data = ptr; pairfree(&data->mppe_keys); + pairfree(&data->reply); free(data); } @@ -270,6 +271,7 @@ static int mschapv2_initiate(void *type_data, EAP_HANDLER *handler) data->code = PW_EAP_MSCHAPV2_CHALLENGE; memcpy(data->challenge, challenge->vp_strvalue, MSCHAPV2_CHALLENGE_LEN); data->mppe_keys = NULL; + data->reply = NULL; handler->opaque = data; handler->free_opaque = free_data; @@ -365,6 +367,13 @@ static int mschap_postproxy(EAP_HANDLER *handler, void *tunnel_data) */ fix_mppe_keys(handler, data); + /* + * save any other attributes for re-use in the final + * access-accept e.g. vlan, etc. This lets the PEAP + * use_tunneled_reply code work + */ + data->reply = paircopy(handler->request->reply->vps); + /* * And we need to challenge the user, not ack/reject them, * so we re-write the ACK to a challenge. Yuck. @@ -504,6 +513,8 @@ static int mschapv2_authenticate(void *arg, EAP_HANDLER *handler) */ handler->request->options &= ~RAD_REQUEST_OPTION_PROXY_EAP; #endif + pairadd(&handler->request->reply->vps, data->reply); + data->reply = NULL; return 1; } radlog(L_ERR, "rlm_eap_mschapv2: Sent SUCCESS expecting SUCCESS (or ACK) but got %d", ccode);