+ * If there was a fake request associated with the proxied
+ * request, do more processing of it.
+ */
+ fake = (REQUEST *) request_data_get(handler->request,
+ handler->request->proxy,
+ REQUEST_DATA_EAP_MSCHAP_TUNNEL_CALLBACK);
+
+ /*
+ * Do the callback, if it exists, and if it was a success.
+ */
+ if (fake && (handler->request->proxy_reply->code == PW_AUTHENTICATION_ACK)) {
+ VALUE_PAIR *vp;
+ REQUEST *request = handler->request;
+
+ /*
+ * Terrible hacks.
+ */
+ rad_assert(fake->packet == NULL);
+ fake->packet = request->proxy;
+ request->proxy = NULL;
+
+ rad_assert(fake->reply == NULL);
+ fake->reply = request->proxy_reply;
+ request->proxy_reply = NULL;
+
+ /*
+ * We MAY have deleted the state. If so, add
+ * it back in.
+ */
+ vp = pairfind(fake->packet->vps, PW_STATE);
+ if (!vp) {
+ vp = pairmake("State", "0x00", T_OP_EQ);
+ memcpy(vp->strvalue, handler->state,
+ sizeof(handler->state));
+ vp->length = sizeof(handler->state);
+ pairadd(&fake->packet->vps, vp);
+ }
+
+ /*
+ * The NT Domain may have been removed, too.
+ * Add it back in.
+ */
+ vp = pairfind(fake->packet->vps, PW_USER_NAME);
+ if (vp) {
+ strNcpy(vp->strvalue, handler->identity,
+ sizeof(vp->strvalue));
+ vp->length = strlen(vp->strvalue);
+ }
+
+ /*
+ * Perform a post-auth stage, which will get the EAP
+ * handler, too...
+ */
+ fake->options &= ~RAD_REQUEST_OPTION_PROXY_EAP;
+ DEBUG2(" PEAP: Passing reply back for EAP-MS-CHAP-V2 %p %d",
+ fake, fake->reply->code);
+ rcode = module_post_proxy(fake);
+
+ /*
+ * FIXME: If rcode returns fail, do something
+ * intelligent...
+ */
+ DEBUG2(" POST-PROXY %d", rcode);
+ rcode = rad_postauth(fake);
+ DEBUG2(" POST-AUTH %d", rcode);
+
+#ifndef NDEBUG
+ if (debug_flag > 0) {
+ printf(" PEAP: Final reply from tunneled session code %d\n",
+ fake->reply->code);
+
+ for (vp = fake->reply->vps; vp != NULL; vp = vp->next) {
+ putchar('\t');vp_print(stdout, vp);putchar('\n');
+ }
+ }
+#endif
+
+ /*
+ * Terrible hacks.
+ */
+ request->proxy = fake->packet;
+ fake->packet = NULL;
+ request->proxy_reply = fake->reply;
+ fake->reply = NULL;
+
+ /*
+ * And we're done with this request.
+ */
+
+ switch (rcode) {
+ case RLM_MODULE_FAIL:
+ request_free(&fake);
+ eaptls_fail(handler->eap_ds, 0);
+ return 0;
+ break;
+
+ default: /* Don't Do Anything */
+ DEBUG2(" PEAP: Got reply %d",
+ request->proxy_reply->code);
+ break;
+ }
+ }
+ request_free(&fake); /* robust if fake == NULL */
+
+ /*