Add Cached-Session-Policy attribute.

This can be placed into the cache in the first EAP session, and
grabbed from the cache on subsequet packets.

diff --git a/raddb/eap.conf b/raddb/eap.conf
index 75098b1..0de4884 100644 (file)
--- a/raddb/eap.conf
+++ b/raddb/eap.conf
@@ -267,6 +267,25 @@
                        #  Session resumption / fast reauthentication
                        #  cache.
                        #
+                       #  The cache contains the following information:
+                       #
+                       #  session Id - unique identifier, managed by SSL
+                       #  User-Name  - from the Access-Accept
+                       #  Stripped-User-Name - from the Access-Request
+                       #  Cached-Session-Policy - from the Access-Accept
+                       #
+                       #  The "Cached-Session-Policy" is the name of a
+                       #  policy which should be applied to the cached
+                       #  session.  This policy can be used to assign
+                       #  VLANs, IP addresses, etc.  It serves as a useful
+                       #  way to re-apply the policy from the original
+                       #  Access-Accept to the subsequent Access-Accept
+                       #  for the cached session.
+                       #
+                       #  On session resumption, these attributes are
+                       #  copied from the cache, and placed into the
+                       #  reply list.
+                       #
                        cache {
                              #
                              #  Enable it.  The default is "no".

diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal
index 25c5b7d..b0b168e 100644 (file)
--- a/share/dictionary.freeradius.internal
+++ b/share/dictionary.freeradius.internal
@@ -215,6 +215,7 @@ ATTRIBUTE   Send-CoA-Type                           1132    integer
 
 ATTRIBUTE      MS-CHAP-Password                        1133    string
 ATTRIBUTE      Packet-Transmit-Counter                 1134    integer
+ATTRIBUTE      Cached-Session-Policy                   1135    string
 
 #
 #      Range:  1200-1279

diff --git a/src/include/radius.h b/src/include/radius.h
index 4282824..7d784c3 100644 (file)
--- a/src/include/radius.h
+++ b/src/include/radius.h
@@ -230,6 +230,7 @@
 #define PW_SEND_COA_TYPE               1132
 #define PW_MSCHAP_PASSWORD             1133
 #define PW_PACKET_TRANSMIT_COUNTER             1134
+#define PW_CACHED_SESSION_POLICY       1135
 
 /*
  *     Integer Translations

diff --git a/src/modules/rlm_eap/libeap/eap_tls.c b/src/modules/rlm_eap/libeap/eap_tls.c
index 2152352..2c39c66 100644 (file)
--- a/src/modules/rlm_eap/libeap/eap_tls.c
+++ b/src/modules/rlm_eap/libeap/eap_tls.c
@@ -149,10 +149,13 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag)
                RDEBUG2("Saving response in the cache");
                
                vp = paircopy2(request->reply->vps, PW_USER_NAME, 0);
-               pairadd(&vps, vp);
+               if (vp) pairadd(&vps, vp);
                
                vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME, 0);
-               pairadd(&vps, vp);
+               if (vp) pairadd(&vps, vp);
+               
+               vp = paircopy2(request->reply->vps, PW_CACHED_SESSION_POLICY, 0);
+               if (vp) pairadd(&vps, vp);
                
                if (vps) {
                        SSL_SESSION_set_ex_data(tls_session->ssl->session,