From b4efc73c10001830d8e2e7df43bc566727746ae4 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Mon, 9 Aug 2010 15:10:48 +0200
Subject: [PATCH] Add Cached-Session-Policy attribute.

This can be placed into the cache in the first EAP session, and
grabbed from the cache on subsequet packets.
---
 raddb/eap.conf                       | 19 +++++++++++++++++++
 share/dictionary.freeradius.internal |  1 +
 src/include/radius.h                 |  1 +
 src/modules/rlm_eap/libeap/eap_tls.c |  7 +++++--
 4 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/raddb/eap.conf b/raddb/eap.conf
index 75098b1..0de4884 100644
--- a/raddb/eap.conf
+++ b/raddb/eap.conf
@@ -267,6 +267,25 @@
 			#  Session resumption / fast reauthentication
 			#  cache.
 			#
+			#  The cache contains the following information:
+			#
+			#  session Id - unique identifier, managed by SSL
+			#  User-Name  - from the Access-Accept
+			#  Stripped-User-Name - from the Access-Request
+			#  Cached-Session-Policy - from the Access-Accept
+			#
+			#  The "Cached-Session-Policy" is the name of a
+			#  policy which should be applied to the cached
+			#  session.  This policy can be used to assign
+			#  VLANs, IP addresses, etc.  It serves as a useful
+			#  way to re-apply the policy from the original
+			#  Access-Accept to the subsequent Access-Accept
+			#  for the cached session.
+			#
+			#  On session resumption, these attributes are
+			#  copied from the cache, and placed into the
+			#  reply list.
+			#
 			cache {
 			      #
 			      #  Enable it.  The default is "no".
diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal
index 25c5b7d..b0b168e 100644
--- a/share/dictionary.freeradius.internal
+++ b/share/dictionary.freeradius.internal
@@ -215,6 +215,7 @@ ATTRIBUTE	Send-CoA-Type				1132	integer
 
 ATTRIBUTE	MS-CHAP-Password			1133	string
 ATTRIBUTE	Packet-Transmit-Counter			1134	integer
+ATTRIBUTE	Cached-Session-Policy			1135	string
 
 #
 #	Range:	1200-1279
diff --git a/src/include/radius.h b/src/include/radius.h
index 4282824..7d784c3 100644
--- a/src/include/radius.h
+++ b/src/include/radius.h
@@ -230,6 +230,7 @@
 #define PW_SEND_COA_TYPE   		1132
 #define PW_MSCHAP_PASSWORD		1133
 #define PW_PACKET_TRANSMIT_COUNTER     	1134
+#define PW_CACHED_SESSION_POLICY     	1135
 
 /*
  *	Integer Translations
diff --git a/src/modules/rlm_eap/libeap/eap_tls.c b/src/modules/rlm_eap/libeap/eap_tls.c
index 2152352..2c39c66 100644
--- a/src/modules/rlm_eap/libeap/eap_tls.c
+++ b/src/modules/rlm_eap/libeap/eap_tls.c
@@ -149,10 +149,13 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag)
 		RDEBUG2("Saving response in the cache");
 		
 		vp = paircopy2(request->reply->vps, PW_USER_NAME, 0);
-		pairadd(&vps, vp);
+		if (vp) pairadd(&vps, vp);
 		
 		vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME, 0);
-		pairadd(&vps, vp);
+		if (vp) pairadd(&vps, vp);
+		
+		vp = paircopy2(request->reply->vps, PW_CACHED_SESSION_POLICY, 0);
+		if (vp) pairadd(&vps, vp);
 		
 		if (vps) {
 			SSL_SESSION_set_ex_data(tls_session->ssl->session,
-- 
2.1.4