From 174baa36c1a69675ffa1ca40c16eb04ae052c1f9 Mon Sep 17 00:00:00 2001
From: Simon Rozman <simon@rozman.si>
Date: Tue, 23 Nov 2021 14:11:57 +0100
Subject: [PATCH] Rebuild credentials if EapPeerBeginSession() did not provide
 them

Signed-off-by: Simon Rozman <simon@rozman.si>
---
 lib/EAPBase/src/Module.cpp | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/lib/EAPBase/src/Module.cpp b/lib/EAPBase/src/Module.cpp
index b69f730..a265df8 100644
--- a/lib/EAPBase/src/Module.cpp
+++ b/lib/EAPBase/src/Module.cpp
@@ -505,8 +505,18 @@ EAP_SESSION_HANDLE eap::peer::begin_session(
     // Unpack configuration.
     unpack(s->m_cfg, pConnectionData, dwConnectionDataSize);
 
-    // Unpack credentials.
-    unpack(s->m_cred, pUserData, dwUserDataSize);
+    if (dwUserDataSize) {
+        // Unpack credentials.
+        unpack(s->m_cred, pUserData, dwUserDataSize);
+    } else {
+        // Regenerate user credentials.
+        user_impersonator impersonating(hTokenImpersonateUser);
+        auto cfg_method = combine_credentials(dwFlags, s->m_cfg, pUserData, dwUserDataSize, s->m_cred);
+        if (!cfg_method) {
+            // Credentials missing or incomplete.
+            throw invalid_argument(__FUNCTION__ " Credentials are not available.");
+        }
+    }
 
     // Look-up the provider.
     config_method *cfg_method;