allow clients to set dedup_authenticator, too.

We should really either (a) move clients to RADIUS only, or
(b) allow for protocol-specific extensions to clients

diff --git a/src/lib/server/client.c b/src/lib/server/client.c
index e9ca845d44c45cea9a0ce5319a8441f24a9532d3..813792d1d04e1ab5a42a3d70e885c0ed52708143 100644 (file)
--- a/src/lib/server/client.c
+++ b/src/lib/server/client.c
@@ -441,6 +441,8 @@ static const CONF_PARSER client_config[] = {
 
        { FR_CONF_OFFSET("require_message_authenticator", FR_TYPE_BOOL, RADCLIENT, message_authenticator), .dflt = "no" },
 
+       { FR_CONF_OFFSET("dedup_authenticator", FR_TYPE_BOOL, RADCLIENT, dedup_authenticator), .dflt = "no" },
+
        { FR_CONF_OFFSET("secret", FR_TYPE_STRING | FR_TYPE_SECRET, RADCLIENT, secret) },
        { FR_CONF_OFFSET("shortname", FR_TYPE_STRING, RADCLIENT, shortname) },
 

diff --git a/src/lib/server/client.h b/src/lib/server/client.h
index 5dfc5f11178d96035d23cf7e73d0c343f8184e4d..8a625daae01a5e5080523045740e38752744a17a 100644 (file)
--- a/src/lib/server/client.h
+++ b/src/lib/server/client.h
@@ -90,6 +90,7 @@ struct rad_client {
        bool                    dynamic;                //!< Whether the client was dynamically defined.
        bool                    active;                 //!< for dynamic clients
        bool                    use_connected;          //!< do we use connected sockets for this client
+       bool                    dedup_authenticator;    //!< more RADIUS stuff
 
 #ifdef WITH_TLS
        bool                    tls_required;           //!< whether TLS encryption is required.

diff --git a/src/listen/radius/proto_radius_udp.c b/src/listen/radius/proto_radius_udp.c
index 9747455f9a4be750c181677a48a1eb18f316e1ff..bc4cde5727d24bf8a743686801fbaac4f69e6f64 100644 (file)
--- a/src/listen/radius/proto_radius_udp.c
+++ b/src/listen/radius/proto_radius_udp.c
@@ -543,7 +543,7 @@ static void *mod_track_create(void const *instance, void *thread_instance, UNUSE
        return state;
 }
 
-static int mod_track_compare(void const *instance, UNUSED void *thread_instance, UNUSED RADCLIENT *client,
+static int mod_track_compare(void const *instance, UNUSED void *thread_instance, RADCLIENT *client,
                             void const *one, void const *two)
 {
        int ret;
@@ -555,7 +555,7 @@ static int mod_track_compare(void const *instance, UNUSED void *thread_instance,
        /*
         *      Do a better job of deduping input packet.
         */
-       if (inst->dedup_authenticator) {
+       if (inst->dedup_authenticator || client->dedup_authenticator) {
                ret = memcmp(a + 4, b + 4, RADIUS_AUTH_VECTOR_LENGTH);
                if (ret != 0) return ret;
        }