add "secret" flag to attribute

so we can not print it.  Sometimes.  Maybe.

diff --git a/src/include/libradius.h b/src/include/libradius.h
index 48844be4acd24efca40823cdd66102c6b65743bf..c82dc7ed03dfefff20c4b8bbc7b0be0dcee37a83 100644 (file)
--- a/src/include/libradius.h
+++ b/src/include/libradius.h
@@ -197,6 +197,8 @@ typedef struct attr_flags {
 
        unsigned int    is_dup : 1;                             //!< is a duplicate of another attribute
 
+       unsigned int    secret : 1;                             //!< is a secret thingy
+
        uint8_t         encrypt;                                //!< Ecryption method.
        uint8_t         length;
 } ATTR_FLAGS;

diff --git a/src/lib/dict.c b/src/lib/dict.c
index 339b255122b9ab283563087910bae9a1d3002f2a..cc2624afaab5dd422814fc45ea587edd959a0772 100644 (file)
--- a/src/lib/dict.c
+++ b/src/lib/dict.c
@@ -883,6 +883,8 @@ int dict_addattr(char const *name, int attr, unsigned int vendor, PW_TYPE type,
                return -1;
        }
 
+       if (flags.encrypt) flags.secret = 1;
+
        if (flags.length && (type != PW_TYPE_OCTETS)) {
                fr_strerror_printf("The \"length\" flag can only be set for attributes of type \"octets\"");
                return -1;
@@ -1755,6 +1757,10 @@ static int process_attribute(char const* fn, int const line,
                                                           "\"encrypt=3\" flag set", fn, line);
                                        return -1;
                                }
+                               flags.secret = 1;
+
+                       } else if (strncmp(key, "secret", 6) == 0) {
+                               flags.secret = 1;
 
                        } else if (strncmp(key, "array", 6) == 0) {
                                flags.array = 1;