Look for Message-Authenticator in the correct list

This check is for Message-Authenticator in the reply from a home server
- so look in the list the response has been decoded into.

diff --git a/src/modules/rlm_radius/bio.c b/src/modules/rlm_radius/bio.c
index aa4a6355d777b894ef242000c24bbc207c0a41c9..119c665f100f12a7533b26aa0fd0a26ff0d560de 100644 (file)
--- a/src/modules/rlm_radius/bio.c
+++ b/src/modules/rlm_radius/bio.c
@@ -1235,8 +1235,8 @@ static fr_radius_decode_fail_t decode(TALLOC_CTX *ctx, fr_pair_list_t *reply, ui
        if ((u->code == FR_RADIUS_CODE_ACCESS_REQUEST) &&
            (inst->require_message_authenticator == FR_RADIUS_REQUIRE_MA_AUTO) &&
            !*(inst->received_message_authenticator) &&
-           fr_pair_find_by_da(&request->request_pairs, NULL, attr_message_authenticator) &&
-           !fr_pair_find_by_da(&request->request_pairs, NULL, attr_eap_message)) {
+           fr_pair_find_by_da(reply, NULL, attr_message_authenticator) &&
+           !fr_pair_find_by_da(reply, NULL, attr_eap_message)) {
                RINFO("Packet contained a valid Message-Authenticator.  Setting \"require_message_authenticator = yes\"");
                *(inst->received_message_authenticator) = true;
        }