add secret flag to dictionaries and value-boxes

parse the "secret" flag in dictionaries.  RADIUS sets the "secret"
flag for encrypted attributes

diff --git a/src/lib/util/dict.h b/src/lib/util/dict.h
index 075895a8bbe657410a44c89c0288a05d3ca1107e..11071bb7344cd3cd06b465260259074b734ae01b 100644 (file)
--- a/src/lib/util/dict.h
+++ b/src/lib/util/dict.h
@@ -97,6 +97,8 @@ typedef struct {
 
        unsigned int            name_only : 1;                  //!< this attribute should always be referred to by name, not by number
 
+       unsigned int            secret : 1;                     //!< this attribute should be omitted in debug mode
+
        /*
         *      @todo - if we want to clean these fields up, make
         *      "subtype" and "type_size" both 4-bit bitfields.  That

diff --git a/src/lib/util/dict_tokenize.c b/src/lib/util/dict_tokenize.c
index fddcac55ce63c9dac71a365c6964a9bd76fc9e4a..00f1e07476141fcd6c8534379069bb8428b932f0 100644 (file)
--- a/src/lib/util/dict_tokenize.c
+++ b/src/lib/util/dict_tokenize.c
@@ -384,6 +384,9 @@ static int dict_process_flag_field(dict_tokenize_ctx_t *ctx, char *name, fr_type
                } else if (strcmp(key, "virtual") == 0) {
                        flags->virtual = 1;
 
+               } else if (strcmp(key, "secret") == 0) {
+                       flags->secret = 1;
+
                } else if (strcmp(key, "offset") == 0) {
                        int offset;
 

diff --git a/src/lib/util/value.c b/src/lib/util/value.c
index 12f683b26ee9a7b4f77d4dd73dca934eb7506452..ba53c00c214ab445a0540ca712b64351ffa9dc51 100644 (file)
--- a/src/lib/util/value.c
+++ b/src/lib/util/value.c
@@ -601,6 +601,7 @@ static inline void fr_value_box_copy_meta(fr_value_box_t *dst, fr_value_box_t co
        dst->enumv = src->enumv;
        dst->type = src->type;
        dst->tainted = src->tainted;
+       dst->secret = src->secret;
        dst->safe = src->safe;
        fr_value_box_list_entry_init(dst);
 }

diff --git a/src/lib/util/value.h b/src/lib/util/value.h
index df9e7aa5378cf7db80273d6d855b40b804026111..39cf43df315b5996628b798e51d5fb5851612d24 100644 (file)
--- a/src/lib/util/value.h
+++ b/src/lib/util/value.h
@@ -154,7 +154,8 @@ struct value_box_s {
        /** Type and flags should appear together for packing efficiency
         */
        fr_type_t               _CONST          type;                   //!< Type of this value-box, at the start, see pair.h
-       bool                                    tainted;                //!< i.e. did it come from an untrusted source
+       unsigned int                            tainted : 1;            //!< i.e. did it come from an untrusted source
+       unsigned int                            secret : 1;             //!< Same as #fr_dict_attr_flags_t secret
        uint16_t                _CONST          safe;                   //!< more detailed safety
 
        fr_value_box_entry_t                    entry;                  //!< Doubly linked list entry.

diff --git a/src/protocols/radius/base.c b/src/protocols/radius/base.c
index 1392a99781ab10b02311e7749895080d61ee4e23..a3067ac9a77e0253e70deb21f16cd1ad7a21bf8d 100644 (file)
--- a/src/protocols/radius/base.c
+++ b/src/protocols/radius/base.c
@@ -1103,6 +1103,13 @@ static bool attr_valid(UNUSED fr_dict_t *dict, fr_dict_attr_t const *parent,
                return false;
        }
 
+       /*
+        *      Secret things are secret.
+        */
+       if (flags->subtype > FLAG_TAGGED_TUNNEL_PASSWORD) {
+               flags->secret = true;
+       }
+
        if (flag_concat(flags)) {
                if (!parent->flags.is_root) {
                        fr_strerror_const("Attributes with the 'concat' flag MUST be at the root of the dictionary");