no need to update the output ptr

diff --git a/src/protocols/tacacs/decode.c b/src/protocols/tacacs/decode.c
index 38727116d360817ace5a67262ddb16517067ff60..75d263f94bdddb1f4b37355b3d9f00d134bc2834 100644 (file)
--- a/src/protocols/tacacs/decode.c
+++ b/src/protocols/tacacs/decode.c
@@ -71,10 +71,10 @@
  *     Decode a TACACS+ 'arg_N' fields.
  */
 static int tacacs_decode_args(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent,
-                             uint8_t arg_cnt, uint8_t const *arg_list, uint8_t const **data, uint8_t const *end)
+                             uint8_t arg_cnt, uint8_t const *arg_list, uint8_t const *data, uint8_t const *end)
 {
        uint8_t i;
-       uint8_t const *p = *data;
+       uint8_t const *p = data;
        fr_pair_t *vp;
 
        /*
@@ -99,7 +99,7 @@ static int tacacs_decode_args(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr
 
                p += arg_list[i];
        }
-       p = *data;
+       p = data;
 
        /*
         *      Then, do the dirty job of creating attributes.
@@ -200,7 +200,6 @@ static int tacacs_decode_args(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr
 
        next:
                p += arg_list[i];
-               *data  = p;
        }
 
        return 0;
@@ -598,7 +597,7 @@ ssize_t fr_tacacs_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *bu
                         *      Decode 'arg_N' arguments (horrible format)
                         */
                        if (tacacs_decode_args(ctx, out, attr_tacacs_argument_list,
-                                              pkt->author_req.arg_cnt, BODY(author_req), &p, end) < 0) goto fail;
+                                              pkt->author_req.arg_cnt, BODY(author_req), p, end) < 0) goto fail;
 
                } else if (packet_is_author_response(pkt)) {
                        /*
@@ -649,7 +648,7 @@ ssize_t fr_tacacs_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *bu
                         *      Decode 'arg_N' arguments (horrible format)
                         */
                        if (tacacs_decode_args(ctx, out, attr_tacacs_argument_list,
-                                       pkt->author_res.arg_cnt, BODY(author_res), &p, end) < 0) goto fail;
+                                       pkt->author_res.arg_cnt, BODY(author_res), p, end) < 0) goto fail;
 
                } else {
                        goto unknown_packet;
@@ -712,7 +711,7 @@ ssize_t fr_tacacs_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *bu
                         *      Decode 'arg_N' arguments (horrible format)
                         */
                        if (tacacs_decode_args(ctx, out, attr_tacacs_argument_list,
-                                       pkt->acct_req.arg_cnt, BODY(acct_req), &p, end) < 0) goto fail;
+                                       pkt->acct_req.arg_cnt, BODY(acct_req), p, end) < 0) goto fail;
 
                } else if (packet_is_acct_reply(pkt)) {
                        /**

diff --git a/src/protocols/tacacs/encode.c b/src/protocols/tacacs/encode.c
index 13406eaf8e7f24db699811b3ed00e802f5d3c91c..6c735fcb559048472377fa7803fc0b107d3872d6 100644 (file)
--- a/src/protocols/tacacs/encode.c
+++ b/src/protocols/tacacs/encode.c
@@ -732,6 +732,11 @@ ssize_t fr_tacacs_encode(fr_dbuff_t *dbuff, uint8_t const *original_packet, char
                packet->hdr.flags = packet->hdr.flags & ~FR_TAC_PLUS_UNENCRYPTED_FLAG;
        }
 
+       /*
+        *      Packets which have no secret cannot be encrypted.
+        */
+       if (!secret) packet->hdr.flags = packet->hdr.flags & ~FR_TAC_PLUS_UNENCRYPTED_FLAG;
+
        /*
         *      3.6. Encryption
         *