From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 8 Sep 2021 18:52:31 +0000 (-0400)
Subject: allow clients to set dedup_authenticator, too.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=291e43f1a69ffbea0420e47ab50f2955b0253634;p=thirdparty%2Ffreeradius-server.git

allow clients to set dedup_authenticator, too.

We should really either (a) move clients to RADIUS only, or
(b) allow for protocol-specific extensions to clients
---

diff --git a/src/lib/server/client.c b/src/lib/server/client.c
index e9ca845d44c..813792d1d04 100644
--- a/src/lib/server/client.c
+++ b/src/lib/server/client.c
@@ -441,6 +441,8 @@ static const CONF_PARSER client_config[] = {
 
 	{ FR_CONF_OFFSET("require_message_authenticator", FR_TYPE_BOOL, RADCLIENT, message_authenticator), .dflt = "no" },
 
+	{ FR_CONF_OFFSET("dedup_authenticator", FR_TYPE_BOOL, RADCLIENT, dedup_authenticator), .dflt = "no" },
+
 	{ FR_CONF_OFFSET("secret", FR_TYPE_STRING | FR_TYPE_SECRET, RADCLIENT, secret) },
 	{ FR_CONF_OFFSET("shortname", FR_TYPE_STRING, RADCLIENT, shortname) },
 
diff --git a/src/lib/server/client.h b/src/lib/server/client.h
index 5dfc5f11178..8a625daae01 100644
--- a/src/lib/server/client.h
+++ b/src/lib/server/client.h
@@ -90,6 +90,7 @@ struct rad_client {
 	bool			dynamic;		//!< Whether the client was dynamically defined.
 	bool			active;			//!< for dynamic clients
 	bool			use_connected;		//!< do we use connected sockets for this client
+	bool			dedup_authenticator;	//!< more RADIUS stuff
 
 #ifdef WITH_TLS
 	bool			tls_required;		//!< whether TLS encryption is required.
diff --git a/src/listen/radius/proto_radius_udp.c b/src/listen/radius/proto_radius_udp.c
index 9747455f9a4..bc4cde5727d 100644
--- a/src/listen/radius/proto_radius_udp.c
+++ b/src/listen/radius/proto_radius_udp.c
@@ -543,7 +543,7 @@ static void *mod_track_create(void const *instance, void *thread_instance, UNUSE
 	return state;
 }
 
-static int mod_track_compare(void const *instance, UNUSED void *thread_instance, UNUSED RADCLIENT *client,
+static int mod_track_compare(void const *instance, UNUSED void *thread_instance, RADCLIENT *client,
 			     void const *one, void const *two)
 {
 	int ret;
@@ -555,7 +555,7 @@ static int mod_track_compare(void const *instance, UNUSED void *thread_instance,
 	/*
 	 *	Do a better job of deduping input packet.
 	 */
-	if (inst->dedup_authenticator) {
+	if (inst->dedup_authenticator || client->dedup_authenticator) {
 		ret = memcmp(a + 4, b + 4, RADIUS_AUTH_VECTOR_LENGTH);
 		if (ret != 0) return ret;
 	}