From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 22 Mar 2021 19:39:33 +0000 (-0400)
Subject: add "secret" flag to attribute
X-Git-Tag: release_3_0_22~147
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7728fc683d9f6fb114ac7b321c55d268bddef199;p=thirdparty%2Ffreeradius-server.git

add "secret" flag to attribute

so we can not print it.  Sometimes.  Maybe.
---

diff --git a/src/include/libradius.h b/src/include/libradius.h
index 48844be4ac..c82dc7ed03 100644
--- a/src/include/libradius.h
+++ b/src/include/libradius.h
@@ -197,6 +197,8 @@ typedef struct attr_flags {
 
 	unsigned int	is_dup : 1;				//!< is a duplicate of another attribute
 
+	unsigned int	secret : 1;				//!< is a secret thingy
+
 	uint8_t		encrypt;      				//!< Ecryption method.
 	uint8_t		length;
 } ATTR_FLAGS;
diff --git a/src/lib/dict.c b/src/lib/dict.c
index 339b255122..cc2624afaa 100644
--- a/src/lib/dict.c
+++ b/src/lib/dict.c
@@ -883,6 +883,8 @@ int dict_addattr(char const *name, int attr, unsigned int vendor, PW_TYPE type,
 		return -1;
 	}
 
+	if (flags.encrypt) flags.secret = 1;
+
 	if (flags.length && (type != PW_TYPE_OCTETS)) {
 		fr_strerror_printf("The \"length\" flag can only be set for attributes of type \"octets\"");
 		return -1;
@@ -1755,6 +1757,10 @@ static int process_attribute(char const* fn, int const line,
 							   "\"encrypt=3\" flag set", fn, line);
 					return -1;
 				}
+				flags.secret = 1;
+
+			} else if (strncmp(key, "secret", 6) == 0) {
+				flags.secret = 1;
 
 			} else if (strncmp(key, "array", 6) == 0) {
 				flags.array = 1;