From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 10 Nov 2010 15:59:34 +0000 (+0100)
Subject: The NAS generates the MN-FA key, not the AAA
X-Git-Tag: release_2_1_11~214
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed12c7a857ef868676eb1b66d49835f63c5ced9f;p=thirdparty%2Ffreeradius-server.git

The NAS generates the MN-FA key, not the AAA

Patch from Ben Weichman
---

diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal
index 79be75b1ed1..4133c16dd4d 100644
--- a/share/dictionary.freeradius.internal
+++ b/share/dictionary.freeradius.internal
@@ -341,8 +341,6 @@ ATTRIBUTE	Tmp-IP-Address-9			1829	ipaddr
 #	these attributes.
 #
 ATTRIBUTE	WiMAX-MN-NAI				1900	string
-ATTRIBUTE	WiMAX-FA-IP-Address			1901	ipaddr
-ATTRIBUTE	WiMAX-MN-FA				1902	octets
 
 ATTRIBUTE	TLS-Cert-Serial				1910	string
 ATTRIBUTE	TLS-Cert-Expiration			1911	string
diff --git a/src/modules/rlm_wimax/rlm_wimax.c b/src/modules/rlm_wimax/rlm_wimax.c
index 2318507e5a0..c36169cda61 100644
--- a/src/modules/rlm_wimax/rlm_wimax.c
+++ b/src/modules/rlm_wimax/rlm_wimax.c
@@ -479,30 +479,6 @@ static int wimax_postauth(void *instance, REQUEST *request)
 		}
 	}
 
-	/*
-	 *	Generate MN-FA = H(FA-RK, "MN FA" | FA-IP | MN-NAI)
-	 */
-	ip = pairfind(request->reply->vps, 1901);
-	if (fa_rk && ip && mn_nai) {
-		HMAC_Init_ex(&hmac, fa_rk->vp_octets, fa_rk->length,
-			     EVP_sha1(), NULL);
-		
-		HMAC_Update(&hmac, (const uint8_t *) "MN FA", 5);
-		HMAC_Update(&hmac, (const uint8_t *) &ip->vp_ipaddr, 4);
-		HMAC_Update(&hmac, (const uint8_t *) &mn_nai->vp_strvalue, mn_nai->length);
-
-		HMAC_Final(&hmac, &mip_rk_1[0], &rk1_len);
-
-		vp = radius_paircreate(request, &request->reply->vps,
-				       1902, PW_TYPE_OCTETS);
-		if (!vp) {
-			RDEBUG("WARNING: Failed creating WiMAX-MN-FA");
-		} else {
-			memcpy(vp->vp_octets, &mip_rk_1[0], rk1_len);
-			vp->length = rk1_len;
-		}
-	}
-
 	/*
 	 *	Give additional information about requests && responses
 	 *