From: Nick Porter <nick@portercomputing.co.uk>
Date: Thu, 31 Jul 2025 17:25:37 +0000 (+0100)
Subject: Add RADIUS Id and Authenticator to request pair list
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=22614775e22a20572e4d45f97665b584b38601ef;p=thirdparty%2Ffreeradius-server.git

Add RADIUS Id and Authenticator to request pair list
---

diff --git a/share/dictionary/radius/dictionary.freeradius.internal b/share/dictionary/radius/dictionary.freeradius.internal
index 2b23686f38..a22e6542ff 100644
--- a/share/dictionary/radius/dictionary.freeradius.internal
+++ b/share/dictionary/radius/dictionary.freeradius.internal
@@ -71,6 +71,10 @@ VALUE	Packet-Type			Do-Not-Respond		256
 
 ATTRIBUTE	Packet-Authentication-Vector		1002	octets
 
+ATTRIBUTE	Packet					1003	tlv
+ATTRIBUTE	Id					.1	uint8
+ATTRIBUTE	Authenticator				.2	octets
+
 #
 #  v4 has tags as groups.
 #
diff --git a/src/listen/radius/proto_radius.c b/src/listen/radius/proto_radius.c
index 5ffb280cd8..19cf71dcd0 100644
--- a/src/listen/radius/proto_radius.c
+++ b/src/listen/radius/proto_radius.c
@@ -120,6 +120,8 @@ static fr_dict_attr_t const *attr_state;
 static fr_dict_attr_t const *attr_proxy_state;
 static fr_dict_attr_t const *attr_message_authenticator;
 static fr_dict_attr_t const *attr_eap_message;
+static fr_dict_attr_t const *attr_packet_id;
+static fr_dict_attr_t const *attr_packet_authenticator;
 
 extern fr_dict_attr_autoload_t proto_radius_dict_attr[];
 fr_dict_attr_autoload_t proto_radius_dict_attr[] = {
@@ -129,6 +131,8 @@ fr_dict_attr_autoload_t proto_radius_dict_attr[] = {
 	{ .out = &attr_proxy_state, .name = "Proxy-State", .type = FR_TYPE_OCTETS, .dict = &dict_radius},
 	{ .out = &attr_message_authenticator, .name = "Message-Authenticator", .type = FR_TYPE_OCTETS, .dict = &dict_radius},
 	{ .out = &attr_eap_message, .name = "EAP-Message", .type = FR_TYPE_OCTETS, .dict = &dict_radius},
+	{ .out = &attr_packet_id, .name = "Packet.Id", .type = FR_TYPE_UINT8, .dict = &dict_radius},
+	{ .out = &attr_packet_authenticator, .name = "Packet.Authenticator", .type = FR_TYPE_OCTETS, .dict = &dict_radius},
 	{ NULL }
 };
 
@@ -203,6 +207,7 @@ static int mod_decode(void const *instance, request_t *request, uint8_t *const d
 	fr_radius_limit_proxy_state_t	limit_proxy_state = client->limit_proxy_state_is_set ?
 							    client->limit_proxy_state:
 							    inst->limit_proxy_state;
+	fr_pair_t			*packet_vp;
 
 	fr_assert(data[0] < FR_RADIUS_CODE_MAX);
 
@@ -415,6 +420,18 @@ static int mod_decode(void const *instance, request_t *request, uint8_t *const d
 		return -1;
 	}
 
+	/*
+	 *	Populate Packet structure with Id and Authenticator
+	 */
+	MEM(packet_vp = fr_pair_afrom_da_nested(request->request_ctx, &request->request_pairs, attr_packet_id));
+	packet_vp->vp_uint8 = request->packet->id;
+	MEM(packet_vp = fr_pair_afrom_da_nested(request->request_ctx, &request->request_pairs, attr_packet_authenticator));
+	if (fr_value_box_memdup(packet_vp, &packet_vp->data, NULL, request->packet->data + 4,
+				RADIUS_AUTH_VECTOR_LENGTH, true) < 0) {
+		RPEDEBUG("Failed adding Authenticator pair");
+		return -1;
+	}
+
 	return 0;
 }