/*
- * FIXME: Do we want to match *any* VSA if
- * 'attr == PW_VENDOR_SPECIFIC' ???
+ * If the attribute to move is NOT a VSA, then it
+ * ignores any attributes which do not match exactly.
*/
- if (i->attribute != attr) {
+ if ((attr != PW_VENDOR_SPECIFIC) &&
+ (i->attribute != attr)) {
+ iprev = i;
+ continue;
+ }
+
+ /*
+ * If the attribute to move IS a VSA, then it ignores
+ * any non-VSA attribute.
+ */
+ if ((attr == PW_VENDOR_SPECIFIC) &&
+ (VENDOR(i->attribute) == 0)) {
iprev = i;
continue;
}
static void rfc_clean(RADIUS_PACKET *packet)
{
VALUE_PAIR *vps = NULL;
-
+
switch (packet->code) {
+ /*
+ * In the default case, we just move all of the
+ * attributes over.
+ */
default:
+ vps = packet->vps;
+ packet->vps = NULL;
break;
/*
- * FIXME: Accounting responses can only contain
- * Proxy-State and VSA's.
+ * Accounting responses can only contain
+ * Proxy-State and VSA's. Note that we do NOT
+ * move the Proxy-State attributes over, as the
+ * Proxy-State attributes in this packet are NOT
+ * the right ones to use. The reply function
+ * takes care of copying those attributes from
+ * the original request, which ARE the right ones
+ * to use.
*/
case PW_ACCOUNTING_RESPONSE:
+ pairmove2(&vps, &(packet->vps), PW_VENDOR_SPECIFIC);
break;
/*
pairmove2(&vps, &(packet->vps), PW_EAP_MESSAGE);
pairmove2(&vps, &(packet->vps), PW_MESSAGE_AUTHENTICATOR);
pairmove2(&vps, &(packet->vps), PW_REPLY_MESSAGE);
- pairfree(&packet->vps);
- packet->vps = vps;
+ pairmove2(&vps, &(packet->vps), PW_VENDOR_SPECIFIC);
break;
}
/*
+ * Move the newly cleaned attributes over.
+ */
+ pairfree(&packet->vps);
+ packet->vps = vps;
+
+ /*
* FIXME: Perform other, more generic sanity checks.
*/
}