From 4bd6aba3a60e9340516544d3025ff42699573a25 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Wed, 10 Nov 2010 16:59:34 +0100
Subject: [PATCH] The NAS generates the MN-FA key, not the AAA

Patch from Ben Weichman
---
 share/dictionary.freeradius.internal |  2 --
 src/modules/rlm_wimax/rlm_wimax.c    | 24 ------------------------
 2 files changed, 26 deletions(-)

diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal
index 79be75b..4133c16 100644
--- a/share/dictionary.freeradius.internal
+++ b/share/dictionary.freeradius.internal
@@ -341,8 +341,6 @@ ATTRIBUTE	Tmp-IP-Address-9			1829	ipaddr
 #	these attributes.
 #
 ATTRIBUTE	WiMAX-MN-NAI				1900	string
-ATTRIBUTE	WiMAX-FA-IP-Address			1901	ipaddr
-ATTRIBUTE	WiMAX-MN-FA				1902	octets
 
 ATTRIBUTE	TLS-Cert-Serial				1910	string
 ATTRIBUTE	TLS-Cert-Expiration			1911	string
diff --git a/src/modules/rlm_wimax/rlm_wimax.c b/src/modules/rlm_wimax/rlm_wimax.c
index 8265802..6e7e1b9 100644
--- a/src/modules/rlm_wimax/rlm_wimax.c
+++ b/src/modules/rlm_wimax/rlm_wimax.c
@@ -478,30 +478,6 @@ static int wimax_postauth(void *instance, REQUEST *request)
 	}
 
 	/*
-	 *	Generate MN-FA = H(FA-RK, "MN FA" | FA-IP | MN-NAI)
-	 */
-	ip = pairfind(request->reply->vps, 1901, 0);
-	if (fa_rk && ip && mn_nai) {
-		HMAC_Init_ex(&hmac, fa_rk->vp_octets, fa_rk->length,
-			     EVP_sha1(), NULL);
-		
-		HMAC_Update(&hmac, (const uint8_t *) "MN FA", 5);
-		HMAC_Update(&hmac, (const uint8_t *) &ip->vp_ipaddr, 4);
-		HMAC_Update(&hmac, (const uint8_t *) &mn_nai->vp_strvalue, mn_nai->length);
-
-		HMAC_Final(&hmac, &mip_rk_1[0], &rk1_len);
-
-		vp = radius_paircreate(request, &request->reply->vps,
-				       1902, 0, PW_TYPE_OCTETS);
-		if (!vp) {
-			RDEBUG("WARNING: Failed creating WiMAX-MN-FA");
-		} else {
-			memcpy(vp->vp_octets, &mip_rk_1[0], rk1_len);
-			vp->length = rk1_len;
-		}
-	}
-
-	/*
 	 *	Give additional information about requests && responses
 	 *
 	 *	WiMAX-RRQ-MN-HA-SPI
-- 
2.1.4