Toggle whether we send protected success messages

src/modules/rlm_eap/types/rlm_eap_aka/eap_aka.h

@@ -81,8 +81,9 @@ typedef struct {
 } eap_aka_session_t;
 
 typedef struct {
-	char const			*virtual_server;	//!< Virtual server for HLR integration.
 	char const			*network_id;		//!< Network ID as described by RFC 5448.
 	bool				request_identity;	//!< Whether we always request the identity of
 								///< the subscriber.
+	char const			*virtual_server;	//!< Virtual server for HLR integration.
+	bool				protected_success;
 } rlm_eap_aka_t;

src/modules/rlm_eap/types/rlm_eap_aka/rlm_eap_aka.c

@@ -51,7 +51,8 @@ static rlm_rcode_t mod_process(UNUSED void *arg, eap_session_t *eap_session);
 
 static CONF_PARSER submodule_config[] = {
 	{ FR_CONF_OFFSET("network_id", FR_TYPE_STRING | FR_TYPE_REQUIRED, rlm_eap_aka_t, network_id ) },
-	{ FR_CONF_OFFSET("request_identity", FR_TYPE_BOOL, rlm_eap_aka_t, request_identity ), .dflt = "yes" },
+	{ FR_CONF_OFFSET("request_identity", FR_TYPE_BOOL, rlm_eap_aka_t, request_identity ), .dflt = "no" },
+	{ FR_CONF_OFFSET("protected_success", FR_TYPE_BOOL, rlm_eap_aka_t, protected_success ), .dflt = "no" },
 	{ FR_CONF_OFFSET("virtual_server", FR_TYPE_STRING, rlm_eap_aka_t, virtual_server) },
 	CONF_PARSER_TERMINATOR
 };
@@ -1018,7 +1019,7 @@ static rlm_rcode_t mod_session_init(void *instance, eap_session_t *eap_session)
 	 *	to be toggled by attributes later.
 	 */
 	eap_aka_session->request_identity = inst->request_identity;
-	eap_aka_session->send_result_ind = true;
+	eap_aka_session->send_result_ind = inst->protected_success;
 	eap_aka_session->id_req = SIM_NO_ID_REQ;	/* Set the default */
 
 	/*

src/modules/rlm_eap/types/rlm_eap_sim/eap_sim.h

@@ -51,10 +51,6 @@ typedef struct {
 	fr_sim_id_req_type_t		id_req;			//!< The type of identity we're requesting
 								///< or previously requested.
 
-
-	bool				request_identity;	//!< Always send an identity request before a
-								///< challenge.
-
 	bool				send_result_ind;	//!< Say that we would like to use protected result
 								///< indications (SIM-Notification-Success).
 
@@ -64,6 +60,5 @@ typedef struct {
 
 typedef struct {
 	char const			*virtual_server;	//!< Virtual server for HLR integration.
-	bool				request_identity;	//!< Whether we always request the identity of
-								///< the subscriber.
+	bool				protected_success;	//!< Send protected success messages.
 } rlm_eap_sim_t;

src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c

@@ -51,6 +51,7 @@ FR_NAME_NUMBER const sim_state_table[] = {
 
 static CONF_PARSER submodule_config[] = {
 	{ FR_CONF_OFFSET("virtual_server", FR_TYPE_STRING, rlm_eap_sim_t, virtual_server) },
+	{ FR_CONF_OFFSET("protected_success", FR_TYPE_BOOL, rlm_eap_sim_t, protected_success ), .dflt = "no" },
 	CONF_PARSER_TERMINATOR
 };
 
@@ -875,7 +876,7 @@ static rlm_rcode_t mod_session_init(UNUSED void *instance, eap_session_t *eap_se
 {
 	REQUEST				*request = eap_session->request;
 	eap_sim_session_t		*eap_sim_session;
-//	rlm_eap_sim_t			*inst = instance;
+	rlm_eap_sim_t			*inst = instance;
 	fr_sim_id_type_t		type;
 	fr_sim_method_hint_t		method;
 
@@ -887,7 +888,7 @@ static rlm_rcode_t mod_session_init(UNUSED void *instance, eap_session_t *eap_se
 	 *	Set default configuration, we may allow these
 	 *	to be toggled by attributes later.
 	 */
-	eap_sim_session->send_result_ind = true;
+	eap_sim_session->send_result_ind = inst->protected_success;
 	eap_sim_session->id_req = SIM_ANY_ID_REQ;	/* Set the default */
 
 	/*