Hello list,
In revision 6377 rad.c from aaa_radius got changed for the better,
but introduced a new bug as well. The block of code in question
returns LM_ERR when the call to rc_auth(3) returns anything but
OK_RC. As you see from radiusclient-ng.h, other values exist:
/* Define return codes from "SendServer" utility */
#define BADRESP_RC -2
#define ERROR_RC -1
#define OK_RC 0
#define TIMEOUT_RC 1
#define REJECT_RC 2
The only return values leading to failure (and thus validating
the LM_ERR choice) are negative. So here's the correction:
Index: modules/aaa_radius/rad.c
diff -Nau modules/aaa_radius/rad.c.orig modules/aaa_radius/rad.c
--- modules/aaa_radius/rad.c.orig 2009-12-10 19:57:33.000000000 +0100
+++ modules/aaa_radius/rad.c 2009-12-22 13:28:05.852461686 +0100
@@ -273,9 +273,14 @@
return -1;
}
}
-
- LM_ERR("rc_auth function failed\n");
- return -1;
+ else if (result == TIMEOUT_RC || result == REJECT_RC) {
+ LM_DBG("rc_auth function succeeded with result %d\n",
result);
+ return -1;
+ }
+ else /* if (result == ERROR_RC || result == BADRESP_RC) */ {
+ LM_ERR("rc_auth function failed with result %d\n",
result);
+ return -1;
+ }
}
if (request->type == AAA_ACCT) {
What it does is correct the false negative condition in which a
properly functioning OpenSIPS 1.6.1 reports radius errors in the
log. Without the correction, every call to aaa_is_user_in() for users
which do not belong to the group in question produces an error in
the OpenSIPS log. Try it:
route { # produces an error
aaa_is_user_in("From", "suspened"); # for all users not
} # in group 'suspended'
I'm assuming that the 'REJECT' returned from a radius server for
such calls is correct, although I'm not a radius expert.
Regards,
Michael
_______________________________________________
Devel mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
