Hi Juha,
I was not aware of that, as I never used freeradius lib for openser so
far. If they accept your submision, it will be great.
Thanks for update,
Bogdan
Juha Heinanen wrote:
Bogdan-Andrei Iancu writes:
> have you checked the same of freeradius client library? You now have the
> option to compile against it. The problem is there are no packages for
> it for debian - you need to compile it :(...
freeradius-client is no better, i.e., one cannot tell if authetication
failed due to reject of if some error occurred:
if ((recv_auth->code == PW_ACCESS_ACCEPT) ||
(recv_auth->code == PW_PASSWORD_ACK) ||
(recv_auth->code == PW_ACCOUNTING_RESPONSE))
{
result = OK_RC;
}
else
{
result = BADRESP_RC;
}
i filed an enhancement report to freeradius-client developers, where i
suggested that a new result code REJECT_RC is defined and returned when
recv_auth->code == PW_ACCESS_REJECT or PW_PASSWORD_REJECT.
-- juha
>
> regards,
> bogdan
>
> Juha Heinanen wrote:
> > i checked return codes in radiusclient-ng and at least in the version i
> > had access (RELENG_0_5_1), it does a very bad job:
> >
> > * Function: rc_check_reply
> > *
> > * Purpose: verify items in returned packet.
> > *
> > * Returns: OK_RC -- upon success,
> > * BADRESP_RC -- if anything looks funny.
> >
> > i.e., radiusclient-ng returns BADRESP_RC both when authentication failed
> > normally and when, for example, radius server response was somehow bogus.
> >
> > as result, opener has no chance to know if some error occurred or if
> > username/password simply didn't match.
> >
> > i think this needs to be fixed. is someone still maintaining
> > radiusclient-ng or perhaps it is already fixed in a newer version?
> >
> > -- juha
> >
> > _______________________________________________
> > Devel mailing list
> > Devel@openser.org
> > http://openser.org/cgi-bin/mailman/listinfo/devel
> >
> >
>
_______________________________________________
Devel mailing list
Devel@openser.org
http://openser.org/cgi-bin/mailman/listinfo/devel
