Hello!
Today I update my radiusd (01/09/18) to latest snapshot.
It's good feature to use Exec-Program-Wait output as additional AV-pair or as
Reply-Message. AV-pair transmitted ok.
Reply-Message is not.
in doc/README:
------------------------------
For backwards compatibility, if the output doesn't look like valid
radius A/V pairs, the output is taken as a message and added to the
reply sent to the NAS as Port-Message.
------------------------------
What's on practice:
------------------------------
Ready to process requests.
rad_recv: Access-Request packet from host x.x.x.x:1749, id=248, length=162
User-Name = "mmike"
Password = "\0240\242\351>\320i\034\027\257\315\035}\233\274\257"
NAS-IP-Address = x.x.x.x
NAS-Port = 20109
NAS-Port-Type = Async
Service-Type = Login-User
Calling-Station-Id = "00000000"
Ascend-Calling-Id-Type-Of-Num = Unknown
Ascend-Calling-Id-Number-Plan = ISDN-Telephony
Ascend-Calling-Id-Presentatn = Allowed
Ascend-Calling-Id-Screening = User-Not-Screened
Acct-Session-Id = "367234457"
Ascend-Data-Rate = 33600
Ascend-Xmit-Rate = 31200
Exec-Program: /etc/ppp/radauth
Exec-Program-Wait: value-pairs: Limit exceeded
Exec-Program: returned: 1
Login incorrect (external check failed): [mmike] (from nas local port 20109 cli
00000000)
Sending Access-Reject of id 248 to x.x.x.x:1749
Reply-Message = "\r\nAccess denied (external check failed)."
------------------------------
i.e.
Exec-Program: /etc/ppp/radauth
Exec-Program-Wait: value-pairs: Limit exceeded <--------+
Exec-Program: returned: 1 |
my NAS had to receive this string as Reply-Message ----+
but it got
Reply-Message = "\r\nAccess denied (external check failed)."
instead
bug was is near userparse().
old (v0.2) code:
-----------------------
...
do {
previous_token = last_token;
if ((vp = pairread(&p, &last_token)) == NULL) {
return -1;
}
pairadd(first_pair, vp);
...
-----------------------
new one:
-----------------------
...
do {
previous_token = last_token;
if ((vp = pairread(&p, &last_token)) == NULL) {
return T_INVALID;
}
pairadd(first_pair, vp);
} while (*p && (last_token == T_COMMA));
...
-----------------------
Difference is: 'return -1;' and 'return T_INVALID;'
T_INVALID declared as 'T_INVALID = 0,' in src/include/token.h
in radius_exec_program() fragment
----------------------------------------------------
vp = NULL;
n = userparse(answer, &vp);
if (vp)
pairfree(&vp);
if (n < 0) {
radlog(L_DBG, "Exec-Program-Wait: plaintext: %s", answer);
-----------------------------------------------------
'(n < 0)' always FALSE.
I think, LRAD_TOKEN must be expanded with "-1" value.
I'll try change 'if (n < 0) {' in radius_exec_program()
to 'if (n == T_INVALID)'. "AVP"-like responses becomes "Reply-Message".
:(
I'll try change 'return T_INVALID;' to 'return -1' in 'userparse()' -
it's not working good too (possible type mismatch).
Mike.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
