On Mon, Jul 28, 2003 at 02:02:22PM -0400, Alan DeKok wrote:
> > Dear developers, how about customizable messages? Something like
> > this in radiusd.conf:
> >
> > messages {
> > multiple_login = "You are already logged in %{Simultaneous-Use} times\r\n"
> > timespan_violation = "You are calling outside allowed timespan\r\n"
> > ...
> >}
>
> Sure.
By the way, %{Simultaneuos-Use} will not work, since there's no way to
expand check items from the request...
> > I probably could work on that, but I need some guidelines:
> > 1. Should it be a set of static variables, or searchable list like
> > dictionary?
>
> I'm not sure what you mean by that.
How about, say, new integer attribute like FreeRADIUS-Reply-Code,
which will be automatically replaced with a corresponding Reply-Message
just before reply? However, in this case we still need some mapping
from FreeRADIUS-Reply-Code to Reply-Message, other than dictionary.
I dislike this idea more and more...
> > 2. Should it be per-module configuration, or global?
>
> Many messages are global. They should be in a global config.
Well, I'll try global messages first.
I always felt myself uncomfortable with silent auth-failures, so it's
reasonable to have auth_failure message, IMHO. However, some people
might want to leave it silent, so maybe it should be empty by default.
But there's an issue with sending empty strings in FreeRADIUS currently.
RFC 2865 says:
string 1-253 octets containing binary data (values 0 through
255 decimal, inclusive). Strings of length zero (0)
MUST NOT be sent; omit the entire attribute instead.
And FreeRADIUS sends attributes no matter of their length.
A small patch solves this (works for me, please, test it):
Index: src/lib/radius.c
===================================================================
RCS file: /source/radiusd/src/lib/radius.c,v
retrieving revision 1.101
diff -u -p -r1.101 radius.c
--- src/lib/radius.c 23 Jul 2003 19:44:35 -0000 1.101
+++ src/lib/radius.c 28 Jul 2003 22:37:34 -0000
@@ -226,6 +226,14 @@ int rad_send(RADIUS_PACKET *packet, cons
}
/*
+ * Don't send empty attributes, omit 'em
+ */
+ if (((reply->type == PW_TYPE_ABINARY) ||
+ (reply->type == PW_TYPE_STRING) ||
+ (reply->type == PW_TYPE_OCTETS)) &&
+ reply->length == 0)
+ continue;
+ /*
* Print out ONLY the attributes which
* we're sending over the wire, and print
* them out BEFORE they're encrypted.
One more question. Which operator should I use to add Reply-Message?
":=" or "=" or "+="?
--
Fduch M. Pravking
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
