Re: how to access authorization database from a different RLM than rlm_sql

[Dave Mason]

Wow - that sounds great.  I'd like to avoid having a second client connection to the database.  You were right - after my new RLM module successfully authenticates a user, it needs to drop some things in the sql database for a subsequent RADIUS Access-Request.  That request will be a normal username/password request, auth-type Local.  As you might guess I have a few more questions... 1. The xlat stuff is all new to me, so an example here would really help.  I looked around in the doc directory and didnt see much.  It sounds like my new RLM module will have some pre-configured strings for the database access, something like "insertRadcheck = %{sql: INSERT into radcheck (UserName, Attribute, op, Value) values (%s1, %s2, %s3, %s4)".  Then it would take this and pass it to radius_xlat as the format string, along with the value strings?  (I'm not sure how that works.)  Then I save the output of radius_xlat in the REQUEST?  How does the RADIUS_ESCAPE_STRING function work? 2. Where do I save my data in the REQUEST?  Unless there's a place for stuff like this, I can add another char* to the structure and keep it there.  Then my post-auth would free the memory after it's done. 3. Once the rlm_sql post-auth function pulls the new stuff out of the REQUEST, it will need to do the insert or update.  I took a look at sql_xlat and it appears to only support SELECTs.  Also, the sql_* prototypes in rlm_sql.h dont have any insert or update methods.  If I need to implement insert and update, is there something I can use as a guide?  rlm_sql_query and rlm_sql_select_query look simple enough, but I assume there's a lot going on under the hood.  If I write such a routine and call it later, I guess the sqlsocket is maintained somewhere, but I need to build the SQL_INST? Thanks for your help with this, Dave Alan DeKok wrote: Dave Mason <[EMAIL PROTECTED]> wrote: > This may seem a bit unusual, but I find myself in a situation where I > need to update the SQL authorization database from a different RLM > module than rlm_sql. That is, in my new RLM I'll want to update the > radcheck and usergroup tables with data that will be used by a > subsequent authorization attempt through rlm_sql. Is that subsequent, as in "another RADIUS request"? If so, you can set up a post-auth section for SQL, and your module can drop information into the REQUEST which the post-auth section can pick up, and use to update the database. > I see that the instantiate block of rlm_sql creates a > client socket to the database. Ideally I would like to use this socket > from my new RLM - is that possible? Not really. > If my RLM needs its own socket, I assume I can duplicate the > rlm_sql_instantiate logic in my RLM's instantiate function? Or, maybe > this is overkill and I should just use the APIs in mysql.h - what do you > think? You can do SQL xlat's: %{sql:.....} The dynamically translated string can be almost anything, and maybe even inserts. If so, you can have those dynamic strings as configuration entries for your module. Your module will then call radius_xlat(), which will take care of calling all the SQL goop. Your module can then pretty much throw the resulting translated string away, if the module doesn't care about the results. > Finally, if I can't reuse the rlm_sql socket, I'll need to > clean up the one I created, which should not be a problem - I'll just > add the close in my rlm_detach. Nah. Use the dynamic string translation. It takes care of all of that for you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html