Hello, i've started writing a xml-over-http backend for FreeRadius in the form of a module. This can be used for multiple purposes such as logging or authentification. The main goal is to make this a gateway to other authentification mechanisms, for example to retrieve GSM Triplets for EAP-SIM. The reason why i did this - kind of crazy - thing is to interface to java based user databases. You can do a lot of crazy things already, consider this php script:
<radiusreply return="UPDATED"> <attr> <name>Reply-Message</name> <value>Welcome. Your random number is <? echo rand(); ?>.</value> </attr> </radiusreply> which adds a reply-message attribute to the radius reply. You can find my current code at http://people.debian.org/~erich/rlm_xmlconn_alpha1.tar.gz But beware: this is not stable yet. I havn't re-audited the code yet, so it is likely to have memory leaks and such. In fact the code is a mere proof-of-concept! The XML Interface is not yet "stable", too. (I havn't written DTDs either!) Right now all it does is: - dump all request attributes into a xml tree - parse the return tree for attributes and add them to the reply. That means you can not: - recognize wheter it was an auth/authz/acct/* call (will be added as attribute to the radiusrequest tag) - change the request itself - see the reply packet (other modules might have modified) i havn't investigated the behaviour for already existant attributes, nor implemented functions to strip attributes. Performance is likely to be bad, too - it opens a new http connection for each request, if you need higher performance you should use other protocols. I'd like to implement some "text/plain" based protocol, too - for those who don't like xml - and make a generic rlm_http module, but the http lib i currently use is nanohttp from libxml - so the xml dependency is in anyway. Since i'm new to freeradius programming, i hope for feedback especially by other freeradius module authors. Greetings, Erich Schubert -- erich@(vitavonni.de|debian.org) -- GPG Key ID: 4B3A135C (o_ There are only 10 types of people in the world: //\ Those who understand binary and those who don't V_/_ Mancher findet sein Herz nicht eher, als bis er seinen Kopf verliert. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
