Multiple realm syntaxes and NULL realm...

Mon, 01 Mar 2004 12:42:28 -0800 

This issue has come up a couple times before in the
list archives, but it does not appear to have been
answered or fixed (only worked around):

        If a NULL realm is specified in proxy.conf,
        you may only have one rlm_realm instance in
        your config -- the first rlm_realm instance
        will proxy the request in all cases (to a
        realm or to NULL), causing any subsequent
        instances to ignore the request.

This appears to be the case in both 0.9.3 and in CVS. 

The following patch to the latest CVS version fixes
the behavior: if a request comes in with 

        Realm = "NULL"

it is treated as a non-proxied request.  Additionally,
pairreplace() is used to insert Realm information
to prevent multiple Realm attributes.

--- src/modules/rlm_realm/rlm_realm.c.orig      Thu Feb 26 19:04:34 2004
+++ src/modules/rlm_realm/rlm_realm.c   Mon Mar  1 20:21:22 2004
@@ -93,9 +93,12 @@
        /*
         *      Check for 'Realm' attribute.  If it exists, then we've proxied
         *      it already ( via another rlm_realm instance ) and should return.
+        *      If we've proxied it to the "NULL" realm, this means none of
+        *      the previous rlm_realm instances have found a realm.
         */
 
-       if ( (vp = pairfind(request->packet->vps, PW_REALM)) != NULL ) {
+       if ( (vp = pairfind(request->packet->vps, PW_REALM)) != NULL &&
+            strcmp(vp->strvalue, "NULL") ) {
                DEBUG2("    rlm_realm: Request already proxied.  Ignoring.");
                return NULL;
        }
@@ -195,7 +198,7 @@
        /*
         *      Add the realm name to the request.
         */
-       pairadd(&request->packet->vps, pairmake("Realm", realm->realm,
+       pairreplace(&request->packet->vps, pairmake("Realm", realm->realm,
                                                T_OP_EQ));
        DEBUG2("    rlm_realm: Adding Realm = \"%s\"", realm->realm);
 
@@ -282,7 +285,7 @@
        /*
         *  Add it, even if it's already present.
         */
-       pairadd(vps, vp);
+       pairreplace(vps, vp);
 }
 
 /*

-- 
Chris Mikkelson  | Vampireware; n, a project capable of sucking the 
[EMAIL PROTECTED]  | lifeblood out of anyone unfortunate enough to be
                 | assigned to it which never actually sees the light
                 | of day, but nonetheless refuses to die. ([EMAIL PROTECTED])

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to