When I call a perl module via rlm_perl and don’t undef
%RAD_CHECK and %RAD_REPLY before exiting, rlm_perl duplicates some attributes
contained within the hashes. For instance: At entry to rlm_perl instance: $RAD_CHECK{‘Ldap-Group’} is an ARRAY: (GroupA,
GroupB) After exiting the script, “Added pair Ldap-Group…”
messages appear in debug output. If I call another perl script to dump
the %RAD_CHECK hash, it shows: $RAD_CHECK{‘Ldap-Group’ } is an ARRAY: (GroupA,
GroupB, GroupA, GroupB) If I “undef %RAD_CHECK” before exiting from the
first perl module, the values are not duplicated. I did some analysis of
the sequence of events and I believe this is what’s happening: - rlm_ldap creates the Ldap-Group attributes on the check
list with operator T_OP_CMP_EQ during authorize (Ldap-Group is a checkItem in
my ldap.attrmap) - upon return from the perl script, rlm_perl calls pairmove
to move the attributes from the RAD_CHECK, RAD_REPLY and RAD_PROXY_REPLY hashes
back to the respective pairlist. - pairmove adds attributes to the destination list for
operator T_OP_CMP_EQ (takes default case) which creates duplicates Is this expected behaviour of rlm_perl? If so, can it
be put on the “to do” list for rlm_perl documentation updates (or
is it there already and I missed it)? Also, this seems to imply that it’s
not possible to change or remove, at least, some types of check or reply attributes
from within rlm_perl? Also, the wiki for rlm_perl states that it passes configuration
pairs in %RAD_CONFIG. I don’t believe this is true (the hash is
empty and I checked the source for 1.1.2, 1.1.3 and the latest snapshot and it
doesn’t create that hash). Is this a feature that is “in the
works” or is the wiki incorrect? I can supply debug output, radiusd.conf and scripts if necessary.. Thanks. |
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html