Re: rlm_perl and RLM_MODULE_REJECT
Jean-Michel Caricand wrote: ... > I use freeradius-1.1.3 (Debian Etch package). I applied this patch to > radiusd.c to solve > my problem. That works. My question : my patch seems good or not ? It looks fine. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and RLM_MODULE_REJECT
Le vendredi 25 janvier 2008 17:01, Alan DeKok a écrit :
> Jean-Michel Caricand wrote:
> > Well. I made a lot of tests without success. I'm not yet able to REJECT a
> > request in a post_proxy function, but that works fine in a authorize
> > function.
> >
> > Does someone have ideas ?
>
> In 2.0, it looks like this isn't dealt with in src/main/event.c around
> line 1075. It's probably useful to add...
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
Hi,
I use freeradius-1.1.3 (Debian Etch package). I applied this patch to radiusd.c
to solve
my problem. That works. My question : my patch seems good or not ?
*** freeradius-1.1.3/src/main/radiusd.c Tue May 16 18:26:07 2006
--- /root/FREERADIUS/freeradius-1.1.3/src/main/radiusd.cSat Jan 26
11:04:06 2008
***
*** 1585,1590
--- 1585,1595
int rcode;
rcode = proxy_receive(request);
switch (rcode) {
+ case RLM_MODULE_REJECT:
+ DEBUG2("Request %d rejected in proxy_receive.",
request->number);
+ request_reject(request);
+ goto finished_request;
+ break;
default: /* Don't Do Anything */
break;
case RLM_MODULE_FAIL:
Cheers.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and RLM_MODULE_REJECT
Jean-Michel Caricand wrote: > Well. I made a lot of tests without success. I'm not yet able to REJECT a > request in a post_proxy function, but that works fine in a authorize > function. > > Does someone have ideas ? In 2.0, it looks like this isn't dealt with in src/main/event.c around line 1075. It's probably useful to add... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and RLM_MODULE_REJECT
Le vendredi 25 janvier 2008 12:55, Boian Jordanov a écrit : > Try with RLM_MODULE_FAIL in post_proxy > > > Best Regards, > Boian Jordanov > SNE > Orbitel - Next Generation Telecom > tel. +359 2 4004 723 > tel. +359 2 4004 002 > > On Jan 25, 2008, at 12:35 PM, Jean-Michel Caricand wrote: > >> doesn't make sense to use RLM_MODULE_REJECT in post_proxy. May be you > >> need pre_proxy ? > >> > >> From radius.conf file > >> > >> # > >> # When the server decides to proxy a request to a home server, > >> # the proxied request is first passed through the pre-proxy > >> # stage. This stage can re-write the request, or decide to > >> # cancel the proxy. > >> # > >> # Only a few modules currently have this method. > >> # > >> > >> > >> Best Regards, > >> Boian Jordanov > >> SNE > >> Orbitel - Next Generation Telecom > >> tel. +359 2 4004 723 > >> tel. +359 2 4004 002 > >> > >> On Jan 25, 2008, at 11:52 AM, Jean-Michel Caricand wrote: > >>> I have a question on rlm_perl and RLM_MODULE_REJECT. If in a > >>> function > >>> (post_proxy) I return RLM_MODULE_REJECT I can see this in log : > >> > >> - > >> List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > > > > But I must check some attributes defined by my home server. I can't > > check > > them in pre_proxy because they are not set. No ? > > > > I want to reject the access if by example the Framed-IP-Address is > > not in > > a valid range. > > > > Thank. > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ > > users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html Well. I made a lot of tests without success. I'm not yet able to REJECT a request in a post_proxy function, but that works fine in a authorize function. Does someone have ideas ? -- Jean-Michel Caricand Tél: 03.81.66.20.63 E-mail: [EMAIL PROTECTED] Equipe systèmes Laboratoire d'Informatique de l'Université de Franche-Comté 16, route de Gray - 25030 BESANÇON CEDEX - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and RLM_MODULE_REJECT
Le vendredi 25 janvier 2008 12:55, Boian Jordanov a écrit : > Try with RLM_MODULE_FAIL in post_proxy > > > Best Regards, > Boian Jordanov > SNE > Orbitel - Next Generation Telecom > tel. +359 2 4004 723 > tel. +359 2 4004 002 > > On Jan 25, 2008, at 12:35 PM, Jean-Michel Caricand wrote: > >> doesn't make sense to use RLM_MODULE_REJECT in post_proxy. May be you > >> need pre_proxy ? > >> > >> From radius.conf file > >> > >> # > >> # When the server decides to proxy a request to a home server, > >> # the proxied request is first passed through the pre-proxy > >> # stage. This stage can re-write the request, or decide to > >> # cancel the proxy. > >> # > >> # Only a few modules currently have this method. > >> # > >> > >> > >> Best Regards, > >> Boian Jordanov > >> SNE > >> Orbitel - Next Generation Telecom > >> tel. +359 2 4004 723 > >> tel. +359 2 4004 002 > >> > >> On Jan 25, 2008, at 11:52 AM, Jean-Michel Caricand wrote: > >>> I have a question on rlm_perl and RLM_MODULE_REJECT. If in a > >>> function > >>> (post_proxy) I return RLM_MODULE_REJECT I can see this in log : > >> > >> - > >> List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > > > > But I must check some attributes defined by my home server. I can't > > check > > them in pre_proxy because they are not set. No ? > > > > I want to reject the access if by example the Framed-IP-Address is > > not in > > a valid range. > > > > Thank. > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ > > users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html With RLM_MODULE_FAIL, I get theses messages : modcall[post-proxy]: module "perl1" returns fail for request 0 modcall: leaving group post-proxy (returns fail) for request 0 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 127.0.0.1:42610, id=123, length=71 Discarding duplicate request from client localhost:42610 - ID: 123 due to unfinished request 0 --- Walking the entire request list --- Waking up in 28 seconds... rad_recv: Access-Request packet from host 127.0.0.1:42610, id=123, length=71 Discarding duplicate request from client localhost:42610 - ID: 123 due to unfinished request 0 --- Walking the entire request list --- Waking up in 25 seconds... -- Jean-Michel Caricand Tél: 03.81.66.20.63 E-mail: [EMAIL PROTECTED] Equipe systèmes Laboratoire d'Informatique de l'Université de Franche-Comté 16, route de Gray - 25030 BESANÇON CEDEX - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and RLM_MODULE_REJECT
Try with RLM_MODULE_FAIL in post_proxy Best Regards, Boian Jordanov SNE Orbitel - Next Generation Telecom tel. +359 2 4004 723 tel. +359 2 4004 002 On Jan 25, 2008, at 12:35 PM, Jean-Michel Caricand wrote: doesn't make sense to use RLM_MODULE_REJECT in post_proxy. May be you need pre_proxy ? From radius.conf file # # When the server decides to proxy a request to a home server, # the proxied request is first passed through the pre-proxy # stage. This stage can re-write the request, or decide to # cancel the proxy. # # Only a few modules currently have this method. # Best Regards, Boian Jordanov SNE Orbitel - Next Generation Telecom tel. +359 2 4004 723 tel. +359 2 4004 002 On Jan 25, 2008, at 11:52 AM, Jean-Michel Caricand wrote: I have a question on rlm_perl and RLM_MODULE_REJECT. If in a function (post_proxy) I return RLM_MODULE_REJECT I can see this in log : - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html But I must check some attributes defined by my home server. I can't check them in pre_proxy because they are not set. No ? I want to reject the access if by example the Framed-IP-Address is not in a valid range. Thank. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and RLM_MODULE_REJECT
> doesn't make sense to use RLM_MODULE_REJECT in post_proxy. May be you > need pre_proxy ? > > From radius.conf file > > # > # When the server decides to proxy a request to a home server, > # the proxied request is first passed through the pre-proxy > # stage. This stage can re-write the request, or decide to > # cancel the proxy. > # > # Only a few modules currently have this method. > # > > > Best Regards, > Boian Jordanov > SNE > Orbitel - Next Generation Telecom > tel. +359 2 4004 723 > tel. +359 2 4004 002 > > > > > On Jan 25, 2008, at 11:52 AM, Jean-Michel Caricand wrote: > >> I have a question on rlm_perl and RLM_MODULE_REJECT. If in a function >> (post_proxy) I return RLM_MODULE_REJECT I can see this in log : > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > But I must check some attributes defined by my home server. I can't check them in pre_proxy because they are not set. No ? I want to reject the access if by example the Framed-IP-Address is not in a valid range. Thank. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and RLM_MODULE_REJECT
doesn't make sense to use RLM_MODULE_REJECT in post_proxy. May be you need pre_proxy ? From radius.conf file # # When the server decides to proxy a request to a home server, # the proxied request is first passed through the pre-proxy # stage. This stage can re-write the request, or decide to # cancel the proxy. # # Only a few modules currently have this method. # Best Regards, Boian Jordanov SNE Orbitel - Next Generation Telecom tel. +359 2 4004 723 tel. +359 2 4004 002 On Jan 25, 2008, at 11:52 AM, Jean-Michel Caricand wrote: I have a question on rlm_perl and RLM_MODULE_REJECT. If in a function (post_proxy) I return RLM_MODULE_REJECT I can see this in log : - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
