Exec-Program-Wait Responce
Hello! Today I update my radiusd (01/09/18) to latest snapshot. It's good feature to use Exec-Program-Wait output as additional AV-pair or as Reply-Message. AV-pair transmitted ok. Reply-Message is not. in doc/README: -- For backwards compatibility, if the output doesn't look like valid radius A/V pairs, the output is taken as a message and added to the reply sent to the NAS as Port-Message. -- What's on practice: -- Ready to process requests. rad_recv: Access-Request packet from host x.x.x.x:1749, id=248, length=162 User-Name = mmike Password = \0240\242\351\320i\034\027\257\315\035}\233\274\257 NAS-IP-Address = x.x.x.x NAS-Port = 20109 NAS-Port-Type = Async Service-Type = Login-User Calling-Station-Id = Ascend-Calling-Id-Type-Of-Num = Unknown Ascend-Calling-Id-Number-Plan = ISDN-Telephony Ascend-Calling-Id-Presentatn = Allowed Ascend-Calling-Id-Screening = User-Not-Screened Acct-Session-Id = 367234457 Ascend-Data-Rate = 33600 Ascend-Xmit-Rate = 31200 Exec-Program: /etc/ppp/radauth Exec-Program-Wait: value-pairs: Limit exceeded Exec-Program: returned: 1 Login incorrect (external check failed): [mmike] (from nas local port 20109 cli ) Sending Access-Reject of id 248 to x.x.x.x:1749 Reply-Message = \r\nAccess denied (external check failed). -- i.e. Exec-Program: /etc/ppp/radauth Exec-Program-Wait: value-pairs: Limit exceeded+ Exec-Program: returned: 1 | my NAS had to receive this string as Reply-Message + but it got Reply-Message = \r\nAccess denied (external check failed). instead bug was is near userparse(). old (v0.2) code: --- ... do { previous_token = last_token; if ((vp = pairread(p, last_token)) == NULL) { return -1; } pairadd(first_pair, vp); ... --- new one: --- ... do { previous_token = last_token; if ((vp = pairread(p, last_token)) == NULL) { return T_INVALID; } pairadd(first_pair, vp); } while (*p (last_token == T_COMMA)); ... --- Difference is: 'return -1;' and 'return T_INVALID;' T_INVALID declared as 'T_INVALID = 0,' in src/include/token.h in radius_exec_program() fragment vp = NULL; n = userparse(answer, vp); if (vp) pairfree(vp); if (n 0) { radlog(L_DBG, Exec-Program-Wait: plaintext: %s, answer); - '(n 0)' always FALSE. I think, LRAD_TOKEN must be expanded with -1 value. I'll try change 'if (n 0) {' in radius_exec_program() to 'if (n == T_INVALID)'. AVP-like responses becomes Reply-Message. :( I'll try change 'return T_INVALID;' to 'return -1' in 'userparse()' - it's not working good too (possible type mismatch). Mike. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Exec-Program-Wait Responce
Brings up a good Question. Does anybody have a list or know where to locate a list of what Windows will respond to the customer when recieveing a message other than Access denied? It'd sure be nice to send msg back to windows user saying You have exceeded your time limit. Or Your account is suspended, contact xxx-xxx- At 06:38 PM 11/20/2001 +0500, you wrote: Hello! Today I update my radiusd (01/09/18) to latest snapshot. It's good feature to use Exec-Program-Wait output as additional AV-pair or as Reply-Message. AV-pair transmitted ok. Reply-Message is not. in doc/README: -- For backwards compatibility, if the output doesn't look like valid radius A/V pairs, the output is taken as a message and added to the reply sent to the NAS as Port-Message. -- What's on practice: -- Ready to process requests. rad_recv: Access-Request packet from host x.x.x.x:1749, id=248, length=162 User-Name = mmike Password = \0240\242\351\320i\034\027\257\315\035}\233\274\257 NAS-IP-Address = x.x.x.x NAS-Port = 20109 NAS-Port-Type = Async Service-Type = Login-User Calling-Station-Id = Ascend-Calling-Id-Type-Of-Num = Unknown Ascend-Calling-Id-Number-Plan = ISDN-Telephony Ascend-Calling-Id-Presentatn = Allowed Ascend-Calling-Id-Screening = User-Not-Screened Acct-Session-Id = 367234457 Ascend-Data-Rate = 33600 Ascend-Xmit-Rate = 31200 Exec-Program: /etc/ppp/radauth Exec-Program-Wait: value-pairs: Limit exceeded Exec-Program: returned: 1 Login incorrect (external check failed): [mmike] (from nas local port 20109 cli ) Sending Access-Reject of id 248 to x.x.x.x:1749 Reply-Message = \r\nAccess denied (external check failed). -- i.e. Exec-Program: /etc/ppp/radauth Exec-Program-Wait: value-pairs: Limit exceeded+ Exec-Program: returned: 1 | my NAS had to receive this string as Reply-Message + but it got Reply-Message = \r\nAccess denied (external check failed). instead bug was is near userparse(). old (v0.2) code: --- ... do { previous_token = last_token; if ((vp = pairread(p, last_token)) == NULL) { return -1; } pairadd(first_pair, vp); ... --- new one: --- ... do { previous_token = last_token; if ((vp = pairread(p, last_token)) == NULL) { return T_INVALID; } pairadd(first_pair, vp); } while (*p (last_token == T_COMMA)); ... --- Difference is: 'return -1;' and 'return T_INVALID;' T_INVALID declared as 'T_INVALID = 0,' in src/include/token.h in radius_exec_program() fragment vp = NULL; n = userparse(answer, vp); if (vp) pairfree(vp); if (n 0) { radlog(L_DBG, Exec-Program-Wait: plaintext: %s, answer); - '(n 0)' always FALSE. I think, LRAD_TOKEN must be expanded with -1 value. I'll try change 'if (n 0) {' in radius_exec_program() to 'if (n == T_INVALID)'. AVP-like responses becomes Reply-Message. :( I'll try change 'return T_INVALID;' to 'return -1' in 'userparse()' - it's not working good too (possible type mismatch). Mike. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Nathan Miller - [EMAIL PROTECTED] VISP Technologies - Building Better ISPs - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Exec-Program-Wait Responce
At 12:55 PM 11/20/2001 -0800, Nathan Miller wrote: Brings up a good Question. Does anybody have a list or know where to locate a list of what Windows will respond to the customer when recieveing a message other than Access denied? Absolutely nothing usefull, unless you dial with a 'Post-Dial Terminal Window'. It'd sure be nice to send msg back to windows user saying You have exceeded your time limit. Or Your account is suspended, contact xxx-xxx- It sure would, but unfortunately, that's not possible to do with windows unless you use some type of custom dialer possibly. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Exec-Program-Wait Responce
Hello again! My question is not about useful features, but about bug in program. again: in doc/README we see: -- For backwards compatibility, if the output doesn't look like valid radius A/V pairs, the output is taken as a message and added to the reply sent to the NAS as Port-Message. -- It does not work :( Sincerely, Mike. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html