Exec-Program-Wait Responce
Hello!
Today I update my radiusd (01/09/18) to latest snapshot.
It's good feature to use Exec-Program-Wait output as additional AV-pair or as
Reply-Message. AV-pair transmitted ok.
Reply-Message is not.
in doc/README:
--
For backwards compatibility, if the output doesn't look like valid
radius A/V pairs, the output is taken as a message and added to the
reply sent to the NAS as Port-Message.
--
What's on practice:
--
Ready to process requests.
rad_recv: Access-Request packet from host x.x.x.x:1749, id=248, length=162
User-Name = mmike
Password = \0240\242\351\320i\034\027\257\315\035}\233\274\257
NAS-IP-Address = x.x.x.x
NAS-Port = 20109
NAS-Port-Type = Async
Service-Type = Login-User
Calling-Station-Id =
Ascend-Calling-Id-Type-Of-Num = Unknown
Ascend-Calling-Id-Number-Plan = ISDN-Telephony
Ascend-Calling-Id-Presentatn = Allowed
Ascend-Calling-Id-Screening = User-Not-Screened
Acct-Session-Id = 367234457
Ascend-Data-Rate = 33600
Ascend-Xmit-Rate = 31200
Exec-Program: /etc/ppp/radauth
Exec-Program-Wait: value-pairs: Limit exceeded
Exec-Program: returned: 1
Login incorrect (external check failed): [mmike] (from nas local port 20109 cli
)
Sending Access-Reject of id 248 to x.x.x.x:1749
Reply-Message = \r\nAccess denied (external check failed).
--
i.e.
Exec-Program: /etc/ppp/radauth
Exec-Program-Wait: value-pairs: Limit exceeded+
Exec-Program: returned: 1 |
my NAS had to receive this string as Reply-Message +
but it got
Reply-Message = \r\nAccess denied (external check failed).
instead
bug was is near userparse().
old (v0.2) code:
---
...
do {
previous_token = last_token;
if ((vp = pairread(p, last_token)) == NULL) {
return -1;
}
pairadd(first_pair, vp);
...
---
new one:
---
...
do {
previous_token = last_token;
if ((vp = pairread(p, last_token)) == NULL) {
return T_INVALID;
}
pairadd(first_pair, vp);
} while (*p (last_token == T_COMMA));
...
---
Difference is: 'return -1;' and 'return T_INVALID;'
T_INVALID declared as 'T_INVALID = 0,' in src/include/token.h
in radius_exec_program() fragment
vp = NULL;
n = userparse(answer, vp);
if (vp)
pairfree(vp);
if (n 0) {
radlog(L_DBG, Exec-Program-Wait: plaintext: %s, answer);
-
'(n 0)' always FALSE.
I think, LRAD_TOKEN must be expanded with -1 value.
I'll try change 'if (n 0) {' in radius_exec_program()
to 'if (n == T_INVALID)'. AVP-like responses becomes Reply-Message.
:(
I'll try change 'return T_INVALID;' to 'return -1' in 'userparse()' -
it's not working good too (possible type mismatch).
Mike.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Exec-Program-Wait Responce
Brings up a good Question.
Does anybody have a list or know where to locate a list of what Windows
will respond to the customer when recieveing a message other than Access
denied?
It'd sure be nice to send msg back to windows user saying You have
exceeded your time limit. Or Your account is suspended, contact
xxx-xxx-
At 06:38 PM 11/20/2001 +0500, you wrote:
Hello!
Today I update my radiusd (01/09/18) to latest snapshot.
It's good feature to use Exec-Program-Wait output as additional AV-pair or as
Reply-Message. AV-pair transmitted ok.
Reply-Message is not.
in doc/README:
--
For backwards compatibility, if the output doesn't look like valid
radius A/V pairs, the output is taken as a message and added to the
reply sent to the NAS as Port-Message.
--
What's on practice:
--
Ready to process requests.
rad_recv: Access-Request packet from host x.x.x.x:1749, id=248, length=162
User-Name = mmike
Password = \0240\242\351\320i\034\027\257\315\035}\233\274\257
NAS-IP-Address = x.x.x.x
NAS-Port = 20109
NAS-Port-Type = Async
Service-Type = Login-User
Calling-Station-Id =
Ascend-Calling-Id-Type-Of-Num = Unknown
Ascend-Calling-Id-Number-Plan = ISDN-Telephony
Ascend-Calling-Id-Presentatn = Allowed
Ascend-Calling-Id-Screening = User-Not-Screened
Acct-Session-Id = 367234457
Ascend-Data-Rate = 33600
Ascend-Xmit-Rate = 31200
Exec-Program: /etc/ppp/radauth
Exec-Program-Wait: value-pairs: Limit exceeded
Exec-Program: returned: 1
Login incorrect (external check failed): [mmike] (from nas local port
20109 cli
)
Sending Access-Reject of id 248 to x.x.x.x:1749
Reply-Message = \r\nAccess denied (external check failed).
--
i.e.
Exec-Program: /etc/ppp/radauth
Exec-Program-Wait: value-pairs: Limit exceeded+
Exec-Program: returned: 1 |
my NAS had to receive this string as Reply-Message +
but it got
Reply-Message = \r\nAccess denied (external check failed).
instead
bug was is near userparse().
old (v0.2) code:
---
...
do {
previous_token = last_token;
if ((vp = pairread(p, last_token)) == NULL) {
return -1;
}
pairadd(first_pair, vp);
...
---
new one:
---
...
do {
previous_token = last_token;
if ((vp = pairread(p, last_token)) == NULL) {
return T_INVALID;
}
pairadd(first_pair, vp);
} while (*p (last_token == T_COMMA));
...
---
Difference is: 'return -1;' and 'return T_INVALID;'
T_INVALID declared as 'T_INVALID = 0,' in src/include/token.h
in radius_exec_program() fragment
vp = NULL;
n = userparse(answer, vp);
if (vp)
pairfree(vp);
if (n 0) {
radlog(L_DBG, Exec-Program-Wait: plaintext: %s,
answer);
-
'(n 0)' always FALSE.
I think, LRAD_TOKEN must be expanded with -1 value.
I'll try change 'if (n 0) {' in radius_exec_program()
to 'if (n == T_INVALID)'. AVP-like responses becomes Reply-Message.
:(
I'll try change 'return T_INVALID;' to 'return -1' in 'userparse()' -
it's not working good too (possible type mismatch).
Mike.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Nathan Miller - [EMAIL PROTECTED]
VISP Technologies - Building Better ISPs
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Exec-Program-Wait Responce
At 12:55 PM 11/20/2001 -0800, Nathan Miller wrote: Brings up a good Question. Does anybody have a list or know where to locate a list of what Windows will respond to the customer when recieveing a message other than Access denied? Absolutely nothing usefull, unless you dial with a 'Post-Dial Terminal Window'. It'd sure be nice to send msg back to windows user saying You have exceeded your time limit. Or Your account is suspended, contact xxx-xxx- It sure would, but unfortunately, that's not possible to do with windows unless you use some type of custom dialer possibly. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Exec-Program-Wait Responce
Hello again! My question is not about useful features, but about bug in program. again: in doc/README we see: -- For backwards compatibility, if the output doesn't look like valid radius A/V pairs, the output is taken as a message and added to the reply sent to the NAS as Port-Message. -- It does not work :( Sincerely, Mike. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
