Re: Question regarding rlm_perl and Access-Challenge

2008-08-19 Thread Alan DeKok
Harry J Walsh wrote:
 I want to develop some test cases for a radius client I am developing
 and I would like to be able to use rlm_perl to simulate various
 scenarios.  The one I am having major problems with is
 Access-Challenge.  I really like rlm_perl and the flexibility it
 provides and I would like to be able to specify the reply type.  I've
 looked through documentation and the rlm_perl code for any hints on
 how to do this and at this stage I'm thinking I'll have to create a
 new interface to allow my perl script to specify the correct reply
 type to rlm_perl.

  Configure the reply with Response-Packet-Type = Access-Challenge,
and make sure that the authenticate section returns handled.  That
should do it.

  And yes, this isn't documented.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Question regarding rlm_perl and Access-Challenge

2008-08-19 Thread Harry J Walsh
Thanks for the swift reply Dekok.  I tried what you suggested and it
doesn't work.  Looking at dictionary.freeradius.internal and double
checking the values in the pair everything looks okay.I'm going to
play about with this a bit, but in the mean time here's some more
details and I would greatly appreciate it if you would scan over them
to see if there is anything obvious I am missing.


Here's my authenticate sub.

# Function to handle authenticate
sub authenticate {
# For debugging purposes only
log_request_attributes;

if (($RAD_REQUEST{'User-Name'} =~ /^test/) 
($RAD_REQUEST{'User-Password'} =~ /^pass/)) {
$RAD_REPLY{'State'} = challenge;
$RAD_REPLY{'Reply-Message'} = Challenge: ;
$RAD_REPLY{'Response-Packet-Type'} = Access-Challenge;
log_request_attributes;
return RLM_MODULE_HANDLED;
}
else {
# Reject user and tell him why
$RAD_REPLY{'Reply-Message'} = Denied access by
rlm_perl function;
return RLM_MODULE_REJECT;
}
}


And here's the debug output:

perl_pool: item 0x827b1a0 asigned new request. Handled so far: 1
found interpetator at address 0x827b1a0
rlm_perl: RAD_REQUEST: User-Name = test
rlm_perl: RAD_REQUEST: User-Password = pass
rlm_perl: RAD_REQUEST: Service-Type = Login-User
rlm_perl: RAD_REQUEST: NAS-IP-Address = 10.250.0.170
rlm_perl: RAD_REQUEST: NAS-Port = 6
rlm_perl: RAD_REQUEST: User-Name = test
rlm_perl: RAD_REQUEST: User-Password = pass
rlm_perl: RAD_REQUEST: Service-Type = Login-User
rlm_perl: RAD_REQUEST: NAS-IP-Address = 10.250.0.170
rlm_perl: RAD_REQUEST: NAS-Port = 6
rlm_perl: RAD_REPLY: Reply-Message = Challenge:
rlm_perl: RAD_REPLY: Response-Packet-Type = Access-Challenge
rlm_perl: RAD_REPLY: State = challenge
rlm_perl: Added pair User-Name = test
rlm_perl: Added pair User-Password = pass
rlm_perl: Added pair Service-Type = Login-User
rlm_perl: Added pair NAS-IP-Address = 10.250.0.170
rlm_perl: Added pair NAS-Port = 6
rlm_perl: Added pair Reply-Message = Challenge:
rlm_perl: Added pair Response-Packet-Type = Access-Challenge
rlm_perl: Added pair State = challenge
rlm_perl: Added pair Auth-Type = Perl
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x827b1a0
++[perl] returns handled
There was no response configured: rejecting request 0
==

The last line here is confusing me.  Looking at the code that spits
out this error, it seems to only happen when there is no
Response-Packet-Type in a request_post_handler.

switch (request-packet-code) {
case PW_AUTHENTICATION_REQUEST:
gettimeofday(request-next_when, NULL);

if (request-reply-code == 0) {
/*
 *  Check if the lack of response is intentional.
 */
vp = pairfind(request-config_items,
  PW_RESPONSE_PACKET_TYPE);
if (!vp) {
DEBUG2(There was no response configured: rejecting request %d,
   request-number);
request-reply-code = PW_AUTHENTICATION_REJECT;
} else if (vp-vp_integer == 256) {
DEBUG2(Not responding to request %d,
   request-number);

} else {
request-reply-code = vp-vp_integer;

}
}









On Tue, Aug 19, 2008 at 1:09 PM, Alan DeKok [EMAIL PROTECTED] wrote:
 Harry J Walsh wrote:
 I want to develop some test cases for a radius client I am developing
 and I would like to be able to use rlm_perl to simulate various
 scenarios.  The one I am having major problems with is
 Access-Challenge.  I really like rlm_perl and the flexibility it
 provides and I would like to be able to specify the reply type.  I've
 looked through documentation and the rlm_perl code for any hints on
 how to do this and at this stage I'm thinking I'll have to create a
 new interface to allow my perl script to specify the correct reply
 type to rlm_perl.

  Configure the reply with Response-Packet-Type = Access-Challenge,
 and make sure that the authenticate section returns handled.  That
 should do it.

  And yes, this isn't documented.

  Alan DeKok.
 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




-- 
Harry J Walsh
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Question regarding rlm_perl and Access-Challenge

2008-08-19 Thread Alan DeKok
Harry J Walsh wrote:
 Thanks for the swift reply Dekok.  I tried what you suggested and it
 doesn't work. 

  Sorry... looking at the code again, the Response-Packet-Type should go
into the control/check items.
...

 $RAD_REPLY{'Response-Packet-Type'} = Access-Challenge;

  Change that to RAD_CHECK
...
 The last line here is confusing me.  Looking at the code that spits
 out this error, it seems to only happen when there is no
 Response-Packet-Type in a request_post_handler.
 
 switch (request-packet-code) {
 case PW_AUTHENTICATION_REQUEST:
 gettimeofday(request-next_when, NULL);
 
 if (request-reply-code == 0) {
 /*
  *  Check if the lack of response is intentional.
  */
 vp = pairfind(request-config_items,

  config_items is the control/check list.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Question regarding rlm_perl and Access-Challenge

2008-08-19 Thread Harry J Walsh
Yes, that worked a charm.  Thanks for the help Alan!

--
Harry

On Tue, Aug 19, 2008 at 6:03 PM, Alan DeKok [EMAIL PROTECTED] wrote:
 Harry J Walsh wrote:
 Thanks for the swift reply Dekok.  I tried what you suggested and it
 doesn't work.

  Sorry... looking at the code again, the Response-Packet-Type should go
 into the control/check items.
 ...

 $RAD_REPLY{'Response-Packet-Type'} = Access-Challenge;

  Change that to RAD_CHECK
 ...
 The last line here is confusing me.  Looking at the code that spits
 out this error, it seems to only happen when there is no
 Response-Packet-Type in a request_post_handler.

 switch (request-packet-code) {
 case PW_AUTHENTICATION_REQUEST:
 gettimeofday(request-next_when, NULL);

 if (request-reply-code == 0) {
 /*
  *  Check if the lack of response is intentional.
  */
 vp = pairfind(request-config_items,

  config_items is the control/check list.

  Alan DeKok.
 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




-- 
Harry J Walsh
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html