Hello,
In src/modules/rlm_sql/rlm_sql.c around line 575 there is a
block of code which looks like:
if (paircmp(request, request->packet->vps, check_tmp, &reply_tmp) != 0) {
radlog(L_INFO, "rlm_sql (%s): Pairs do not match for user [%s]",
inst->config->xlat_name, sqlusername);
/* Remove the username we (maybe) added above */
pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
sql_release_socket(inst, sqlsocket);
pairfree(&reply_tmp);
pairfree(&check_tmp);
return RLM_MODULE_NOTFOUND;
}
This seems to be comparing the pairs from the:
authorize_group_check_query and authorize_group_reply_query
results when used with the rlm_sql module. My question is why
should the reply and check pairs be the same? The code has no
comments explaining this (I'll write some up and submit a patch if
someone explains it to me). I uncommented the extra debugging above
this section, and what I see is:
rlm_sql: check items
Crypt-Password = "$1$xxxxxxx$xxxxxxxxxxxxxxxxx"
Simultaneous-Use = 1
rlm_sql: reply items
rlm_sql (sql): Pairs do not match for user [wizardit]
rlm_sql (sql): Released sql socket id: 9
modcall[authorize]: module "sql" returns notfound
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No password configured for the user
Section 4 of the doc/Simultaneous-Use says:
Note that you need to add the Simultaneous-Use parameter to the
check item (first line), not the reply item, using the ':=' operator.
So it seems to me that there the check_items should never match the
reply items (of which I have none) when using Simultaneous-Use. Is
this correct? If so the code in rlm_sql.c is wrong, otherwise what
am I missing?
With the block of code above commented out in rlm_sql.c
authentication works properly (as it did in previous versions), and
I haven't noticed any other problems. Is there a problem with leaving
this out?
Thanks,
Josh
--
Josh Wilsdon <[EMAIL PROTECTED]> Programmer Analyst
Wizard IT Services - http://www.wizard.ca
Linux Support Specialist - http://linuxmagic.com
Unix Administration, Website Hosting, Network Services, Programming
(604) 589-0037 Beautiful British Columbia, Canada
LinuxMagic is a TradeMark of Wizard Tower TechnoServices Ltd.
--------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to which
they are addressed. If you have received this email in error please
notify the system manager. Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of the company.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
