On Tue, Feb 15, 2005 at 04:22:48PM +0100, Nicolas Baradakis wrote:
> Alan DeKok wrote:
>
> > Please do not put pre-proxy code into the "authorize" section of a
> > module. We will fix the server.
>
> The following patch will make the server run the modules in one of
> the {Pre,Post}-Proxy-Type stanzas.
>
Hi!
Thanks for the patch!
This patch is required for freeradius 1.02 to run modules in
post-proxy {
Post-Proxy-Type foo {
some_module
}
}
Without this patch the above does NOT work. Please apply this patch to next
freeradius release!
> Index: src/include/modules.h
> ===================================================================
> RCS file: /source/radiusd/src/include/modules.h,v
> retrieving revision 1.22
> diff -u -r1.22 modules.h
> --- src/include/modules.h 4 Jul 2003 19:11:07 -0000 1.22
> +++ src/include/modules.h 15 Feb 2005 14:52:24 -0000
> @@ -58,8 +58,8 @@
> int module_preacct(REQUEST *request);
> int module_accounting(int type, REQUEST *request);
> int module_checksimul(int type, REQUEST *request, int maxsimul);
> -int module_pre_proxy(REQUEST *request);
> -int module_post_proxy(REQUEST *request);
> +int module_pre_proxy(int type, REQUEST *request);
> +int module_post_proxy(int type, REQUEST *request);
> int module_post_auth(int type, REQUEST *request);
>
> #endif /* RADIUS_MODULES_H */
> Index: src/main/modules.c
> ===================================================================
> RCS file: /source/radiusd/src/main/modules.c,v
> retrieving revision 1.87
> diff -u -r1.87 modules.c
> --- src/main/modules.c 15 Oct 2004 20:32:14 -0000 1.87
> +++ src/main/modules.c 15 Feb 2005 14:52:25 -0000
> @@ -498,6 +498,10 @@
> dval = dict_valbyname(PW_ACCT_TYPE, cf_section_name2(cs));
> } else if (comp == RLM_COMPONENT_SESS) {
> dval = dict_valbyname(PW_SESSION_TYPE, cf_section_name2(cs));
> + } else if (comp == RLM_COMPONENT_PRE_PROXY) {
> + dval = dict_valbyname(PW_PRE_PROXY_TYPE, cf_section_name2(cs));
> + } else if (comp == RLM_COMPONENT_POST_PROXY) {
> + dval = dict_valbyname(PW_POST_PROXY_TYPE, cf_section_name2(cs));
> } else if (comp == RLM_COMPONENT_POST_AUTH) {
> dval = dict_valbyname(PW_POST_AUTH_TYPE, cf_section_name2(cs));
> }
> @@ -939,17 +943,17 @@
> /*
> * Do pre-proxying for ALL configured sessions
> */
> -int module_pre_proxy(REQUEST *request)
> +int module_pre_proxy(int type, REQUEST *request)
> {
> - return indexed_modcall(RLM_COMPONENT_PRE_PROXY, 0, request);
> + return indexed_modcall(RLM_COMPONENT_PRE_PROXY, type, request);
> }
>
> /*
> * Do post-proxying for ALL configured sessions
> */
> -int module_post_proxy(REQUEST *request)
> +int module_post_proxy(int type, REQUEST *request)
> {
> - return indexed_modcall(RLM_COMPONENT_POST_PROXY, 0, request);
> + return indexed_modcall(RLM_COMPONENT_POST_PROXY, type, request);
> }
>
> /*
> Index: src/main/proxy.c
> ===================================================================
> RCS file: /source/radiusd/src/main/proxy.c,v
> retrieving revision 1.77
> diff -u -r1.77 proxy.c
> --- src/main/proxy.c 28 May 2004 21:45:07 -0000 1.77
> +++ src/main/proxy.c 15 Feb 2005 14:52:25 -0000
> @@ -53,6 +53,8 @@
> int proxy_receive(REQUEST *request)
> {
> int rcode;
> + int post_proxy_type = 0;
> + VALUE_PAIR *vp;
>
> /*
> * Delete any reply we had accumulated until now.
> @@ -63,7 +65,12 @@
> * Run the packet through the post-proxy stage,
> * BEFORE playing games with the attributes.
> */
> - rcode = module_post_proxy(request);
> + vp = pairfind(request->config_items, PW_POST_PROXY_TYPE);
> + if (vp) {
> + DEBUG2(" Found Post-Proxy-Type %s", vp->strvalue);
> + post_proxy_type = vp->lvalue;
> + }
> + rcode = module_post_proxy(post_proxy_type, request);
>
> /*
> * Delete the Proxy-State Attributes from the reply.
> @@ -208,6 +215,7 @@
> int proxy_send(REQUEST *request)
> {
> int rcode;
> + int pre_proxy_type = 0;
> VALUE_PAIR *realmpair;
> VALUE_PAIR *strippedname;
> VALUE_PAIR *delaypair;
> @@ -432,7 +440,12 @@
> /*
> * Do pre-proxying
> */
> - rcode = module_pre_proxy(request);
> + vp = pairfind(request->config_items, PW_PRE_PROXY_TYPE);
> + if (vp) {
> + DEBUG2(" Found Pre-Proxy-Type %s", vp->strvalue);
> + pre_proxy_type = vp->lvalue;
> + }
> + rcode = module_pre_proxy(pre_proxy_type, request);
>
> /*
> * Do NOT free request->proxy->vps, the pairs are needed
> Index: src/modules/rlm_eap/types/rlm_eap_peap/peap.c
> ===================================================================
> RCS file: /source/radiusd/src/modules/rlm_eap/types/rlm_eap_peap/peap.c,v
> retrieving revision 1.13
> diff -u -r1.13 peap.c
> --- src/modules/rlm_eap/types/rlm_eap_peap/peap.c 21 Nov 2004 14:32:14
> -0000 1.13
> +++ src/modules/rlm_eap/types/rlm_eap_peap/peap.c 15 Feb 2005 14:52:25
> -0000
> @@ -419,7 +419,7 @@
> fake->options &= ~RAD_REQUEST_OPTION_PROXY_EAP;
> DEBUG2(" PEAP: Passing reply back for EAP-MS-CHAP-V2 %p %d",
> fake, fake->reply->code);
> - rcode = module_post_proxy(fake);
> + rcode = module_post_proxy(0, fake);
>
> /*
> * FIXME: If rcode returns fail, do something
>
> --
> Nicolas Baradakis
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
^
. .
Linux
/ - \
Choice.of.the
.Next.Generation.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
