Alan DeKok wrote:
Yes, the debug output helped. It looks like it's an issue with
src/main/exec.c. The code calling module_authorize() should treat FAIL
the same as REJECT.
Is that src/main/exec.c or src/main/auth.c?
If I look at src/main/auth.c I see the following :
int rad_authenticate(REQUEST *request)
{
...
/* Get the user's authorization information from the database */
autz_redo:
result = module_authorize(autz_type, request);
switch (result) {
case RLM_MODULE_NOOP:
case RLM_MODULE_NOTFOUND:
case RLM_MODULE_OK:
case RLM_MODULE_UPDATED:
break;
case RLM_MODULE_FAIL:
case RLM_MODULE_HANDLED:
return result;
case RLM_MODULE_INVALID:
case RLM_MODULE_REJECT:
case RLM_MODULE_USERLOCK:
default:
...
Is this the code you are referring to? Should RLM_MODULE_FAIL go in with
the last few that drop into the default case?
So this would fix it :
result = module_authorize(autz_type, request);
switch (result) {
case RLM_MODULE_NOOP:
case RLM_MODULE_NOTFOUND:
case RLM_MODULE_OK:
case RLM_MODULE_UPDATED:
break;
/*case RLM_MODULE_FAIL:*/
case RLM_MODULE_HANDLED:
return result;
case RLM_MODULE_FAIL:
case RLM_MODULE_INVALID:
case RLM_MODULE_REJECT:
case RLM_MODULE_USERLOCK:
default:
Makes sense, because the default case returns a reject...
Alan you are a genius!
Is this even considered a bug? Can we expect this to be changed in the
future?
Thanks a stack for all the time Alan!
--
Q: I want to be a sysadmin. What should I do?
A: Seek professional help.
----------------------------------------------------------------------
Get a free email address with REAL anti-spam protection.
http://www.bluebottle.com/tag/1
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
