Re: SQL group auth problem [patch]

2002-05-29 Thread Thomas Jalsovsky 

Hello all,

I went through the SQL module and I found that in the SQL
authorization part, firstly the radcheck table is checked. If the given
user is not found, it tries the DEFAULT setting but doesn't look for the
radgroupcheck entries.
This patch modifies the rlm_sql module to look for radcheck and if
user not fond in them try radgroupcheck and if there is no record in
radgroupcheck for the given user try the DEFAULT entry.
This function should be good for accounts without password (or the
same predefined password).
Example: authentification by a CLIP (ANI) phone number, there is no
password (or constant password ex. "accept") for the phone number. Without
this patch radcheck will have all of the lines about CLIP accounts:
++++-+--+
| id | UserName   | Attribute  | Value   | op   |
++++-+--+
| 1  | 0245958400 | Password   | accept  | ==   |
| 2  | 0245958155 | Password   | accept  | ==   |
++++-+--+

With patch you have to put the CLIP into a usergroup and define group
reply attributes.

On Sun, 14 Apr 2002, Alan DeKok wrote:
>  I still haven't had time to look at it, sorry.  I would suggest
>posting the patch to the users and/or the devel list.  If other people
>say it works && it's useful, then I'll apply it without looking at it.

Please take a look for this and say your experience.

Regards,
Thomas

p.s.: The patch should be applied to today's CVS tree


--- src/modules/rlm_sql/rlm_sql.c.orig  Wed May 29 11:57:42 2002
+++ src/modules/rlm_sql/rlm_sql.c   Wed May 29 12:21:07 2002
@@ -343,23 +343,33 @@
} else {

int gcheck;
-
-   /*
-* We didn't find the user, so we try looking
-* for a DEFAULT entry
-*/
-   if (sql_set_user(inst, request, sqlusername, "DEFAULT") < 0) {
-   sql_release_socket(inst, sqlsocket);
-   return RLM_MODULE_FAIL;
-   }
-
-   radius_xlat(querystr, MAX_QUERY_LEN, 
inst->config->authorize_group_check_query, request, sql_escape_func);
-   gcheck = sql_getvpdata(inst, sqlsocket, &check_tmp, querystr, 
PW_VP_GROUPDATA);
-   radius_xlat(querystr, MAX_QUERY_LEN, 
inst->config->authorize_group_reply_query, request, sql_escape_func);
-   gcheck = sql_getvpdata(inst, sqlsocket, &reply_tmp, querystr, 
PW_VP_GROUPDATA);
-   if (gcheck)
-   found = 1;
-   }
+/*
+* We didn't find the user in radcheck, so we try looking
+* for radgroupcheck entry
+*/
+radius_xlat(querystr, MAX_QUERY_LEN, 
+inst->config->authorize_group_check_query, request, NULL);
+gcheck = sql_getvpdata(inst, sqlsocket, &check_tmp, querystr, 
+PW_VP_GROUPDATA);
+radius_xlat(querystr, MAX_QUERY_LEN, 
+inst->config->authorize_group_reply_query, request, NULL);
+sql_getvpdata(inst, sqlsocket, &reply_tmp, querystr, PW_VP_GROUPDATA);
+if (gcheck) {
+found = 1;
+} else {
+/*
+* We didn't find the user, so we try looking
+* for a DEFAULT entry
+*/
+if (sql_set_user(inst, request, sqlusername, "DEFAULT") < 0) {
+sql_release_socket(inst, sqlsocket);
+return RLM_MODULE_FAIL;
+}
+radius_xlat(querystr, MAX_QUERY_LEN, 
+inst->config->authorize_group_check_query, request, NULL);
+gcheck = sql_getvpdata(inst, sqlsocket, &check_tmp, querystr, 
+PW_VP_GROUPDATA);
+radius_xlat(querystr, MAX_QUERY_LEN, 
+inst->config->authorize_group_reply_query, request, NULL);
+gcheck = sql_getvpdata(inst, sqlsocket, &reply_tmp, querystr, 
+PW_VP_GROUPDATA);
+if (gcheck)
+found = 1;
+}
+}
if (!found) {
radlog(L_DBG, "rlm_sql: User %s not found and DEFAULT not found", 
sqlusername);
sql_release_socket(inst, sqlsocket);




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

SQL group auth problem

2002-02-11 Thread Thomas Jalsovsky 


usergroup
+++---+
| id | UserName   | GroupName |
+++---+
|  5 | 0905835218 | test  |
+++---+


radgroupcheck
++--+---+---+--+
| id | GroupName| Attribute | Value | op   |
++--+---+---+--+
| 18 | test | User-Password | accept| ==   |
| 19 | test | Auth-Type | Local | :=   |
++--+---+---+--+


I filled out these tables, and tryed to auth. "0905835218","accept"
The user was rejected. Why? How can I allow access for that user (with 
groups)?

Thanks,
Thomas

ps.: radcheck, radreply, radgroupreply are empty





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SQL group auth problem

2002-02-07 Thread Alan DeKok 

Thomas Jalsovsky <[EMAIL PROTECTED]> wrote:
> I filled out these tables, and tryed to auth. "0905835218","accept"
> The user was rejected. Why?

  I don't know.  If the SQL debug information doesn't tell you, then
there needs to be more debug information from the SQL module.

  As I said before, I would suggest debugging any problem with the
'users' file, first.  If it works there, then the problem is to get
the SQL module configured correctly.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

SQL group auth problem

2002-02-07 Thread Thomas Jalsovsky 


usergroup
+++---+
| id | UserName   | GroupName |
+++---+
|  5 | 0905835218 | test  |
+++---+


radgroupcheck
++--+---+---+--+
| id | GroupName| Attribute | Value | op   |
++--+---+---+--+
| 18 | test | User-Password | accept| ==   |
| 19 | test | Auth-Type | Local | :=   |
++--+---+---+--+


I filled out these tables, and tryed to auth. "0905835218","accept"
The user was rejected. Why? How can I allow access for that user (with 
groups)?

Thanks,
Thomas

ps.: radcheck, radreply, radgroupreply are empty





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html