rlm_dbm with empty check and reply items
Alan all,
I want to use rlm_dbm for authorization with no check or reply items.
A user is authorized if he is listed in the dbm database, and not
authorized if not present:
modules {
...
dbm {
usersfile = ${confdir}/users.dbm
}
...
}
...
authorize {
...
dbm {
notfound = reject
}
}
So, what I need is a dbm file which has empty content associated with
each username key. Empty actually means a \n\n string (first '\n'
for no check items, second one for no reply items).
I can create such a database by calling dbm routines from my own C code,
and it works fine with the radiusd.conf excerpt above.
HOWEVER, I would like to use the rlm_dbm_parser binary included with the
freeradius package. The trouble is, this code checks for the length of
each content record before inserting into the dbm file, and refuses to
do so unless the record is more than 3 characters long (rlm_dbm_parser.c,
line 158, inside function 'static int storecontent' as per
freeradius-snapshot-20060728):
static int storecontent (const char * username) {
datum d,k;
int res;
if ( pdb == NULL || concntr 3 ) return 1;
/*^^*/
DOUT2(store:\n%s\ncontent:\n%s,username,content);
d.dptr = content;
...
Is there a known good reason why this code wants length =3, or why it
prevents check items and reply items from being empty at the same time ?
If yes, inquiring minds want to know :)
If not, please apply the attached patch, which modifies the check from 3
to 2, allowing empty keys to be stored in the dbm.
Thanks much,
Gabriel
diff -NarU5 freeradius.orig/src/modules/rlm_dbm/rlm_dbm_parser.c
freeradius/src/modules/rlm_dbm/rlm_dbm_parser.c
--- freeradius.orig/src/modules/rlm_dbm/rlm_dbm_parser.c2004-02-26
14:04:28.0 -0500
+++ freeradius/src/modules/rlm_dbm/rlm_dbm_parser.c 2006-07-27
15:49:27.0 -0400
@@ -153,11 +153,11 @@
static int storecontent (const char * username) {
datum d,k;
int res;
- if ( pdb == NULL || concntr 3 ) return 1;
+ if ( pdb == NULL || concntr 2 ) return 1;
DOUT2(store:\n%s\ncontent:\n%s,username,content);
d.dptr = content;
d.dsize = concntr + 1;
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PATCH: rlm_dbm_parser and empty check-items
Hi,
I'm trying to use rlm_dbm for authorization, and discovered that the
rlm_dbm_parser program won't allow an entry to have an empty
check-items list. You can't have, for instance:
foo ;
;
or
foo
;
You must have
foo some_junk == here
;
if foo is to be added to the resulting users.dbm database.
To be more precise, you can't have empty check-items AND empty
reply-items, which I think one should be allowed to have... :)
The attached patch fixes that, and allows rlm_dbm_parser to process
a source file with empty check- and reply-items.
I created the patch against the latest cvs snapshot (jul. 27).
Please apply, or let me know why you think it's a bad idea... :)
Thanks,
Gabriel
diff -NarU5 freeradius.orig/src/modules/rlm_dbm/rlm_dbm_parser.c
freeradius/src/modules/rlm_dbm/rlm_dbm_parser.c
--- freeradius.orig/src/modules/rlm_dbm/rlm_dbm_parser.c2004-02-26
14:04:28.0 -0500
+++ freeradius/src/modules/rlm_dbm/rlm_dbm_parser.c 2006-07-27
15:49:27.0 -0400
@@ -153,11 +153,11 @@
static int storecontent (const char * username) {
datum d,k;
int res;
- if ( pdb == NULL || concntr 3 ) return 1;
+ if ( pdb == NULL || concntr 2 ) return 1;
DOUT2(store:\n%s\ncontent:\n%s,username,content);
d.dptr = content;
d.dsize = concntr + 1;
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Semantics of radiusd.conf ?
Hi,
I'm trying to understand the semantics of the radiusd.conf file.
Specifically, when does a module (not) need to be mentioned in the
authorize and authenticate sections of the config file ?
For instance, I want mysql-based authorization, and eap-based
authentication. For this, I have to do something like this:
authorize {
...
eap
sql
}
authenticate {
eap
}
Removing the eap from 'authorize' prevents the server from
working correctly (works fine if you leave it in there).
Why does eap have to be mentioned in 'authorize', if I only
need it for authentication ?
Thanks,
Gabriel
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
