LDAP Accounting

[Olivier Beytrison]

On 10.12.2012 14:30, Olivier Beytrison wrote:
> On 10.12.2012 01:33, Arran Cudbard-Bell wrote:
> 
>> 	accounting {
>> 		reference = "%{tolower:type.%{Acct-Status-Type}}"
>> 		
>> 		type {
>> 			start {
>> 				update {
>> 					description := "Online at %S"
>> 				}
>> 			}
>> 			
>> 			interim-update {
>> 				update {
>> 					description := "Online at %S"
>> 				}
>> 			}
>> 			
>> 			stop {
>> 				update {
>> 					description := "Offline at %S"
>> 				}
>> 			}
>> 		}
>> 	}
>>
> 
> In the default ldap files, it is stated that we can use the following
> section for post-auth :
> post-auth {
>     update {
>       description := "Authenticated at %S"
>     }
>   }
> but on run-time, it complains that the reference is not found.
> 
> (0)  - entering group post-auth {...}
> rlm_ldap (ldap): Reserved connection (4)
> (0) ldap :      expand: '.' -> '.'
> WARNING: No such configuration item .
> rlm_ldap (ldap): Released connection (4)
> (0)   [ldap] = fail
> 
> post-auth{} and accounting{} don't have the exact same layout, so the
> code need to adapt and not fail ;)

Based on my interpretation of the code which parse the configuration for
the update part, i changed the post-auth to :

post-auth {
        reference = "post-auth"
        post-auth {
                update {
                        description := "Authenticated at %S"
                }
        }
}

Now on run time it doesn't complain anymore about the reference being
not present, but it segfaults :o

(0)   group post-auth {
(0)  - entering group post-auth {...}
rlm_ldap (ldap): Reserved connection (4)
(0) ldap :      expand: 'post-auth' -> 'post-auth'
(0) ldap :      expand: 'Authenticated at %S' -> 'Authenticated at
2012-12-10 15:38:16'

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4ee121d in user_modify (inst=0x805fb0, request=0x8af660,
section=<optimized out>) at src/modules/rlm_ldap/rlm_ldap.c:2253
2253                    (*mod_p)->mod_values = &passed[last_pass];
(gdb) bt
#0  0x00007ffff4ee121d in user_modify (inst=0x805fb0, request=0x8af660,
section=<optimized out>) at src/modules/rlm_ldap/rlm_ldap.c:2253
#1  0x0000000000423642 in call_modsingle (request=0x8af660, component=7,
sp=<optimized out>) at src/main/modcall.c:305
#2  modcall (component=7, c=0x895cb0, request=<optimized out>) at
src/main/modcall.c:798
#3  0x0000000000421d26 in indexed_modcall (comp=7, idx=0,
request=0x8af660) at src/main/modules.c:793
#4  0x000000000040db30 in rad_postauth (request=0x8af660) at
src/main/auth.c:303
#5  0x00000000004345e0 in request_finish (request=0x8af660,
action=<optimized out>) at src/main/process.c:1109
#6  request_running (action=<optimized out>, request=0x8af660) at
src/main/process.c:1216
#7  request_running (request=0x8af660, action=<optimized out>) at
src/main/process.c:1150
#8  0x000000000043266b in request_queue_or_run (request=0x8af660,
process=0x433f80 <request_running>) at src/main/process.c:822
#9  0x00000000004339df in request_insert (listener=0x8ae570,
packet=0x8af530, client=0x7f4e20, fun=0x40db70 <rad_authenticate>,
pnow=0x7fffffffe1f0) at src/main/process.c:1439
#10 0x0000000000433b7e in request_receive (listener=0x8ae570,
packet=0x8af530, client=0x7f4e20, fun=0x40db70 <rad_authenticate>) at
src/main/process.c:1333
#11 0x000000000041cfcb in auth_socket_recv (listener=0x8ae570) at
src/main/listen.c:1468
#12 0x0000000000430032 in event_socket_handler (xel=<optimized out>,
fd=<optimized out>, ctx=0x8ae570) at src/main/process.c:3409
#13 0x00007ffff7bc677e in fr_event_loop () from
/usr/lib/freeradius/libfreeradius-radius.so
#14 0x000000000040d104 in main (argc=<optimized out>, argv=<optimized
out>) at src/main/radiusd.c:415

I don't know if it's due to my configuration or if it's in the code. If
needed I still have gdb open and can output anything you want ;)

Olivier

-- 

 Olivier Beytrison
 Network & Security Engineer, HES-SO Fribourg
 Mobile: +41 (0)78 619 73 53
 Mail: olivier at heliosnet.org