rlm_perl and accounting

George C. Kaplan gckaplan at ack.berkeley.edu
Wed Aug 23 18:57:15 CEST 2006


Alan DeKok wrote:
>>>I see the patch you're referring to, but after rethinking my question, I 
>>>think what I'm really trying to do is rewrite $RAD_REQUEST, not 
>>>$RAD_REPLY, and it does not appear that I can alter $RAD_REQUEST in any 
>>>way - either change or add.
> 
>   Hmm... looking into it in a little more detail, I think it would be
> even easier to do it another way.  The code in CVS head has been
> updated to allow for ":=", to over-write existing attributes.  But I
> think it might be even easier to simply use the hashes as-is, and
> replace the existing attribute lists.

Sounds good.  I assume you'll include %RAD_CHECK, as well as
%RAD_REQUEST and %RAD_REPLY in this change.  That would bring rlm_perl
into line with other authentication modules, which can alter any of the
three attribute lists.

>   i.e. put the attributes into perl hashes, and then make those perl
> hashes definitive for the new values of the attributes.  This would
> involve throwing away the previous attributes entirely.  So you would
> have to be *very* careful about modifying the hashes, but you would
> have complete flexibility.

What would be likely to happen if I screw up one of the attribute
hashes?  If that just screws up the current RADIUS request, I'd say go
for it; I'm happy to have the power to shoot myself in the foot.  But if
it could crash the radiusd, well, I guess I'll have to be *very*, *VERY*
careful.

-- 
George C. Kaplan                            gckaplan at ack.berkeley.edu
IST - Infrastructure Services               510-643-0496
University of California at Berkeley



More information about the Freeradius-Users mailing list