SQL setting auth-type & return codes

Phil Mayers <p.mayers@imperial.ac.uk> · Wed, 05 Mar 2008 17:32:41 +0000

I was going to knock out a quick concept patch but I see it's not a 

trivial patch; before I make the effort to code it I thought I'd check:

It seems useful for the sql module to set the return code to 

RLM_MODULE_REJECT if the Auth-Type gets set to reject - the specific use 

case I have is an unlang policy like so:

authorize {
 preprocess

 sql

 if ("%{reply:MyStatus}" !~ /Active|Guest/) {
   reject
 }

 # ...some more stuff
}

...however inside the SQL I have groups with

 id | groupname | attribute | op | value
----+-----------+-----------+----+--------
  2 | staff     | MyStatus  | =  | Active
  3 | banned    | Auth-Type | := | Reject

...and it would be nice if members of the "banned" group stopped 

processing early.

At the moment the SQL module only returns FAIL, NOTFOUND or OK.

Thoughts?