checkval and != op

Christian Zoffoli czoffoli at xmerlin.org
Mon Jun 21 14:41:58 CEST 2010


Il 21/06/2010 13:50, Alan DeKok ha scritto:
[cut]
>   Why?  What possible use is this?  What do you expect it to do?

there is something strange IMHO


if I try a different user in the wired group and this radgroupcheck:

mysql> SELECT * FROM radgroupcheck WHERE groupname='wired';
+----+-----------+--------------------+----+-------------------+
| id | groupname | attribute          | op | value             |
+----+-----------+--------------------+----+-------------------+
|  6 | wired     | Calling-Station-Id | := | 00-22-15-16-35-B0 |
|  7 | wired     | Simultaneous-Use   | := | 1                 |
| 10 | wired     | Max-All-Session    | := | 3600              |
| 12 | wired     | Access-Period      | := | 604800            |
+----+-----------+--------------------+----+-------------------+
4 rows in set (0.00 sec)


All works as expected. The software is the same, the machine is the same
but now rlm_checkval works


---
rad_recv: Access-Request packet from host 127.0.0.1 port 51146, id=1,
length=298
	ChilliSpot-Version = "1.2.2"
	User-Name = "m7dby5cc"
	CHAP-Challenge = 0x0c8e9cdfd1f76caa475d8120e0af8660
	CHAP-Password = 0x00d4c0245b2a9b2a0429c5c3401da5439e
	NAS-IP-Address = 192.168.182.1
	Service-Type = Login-User
	Framed-IP-Address = 192.168.182.2
	Calling-Station-Id = "00-22-15-16-35-B0"
	Called-Station-Id = "00-0D-B9-15-F4-C9"
	NAS-Identifier = "localhost"
	Acct-Session-Id = "4c1f311000000001"
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1
	WISPr-Location-ID = "isocc=,cc=,ac=,network=XTekLABS,"
	WISPr-Location-Name = "HotSpot_Service"
	WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
	Message-Authenticator = 0x7d095fb7ce6c28a7459e053a4074bf17
+- entering group authorize
++[preprocess] returns ok
    rlm_realm: No '@' in User-Name = "m7dby5cc", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
	expand: %{Stripped-User-Name} ->
	expand: %{User-Name} -> m7dby5cc
	expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
	expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
rlm_sql (sql): Reserving sql socket id: 0
	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'm7dby5cc'           ORDER BY id
rlm_sql (sql): User found in radcheck table
	expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = 'm7dby5cc'           ORDER BY id
	expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'm7dby5cc'           ORDER BY priority
	expand: SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           Value, op
      FROM radgroupcheck           WHERE groupname = 'wired'
ORDER BY id
rlm_sql (sql): User found in group wired
	expand: SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           value, op
      FROM radgroupreply           WHERE groupname = 'wired'
ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-22-15-16-35-B0
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-22-15-16-35-B0
++[checkval] returns ok
rlm_expiration: Checking Expiration time: '18 Dec 2010 11:06:25'
++[expiration] returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand:  'SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{User-Name}''
	expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{User-Name}' -> SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='m7dby5cc'
sqlcounter_expand:  '%{sql:SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='m7dby5cc'}'
rlm_sql (sql): - sql_xlat
	expand: %{Stripped-User-Name} ->
	expand: %{User-Name} -> m7dby5cc
	expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
	expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
	expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='m7dby5cc' -> SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='m7dby5cc'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): row[0] returned NULL
rlm_sql (sql): Released sql socket id: 4
	expand: %{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='m7dby5cc'} ->
rlm_sqlcounter: No integer found in string ""
++[noresetcounter] returns noop
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand:  'SELECT UNIX_TIMESTAMP() -
UNIX_TIMESTAMP(AcctStartTime) FROM radacct WHERE UserName =
'%{User-Name}' ORDER BY AcctStartTime LIMIT 1'
	expand: SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) FROM
radacct WHERE UserName = '%{User-Name}' ORDER BY AcctStartTime LIMIT 1
-> SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) FROM radacct
WHERE UserName = 'm7dby5cc' ORDER BY AcctStartTime LIMIT 1
sqlcounter_expand:  '%{sql:SELECT UNIX_TIMESTAMP() -
UNIX_TIMESTAMP(AcctStartTime) FROM radacct WHERE UserName = 'm7dby5cc'
ORDER BY AcctStartTime LIMIT 1}'
rlm_sql (sql): - sql_xlat
	expand: %{Stripped-User-Name} ->
	expand: %{User-Name} -> m7dby5cc
	expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
	expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
	expand: SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) FROM
radacct WHERE UserName = 'm7dby5cc' ORDER BY AcctStartTime LIMIT 1 ->
SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) FROM radacct
WHERE UserName = 'm7dby5cc' ORDER BY AcctStartTime LIMIT 1
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): SQL query did not return any results
rlm_sql (sql): Released sql socket id: 3
	expand: %{sql:SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime)
FROM radacct WHERE UserName = 'm7dby5cc' ORDER BY AcctStartTime LIMIT 1} ->
rlm_sqlcounter: No integer found in string ""
++[accessperiod] returns noop
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
+- entering group session
	expand: %{Stripped-User-Name} ->
	expand: %{User-Name} -> m7dby5cc
	expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
	expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
	expand: SELECT COUNT(*) 				FROM radacct 				WHERE username =
'%{SQL-User-Name}' 				AND acctstoptime is NULL -> SELECT COUNT(*) 			
FROM radacct 				WHERE username = 'm7dby5cc' 				AND acctstoptime is NULL
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
Login OK: [m7dby5cc/<CHAP-Password>] (from client localhost port 1 cli
00-22-15-16-35-B0)
+- entering group post-auth
rlm_sql (sql): Processing sql_postauth
	expand: %{Stripped-User-Name} ->
	expand: %{User-Name} -> m7dby5cc
	expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
	expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
	expand: %{User-Password} ->
	expand: %{Chap-Password} -> 0x00d4c0245b2a9b2a0429c5c3401da5439e
	expand: INSERT INTO radpostauth                           (username,
pass, reply, authdate)                           VALUES (
            '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
           (username, pass, reply, authdate)
VALUES (                           'm7dby5cc',
'0x00d4c0245b2a9b2a0429c5c3401da5439e',
'Access-Accept', '2010-06-21 14:36:34')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
                  (username, pass, reply, authdate)
      VALUES (                           'm7dby5cc',
      '0x00d4c0245b2a9b2a0429c5c3401da5439e',
'Access-Accept', '2010-06-21 14:36:34')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 1 to 127.0.0.1 port 51146
	Acct-Interim-Interval := 600
	Session-Timeout = 15542991
Finished request 14.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 60147,
id=11, length=225
	ChilliSpot-Version = "1.2.2"
	ChilliSpot-Attr-10 = 0x00000002
	Acct-Status-Type = Start
	User-Name = "m7dby5cc"
	Calling-Station-Id = "00-22-15-16-35-B0"
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1
	NAS-Port-Id = "00000001"
	Framed-IP-Address = 192.168.182.2
	Acct-Session-Id = "4c1f311000000001"
	NAS-IP-Address = 192.168.182.1
	Called-Station-Id = "00-0D-B9-15-F4-C9"
	NAS-Identifier = "localhost"
	WISPr-Location-ID = "isocc=,cc=,ac=,network=XTekLABS,"
	WISPr-Location-Name = "HotSpot_Service"
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 192.168.182.1,Acct-Session-Id =
"4c1f311000000001",User-Name = "m7dby5cc"'
rlm_acct_unique: Acct-Unique-Session-ID = "ddca1f9d2efffb89".
++[acct_unique] returns ok
    rlm_realm: No '@' in User-Name = "m7dby5cc", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
	expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
-> /var/log/freeradius/radacct/127.0.0.1/detail-20100621
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/freeradius/radacct/127.0.0.1/detail-20100621
	expand: %t -> Mon Jun 21 14:36:35 2010
++[detail] returns ok
	expand: %{Stripped-User-Name} ->
	expand: %{User-Name} -> m7dby5cc
	expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
	expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
	expand: %{Acct-Delay-Time} ->
	expand:            INSERT INTO radacct             (acctsessionid,
acctuniqueid,     username,              realm,            nasipaddress,
    nasportid,              nasporttype,      acctstarttime,
acctstoptime,              acctsessiontime,  acctauthentic,
connectinfo_start,              connectinfo_stop, acctinputoctets,
acctoutputoctets,              calledstationid,  callingstationid,
acctterminatecause,              servicetype,      framedprotocol,
framedipaddress,              acctstartdelay,   acctstopdelay,
xascendsessionsvrkey)           VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,
 '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',
             '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
       '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
             '%{%{Acct-Delay-Time}:-0}', '0',
'%{X-Ascend-Session-Svr-Key}') ->            INSERT INTO radacct
     (acctsessionid,    acctuniqueid,     username,              realm,
           nasipaddress,     nasportid,              nasporttype,
acctstarttime,    acctstoptime,              acctsessiontime,
acctauthentic,    connectinfo_start,              connectinfo_stop,
acctinputoctets,  acctoutputoctets,              calledstationid,
callingstationid, acctterminatecause,              servicetype,
framedprotocol,   framedipaddress,              acctstartdelay,
acctstopdelay,    xascendsessionsvrkey)           VALUES
('4c1f311000000001', 'ddca1f9d2efffb89',              'm7dby5cc',
       '', '192.168.182.1', '1',              'Wireless-802.11',
'2010-06-21 14:36:35', NULL,              '0', '', '',              '',
'0', '0',              '00-0D-B9-15-F4-C9', '00-22-15-16-35-B0', '',
          '', '', '192.168.182.2',              '0', '0', '')
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
	expand: %{User-Name} -> m7dby5cc
 attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 11 to 127.0.0.1 port 60147
Finished request 15.
Cleaning up request 15 ID 11 with timestamp +12417
Going to the next request
Waking up in 4.9 seconds.
---

Best regards,
Christian



More information about the Freeradius-Users mailing list