force_check_config - how to use?

Wed Jan 19 20:17:12 CET 2011

According to Alan DeKok <aland at deployingradius.com> on Wed, 01/19/11 at 13:57:
> 
>   I *think* it's something you can add to a module configuration to
> force it to instantiate itself.  Normally, when "radiusd -C" is used,
> the SQL module is skipped, because checking the config doesn't mean
> opening 50 sockets to the SQL server.  Adding "force_check_config=yes"
> will make modules like SQL instantiate themselves, including opening 50
> sockets to the SQL server.

Thanks.  I came across this while trying to debug a gnarly situation with
the mschap module.  The configs in modules/mschap include at the end:

   #ntlm_auth = "/path/to/ntlm_auth --request-nt-key
      --username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
      --challenge=%{mschap:Challenge:-00}
      --nt-response=%{mschap:NT-Response:-00}"

This was changed by an adminstrator to --username=%{mschap:User-Name:-None}
except that the leading left brace ("{") was omitted...   :-(

The output of radiusd -XC concluded that "Configuration appears to be OK."
when in fact mschap authentications could never recover the User-Name when
ntlm_auth was given --username=%mschap:User-Name:-None} to deal with...

My question: is there any way to parse and check the "value" of the
ntlm_auth variable in the modules/mschap file for valid syntax?

Inside cf_item_parse() in src/main/conffile.c there is a PW_TYPE_STRING_PTR
case of the switch statement.  In this case there is the following comment:

/*
 *      Expand variables which haven't already been
 *      expanded automagically when the configuration
 *      file was read.
 */

It doesn't seem that this ntlm_auth variable was expanded when the config
file was read.

After this comment is an if statement "if (value == dflt)" which, if true,
results in a call to cf_expand_variables() passing the above ntlm_auth
string value as "value".  It appears to me that this if statement will
never be true, since the default value for ntlm_auth is NULL, so any
string value (right hand side of ntlm_auth variable) will not be NULL,
nor will the pointers match.  And if they did, what is the purpose of
expanding a variable which is NULL?  The net result is that the human
error (see typo above) was not discovered while configuration checking
with -XC which gave a false positive indication.  Very confusing...

Regards,

web...

--
William Bulley                     Email: web at umich.edu

72 characters width template ----------------------------------------->|