rlm_perl

Bjørn Mork bjorn at mork.no
Fri Sep 30 09:14:11 CEST 2011


Alexander Clouter <alex at digriz.org.uk> writes:

> Alex rsm <alex-rsm at hotmail.com> wrote:
>> 
>> And added the following in src/modules/rlm_perl/example.pl
>> 
>> sub authorize {
>>        print "This is a TEST\n";
>> .....
>> }
>>
>> However, When I send a simple test request I don't see my debug line. 
>> I also don't see the message "perl loaded" when start Freeradius in 
>> debug mode (radiusd -X).
>> 
> I am pretty sure stdout is not plumbed up for rlm_perl, and neither is 
> stderr so you will not see anything.

Oh, but they are.  At least in debug mode

I don't think Alex (the other one :-) really enabled the perl module. It
will NOT be silent in debug mode.

You should see something like this when the module is instantiated:

 Module: Linked to module rlm_perl
 Module: Instantiating module "perl" from file /etc/freeradius/modules/perl
  perl {
        module = "/etc/freeradius/example.pl"
        func_authorize = "authorize"
        func_authenticate = "authenticate"
        func_accounting = "accounting"
        func_preacct = "preacct"
        func_checksimul = "checksimul"
        func_detach = "detach"
        func_xlat = "xlat"
        func_pre_proxy = "pre_proxy"
        func_post_proxy = "post_proxy"
        func_post_auth = "post_auth"
        func_recv_coa = "recv_coa"
        func_send_coa = "send_coa"
  }


And with the following "/etc/freeradius/example.pl":

use constant    RLM_MODULE_REJECT=>    0;#  /* immediately reject the request */
use constant    RLM_MODULE_FAIL=>      1;#  /* module failed, don't reply */
use constant    RLM_MODULE_OK=>        2;#  /* the module is OK, continue */
use constant    RLM_MODULE_HANDLED=>   3;#  /* the module handled the request, so stop. */
use constant    RLM_MODULE_INVALID=>   4;#  /* the module considers the request invalid. */
use constant    RLM_MODULE_USERLOCK=>  5;#  /* reject the request (user is locked out) */
use constant    RLM_MODULE_NOTFOUND=>  6;#  /* user not found */
use constant    RLM_MODULE_NOOP=>      7;#  /* module succeeded without doing anything */
use constant    RLM_MODULE_UPDATED=>   8;#  /* OK (pairs modified) */
use constant    RLM_MODULE_NUMCODES=>  9;#  /* How many return codes there are */

sub authorize {
        print "Here\n";
        return RLM_MODULE_NOOP;
}





I get:


rad_recv: Access-Request packet from host 127.0.0.1 port 41702, id=236, length=43
        User-Name = "foo"
        User-Password = "bar"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "foo", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
Here
rlm_perl: Added pair User-Name = foo
rlm_perl: Added pair User-Password = bar
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
++[perl] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> foo
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 236 to 127.0.0.1 port 41702
Waking up in 4.9 seconds.
Cleaning up request 0 ID 236 with timestamp +132
Ready to process requests.




Note the "Here" right before the "rlm_perl: " debug lines.  That's the
perl scripts stdout.  But there's no use looking for output from the perl
script if the rlm_perl module isn't loaded.


> Of course reading the documentation brings enlightenment in the form of 
> '&radiusd::radlog(1, "...");'... :-/

Sure.  That's essential if you want to log something useful in
production mode.



Bjørn




More information about the Freeradius-Users mailing list