Using rlm_caching: rejects on cached requests

Alan DeKok aland at
Thu Apr 26 10:01:42 CEST 2012

Jeroen Scheerder wrote:
> I've modified rlm_caching.c thusly:
>         if ((auth_type = pairfind(request->config_items, PW_AUTH_TYPE)) != NULL){
>                 DEBUG("rlm_caching: Found Auth-Type, value: '%s'",auth_type->vp_strvalue);
>                 /* JS - set Auth-Type to 'Accept' if unset */
>                 if (strcmp(auth_type->vp_strvalue,"") == 0){

  Except that Auth-Type is an "integer" attribute.  So why look at the
string when you can look at the integer value?

  i.e. *What* is the integer value when the string is empty?

>                         DEBUG("rlm_caching: Auth-Type unset, assigning value: '%s'", "Accept");
>                         strcpy(auth_type->vp_strvalue, "Accept");
>                 }
>                 if (strcmp(auth_type->vp_strvalue,"Reject") == 0 && data->cache_rejects == 0){

  See src/main/auth.c.  You shouldn't do strcmp().

> Note that actual rejects don't seem to make the caching_postauth function, for whatever reason.

  Because you didn't list "caching" in the "Post-Auth-Type Reject" section.

> This seems to be working.  No doubt somebody'll step in and tell me how utterly wrong this is. :-)

  I'd like to understand *why* the value is wrong.  If it's cached, it
should cache the working value.

> Still, I'm content so far.  But I have one more thing to take care of: I'd like to enable caching only for specific clients.  How could I acomplish that?

  "man unlang".  Write conditional checks around the caching module.

   Alan DeKok.

More information about the Freeradius-Users mailing list