eap module returning 'updated' rather than 'ok'
Brian Candler
b.candler at pobox.com
Fri Oct 21 14:12:22 CEST 2016
On 20/10/2016 20:01, Alan DeKok wrote:
>> I couldn't find any reference to return codes, or "ok" or "updated", in either of these.
> As always, patches are welcome.
>
Would this be an acceptable?
diff --git a/raddb/sites-available/default b/raddb/sites-available/default
index 0834075..f047979 100644
--- a/raddb/sites-available/default
+++ b/raddb/sites-available/default
@@ -347,9 +347,9 @@ authorize {
# It also sets the EAP-Type attribute in the request
# attribute list to the EAP type from the packet.
#
- # The EAP module returns "ok" if it is not yet ready to
+ # The EAP module returns "ok" or "updated" if it is not yet
ready to
# authenticate the user. The configuration below checks for
- # that code, and stops processing the "authorize" section if
+ # those codes, and stops processing the "authorize" section if
# so.
#
# Any LDAP and/or SQL servers will not be queried for the
@@ -358,6 +358,7 @@ authorize {
#
eap {
ok = return
+ updated = return
}
#
If yes, I'll reformat as a pull request.
I believe that is accurate. Looking at rlm_eap.c, the EAP responses are
mapped to the following return values in the authorize handler:
EAP_NOOP -> RLM_MODULE_NOOP
EAP_FAIL -> RLM_MODULE_FAIL
EAP_FOUND -> RLM_MODULE_HANDLED
(if it gets this far, control:Auth-Type := eap is set)
EAP_OK -> RLM_MODULE_OK
anything else* -> RLM_MODULE_UPDATED
*the remaining enum values are EAP_NOTFOUND, EAP_INVALID or EAP_VALID.
Regards,
Brian.
More information about the Freeradius-Users
mailing list