Incorrect reply rlm_python with tagged attributes

Alan DeKok aland at deployingradius.com
Fri Feb 23 15:04:08 CET 2018 

On Feb 23, 2018, at 8:50 AM, Юрий Иванов <format_hub at outlook.com> wrote:
> 
> Incorrect reply rlm_python with tagged attributes
> I've created python authorization module. It based on example provided by vendor.
> At first glance it works well but when trying to perform testing with radtest reply is:
> ...
>    User-Password = "testing123"
>    NAS-IP-Address = 127.0.1.1
>    NAS-Port = 0
>    Message-Authenticator = 0x00
>    Cleartext-Password = "testing123"
> Received Access-Accept Id 188 from 127.0.0.1:1812 to 0.0.0.0:0 length 48
>    ERX-Service-Activate:0 = "svc-local-ipoe"
> 
> There is only one ERX-Service-Activate:0 with strange zero?

  The default value for "no tag" is zero.

> Python function def authorize(p) has reply tuple:
>    reply = (('Framed-IP-Address', str(client.ipv4)),
>             ('ERX-Service-Activate:1', 'svc-local-ipoe'),
>             ('ERX-Service-Activate:2',
>              'svc-local-ipoe(%s)' % str(client.speed_localnet)),
>             ('ERX-Service-Activate:3',
>              'svc-foreign-ipoe(%s,%s)' % (str(client.speed_foreign),
>                                          str(client.speed_localnet))),)

  You want to add a third entry to each tuple, which is the operator.  Use "+=".  Otherwise attributes of the same name may over-write each other.

> Of course radius started in debug mode, and radiusd -X shows me another output:
> authorize - 'reply:Framed-IP-Address' = '10.0.0.1'
> authorize - 'reply:ERX-Service-Activate:3' = 'svc-local-ipoe'
> authorize - 'reply:ERX-Service-Activate:4' = 'svc-localnet-ipoe(110000)'
> authorize - 'reply:ERX-Service-Activate:5' = 'svc-foreignnet-ipoe(110000,110000)'
> authorize - 'config:Auth-Type' = 'Accept'
> authorize - 'config:Cleartext-Password' = 'testing123'
> How to get all ERX-Service-Activate tagged attributes, not the strange with zero.
> 
> P.S. Reply in Wireshark shown only one ERX-Service-Activate attribute too in reply packet.
> 
> P.P.S. Maybe I've construct reply with tag incorrectly? But I can find no additional information about this.

  You did it correctly.

  The issue is that the tag wasn't getting copied correctly.  I've updated the python module to fix this.

  Please check the v3.0.x branch on github: https://github.com/FreeRADIUS/freeradius-server/tree/v3.0.x

  You can download it, compile, and test it.  The issue should be fixed.

  Alan DeKok.

More information about the Freeradius-Users mailing list