rlm_python: Access Request source IP Address is missing from authorize(p) function argument

[Gleb Lisikh]

Awesome, thanks! This seems like exactly what I need, even though it is
indeed a bit weird.

Where would you suggest to insert this 'update request' piece of code?
Would you be able to point me to the doc's describing how to work with the
UDP/IP packet data? I might need to get more from the headers than just IP
address.

Thanks again for your help!


On Sat, May 30, 2020, 09:21 Alan DeKok, <aland at deployingradius.com> wrote:

> On May 29, 2020, at 11:28 PM, Gleb Lisikh <in4bit.general at gmail.com>
> wrote:
> >
> > I'd like to be able to work in my python authorize function with the IP
> > address of the NAS interface from which Access-Request is received
> > (external). From the radiusd -X output this is the A1.A2.A3.A4 address I
> am
> > interested in.
> > =========================================
> > Received Access-Request Id 7 from A1.A2.A3.A4:54594 to B1.B2.B3.B4:1812
> > length 415
> > ==========================================
> > This is the same IP address that gets tested against shared secret
> > configured in clients.conf
> >
> > Unfortunately, the tuple (p) that gets passed to the authorize function
> > (authorize(p)) by rlm_python has a different (internal) NAS-IP-Address,
> > which is of no use to me.
>
>   The attributes which get passed to Python are the ones in the packet.
> Not the various IP / UDP headers.
>
> > If radiusd is in principle aware of the A1.A2.A3.A4  IP address I am
> > interested in, how can I gain  access to it in my python authorize(p) or
> > any other function?
>
>   You can get the source IP and convert it to a real attribute:
>
>         update request {
>                 Packet-Src-IP-Address := "%{Packet-Src-IP-Address}"
>         }
>
>   It's a little weird, but this "realizes" the virtual src IP into a real
> attribute.
>
>   Alan DeKok.
>
>