When performing the Authorize section using the REst module, is it possible to add a module failure message to the 403 response?
First of all, please understand that I am not able to receive replies to existing questions due to incorrect system settings, so I cannot reply and am asking a new question. The link to the existing question is this. https://lists.freeradius.org/pipermail/freeradius-users/2024-January/104052.... rlm_rest (rest): Reserved connection (2) (16) rest: Expanding URI components (16) rest: EXPAND http://0.0.0.0:9012 (16) rest: --> http://0.0.0.0:9012 (16) rest: EXPAND /auth/user/%{User-Name}?callingStationId=%{Calling-Station-Id}&calledStationId=%{Called-Station-Id}&eapType=%{EAP-Type} (16) rest: --> /auth/user/test?callingStationId=00-D7-B2-E6-FA-00&calledStationId=00-03-84-B6-00-CC%3Aradius%20122&eapType=PEAP (16) rest: Sending HTTP GET to " http://0.0.0.0:9012/auth/user/test?callingStationId=00-00-B0-E0-0A-80&called... " (16) rest: Processing response header (16) rest: Status : 403 () (16) rest: Type : json (application/json) (16) rest: Adding reply:REST-HTTP-Status-Code = "403" (16) rest: ERROR: Server returned: (16) rest: ERROR: {"request:Module-Failure-Message":"add message but..."} rlm_rest (rest): Released connection (2) Need more connections to reach 10 spares rlm_rest (rest): Opening additional connection (6), 1 of 26 pending slots used rlm_rest (rest): Connecting to "http://0.0.0.0:9012" (16) [rest] = userlock (16) } # if (!&outer.session-state:Done-Rest) = userlock (16) } # authorize = userlock (16) Using Post-Auth-Type Reject (16) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (16) Post-Auth-Type REJECT { (16) update { (16) &Calling-Station-Id = &outer.request:Calling-Station-Id -> '00-00-00-00-00-00' (16) &Called-Station-Id = &outer.request:Called-Station-Id -> '00-03-00-00-00-00:radius' (16) &EAP-Type := &outer.request:EAP-Type -> PEAP (16) } # update = noop First of all, I am from Korea and it is difficult to translate what you are saying. The FreeRADIUS version I am using is 3.0.24. To summarize the question again, When performing the Authorize step in a Rest Module, is it possible to (rest.authorize) deliver a 403 HTTP Status Code response and a message and attach it to "Module-Failure-Message"? Alan DeKok said it was in "Sure" and in "rlm_rest.c". Probably "rlm_rest.c" is I think you mean "mods-enabled/rest". However, I find this module difficult to handle. No matter how many explanations I read, I couldn't find an answer to this. sorry. I guess it's hard for me to interpret Alan DeKok's answer because I'm not very smart. Is it “possible” or “I can figure it out if I read the description of this module.” Which of the two did you mean? Looking at the message you wrote later, I don't know whether you meant "It's possible" or "It's impossible and I'll think about it." I'm really sorry, but I wonder if what I want to do is possible. If possible, please explain in more detail what section I should refer to.
On Jan 23, 2024, at 10:32 AM, 남혁준 <sawd1598@gmail.com> wrote:
First of all, please understand that I am not able to receive replies to existing questions due to incorrect system settings, so I cannot reply and am asking a new question.
That's fine.
Alan DeKok said it was in "Sure" and in "rlm_rest.c".
Probably "rlm_rest.c" is I think you mean "mods-enabled/rest".
No. I mean rlm_rest.c. In order to add this functionality, someone will have to edit the source code. You cannot add functionality by editing the configuration files. Alan DeKok.
participants (2)
-
Alan DeKok -
남혁준