group sensitive per user return attributes with rlm_sql

Hugh Messenger hugh at
Wed Jul 4 21:43:31 CEST 2007

Dumb question time.

Short version:

Can someone pretty please remind me how to do in C what would amount to this
in perl ...

while (...)) {
        $checked_groups .= $group_list_tmp->groupname . ",";
chop $checked_groups;
&pairmake("control:Matched-Groups", $checked_groups, T_OP_EQ);

My apologies for such a basic C question.  I've been deeply corrupted by
Perl and PHP, to the point that 'malloc' is a dim and distant memory.

Long version:

> I'm trying to work out (in 2.0.0) how to achieve "matching group specific
> per user reply attributes" using rlm_sql, based on which group(s) matched
> the authentication request.

As per my post just now on the -users list, I found a really simple approach
that works for Huntgroup.

However, I'm still ditzing around with a patch to rlm_sql.c that does what I
originally fantasized about, whereby 'radreply' attributes optionally only
match if associated with a (new) matching CheckGroup column in 'radreply'.
This would do what I'm currently achieving with my Huntgroup hack, but in a
more generic fashion, and without having to maintain a Huntgroup config.

As per my original description:

> As far as I can tell, this would require some surgery to rlm_sql, and an
> additional (optional) CheckGroup column in the 'radreply' table:
> UserName,Attribute,op,Value,CheckGroup
> radiustest,Mikrotik-Rate-Limit,=,512k/512k,WIRELESS
> radiustest,Some-Dialup-Attribute,=,foo,DIALUP
> radiustest,Some-Common-Attribute,=,bar,

I've almost got this working, by simply adding a
'rlm_sql_pre_process_groups' function, optionally called before the
radcheck/radreply processing in rlm_sql_authorize.  The 'pre_process'
function goes thru the groups, finds the ones with matching checks, and
builds a comma separated string of the matching Groupnames, which gets
assigned to %{control:Matched-Groups}.  I then use that in the
authorize_reply_query as:

> AND (CheckGroup = '' OR CheckGroup IN(%{control:Matched-Groups}))

So far so good.  And it's all working ... except that I haven't used C in
about 15 years, basically since the day I discovered Perl.  And I've totally
forgotten all about C's dynamic memory allocation.  And no matter what
combination of char *, char[x], malloc, strcpy and strcat I use, I'm ending
up with garbage at the start of the string I'm trying to build.

>    -- hugh

   -- hugh

More information about the Freeradius-Devel mailing list