Setting Client-IP-Address in rlm_preprocess

John Morrissey jwm at horde.net
Wed Oct 21 22:06:14 CEST 2009 

On Wed, Sep 02, 2009 at 07:37:04PM -0400, John Morrissey wrote:
> Client-IP-Address is dynamically set by xlat_packet(). AFAICT, there's no
> way to trigger this in rlm_perl, so Client-IP-Address is never available in
> rlm_perl handlers.
> 
> This leads to some interesting unlang to set Client-IP-Address in the
> request so rlm_perl can access it:
> 
> authorize {
>     update request {
>         Client-IP-Address := "%{Client-IP-Address}"
>     }
> }
> 
> rlm_preprocess sets NAS-IP-Address if it's not set. Alan, would you accept a
> patch to add similar behavior for Client-IP-Address?

I forked the github FreeRADIUS tree a while ago and made this change.
I sent a pull request for this commit, but haven't seen it pulled into
the canonical git tree, so maybe it's preferable to post it to -devel?

john


commit 0778ffe67b78c56014029f95dce22222e94a110a
Author: John Morrissey <jwm at horde.net>
Date:   Tue Sep 8 16:04:21 2009 +0000

    set client address in the request if it's not present, similar to
    the treatment of nas ip address

diff --git a/src/modules/rlm_preprocess/rlm_preprocess.c b/src/modules/rlm_preprocess/rlm_preprocess.c
index 5c25569..7fe91da 100644
--- a/src/modules/rlm_preprocess/rlm_preprocess.c
+++ b/src/modules/rlm_preprocess/rlm_preprocess.c
@@ -455,6 +455,40 @@ static int add_nas_attr(REQUEST *request)
 	return 0;
 }
 
+static int add_client_attr(REQUEST *request)
+{
+	VALUE_PAIR *client_addr;
+
+	switch (request->packet->src_ipaddr.af) {
+	case AF_INET:
+		client_addr = pairfind(request->packet->vps, PW_CLIENT_IP_ADDRESS);
+		if (!client_addr) {
+			client_addr = radius_paircreate(request, &request->packet->vps,
+						PW_CLIENT_IP_ADDRESS,
+						PW_TYPE_IPADDR);
+			client_addr->vp_ipaddr = request->packet->src_ipaddr.ipaddr.ip4addr.s_addr;
+		}
+		break;
+
+	case AF_INET6:
+		client_addr = pairfind(request->packet->vps, PW_CLIENT_IPV6_ADDRESS);
+		if (!client_addr) {
+			client_addr = radius_paircreate(request, &request->packet->vps,
+						PW_CLIENT_IPV6_ADDRESS,
+						PW_TYPE_IPV6ADDR);
+			memcpy(client_addr->vp_strvalue,
+			       &request->packet->src_ipaddr.ipaddr,
+			       sizeof(request->packet->src_ipaddr.ipaddr));
+		}
+		break;
+
+	default:
+		radlog(L_ERR, "Unknown address family for packet");
+		return -1;
+	}
+
+	return 0;
+}
 
 /*
  *	Initialize.
@@ -560,6 +594,10 @@ static int preprocess_authorize(void *instance, REQUEST *request)
 		return RLM_MODULE_FAIL;
 	}
 
+	if (add_client_attr(request) < 0) {
+		return RLM_MODULE_FAIL;
+	}
+
 	hints_setup(data->hints, request);
 
 	/*
@@ -626,6 +664,10 @@ static int preprocess_preaccounting(void *instance, REQUEST *request)
 		return RLM_MODULE_FAIL;
 	}
 
+	if (add_client_attr(request) < 0) {
+		return RLM_MODULE_FAIL;
+	}
+
 	hints_setup(data->hints, request);
 
 	if ((r = huntgroup_access(request,

-- 
John Morrissey          _o            /\         ----  __o
jwm at horde.net        _-< \_          /  \       ----  <  \,
www.horde.net/    __(_)/_(_)________/    \_______(_) /_(_)__

More information about the Freeradius-Devel mailing list