rlm_perl and proxy

Pshem Kowalczyk pshem.k at gmail.com
Wed Aug 23 01:19:22 CEST 2006 

Hi,

I'm trying to implement proxy using rlm_perl, I've applied the patch
that should allow me to modify the attributes, but it doesn't seem to
work. (freeradius 1.1.2)

Perl code:

# Function to handle pre_proxy
sub pre_proxy {

        &radiusd::radlog(1, "entering pre-proxy");

        my %hash = ();

        $hash{'User-Name'} = "testuser";
        $hash{'Operator'} = ":=";
        $RAD_REPLY{'User-Name'} = \%hash;

        return RLM_MODULE_UPDATED;
}

# Function to handle post_proxy
sub post_proxy {

        &radiusd::radlog(1, "entering post-proxy");
        my %hash = ();
        $hash{'Framed-IP-Address'} = "10.10.1.1";
        $hash{'Operator'} = ":=";
        $RAD_REPLY{'Framed-IP-Address'} = \%hash;

       return RLM_MODULE_UPDATED;
}


and then debug from radius:

rad_recv: Access-Request packet from host 127.0.0.1:32777, id=31, length=219
        User-Password = "password"
        User-Name = "test1 at somwhere.com"
        Acct-Session-Id = "erx atm 8/0.16901030:169.1030:0239293057"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Connect-Info = "speed:UBR"
        NAS-Port-Type = xDSL
        NAS-Port = 1084818438
        NAS-Port-Id = "atm 8/0.16901030:169.1030"
        NAS-IP-Address = 10.10.1.2
        NAS-Identifier = "CH_RAN_11"
        ERX-Qos-Profile-Name = "qos-3584k_shape"
        ERX-Ingress-Policy-Name = "128k_rate"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
    rlm_realm: Looking up realm "somwhere.com" for User-Name =
"test1 at somwhere.com"
    rlm_realm: Found realm "DEFAULT"
    rlm_realm: Adding Stripped-User-Name = "test1"
    rlm_realm: Proxying request from user test1 to realm DEFAULT
    rlm_realm: Adding Realm = "DEFAULT"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 1
perl_pool: item 0x81fc008 asigned new request. Handled so far: 2
found interpetator at address 0x81fc008
rlm_perl: Added pair REALM = somwhere.com
rlm_perl: Added pair Proxy-To-Realm = quik
rlm_perl: Added pair Stripped-User-Name = test1
perl_pool total/active/spare [3/0/3]
Unreserve perl at address 0x81fc008
  modcall[authorize]: module "perl" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
  Processing the pre-proxy section of radiusd.conf
modcall: entering group pre-proxy for request 1
perl_pool: item 0x85ea2a8 asigned new request. Handled so far: 2
found interpetator at address 0x85ea2a8
rlm_perl: entering pre-proxy
rlm_perl: Added pair User-Name = testuser
rlm_perl: Added pair Realm = somwhere.com
rlm_perl: Added pair Stripped-User-Name = test1
rlm_perl: Added pair Proxy-To-Realm = quik
perl_pool total/active/spare [3/0/3]
Unreserve perl at address 0x85ea2a8
  modcall[pre-proxy]: module "perl" returns updated for request 1
modcall: leaving group pre-proxy (returns updated) for request 1


As you can see it modified the User-Name attribute (at least it claims
it did), but:

Sending Access-Request of id 1 to 10.10.12.103 port 1812
        User-Password = "password"
        User-Name = "test1"
        Acct-Session-Id = "erx atm 8/0.16901030:169.1030:0239293057"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Connect-Info = "speed:UBR"
        NAS-Port-Type = xDSL
        NAS-Port = 1084818438
        NAS-Port-Id = "atm 8/0.16901030:169.1030"
        NAS-IP-Address = 10.10.1.2
        NAS-Identifier = "CH_RAN_11"
        ERX-Qos-Profile-Name = "qos-3584k_shape"
        ERX-Ingress-Policy-Name = "128k_rate"
        Proxy-State = 0x3331


It doesn't send it, what's more:

rad_recv: Access-Accept packet from host 10.10.12.103:1812, id=1, length=30
        Framed-IP-Address = 192.168.1.65
        Proxy-State = 0x3331
  Processing the post-proxy section of radiusd.conf
modcall: entering group post-proxy for request 1
perl_pool: item 0x89bb2e0 asigned new request. Handled so far: 2
found interpetator at address 0x89bb2e0
rlm_perl: entering post-proxy
rlm_perl: Added pair Framed-IP-Address = 10.10.1.1
rlm_perl: Added pair Realm = somwhere.com
rlm_perl: Added pair Stripped-User-Name = test1
rlm_perl: Added pair Proxy-To-Realm = quik
rlm_perl: Added pair Proxy-State = 0x3331
rlm_perl: Added pair Framed-IP-Address = 192.168.1.65
perl_pool total/active/spare [3/0/3]
Unreserve perl at address 0x89bb2e0
  modcall[post-proxy]: module "perl" returns updated for request 1
modcall: leaving group post-proxy (returns updated) for request 1
 authorize: Skipping authorize in post-proxy stage
  rad_check_password:  Found Auth-Type
  rad_check_password: Auth-Type = Accept, accepting the user
Sending Access-Accept of id 31 to 127.0.0.1 port 32777
        Framed-IP-Address := 10.10.1.1
        Framed-IP-Address = 192.168.1.65
Finished request 1


So in both cases it retaind original values of the attributes. How do
i fix this?

regards
pshemko

More information about the Freeradius-Users mailing list