hints processing for Accounting-On / Off packets?

Stefan Winter stefan.winter at restena.lu
Mon Feb 13 12:58:02 CET 2006


> It seems you're right.

Glad that I'm not just plain stupid :-)

> The 1.1.0 source has in rlm_preprocess: 
> static int hints_setup(PAIR_LIST *hints, REQUEST *request)
> {
>          char            *name;
>          VALUE_PAIR      *add;
>          VALUE_PAIR      *tmp;
>          PAIR_LIST       *i;
>          VALUE_PAIR *request_pairs;
>          request_pairs = request->packet->vps;
>          if (hints == NULL || request_pairs == NULL)
>                  return RLM_MODULE_NOOP;
> i.e. if there's no username, which there isn't in an Acct-On/Off, skip
> processing.

Well, the accounting packet does contain several value pairs, so I would be 
surprised that the request_pairs == NULL condition is fulfilled. I mean, if 
you look at that packet I sent, it contains NAS-Identifier and lots of 
others, and these _are_ VPs, no?

> This makes sense of course, because the "hints" file refers 
> to hint strings in the USERNAME, such as "username.ppp" meaning to start
> PPP.

That's not how I read the comments in hints:

#       The hints file.   This file is used to match
#       a request, and then add attributes to it.

There's some mention of some special rules "Prefix" and "Suffix", and _these_ 
can only work on the User-Name. Anything else should be doable anyway.

> Sadly you can't use an ordinary "users" file, because you want to add
> the RESTENA-Service-Type to the INPUT AVPs. You could add it to the
> config AVPs then do this:
> detailfile = path/%{config:RESTENA-Service-Type}-service/detail
> ...but sadly the "users" file can't add arbitrary things to config
> items; just AVPs it "knows" are server AVPs.
> You could use a "passwd" module instance like this:
> modules {
>    passwd accttype {
>      filename = /path/to/file
>      # lookup on *ed field; ~ed are added to request; unprefixed
>      # are added to configure; =ed are added to reply
>      format = "*Client-IP-Address:~RESTENA-Service-Type:Acct-Type"
>      hashsize = 100
>    }
> }
> authorize {
>    preprocess
>    accttype
>    # other stuff

Thanks for those workarounds. But, I'm not sure I like them. hints would have 
made this wonderfully easy... and the way I see the hints file described, I 
tend to think it should work. Maybe this can be considered a bug? If yes, I 
might look into the code and submit a patch. Just give me a go-ahead...




Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu     Tel.:     +352 424409-1
http://www.restena.lu                Fax:      +352 422473

More information about the Freeradius-Users mailing list