rlm_sql: processing radcheck & radgroupcheck

Milan Holub holub at thenet.ch
Fri May 25 14:34:36 CEST 2007 

Hi All,

On Thu, Apr 12, 2007 at 12:00:26PM +0200, Milan Holub wrote:
> Here is my patch which enables read_groups option and targets the issue
> above(rejects user immediately if it's found that the radcheck failed):
> 
==> it looks like nobody was interested... but anyway the patch
contained a bug, it did not release the sql socket when the user typed
in wrong password which has led to slower "DB handlers dying" (posted by
me to another thread)
Thus if someone interested here is a correct patch:


Index: src/modules/rlm_sql/rlm_sql.c
===================================================================
RCS file: /source/radiusd/src/modules/rlm_sql/rlm_sql.c,v
retrieving revision 1.169
diff -u -r1.169 rlm_sql.c
--- src/modules/rlm_sql/rlm_sql.c       15 May 2007 10:10:35 -0000      1.169
+++ src/modules/rlm_sql/rlm_sql.c       25 May 2007 12:33:59 -0000
@@ -57,6 +57,8 @@
         offsetof(SQL_CONFIG,tracefile), NULL, SQLTRACEFILE},
        {"readclients", PW_TYPE_BOOLEAN,
         offsetof(SQL_CONFIG,do_clients), NULL, "no"},
+       {"read_groups", PW_TYPE_BOOLEAN,
+        offsetof(SQL_CONFIG,read_groups), NULL, "yes"},
        {"deletestalesessions", PW_TYPE_BOOLEAN,
         offsetof(SQL_CONFIG,deletestalesessions), NULL, "yes"},
        {"num_sql_socks", PW_TYPE_INTEGER,
@@ -638,6 +640,11 @@
                        /*
                         *      Only do this if *some* check pairs were returned
                         */
+                       DEBUG2("rlm_sql (%s):  check items", inst->config->xlat_name);
+                       vp_listdebug(check_tmp);
+                       DEBUG2("rlm_sql (%s):  items found in packet", inst->config->xlat_name);
+                       vp_listdebug(request->packet->vps);
+
                        if (paircompare(request, request->packet->vps, check_tmp, &request->reply->vps) == 0) {
                                found = 1;
                                DEBUG2("rlm_sql (%s): User found in group %s",
@@ -960,6 +967,12 @@
                                dofallthrough = fallthrough(reply_tmp);
                        pairxlatmove(request, &request->reply->vps, &reply_tmp);
                        pairxlatmove(request, &request->config_items, &check_tmp);
+               } else {
+                       /*
+                        *      check items did not match; do not process groups; return REJECT immediately
+                        */
+                       sql_release_socket(inst, sqlsocket);
+                       return RLM_MODULE_REJECT;
                }
        }




Milan Holub
holub (at) thenet (dot) ch

--------------------------------------
 TheNet-Internet Services AG,
 im Bernertechnopark, Morgenstr. 129
 CH-3018, Bern, Switzerland
 031 998 4333, Fax 031 998 4330
 http://www.thenet.ch
 http://wlan.thenet.ch
--------------------------------------

More information about the Freeradius-Users mailing list