rlm_sql: processing radcheck & radgroupcheck

Peter Nixon listuser at peternixon.net
Fri May 25 22:59:15 CEST 2007 

On Fri 25 May 2007, Milan Holub wrote:
> Hi All,
>
> On Thu, Apr 12, 2007 at 12:00:26PM +0200, Milan Holub wrote:
> > Here is my patch which enables read_groups option and targets the issue
> > above(rejects user immediately if it's found that the radcheck failed):
>
> ==> it looks like nobody was interested... but anyway the patch
> contained a bug, it did not release the sql socket when the user typed
> in wrong password which has led to slower "DB handlers dying" (posted by
> me to another thread)
> Thus if someone interested here is a correct patch:
>
>
> Index: src/modules/rlm_sql/rlm_sql.c
> ===================================================================
> RCS file: /source/radiusd/src/modules/rlm_sql/rlm_sql.c,v
> retrieving revision 1.169
> diff -u -r1.169 rlm_sql.c
> --- src/modules/rlm_sql/rlm_sql.c       15 May 2007 10:10:35 -0000     
> 1.169 +++ src/modules/rlm_sql/rlm_sql.c       25 May 2007 12:33:59 -0000
> @@ -57,6 +57,8 @@
>          offsetof(SQL_CONFIG,tracefile), NULL, SQLTRACEFILE},
>         {"readclients", PW_TYPE_BOOLEAN,
>          offsetof(SQL_CONFIG,do_clients), NULL, "no"},
> +       {"read_groups", PW_TYPE_BOOLEAN,
> +        offsetof(SQL_CONFIG,read_groups), NULL, "yes"},
>         {"deletestalesessions", PW_TYPE_BOOLEAN,
>          offsetof(SQL_CONFIG,deletestalesessions), NULL, "yes"},
>         {"num_sql_socks", PW_TYPE_INTEGER,
> @@ -638,6 +640,11 @@
>                         /*
>                          *      Only do this if *some* check pairs were
> returned */
> +                       DEBUG2("rlm_sql (%s):  check items",
> inst->config->xlat_name); +                       vp_listdebug(check_tmp);
> +                       DEBUG2("rlm_sql (%s):  items found in packet",
> inst->config->xlat_name); +                      
> vp_listdebug(request->packet->vps);
> +
>                         if (paircompare(request, request->packet->vps,
> check_tmp, &request->reply->vps) == 0) { found = 1;
>                                 DEBUG2("rlm_sql (%s): User found in group
> %s", @@ -960,6 +967,12 @@
>                                 dofallthrough = fallthrough(reply_tmp);
>                         pairxlatmove(request, &request->reply->vps,
> &reply_tmp); pairxlatmove(request, &request->config_items, &check_tmp); + 
>              } else {
> +                       /*
> +                        *      check items did not match; do not process
> groups; return REJECT immediately +                        */
> +                       sql_release_socket(inst, sqlsocket);
> +                       return RLM_MODULE_REJECT;
>                 }
>         }


Please put it in the bug tracker....

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc

More information about the Freeradius-Users mailing list