Access-Reject in a php script

Patric patrict at bluebottle.com
Tue Oct 30 15:06:04 CET 2007


Alan DeKok wrote:
>   Yes, the debug output helped.  It looks like it's an issue with
> src/main/exec.c.  The code calling module_authorize() should treat FAIL
> the same as REJECT.

Is that src/main/exec.c or src/main/auth.c?

If I look at src/main/auth.c I see the following :

int rad_authenticate(REQUEST *request)
{
...
/* Get the user's authorization information from the database */
autz_redo:
         result = module_authorize(autz_type, request);
         switch (result) {
                 case RLM_MODULE_NOOP:
                 case RLM_MODULE_NOTFOUND:
                 case RLM_MODULE_OK:
                 case RLM_MODULE_UPDATED:
                         break;
                 case RLM_MODULE_FAIL:
                 case RLM_MODULE_HANDLED:
                         return result;
                 case RLM_MODULE_INVALID:
                 case RLM_MODULE_REJECT:
                 case RLM_MODULE_USERLOCK:
                 default:
...

Is this the code you are referring to? Should RLM_MODULE_FAIL go in with 
the last few that drop into the default case?

So this would fix it :

         result = module_authorize(autz_type, request);
         switch (result) {
                 case RLM_MODULE_NOOP:
                 case RLM_MODULE_NOTFOUND:
                 case RLM_MODULE_OK:
                 case RLM_MODULE_UPDATED:
                         break;
                 /*case RLM_MODULE_FAIL:*/
                 case RLM_MODULE_HANDLED:
                         return result;
                 case RLM_MODULE_FAIL:
                 case RLM_MODULE_INVALID:
                 case RLM_MODULE_REJECT:
                 case RLM_MODULE_USERLOCK:
                 default:

Makes sense, because the default case returns a reject...
Alan you are a genius!
Is this even considered a bug? Can we expect this to be changed in the 
future?

Thanks a stack for all the time Alan!

-- 

Q: I want to be a sysadmin.  What should I do?

A: Seek professional help.

----------------------------------------------------------------------
Get a free email address with REAL anti-spam protection.
http://www.bluebottle.com/tag/1




More information about the Freeradius-Users mailing list