Access-Reject in a php script

Alan DeKok aland at deployingradius.com
Tue Oct 30 15:10:14 CET 2007


Patric wrote:
> Alan DeKok wrote:
> Is that src/main/exec.c or src/main/auth.c?

  Sorry, src/main/auth.c

> If I look at src/main/auth.c I see the following :
> 
> int rad_authenticate(REQUEST *request)
> {
> ...
> /* Get the user's authorization information from the database */
> autz_redo:
>         result = module_authorize(autz_type, request);
>         switch (result) {
>                 case RLM_MODULE_NOOP:
>                 case RLM_MODULE_NOTFOUND:
>                 case RLM_MODULE_OK:
>                 case RLM_MODULE_UPDATED:
>                         break;
>                 case RLM_MODULE_FAIL:

  Delete this line.

>                 case RLM_MODULE_HANDLED:
>                         return result;
>                 case RLM_MODULE_INVALID:

  Put a copy of that line here.

>                 case RLM_MODULE_REJECT:
>                 case RLM_MODULE_USERLOCK:
>                 default:
> ...
> 
> Is this the code you are referring to? Should RLM_MODULE_FAIL go in with
> the last few that drop into the default case?

  Yes.

> Makes sense, because the default case returns a reject...
> Alan you are a genius!

  Sometimes.  If you look at who wrote that code in the first place...

> Is this even considered a bug? Can we expect this to be changed in the
> future?

  Yes.

> Thanks a stack for all the time Alan!

  You're welcome.

  Alan DeKok.





More information about the Freeradius-Users mailing list