Forcing lowercase User-Name with rlm_perl

Thu Jun 12 00:06:21 CEST 2008

Wow Chris, looks great and is very helpful!

I will test it tomorrow and give a short feedback whether it works.

Thanks a lot,
oz

On Wed, 11 Jun 2008 14:28:13 -0700
Chris <cjl at viptalk.net> wrote:

> I'm doing this:
> 
> perl_tolower.pm:
> use strict;
> use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
> #
> # This the remapping of return values
> #
>          use constant    RLM_MODULE_REJECT=>    0;#  /* immediately  
> reject the request */
>          use constant    RLM_MODULE_FAIL=>      1;#  /* module failed,  
> don't reply */
>          use constant    RLM_MODULE_OK=>        2;#  /* the module is  
> OK, continue */
>          use constant    RLM_MODULE_HANDLED=>   3;#  /* the module  
> handled the request, so stop. */
>          use constant    RLM_MODULE_INVALID=>   4;#  /* the module  
> considers therequest invalid. */
>          use constant    RLM_MODULE_USERLOCK=>  5;#  /* reject the  
> request (useris locked out) */
>          use constant    RLM_MODULE_NOTFOUND=>  6;#  /* user not found  
> */
> 	use constant    RLM_MODULE_NOOP=>      7;#  /* module succeeded  
> withoutdoing anything */
>          use constant    RLM_MODULE_UPDATED=>   8;#  /* OK (pairs  
> modified) */
>          use constant    RLM_MODULE_NUMCODES=>  9;#  /* How many  
> return codes there are */
> 
> sub authorize {
> 	$RAD_REQUEST{'User-Name'} = lc($RAD_REQUEST{'User-Name'});
> 	return RLM_MODULE_OK;
> }
> 
> sub preacct {
> 	$RAD_REQUEST{'User-Name'} = lc($RAD_REQUEST{'User-Name'});
> 	return RLM_MODULE_OK;
> }
> 
> radiusd.conf:
> modules {
> ...
>          perl {
>                  module = /usr/local/etc/perl_tolower.pm
>          }
> ...
> }
> 
> In sites-enabled/default:
> 
> authorize {
>          preprocess
>          perl
> ...
> }
> 
> preacct {
>          preprocess
>          perl
> ...
> }
> 
> Works great as long as you don't have occasion for upper-case in User- 
> Name.
> 
> I am pretty sure when you define the module, you can have multiple  
> instances.  It might be better to name this module perl-lc-username  
> and use perl-lc-username in the authorize{} and preacct{} sections of  
> sites-enabled/default.
> 
> Like this:
> 
> radiusd.conf:
> 
> modules {
> ...
>          perl-lc-username {
>                  module = /usr/local/etc/perl_tolower.pm
>          }
> ...
> }
> 
> In sites-enabled/default:
> 
> authorize {
>          preprocess
>          perl-lc-username
> ...
> }
> 
> preacct {
>          preprocess
>          perl-lc-username
> ...
> }
> 
> That'd be a lot clearer when you're looking at it months or years  
> later.  I haven't tried this but it works with other modules.
> 
> On Jun 11, 2008, at 1:04 PM, oz wrote:
> 
> > On Sat, 17 May 2008 18:09:09 -0700
> > Chris <cjl at viptalk.net> wrote:
> >
> >> Thanks.  I'll look at lc.
> >> I was actually more concerned about the interfacing with  
> >> freeradius  than the perl itself.
> >
> > Hello, another user here, who needs "lower_user = before" to be able  
> > to
> > switch to freeradius-2.0.x. Our database is an historically grown
> > users-file.
> >
> > Were you or somebody else able to follow the advice of using
> > rlm_perl and lc()?
> >
> > I must admit, I'm not able to program freeradius-perl-plugins :-/, but
> > would test it if necessary. At the moment I don't even have the
> > rlm_perl in /usr/local/lib/, but that I could solve by myself I guess
> > (libperl-dev wasn't already installed during compile-time on my  
> > minimal
> > Debian/lenny etc.).
> >
> > I know, there is nothing like a wishlist, but the lowercase-feature is
> > essential if we want to use 2.x it in the future.
> >
> > kind regards