SQL setting auth-type & return codes
Phil Mayers
p.mayers at imperial.ac.uk
Wed Mar 5 18:32:41 CET 2008
I was going to knock out a quick concept patch but I see it's not a
trivial patch; before I make the effort to code it I thought I'd check:
It seems useful for the sql module to set the return code to
RLM_MODULE_REJECT if the Auth-Type gets set to reject - the specific use
case I have is an unlang policy like so:
authorize {
preprocess
sql
if ("%{reply:MyStatus}" !~ /Active|Guest/) {
reject
}
# ...some more stuff
}
...however inside the SQL I have groups with
id | groupname | attribute | op | value
----+-----------+-----------+----+--------
2 | staff | MyStatus | = | Active
3 | banned | Auth-Type | := | Reject
...and it would be nice if members of the "banned" group stopped
processing early.
At the moment the SQL module only returns FAIL, NOTFOUND or OK.
Thoughts?
More information about the Freeradius-Users
mailing list