rlm_sql and read_groups
dawson at vt.edu
Tue Jul 12 23:21:31 CEST 2011
Bug 166 has a patch for this.
Noticed it didn't seem to be failing if the user was found, but wasn't in any groups, even though I instructed it to check for groups. That's incorrect behavior in my case (plenty of users who were authorized at one time, but are no longer) and it seems to stem from a gap in the logic, where it found the user, set found=1, then didn't have a case to handle rows == 0, and so would move through the function, reach the end with found=1, and succeed, when it should have failed.
Bug 167 has two patches for this, really jus the result of testing it once and then applying the change in a couple other places, so two commits were involved. The change DOES seem to provide the desired behavior if the user exists but isn't in a valid group.
On 12 Jul 2011, at 10:17, Arran Cudbard-Bell wrote:
>> Also, if there's interest, I can submit the oracle-ized version of the schema that we created. The one included in the source users non-oracle variable types and a few incorrect restrictions (Several items are set unique when, logically, they should not be).
>> Thanks much,
> Sure, could you put a patch together and send a pull request via GitHub. If you can't figure out git/github I can put some instructions together on the wiki.
> Arran Cudbard-Bell
> a.cudbardb at freeradius.org
> RADIUS - Half the complexity of Diameter
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users