Using rlm_caching: rejects on cached requests
Alan DeKok
aland at deployingradius.com
Thu Apr 26 10:01:42 CEST 2012
Jeroen Scheerder wrote:
> I've modified rlm_caching.c thusly:
>
> if ((auth_type = pairfind(request->config_items, PW_AUTH_TYPE)) != NULL){
> DEBUG("rlm_caching: Found Auth-Type, value: '%s'",auth_type->vp_strvalue);
> /* JS - set Auth-Type to 'Accept' if unset */
> if (strcmp(auth_type->vp_strvalue,"") == 0){
Except that Auth-Type is an "integer" attribute. So why look at the
string when you can look at the integer value?
i.e. *What* is the integer value when the string is empty?
> DEBUG("rlm_caching: Auth-Type unset, assigning value: '%s'", "Accept");
> strcpy(auth_type->vp_strvalue, "Accept");
> }
> if (strcmp(auth_type->vp_strvalue,"Reject") == 0 && data->cache_rejects == 0){
See src/main/auth.c. You shouldn't do strcmp().
> Note that actual rejects don't seem to make the caching_postauth function, for whatever reason.
Because you didn't list "caching" in the "Post-Auth-Type Reject" section.
> This seems to be working. No doubt somebody'll step in and tell me how utterly wrong this is. :-)
I'd like to understand *why* the value is wrong. If it's cached, it
should cache the working value.
> Still, I'm content so far. But I have one more thing to take care of: I'd like to enable caching only for specific clients. How could I acomplish that?
"man unlang". Write conditional checks around the caching module.
Alan DeKok.
More information about the Freeradius-Users
mailing list