Different behaviour of 2.2.0 and 2.2.6 in handling Post-auth-type reject

Wiesław Bieniek wieslaw.bieniek at comarch.com
Tue Dec 2 18:17:31 CET 2014 

Hello,

I've made some additional investigation and it seems, the problem is 
only present when request is rejected in post-auth section.

Any cue how to  overcome this.

I need to reject requests based on some attributes received from proxied 
response. But the same code is also used when no proxying is performed.

Any suggestions ?
I'm not as fluent in C programing to debug the code and locate the 
problem. Besides I even don't know if it is a bug or planned feature.

Could some please point the part of code where to look for the issue ?


W dniu 2014-11-27 15:49, Wiesław Bieniek pisze:
>     Hello,
>
> I've used default server configured as follows:
> post-auth {
>  # my module decides to allow or reject request
>     rtdps2
>
>     Post-Auth-Type REJECT {
>
>         attr_filter.access_reject
>     }
>
> }
>
> When I run this on 2.2.0 I got debug:
>
> Thu Nov 27 14:28:44 2014 : Info: ++[rtdps2] returns reject
> Thu Nov 27 14:28:44 2014 : Info: Using Post-Auth-Type REJECT
> Thu Nov 27 14:28:44 2014 : Info: # Executing group from file 
> ../etc/raddb/sites-enabled/default
> Thu Nov 27 14:28:44 2014 : Info: +- entering group REJECT {...}
> Thu Nov 27 14:28:44 2014 : Info: [attr_filter.access_reject] expand: 
> %{User-Name} -> testing
> Thu Nov 27 14:28:44 2014 : Debug: attr_filter: Matched entry DEFAULT 
> at line 11
> Thu Nov 27 14:28:44 2014 : Info: ++[attr_filter.access_reject] returns 
> updated
> Sending Access-Reject of id 80 to 192.168.1.4 port 33304
>         Cisco-AVPair := "h323-return-code=8"
>
> Which is correct, but when I run it in 2.2.6 I got:
>
> Thu Nov 27 14:19:35 2014 : Info: ++[rtdps2] = reject
> Thu Nov 27 14:19:35 2014 : Info: +} # group post-auth = reject
> Sending Access-Reject of id 186 to 192.168.1.4 port 49975
>         Service-Type = 0
>         Framed-Protocol = 0
>         Cisco-AVPair := "h323-return-code=8"
> Thu Nov 27 14:19:35 2014 : Info: Finished request 0.
>
> Which is wrong, because attributes was not filtered out.
>
> Am I missing something ?
> Is this a bug ?
> What to do to make version 2.2.6 to work the same way 2.2.0 does ?
>
>
>
> Regards-
> *Wiesław Bieniek*
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
*Wiesław Bieniek*
Projektant Telco BSS R&D

tel. +48 12 646 12 66
website: www.comarch.pl <http://www.comarch.pl>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141202/cfd270b0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2197 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141202/cfd270b0/attachment-0001.bin>

More information about the Freeradius-Users mailing list