When performing the Authorize section using the REst module, is it possible to add a module failure message to the 403 response?
남혁준
sawd1598 at gmail.com
Tue Jan 23 15:32:53 UTC 2024
First of all, please understand that I am not able to receive replies to
existing questions due to incorrect system settings, so I cannot reply and
am asking a new question.
The link to the existing question is this.
https://lists.freeradius.org/pipermail/freeradius-users/2024-January/104052.html
rlm_rest (rest): Reserved connection (2)
(16) rest: Expanding URI components
(16) rest: EXPAND http://0.0.0.0:9012
(16) rest: --> http://0.0.0.0:9012
(16) rest: EXPAND
/auth/user/%{User-Name}?callingStationId=%{Calling-Station-Id}&calledStationId=%{Called-Station-Id}&eapType=%{EAP-Type}
(16) rest: -->
/auth/user/test?callingStationId=00-D7-B2-E6-FA-00&calledStationId=00-03-84-B6-00-CC%3Aradius%20122&eapType=PEAP
(16) rest: Sending HTTP GET to "
http://0.0.0.0:9012/auth/user/test?callingStationId=00-00-B0-E0-0A-80&calledStationId=00-00-00-B6-D0-00%3Aradius%20122&eapType=PEAP
"
(16) rest: Processing response header
(16) rest: Status : 403 ()
(16) rest: Type : json (application/json)
(16) rest: Adding reply:REST-HTTP-Status-Code = "403"
(16) rest: ERROR: Server returned:
(16) rest: ERROR: {"request:Module-Failure-Message":"add message but..."}
rlm_rest (rest): Released connection (2)
Need more connections to reach 10 spares
rlm_rest (rest): Opening additional connection (6), 1 of 26 pending slots
used
rlm_rest (rest): Connecting to "http://0.0.0.0:9012"
(16) [rest] = userlock
(16) } # if (!&outer.session-state:Done-Rest) = userlock
(16) } # authorize = userlock
(16) Using Post-Auth-Type Reject
(16) # Executing group from file
/etc/freeradius/sites-enabled/inner-tunnel
(16) Post-Auth-Type REJECT {
(16) update {
(16) &Calling-Station-Id = &outer.request:Calling-Station-Id ->
'00-00-00-00-00-00'
(16) &Called-Station-Id = &outer.request:Called-Station-Id ->
'00-03-00-00-00-00:radius'
(16) &EAP-Type := &outer.request:EAP-Type -> PEAP
(16) } # update = noop
First of all, I am from Korea and it is difficult to translate what you are
saying.
The FreeRADIUS version I am using is 3.0.24.
To summarize the question again,
When performing the Authorize step in a Rest Module, is it possible to
(rest.authorize) deliver a 403 HTTP Status Code response and a message and
attach it to "Module-Failure-Message"?
Alan DeKok said it was in "Sure" and in "rlm_rest.c".
Probably "rlm_rest.c" is
I think you mean "mods-enabled/rest".
However, I find this module difficult to handle.
No matter how many explanations I read, I couldn't find an answer to this.
sorry.
I guess it's hard for me to interpret Alan DeKok's answer because I'm not
very smart.
Is it “possible” or “I can figure it out if I read the description of this
module.”
Which of the two did you mean?
Looking at the message you wrote later, I don't know whether you meant
"It's possible" or "It's impossible and I'll think about it."
I'm really sorry, but I wonder if what I want to do is possible. If
possible, please explain in more detail what section I should refer to.
More information about the Freeradius-Users
mailing list