Question regarding rlm_perl and Access-Challenge
source link: https://lists.freeradius.org/pipermail/freeradius-users/2008-August/030680.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Question regarding rlm_perl and Access-Challenge
Harry J Walsh
harry.walsh at gmail.com
Tue Aug 19 15:12:41 CEST 2008
Thanks for the swift reply Dekok. I tried what you suggested and it
doesn't work. Looking at dictionary.freeradius.internal and double
checking the values in the pair everything looks okay. I'm going to
play about with this a bit, but in the mean time here's some more
details and I would greatly appreciate it if you would scan over them
to see if there is anything obvious I am missing.
Here's my authenticate sub.
# Function to handle authenticate
sub authenticate {
# For debugging purposes only
&log_request_attributes;
if (($RAD_REQUEST{'User-Name'} =~ /^test/) &&
($RAD_REQUEST{'User-Password'} =~ /^pass/)) {
$RAD_REPLY{'State'} = "challenge";
$RAD_REPLY{'Reply-Message'} = "Challenge: ";
$RAD_REPLY{'Response-Packet-Type'} = "Access-Challenge";
&log_request_attributes;
return RLM_MODULE_HANDLED;
}
else {
# Reject user and tell him why
$RAD_REPLY{'Reply-Message'} = "Denied access by
rlm_perl function";
return RLM_MODULE_REJECT;
}
}
And here's the debug output:
perl_pool: item 0x827b1a0 asigned new request. Handled so far: 1
found interpetator at address 0x827b1a0
rlm_perl: RAD_REQUEST: User-Name = test
rlm_perl: RAD_REQUEST: User-Password = pass
rlm_perl: RAD_REQUEST: Service-Type = Login-User
rlm_perl: RAD_REQUEST: NAS-IP-Address = 10.250.0.170
rlm_perl: RAD_REQUEST: NAS-Port = 6
rlm_perl: RAD_REQUEST: User-Name = test
rlm_perl: RAD_REQUEST: User-Password = pass
rlm_perl: RAD_REQUEST: Service-Type = Login-User
rlm_perl: RAD_REQUEST: NAS-IP-Address = 10.250.0.170
rlm_perl: RAD_REQUEST: NAS-Port = 6
rlm_perl: RAD_REPLY: Reply-Message = Challenge:
rlm_perl: RAD_REPLY: Response-Packet-Type = Access-Challenge
rlm_perl: RAD_REPLY: State = challenge
rlm_perl: Added pair User-Name = test
rlm_perl: Added pair User-Password = pass
rlm_perl: Added pair Service-Type = Login-User
rlm_perl: Added pair NAS-IP-Address = 10.250.0.170
rlm_perl: Added pair NAS-Port = 6
rlm_perl: Added pair Reply-Message = Challenge:
rlm_perl: Added pair Response-Packet-Type = Access-Challenge
rlm_perl: Added pair State = challenge
rlm_perl: Added pair Auth-Type = Perl
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x827b1a0
++[perl] returns handled
There was no response configured: rejecting request 0
==
The last line here is confusing me. Looking at the code that spits
out this error, it seems to only happen when there is no
Response-Packet-Type in a request_post_handler.
switch (request->packet->code) {
case PW_AUTHENTICATION_REQUEST:
gettimeofday(&request->next_when, NULL);
if (request->reply->code == 0) {
/*
* Check if the lack of response is intentional.
*/
vp = pairfind(request->config_items,
PW_RESPONSE_PACKET_TYPE);
if (!vp) {
DEBUG2("There was no response configured: rejecting request %d",
request->number);
request->reply->code = PW_AUTHENTICATION_REJECT;
} else if (vp->vp_integer == 256) {
DEBUG2("Not responding to request %d",
request->number);
} else {
request->reply->code = vp->vp_integer;
}
}
On Tue, Aug 19, 2008 at 1:09 PM, Alan DeKok <aland at deployingradius.com> wrote:
> Harry J Walsh wrote:
>> I want to develop some test cases for a radius client I am developing
>> and I would like to be able to use rlm_perl to simulate various
>> scenarios. The one I am having major problems with is
>> Access-Challenge. I really like rlm_perl and the flexibility it
>> provides and I would like to be able to specify the reply type. I've
>> looked through documentation and the rlm_perl code for any hints on
>> how to do this and at this stage I'm thinking I'll have to create a
>> new interface to allow my perl script to specify the correct reply
>> type to rlm_perl.
>> Configure the reply with "Response-Packet-Type = Access-Challenge",
> and make sure that the authenticate section returns "handled". That
> should do it.
>> And yes, this isn't documented.
>> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Harry J Walsh
Recommend
-
15
FreeRADIUS PAP Challenge Authentication using rlm...
-
4
Question regarding rlm_perl and Access-Challenge Skip to site navigation (Press enter) Yes, that worked a charm. Thanks for...
-
5
TwitterDon’t miss what’s happeningPeople on Twitter are the first to know.
-
9
Information Regarding Changes to our Contracts and Policies Written by Anna Burman 2021-03-05 Soon it...
-
4
You’re protected and no action is needed from your side. Cloud platforms will or have apply patches to protect VM-to-VM attacks and there’s no way for users to exploit these bugs from within our servers. These bugs are not possible...
-
3
Google calendar: news regarding Tasks and Reminders
-
6
kaushal_2704's blog Regarding E...
-
1
chromate00's blog Important quest...
-
2
Doubt regarding regular contests during the Huwei ICPC challengeLoading [MathJax]/jax/output/HTML-CSS/fonts/TeX/fontdata.js...
-
3
Yes exactly same question I have regarding the inp... ...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK