[Devel] radiusclient-ng error codes

Bogdan-Andrei Iancu bogdan at voice-system.ro
Fri Mar 30 14:13:38 CEST 2007 

Hi Juha,

I was not aware of that, as I never used freeradius lib for openser so 
far. If they accept your submision, it will be great.

Thanks for update,
Bogdan

Juha Heinanen wrote:
> Bogdan-Andrei Iancu writes:
>
>  > have you checked the same of freeradius client library? You now have the 
>  > option to compile against it. The problem is there are no packages for 
>  > it for debian - you need to compile it :(...
>
> freeradius-client is no better, i.e., one cannot tell if authetication
> failed due to reject of if some error occurred:
>
> 	if ((recv_auth->code == PW_ACCESS_ACCEPT) ||
> 		(recv_auth->code == PW_PASSWORD_ACK) ||
> 		(recv_auth->code == PW_ACCOUNTING_RESPONSE))
> 	{
> 		result = OK_RC;
> 	}
> 	else
> 	{
> 		result = BADRESP_RC;
> 	}
>
> i filed an enhancement report to freeradius-client developers, where i
> suggested that a new result code REJECT_RC is defined and returned when
> recv_auth->code == PW_ACCESS_REJECT or PW_PASSWORD_REJECT.
>
> -- juha
>
>
>  > 
>  > regards,
>  > bogdan
>  > 
>  > Juha Heinanen wrote:
>  > > i checked return codes in radiusclient-ng and at least in the version i
>  > > had access (RELENG_0_5_1), it does a very bad job:
>  > >
>  > > * Function: rc_check_reply
>  > >  *
>  > >  * Purpose: verify items in returned packet.
>  > >  *
>  > >  * Returns:	OK_RC       -- upon success,
>  > >  *		BADRESP_RC  -- if anything looks funny.
>  > >
>  > > i.e., radiusclient-ng returns BADRESP_RC both when authentication failed
>  > > normally and when, for example, radius server response was somehow bogus.
>  > >
>  > > as result, opener has no chance to know if some error occurred or if
>  > > username/password simply didn't match.
>  > >
>  > > i think this needs to be fixed.  is someone still maintaining
>  > > radiusclient-ng or perhaps it is already fixed in a newer version?
>  > >
>  > > -- juha
>  > >
>  > > _______________________________________________
>  > > Devel mailing list
>  > > Devel at openser.org
>  > > http://openser.org/cgi-bin/mailman/listinfo/devel
>  > >
>  > >   
>  > 
>
>

More information about the Devel mailing list