[Devel] radiusclient-ng error codes
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Fri Mar 30 14:13:38 CEST 2007
Hi Juha,
I was not aware of that, as I never used freeradius lib for openser so
far. If they accept your submision, it will be great.
Thanks for update,
Bogdan
Juha Heinanen wrote:
> Bogdan-Andrei Iancu writes:
>
> > have you checked the same of freeradius client library? You now have the
> > option to compile against it. The problem is there are no packages for
> > it for debian - you need to compile it :(...
>
> freeradius-client is no better, i.e., one cannot tell if authetication
> failed due to reject of if some error occurred:
>
> if ((recv_auth->code == PW_ACCESS_ACCEPT) ||
> (recv_auth->code == PW_PASSWORD_ACK) ||
> (recv_auth->code == PW_ACCOUNTING_RESPONSE))
> {
> result = OK_RC;
> }
> else
> {
> result = BADRESP_RC;
> }
>
> i filed an enhancement report to freeradius-client developers, where i
> suggested that a new result code REJECT_RC is defined and returned when
> recv_auth->code == PW_ACCESS_REJECT or PW_PASSWORD_REJECT.
>
> -- juha
>
>
> >
> > regards,
> > bogdan
> >
> > Juha Heinanen wrote:
> > > i checked return codes in radiusclient-ng and at least in the version i
> > > had access (RELENG_0_5_1), it does a very bad job:
> > >
> > > * Function: rc_check_reply
> > > *
> > > * Purpose: verify items in returned packet.
> > > *
> > > * Returns: OK_RC -- upon success,
> > > * BADRESP_RC -- if anything looks funny.
> > >
> > > i.e., radiusclient-ng returns BADRESP_RC both when authentication failed
> > > normally and when, for example, radius server response was somehow bogus.
> > >
> > > as result, opener has no chance to know if some error occurred or if
> > > username/password simply didn't match.
> > >
> > > i think this needs to be fixed. is someone still maintaining
> > > radiusclient-ng or perhaps it is already fixed in a newer version?
> > >
> > > -- juha
> > >
> > > _______________________________________________
> > > Devel mailing list
> > > Devel at openser.org
> > > http://openser.org/cgi-bin/mailman/listinfo/devel
> > >
> > >
> >
>
>
More information about the Devel
mailing list