(RADIATOR) Platypus; AuthEMERALD; HonourServerPortAccess
Steve Brown
steve at neteze.com
Sat Apr 13 00:39:02 CDT 2002
We have recently decided to restrict logins on a particular RAS to ISDN
only.
Within our <Realm> using <AuthBy EMERALD> I added the HonourServerPortAccess
flag.
It appears that Radiator runs the PortAccessQuery (see AuthEMERALD.pm) and
either returns nothing (the users AccountType is not matched in the Server
Access table) or in our case returns a single row (the users AccountType is
ISDN and thus a row is returned)
The problem (well, not since I applied my crappy patch) is that when the row
returns nothing it still lets them on. We verified that the query returns
what we expect (either one row or no rows), running the query locally on our
M$SQL server. I eventually did this:
# diff AuthEMERALD.pm AuthEMERALD.pm.ORIGINAL
68a69
> and sa.Port=%0
209,211d209
< } else {
< $self->log($main::LOG_DEBUG, "ERROR Login Restricted By
ServerAccess");
< return undef;
Removing the sa.Port=%0 is semi-irrelevant (I think), that just says we
don't really ever care about the NAS-Port
But why am I needing to add the "else log it then return undef" in? When I
looked at the code I assumed that line 185 (of the original code, release
3.0) should be doing that.
Any ideas?
Steve Brown
steve at napanet.net
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list