(RADIATOR) Feature Request, Patch attached: AuthBy SQL and PostAuthSelectHook

Wed Nov 24 15:47:44 CST 2004

Hello Charly,

thanks for the patch. we have rolled it in to the next release, and it is also 
in the 3.11 patch set.

Im not convinced that the decode(sign(disflag), 0, 'Accept', 'Reject') was 
such a bad solution, though.

Cheers.

On Thursday 25 November 2004 01:08, Karl Gaissmaier wrote:
> Hi Mike or Hugh and all Radiator lovers,
>
> we have a big Oracle user database as backend, storing
> account and service data for all our users. If we want to
> block one service for an user (like WLAN access if his Laptop
> is infected with viruses and trojans) we set a flag in the
> database to disable just the WLAN access for this user, still
> providing the e-mail and other services.
>
> AuthSQL isn't smart enough to deal with this until I change
> the table definitions. Even the parameter AuthColumnDef can't
> solve this. Until now I had a really poor workaround with the
> (maybe Oracle specific) SQL function decode():
>
> # trick: return check-item Auth-Type = Accept|Reject
> AuthColumnDef   0, Auth-Type, check
>
> # select service disable flag
> AuthSelect  SELECT decode(sign(disflag), 0, 'Accept', 'Reject')\
>                 FROM ....
>
>
> this could be really better done with a PostAuthSelectHook:
>
> AuthColumnDef        0, Auth-Type, check
>
> PostAuthSelectHook   sub { my ($self, $name, $p, $user, $row) = @_; \
>                             my $flag = $row->[0];                    \
>                             $row->[0] = $flag ? 'Reject' : 'Accept'; \
>                            }
>
> with the following hook parameter documentation
> (similar to AuthBy LDAP and PostSerchHook):
>
> 6.29.23 PostAuthSelectHook
>
> This optional parameter allows you to define a Perl function that will
> be run during the authentication process. The hook will be called after
> the AuthSelect results have been received, and after Radiator has
> processed the attributes it is interested in.
>
> The first argument passed to the hook is a handle to the current AuthBy
> SQL object. The second argument is the name of the user being
> authenticated. The third argument is a pointer to the current request.
> The fourth argument is a pointer to the User object being constructed to
> hold the check and reply items for the user being authenticated.
> The fifth argument ($_[4]) is a reference to the @row resulting from
> AuthSelect.
>
> (Example missing, goodies missing)
>
> With this PostAuthSelectHook you can use ANY database schema.
> This would be much more powerful than AuthColumnDef since in this
> hook you can rewrite all @row values, add check- reply items
> directly to the user object and much more.
>
> I would appreciate it if you could incorporate this feature
> in the 3.11 patches and the next Radiator release.
>
> Thanks in advance
>      Charly
>
> P.S. really small patch attached

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.