[RADIATOR] Log all request and reply attributes

Alexander.Hartmaier at t-systems.com Alexander.Hartmaier at t-systems.com
Tue Dec 13 09:15:28 UTC 2022 

Hi,
the following code works like a charm:

        $message->{radius}->{request} = $p->get_attrs; \
        # don't leak the TACACS+ key \
        delete $message->{radius}->{request}->{TACACSPLUSKey}; \
        $message->{radius}->{response} = $p->{rp}->get_attrs; \

Note that the request packet contains the cleartext TACACSPLUSKey. Can you obscure or remove that like it happens for the User-Password?

Best regards, Alex

T-SYSTEMS AUSTRIA GESMBH
PU Cyber Security
Network Architecture
Operation Manager Authentication
Rennweg 97-99, A-1030 Vienna
+43 57057 4320 (phone)
+43 676 8642 4320 (mobile)
E-mail: alexander.hartmaier at t-systems.com
Internet: www.t-systems.at
Blog: blog.t-systems.at
Social Media: Facebook, Linkedin, Twitter

BIG CHANGES START SMALL – CONSERVE RESOURCES BY NOT PRINTING EVERY E-MAIL.

****************************************************************************************************************
T-Systems Austria GesmbH, Rennweg 97-99, A-1030 Vienna
Commercial Court Vienna, FN 79340b
****************************************************************************************************************
Notice: This transmittal and/or attachments may be privileged or confidential. It is
intended solely for the addressee named above. If you received this transmittal in error,
please notify us immediately by reply and delete this message and all its attachments.
Thank you.
****************************************************************************************************************
________________________________
Von: Hugh Irvine <hugh at irvine.com.au>
Gesendet: Montag, 5. Dezember 2022 22:02
An: Hartmaier, Alexander <alexander.hartmaier at t-systems.com>
Cc: Alexander Hartmaier via radiator <radiator at lists.open.com.au>; support at radiatorsoftware.com <support at radiatorsoftware.com>
Betreff: Re: [RADIATOR] Log all request and reply attributes


Hi Alex -

Have a look at “Radius/Log.pm”, “Radius/LogGeneric.pm”, “Radius/LogFormat.pm” and related “Radius/Log……” modules.

See also “goodies/logformat.cfg”.

regards

Hugh


> On 6 Dec 2022, at 03:35, Alexander Hartmaier via radiator <radiator at lists.open.com.au> wrote:
>
> Thanks Hugh!
>
> Now the last missing part is a method I can call on $p and $rp to get a list of human-readable attribute/value pairs for both.
> I haven't found the code that generates the trace output.
>
> Thanks, Alex
>
> T-SYSTEMS AUSTRIA GESMBH
> PU Cyber Security
> Network Architecture
> Operation Manager Authentication
> Rennweg 97-99, A-1030 Vienna
> +43 57057 4320 (phone)
> +43 676 8642 4320 (mobile)
> E-mail: alexander.hartmaier at t-systems.com
> Internet: www.t-systems.at<http://www.t-systems.at>
> Blog: blog.t-systems.at
> Social Media: Facebook, Linkedin, Twitter
>
> BIG CHANGES START SMALL – CONSERVE RESOURCES BY NOT PRINTING EVERY E-MAIL.
>
> ****************************************************************************************************************
> T-Systems Austria GesmbH, Rennweg 97-99, A-1030 Vienna
> Commercial Court Vienna, FN 79340b
> ****************************************************************************************************************
> Notice: This transmittal and/or attachments may be privileged or confidential. It is
> intended solely for the addressee named above. If you received this transmittal in error,
> please notify us immediately by reply and delete this message and all its attachments.
> Thank you.
> ****************************************************************************************************************
> Von: Hugh Irvine <hugh at irvine.com.au>
> Gesendet: Freitag, 2. Dezember 2022 01:41
> An: Hartmaier, Alexander <alexander.hartmaier at t-systems.com>
> Cc: radiator at lists.open.com.au <radiator at lists.open.com.au>
> Betreff: Re: [RADIATOR] Log all request and reply attributes
>
> Hello Alexander -
>
> There is a pointer to the reply packet in the received packet:
>
> Here is an example from Radius/Configurable.pm:
>
>         my $rp_code = $p->{rp}->code();
>
> So yes, $p is a pointer to the decoded current request, and $rp is a pointer to the reply packet that is being prepared.
>
> hope that helps
>
> Hugh
>
>
> > On 30 Nov 2022, at 01:40, Alexander Hartmaier via radiator <radiator at lists.open.com.au> wrote:
> >
> > Hi,
> > I'm looking for a way to include all request and reply attributes in our JSON log which is generated via a LogFormatHook.
> >
> > $p is passed to it and described as 'Reference to the current request' in the docs but not which methods it has.
> > In AuthBy LDAP2 the PostSearchHook also gets passed a $rp for the reply packet but not to LogFormatHook.
> >
> > Is there a supported way to get at this list?
> >
> > The output should be a list of key/value pairs of all human-readable attributes and their values.
> >
> > Thanks, Alex
> >
> > T-SYSTEMS AUSTRIA GESMBH
> > PU Cyber Security
> > Network Architecture
> > Operation Manager Authentication
> > Rennweg 97-99, A-1030 Vienna
> > +43 57057 4320 (phone)
> > +43 676 8642 4320 (mobile)
> > E-mail: alexander.hartmaier at t-systems.com
> > Internet: www.t-systems.at<http://www.t-systems.at>
> > Blog: blog.t-systems.at
> > Social Media: Facebook, Linkedin, Twitter
> >
> > BIG CHANGES START SMALL – CONSERVE RESOURCES BY NOT PRINTING EVERY E-MAIL.
> >
> > ****************************************************************************************************************
> > T-Systems Austria GesmbH, Rennweg 97-99, A-1030 Vienna
> > Commercial Court Vienna, FN 79340b
> > ****************************************************************************************************************
> > Notice: This transmittal and/or attachments may be privileged or confidential. It is
> > intended solely for the addressee named above. If you received this transmittal in error,
> > please notify us immediately by reply and delete this message and all its attachments.
> > Thank you.
> > ****************************************************************************************************************
> > _______________________________________________
> > radiator mailing list
> > radiator at lists.open.com.au
> > https://lists.open.com.au/mailman/listinfo/radiator
>
>
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> https://lists.open.com.au/mailman/listinfo/radiator


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20221213/49fa14ca/attachment.html>

More information about the radiator mailing list