(RADIATOR) PostAuthHook question.

Hugh Irvine hugh at open.com.au
Fri Jun 22 02:42:53 CDT 2001 

Hello Griff -

At 9:33 AM -0700 6/21/01, Griff Hamlin wrote:
>Hello,
>
>I'm in need of adding specific attributes to the reply packets for one
>of the routers I have to authenticate (out of hundreds). Since I only
>have need for one handler and we don't use realms, I figure the best
>thing to do would be to have a little PostAuthHook that tested my
>request for the right IP address and if it passes, add the apprpriate
>attributes to the reply packet. I used to have a problem with
>NAS-IP-Address fields not matching the actual IP address of the router
>sending the packet, so now I have an 'identifier' in every client block
>with the IP address that I want to be associated with each router (it's
>actual IP address.) That 'identifier' is used in my AUthBy module that I
>wrote to test various things about each router (allowing certain
>customers access only on certain routers, etc.)
>
>When I put in the following PostAuthHook, it won't compile, and quite
>honestly I'm not sure if I've done this right. Any help would be
>appreciated. I tried to steal this straight out of the manual, so I'm a
>little surprised at the error I get.
>
><Handler>
>   RewriteUsername s/^([^@]+).*/$1/
>   <AuthBy GROUP>
>     AuthByPolicy ContinueUntilAccept
>     <AuthBy QuikRadAcct>
>       # authorize by the module AuthQuikRadAcct.pm
>     </AuthBy>
>         <AuthBy QuikRad>
>        # Fork
>       # authorize by the module AuthQuikRad.pm
>     </AuthBy>
>   </AuthBy>
>
>   # Handle the  Router 65.89.75.8
>   PostAuthHook sub { if ${$_[2]} eq $main::ACCEPT && \
>          ${$_[0]}->{Client}->{Identifier} eq "65.89.75.8" { \
>             ${$_[1]}->add_attr('Ascend-Data-Filter','ip in forward tcp
>est'); \
>             ${$_[1]}->add_attr('Ascend-Data-Filter','ip in forward dstip
>216.176.28.1/32'); \
>             ${$_[1]}->add_attr('Ascend-Data-Filter','ip in drop tcp
>dstport=25'); \
>             ${$_[1]}->add_attr('Ascend-Data-Filter','ip in forward'); \
>             ${$_[1]}->change_attr('Service-Type','Framed'); \
>        } \
>     }
>   # Log accounting to the detail file in LogDir/<client>
>   AcctLogFileName  %L/%c/detail
># MaxSessions 1
></Handler>
>
>The error in the log file is:
>
>Thu Jun 21 10:10:35 2001: ERR: Compilation error in PostAuthHook: syntax
>error at (eval 77) line 1, near "if $"
>syntax error at (eval 77) line 2, at EOF
>Missing right bracket at (eval 77) line 2, at end of line
>
>Thu Jun 21 10:10:35 2001: ERR: Unknown keyword
>'${$_[1]}->add_attr('Ascend-Data-Filter','ip' in /etc/radius.cfg line
>109
>
>
>It appears to be failing right away at my conditional. Are conditionals
>unacceptable?

Conditionals are certainly acceptable, however I strongly encourage 
you to put your hook(s) in external files and edit them with a normal 
editor.

I suggest you start with one of the examples that are in the file 
called "goodies/hooks.txt" in the distribution.

I also suggest that you use some sort of symbolic string in your 
Client Identifiers instead of IP addresses, as this will make changes 
and so on *much* easier to deal with.

hth

Hugh

-- 

NB: I am travelling this week, so there may be delays in our correspondence.

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list