(RADIATOR) SessSQL.pm patch

Mariano Absatz lradius at pert.com.ar
Tue May 22 15:54:13 CDT 2001 

Hi Mike,

I had a problem in a customer site where we started using 
<SessionDatabase SQL> with a non-standard setup.

The point is, the NAS-Port is nonexistant in the Nortel Shasta (in fact, 
it's 0), so we can't delete based on that info (we might be deleting more 
than we want).

We use the Acct-Session-Id which is unique within the NAS so we can 
safely delete based on that.

We started using Ping as the NasType since I still can't convince the 
Nortel people to make the Dmn'd box to speak some kind of SNMP for 
testing on-line sessions (or whatever other usable method).

Here's the relevant part of the config file (keep reading below)


##################################################################
#                     ON LINE USERS SECTION                      #
##################################################################

#Manejo de usuarios actuales y sesiones simultaneas
<SessionDatabase SQL>
    DBSource    dbi:mysql:radius:localhost
    #DBUsername  xxxxxxxxxx
    DBAuth       yyyyyyyyyy

    AddQuery       insert into RADONLINE (USERNAME,\
                      NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\
                     FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE, NASCLASS) 
\
                     values ('%n', '%N',\
                      0%{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp},\
                         '%{Framed-IP-Address}', '%{NAS-Port-Type}', \
                         '%{Service-Type}', '%{NASClass}')
   #Como el Shasta no envia Nas-Port, se borran sesiones solo en base
   #al session ID
   DeleteQuery delete from RADONLINE where USERNAME='%n' and \
             NASIDENTIFIER='%N' and ACCTSESSIONID='%{Acct-Session-Id}'
 #Agregado por Baby 17/11/2000 porque permite simultaneous use con ip fija
    CountQuery      select NASIDENTIFIER, NASPORT, ACCTSESSIONID, \
                FRAMEDIPADDRESS from RADONLINE where USERNAME = '%n'

</SessionDatabase>

##################################################################
##################################################################

A few days ago, I was told that the SessionDatabase had more records for 
a user (for a bunch of users, in fact) than their Simultaneous-Use 
allowed. The normal trace (3) only said that a session had gone away and 
it was deleting it, but in fact, it didn't.

I enabled a trace 4 and noticed that, although the CountQuery was giving 
me the actual values in the SessionDatabase table, the DeleteQuery was 
executing with the Acct-Session-Id of the new Access-Request packet (yes, 
the shasta puts Acct-Session-Id attributes in the Access-Request packets).

I checked the code for the method "exceeded" in SessSQL.pm and noticed 
what you did to get the Nas-Port of the session you want to delete from 
the table.

I mimicked that with the Acct-Session-Id and.... it worked!!!! :-D
(being a mediocre programmer, but a good code reader does help you turn 
into a better programmer :-)

I went a step ahead and also did the same for the Framed-Ip-Address. I 
think it would be great if this functionality was added to the 
development, since I think there might be other boxes that are not using 
Nas-Port and someone else might find himself in the same situation.

(Also, I would have to repatch every new version... in fact, the working 
installation I changed was 2.17.1)

Here's a diff -c of the 2.18.1 SessSQL.pm before and after the changes:

==========================================================================
==========================================================================
==========================================================================
*** SessSQL.pm.ORI      Tue May 22 17:20:38 2001
--- SessSQL.pm  Tue May 22 17:26:16 2001
***************
*** 208,221 ****
--- 208,233 ----
                    # This is pretty ugly
                    my $orig_nas_id = $p->getNasId();
                    my $orig_nas_port = $p-
>getAttrByNum($Radius::Radius::NAS_PORT);
+                       my $orig_session_id = 
+                                       $p-
>getAttrByNum($Radius::Radius::ACCT_SESSION_ID);
+                       my $orig_framed_ip_address = 
+                                       $p-
>getAttrByNum($Radius::Radius::FRAMED_IP_ADDRESS);
                    $p->{CachedAttrs}{NasId} = $nas_id;
                    $p->changeAttrByNum($Radius::Radius::NAS_PORT,
                                        $nas_port);
+                   $p->changeAttrByNum($Radius::Radius::ACCT_SESSION_ID,
+                                       $session_id);
+                   $p-
>changeAttrByNum($Radius::Radius::FRAMED_IP_ADDRESS, 
+                                       $framed_ip_address);
                    $self->delete($name, $nas_id, $nas_port, $p);
                    # Put it back the way it was
                    $p->{CachedAttrs}{NasId} = $orig_nas_id;
                    $p->changeAttrByNum($Radius::Radius::NAS_PORT,
                                        $orig_nas_port);
+                   $p->changeAttrByNum($Radius::Radius::ACCT_SESSION_ID,
+                                       $orig_session_id);
+                   $p-
>changeAttrByNum($Radius::Radius::FRAMED_IP_ADDRESS,
+                                       $orig_framed_ip_address);
  
                    $count--;
                    last if $count < $max;
==========================================================================
==========================================================================
==========================================================================
Mariano Absatz
El Baby
----------------------------------------------------------
Hex dump: Where witches put used curses... 

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list