(RADIATOR) problem with changing attributes during an PreAuthHook

Atto Lorenz alorenz at gmx.net
Thu Jan 10 03:31:20 CST 2002 

Hi,

today I tried to write an PreAuthHook, which checks the Calling-Station-ID.
I have stored the telephonenumbers also in the database.

The idea to check the calling_station_id was to compare the
calling_station_id from the user with the calling_station_ids from the
database. If the calling_staton_id from the user don't match one number from
the database, the hook change the password from the user and the normal
following authentication fails/reject's the user.

At first I tested the hook with radpwtst script. With the script the hook
reject a user if the calling_station_id is wrong. So all was working fine.
The next step was to test it with a real NAS. But with this test the hook
didn’t work. In the debug log and the accounting data I can see if I change
attributes but the NAS get always an Access-Accept.

Must I use an other command the change attributes? I tried it with
${$_[0]}->change_attr('....') and with ${$_[1]}->change_attr('...')

An other idea was the use a PostAuthHook and use the
${$_[1]}->set_code('Access-Reject'). But this solution also didn't work.

Are there any bugs in the Radiator version 2.16, which damages the hook's? I
looked in the history of the next versions but I can't find any relevant
information’s.

#
# PreAuthHook for Radiator
#
# Check if the caller_id is ok and deny or permit the user
#
sub
{
        my $request = ${$_[0]};
        my $reply = ${$_[1]};

        # Get Username and split it in username and realmname
        my($realmusername)=$request->getUserName();
        my($username,$realmname)=$realmusername=~/^(.+?)@(.+?)$/;
        my($dialok)=1;

        # Get Calling-Station-Id if not exist quit
        my($calling_station_id)=$request->get_attr('Calling-Station-Id');
        if(!$calling_station_id)
        {
                return();
        }

        # get the caller_id from database if caller_id not exist quit
        my($authby_handle)= Radius::AuthGeneric::find('callerid');
        my($query)= "select * from snapshot where loginname='$username' AND
realmname='$realmname'";
        my($sth)= $authby_handle->prepareAndExecute($query);
        my($val)=$sth->fetchrow_hashref();

        if(!$val->{caller_id})
        {
                return();
        }

        # check if caller_id is ok
        my(@callerid)=split(/,/,$val->{caller_id});
        $calling_station_id=~s/^0*//;
        foreach(@callerid)
        {
                $dialok=0;
                s/^0*//;
                if($_ eq $calling_station_id)
                {
                         $dialok=1;
                        last;
                }
         }

	  # if wrong calling_station_id change the password
        if ( not $dialok ) {
                ${$_[0]}->change_attr('User-Password',"xxx");
                ${$_[1]}->change_attr('User-Password',"xxx");
                #$reply->set_code ('Access-Reject');
        }

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list