(RADIATOR) problem with changing attributes during an PreAuthHook
Hugh Irvine
hugh at open.com.au
Fri Jan 11 18:21:45 CST 2002
Hello Atto -
You would simply use a regular expression like this:
someuser Calling-Station-Id = /11223344|556677|889900|..../
regards
Hugh
On Sat, 12 Jan 2002 00:39, Atto Lorenz wrote:
> The problem is, that I can define only one calling-station-id in the check
> attributes. But the user is allowed to call from up to fife numbers.
>
> > -----Original Message-----
> > From: Hugh Irvine [mailto:hugh at open.com.au]
> > Sent: Friday, January 11, 2002 2:38 AM
> > To: Atto Lorenz; radiator at open.com.au
> > Cc: Atto Lorenz; alorenz at cybernet-ag.net
> > Subject: Re: (RADIATOR) problem with changing attributes during an
> > PreAuthHook
> >
> >
> >
> > Hello Atto -
> >
> > Why don't you just use a check item in the user definition?
> >
> > someuser Calling-Station-Id = 11223344
> >
> > Your AuthBy SQL clause would look something like this:
> >
> > <AuthBy SQL>
> > .....
> > AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
> > from SUBSCRIBERS where USERNAME = '%n'
> > AuthColumnDef 0, Password, check
> > AuthColumnDef 1, GENERIC, check
> > AuthColumnDef 2, GENERIC, reply
> > .....
> > </AuthBy>
> >
> > BTW - the latest version of Radiator is 2.19 and you should
> > really consider
> > upgrading.
> >
> > Have a look at section 6.28 in the Radiator 2.19 reference manual.
> >
> > regards
> >
> > Hugh
> >
> > On Thu, 10 Jan 2002 20:31, Atto Lorenz wrote:
> > > Hi,
> > >
> > > today I tried to write an PreAuthHook, which checks the
> >
> > Calling-Station-ID.
> >
> > > I have stored the telephonenumbers also in the database.
> > >
> > > The idea to check the calling_station_id was to compare the
> > > calling_station_id from the user with the calling_station_ids from the
> > > database. If the calling_staton_id from the user don't match one number
> > > from the database, the hook change the password from the user and the
> > > normal following authentication fails/reject's the user.
> > >
> > > At first I tested the hook with radpwtst script. With the
> >
> > script the hook
> >
> > > reject a user if the calling_station_id is wrong. So all was
> >
> > working fine.
> >
> > > The next step was to test it with a real NAS. But with this
> >
> > test the hook
> >
> > > didnt work. In the debug log and the accounting data I can see
> >
> > if I change
> >
> > > attributes but the NAS get always an Access-Accept.
> > >
> > > Must I use an other command the change attributes? I tried it with
> > > ${$_[0]}->change_attr('....') and with ${$_[1]}->change_attr('...')
> > >
> > > An other idea was the use a PostAuthHook and use the
> > > ${$_[1]}->set_code('Access-Reject'). But this solution also didn't
> > > work.
> > >
> > > Are there any bugs in the Radiator version 2.16, which damages
> >
> > the hook's?
> >
> > > I looked in the history of the next versions but I can't find
> >
> > any relevant
> >
> > > informations.
> > >
> > > #
> > > # PreAuthHook for Radiator
> > > #
> > > # Check if the caller_id is ok and deny or permit the user
> > > #
> > > sub
> > > {
> > > my $request = ${$_[0]};
> > > my $reply = ${$_[1]};
> > >
> > > # Get Username and split it in username and realmname
> > > my($realmusername)=$request->getUserName();
> > > my($username,$realmname)=$realmusername=~/^(.+?)@(.+?)$/;
> > > my($dialok)=1;
> > >
> > > # Get Calling-Station-Id if not exist quit
> >
> > my($calling_station_id)=$request->get_attr('Calling-Station-Id');
> >
> > > if(!$calling_station_id)
> > > {
> > > return();
> > > }
> > >
> > > # get the caller_id from database if caller_id not exist quit
> > > my($authby_handle)= Radius::AuthGeneric::find('callerid');
> > > my($query)= "select * from snapshot where
> >
> > loginname='$username' AND
> >
> > > realmname='$realmname'";
> > > my($sth)= $authby_handle->prepareAndExecute($query);
> > > my($val)=$sth->fetchrow_hashref();
> > >
> > > if(!$val->{caller_id})
> > > {
> > > return();
> > > }
> > >
> > > # check if caller_id is ok
> > > my(@callerid)=split(/,/,$val->{caller_id});
> > > $calling_station_id=~s/^0*//;
> > > foreach(@callerid)
> > > {
> > > $dialok=0;
> > > s/^0*//;
> > > if($_ eq $calling_station_id)
> > > {
> > > $dialok=1;
> > > last;
> > > }
> > > }
> > >
> > > # if wrong calling_station_id change the password
> > > if ( not $dialok ) {
> > > ${$_[0]}->change_attr('User-Password',"xxx");
> > > ${$_[1]}->change_attr('User-Password',"xxx");
> > > #$reply->set_code ('Access-Reject');
> > > }
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list