(RADIATOR) Bug in AuthSQL/AuthEMERALD when handling AcctSqlStatement
Robert G. Fisher
rfisher at mail.neocom.net
Wed Jun 19 12:26:16 CDT 2002
There appears to be a bug in the way that AuthSQL and
thus AuthEMERALD handle the AcctSqlStatement in different
Handler sections.
I have two Handler declarations, each with 2 AuthBy
Emerald modules to handle accounting and authentication
requests. I am only using AcctSqlStatement in the first
AuthBy of the first Handler -- however, this SQL Statement
is being executed irregardles of which handler is called.
I am not having the same problem with the places that
I am utilizing AddToReply, AddToReplyIfNotExist, or the
AuthEMERALD's TimeBanking flag -- only on AcctSqlStatement
and have tested this on Radiator 2.18.9 and 3.1.
Below is a copy of my config file to demonstrate:
#plat.cfg
LogDir C:\Radiator
DbDir C:\Radiator
PidFile %D\radiator.pid
DictionaryFile %D\dictionary.new
Foreground
LogStdout
#LogFile C:\Radiator\debug.log
#Trace 5
AuthPort 1645
AcctPort 1646
SnmpgetProg /usr/bin/snmpget
DefineGlobalVar PUBLISHER_DB dbi:ODBC:PLAT_PUBLISHER
DefineGlobalVar SUBSCRIBER_DB dbi:ODBC:PLAT_SUBSCRIBER
DefineGlobalVar databaseuser dbuser
DefineGlobalVar databasepass dbpass
# Strip any initial P's which used to serve as a hint for PPP,
# as well as any whitespace or NetBIOS realms and NetSurfer's
# "DISABLED" mess. Finally, convert any remaining upper case
# letters to lowercase.
RewriteUsername s/^P(\S+)/$1/
RewriteUsername s/\s+//g
RewriteUsername s/(.*)\\(.*)/$2/
RewriteUsername s/DISABLED(\S+)DISABLED/$1/
RewriteUsername tr/[A-Z]/[a-z]/
<Log EMERALD>
DBSource %{GlobalVar:PUBLISHER_DB}
DBUsername %{GlobalVar:databaseuser}
DBAuth %{GlobalVar:databasepass}
FailureBackoffTime 300
Trace 3
</Log>
<ClientListSQL>
DBSource %{GlobalVar:SUBSCRIBER_DB}
DBUsername %{GlobalVar:databaseuser}
DBAuth %{GlobalVar:databasepass}
FailureBackoffTime 300
GetClientQuery select IPAddress,secret,NULL,NULL,NULL,ServerType,Community,NULL,NULL,NULL,NULL,NULL,NULL,NULL,Comments from Servers
</ClientListSQL>
<Realm sitestarsat.net>
<AuthBy RADIUS>
Host 216.53.136.112
Secret ISiteSatStar
AuthPort 1645
AcctPort 1646
</AuthBy>
</Realm>
<Handler Client-Identifier = "QwestRoaming">
# Strip any REALM information.
RewriteUsername s/^([^@]+).*/$1/
AuthByPolicy ContinueAlways
<AuthBy EMERALD>
DBSource %{GlobalVar:PUBLISHER_DB}
DBUsername %{GlobalVar:databaseuser}
DBAuth %{GlobalVar:databasepass}
FailureBackoffTime 300
# Empty AuthSelect turns off authentication.
# We want to update only Accounting data to
# the publisher as it uses this for billing.
AuthSelect
AccountingTable Calls
AcctColumnDef UserName,User-Name
AcctColumnDef CallDate,Timestamp,integer-date
AcctColumnDef AcctStatusType,Acct-Status-Type,integer
AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
AcctColumnDef AcctSessionId,Acct-Session-Id
AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer
AcctColumnDef AcctTerminateCause,Ascend-Disconnect-Cause,integer
AcctColumnDef NASIdentifier,NAS-Identifier
AcctColumnDef NASIdentifier,NAS-IP-Address
AcctColumnDef NASIdentifier,Client-Id
AcctColumnDef NASPort,NAS-Port,integer
AcctColumnDef UserService,User-Service,integer
AcctColumnDef UserService,Service-Type,integer
AcctColumnDef FramedProtocol,Framed-Protocol,integer
AcctColumnDef FramedAddress,Framed-Address
AcctColumnDef FramedAddress,Framed-IP-Address
AcctColumnDef NASPortType,NAS-Port-Type,integer
AcctColumnDef NASPortDNIS,Called-Station-Id
AcctColumnDef CallerID,Calling-Station-Id
AcctColumnDef ConnectInfo,Connect-Info
AcctSQLStatement UPDATE Customer SET TimeLeft = TimeLeft - ( 0%{AcctSessionTime} / 60 ) WHERE TimeLeft is NOT NULL AND BlockUser = 'Y' AND Username = %U
</AuthBy>
<AuthBy EMERALD>
DBSource %{GlobalVar:SUBSCRIBER_DB}
DBUsername %{GlobalVar:databaseuser}
DBAuth %{GlobalVar:databasepass}
# If we can't connect to the local db, let's
# wait 5 minutes instead of 10.
FailureBackoffTime 300
# Empty AccountingTable turns off Accounting.
# You can use this to force Radiator to limit
# maximum session times to how many minutes
# are left in subaccounts.timeleft
TimeBanking
# Management wants case-insentive passwords.
CaseInsensitivePasswords
# You can optionally honour the LoginLimit
# column in the emerald database
# or any other column like this:
# AuthSelect ,sa.LoginLimit
# AuthColumnDef 0,Simultaneous-Use,check
# Therefore you can add support for any number
# of additional columns, if you wish.
# Note that Platypus fixes LoginLimit at 1, so
# if you enable this with Platypus, all your
# users will be forced to a Sumultaneous-Use limit
# of 1
# We're going to experiment with adding on the
# default entries, even if the user has their own
# set of avpairs.
FallThrough
AddATDefaults
# We use AddToReplyIfNotExist to duplicate any measure of
# Port-Limit, Session-Timeout, and Idle-TImeout into the
# Ascend style attributes if they have not been added already.
AddToReply Ascend-Data-Filter="ip in forward tcp est",\
Ascend-Data-Filter="ip in forward dstip 205.160.234.0/24",\
Ascend-Data-Filter="ip in forward dstip 208.11.77.0/24",\
Ascend-Data-Filter="ip in forward dstip 208.27.43.0/24",\
Ascend-Data-Filter="ip in forward dstip 208.31.78.0/24",\
Ascend-Data-Filter="ip in forward dstip 66.221.18.170",\
Ascend-Data-Filter="ip in drop tcp dstport = 25",\
Ascend-Data-Filter="ip in forward"
</AuthBy>
</Handler>
<Handler>
# Strip any REALM information
RewriteUsername s/^([^@]+).*/$1/
AuthByPolicy ContinueAlways
<AuthBy EMERALD>
DBSource %{GlobalVar:PUBLISHER_DB}
DBUsername %{GlobalVar:databaseuser}
DBAuth %{GlobalVar:databasepass}
FailureBackoffTime 300
# Empty AuthSelect turns off authentication.
# We want to update only Accounting data to
# the publisher as it uses this for billing.
AuthSelect
# You can add to or change these if you want.
AccountingTable Calls
AcctColumnDef UserName,User-Name
AcctColumnDef CallDate,Timestamp,integer-date
AcctColumnDef AcctStatusType,Acct-Status-Type,integer
AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
AcctColumnDef AcctSessionId,Acct-Session-Id
AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer
AcctColumnDef AcctTerminateCause,Ascend-Disconnect-Cause,integer
AcctColumnDef NASIdentifier,NAS-Identifier
AcctColumnDef NASIdentifier,NAS-IP-Address
AcctColumnDef NASIdentifier,Client-Id
AcctColumnDef NASPort,NAS-Port,integer
AcctColumnDef UserService,User-Service,integer
AcctColumnDef UserService,Service-Type,integer
AcctColumnDef FramedProtocol,Framed-Protocol,integer
AcctColumnDef FramedAddress,Framed-Address
AcctColumnDef FramedAddress,Framed-IP-Address
AcctColumnDef NASPortType,NAS-Port-Type,integer
AcctColumnDef NASPortDNIS,Called-Station-Id
AcctColumnDef CallerID,Calling-Station-Id
AcctColumnDef ConnectInfo,Connect-Info
</AuthBy>
<AuthBy EMERALD>
DBSource %{GlobalVar:SUBSCRIBER_DB}
DBUsername %{GlobalVar:databaseuser}
DBAuth %{GlobalVar:databasepass}
FailureBackoffTime 300
# Empty AccountingTable turns off Accounting.
AccountingTable
# Management wants case-insentive passwords.
CaseInsensitivePasswords
# You can optionally honour the LoginLimit column in the emerald database
# or any other column like this:
# AuthSelect ,sa.LoginLimit
# AuthColumnDef 0,Simultaneous-Use,check
# We're going to experiment with adding on the default entries,
# even if the user has their own set of avpairs.
FallThrough
AddATDefaults
# We use AddToReplyIfNotExist to duplicate any measure of
# Port-Limit, Session-Timeout, and Idle-TImeout into the
# Ascend style attributes if they have not been added already.
AddToReplyIfNotExist Ascend-Maximum-Channels=%{Reply:Port-Limit}, \
Ascend-Maximum-Time=%{Reply:Session-Timeout}, \
Ascend-Idle-Limit=%{Reply:Idle-Timeout}
</AuthBy>
</Handler>
--
Robert G. Fisher Sitestar.net, Inc.
System Engineer (276) 666-9533 x 116
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list