(RADIATOR) Event-Timestamp patch

Hugh Irvine hugh at open.com.au
Thu Oct 24 01:11:44 CDT 2002 

Hi Mike -

I don't agree with changing Radiator's Timestamp.

If there is an Event-Timestamp in a request and someone wants to use 
it, it is simple enough to use special characters (%{Event-Timestamp}), 
and/or write a hook to make whatever changes are wanted/needed on a 
local basis.

cheers

Hugh



On Thursday, October 24, 2002, at 10:11 AM, Mike McCauley wrote:

> Anyone else have any views about this?
>
>
>
> ----------  Forwarded Message  ----------
>
> Subject: BOUNCE radiator at open.com.au:    Non-member submission from 
> [Jerome
> Fleury <jerome.fleury at fr.tiscali.com>]
> Date: Wed, 23 Oct 2002 04:09:37 -0500
> From: owner-radiator at open.com.au
> To: radiator-approval at open.com.au
>
>> From mikem at server1.open.com.au Wed Oct 23 04:09:36 2002
> Received: from mail.libertysurf.net (mail.libertysurf.net 
> [213.36.80.91])
> 	by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g9N99ZC15723
> 	for <radiator at open.com.au>; Wed, 23 Oct 2002 04:09:36 -0500
> Received: from sauron.eng.freesbee.net (212.129.4.220) by
>  mail.libertysurf.net (6.5.026) id 3DB4DCD800089BBD for 
> radiator at open.com.au;
>  Wed, 23 Oct 2002 16:03:19 +0200 Date: Wed, 23 Oct 2002 16:03:18 +0200
> From: Jerome Fleury <jerome.fleury at fr.tiscali.com>
> To: radiator at open.com.au
> Subject: Event-Timestamp patch
> Message-ID: <44230000.1035381798 at sauron.admin.in.none.net>
> X-Mailer: Mulberry/3.0.0a4 (SunOS/SPARC)
> MIME-Version: 1.0
> Content-Type: multipart/signed; micalg=pgp-sha1;
>  protocol="application/pgp-signature";
>  boundary="==========46901052=========="
>
> --==========46901052==========
> Content-Type: text/plain; charset=us-ascii; format=flowed
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
>
> Hello there,
>
> I provide here a small (but useful) patch. This one allows to use 
> the=20
> Event-Timestamp accounting attribute sent by some NAS (especially 
> Cisco=20
> ones in later releases) instead of having to calculate it. 
> (=3Drecvtime -=20
> acct_delay)
> This patch performs a small check: if the calculated timestamp and the 
> NAS=20
> timestamp differ for more than 300s (this is arbitrary), then we 
> assume=20
> that the server and the NAS are not synchronized, so it fallback to 
> the=20
> calculated timestamp (default).
>
> Why did we use this ? Because the timestamp sent by the NAS looks much 
> more =
>
> reliable than the calculated one. As of a consequence, it performs 
> better=20
> in duplicate finding.
>
> This code should probably be cleaned, maybe "config-variabled", but I 
> hope=20
> it will be integrated in futures releases.
>
> --
> Jerome Fleury     Tiscali/LibertySurf/WC
> Network Engineer  Tel/Fax: +33 1 45082314
>
>
> --------------------------------------------
> *** Handler.pm.bak      Mon Oct 21 12:34:37 2002
> --- Handler.pm  Wed Oct 23 12:46:20 2002
> ***************
> *** 204,214 ****
>       {
>         # Add a pseudo attribute for the Timestamp
>         # (adjusted by Delay-Time)
>         # Some modules (AuthSQL) and logfile scripts rely on it
> !       $p->add_attr('Timestamp',
> !                    $p->{RecvTime}
> !                    - int=20
> $p->getAttrByNum($Radius::Radius::ACCT_DELAY_TIME));
>
>         # Log the packet
>         my $status_type =3D $p->getAttrByNum
>             ($Radius::Radius::ACCT_STATUS_TYPE);
> --- 204,231 ----
>       {
>         # Add a pseudo attribute for the Timestamp
>         # (adjusted by Delay-Time)
>         # Some modules (AuthSQL) and logfile scripts rely on it
> !       # patch by Jerome Fleury <jerome.fleury at fr.tiscali.com>:
> !       # rely on Event_Timestamp attribute if present
> !       my $timestamp;
> !       $timestamp =3D $p->{RecvTime} - int=20
> $p->getAttrByNum($Radius::Radius::ACCT_DELAY_TIME);
> !       # this patch uses Event-Timestamp if it exists
> !       if (defined=20
> $p->getAttrByNum($Radius::Radius::ACCT_EVENT_TIMESTAMP)) {
> !               # we use arbitrary 300s of clock difference to check=20
> attribute reliability
> !               if (abs($timestamp -=20
> $p->getAttrByNum($Radius::Radius::ACCT_EVENT_TIMESTAMP) > 300)) {
> !                       # NAS clock is not synchronized with the 
> server,=20
> let's use server timestamp, log a warning
> !                       $self->log($main::LOG_WARNING, "$nas_id clock 
> not=20
> synchronized with server!");
> !                       $p->add_attr('Timestamp', $timestamp);
> !               }
> !               else {
> !                       # Event_Timestamp looks correct, let's use it
> !                       $p->add_attr('Timestamp',=20
> $p->getAttrByNum($Radius::Radius::ACCT_EVENT_TIMESTAMP));
> !               }
> !       }
> !       # we don't have Event_Timestamp attribute
> !       else { $p->add_attr('Timestamp', $timestamp); }
> !
>
>         # Log the packet
>         my $status_type =3D $p->getAttrByNum
>             ($Radius::Radius::ACCT_STATUS_TYPE);
>
>
> -------------------------------------------------------
> *** Radius.pm.bak       Mon Oct 21 12:33:55 2002
> --- Radius.pm   Mon Oct 21 12:34:25 2002
> ***************
> *** 114,117 ****
> --- 114,118 ----
>   $Radius::Radius::ACCT_OUTPUT_PACKETS =3D 48;
>   $Radius::Radius::ACCT_TERMINATE_CAUSE =3D 49;
> + $Radius::Radius::ACCT_EVENT_TIMESTAMP =3D 55;
>   $Radius::Radius::CHAP_CHALLENGE =3D 60;
>   $Radius::Radius::NAS_PORT_TYPE =3D 61;
>
>
>
> --==========46901052==========
> Content-Type: application/pgp-signature
> Content-Transfer-Encoding: 7bit
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (SunOS)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE9tqwnnLJOfUlJE3wRAtVgAJ43LNxuEMIkHOFVTTUjSAn/5Z2RGACeMZlz
> enLHsRQjIBxYnQcPvRHj8aA=
> =E7Pt
> -----END PGP SIGNATURE-----
>
> --==========46901052==========--
>
> -------------------------------------------------------
>
> -- 
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
> Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS etc on Unix, Windows, MacOS etc.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list