(RADIATOR) Hook in different language other than Perl
Hugh Irvine
hugh at open.com.au
Tue Aug 19 22:50:04 CDT 2003
Hello Ganbold -
Yes you can do as you show below, but you will probably need to use an
AuthByPolicy to control the execution of the AuthBy clauses. See
section 6.23.1 in the Radiator 3.6 reference manual.
regards
Hugh
On Wednesday, Aug 20, 2003, at 13:22 Australia/Melbourne, Ganbold wrote:
> Hi Hugh,
>
> So it means that I can use external program instead of hooks?
> I attached 2 config files, one uses hooks and another on supposed to
> use external program.
> Is the new config that uses external program suppose to do same thing
> as previous config with hooks?
>
> Below is new config file that suppose to use external program:
> -----------------------------------------------------------------------
> ---------------------------------------------------
> Foreground
> Trace 4
>
> AuthPort 1645
> AcctPort 1646
>
> LogDir /var/log/radius
> LogFile %L/logfilevoice
>
> DictionaryFile /usr/home/tsgan/Radiator-3.6/dictionary
>
> <Client xxx.xxx.xxx.xxx>
> Secret xxx
> NasType Cisco
> SNMPCommunity xxx
> StatusServerShowClientDetails
> </Client>
>
> # authby clause for ACCOUNTING
> <AuthBy SQL>
> DBSource dbi:mysql:db:localhost
> DBUsername dbuser
> DBAuth dbpass
>
> Identifier VoipSQLAcctOnly
>
> AuthSelect
>
> AccountingTable voip_accounting
> AccountingStopsOnly
>
> AcctColumnDef nasipaddress,NAS-IP-Address
> AcctColumnDef cisco_nas_port,Cisco-NAS-Port
> AcctColumnDef card_number,User-Name
>
> </AuthBy>
>
>
> # authby clause for credit_time
> <AuthBy SQL>
> DBSource dbi:mysql:db:localhost
> DBUsername dbuser
> DBAuth dbpass
>
> Identifier CreditTime
>
> AuthSelect select
> pin,concat('h323-credit-amount=',creditamount),'h323-return-
> code=0','h323-preferred-lang=en','h323-billing-model=1' from cards
> where cardnumber='%n' and status='Active' and pin is not null
>
> AuthColumnDef 0, Password, check
> AuthColumnDef 2, cisco-h323-return-code, reply
>
> AccountingTable
>
> DefaultSimultaneousUse 1
> RejectEmptyPassword
>
> </AuthBy>
>
>
> # authby clause for first second authorizarion
> <AuthBy SQL>
> DBSource dbi:mysql:db:localhost
> DBUsername dbuser
> DBAuth dbpass
>
> Identifier CreditAmount
>
> AuthSelect select
> pin,concat('h323-credit-amount=',creditamount),'h323-return-
> code=0','h323-preferred-lang=en','h323-billing-model=1' from cards
> where cardnumber='%n' and status='Active' and pin is not null
>
> AuthColumnDef 0, Password, check
> AuthColumnDef 1, cisco-h323-credit-amount, reply
> AuthColumnDef 2, cisco-h323-return-code, reply
> AuthColumnDef 3, cisco-h323-preferred-lang, reply
> AuthColumnDef 4, cisco-h323-billing-model, reply
>
> AccountingTable
>
> DefaultSimultaneousUse 1
> RejectEmptyPassword
>
> </AuthBy>
>
>
> # authby clause for transfer balance
> <AuthBy SQL>
> DBSource dbi:mysql:db:localhost
> DBUsername dbuser
> DBAuth dbpass
>
> Identifier SqlTransferBal
>
> AuthSelect select
> concat('h323-credit-amount=',creditamount),'h323-return-code=0' from
> cards where locate(cardnumber,'%n')=1 and creditamount >=
> trim(substring('%{cisco-h323-credit-amount}',locate('=','%{cisco-h323-
> credit-amount}')+1)) and status='Active'
>
> AuthColumnDef 0, cisco-h323-credit-amount, reply
> AuthColumnDef 1, cisco-h323-return-code, reply
>
> AccountingTable
>
> DefaultSimultaneousUse 1
> RejectEmptyPassword
>
> </AuthBy>
>
>
> <AuthBy EXTERNAL>
> Identifier CalculateCreditAmountUsed
> Command /usr/local/bin/CalculateCreditAmountUsed
> </AuthBy>
>
> <AuthBy EXTERNAL>
> Identifier CalculateCreditTime
> Command /usr/local/bin/CalculateCreditTime
> </AuthBy>
>
> <AuthBy EXTERNAL>
> Identifier TransferBalance
> Command /usr/local/bin/TransferBalance
> </AuthBy>
>
> <AuthBy EXTERNAL>
> Identifier ChangePin
> Command /usr/local/bin/ChangePin
> </AuthBy>
>
> <AuthBy EXTERNAL>
> Identifier CheckPrepaidVoip
> Command /usr/local/bin/CheckPrepaidVoip
> </AuthBy>
>
> <Handler Request-Type = Accounting-Request, User-Name = /^([0-9])+$/>
> AuthBy CalculateCreditAmountUsed
> AuthBy VoipSQLAcctOnly
> </Handler>
>
> <Handler User-Name = /^([0-9])+%([0-9])+$/>
> RejectHasReason
> AccountingHandled
> AuthBy SqlTransferBal
> AuthBy TransferBalance
> </Handler>
>
> <Handler Called-Station-Id = /^([0-9])+$/>
> RejectHasReason
> AccountingHandled
> AuthBy CreditTime
> AuthBy CalculateCreditTime
> </Handler>
>
>
> <Handler>
> AuthBy ChangePin
> RejectHasReason
> AccountingHandled
> SessionDatabase SQL1
> AuthBy CreditAmount
> AuthBy CheckPrepaidVoip
> </Handler>
>
>
> <SessionDatabase SQL>
> DBSource dbi:mysql:db:localhost
> DBUsername dbuser
> DBAuth dbpass
>
> Identifier SQL1
> AddQuery
> DeleteQuery
> ClearNasQuery delete from voip_online where NASIDENTIFIER='%N'
> CountQuery
> </SessionDatabase>
> -----------------------------------------------------------------------
> ---------------------------------------------------
>
>
>
>
> Below is the original config file with hooks
> -----------------------------------------------------------------------
> ----------------------------------------------------
> Foreground
> Trace 4
>
> AuthPort 1645
> AcctPort 1646
>
> LogDir /var/log/radius
> LogFile %L/logfilevoice
>
> DictionaryFile /usr/home/tsgan/Radiator-3.6/dictionary
>
> <Client xxx.xxx.xxx.xxx>
> Secret xxx
> NasType Cisco
> SNMPCommunity xxx
> StatusServerShowClientDetails
> </Client>
>
> # authby clause for ACCOUNTING
> <AuthBy SQL>
> DBSource dbi:mysql:db:localhost
> DBUsername dbuser
> DBAuth dbpass
>
> Identifier VoipSQLAcctOnly
>
> AuthSelect
>
> AccountingTable voip_accounting
> AccountingStopsOnly
>
> AcctColumnDef nasipaddress,NAS-IP-Address
> AcctColumnDef cisco_nas_port,Cisco-NAS-Port
> AcctColumnDef card_number,User-Name
>
> </AuthBy>
>
>
> # authby clause for credit_time
> <AuthBy SQL>
> DBSource dbi:mysql:db:localhost
> DBUsername dbuser
> DBAuth dbpass
>
> Identifier CreditTime
>
> AuthSelect select
> pin,concat('h323-credit-amount=',creditamount),'h323-return-
> code=0','h323-preferred-lang=en','h323-billing-model=1' from cards
> where cardnumber='%n' and status='Active' and pin is not null
>
> AuthColumnDef 0, Password, check
> AuthColumnDef 2, cisco-h323-return-code, reply
>
> AccountingTable
>
> DefaultSimultaneousUse 1
> RejectEmptyPassword
>
> </AuthBy>
>
>
> # authby clause for first second authorizarion
> <AuthBy SQL>
> DBSource dbi:mysql:db:localhost
> DBUsername dbuser
> DBAuth dbpass
>
> Identifier CreditAmount
>
> AuthSelect select
> pin,concat('h323-credit-amount=',creditamount),'h323-return-
> code=0','h323-preferred-lang=en','h323-billing-model=1' from cards
> where cardnumber='%n' and status='Active' and pin is not null
>
> AuthColumnDef 0, Password, check
> AuthColumnDef 1, cisco-h323-credit-amount, reply
> AuthColumnDef 2, cisco-h323-return-code, reply
> AuthColumnDef 3, cisco-h323-preferred-lang, reply
> AuthColumnDef 4, cisco-h323-billing-model, reply
>
> AccountingTable
>
> DefaultSimultaneousUse 1
> RejectEmptyPassword
>
> </AuthBy>
>
>
> # authby clause for transfer balance
> <AuthBy SQL>
> DBSource dbi:mysql:db:localhost
> DBUsername dbuser
> DBAuth dbpass
>
> Identifier SqlTransferBal
>
> AuthSelect select
> concat('h323-credit-amount=',creditamount),'h323-return-code=0' from
> cards where locate(cardnumber,'%n')=1 and creditamount >=
> trim(substring('%{cisco-h323-credit-amount}',locate('=','%{cisco-h323-
> credit-amount}')+1)) and status='Active'
>
> AuthColumnDef 0, cisco-h323-credit-amount, reply
> AuthColumnDef 1, cisco-h323-return-code, reply
>
> AccountingTable
>
> DefaultSimultaneousUse 1
> RejectEmptyPassword
>
> </AuthBy>
>
> <Handler Request-Type = Accounting-Request, User-Name = /^([0-9])+$/>
> PreAuthHook
> file:"/usr/home/tsgan/Radiator-3.6/hooks/CalculateCreditAmountUsed"
> AuthBy VoipSQLAcctOnly
> </Handler>
>
> <Handler User-Name = /^([0-9])+%([0-9])+$/>
> RejectHasReason
> AccountingHandled
> AuthBy SqlTransferBal
> PostAuthHook
> file:"/usr/home/tsgan/Radiator-3.6/hooks/TransferBalance"
> </Handler>
>
> <Handler Called-Station-Id = /^([0-9])+$/>
> RejectHasReason
> AccountingHandled
> AuthBy CreditTime
> PostAuthHook
> file:"/usr/home/tsgan/Radiator-3.6/hooks/CalculateCreditTime"
> </Handler>
>
>
> <Handler>
> PreAuthHook file:"/usr/home/tsgan/Radiator-3.6/hooks/ChangePin"
> RejectHasReason
> AccountingHandled
> SessionDatabase SQL1
> AuthBy CreditAmount
> PostAuthHook
> file:"/usr/home/tsgan/Radiator-3.6/hooks/CheckPrepaidVoip"
> </Handler>
>
>
> <SessionDatabase SQL>
> DBSource dbi:mysql:db:localhost
> DBUsername dbuser
> DBAuth dbpass
>
> Identifier SQL1
> AddQuery
> DeleteQuery
> ClearNasQuery delete from voip_online where NASIDENTIFIER='%N'
> CountQuery
> </SessionDatabase>
>
>
>
>
>
>
> At 06:03 PM 8/19/2003 +1000, you wrote:
>
>> Hello Ganbold -
>>
>> You can always use the AuthBy EXTERNAL clause to call an external
>> program in whatever language you prefer.
>>
>> What do you mean by "compile or decrypt the hook codes"?
>>
>> Note that the hooks in Radiator *are* compiled at run time, as is the
>> rest of Radiator.
>>
>> regards
>>
>> Hugh
>>
>>
>> On Tuesday, Aug 19, 2003, at 16:00 Australia/Melbourne, Ganbold wrote:
>>
>>> Hi,
>>>
>>> Is it possible to write various hooks in language other than perl
>>> (for example in C)?
>>> Or is there anyway to compile or decrypt the hook codes?
>>>
>>> tia,
>>>
>>> Ganbold
>>> Micom Co., Ltd
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>>
>>
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list