(RADIATOR) AuthBy External clause problem

Ganbold ganbold at micom.mng.net
Wed Sep 3 21:10:16 CDT 2003 

Hi Hugh,

I added following lines in AuthEXTERNAL.pm and tested radiator.
-------------------------------------------------------------------------------------------------------------
. . . . . .
     my $exit = $?;

# added lines
         # print exit code
     $self->log($main::LOG_DEBUG, "first Exit: $exit",$p);
     print "first Exit: $exit\n";

         # This usually sets $?
     close READER;
     # Sometimes need to do this too.
     $exit = $? if waitpid($pid, 0);

# added lines
         # print exit code
     $self->log($main::LOG_DEBUG, "Exit: $exit",$p);
     print "Exit: $exit\n";
. . . . . .
-------------------------------------------------------------------------------------------------------------

External program returns exit status 0, but radiator somehow understands it 
as 768 which is 3 (768/256) and sends Access-Challenge.

I also tested external program with following simple perl program, where 
test.txt contains access-requests. It also gets return value as 768.

-------------------------------------------------------------------------------------------------------------
#!/usr/local/pin/perl

$x = system("cat test.txt | calccredittime");

print "return is: $x\n";
exit 0;
-------------------------------------------------------------------------------------------------------------
I wrote simple C program which gets command line argument and returns that 
argument as a exit status. Small perl program gets restult
of program as it supposed to. Very strange.


I don't know what should do, I'll try ResultInOutput switch in radius 
config and let's see what happens.

Following is debug:

Code:       Access-Request
Identifier: 9
Authentic:  <209><230>]<209><158><179>p<28>G<180><210>*tZ<176>@
Attributes:
         User-Name = "44444444"
         User-Password = "<28>_<171>Tm9<183><211>$~<173>l<151><190>Y!"
         cisco-h323-conf-id = "h323-conf-id=07D022A7 DDB911D7 8008E236 
347AF897"
         cisco-avpair = "h323-ivr-out=transactionID:8"
         Calling-Station-Id = "11323224"
         Called-Station-Id = "0011236"
         Service-Type = Login-User
         NAS-IP-Address = xxx.xxx.xxx.xxx

Thu Sep  4 10:50:24 2003: DEBUG: Rewrote user name to 44444444
Thu Sep  4 10:50:24 2003: DEBUG: Rewrote user name to 44444444
Thu Sep  4 10:50:24 2003: DEBUG: Rewrote user name to 44444444
Thu Sep  4 10:50:24 2003: DEBUG: Rewrote user name to 44444444
Thu Sep  4 10:50:24 2003: DEBUG: Handling request with Handler 'User-Name = 
/^([0-9])+$/, Called-Station-Id = /^([0-9])+$/'
Thu Sep  4 10:50:24 2003: DEBUG: Rewrote user name to 44444444
Thu Sep  4 10:50:24 2003: DEBUG: Running command: 
d:\Radiator-3.6\hooks\CalcCreditTime

Thu Sep  4 10:50:24 2003: DEBUG: first Exit: 1604
                                         ^ ^ ^ ^
Thu Sep  4 10:50:24 2003: DEBUG: Exit: 768
                                         ^ ^ ^ ^
Thu Sep  4 10:50:24 2003: DEBUG: Access challenged for 44444444:
Thu Sep  4 10:50:24 2003: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 21645 ....
Code:       Access-Challenge
Identifier: 9
Authentic:  <209><230>]<209><158><179>p<28>G<180><210>*tZ<176>@
Attributes:
         cisco-h323-return-code = "h323-return-code=0"
         cisco-h323-credit-time = "h323-credit-time=2516"
         Reply-Message = "first 5!"



At 09:54 PM 9/3/2003 +1000, you wrote:

>Hello Ganbold -
>
>It is possible that you may need to use "ResultInOutput" in this
>environment.
>
>Have a look at the code in "Radius/AuthEXTERNAL.pm" and maybe add some
>print statements so you can see what is happening. And please let us
>know what you find.
>
>regards
>
>Hugh
>
>
>On Wednesday, Sep 3, 2003, at 21:11 Australia/Melbourne, Ganbold wrote:
>
>>Hi,
>>
>>I'm testing Radiator-3.6 in Windows 2000 advanced server.
>>I'm using AuthBy External clause in handlers. But when external program
>>returns 0 (Access-Accept) radiator understands it as a 3 and responds
>>with Access-Challenge response. External program worked well in
>>FreeBSD 5.1. It works in FreeBSD as it supposed to. However in Windows
>>above problem occurs.
>>
>>How can I solve this problem? Is it OS issue? or there is something
>>else?
>>I really appreciate if somebody give the right solution.
>>
>>thanks in advance,
>>
>>Ganbold
>>Micom CO.,Ltd
>>
>>
>>----------------------------------------------------------------------- 
>>---------------
>>Trace 4 debug:
>>----------------------------------------------------------------------- 
>>---------------
>>
>>Code:       Access-Request
>>Identifier: 149
>>Authentic:
>><157><201><20>5u<249><179><11><8><255><240><236>W<195><253>x
>>Attributes:
>>         User-Name = "44444444"
>>         User-Password =
>>"<159><192><246><10><228><184>Z<200>K<1><253><232><162>^Tv"
>>         cisco-h323-conf-id = "h323-conf-id=45135D12 DD3911D7 809F812C
>>9428BE9D"
>>         cisco-avpair = "h323-ivr-out=transactionID:114"
>>         Calling-Station-Id = "11323224"
>>         Called-Station-Id = "0011112365"
>>         Service-Type = Login-User
>>         NAS-IP-Address = xxx.xxx.xxx.xxx
>>
>>Wed Sep  3 19:36:01 2003: DEBUG: Rewrote user name to 44444444
>>Wed Sep  3 19:36:01 2003: DEBUG: Rewrote user name to 44444444
>>Wed Sep  3 19:36:01 2003: DEBUG: Rewrote user name to 44444444
>>Wed Sep  3 19:36:01 2003: DEBUG: Rewrote user name to 44444444
>>Wed Sep  3 19:36:01 2003: DEBUG: Handling request with Handler
>>'User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/'
>>Wed Sep  3 19:36:01 2003: DEBUG: Rewrote user name to 44444444
>>Wed Sep  3 19:36:01 2003: DEBUG: Running command:
>>d:\Radiator-3.6\hooks\CalcCreditTime
>>Wed Sep  3 19:36:01 2003: DEBUG: Access challenged for 44444444:
>>Wed Sep  3 19:36:01 2003: DEBUG: Packet dump:
>>*** Sending to xxx.xxx.xxx.xxx port 21661 ....
>>Code:       Access-Challenge
>>Identifier: 149
>>Authentic:
>><157><201><20>5u<249><179><11><8><255><240><236>W<195><253>x
>>Attributes:
>>         cisco-h323-return-code = "h323-return-code=0"
>>         cisco-h323-credit-time = "h323-credit-time=1276"
>>         Reply-Message = "first 5!"
>>
>>
>>
>>----------------------------------------------------------------------- 
>>---------------
>>Below is my config:
>>----------------------------------------------------------------------- 
>>---------------
>>
>>#radius.cfg
>>
>>Foreground
>>Trace 4
>>
>>AuthPort        1645
>>AcctPort        1646
>>
>>LogDir          d:\Radiator-3.6\log
>>LogFile         %L/logfile.txt
>>
>>DictionaryFile  d:\Radiator-3.6\dictionary
>>
>>RewriteUsername s/^\s+//
>>RewriteUsername s/\s+$//
>>RewriteUsername s/\s+//g
>>RewriteUsername tr/[A-Z]/[a-z]/
>>
>>
>><Client xxx.xxx.xxx.xxx>
>>         Secret xxx
>>         NasType Cisco
>>         SNMPCommunity MN-2008
>>         StatusServerShowClientDetails
>></Client>
>>
>>
>><AuthBy SQL>
>>         DBSource        dbi:mysql:voip_prepaid:localhost
>>         DBUsername      xxx
>>         DBAuth          xxx
>>
>>         Identifier VoipTerminate
>>
>>         AuthSelect
>>
>>         AccountingTable voip_termination
>>         AccountingStopsOnly
>>
>>         AcctColumnDef   nasipaddress,NAS-IP-Address
>>         AcctColumnDef   cisco_nas_port,Cisco-NAS-Port
>>         AcctColumnDef   username,User-Name
>>
>>         AcctColumnDef   calledstationid,Called-Station-Id
>>         AcctColumnDef   callingstationid,Calling-Station-Id
>>
>>         AcctColumnDef
>>h323_gw_id,cisco-h323-gw-id,literal,trim(substring('%{cisco-h323-gw- 
>>id}',locate('=','%{cisco-h323-gw-id}')+1))
>>         AcctColumnDef
>>h323_call_origin,cisco-h323-call- 
>>origin,literal,trim(substring('%{cisco-h323-call- 
>>origin}',locate('=','%{cisco-h323-call-origin}')+1))
>>         AcctColumnDef
>>h323_call_type,cisco-h323-call-type,literal,trim(substring('%{cisco- 
>>h323-call-type}',locate('=','%{cisco-h323-call-type}')+1))
>>
>>         AcctColumnDef
>>h323_setup_time,cisco-h323-setup-time,literal,trim(substring('%{cisco- 
>>h323-setup-time}',locate('=','%{cisco-h323-setup-time}')+1))
>>         AcctColumnDef
>>h323_connect_time,cisco-h323-connect- 
>>time,literal,trim(substring('%{cisco-h323-connect- 
>>time}',locate('=','%{cisco-h323-connect-time}')+1))
>>         AcctColumnDef
>>h323_disconnect_time,cisco-h323-disconnect- 
>>time,literal,trim(substring('%{cisco-h323-disconnect- 
>>time}',locate('=','%{cisco-h323-disconnect-time}')+1))
>>         AcctColumnDef
>>h323_disconnect_cause,cisco-h323-disconnect- 
>>cause,literal,trim(substring('%{cisco-h323-disconnect- 
>>cause}',locate('=','%{cisco-h323-disconnect-cause}')+1))
>>         AcctColumnDef
>>h323_voice_quality,cisco-h323-voice- 
>>quality,literal,trim(substring('%{cisco-h323-voice- 
>>quality}',locate('=','%{cisco-h323-voice-quality}')+1))
>>         AcctColumnDef
>>h323_remote_address,cisco-h323-remote- 
>>address,literal,trim(substring('%{cisco-h323-remote- 
>>address}',locate('=','%{cisco-h323-remote-address}')+1))
>>
>>         AcctColumnDef   acctstatustype,Acct-Status-Type
>>         AcctColumnDef   acctdelaytime,Acct-Delay-Time,integer
>>         AcctColumnDef   acctsessionid,Acct-Session-Id
>>         AcctColumnDef   acctinputoctets,Acct-Input-Octets,integer
>>         AcctColumnDef   acctoutputoctets,Acct-Output-Octets,integer
>>
>>         AcctColumnDef   acctsessiontime,Acct-Session-Time,integer
>>         AcctColumnDef   time_stamp,Timestamp,integer
>></AuthBy>
>>
>><AuthBy EXTERNAL>
>>         Identifier PSA
>>         DecryptPassword
>>         Command d:\Radiator-3.6\hooks\PSA
>></AuthBy>
>><AuthBy EXTERNAL>
>>         Identifier TransBalance
>>         DecryptPassword
>>         Command d:\Radiator-3.6\hooks\TransBalance
>></AuthBy>
>><AuthBy EXTERNAL>
>>         Identifier CalcCreditTime
>>         DecryptPassword
>>         StripFromReply  Reply-Message
>>         Command d:\Radiator-3.6\hooks\CalcCreditTime
>></AuthBy>
>><AuthBy EXTERNAL>
>>         Identifier CalcCreditAmount
>>         DecryptPassword
>>         StripFromReply  Reply-Message
>>         Command d:\Radiator-3.6\hooks\CalcCreditAmount
>></AuthBy>
>>
>># 2 termination handler
>><Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop,
>>cisco-h323-call-origin = /originate$/, cisco-h323-call-type =
>>/Telephony$/>
>>         AuthBy VoipTerminate
>></Handler>
>><Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop,
>>cisco-h323-call-origin = /answer$/, cisco-h323-call-type = /VoIP$/>
>>         AuthBy VoipTerminate
>></Handler>
>>
>>
>><Handler Request-Type = Accounting-Request, Acct-Status-Type = Start>
>>         PostAuthHook file:"d:\Radiator-3.6\hooks\AcctResponse"
>></Handler>
>>
>><Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop,
>>User-Name = /^([0-9])+$/>
>>         AuthBy CalcCreditAmount
>>         PostAuthHook file:"d:\Radiator-3.6\hooks\AcctResponse"
>></Handler>
>>
>><Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop,
>>User-Name = /^([0-9])+%([0-9])+$/>
>>         PostAuthHook file:"d:\Radiator-3.6\hooks\AcctResponse"
>></Handler>
>>
>><Handler User-Name = /^([0-9])+%([0-9])+$/>
>>         RewriteUsername s/^([^@]+).*/$1/
>>         RejectHasReason
>>         StripFromReply  Reply-Message
>>         AccountingHandled
>>         AuthBy TransBalance
>></Handler>
>>
>><Handler User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/>
>>         RewriteUsername s/^([^@]+).*/$1/
>>         RejectHasReason
>>#       StripFromReply  Reply-Message
>>         AccountingHandled
>>         AuthBy CalcCreditTime
>></Handler>
>>
>># skip error
>><Handler User-Name = ERROR>
>></Handler>
>><Handler User-Name = error>
>></Handler>
>>
>><Handler User-Name = /^([0-9])+$/>
>>         RewriteUsername s/^([^@]+).*/$1/
>>         RejectHasReason
>>         StripFromReply  Reply-Message
>>         AccountingHandled
>>         SessionDatabase SQL1
>>         AuthBy PSA
>></Handler>
>>
>>
>><SessionDatabase SQL>
>>         DBSource        dbi:mysql:voip_prepaid:localhost
>>         DBUsername      xxx
>>         DBAuth          xxx
>>
>>         Identifier SQL1
>>
>>         AddQuery
>>         DeleteQuery
>>         ClearNasQuery delete from voip_online where NASIDENTIFIER='%N'
>>         CountQuery
>></SessionDatabase>
>>
>>===
>>Archive at http://www.open.com.au/archives/radiator/
>>Announcements on radiator-announce at open.com.au
>>To unsubscribe, email 'majordomo at open.com.au' with
>>'unsubscribe radiator' in the body of the message.
>>
>
>NB: have you included a copy of your configuration file (no secrets),
>together with a trace 4 debug showing what is happening?
>
>--
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>-
>Nets: internetwork inventory and management - graphical, extensible,
>flexible with hardware, software, platform and database independence.
>
>
>
>NB: have you included a copy of your configuration file (no secrets),
>together with a trace 4 debug showing what is happening?
>
>--
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>-
>Nets: internetwork inventory and management - graphical, extensible,
>flexible with hardware, software, platform and database independence.
>
>===
>Archive at http://www.open.com.au/archives/radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list