(RADIATOR) Feature Request, Patch attached: AuthBy SQL and PostAuthSelectHook

Karl Gaissmaier karl.gaissmaier at kiz.uni-ulm.de
Wed Nov 24 09:08:01 CST 2004


Hi Mike or Hugh and all Radiator lovers,

we have a big Oracle user database as backend, storing
account and service data for all our users. If we want to
block one service for an user (like WLAN access if his Laptop
is infected with viruses and trojans) we set a flag in the
database to disable just the WLAN access for this user, still
providing the e-mail and other services.

AuthSQL isn't smart enough to deal with this until I change
the table definitions. Even the parameter AuthColumnDef can't
solve this. Until now I had a really poor workaround with the
(maybe Oracle specific) SQL function decode():

# trick: return check-item Auth-Type = Accept|Reject
AuthColumnDef   0, Auth-Type, check

# select service disable flag
AuthSelect  SELECT decode(sign(disflag), 0, 'Accept', 'Reject')\
                FROM ....


this could be really better done with a PostAuthSelectHook:

AuthColumnDef        0, Auth-Type, check

PostAuthSelectHook   sub { my ($self, $name, $p, $user, $row) = @_; \
                            my $flag = $row->[0];                    \
                            $row->[0] = $flag ? 'Reject' : 'Accept'; \
                           }

with the following hook parameter documentation
(similar to AuthBy LDAP and PostSerchHook):

6.29.23 PostAuthSelectHook

This optional parameter allows you to define a Perl function that will 
be run during the authentication process. The hook will be called after 
the AuthSelect results have been received, and after Radiator has 
processed the attributes it is interested in.

The first argument passed to the hook is a handle to the current AuthBy 
SQL object. The second argument is the name of the user being 
authenticated. The third argument is a pointer to the current request. 
The fourth argument is a pointer to the User object being constructed to 
hold the check and reply items for the user being authenticated.
The fifth argument ($_[4]) is a reference to the @row resulting from 
AuthSelect.

(Example missing, goodies missing)

With this PostAuthSelectHook you can use ANY database schema.
This would be much more powerful than AuthColumnDef since in this
hook you can rewrite all @row values, add check- reply items
directly to the user object and much more.

I would appreciate it if you could incorporate this feature
in the 3.11 patches and the next Radiator release.

Thanks in advance
     Charly

P.S. really small patch attached

-- 
Karl Gaissmaier       KIZ/Infrastructure, University of Ulm, Germany
Email:karl.gaissmaier at kiz.uni-ulm.de           Service Group Network
Tel.: ++49 731 50-22499
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: AuthSQL.pm.patch
URL: <http://www.open.com.au/pipermail/radiator/attachments/20041124/cfc51166/attachment.ksh>


More information about the radiator mailing list