(RADIATOR) PostAuthHook and database connectivity
Hugh Irvine
hugh at open.com.au
Mon Jan 15 14:43:50 CST 2007
Hello Andrew -
The way I usually do this sort to thing is by defining an AuthBy
clause in the configuration file and then calling the relevant entry
point in the corresponding module. This makes the hook code much
simpler and all of the standard Radiator code is used.
You will find some examples in "goodies/hooks.txt" in the Radiator
3.16 distribution.
And as you point out, the hook code is compiled into the Radiator
executable at run time.
regards
Hugh
On 16 Jan 2007, at 05:32, Andrew wrote:
> Hi,
>
> I've written the following PostAuthHook, to update my
> 'subscribers' table the first time they authenticate based on
> certain criteria.
>
> sub
> {
> my $p = ${$_[0]};
> # my $rp = ${$_[1]};
> # my $handled = $_[2];
> # my $reason = $_[3];
> my $username = $p->get_attr('User-Name');
>
> my $EZSurf = 62;
> my $expDays = 91;
>
> #>--> Determine first use date
> my $today = time();
> (my $second, my $minute, my $hour, my $dayOfMonth, my
> $month, my $yearOffset, my $dow, my $doy, my $dls) = localtime
> ($today);
> my $year = 1900 + $yearOffset;
> my $month = ($month+1)%13;
> my $firstUse = sprintf("%4d-%02d-%02d %02d:%02d:%02d.000",
> $year,$month,$dayOfMonth,$hour,$minute,$second);
>
>
> #>--> Determine expiry date
> my $expiryDate = $today + $expDays * 86400;
> ($second, $minute, $hour, $dayOfMonth, $month, $yearOffset,
> $dow, $doy, $dls) = localtime($expiryDate );
> $year = 1900 + $yearOffset;
> $month = ($month+1)%13;
> my $expiry = sprintf ("%4d-%02d-%02d 00:00:00.000", $year,
> $month,$dayOfMonth);
>
> my $dbh = DBI->connect
> ("dbi:Sybase:server=xxxx;database=xxxx", "xxxx", "xxxx") || die
> "Cannot connect: " . $DBI::errstr;
>
> #>--> determine if EZ surf user
> my $sqlGroupID=sprintf("select Radius_Group_ID from Login
> WHERE Login_Name='%s'",$username);
> my $sth = $dbh->prepare($sqlGroupID);
> $sth->execute() || die "Could not execute SQL statement,
> maybe invalid?";
> (my $Radius_Group_ID)=$sth->fetchrow_array();
> &main::log($main::LOG_DEBUG, "PAH --> $Radius_Group_ID");
> if ($Radius_Group_ID == $EZSurf)
> {
> #>--> update expiry date
> my $sqlExpiryDate=sprintf("update Login set
> Expiry_Date='%s' where Login_Name='%s' and First_Use is NULL",
> $expiry,$username);
> &main::log($main::LOG_DEBUG, "PAH --> $sqlExpiryDate
> \n");
>
> $sth = $dbh->prepare($sqlExpiryDate);
> $sth->execute() || die "Could not execute SQL
> statement, maybe invalid?";
>
> #>--> Update first use
> my $sqlFirstUse = sprintf("update Login set
> First_Use='%s' where Login_Name='%s' and First_Use is NULL",
> $firstUse,$username);
> &main::log($main::LOG_DEBUG, "PAH --> $sqlFirstUse");
>
> $sth = $dbh->prepare($sqlFirstUse);
> $sth->execute || die "Could not execute SQL
> statement, maybe invalid?";
> }
> $sth->finish();
> $dbh->disconnect();
> }
>
> NB. A condition to check that ($handled == $main::ACCEPT) will be
> added to the above code.
>
> If I understand the functioning of the PostAuthHook correctly then
> this code would cause database connects and disconnects with every
> authentication request. I'm wondering if it's possible to use some
> of the radiator packages to make it more efficient? E.g. use
> something like Radius::SqlDb to perform the connects, disconnects
> and queries (since that reuses connections)?
>
> Also, according to the documentation "The hook code is compiled by
> Perl when Radiator starts up". Does this means that it is compiled
> 'into' the radiator code or just that it is compiled.
>
>
> Regards
> Andrew
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list