[RADIATOR] AuthBy SQL Reject or Accept in the SQL results

Heikki Vatiainen hvn at open.com.au
Thu Feb 9 03:01:50 CST 2012 

On 02/08/2012 07:40 PM, Lee Solway wrote:

Hello Lee,

> Is there a way I can set an access Accept or Reject in the MySQL results 
> generated by AuthBy SQL?

Please see below for one method.

> Currently I have a stored procedure that I call in the following.. I 
> would like the SP to be able to reject the Access-Request with an error 
> message also if possible..
> 
>     AuthSelect            CALL get_reply_attr('%U')
>     AuthColumnDef     0, GENERIC, reply
>     AuthColumnDef     1, User-Password, check

You could do both (control accept/reject and return reason) with
something like this. First change get_reply_attr to return 'true' or
'false' to control Accept or Reject. Also add another return value which
is the Reply-Message that is returned with Access-Reject.

     AuthColumnDef 2,X-Accepted-By-Sql,check
     AuthColumnDef 3,X-Reject-Msg,request

In the Handler or Realm clause prime X-Accepted-By-Sql like this:

    AddToRequest X-Accepted-By-Sql=true

In the same Handler or Realm add RejectHasReason and a PostAuthHook to
replace reason with the value from SQL call.

    RejectHasReason.
    PostAuthHook sub { my $p = ${$_[0]}; my $rp = ${$_[1]}; \
                       my $result = $_[2]; my $reason = $_[3]; \
        return unless $$result == $main::REJECT; \
        $$reason = $p->get_attr('X-Reject-Msg'); \
        }

Putting this together, if the third value returned by SQL call is
something else than 'true' the request will be rejected. The hook will
then set the returned Reply-Message based on X-Reject-Msg which comes
from SQL call.

For more about the hook parameters, please see the reference manual.

Thanks!
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list