[RADIATOR] [RFC] configurable hooks

Hugh Irvine hugh at open.com.au
Fri Feb 1 03:08:21 CST 2013


Hello Alex -

The way to do this with GlobalVar's is to use different Identifiers in the Handlers thus:

…..

DefineFormattedGlobalVar  Handler1-param1  whatever

DefineFormattedGlobalVar  Handler1-param2  whatever-else

DefineFormattedGlobalVar  Handler2-param1  something

DefineFormattedGlobalVar  Handler2-param2  something-else

…..

<Handler …..>

	Identifier Handler1

	……

		…… %{GlobalVar:%{Handler-Identifier}-param1} …..

		…… %{GlobalVar:%{Handler-Identifier}-param2} …..

</Handler>

<Handler …..>

	Identifier Handler2

	……

		…… %{GlobalVar:%{Handler-Identifier}-param1} …..

		…… %{GlobalVar:%{Handler-Identifier}-param2} …..

</Handler>

…..

Here is an example:

…..

Radiator-4.11 hugh$ cat global.cfg 

AuthPort 11645
AcctPort 11646

LogDir ./logs
DbDir .

Trace 4

DefineFormattedGlobalVar  Handler1-param1  whatever

DefineFormattedGlobalVar  Handler1-param2  whatever-else

DefineFormattedGlobalVar  Handler2-param1  something

DefineFormattedGlobalVar  Handler2-param1  something-else

<Client localhost>
	Secret mysecret
</Client>

<Handler>
	Identifier Handler1
	<AuthBy INTERNAL>
		DefaultResult ACCEPT
		AddToReply Reply-Message = %{GlobalVar:%{Handler:Identifier}-param1}
	</AuthBy>
</Handler>

here is the result:

Radiator-4.11 hugh$ perl radpwtst -auth_port 11645 -noacct -user hugh -password hugh -trace 4
Fri Feb  1 20:02:16 2013: DEBUG: Reading dictionary file './dictionary'
sending Access-Request...
Fri Feb  1 20:02:16 2013: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 11645 ....
Code:       Access-Request
Identifier: 121
Authentic:  <143><6><136>9o<141>% @<148><2>vO<15>/<212>
Attributes:
	User-Name = "hugh"
	Service-Type = Framed-User
	NAS-IP-Address = 203.63.154.1
	NAS-Identifier = "203.63.154.1"
	NAS-Port = 1234
	Called-Station-Id = "123456789"
	Calling-Station-Id = "987654321"
	NAS-Port-Type = Async
	User-Password = T<142><153>t<137>lv<193>$I1_<249><14><201><164>

Fri Feb  1 20:02:16 2013: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 51957 ....
Code:       Access-Request
Identifier: 121
Authentic:  <143><6><136>9o<141>% @<148><2>vO<15>/<212>
Attributes:
	User-Name = "hugh"
	Service-Type = Framed-User
	NAS-IP-Address = 203.63.154.1
	NAS-Identifier = "203.63.154.1"
	NAS-Port = 1234
	Called-Station-Id = "123456789"
	Calling-Station-Id = "987654321"
	NAS-Port-Type = Async
	User-Password = T<142><153>t<137>lv<193>$I1_<249><14><201><164>

Fri Feb  1 20:02:16 2013: DEBUG: Handling request with Handler '', Identifier 'Handler1'
Fri Feb  1 20:02:16 2013: DEBUG:  Deleting session for hugh, 203.63.154.1, 1234
Fri Feb  1 20:02:16 2013: DEBUG: Handling with AuthINTERNAL: 
Fri Feb  1 20:02:16 2013: DEBUG: AuthBy INTERNAL result: ACCEPT, Fixed by DefaultResult
Fri Feb  1 20:02:16 2013: DEBUG: Access accepted for hugh
Fri Feb  1 20:02:16 2013: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 51957 ....
Code:       Access-Accept
Identifier: 121
Authentic:  A<195>P<232><<2>z<217>Fmg<153><185><149><16>$
Attributes:
	Reply-Message = "whatever"

Fri Feb  1 20:02:16 2013: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 11645 ....
Code:       Access-Accept
Identifier: 121
Authentic:  A<195>P<232><<2>z<217>Fmg<153><185><149><16>$
Attributes:
	Reply-Message = "whatever"

OK

…..


You can of course expand the GlobalVar's in your hook code too.

regards

Hugh


On 1 Feb 2013, at 18:46, Alexander Hartmaier <alexander.hartmaier at t-systems.at> wrote:

> On 2013-01-31 22:58, Hugh Irvine wrote:
>> Hello Alex -
>> 
>> You can also use GlobalVar's for static parameters.
>> 
>> See section 5.6.23 in the Radiator 4.11 reference manual ("doc/ref.pdf").
>> 
>> There is an example in "goodies/hooks.txt".
>> 
>> regards
>> 
>> Hugh
>> 
>> 
>> On 1 Feb 2013, at 01:31, Heikki Vatiainen <hvn at open.com.au> wrote:
>> 
>>> On 01/31/2013 02:01 PM, Alexander Hartmaier wrote:
>>> 
>>>> we'd need a way to pass config parameters to hooks to be able to use
>>>> them in multiple different handlers e.g. sending OTPs by SMS with
>>>> different accounts.
>>>> Is there already a way to do this which I've overlooked?
>>> How about this:
>>> 
>>> # radiusd config file
>>> 
>>> StartupHook sub { require "/etc/radiator/MyHooks.pm"; }
>>> <Handler ...>
>>>  # AuthBys
>>>  PostAuthHook sub { MyHooks::sendSMS(@_, 'account1', 'otherparam1'); }
>>> </Handler>
>>> <Handler ...>
>>>  # AuthBys
>>>  PostAuthHook sub { MyHooks::sendSMS(@_, 'account2', 'otherparam2'); }
>>> </Handler>
>>> 
>>> File MyHooks.pm would be something like this:
>>> 
>>> # start of MyHooks.pm
>>> package MyHooks;
>>> use strict;
>>> use warnings;
>>> # PostAuthHook
>>> #
>>> sub sendSMS {
>>>   my $p = ${$_[0]};      # Request packet
>>>   my $rp = ${$_[1]};     # Response packet
>>>   my $result = $_[2];    # Verdict: success or not
>>>   my $reason = $_[3];    # String that tells reason for a reject
>>>   my $account = $_[4];   # Account name
>>>   my $param = $_[5];     # Some other param
>>> 
>>>   # code goes here
>>> }
>>> 
>>> 1;
>>> # end of MyHooks.pm
>>> 
>>>> I'm currently abusing Radius attributes to get those static parameters
>>>> into the hooks but being able to pass options in the config would make
>>>> the config much clearer.
>>> The above keeps the the existing PostAuthHook arguments as they are and
>>> adds the possibility for static arguments as additional options to
>>> existing PostAuthHook options.
>>> 
>>> Would this work for you?
>>> 
>>> Thanks,
>>> Heikki
>>> 
>>> --
>>> Heikki Vatiainen <hvn at open.com.au>
>>> 
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>>> NetWare etc.
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>> 
>> --
>> 
>> Hugh Irvine
>> hugh at open.com.au
>> 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>> DIAMETER etc.
>> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>> 
> Hi Hugh,
> I haven't had time to reply to Heikki's post yesterday, his solution is
> what I was looking for, thanks!
> GlobalVars won't help help there because I need to use the same handler
> multiple times in a single Radiator instance with different params.
> 
> 
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
> Handelsgericht Wien, FN 79340b
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> Notice: This e-mail contains information that is confidential and may be privileged.
> If you are not the intended recipient, please notify the sender and then
> delete this e-mail immediately.
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.



More information about the radiator mailing list