[RADIATOR] [RFC] configurable hooks

Alexander Hartmaier alexander.hartmaier at t-systems.at
Fri Feb 1 03:16:59 CST 2013 

On 2013-02-01 10:08, Hugh Irvine wrote:
> Hello Alex -
>
> The way to do this with GlobalVar's is to use different Identifiers in the Handlers thus:
>
> …..
>
> DefineFormattedGlobalVar  Handler1-param1  whatever
>
> DefineFormattedGlobalVar  Handler1-param2  whatever-else
>
> DefineFormattedGlobalVar  Handler2-param1  something
>
> DefineFormattedGlobalVar  Handler2-param2  something-else
>
> …..
>
> <Handler …..>
>
> 	Identifier Handler1
>
> 	……
>
> 		…… %{GlobalVar:%{Handler-Identifier}-param1} …..
>
> 		…… %{GlobalVar:%{Handler-Identifier}-param2} …..
>
> </Handler>
>
> <Handler …..>
>
> 	Identifier Handler2
>
> 	……
>
> 		…… %{GlobalVar:%{Handler-Identifier}-param1} …..
>
> 		…… %{GlobalVar:%{Handler-Identifier}-param2} …..
>
> </Handler>
>
> …..
>
> Here is an example:
>
> …..
>
> Radiator-4.11 hugh$ cat global.cfg 
>
> AuthPort 11645
> AcctPort 11646
>
> LogDir ./logs
> DbDir .
>
> Trace 4
>
> DefineFormattedGlobalVar  Handler1-param1  whatever
>
> DefineFormattedGlobalVar  Handler1-param2  whatever-else
>
> DefineFormattedGlobalVar  Handler2-param1  something
>
> DefineFormattedGlobalVar  Handler2-param1  something-else
>
> <Client localhost>
> 	Secret mysecret
> </Client>
>
> <Handler>
> 	Identifier Handler1
> 	<AuthBy INTERNAL>
> 		DefaultResult ACCEPT
> 		AddToReply Reply-Message = %{GlobalVar:%{Handler:Identifier}-param1}
> 	</AuthBy>
> </Handler>
>
> here is the result:
>
> Radiator-4.11 hugh$ perl radpwtst -auth_port 11645 -noacct -user hugh -password hugh -trace 4
> Fri Feb  1 20:02:16 2013: DEBUG: Reading dictionary file './dictionary'
> sending Access-Request...
> Fri Feb  1 20:02:16 2013: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 11645 ....
> Code:       Access-Request
> Identifier: 121
> Authentic:  <143><6><136>9o<141>% @<148><2>vO<15>/<212>
> Attributes:
> 	User-Name = "hugh"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Identifier = "203.63.154.1"
> 	NAS-Port = 1234
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
> 	NAS-Port-Type = Async
> 	User-Password = T<142><153>t<137>lv<193>$I1_<249><14><201><164>
>
> Fri Feb  1 20:02:16 2013: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 51957 ....
> Code:       Access-Request
> Identifier: 121
> Authentic:  <143><6><136>9o<141>% @<148><2>vO<15>/<212>
> Attributes:
> 	User-Name = "hugh"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Identifier = "203.63.154.1"
> 	NAS-Port = 1234
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
> 	NAS-Port-Type = Async
> 	User-Password = T<142><153>t<137>lv<193>$I1_<249><14><201><164>
>
> Fri Feb  1 20:02:16 2013: DEBUG: Handling request with Handler '', Identifier 'Handler1'
> Fri Feb  1 20:02:16 2013: DEBUG:  Deleting session for hugh, 203.63.154.1, 1234
> Fri Feb  1 20:02:16 2013: DEBUG: Handling with AuthINTERNAL: 
> Fri Feb  1 20:02:16 2013: DEBUG: AuthBy INTERNAL result: ACCEPT, Fixed by DefaultResult
> Fri Feb  1 20:02:16 2013: DEBUG: Access accepted for hugh
> Fri Feb  1 20:02:16 2013: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 51957 ....
> Code:       Access-Accept
> Identifier: 121
> Authentic:  A<195>P<232><<2>z<217>Fmg<153><185><149><16>$
> Attributes:
> 	Reply-Message = "whatever"
>
> Fri Feb  1 20:02:16 2013: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 11645 ....
> Code:       Access-Accept
> Identifier: 121
> Authentic:  A<195>P<232><<2>z<217>Fmg<153><185><149><16>$
> Attributes:
> 	Reply-Message = "whatever"
>
> OK
>
> …..
>
>
> You can of course expand the GlobalVar's in your hook code too.
>
> regards
>
> Hugh
Ah, thanks! I haven't used GlobalVars at all so far.
I guess it makes sense if you need the same var more than once which is
not the case for me.

Best regards, Alex
>
>
> On 1 Feb 2013, at 18:46, Alexander Hartmaier <alexander.hartmaier at t-systems.at> wrote:
>
>> On 2013-01-31 22:58, Hugh Irvine wrote:
>>> Hello Alex -
>>>
>>> You can also use GlobalVar's for static parameters.
>>>
>>> See section 5.6.23 in the Radiator 4.11 reference manual ("doc/ref.pdf").
>>>
>>> There is an example in "goodies/hooks.txt".
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 1 Feb 2013, at 01:31, Heikki Vatiainen <hvn at open.com.au> wrote:
>>>
>>>> On 01/31/2013 02:01 PM, Alexander Hartmaier wrote:
>>>>
>>>>> we'd need a way to pass config parameters to hooks to be able to use
>>>>> them in multiple different handlers e.g. sending OTPs by SMS with
>>>>> different accounts.
>>>>> Is there already a way to do this which I've overlooked?
>>>> How about this:
>>>>
>>>> # radiusd config file
>>>>
>>>> StartupHook sub { require "/etc/radiator/MyHooks.pm"; }
>>>> <Handler ...>
>>>>  # AuthBys
>>>>  PostAuthHook sub { MyHooks::sendSMS(@_, 'account1', 'otherparam1'); }
>>>> </Handler>
>>>> <Handler ...>
>>>>  # AuthBys
>>>>  PostAuthHook sub { MyHooks::sendSMS(@_, 'account2', 'otherparam2'); }
>>>> </Handler>
>>>>
>>>> File MyHooks.pm would be something like this:
>>>>
>>>> # start of MyHooks.pm
>>>> package MyHooks;
>>>> use strict;
>>>> use warnings;
>>>> # PostAuthHook
>>>> #
>>>> sub sendSMS {
>>>>   my $p = ${$_[0]};      # Request packet
>>>>   my $rp = ${$_[1]};     # Response packet
>>>>   my $result = $_[2];    # Verdict: success or not
>>>>   my $reason = $_[3];    # String that tells reason for a reject
>>>>   my $account = $_[4];   # Account name
>>>>   my $param = $_[5];     # Some other param
>>>>
>>>>   # code goes here
>>>> }
>>>>
>>>> 1;
>>>> # end of MyHooks.pm
>>>>
>>>>> I'm currently abusing Radius attributes to get those static parameters
>>>>> into the hooks but being able to pass options in the config would make
>>>>> the config much clearer.
>>>> The above keeps the the existing PostAuthHook arguments as they are and
>>>> adds the possibility for static arguments as additional options to
>>>> existing PostAuthHook options.
>>>>
>>>> Would this work for you?
>>>>
>>>> Thanks,
>>>> Heikki
>>>>
>>>> --
>>>> Heikki Vatiainen <hvn at open.com.au>
>>>>
>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>>> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>>>> NetWare etc.
>>>> _______________________________________________
>>>> radiator mailing list
>>>> radiator at open.com.au
>>>> http://www.open.com.au/mailman/listinfo/radiator
>>> --
>>>
>>> Hugh Irvine
>>> hugh at open.com.au
>>>
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>> DIAMETER etc.
>>> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>>>
>> Hi Hugh,
>> I haven't had time to reply to Heikki's post yesterday, his solution is
>> what I was looking for, thanks!
>> GlobalVars won't help help there because I need to use the same handler
>> multiple times in a single Radiator instance with different params.
>>
>>
>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
>> Handelsgericht Wien, FN 79340b
>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>> Notice: This e-mail contains information that is confidential and may be privileged.
>> If you are not the intended recipient, please notify the sender and then
>> delete this e-mail immediately.
>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>
> --
>
> Hugh Irvine
> hugh at open.com.au
>
> Radiator: the most portable, flexible and configurable RADIUS server 
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. 
> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>

More information about the radiator mailing list