[RADIATOR] [RFC] configurable hooks
Alexander Hartmaier
alexander.hartmaier at t-systems.at
Tue Feb 5 12:39:15 CST 2013
On 2013-01-31 15:31, Heikki Vatiainen wrote:
> On 01/31/2013 02:01 PM, Alexander Hartmaier wrote:
>
>> we'd need a way to pass config parameters to hooks to be able to use
>> them in multiple different handlers e.g. sending OTPs by SMS with
>> different accounts.
>> Is there already a way to do this which I've overlooked?
> How about this:
>
> # radiusd config file
>
> StartupHook sub { require "/etc/radiator/MyHooks.pm"; }
> <Handler ...>
> # AuthBys
> PostAuthHook sub { MyHooks::sendSMS(@_, 'account1', 'otherparam1'); }
> </Handler>
> <Handler ...>
> # AuthBys
> PostAuthHook sub { MyHooks::sendSMS(@_, 'account2', 'otherparam2'); }
> </Handler>
>
> File MyHooks.pm would be something like this:
>
> # start of MyHooks.pm
> package MyHooks;
> use strict;
> use warnings;
> # PostAuthHook
> #
> sub sendSMS {
> my $p = ${$_[0]}; # Request packet
> my $rp = ${$_[1]}; # Response packet
> my $result = $_[2]; # Verdict: success or not
> my $reason = $_[3]; # String that tells reason for a reject
> my $account = $_[4]; # Account name
> my $param = $_[5]; # Some other param
>
> # code goes here
> }
>
> 1;
> # end of MyHooks.pm
>
>> I'm currently abusing Radius attributes to get those static parameters
>> into the hooks but being able to pass options in the config would make
>> the config much clearer.
> The above keeps the the existing PostAuthHook arguments as they are and
> adds the possibility for static arguments as additional options to
> existing PostAuthHook options.
>
> Would this work for you?
>
> Thanks,
> Heikki
>
I've looked into it today and have some questions:
- is it safe to assume that the list or arguments passed to the
ChallengeHook in my case is always ($self, $user, $p, $context)?
If one arg is missing my added arguments would shift and populate the
wrong variables. I was thinking about passing them by name in a hashref
as first instead of last argument instead.
- is it safe to die in hook code or will that tear down the Radiator
process? I'm asking because that's the preferred way of doing argument
validation, e.g.
die 'id missing'
unless defined $id;
Another note, I've used %D instead of the hardcoded path which works
just as well:
StartupHook sub { require "%D/MyHooks.pm"; }
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
More information about the radiator
mailing list