[RADIATOR] Using SQL statements inside a PostAuthHook

Thomas Kurian thomas at kccg.com
Sun Mar 17 08:48:39 CDT 2013


Hello Friends,
With reference to this link 
,http://www.mail-archive.com/radiator@open.com.au/msg13497.html , i have 
developed my own version as seen below,
its purpose is to get the user name from  accounting requests and to 
compare it with the corresponding username in the ODBC SQL database 
table . This username is checked for some conditions like if is quota 
limit is exceeded or not. If these conditions are matched then a custom 
website is called and the username value is passed to this website.

Can you please check this hook file configuration with respect to my 
radiator configuration file (after the hook file). I have doubts like if 
the perl hook has all the necessary configuration lines to access my 
odbc database (sql table name: quotasubscribers). I am using 
sessiondatabase but i dont have any thing to modify in the sql table , 
but just to make sure that the hook might be able to access the 
database. I checked this hook and found no syntax errors but i want to 
make sure that my above mentioned purpose would be met by the hook. 
Kindly help me out as i am new to perl.
Please advice me if there is anything to be added/modified in my 
radiator config file or hook file.
--------------------
Hook file : rocky.pl
#!/usr/bin/perl
use LWP::Simple qw(get);
use URI;
use URI::Escape ('uri_escape');
sub {

# OBJECT REF

         my $p = ${$_[0]};
         my $r = ${$_[1]};

# RETURN VOID

         return unless ($p->code() eq 'Accounting-Request')
                                 && (${$_[2]} == $main::ACCEPT);

         my $handler             = $p->{Handler};

         my $identifier          = $handler->{SessionDatabase};

         &main::log($main::LOG_DEBUG, "Running PostAuthHook: Using 
Identifier
$identifier");

         my $username            =
$p->getAttrByNum($Radius::Radius::User-Name);


         my $sess_handle         = Radius::SessGeneric::find($identifier);

         my $query               = undef;




                 $query  = "select username from quotasubscribers where 
switched = 0 and type = 'Q' and monthlycounter >= maxquota ";
                 my $sth = $sess_handle->prepareAndExecute($query);
if ( $sth eq $username )
{
my $content = get(
     URI->new('http://94.187.187.8:8123/changespeed.aspx?uname=' .
   uri_escape($username) .
   '&password=XXXXX')
);
}

}

-----------------

My radiator config file
AcctPort 1813
AuthPort 1812

BindAddress 0.0.0.0

LogDir          /var/log/radius
DbDir           /etc/radiator
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace           4

# You will probably want to add other Clients to suit your work site,

<Client DEFAULT>
         Secret  XXXXXX
         DupInterval 0
</Client>


<Client 10.50.1.4>
         Secret XXXXXX
         DupInterval 0
         NasType Cisco
         IgnoreAcctSignature
</Client>

<SessionDatabase SQL>


         Identifier      tamesql
         DBSource        dbi:ODBC:IRONMAN
         DBUsername      xxxxxxxxxxx
         DBAuth          xxxxx

</SessionDatabase>


# Accept processing of other accounting requests of the genre stop


<Handler Request-Type = Accounting-Request>
PreProcessingHook file:"/etc/radiator/createavpairs.pl"
         <AuthBy SQL>
                 Identifier thomas
                 DBSource dbi:ODBC:IRONMAN
                 DBUsername xxxx
                 DBAuth xxxxxxxxx


                 #AccountingStopsOnly
                 AccountingTable ACCOUNTING
                 AcctColumnDef   USERNAME, User-Name
                 AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
                 AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
                 AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
                 AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
                 AcctColumnDef TIME_STAMP,Event-Timestamp,integer-date
                 AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
                 AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
                 AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
                 AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
                 AcctColumnDef   NASIDENTIFIER,NAS-Identifier
                 AcctColumnDef   NASPORT,NAS-Port,integer
                 AcctColumnDef PARENTSESSIONID,parent-session-id

                 AcctSQLStatement update quotasubscribers set 
monthlycounter = monthlycounter + 0%{Acct-Output-Octets}, totalcounter = 
totalcounter + 0%{Acct-Output-Octets}, timestamp = %{Event-Timestamp}  \
                                 where username='%n' \
                                 And Type = 'Q'



         </AuthBy>
#PostAuthHook file:"/etc/radiator/rocky.pl"
                 #Log accounting to a detail file
                 AcctLogFileName %L/detail


</Handler>




<Handler Request-Type=Disconnect-Request>
         <AuthBy RADIUS>

                 <Host 10.50.1.4>
                     Secret xxxxxxxxxx
                 </Host>
         </AuthBy>
</Handler>
-------------------------

-- 
Welcoming your kind reply,

Thomas Kurian
IT Security Engineer (B.Tech. -- Electrical)
Kuwaiti Canadian Consulting Group (www.kccg.com)
T: +965 22435566
F: +965 22415149
E:thomas at kccg.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20130317/49c3291b/attachment.html 


More information about the radiator mailing list