[RADIATOR] convenient ways to set AuthPort/AcctPort in AuthBy RADIUS

David Zych dmrz at illinois.edu
Wed Sep 18 18:50:48 CDT 2013 

I'm working on splitting up my Radiator config to use separate front-end and back-end instances, along the lines of the discussion in http://www.open.com.au/pipermail/radiator/2012-November/018733.html.  Each back-end instance (I will have quite a few!) needs a custom port to listen on, and of course it's very important that those ports don't collide by mistake.

1. What I'd like to do is define all the ports as GlobalVars in a single includable file, e.g.:
DefineGlobalVar AuthPortFoo 10999

and then reference them with e.g.:

# in back-end config
AuthPort %{GlobalVar:AuthPortFoo}

# in front-end config
<AuthBy RADIUS>
    Host 127.0.0.1
    AuthPort %{GlobalVar:AuthPortFoo}
</AuthBy>

The problem is that AuthBy RADIUS doesn't currently honor GlobalVars in AuthPort or AcctPort, so we get
*** Sending to 127.0.0.1 port 0 ....

instead of port 10999 as desired.

The below patch to AuthRADIUS.pm adds this capability.


2. While attempting to arrive at the GlobalVar solution above, I also tried:

<AuthBy RADIUS>
    Host 127.0.0.1
    AuthPort file:"%D/ports.foo"
</AuthBy>

but this doesn't work because Perl ends up adding an extra newline as it slurps up the file; even if the file itself contains only "10999", the value ends up being "10999\n".

(Interestingly Radiator is perfectly happy to ignore the newline when sending requests, but when the reply comes back from port 10999 it doesn't recognize it:
WARNING: Unknown reply received in AuthRADIUS for request 1 from 127.0.0.1:10999
)

I'm not sure how many people want to use file:"" for anything other than Perl hooks in any case, but the below patch to Configurable.pm solves this problem for me.


Hopefully you'll like these enough to include them; I prefer not to run anything in production that hasn't made it into an official patch set.  :)

Thanks,
David


diff -ur radiator-20130918/radiator/lib/perl5/Radius/AuthRADIUS.pm radiator-dmrz/radiator/lib/perl5/Radius/AuthRADIUS.pm
--- radiator-20130918/radiator/lib/perl5/Radius/AuthRADIUS.pm	2013-09-06 07:58:34.000000000 -0500
+++ radiator-dmrz/radiator/lib/perl5/Radius/AuthRADIUS.pm	2013-09-18 18:11:52.328802183 -0500
@@ -1001,6 +1001,7 @@
 
     my $port = $fp->code eq 'Accounting-Request' 
 	? $host->{AcctPort} : $host->{AuthPort};
+    $port = &Radius::Util::format_special($port);
     my $destport = &Radius::Util::pack_sockaddr_in($port, $addr);
     
     # Look for tight proxy routing loops
diff -ur radiator-20130918/radiator/lib/perl5/Radius/Configurable.pm radiator-dmrz/radiator/lib/perl5/Radius/Configurable.pm
--- radiator-20130918/radiator/lib/perl5/Radius/Configurable.pm	2013-09-06 07:58:46.000000000 -0500
+++ radiator-dmrz/radiator/lib/perl5/Radius/Configurable.pm	2013-09-18 17:36:53.482694780 -0500
@@ -253,6 +253,7 @@
 	    undef $/; 
 	    $value = <INCLUDE>; # Slurp the whole file
 	    $/ = $oldrs;
+	    chomp $value;
 	}
 	else
 	{

More information about the radiator mailing list