[RADIATOR] Rejecting a request from PostAuthSelectHook

Hugh Irvine hugh at open.com.au
Wed Jul 25 22:05:41 UTC 2018 

Hello Michael -

There is a pointer to the reply in the current request.

So something like this:


sub 
{
   …..
   my $p = ${$_[2]};
   my $rp = $p->{rp};
   …..


regards

Hugh



> On 25 Jul 2018, at 23:18, Michael Newton <mnewton at pofp.com> wrote:
> 
> Unless I'm mistaken, I don't have access to the reply from a PostAuthSelectHook:
> 
> The first argument passed to the hook is a handle to the current AuthBy SQL object. The second argument
> is the name of the user being authenticated. The third argument is a pointer to the current request. The fourth argument is a pointer to the User object being constructed to hold the check and reply items for the user being authenticated. The fifth argument ($_[4]) is a reference to the @row resulting from AuthSelect.
> 
> 
> --
> 
> Michael Newton
> Director, Product Development
> Point of Presence Technologies
> 
> 
> 
> On Tue, 24 Jul 2018 at 17:24, Hugh Irvine <hugh at open.com.au> wrote:
> 
> Hello Michael -
> 
> The simplest way to do this is to add a Reply-Message to the reply in your code, then chain an AuthBy INTERNAL clause after the AuthBy SQL clause with AuthByPolicy ContinueWhileAccept.
> 
> The AuthBy INTERNAL clause would call an AuthHook to look at the Reply-Message and reject if necessary, otherwise accept.
> 
> I find this much clearer and easier to understand.
> 
> That said, it is possible to do what you ask, but its a bit convoluted.
> 
> See the example PostAuthHook in “goodies/hooks.txt”.
> 
> regards
> 
> Hugh
> 
> 
> > On 25 Jul 2018, at 08:31, Michael Newton <mnewton at pofp.com> wrote:
> > 
> > Pretty basic question; is there a way to reject a request from the PostAuthSelectHook code? The code also needs to alter the results returned from the database, so I'm unable to run it in a PostAuthHook. Thanks!
> > --
> > 
> > Michael Newton
> > Director, Product Development
> > Point of Presence Technologies
> > 
> > _______________________________________________
> > radiator mailing list
> > radiator at lists.open.com.au
> > http://lists.open.com.au/mailman/listinfo/radiator
> 
> 
> --
> 
> Hugh Irvine
> hugh at open.com.au
> 
> Radiator: the most portable, flexible and configurable RADIUS server 
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER, SIM, etc. 
> Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
> 


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.

More information about the radiator mailing list