Hello everybody!
> > > > I need to authenticate my users by calling a class in a java program.
> > > > I suppose it would be possible using Auth By External, but in that
> > > > case a new instance of the java program would be created for every
I've decided to go with the TCP-socket approach. But since I'm not
really confident with perl, I thought I'd use AuthEXTERNAL but
modify it so that it suits my needs. So I started out modifying in
AuthEXTERNAL.pm trying to get it to open a connection and
to send Username and (decrypted) Password to my javaserver
listening on the other side. And it sort of works too! A couple of
questions though:
Seems like it only sends: User-Name = "chris" when I want it to
also send the Password attribute. And it sends it 3 times. How
can I access the attributes in AuthEXTERNAL?
Shouldn't the "foreach" part in handle_request write all of the attributes
to the socket?
And how can I stop it from sending it 3 times?
Below is my modified handle_request:
(It is not quite finished yet as you can see; one problem at a time!)
#####################################################################
# Handle a request
# This function is called for each packet. $p points to a Radius::
# packet
sub handle_request
{
my ($self, $p, $rp, $extra_checks) = @_;
# Maybe we will fork?
return ($main::IGNORE, 'Forked')
if $self->{Fork} && !$self->handlerFork;
my ($result, $reason, $firstline);
my $command = &main::format_special($self->{Command}, $p);
$self->log($main::LOG_DEBUG, "Running command: $command");
# Put the request attributes on stdin
# and convert the password if we need to
use IO::Socket;
my $sock = new IO::Socket::INET (
PeerAddr => 'localhost',
PeerPort => '1990',
Proto => 'tcp',
);
die "Could not create socket: $!\n" unless $sock;
my $r;
foreach $r (@{$p->{Attributes}})
{
my $value = $r->[1];
my @attr = $p->{Dict}->attrByName($r->[0]);
if ($attr[2] eq 'string')
{
if ($attr[1] == $Radius::Radius::USER_PASSWORD
&& $attr[3] == 0
&& $self->{DecryptPassword})
{
$value = $p->decode_password($p->{Client}->{Secret});
}
print $sock "$r->[0] = \"" . Radius::AttrVal::pclean($value) . "\"\n";
}
else
{
print $sock "$r->[0] = " . Radius::AttrVal::pclean($value) . "\n";
}
}
close($sock);
$result = $main::ACCEPT;
$self->adjustReply($p, $rp)
if $result == $main::ACCEPT;
return ($result, $reason); # No reason available
}
And here is a part of my config-file:
<Handler>
<AuthBy EXTERNAL>
DecryptPassword
Command not_really_a_command_here_since_I_modified_the_AuthEXTERNAL
</AuthBy>
...
Thanks a lot,
/chris
> > > Perhaps you could run it as a servlet on a web server, and
> > > write a simple authby to call it via http?
> >
> > Yes, or maybe call it through a socket! Then I could have it listen on
> > a TCP port!
> > Would I implement this in AuthEXTERNAL.pm or in AuthTEST.pm?
>
> For performance reasons, it is preferable to use something other than AuthBy
> EXTERNAL. AuthBy EXTERNAL starts a new external process for each request. It
> would be preferable to make a new AuthBy method that talks to your server by
> TCP.
>
> Hope that helps.
> Cheers.
ÿ
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
