On Nov 2, 4:58pm, Christopher Andersson wrote:
> Subject: SV: (RADIATOR) Auth by Java Class
>
>
> Hello everybody!
>
> > > > > I need to authenticate my users by calling a class in a java program.
> > > > > I suppose it would be possible using Auth By External, but in that
> > > > > case a new instance of the java program would be created for every
>
> I've decided to go with the TCP-socket approach. But since I'm not
> really confident with perl, I thought I'd use AuthEXTERNAL but
> modify it so that it suits my needs. So I started out modifying in
> AuthEXTERNAL.pm trying to get it to open a connection and
> to send Username and (decrypted) Password to my javaserver
> listening on the other side. And it sort of works too! A couple of
> questions though:
> Seems like it only sends: User-Name = "chris" when I want it to
> also send the Password attribute. And it sends it 3 times. How
> can I access the attributes in AuthEXTERNAL?
> Shouldn't the "foreach" part in handle_request write all of the attributes
> to the socket?
Yes, it should. I suspect that you have some other issue, perhaps on your TCP
server side?
> And how can I stop it from sending it 3 times?
Probably you were using radpwtst? The default behaviour of radpwtst is to send
an auth request followed by an accounting Start request, followed by an
accounting Stop request.
See the -noacct and -noauth flags for radpwtst.
Hope that helps.
Cheers.
>
> Below is my modified handle_request:
> (It is not quite finished yet as you can see; one problem at a time!)
>
> #####################################################################
> # Handle a request
> # This function is called for each packet. $p points to a Radius::
> # packet
> sub handle_request
> {
> my ($self, $p, $rp, $extra_checks) = @_;
>
> # Maybe we will fork?
> return ($main::IGNORE, 'Forked')
> if $self->{Fork} && !$self->handlerFork;
> my ($result, $reason, $firstline);
> my $command = &main::format_special($self->{Command}, $p);
>
> $self->log($main::LOG_DEBUG, "Running command: $command");
>
> # Put the request attributes on stdin
> # and convert the password if we need to
>
> use IO::Socket;
> my $sock = new IO::Socket::INET (
> PeerAddr => 'localhost',
> PeerPort => '1990',
> Proto => 'tcp',
> );
>
> die "Could not create socket: $!\n" unless $sock;
>
> my $r;
> foreach $r (@{$p->{Attributes}})
> {
> my $value = $r->[1];
> my @attr = $p->{Dict}->attrByName($r->[0]);
> if ($attr[2] eq 'string')
> {
> if ($attr[1] == $Radius::Radius::USER_PASSWORD
> && $attr[3] == 0
> && $self->{DecryptPassword})
> {
> $value = $p->decode_password($p->{Client}->{Secret});
> }
> print $sock "$r->[0] = \"" . Radius::AttrVal::pclean($value) . "\"\n";
> }
> else
> {
> print $sock "$r->[0] = " . Radius::AttrVal::pclean($value) . "\n";
> }
> }
>
> close($sock);
> $result = $main::ACCEPT;
> $self->adjustReply($p, $rp)
> if $result == $main::ACCEPT;
>
> return ($result, $reason); # No reason available
> }
>
> And here is a part of my config-file:
> <Handler>
> <AuthBy EXTERNAL>
> DecryptPassword
> Command not_really_a_command_here_since_I_modified_the_AuthEXTERNAL
> </AuthBy>
> ...
>
> Thanks a lot,
> /chris
>
> > > > Perhaps you could run it as a servlet on a web server, and
> > > > write a simple authby to call it via http?
> > >
> > > Yes, or maybe call it through a socket! Then I could have it listen on
> > > a TCP port!
> > > Would I implement this in AuthEXTERNAL.pm or in AuthTEST.pm?
> >
> > For performance reasons, it is preferable to use something other than
AuthBy
> > EXTERNAL. AuthBy EXTERNAL starts a new external process for each request.
It
> > would be preferable to make a new AuthBy method that talks to your server
by
> > TCP.
> >
> > Hope that helps.
> > Cheers.
>
>
>
>
>
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Christopher Andersson
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
