Hello Robert,
Thanks again for another contribution. We have rolled it in for the next
release. I agree with Hughs comments. If all you want to do is remove pseudo
attributes from the reply, it might be better to use the request as a
scratchpad area instead.
Cheers.
On Apr 10, 8:10am, Hugh Irvine wrote:
> Subject: Re: (RADIATOR) New PostProcessingHook
>
> Hello Robert -
>
> Thanks for the contribution.
>
> BTW - if you just want to use temporary storage that you wont have to
> do housekeeping on, you should just put things into the request
> packet ($p) instead of the reply packet ($rp). The request packet is
> simply discarded so you don't have to worry about it.
>
> regards
>
> Hugh
>
>
> At 20:47 +0200 01/4/9, Robert Kiessling wrote:
> >Content-Type: text/plain; charset=us-ascii
> >Content-Description: message body text
> >Content-Transfer-Encoding: 7bit
> >
> >In order to remove some faked attributes, I would have found a
> >PostProcessingHook useful, and added it since it wasn't there
> >already. The patch against Radiator-2.18 is appended so that it might
> >be considered for inclusion in the next release.
> >
> >The documentation for this:
> >
> > 6.15.x PostProcessingHook</H4>
> ><P CLASS="BodyAfterHead">
> ><A NAME="pgfId=398636">
> > </A>
> >This optional parameter allows you to define a Perl function that
> >will be called during packet processing. PostProcessingHook is
> >called for each reply immediately before it is sent to the client,
> >after all PostAuthHooks and after log files are written. A reference
> >to the current request is passed as the first arg
> >ument, and a reference to the reply packet is passed as the second
> >argument.</P>
> >
> >[... code is compiled ...]
> >
> >PostProcessingHook can be an arbitrarily complicated Perl function,
> >that might run external processes, consult databases, change the
> >contents of the current reply or many other things.</P>
> ><PRE CLASS="Code"><A NAME="pgfId=398639"> </A>
> ># Remove a faked attribute from the reply
> >PostProcessingHook sub { ${$_[1]}->delete_attr(`My-Realm');}</PRE>
> >
> >
> >diff -r -c Radiator-2.18/Radius/Handler.pm
> >Radiator-2.18.postprocessinghook/Radius/Handler.pm
> >*** Radiator-2.18/Radius/Handler.pm Fri Mar 9 00:13:12 2001
> >--- Radiator-2.18.postprocessinghook/Radius/Handler.pm Mon Apr 9
> >20:26:51 2001
> >***************
> >*** 116,121 ****
> >--- 116,122 ----
> > 'SessionDatabase' => 'string',
> > 'HandleAscendAccessEventRequest' => 'flag',
> > 'PreProcessingHook' => 'hook',
> >+ 'PostProcessingHook' => 'hook',
> > 'PreAuthHook' => 'hook',
> > 'PostAuthHook' => 'hook',
> > 'RewriteFunction' => 'hook') && return 1;
> >***************
> >*** 506,511 ****
> >--- 507,513 ----
> > {
> > my ($self, $p, $rp, $handled, $reason) = @_;
> >
> >+ my $do_reply = 0;
> > if ($p->code eq 'Access-Request')
> > {
> > my $name = $p->getUserName;
> >***************
> >*** 514,520 ****
> > &main::log($main::LOG_DEBUG, "Access accepted for $name");
> > $self->authlog($main::ACCEPT, '', $p, $rp);
> > $rp->set_code('Access-Accept');
> >! $p->{Client}->replyTo($rp, $p);
> > }
> > elsif ($handled == $main::REJECT
> > || $handled == $main::REJECT_IMMEDIATE)
> >--- 516,522 ----
> > &main::log($main::LOG_DEBUG, "Access accepted for $name");
> > $self->authlog($main::ACCEPT, '', $p, $rp);
> > $rp->set_code('Access-Accept');
> >! $do_reply = 1;
> > }
> > elsif ($handled == $main::REJECT
> > || $handled == $main::REJECT_IMMEDIATE)
> >***************
> >*** 525,538 ****
> > $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE,
> > $self->{RejectHasReason} ?
> > $reason : 'Request Denied');
> >!
> >! $p->{Client}->replyTo($rp, $p);
> > }
> > elsif ($handled == $main::CHALLENGE)
> > {
> > &main::log($main::LOG_DEBUG, "Access challenged for
> >$name: $reason");
> > $rp->set_code('Access-Challenge');
> >! $p->{Client}->replyTo($rp, $p);
> > }
> > else
> > {
> >--- 527,539 ----
> > $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE,
> > $self->{RejectHasReason} ?
> > $reason : 'Request Denied');
> >! $do_reply = 1;
> > }
> > elsif ($handled == $main::CHALLENGE)
> > {
> > &main::log($main::LOG_DEBUG, "Access challenged for
> >$name: $reason");
> > $rp->set_code('Access-Challenge');
> >! $do_reply = 1;
> > }
> > else
> > {
> >***************
> >*** 559,565 ****
> > {
> > &main::log($main::LOG_DEBUG, "Accounting accepted");
> > $rp->set_code('Accounting-Response');
> >! $p->{Client}->replyTo($rp, $p);
> > }
> > elsif ($handled == $main::IGNORE)
> > {
> >--- 560,566 ----
> > {
> > &main::log($main::LOG_DEBUG, "Accounting accepted");
> > $rp->set_code('Accounting-Response');
> >! $do_reply = 1;
> > }
> > elsif ($handled == $main::IGNORE)
> > {
> >***************
> >*** 574,590 ****
> > {
> > &main::log($main::LOG_DEBUG, "Disconnect-Request accepted");
> > $rp->set_code('Disconnect-Request-ACKed');
> >! $p->{Client}->replyTo($rp, $p);
> > }
> > elsif ($handled == $main::REJECT
> > || $handled == $main::REJECT_IMMEDIATE)
> > {
> > &main::log($main::LOG_INFO, "Disconnect-Request rejected:
> >$reason");
> > $rp->set_code('Disconnect-Request-NAKed');
> >! $p->{Client}->replyTo($rp, $p);
> > }
> > }
> > # Ignore anything else
> > }
> >
> > #####################################################################
> >--- 575,605 ----
> > {
> > &main::log($main::LOG_DEBUG, "Disconnect-Request accepted");
> > $rp->set_code('Disconnect-Request-ACKed');
> >! $do_reply = 1;
> > }
> > elsif ($handled == $main::REJECT
> > || $handled == $main::REJECT_IMMEDIATE)
> > {
> > &main::log($main::LOG_INFO, "Disconnect-Request rejected:
> >$reason");
> > $rp->set_code('Disconnect-Request-NAKed');
> >! $do_reply = 1;
> > }
> > }
> > # Ignore anything else
> >+ # send reply if requested
> >+ if ($do_reply) {
> >+ # Call the PostProcessingHook, if there is one
> >+ if (defined $self->{PostProcessingHook})
> >+ {
> >+ # We use an eval so an error in the hook wont
> >+ # kill us.
> >+ eval{ &{$self->{PostProcessingHook}}(\$p, \$rp); };
> >+ &main::log($main::LOG_ERR,
> >+ "Error in PostProcessingHook(): $@")
> >+ if $@;
> >+ }
> >+ $p->{Client}->replyTo($rp, $p);
> >+ }
> > }
> >
> > #####################################################################
>
> --
>
> NB: I am travelling this week, so there may be delays in our correspondence.
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>
>-- End of excerpt from Hugh Irvine
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
