Re: [RADIATOR] [RFC] configurable hooks
Hello Alex -
The way to do this with GlobalVar's is to use different Identifiers in the
Handlers thus:
…..
DefineFormattedGlobalVar Handler1-param1 whatever
DefineFormattedGlobalVar Handler1-param2 whatever-else
DefineFormattedGlobalVar Handler2-param1 something
DefineFormattedGlobalVar Handler2-param2 something-else
…..
Identifier Handler1
……
…… %{GlobalVar:%{Handler-Identifier}-param1} …..
…… %{GlobalVar:%{Handler-Identifier}-param2} …..
Identifier Handler2
……
…… %{GlobalVar:%{Handler-Identifier}-param1} …..
…… %{GlobalVar:%{Handler-Identifier}-param2} …..
…..
Here is an example:
…..
Radiator-4.11 hugh$ cat global.cfg
AuthPort 11645
AcctPort 11646
LogDir ./logs
DbDir .
Trace 4
DefineFormattedGlobalVar Handler1-param1 whatever
DefineFormattedGlobalVar Handler1-param2 whatever-else
DefineFormattedGlobalVar Handler2-param1 something
DefineFormattedGlobalVar Handler2-param1 something-else
Secret mysecret
Identifier Handler1
DefaultResult ACCEPT
AddToReply Reply-Message =
%{GlobalVar:%{Handler:Identifier}-param1}
here is the result:
Radiator-4.11 hugh$ perl radpwtst -auth_port 11645 -noacct -user hugh -password
hugh -trace 4
Fri Feb 1 20:02:16 2013: DEBUG: Reading dictionary file './dictionary'
sending Access-Request...
Fri Feb 1 20:02:16 2013: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 11645
Code: Access-Request
Identifier: 121
Authentic: <143><6><136>9o<141>% @<148><2>vO<15>/<212>
Attributes:
User-Name = "hugh"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = T<142><153>t<137>lv<193>$I1_<249><14><201><164>
Fri Feb 1 20:02:16 2013: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 51957
Code: Access-Request
Identifier: 121
Authentic: <143><6><136>9o<141>% @<148><2>vO<15>/<212>
Attributes:
User-Name = "hugh"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = T<142><153>t<137>lv<193>$I1_<249><14><201><164>
Fri Feb 1 20:02:16 2013: DEBUG: Handling request with Handler '', Identifier
'Handler1'
Fri Feb 1 20:02:16 2013: DEBUG: Deleting session for hugh, 203.63.154.1, 1234
Fri Feb 1 20:02:16 2013: DEBUG: Handling with AuthINTERNAL:
Fri Feb 1 20:02:16 2013: DEBUG: AuthBy INTERNAL result: ACCEPT, Fixed by
DefaultResult
Fri Feb 1 20:02:16 2013: DEBUG: Access accepted for hugh
Fri Feb 1 20:02:16 2013: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 51957
Code: Access-Accept
Identifier: 121
Authentic: A<195>P<232><<2>z<217>Fmg<153><185><149><16>$
Attributes:
Reply-Message = "whatever"
Fri Feb 1 20:02:16 2013: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 11645
Code: Access-Accept
Identifier: 121
Authentic: A<195>P<232><<2>z<217>Fmg<153><185><149><16>$
Attributes:
Reply-Message = "whatever"
OK
…..
You can of course expand the GlobalVar's in your hook code too.
regards
Hugh
On 1 Feb 2013, at 18:46, Alexander Hartmaier
wrote:
> On 2013-01-31 22:58, Hugh Irvine wrote:
>> Hello Alex -
>>
>> You can also use GlobalVar's for static parameters.
>>
>> See section 5.6.23 in the Radiator 4.11 reference manual ("doc/ref.pdf").
>>
>> There is an example in "goodies/hooks.txt".
>>
>> regards
>>
>> Hugh
>>
>>
>> On 1 Feb 2013, at 01:31, Heikki Vatiainen wrote:
>>
>>> On 01/31/2013 02:01 PM, Alexander Hartmaier wrote:
>>>
we'd need a way to pass config parameters to hooks to be able to use
them in multiple different handlers e.g. sending OTPs by SMS with
different accounts.
Is there already a way to do this which I've overlooked?
>>> How about this:
>>>
>>> # radiusd config file
>>>
>>> StartupHook sub { require "/etc/radiator/MyHooks.pm"; }
>>>
>>> # AuthBys
>>> PostAuthHook sub { MyHooks::sendSMS(@_, 'account1', 'otherparam1'); }
>>>
>>>
>>> # AuthBys
>>> PostAuthHook sub { MyHooks::sendSMS(@_, 'account2', 'otherparam2'); }
>>>
>>>
>>> File MyHooks.pm would be something like this:
>>>
>>> # start of MyHooks.pm
>>> package MyHooks;
>>> use strict;
>>> use warnings;
>>> # PostAuthHook
>>> #
>>> sub sendSMS {
>>> my $p = ${$_[0]}; # Request packet
>>> my $rp = ${$_[1]}; # Response packet
>>> my $result = $_[2];# Verdict: success or not
>>> my $reason = $_[3];# String that tells reason for a reject
>>> my $account = $_[4]; # Account name
>>> my $param = $_[5]; # Some other param
>
Re: [RADIATOR] [RFC] configurable hooks
On 2013-02-01 10:08, Hugh Irvine wrote:
> Hello Alex -
>
> The way to do this with GlobalVar's is to use different Identifiers in the
> Handlers thus:
>
> …..
>
> DefineFormattedGlobalVar Handler1-param1 whatever
>
> DefineFormattedGlobalVar Handler1-param2 whatever-else
>
> DefineFormattedGlobalVar Handler2-param1 something
>
> DefineFormattedGlobalVar Handler2-param2 something-else
>
> …..
>
>
>
> Identifier Handler1
>
> ……
>
> …… %{GlobalVar:%{Handler-Identifier}-param1} …..
>
> …… %{GlobalVar:%{Handler-Identifier}-param2} …..
>
>
>
>
>
> Identifier Handler2
>
> ……
>
> …… %{GlobalVar:%{Handler-Identifier}-param1} …..
>
> …… %{GlobalVar:%{Handler-Identifier}-param2} …..
>
>
>
> …..
>
> Here is an example:
>
> …..
>
> Radiator-4.11 hugh$ cat global.cfg
>
> AuthPort 11645
> AcctPort 11646
>
> LogDir ./logs
> DbDir .
>
> Trace 4
>
> DefineFormattedGlobalVar Handler1-param1 whatever
>
> DefineFormattedGlobalVar Handler1-param2 whatever-else
>
> DefineFormattedGlobalVar Handler2-param1 something
>
> DefineFormattedGlobalVar Handler2-param1 something-else
>
>
> Secret mysecret
>
>
>
> Identifier Handler1
>
> DefaultResult ACCEPT
> AddToReply Reply-Message =
> %{GlobalVar:%{Handler:Identifier}-param1}
>
>
>
> here is the result:
>
> Radiator-4.11 hugh$ perl radpwtst -auth_port 11645 -noacct -user hugh
> -password hugh -trace 4
> Fri Feb 1 20:02:16 2013: DEBUG: Reading dictionary file './dictionary'
> sending Access-Request...
> Fri Feb 1 20:02:16 2013: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 11645
> Code: Access-Request
> Identifier: 121
> Authentic: <143><6><136>9o<141>% @<148><2>vO<15>/<212>
> Attributes:
> User-Name = "hugh"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Identifier = "203.63.154.1"
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password = T<142><153>t<137>lv<193>$I1_<249><14><201><164>
>
> Fri Feb 1 20:02:16 2013: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 51957
> Code: Access-Request
> Identifier: 121
> Authentic: <143><6><136>9o<141>% @<148><2>vO<15>/<212>
> Attributes:
> User-Name = "hugh"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Identifier = "203.63.154.1"
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password = T<142><153>t<137>lv<193>$I1_<249><14><201><164>
>
> Fri Feb 1 20:02:16 2013: DEBUG: Handling request with Handler '', Identifier
> 'Handler1'
> Fri Feb 1 20:02:16 2013: DEBUG: Deleting session for hugh, 203.63.154.1,
> 1234
> Fri Feb 1 20:02:16 2013: DEBUG: Handling with AuthINTERNAL:
> Fri Feb 1 20:02:16 2013: DEBUG: AuthBy INTERNAL result: ACCEPT, Fixed by
> DefaultResult
> Fri Feb 1 20:02:16 2013: DEBUG: Access accepted for hugh
> Fri Feb 1 20:02:16 2013: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 51957
> Code: Access-Accept
> Identifier: 121
> Authentic: A<195>P<232><<2>z<217>Fmg<153><185><149><16>$
> Attributes:
> Reply-Message = "whatever"
>
> Fri Feb 1 20:02:16 2013: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 11645
> Code: Access-Accept
> Identifier: 121
> Authentic: A<195>P<232><<2>z<217>Fmg<153><185><149><16>$
> Attributes:
> Reply-Message = "whatever"
>
> OK
>
> …..
>
>
> You can of course expand the GlobalVar's in your hook code too.
>
> regards
>
> Hugh
Ah, thanks! I haven't used GlobalVars at all so far.
I guess it makes sense if you need the same var more than once which is
not the case for me.
Best regards, Alex
>
>
> On 1 Feb 2013, at 18:46, Alexander Hartmaier
> wrote:
>
>> On 2013-01-31 22:58, Hugh Irvine wrote:
>>> Hello Alex -
>>>
>>> You can also use GlobalVar's for static parameters.
>>>
>>> See section 5.6.23 in the Radiator 4.11 reference manual ("doc/ref.pdf").
>>>
>>> There is an example in "goodies/hooks.txt".
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 1 Feb 2013, at 01:31, Heikki Vatiainen wrote:
>>>
On 01/31/2013 02:01 PM, Alexander Hartmaier wrote:
> we'd need a way to pass config parameters to hooks to be able to use
> them in multiple different handlers e.g. sending OTPs by SMS with
> different accounts.
> Is there already a way to do this which I've overlooked?
How about this:
# radiusd config file
StartupHook sub { require "/etc/radiator/MyHooks.pm"; }
# AuthBys
PostAuthHook sub { MyHooks::sendSMS(@_, 'account1', 'otherparam1'); }
# AuthBys
PostAuthHook sub { MyHooks::sendSMS(@_, 'account2', 'otherparam2'); }
File MyHooks.pm would be something like this:
#
Re: [RADIATOR] Radmin - still active?
On 02/01/2013 08:44 AM, Michael Bellears wrote: > We have been running Radiator/RAdmin for many years – I have a question, > but the RAdmin list appears to be inactive (last post in 2011?) The list exists, but I guess the RAdmin discussion mostly happens on Radiator list. It's usually related to Radiator anyway, so I think either list is fine. Thanks, Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] [RFC] configurable hooks
On 02/01/2013 09:45 AM, Alexander Hartmaier wrote: > Could you add that example to hooks.txt in the goodies dir? Good to hear it works! I'll check about hooks.txt. With a .pm file you can put also have different hooks in it, reducing the number of individual hook files, and split the code into subroutines if you need code that is common with many hooks. Thanks, Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
