Re: checkrad script things

Kristina Pfaff-Harris Tue, 25 Feb 2003 10:54:05 -0800

>
> > [EMAIL PROTECTED] (Derrik Pates) wrote:
> > > After looking at the checkrad script, I noticed a few minor things.
> > > Namely:


I've noticed a couple of minor things too. I'm thinking that the problems
I was having with SNMP and Simultaneous-Use killing the server earlier
were actually in part due to this:

 $sess_id = hex $ARGV[4];

On Ascend session ID's and, I think, others, this causes an "Integer
overflow in hexadecimal number" error, which seems to lead to the SNMP
errors. From what I can tell, if the snmpget call works on plain old
$ARGV[4], then we shouldn't need to even try to hex it. Isn't that right?

Adding a simple check to see if the previous snmpget worked and only if it
didn't, going to check the hexified session id, seems to have solved my
error problems in this case.

In other minor "fixes," also, I made a config variable $cmmty_string
towards the top of the file, and changed "public" to $cmmty_string
throughout the script. I made $finger a config variable, just in case, and
put that at the top of the script as well. I also put $cmmty_string in ''
at one point where it's an argument to the external snmpwalk, in case your
community string has characters that lend themselves to being enclosed.

Patch attached covers the above for checkrad.pl.in from freeradius 0.8.1
dist version. (I'm using Pine. In case silly Pine wraps lines, try this
URL:

 http://tesol.net/linux/checkrad.patch

Let me know what you think. :-)

------
--- checkrad.pl.in-orig Tue Feb 25 10:17:47 2003
+++ checkrad.pl.in      Tue Feb 25 10:37:13 2003
@@ -55,6 +55,11 @@
 $rusers                = "@RUSERS@";
 $naspass       = "$raddbdir/naspasswd";

+# Community string. Change this if yours isn't "public".
+$cmmty_string  = "public";
+# path to finger command
+$finger = "/usr/bin/finger";
+
 #
 #      USR-Hiper: $hiper_density is the reported port density (default 256
 #      but 24 makes more sense)
@@ -141,8 +146,8 @@
        my ($host, $community, $oid) = @_;
        local $_;

-       print LOG "snpwalk: $snmpwalk -r $snmp_retries -t $snmp_timeout $host 
$community $oid\n";
-       $_ = `$snmpwalk -r $snmp_retries -t $snmp_timeout $host $community $oid`;
+       print LOG "snpwalk: $snmpwalk -r $snmp_retries -t $snmp_timeout $host 
'$community' $oid\n";
+       $_ = `$snmpwalk -r $snmp_retries -t $snmp_timeout $host '$community' $oid`;

        return $_;
 }
@@ -298,7 +303,7 @@
        } else {
                $test_index = 32;
        }
-       $_ = snmpget($ARGV[1], "public", "$lvm.3.2.1.1.1.2.$test_index");
+       $_ = snmpget($ARGV[1], "$cmmty_string", "$lvm.3.2.1.1.1.2.$test_index");
        /S([0-9]+)/;
        $xport = $1 + 0;
        $ifIndex = $ARGV[2] + ($test_index - $xport);
@@ -309,7 +314,7 @@
        #
        #       Now get the session id from the terminal server.
        #
-       $sessid = snmpget($ARGV[1], "public", "$lvm.3.2.1.1.1.5.$ifIndex");
+       $sessid = snmpget($ARGV[1], "$cmmty_string", "$lvm.3.2.1.1.1.5.$ifIndex");

        print LOG "  session id at port S$ARGV[2]: $sessid\n" if ($debug);

@@ -340,8 +345,8 @@
        #       However an active session doesn't have a Stop time,
        #       so we can differentiate that way.
        #
-       my $login = snmpget($ARGV[1], "public", "$apm1." . hex($sessid));
-       my $stopt = snmpget($ARGV[1], "public", "$apm2." . hex($sessid));
+       my $login = snmpget($ARGV[1], "$cmmty_string", "$apm1." . hex($sessid));
+       my $stopt = snmpget($ARGV[1], "$cmmty_string", "$apm2." . hex($sessid));
        $login = "--" if ($stopt > 0);

        print LOG "  login with session-id $ARGV[4]: $login\n" if ($debug);
@@ -358,7 +363,7 @@
        # Look up community string in naspasswd file.
        my ($login, $pass) = naspasswd($ARGV[1], 1);
        if ($login eq '') {
-               $pass = 'public';
+               $pass = $cmmty_string;
        } elsif ($login ne 'SNMP') {
                if ($debug) {
                        print LOG
@@ -427,7 +432,7 @@
 sub multitech_snmp {
        my $temp = $ARGV[2] + 1;

-        $login = snmpget($ARGV[1], "public", "$msm.2.31.1.1.1.$temp");
+        $login = snmpget($ARGV[1], "$cmmty_string", "$msm.2.31.1.1.1.$temp");
         print LOG " user at port S$ARGV[2]: $login\n" if ($debug);

         ($login eq $ARGV[3]) ? 1 : 0;
@@ -457,7 +462,7 @@
 sub computone_finger {
        my $trunc, $ver;

-       open(FD, "finger [EMAIL PROTECTED]|") or return 2;
+       open(FD, "$finger [EMAIL PROTECTED]|") or return 2;
        <FD>; # the [hostname] line is definitely uninteresting
        $trunc = substr($ARGV[3], 0, 12);
        $ver = "";
@@ -494,7 +499,7 @@
 #      Author: Shiloh Costa of MDI Internet Inc. <[EMAIL PROTECTED]>
 #
 sub max40xx_finger {
-       open(FD, "finger [EMAIL PROTECTED]|");
+       open(FD, "$finger [EMAIL PROTECTED]|");
        while(<FD>) {
           $line = <FD>;
           if( $line =~ /Session/ ){
@@ -529,10 +534,12 @@
        #
        $sess_id = $ARGV[4];
        if ($sess_id !~ /^0/ && $sess_id !~ /[a-f]/i) {
-               $l1 = snmpget($ARGV[1], "public", "$asm.12.3.1.4.$sess_id");
+               $l1 = snmpget($ARGV[1], "$cmmty_string", "$asm.12.3.1.4.$sess_id");
+       }
+       if (!$l1){
+               $sess_id = hex $ARGV[4];
+               $l2 = snmpget($ARGV[1], "$cmmty_string", "$asm.12.3.1.4.$sess_id");
        }
-       $sess_id = hex $ARGV[4];
-       $l2 = snmpget($ARGV[1], "public", "$asm.12.3.1.4.$sess_id");

        print LOG "  user at port S$ARGV[2]: $l1 (dec)\n" if ($debug && $l1);
        print LOG "  user at port S$ARGV[2]: $l2 (hex)\n" if ($debug && $l2);
@@ -549,7 +556,7 @@

        $Port_seen = 0;

-       open(FD, "finger [EMAIL PROTECTED]|");
+       open(FD, "$finger [EMAIL PROTECTED]|");
        while(<FD>) {
                #
                #       Check for ^Port. If we don't see it we
@@ -895,7 +902,7 @@

    $oid = ".1.3.6.1.4.1.2925.3.3.6.1.1.2";

-   $_ = snmpwalk($ARGV[1],"public",$oid);
+   $_ = snmpwalk($ARGV[1],"$cmmty_string",$oid);
    $ret = ((/$ARGV[3]/) ? 1 : 0);
    $ret;
 }
@@ -923,9 +930,9 @@
                }
                return 2;
        } else {
-# If password is defined in naspasswd file, use it as community, otherwise use public
+# If password is defined in naspasswd file, use it as community, otherwise use 
$cmmty_string
                if ($password eq '') {
-                   $password = "public";
+                   $password = "$cmmty_string";
                }
        }
        my ($ver) = get_hiper_ver(usrm=>$usrm, target=>$ARGV[1], community=>$password);
@@ -1068,9 +1075,9 @@
        print LOG "port = $port " if ($debug);
        $slot = (($ARGV[2]-$port)/8)+1;
        print LOG "slot = $slot" if ($debug);
-       $loginname = snmpget($ARGV[1], "public", "$vsm.27.1.1.3.$slot.$port");
+       $loginname = snmpget($ARGV[1], "$cmmty_string", "$vsm.27.1.1.3.$slot.$port");
 #
-#      Note: the "public" string above could be replaced by the public
+#      Note: the "$cmmty_string" string above could be replaced by the public
 #            community string defined in Versanet VN2001/VN2002.
 #
          print LOG "  user at slot $slot port $port: $loginname\n" if ($debug);       
   ($loginname eq $ARGV[3]) ? 1 : 0;
@@ -1091,7 +1098,7 @@
 # So check exact match of username!

 sub bay_finger {               # ARGV: 1=nas_ip, 2=nas_port, 3=login, 4=sessid
-    open(FINGER, "finger [EMAIL PROTECTED]|") || return 2; # error
+    open(FINGER, "$finger [EMAIL PROTECTED]|") || return 2; # error
     while(<FINGER>) {
        my ($Asy, $PPP, $User) = split;
        if( $User =~ /^$ARGV[3]$/ ){
@@ -1156,7 +1163,7 @@

 sub cisco_l2tp_snmp
 {
-  my $login = find_l2tp_login("$ARGV[1]", 'public', "$ARGV[2]");
+  my $login = find_l2tp_login("$ARGV[1]", $cmmty_string, "$ARGV[2]");
   print LOG "  user at port S$ARGV[2]: $login\n" if ($debug);
   ($login eq "[EMAIL PROTECTED]") ? 1 : 0;
 }



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: checkrad script things

Reply via email to