Hi Mark,
almost right. The line you commented out:
my $password = $self->decode_password($self->{Client}->{Secret});
should be changed to be
my $password = $p->decode_password($p->{Client}->{Secret});
and that will work for PAP passwords.
($p is the handle to the incoming request.)
Hope that helps.
Cheers.
On Aug 25, 11:23am, Mark O'Leary wrote:
> Subject: (RADIATOR) Password Extraction Probs
> I'm still completely at a loss as to how to make the plaintext password
> supplied in the radius packet available to the module I am hacking for LDAP
> authentication. My perl isnt up to spotting how to get the routines
> elsewhere in Radiator to work for me and supply this. Please could someone
> talk me through it? (slowly and with no long words, for preference!)
>
> I'm running Radiator-2.14 under FreeBSD 3.2-Release with Perl version
> 5.005_03 built for i386-freebsd.
>
> The relevant part of my config for testing this function is:
>
> <Realm>
> MaxSessions 2
> <AuthBy NEWLDAP>
> Host xxxxx.mcc.ac.uk
> Port 389
> BaseDN c=UK
> UsernameAttr uid
> CheckAttr checkitems
> ReplyAttr replyitems
> </AuthBy>
> AcctLogFileName %L/LDAP-detail.%m%y
> PasswordLogFileName %L/LDAP-passwd-log.%m%y
> ExcludeFromPasswordLog xxxxxxxx yyyyyyy
> RejectHasReason
> </Realm>
>
>
> The relevant portion of my optimistically-named NEWLDAP module is:
>
> sub findUser
> {
> my ($self, $name, $p) = @_;
>
> return (undef, 1) unless $self->reconnect;
> return (undef, 1) unless $self->anonbind;
>
> my $user;
>
> my @attrs;
> push(@attrs, $self->{CheckAttr}) if defined $self->{CheckAttr};
> push(@attrs, $self->{ReplyAttr}) if defined $self->{ReplyAttr};
>
> my $result = $self->{ld}->search
> (base => $self->{BaseDN},
> scope => 'sub',
> filter => "($self->{UsernameAttr}=$name)",
> attrs => \@attrs);
>
> if (!$result || $result->code() != LDAP_SUCCESS)
> {
> my $code = $result ? $result->code() : -1;
> my $errname = ldap_error_name($code);
> $self->log($main::LOG_ERR, "ldap search failed with error
> $errn
> $self->{ld} = undef;
> return (undef, 1);
> }
>
> my $entry = $result->entry(0);
> if ($entry)
> {
> $user = new Radius::User;
>
> my $dn = $entry->dn;
> $self->log($main::LOG_DEBUG, "LDAP got result for $dn");
>
> my ($attr);
> foreach $attr ($entry->attributes())
> {
> my @vals = $entry->get($attr);
> $self->log($main::LOG_DEBUG, "LDAP got $attr:
@vals");
>
> $attr = lc $attr;
> if ($attr eq lc $self->{CheckAttr})
> {
> $user->get_check->parse(join ',', @vals);
> }
> elsif ($attr eq lc $self->{ReplyAttr})
> {
> $user->get_reply->parse(join ',', @vals);
> }
> }
> }
> else
> {
> $self->log($main::LOG_DEBUG, "No entries for $name found in
LDAP database");
> $self->unbind;
> return 0;
> }
>
> $self->unbind;
>
> # Now we connect and do the login as the user.
>
> return (undef, 1) unless $self->reconnect;
>
> # THIS NEEDS TO BE FIXED
> # As you can see, for testing, I've hard-coded a password, because
> # trying to extract it directly doesnt seem to work... yet!
>
> my $password = "monday";
>
> # The commented out line below doesnt work!
>
> # my $password = $self->decode_password($self->{Client}->{Secret});
>
> my $result = $self->{ld}->bind ( dn => $entry->dn, password =>
$password);
>
> if (!$result || $result->code() != LDAP_SUCCESS)
> {
> $self->log($main::LOG_DEBUG, "USER FAILED TO AUTHENTICATE");
> my $code = $result ? $result->code() : -1;
> my $error = ldap_error_name($code);
> $self->log($main::LOG_DEBUG, "Error Code: $code\nError Name:
$error");
> $self->unbind;
> return 0;
> }
> $self->log($main::LOG_DEBUG, "USER AUTHENTICATED!");
> return $user;
> }
> 1;
>
>
> Advice, please?
>
> I want to purchase Radiator (its currently on evaluation), but can't unless
> what I'm trying to do is at least possible...
>
> Thanks,
>
> M.
>
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Mark O'Leary, | Voice: +44 (0161) 2756110 | Mark O'Leary,
> Network Support Officer, | Fax: +44 (0161) 2756040 | Deputy Warden,
> Manchester Computing, UK | Email: [EMAIL PROTECTED] | Moberly Hall, UoM.
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Mark O'Leary
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.