(RADIATOR) Change attributes in PostAuthHook

Sat, 13 Jan 2001 04:08:01 -0800 

Hi,

I've written PostAuthHook which controls the number of demo sessions
on our access servers and dynamically clears lines for registered
users (see it below).
Everything works fine but when I try to set custom reject reason
Radiator 2.17.1 puts 3(!) Reply-Message attribute in reply:

*** Sending to x.x.x.x port 1025 ....
Code:       Access-Reject
Identifier: 26
Authentic:  <199><15>NJ?<165><241>r<146><246><177><20><231><139>A<12>
Attributes:
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Netmask = 255.255.255.255
        Framed-Routing = None
        Framed-MTU = 1500
        Framed-Compression = Van-Jacobson-TCP-IP
        Framed-IP-Address = 172.16.1.2
        Reply-Message = "Demo limit exceeded"
        Reply-Message = "Request Denied"
        Reply-Message = ""

It's not critical but annoying.
Is it possible to set just one Reply-Message attribute?

Here is the exerption from radius.cfg:
...
<SessionDatabase SQL>
        Identifier      SessDB
        DBSource        dbi:Oracle:host.somewhere-in.ru
        DBUsername      zzzz
        DBAuth          xxxx
</SessionDatabase>
...
<AuthBy PLSQL>
    Identifier  DialUp
    NoDefault
    DBSource    dbi:Oracle:host.somewhere-in.ru
    DBUsername  zzzz
    DBAuth      xxxx

    # Authentication
    AuthBlock   BEGIN \
                    get_user_data('%n','%N',:passwd,:check_item,:reply_item); \
                END;

    AuthParamDef        :passwd,        User-Password,  check
    AuthParamDef        :check_item,    GENERIC,        check
    AuthParamDef        :reply_item,    GENERIC,        reply

    # Accounting
    AccountingStopsOnly
    AcctSQLStatement DECLARE \
                        ret_val integer; \
                        BEGIN \
                 ret_val := stat.new_dialup_log_record_f('%{User-Name}', \
                                              '%j:%k:%p %f-%g-%i', \
                                              '%{Acct-Session-Time}', \
                                              '%{Acct-Input-Octets}', \
                                              '%{Acct-Output-Octets}', \
                                              '%{Acct-Session-Id}', \
                                              
'%{Acct-Terminate-Cause}%{Ascend-Disconnect-Cause}', \
                                              '%N', \
                                              '%{NAS-Port}', \
                                              '%{Framed-IP-Address}'); \
                         END;
</Auth>
...
<Handler>
        AcctLogFileName         %L/account.log
        PasswordLogFileName     %L/password.log

        AuthBy DialUp
        PostAuthHook file:"%D/checkDemo"
        AccountingHandled
        RejectHasReason
        SessionDatabase         SessDB
</Handler>


checkDemo
#
sub {
    my $request = ${$_[0]};
    my $reply = ${$_[1]};
    my $result = ${$_[2]};

    &main::log($main::LOG_DEBUG, "Entering checkDemo");
    
    my %client = (
        # client           type,limit
        'x.x.x.x'  => ['Cisco', 28],
        'y.y.y.y' => ['Ascend', 28]
    );
    my %kick = (
        'Cisco'         => \&kickOnCisco,
        'Ascend'        => \&kickOnAscend
    );

    # Exit if it's not Access-Request
    return if ($request->code ne 'Access-Request');

    my $community = "zzzzzzzzzz";
    my $sdb;

    # Get IP of the pool and username
    my $nas_ip = $request->get_attr('NAS-IP-Address');
    my $user_name = $request->get_attr('User-Name');

    if ($result == $main::ACCEPT) {

        # Check how many lines are used on the pool
        $sdb = &Radius::SessGeneric::find('SessDB');
        my $lines_used = $sdb->sessionsOnNAS($nas_ip,$request);
        
        if ($lines_used >= $client{$nas_ip}[1]) {

            if ($user_name eq 'demo') {
                ${$_[2]} = $main::REJECT;
                $reply->change_attr('Reply-Message','Demo limit exceeded');
                &main::log($main::LOG_INFO, "Line limit for demo exceeded($lines_used 
$client{$nas_ip}[1]) on $nas_ip");
            }
            else {
                # Kick one of the demo
                &{$kick{$client{$nas_ip}[0]}}($sdb,$nas_ip,$lines_used - 
$client{$nas_ip}[1],$user_name);
            }
        }
    }
    
    &main::log($main::LOG_DEBUG, "Exiting checkDemo");

# Subroutines
    sub kickOnCisco {
        my $sessdb = $_[0];
        my $ip = $_[1];
        my $count = $_[2];
        my $name = $_[3];

        my $CiscoOID = ".1.3.6.1.4.1.9.2.1.76.0";
        my @ifNumber = (13, 14, 15, 16, 17, 18, 19, 20,
                        5,  6,  7,  8,  9,  10, 11, 12);

        # Select demos from DB
        my $q = "SELECT NASPORT 
                    FROM RADONLINE
                    WHERE
                        (NASIDENTIFIER ='$ip') AND
                        (USERNAME ='demo')";

        my $sth = $sessdb->prepareAndExecute($q);
        return unless $sth;

        # Lets kick 
        my $nasPort;
        while (($nasPort) = $sth->fetchrow())
        {
            &main::log($main::LOG_INFO,"Kicking demo from $ip:$nasPort for $name");
            # Kicking
            my $result = &Radius::SNMP::snmpset($ip,
                            $community,
                            $CiscoOID,
                            'i', $ifNumber[$nasPort-1]);
                                                                           
            # Not more then count
            last if --$count ;
        }

        return;
    }
    
    sub kickOnAscend {
        my $sessdb = $_[0];
        my $ip = $_[1];
        my $count = $_[2];
        my $name = $_[3];

        # Select demos from DB
        my $q = "SELECT ACCTSESSIONID 
                    FROM RADONLINE
                    WHERE
                        (NASIDENTIFIER ='$ip') AND
                        (USERNAME ='demo')";

        my $sth = $sessdb->prepareAndExecute($q);
        return unless $sth;

        # Lets kick 
        my $sessId;
        while (($sessId) = $sth->fetchrow())
        {
            &main::log($main::LOG_INFO,"Kicking demo from $ip, session $sessId for 
$name");
            # Kicking
            my $result = &Radius::SNMP::snmpset($ip,
                            $community,
                            "$Radius::Nas::AscendMIB.12.3.1.3.$sessId",
                            'i', 1);
                                                                           
            # Not more then count
            last if --$count ;
        }

        return;
    }
}


With respect,
Pavel A Crasotin
____________________________________
OJSC SeverTransCom
40/13 Sobinova, Yaroslavl, 150000, Russia
Tel/Fax: +7 (0852) 47-71-70, 47-69-49
         +7 (0852) 72-17-28, 72-17-38



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to