Re: [RADIATOR] Executing an external script from Radiator

M P Tue, 28 Jun 2011 21:30:53 -0700

Hello Martin,

Thank you for the hint. I am now able to get the two values.


Now, I have a follow-up question. What is your recommended way to send the 
reply back to the user, be it an Access-Accept or Access-Reject? I am thinking 
of adding the reply back whatever the output of my if statement when comparing 
the password received from the user and the password I got from my wget command.

Below is my updated BASH script for your reference.

- - - < s n i p > - - -
#!/bin/bash

HOST=192.168.1.101
HTTP_PORT=80
RETVAL=0

set -x

function die()
{
    echo -e "$@" >> /var/log/messages
    exit 1
}

while read LINE
do
    if [[ $LINE =~ User-Name ]] ; then
        USERNAME=$(echo $LINE | awk -F'61|@' '{print $2}')
    fi

    if [[ $LINE =~ User-Password ]] ; then
        PASSWORD=$(echo $LINE | awk -F'= ' '{print $2}' | awk -F'"|"' '{print 
$2}')
    fi
done

if echo "" | telnet $HOST $HTTP_PORT 2>&1 | grep -i Connected ; then

    
URL="http://$HOST/credentials.php?command=password_retrieve&phonenumber=$USERNAME";

    if [ $PASSWORD == $(wget -c -O - $URL | cut -d\| -f 1) ] ; then
    #    Make an Access-Accept reply to the user.
    else
    #    Make an Access-Reject reply to the user.
    fi

else
    die "ERROR: The $HOST is down or unreachable on $(date)."
fi

exit ${RETVAL}
- - - < s n i p > - - -

Please advice. Thank you in advance.

Regards,

MP

Date: Tue, 28 Jun 2011 12:04:54 +0100
From: [email protected]
To: [email protected]
Subject: Re: [RADIATOR] Executing an external script from Radiator

You're not iterating over stdin.
 
Try something like:
 
 
martin@apollo:~$ cat test.sh
#!/bin/bash
 
#iterate over stdin and pull out the relevant fields.
while read LINE
do
        if [[ $LINE =~ User-Name ]]; then
                USERNAME=$( echo $LINE | awk -F'= ' '{print $2}')
        fi
        if [[ $LINE =~ User-Password ]]; then
                PASSWORD=$( echo $LINE | awk -F'= ' '{print $2}')
        fi
done
 
echo username is $USERNAME
echo password is $PASSWORD
 
 
martin@apollo:~$ echo -e "User-Name = \"Fred\"\nUser-Password =
\"supersecret\"" | ./test.sh
username is "Fred"
password is "supersecret"
 
 
 
On 28/06/11 10:00, M P wrote:
> 
> Hello all,
> 
> If you have noticed, I am trying to get the values of the User-Name and 
> User-Password attributes in my BASH script that is being executed by the 
> Command parameter inside my <AuthBy EXTERNAL> clause. In my test, I can only 
> get the value of the User-Name attribute but not with the User-Password 
> attribute as it appears blank. If I can pass the value of the User-Password 
> attribute to the $PASSWORD variable, I will be able to compare it with the 
> return value when I do the wget command.
> 
> Please advice on how am I able to proceed from here.
> 
> Regards,
> 
> MP
> 
> 
> From: [email protected]
> To: [email protected]
> Date: Tue, 28 Jun 2011 14:50:51 +0800
> Subject: Re: [RADIATOR] Executing an external script from Radiator
> 
> 
> 
> 
> 
> 
> 
> 
> 
>  Hello all,
>  
> How am I able to read the value of the User-Password attribute and pass it to 
> a variable from an (AuthBy) EXTERNAL BASH script? Also, how am I able to send 
> back the result to the user either successful (Access-Accept) or failed 
> (Access-Reject)?
>  
> Below is a snippet of my Radiator configuration:
>  
> - - - < s n i p > - - -
> <Realm DEFAULT>
>     <AuthBy EXTERNAL>
>         DecryptPassword
>         Command /usr/local/sbin/testauth.sh
>         Fork
>         RejectEmptyPassword
>     </AuthBy>
>         AcctLogFileName %L/accounting/detail-%Y%m%d.log
> </Realm>
> - - - < s n i p > - - -
>  
> Below is my BASH script:
>  
> - - - < s n 
>  i p > - - -
> #!/bin/bash
> USERNAME=$(grep -i User-Name | awk -F'61|@' '{print $2}')
> PASSWORD=$(grep -i User-Password | awk -F'= ' '{print $2}')
> HOST=192.168.1.101
> HTTP_PORT=80
> URL="http://$HOST/credentials.php?command=password_retrieve&phonenumber=$USERNAME";
> RETVAL=0
> set -x
> function die()
> {
>     echo -e "$@" >> /var/log/messages
>     exit 1
> }
> if echo "" | telnet $HOST $HTTP_PORT 2>&1 | grep -i Connected ; then
>     if [ $PASSWORD == $(wget -c -O - $URL | cut -d\| -f 1) ] ; then
>     #    Make an Access-Accept reply to the user.
>     else
>     #    Make an Access-Reject reply to the user.
>     fi
> else
>     die "ERROR: The $HOST is dow
>  n or unreachable on $(date)."
> fi
> exit ${RETVAL}
> - - - < s n i p > - - -
>  
> Lastly, I am getting the below line in my radiusd.log file:
>  
> Tue Jun 28 13:53:01 2011 476732: ERR: Bad attribute=value pair: Connected to 
> 192.168.1.201.
>  
> Please advice. Thank you in advance.
>  
> Regards,
>  
> MP 
> From: [email protected]
> To: [email protected]
> Date: Wed, 22 Jun 2011 13:50:30 +0800
> Subject: Re: [RADIATOR] Executing an external script from Radiator
> 
> 
> 
> 
> 
> 
> 
> 
> Hello all,
>  
> Thank you for all who responded to my e-mail.
>  
> Now, I have a problem though. First, I am just going to write the script in 
> BASH as I don't know Perl. Second, there is no database here to verify the 
> User-Name and User-Password. Everytime there is an Access-Request that is 
> received by the Radiator, it should execute the BASH script to (maybe) wget 
> or curl with an input parameter of the User-Name from an HTTP or HTTPS URL 
> and will receive the output with the User-Name and User-Password to verify 
> and then reply back with an Access-Accept. If during the wget or curl from 
> the URL and the output is other than what I expect (the User-Name and 
> User-Password), then Radiator should respond with an Access-Reject.
>  
> [NAS Client] <---> (RADIUS TRaffic) <---> [Radiator] <---> (Execute Script) 
> <---> (HTTP/HTTPS Traffic) <---> [HTTP Server]
>  
> Please ad
>  vice. Thank you in advance.
>  
> From: [email protected]
> To: [email protected]
> Date: Tue, 21 Jun 2011 14:34:37 +0800
> Subject: [RADIATOR] Executing an external script from Radiator
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Hello all,
>  
> How am I going to execute an external script when Radiator receives an 
> Access-Request? This script will actually do an HTTP API request from an 
> external HTTP server to get the userid then once the script have it on the 
> same server as where the Radiator is running, Radiator will now respond an 
> Access-Accept.
>  
> Please advice. Thank you in advance.
>                                         
> 
> _______________________________________________
> radiator mailing list
> [email protected]
> http://www.open.com.au/mailman/listinfo/radiator                              
>           
> 
> _______________________________________________
> radiator mailing list
> [email protected]
> http://www.open.com.au/mailman/listinfo/radiator                              
>           
> 
> _______________________________________________
> radiator mailing list
> [email protected]
> http://www.open.com.au/mailman/listinfo/radiator                              
>           
> 
> 
> 
> _______________________________________________
> radiator mailing list
> [email protected]
> http://www.open.com.au/mailman/listinfo/radiator
 
-- 
Martin Burton
Senior Systems Administrator               \\\|||///
Special Projects Team                     \\  ^ ^  //
Wellcome Trust Sanger Institute            (  6 6  )
-----------------------------------------oOOo-(_)-oOOo---
t: +44 (0)1223 496945             http://www.sanger.ac.uk
 

_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator

_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Executing an external script from Radiator

Reply via email to