Theres a a lot of external shell stuff going on there. Personally I would be using built in perl functions and perl modules for handling the strings and dealing with that URL. It's then also easier to do sanity checks , as this stands you could get some very interesting results with the correctly formed username and/or password (out of scope for this list, suggest looking into secure coding or best practice perl references)
alan ----- Reply message ----- From: "M P" <[email protected]> Date: Wed, Jun 29, 2011 05:31 Subject: [RADIATOR] Executing an external script from Radiator To: "[email protected]" <[email protected]> Cc: "[email protected]" <[email protected]> Hello Martin, Thank you for the hint. I am now able to get the two values. Now, I have a follow-up question. What is your recommended way to send the reply back to the user, be it an Access-Accept or Access-Reject? I am thinking of adding the reply back whatever the output of my if statement when comparing the password received from the user and the password I got from my wget command. Below is my updated BASH script for your reference. - - - < s n i p > - - - #!/bin/bash HOST=192.168.1.101 HTTP_PORT=80 RETVAL=0 set -x function die() { echo -e "$@" >> /var/log/messages exit 1 } while read LINE do if [[ $LINE =~ User-Name ]] ; then USERNAME=$(echo $LINE | awk -F'61|@' '{print $2}') fi if [[ $LINE =~ User-Password ]] ; then &nb sp; PASSWORD=$(echo $LINE | awk -F'= ' '{print $2}' | awk -F'"|"' '{print $2}') fi done if echo "" | telnet $HOST $HTTP_PORT 2>&1 | grep -i Connected ; then URL="http://$HOST/credentials.php?command=password_retrieve&phonenumber=$USERNAME"; if [ $PASSWORD == $(wget -c -O - $URL | cut -d\| -f 1) ] ; then # Make an Access-Accept reply to the user. else # Make an Access-Reject reply to the user. fi else die "ERROR: The $HOST is down or unreachable on $(date)." fi exit ${RETVAL} - - - < s n i p > - - - Please advice. Thank you in advance. Regards, MP Date: Tue, 28 Jun 2011 12:04:54 +0100 From: [email protected] To: [email protected] Subject: Re: [RADIATOR] Executing an external script from Radiator You're not iterating over stdin. Try something like: martin@apollo:~$ cat test.sh #!/bin/bash #iterate over stdin and pull out the relevant fields. while read LINE do if [[ $LINE =~ User-Name ]]; then USERNAME=$( echo $LINE | awk -F'= ' '{print $2}') fi if [[ $LINE =~ User-Password ]]; then PASSWORD=$( echo $LINE | awk -F'= ' '{print $2}') fi done echo username is $USERNAME echo password is $PASSWORD martin@apollo:~$ echo -e "User-Name = \"Fred\"\nUser-Password = \"supersecret\"" | ./test.sh username is "Fred" password is "supersecret" On 28/06/11 10:00, M P wrote: > > Hello all, > > If you have noticed, I am trying to get the values of the User-Name and > User-Password attributes in my BASH script that is being ex ecuted by the Command parameter inside my <AuthBy EXTERNAL> clause. In my test, I can only get the value of the User-Name attribute but not with the User-Password attribute as it appears blank. If I can pass the value of the User-Password attribute to the $PASSWORD variable, I will be able to compare it with the return value when I do the wget command. > > Please advice on how am I able to proceed from here. > > Regards, > > MP > > > From: [email protected] > To: [email protected] > Date: Tue, 28 Jun 2011 14:50:51 +0800 > Subject: Re: [RADIATOR] Executing an external script from Radiator > > > > > > > > > > Hello all, > > How am I able to read the value of the User-Password attribute and pass it to > a variable from an (AuthBy) EXTERNAL BASH script? Also, how am I able to send > back the result to the user eith er successful (Access-Accept) or failed (Access-Reject)? > > Below is a snippet of my Radiator configuration: > > - - - < s n i p > - - - > <Realm DEFAULT> > <AuthBy EXTERNAL> > DecryptPassword > Command /usr/local/sbin/testauth.sh > Fork > RejectEmptyPassword > </AuthBy> > AcctLogFileName %L/accounting/detail-%Y%m%d.log > </Realm> > - - - < s n i p > - - - > > Below is my BASH script: > > - - - < s n > i p > - - - > #!/bin/bash > USERNAME=$(grep -i User-Name | awk -F'61|@' '{print $2}') > PASSWORD=$(grep -i User-Password | awk -F'= ' '{print $2}') > HOST=192.168.1.101 > HTTP_PORT=80 > URL="http://$HOST/credentials.php?command=password_retrieve&phonenumber=$USERNAME"; > RETVAL=0 > set -x > function die() & gt; { > echo -e "$@" >> /var/log/messages > exit 1 > } > if echo "" | telnet $HOST $HTTP_PORT 2>&1 | grep -i Connected ; then > if [ $PASSWORD == $(wget -c -O - $URL | cut -d\| -f 1) ] ; then > # Make an Access-Accept reply to the user. > else > # Make an Access-Reject reply to the user. > fi > else > die "ERROR: The $HOST is dow > n or unreachable on $(date)." > fi > exit ${RETVAL} > - - - < s n i p > - - - > > Lastly, I am getting the below line in my radiusd.log file: > > Tue Jun 28 13:53:01 2011 476732: ERR: Bad attribute=value pair: Connected to > 192.168.1.201. > > Please advice. Thank you in advance. > > Regards, > > MP > From: [email protected] > To: [email protected] > Date: Wed, 22 Jun 2011 13:50:30 +0800 > Subject: Re: [RAD IATOR] Executing an external script from Radiator > > > > > > > > > Hello all, > > Thank you for all who responded to my e-mail. > > Now, I have a problem though. First, I am just going to write the script in > BASH as I don't know Perl. Second, there is no database here to verify the > User-Name and User-Password. Everytime there is an Access-Request that is > received by the Radiator, it should execute the BASH script to (maybe) wget > or curl with an input parameter of the User-Name from an HTTP or HTTPS URL > and will receive the output with the User-Name and User-Password to verify > and then reply back with an Access-Accept. If during the wget or curl from > the URL and the output is other than what I expect (the User-Name and > User-Password), then Radiator should respond with an Access-Reject. > > [NAS Client] <---> (RADIUS TRaffic) <---> [Radiator] <---> (Execut e Script) <---> (HTTP/HTTPS Traffic) <---> [HTTP Server] > > Please ad > vice. Thank you in advance. > > From: [email protected] > To: [email protected] > Date: Tue, 21 Jun 2011 14:34:37 +0800 > Subject: [RADIATOR] Executing an external script from Radiator > > > > > > > > > > > > Hello all, > > How am I going to execute an external script when Radiator receives an > Access-Request? This script will actually do an HTTP API request from an > external HTTP server to get the userid then once the script have it on the > same server as where the Radiator is running, Radiator will now respond an > Access-Accept. > > Please advice. Thank you in advance. > > > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator > > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator > > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator > > > > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator -- Martin Burton Seni or Systems Administrator \\\|||/// Special Projects Team \\ ^ ^ // Wellcome Trust Sanger Institute ( 6 6 ) -----------------------------------------oOOo-(_)-oOOo--- t: +44 (0)1223 496945 http://www.sanger.ac.uk _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
