Re: [RADIATOR] AuthBy SQL Reject or Accept in the SQL results

Thu, 09 Feb 2012 01:02:16 -0800 

On 02/08/2012 07:40 PM, Lee Solway wrote:

Hello Lee,

> Is there a way I can set an access Accept or Reject in the MySQL results 
> generated by AuthBy SQL?

Please see below for one method.

> Currently I have a stored procedure that I call in the following.. I 
> would like the SP to be able to reject the Access-Request with an error 
> message also if possible..
> 
>     AuthSelect            CALL get_reply_attr('%U')
>     AuthColumnDef     0, GENERIC, reply
>     AuthColumnDef     1, User-Password, check

You could do both (control accept/reject and return reason) with
something like this. First change get_reply_attr to return 'true' or
'false' to control Accept or Reject. Also add another return value which
is the Reply-Message that is returned with Access-Reject.

     AuthColumnDef 2,X-Accepted-By-Sql,check
     AuthColumnDef 3,X-Reject-Msg,request

In the Handler or Realm clause prime X-Accepted-By-Sql like this:

    AddToRequest X-Accepted-By-Sql=true

In the same Handler or Realm add RejectHasReason and a PostAuthHook to
replace reason with the value from SQL call.

    RejectHasReason.
    PostAuthHook sub { my $p = ${$_[0]}; my $rp = ${$_[1]}; \
                       my $result = $_[2]; my $reason = $_[3]; \
        return unless $$result == $main::REJECT; \
        $$reason = $p->get_attr('X-Reject-Msg'); \
        }

Putting this together, if the third value returned by SQL call is
something else than 'true' the request will be rejected. The hook will
then set the returned Reply-Message based on X-Reject-Msg which comes
from SQL call.

For more about the hook parameters, please see the reference manual.

Thanks!
Heikki

-- 
Heikki Vatiainen <h...@open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to