Re: (RADIATOR) Group Maximum

1999-05-20 Thread Stephen Roderick 

On Thu, 20 May 1999, Mike McCauley wrote:

> Hi Stephen,
> 
> Thanks for contributing that!. I know lots of people appreciate it.
> 
> I wonder if you could get the same effect by just changing the definition of
> CountQuery in , so it would count the current sessions by
> whatever criteria you liked, and MaxSessions would specify the upper limit?
> That would have the side effect of continuing to work propoerly with string
> authentication too (ie where Radiator uses finger or SNMP to check the NAS)

Up until a few days ago I didn't realize that you could have multiple
 clauses. But with those you could duplicate the same
effect with CountQuery.

Steve


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Group Maximum

1999-05-20 Thread Stuart Henderson 

> Thanks for contributing that!. I know lots of people appreciate it.

Especially as Bay have just come up with a feature on their Annex
servers that let you do a Radius check before deciding whether to 
answer the phone call or just busy it out :-)

Stuart

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Group Maximum

1999-05-20 Thread Mike McCauley 

Hi Stephen,

Thanks for contributing that!. I know lots of people appreciate it.

I wonder if you could get the same effect by just changing the definition of
CountQuery in , so it would count the current sessions by
whatever criteria you liked, and MaxSessions would specify the upper limit?
That would have the side effect of continuing to work propoerly with string
authentication too (ie where Radiator uses finger or SNMP to check the NAS)

Thoughts?


On May 19,  2:45pm, Stephen Roderick wrote:
> Subject: (RADIATOR) Group Maximum
>
> Another kludge that may be useful to someone:
>
>
> I added some code to create a group maximum within the session database.
> This required a modification to Handler.pm, SessGeneric.pm, and SessSQL.pm
> (If you used a different Sess.pm module it would need to be modified
> as well)
>
> Then within the  I use:
>
>GroupQuery someUniqueName 30 \
>select count(*) from radonline \
>where ('%{Called-Station-Id}'='XXX')
>
> This would limit the number of connections to the phone number XXX to
> 30.
>
> You could add as many of these as you wanted and use whatever query
> generated the necessary results.
>
> *
> Handler.pm - Add the following after the check for MaxSession:
>
> if ($p->code eq 'Access-Request' && $sessdb->groupexceeded($p))
> {
> # Issue a denial and bomb out
> my $reason = "Group Maximum exceeded";
> &main::log($main::LOG_INFO, "Access rejected for $name: $reason");
> $rp->set_code('Access-Reject');
> $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE,
> 'Request Denied');
> $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE, $reason)
> if $self->{RejectHasReason};
> $p->{Client}->replyTo($rp, $p);
> return;
> }
>
> *
> SessGeneric.pm - add the following (this is probably not needed):
>
> sub groupexceeded
> {
> my ($self, $max, $name, $p) = @_;
>
> &main::log($main::LOG_ERR, "You did not override groupexceeded in
> SessGeneric");
> }
>
> *
> SessSQL.pm - add the following:
>
> elsif ($keyword eq 'GroupQuery')
> {
> my($id, $count, $q) = split(/\s+/, $value, 3);
> $self->{GroupQuery}{$id} = "$count:$q";
> }
>
> sub groupexceeded
> {
> my ($self, $p) = @_;
>
> # (Re)-connect to the database if necessary, but dont let
> # a dead database prevent logins
> return 0
> if !$self->reconnect;
>
> my $count = 0; # Number of current simultaneous sessions for the user
>
> my($id,$max,$q,$sth);
> foreach $id (keys %{$self->{GroupQuery}})
> {
> ($max, $q) = split(':', $self->{GroupQuery}{$id});
>
> $q = &main::format_special($q, $p);
>
> $sth = $self->prepareAndExecute($q);
> if (!$sth)
> {
> return 0; # Dont let a dead database stop logins
> }
> ($count) = $sth->fetchrow();
> return 1if ($count > $max);
> }
> return 0;
> }
>
>
> All improvements welcome.
>
> Steve
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Stephen Roderick



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985   Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Group Maximum

1999-05-19 Thread Stephen Roderick 


Another kludge that may be useful to someone:


I added some code to create a group maximum within the session database.
This required a modification to Handler.pm, SessGeneric.pm, and SessSQL.pm
(If you used a different Sess.pm module it would need to be modified
as well)

Then within the  I use:

   GroupQuery someUniqueName 30 \
   select count(*) from radonline \
   where ('%{Called-Station-Id}'='XXX')

This would limit the number of connections to the phone number XXX to
30.

You could add as many of these as you wanted and use whatever query
generated the necessary results.

*
Handler.pm - Add the following after the check for MaxSession:
   
if ($p->code eq 'Access-Request' && $sessdb->groupexceeded($p))
{
# Issue a denial and bomb out
my $reason = "Group Maximum exceeded";
&main::log($main::LOG_INFO, "Access rejected for $name: $reason");
$rp->set_code('Access-Reject');
$rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE,
'Request Denied');
$rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE, $reason)
if $self->{RejectHasReason};
$p->{Client}->replyTo($rp, $p);
return;
}

*
SessGeneric.pm - add the following (this is probably not needed):

sub groupexceeded
{
my ($self, $max, $name, $p) = @_;

&main::log($main::LOG_ERR, "You did not override groupexceeded in 
SessGeneric");
}

*
SessSQL.pm - add the following:

elsif ($keyword eq 'GroupQuery')
{
my($id, $count, $q) = split(/\s+/, $value, 3);
$self->{GroupQuery}{$id} = "$count:$q";
}

sub groupexceeded
{
my ($self, $p) = @_;

# (Re)-connect to the database if necessary, but dont let
# a dead database prevent logins
return 0
if !$self->reconnect;

my $count = 0; # Number of current simultaneous sessions for the user

my($id,$max,$q,$sth);
foreach $id (keys %{$self->{GroupQuery}})
{
($max, $q) = split(':', $self->{GroupQuery}{$id});

$q = &main::format_special($q, $p);

$sth = $self->prepareAndExecute($q);
if (!$sth)
{
return 0; # Dont let a dead database stop logins
}
($count) = $sth->fetchrow();
return 1if ($count > $max);
}
return 0;
}


All improvements welcome.

Steve


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.